Make the Pepper TCP open the firewall on Cros.

content/browser/renderer_host/pepper/pepper_tcp_server_socket_message_filter.cc

Index: content/browser/renderer_host/pepper/pepper_tcp_server_socket_message_filter.cc
diff --git a/content/browser/renderer_host/pepper/pepper_tcp_server_socket_message_filter.cc b/content/browser/renderer_host/pepper/pepper_tcp_server_socket_message_filter.cc
index 0093c720863e895f2637f6db6e1ae5c581e544cb..f82413ed3d0cdbbf701cdc5263e16f8e2cb56718 100644
--- a/content/browser/renderer_host/pepper/pepper_tcp_server_socket_message_filter.cc
+++ b/content/browser/renderer_host/pepper/pepper_tcp_server_socket_message_filter.cc
@@ -26,6 +26,10 @@
 #include "ppapi/shared_impl/ppb_tcp_socket_shared.h"
 #include "ppapi/shared_impl/private/net_address_private_impl.h"
 
+#if defined(OS_CHROMEOS)
+#include "chromeos/network/firewall_hole.h"
+#endif  // defined(OS_CHROMEOS)
+
 using ppapi::NetAddressPrivateImpl;
 using ppapi::host::NetErrorToPepperError;
 
@@ -189,8 +193,7 @@ void PepperTCPServerSocketMessageFilter::DoListen(
     net_result = socket_->Listen(backlog);
   } while (false);
 
-  if (net_result != net::ERR_IO_PENDING)
-    OnListenCompleted(context, net_result);
+  MaybeOpenFirewallHole(context, net_result);

[bbudge, 2015/07/09 19:55:17]

I think it would be clearer to have the chromeos-specific code here, i.e.:

#if defined(OS_CHROMEOS)
  OpenFirewallHole(context, net_result);
#else
  OnListenCompleted(context, net_result);
#endif

 }
 
 void PepperTCPServerSocketMessageFilter::OnListenCompleted(
@@ -230,6 +233,38 @@ void PepperTCPServerSocketMessageFilter::OnListenCompleted(
   state_ = STATE_LISTENING;
 }
 
+void PepperTCPServerSocketMessageFilter::MaybeOpenFirewallHole(
+    const ppapi::host::ReplyMessageContext& context,
+    int net_result) {
+#if defined(OS_CHROMEOS)
+  if (net_result != net::OK) {
+    return;

[bbudge, 2015/07/09 19:55:17]

What if net_result == net::ERR_IO_PENDING?

[avallee, 2015/07/13 18:29:10]

Moved call to the body of if (net_result != net::ERR_IO_PENDING);

+  }
+  // punch hole.
+  net::IPEndPoint local_addr;
+  socket_->GetLocalAddress(&local_addr);
+  pepper_socket_utils::FirewallHoleOpenCallback callback =
+      base::Bind(&PepperTCPServerSocketMessageFilter::OnFirewallHoleOpened,
+                 base::Unretained(this), context, net_result);
+  pepper_socket_utils::OpenTCPFirewallHole(local_addr, callback);
+#else
+  OnListenCompleted(context, net_result);

[bbudge, 2015/07/09 19:55:17]

This changes the original behavior, where we checked:

if (net_result != net::ERR_IO_PENDING)

before calling OnListenCompleted.

[avallee, 2015/07/13 18:29:10]

Done.

+#endif  // defined(OS_CHROMEOS)
+}
+
+#if defined(OS_CHROMEOS)
+void PepperTCPServerSocketMessageFilter::OnFirewallHoleOpened(
+    const ppapi::host::ReplyMessageContext& context,
+    int32_t net_result,
+    scoped_ptr<chromeos::FirewallHole> hole) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+
+  LOG_IF(WARNING, !hole.get()) << "Firewall hole could not be opened.";
+  firewall_hole_.reset(hole.release());
+  OnListenCompleted(context, net_result);
+}
+#endif  // defined(OS_CHROMEOS)
+
 void PepperTCPServerSocketMessageFilter::OnAcceptCompleted(
     const ppapi::host::ReplyMessageContext& context,
     int net_result) {