Adding PortAllocator option to support cases where sockets can't be bound.

webrtc/base/firewallsocketserver.h

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 40 matching lines @@
   void AddRule(bool allow, FirewallProtocol p = FP_ANY,
                FirewallDirection d = FD_ANY,
                const SocketAddress& addr = SocketAddress());
   void AddRule(bool allow, FirewallProtocol p,
                const SocketAddress& src, const SocketAddress& dst);
   void ClearRules();
 
   bool Check(FirewallProtocol p,
              const SocketAddress& src, const SocketAddress& dst);
 
+  // Set the IP addresses which can't be bound to using Bind. By default this

[pthatcher1, 2017/06/13 19:52:49]

"which can't be bound to using Bind" => "for which Bind will fail"?

[Taylor Brandstetter, 2017/06/13 22:11:17]

Done.

+  // list is empty. This can be used to simulate a real OS that refuses to bind
+  // to addresses under various circumstances.
+  //
+  // No matter how many addresses are added (including INADDR_ANY), the server
+  // will still allow creating outgoing TCP connections, since they don't
+  // require explicitly binding a socket.
+  void SetInvalidBindIps(const std::vector<rtc::IPAddress>& invalid_bind_ips);
+  bool CanBindToIp(const rtc::IPAddress& ip);

[pthatcher1, 2017/06/13 19:52:49]

Might make these symmetric: SetInvalidBindIps and IsInvalidBindIp.   

And I'd also suggest using the word "(un)bindable".  "SetUnbindableIps" and
"IsBindable" and unbindable_ips_.

[Taylor Brandstetter, 2017/06/13 22:11:17]

Done.

+
   Socket* CreateSocket(int type) override;
   Socket* CreateSocket(int family, int type) override;
 
   AsyncSocket* CreateAsyncSocket(int type) override;
   AsyncSocket* CreateAsyncSocket(int family, int type) override;
 
   void SetMessageQueue(MessageQueue* queue) override;
   bool Wait(int cms, bool process_io) override;
   void WakeUp() override;
 
   Socket * WrapSocket(Socket * sock, int type);
   AsyncSocket * WrapSocket(AsyncSocket * sock, int type);
 
  private:
   SocketServer * server_;
   FirewallManager * manager_;
   CriticalSection crit_;
   struct Rule {
     bool allow;
     FirewallProtocol p;
     FirewallDirection d;
     SocketAddress src;
     SocketAddress dst;
   };
   std::vector<Rule> rules_;
+  // IP addresses which can't be successfully bound to, using Bind. If this
+  // list is empty, any address is accepted.

[pthatcher1, 2017/06/13 19:52:49]

You just need one comment to explain this, not two (here and in the Set method).
 One can reference the other.

[Taylor Brandstetter, 2017/06/13 22:11:17]

Done.

+  std::vector<rtc::IPAddress> invalid_bind_ips_;
   bool should_delete_server_;
   bool udp_sockets_enabled_;
   bool tcp_sockets_enabled_;
   bool tcp_listen_enabled_;
 };
 
 // FirewallManager allows you to manage firewalls in multiple threads together
 
 class FirewallManager {
  public:
   FirewallManager();
   ~FirewallManager();
 
   void AddServer(FirewallSocketServer * server);
   void RemoveServer(FirewallSocketServer * server);
 
   void AddRule(bool allow, FirewallProtocol p = FP_ANY,
                FirewallDirection d = FD_ANY,
                const SocketAddress& addr = SocketAddress());
   void ClearRules();
 
  private:
   CriticalSection crit_;
   std::vector<FirewallSocketServer *> servers_;
 };
 
 }  // namespace rtc
 
 #endif  // WEBRTC_BASE_FIREWALLSOCKETSERVER_H_