webrtc/base/firewallsocketserver.cc - Issue 2515443003: Move FirewallSocketServer to test code.

Side by Side Diff: webrtc/base/firewallsocketserver.cc

Issue 2515443003: Move FirewallSocketServer to test code. (Closed)

Patch Set: Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
	(Empty)
1 /*

2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.

3 *

4 * Use of this source code is governed by a BSD-style license

5 * that can be found in the LICENSE file in the root of the source

6 * tree. An additional intellectual property rights grant can be found

7 * in the file PATENTS. All contributing project authors may

8 * be found in the AUTHORS file in the root of the source tree.

9 */

10

11 #include "webrtc/base/firewallsocketserver.h"

12

13 #include <algorithm>

14

15 #include "webrtc/base/asyncsocket.h"

16 #include "webrtc/base/checks.h"

17 #include "webrtc/base/logging.h"

18

19 namespace rtc {

20

21 class FirewallSocket : public AsyncSocketAdapter {

22 public:

23 FirewallSocket(FirewallSocketServer* server, AsyncSocket* socket, int type)

24 : AsyncSocketAdapter(socket), server_(server), type_(type) {

25 }

26

27 int Connect(const SocketAddress& addr) override {

28 if (type_ == SOCK_STREAM) {

29 if (!server_->Check(FP_TCP, GetLocalAddress(), addr)) {

30 LOG(LS_VERBOSE) << "FirewallSocket outbound TCP connection from "

31 << GetLocalAddress().ToSensitiveString() << " to "

32 << addr.ToSensitiveString() << " denied";

33 // TODO: Handle this asynchronously.

34 SetError(EHOSTUNREACH);

35 return SOCKET_ERROR;

36 }

37 }

38 return AsyncSocketAdapter::Connect(addr);

39 }

40 int Send(const void* pv, size_t cb) override {

41 return SendTo(pv, cb, GetRemoteAddress());

42 }

43 int SendTo(const void* pv, size_t cb, const SocketAddress& addr) override {

44 RTC_DCHECK(type_ == SOCK_DGRAM \|\| type_ == SOCK_STREAM);

45 FirewallProtocol protocol = (type_ == SOCK_DGRAM) ? FP_UDP : FP_TCP;

46 if (!server_->Check(protocol, GetLocalAddress(), addr)) {

47 LOG(LS_VERBOSE) << "FirewallSocket outbound packet with type " << type_

48 << " from " << GetLocalAddress().ToSensitiveString()

49 << " to " << addr.ToSensitiveString() << " dropped";

50 return static_cast<int>(cb);

51 }

52 return AsyncSocketAdapter::SendTo(pv, cb, addr);

53 }

54 int Recv(void* pv, size_t cb, int64_t* timestamp) override {

55 SocketAddress addr;

56 return RecvFrom(pv, cb, &addr, timestamp);

57 }

58 int RecvFrom(void* pv,

59 size_t cb,

60 SocketAddress* paddr,

61 int64_t* timestamp) override {

62 if (type_ == SOCK_DGRAM) {

63 while (true) {

64 int res = AsyncSocketAdapter::RecvFrom(pv, cb, paddr, timestamp);

65 if (res <= 0)

66 return res;

67 if (server_->Check(FP_UDP, *paddr, GetLocalAddress()))

68 return res;

69 LOG(LS_VERBOSE) << "FirewallSocket inbound UDP packet from "

70 << paddr->ToSensitiveString() << " to "

71 << GetLocalAddress().ToSensitiveString() << " dropped";

72 }

73 }

74 return AsyncSocketAdapter::RecvFrom(pv, cb, paddr, timestamp);

75 }

76

77 int Listen(int backlog) override {

78 if (!server_->tcp_listen_enabled()) {

79 LOG(LS_VERBOSE) << "FirewallSocket listen attempt denied";

80 return -1;

81 }

82

83 return AsyncSocketAdapter::Listen(backlog);

84 }

85 AsyncSocket* Accept(SocketAddress* paddr) override {

86 SocketAddress addr;

87 while (AsyncSocket* sock = AsyncSocketAdapter::Accept(&addr)) {

88 if (server_->Check(FP_TCP, addr, GetLocalAddress())) {

89 if (paddr)

90 *paddr = addr;

91 return sock;

92 }

93 sock->Close();

94 delete sock;

95 LOG(LS_VERBOSE) << "FirewallSocket inbound TCP connection from "

96 << addr.ToSensitiveString() << " to "

97 << GetLocalAddress().ToSensitiveString() << " denied";

98 }

99 return 0;

100 }

101

102 private:

103 FirewallSocketServer* server_;

104 int type_;

105 };

106

107 FirewallSocketServer::FirewallSocketServer(SocketServer* server,

108 FirewallManager* manager,

109 bool should_delete_server)

110 : server_(server), manager_(manager),

111 should_delete_server_(should_delete_server),

112 udp_sockets_enabled_(true), tcp_sockets_enabled_(true),

113 tcp_listen_enabled_(true) {

114 if (manager_)

115 manager_->AddServer(this);

