| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 #include "webrtc/base/firewallsocketserver.h" | 11 #include "webrtc/base/firewallsocketserver.h" |
| 12 | 12 |
| 13 #include <algorithm> | 13 #include <algorithm> |
| 14 | 14 |
| 15 #include "webrtc/base/asyncsocket.h" | 15 #include "webrtc/base/asyncsocket.h" |
| 16 #include "webrtc/base/checks.h" | 16 #include "webrtc/base/checks.h" |
| 17 #include "webrtc/base/logging.h" | 17 #include "webrtc/base/logging.h" |
| 18 | 18 |
| 19 namespace rtc { | 19 namespace rtc { |
| 20 | 20 |
| 21 class FirewallSocket : public AsyncSocketAdapter { | 21 class FirewallSocket : public AsyncSocketAdapter { |
| 22 public: | 22 public: |
| 23 FirewallSocket(FirewallSocketServer* server, AsyncSocket* socket, int type) | 23 FirewallSocket(FirewallSocketServer* server, AsyncSocket* socket, int type) |
| 24 : AsyncSocketAdapter(socket), server_(server), type_(type) { | 24 : AsyncSocketAdapter(socket), server_(server), type_(type) { |
| 25 } | 25 } |
| 26 | 26 |
| 27 int Bind(const SocketAddress& addr) override { |
| 28 if (!server_->CanBindToIp(addr.ipaddr())) { |
| 29 SetError(EINVAL); |
| 30 return SOCKET_ERROR; |
| 31 } |
| 32 return AsyncSocketAdapter::Bind(addr); |
| 33 } |
| 34 |
| 27 int Connect(const SocketAddress& addr) override { | 35 int Connect(const SocketAddress& addr) override { |
| 28 if (type_ == SOCK_STREAM) { | 36 if (type_ == SOCK_STREAM) { |
| 29 if (!server_->Check(FP_TCP, GetLocalAddress(), addr)) { | 37 if (!server_->Check(FP_TCP, GetLocalAddress(), addr)) { |
| 30 LOG(LS_VERBOSE) << "FirewallSocket outbound TCP connection from " | 38 LOG(LS_VERBOSE) << "FirewallSocket outbound TCP connection from " |
| 31 << GetLocalAddress().ToSensitiveString() << " to " | 39 << GetLocalAddress().ToSensitiveString() << " to " |
| 32 << addr.ToSensitiveString() << " denied"; | 40 << addr.ToSensitiveString() << " denied"; |
| 33 // TODO: Handle this asynchronously. | 41 // TODO: Handle this asynchronously. |
| 34 SetError(EHOSTUNREACH); | 42 SetError(EHOSTUNREACH); |
| 35 return SOCKET_ERROR; | 43 return SOCKET_ERROR; |
| 36 } | 44 } |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 169 continue; | 177 continue; |
| 170 if ((r.dst.ipaddr() != dst.ipaddr()) && !r.dst.IsNil()) | 178 if ((r.dst.ipaddr() != dst.ipaddr()) && !r.dst.IsNil()) |
| 171 continue; | 179 continue; |
| 172 if ((r.dst.port() != dst.port()) && (r.dst.port() != 0)) | 180 if ((r.dst.port() != dst.port()) && (r.dst.port() != 0)) |
| 173 continue; | 181 continue; |
| 174 return r.allow; | 182 return r.allow; |
| 175 } | 183 } |
| 176 return true; | 184 return true; |
| 177 } | 185 } |
| 178 | 186 |
| 187 void FirewallSocketServer::SetInvalidBindIps( |
| 188 const std::vector<rtc::IPAddress>& invalid_bind_ips) { |
| 189 invalid_bind_ips_ = invalid_bind_ips; |
| 190 } |
| 191 |
| 192 bool FirewallSocketServer::CanBindToIp(const rtc::IPAddress& ip) { |
| 193 return std::find(invalid_bind_ips_.begin(), invalid_bind_ips_.end(), ip) == |
| 194 invalid_bind_ips_.end(); |
| 195 } |
| 196 |
| 179 Socket* FirewallSocketServer::CreateSocket(int type) { | 197 Socket* FirewallSocketServer::CreateSocket(int type) { |
| 180 return CreateSocket(AF_INET, type); | 198 return CreateSocket(AF_INET, type); |
| 181 } | 199 } |
| 182 | 200 |
| 183 Socket* FirewallSocketServer::CreateSocket(int family, int type) { | 201 Socket* FirewallSocketServer::CreateSocket(int family, int type) { |
| 184 return WrapSocket(server_->CreateAsyncSocket(family, type), type); | 202 return WrapSocket(server_->CreateAsyncSocket(family, type), type); |
| 185 } | 203 } |
| 186 | 204 |
| 187 AsyncSocket* FirewallSocketServer::CreateAsyncSocket(int type) { | 205 AsyncSocket* FirewallSocketServer::CreateAsyncSocket(int type) { |
| 188 return CreateAsyncSocket(AF_INET, type); | 206 return CreateAsyncSocket(AF_INET, type); |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 244 | 262 |
| 245 void FirewallManager::ClearRules() { | 263 void FirewallManager::ClearRules() { |
| 246 CritScope scope(&crit_); | 264 CritScope scope(&crit_); |
| 247 for (std::vector<FirewallSocketServer*>::const_iterator it = | 265 for (std::vector<FirewallSocketServer*>::const_iterator it = |
| 248 servers_.begin(); it != servers_.end(); ++it) { | 266 servers_.begin(); it != servers_.end(); ++it) { |
| 249 (*it)->ClearRules(); | 267 (*it)->ClearRules(); |
| 250 } | 268 } |
| 251 } | 269 } |
| 252 | 270 |
| 253 } // namespace rtc | 271 } // namespace rtc |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2936553003:
Adding PortAllocator option to support cases where sockets can't be bound. (Closed)