116 }

117

118 FirewallSocketServer::~FirewallSocketServer() {

119 if (manager_)

120 manager_->RemoveServer(this);

121

122 if (server_ && should_delete_server_) {

123 delete server_;

124 server_ = NULL;

125 }

126 }

127

128 void FirewallSocketServer::AddRule(bool allow, FirewallProtocol p,

129 FirewallDirection d,

130 const SocketAddress& addr) {

131 SocketAddress any;

132 if (d == FD_IN \|\| d == FD_ANY) {

133 AddRule(allow, p, any, addr);

134 }

135 if (d == FD_OUT \|\| d == FD_ANY) {

136 AddRule(allow, p, addr, any);

137 }

138 }

139

140

141 void FirewallSocketServer::AddRule(bool allow, FirewallProtocol p,

142 const SocketAddress& src,

143 const SocketAddress& dst) {

144 Rule r;

145 r.allow = allow;

146 r.p = p;

147 r.src = src;

148 r.dst = dst;

149 CritScope scope(&crit_);

150 rules_.push_back(r);

151 }

152

153 void FirewallSocketServer::ClearRules() {

154 CritScope scope(&crit_);

155 rules_.clear();

156 }

157

158 bool FirewallSocketServer::Check(FirewallProtocol p,

159 const SocketAddress& src,

160 const SocketAddress& dst) {

161 CritScope scope(&crit_);

162 for (size_t i = 0; i < rules_.size(); ++i) {

163 const Rule& r = rules_[i];

164 if ((r.p != p) && (r.p != FP_ANY))

165 continue;

166 if ((r.src.ipaddr() != src.ipaddr()) && !r.src.IsNil())

167 continue;

168 if ((r.src.port() != src.port()) && (r.src.port() != 0))

169 continue;

170 if ((r.dst.ipaddr() != dst.ipaddr()) && !r.dst.IsNil())

171 continue;

172 if ((r.dst.port() != dst.port()) && (r.dst.port() != 0))

173 continue;

174 return r.allow;

175 }

176 return true;

177 }

178

179 Socket* FirewallSocketServer::CreateSocket(int type) {

180 return CreateSocket(AF_INET, type);

181 }

182

183 Socket* FirewallSocketServer::CreateSocket(int family, int type) {

184 return WrapSocket(server_->CreateAsyncSocket(family, type), type);

185 }

186

187 AsyncSocket* FirewallSocketServer::CreateAsyncSocket(int type) {

188 return CreateAsyncSocket(AF_INET, type);

189 }

190

191 AsyncSocket* FirewallSocketServer::CreateAsyncSocket(int family, int type) {

192 return WrapSocket(server_->CreateAsyncSocket(family, type), type);

193 }

194

195 void FirewallSocketServer::SetMessageQueue(MessageQueue* queue) {

196 server_->SetMessageQueue(queue);

197 }

198

199 bool FirewallSocketServer::Wait(int cms, bool process_io) {

200 return server_->Wait(cms, process_io);

201 }

202

203 void FirewallSocketServer::WakeUp() {

204 return server_->WakeUp();

205 }

206

207 AsyncSocket* FirewallSocketServer::WrapSocket(AsyncSocket* sock, int type) {

208 if (!sock \|\|

209 (type == SOCK_STREAM && !tcp_sockets_enabled_) \|\|

210 (type == SOCK_DGRAM && !udp_sockets_enabled_)) {

211 LOG(LS_VERBOSE) << "FirewallSocketServer socket creation denied";

212 delete sock;

213 return NULL;

214 }

215 return new FirewallSocket(this, sock, type);

216 }

217

218 FirewallManager::FirewallManager() {

219 }

220

221 FirewallManager::~FirewallManager() {

222 RTC_DCHECK(servers_.empty());

223 }

224

225 void FirewallManager::AddServer(FirewallSocketServer* server) {

226 CritScope scope(&crit_);

227 servers_.push_back(server);

228 }

229

230 void FirewallManager::RemoveServer(FirewallSocketServer* server) {

231 CritScope scope(&crit_);

232 servers_.erase(std::remove(servers_.begin(), servers_.end(), server),

233 servers_.end());

234 }

235

236 void FirewallManager::AddRule(bool allow, FirewallProtocol p,

237 FirewallDirection d, const SocketAddress& addr) {

238 CritScope scope(&crit_);

239 for (std::vector<FirewallSocketServer*>::const_iterator it =

240 servers_.begin(); it != servers_.end(); ++it) {

241 (*it)->AddRule(allow, p, d, addr);

242 }

243 }

244

245 void FirewallManager::ClearRules() {

246 CritScope scope(&crit_);

247 for (std::vector<FirewallSocketServer*>::const_iterator it =

248 servers_.begin(); it != servers_.end(); ++it) {

249 (*it)->ClearRules();

250 }

251 }

252

253 } // namespace rtc

OLD	NEW

« webrtc/base/BUILD.gn ('K') | « webrtc/base/firewallsocketserver.h ('k') | webrtc/p2p/base/p2ptransportchannel_unittest.cc » ('j') | webrtc/test/BUILD.gn » ('J')