Make the Pepper TCP open the firewall on Cros.

content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc

Index: content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc
diff --git a/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc b/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc
index aa63ab16308c0460405505cc639b591e355ec426..e2690adb644dc1eb48ae63dbebe183f71c96fbfe 100644
--- a/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc
+++ b/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc
@@ -36,6 +36,10 @@
 #include "ppapi/proxy/tcp_socket_resource_base.h"
 #include "ppapi/shared_impl/private/net_address_private_impl.h"
 
+#if defined(OS_CHROMEOS)
+#include "chromeos/network/firewall_hole.h"
+#endif  // defined(OS_CHROMEOS)
+
 using ppapi::NetAddressPrivateImpl;
 using ppapi::host::NetErrorToPepperError;
 using ppapi::proxy::TCPSocketResourceBase;
@@ -470,6 +474,10 @@ int32_t PepperTCPSocketMessageFilter::OnMsgClose(
     return PP_OK;
 
   state_.DoTransition(TCPSocketState::CLOSE, true);
+#if defined(OS_CHROMEOS)
+  // Close the firewall hole, it is no longer needed.
+  firewall_hole_.reset(nullptr);

[bbudge, 2015/07/22 02:00:48]

nit: can just reset() with no param.

[avallee, 2015/07/24 18:33:00]

Done.

+#endif  // defined(OS_CHROMEOS)
   // Make sure we get no further callbacks from |socket_| or |ssl_socket_|.
   if (socket_) {
     socket_->Close();
@@ -713,8 +721,11 @@ void PepperTCPSocketMessageFilter::DoListen(
   }
 
   int32_t pp_result = NetErrorToPepperError(socket_->Listen(backlog));
-  SendListenReply(context, pp_result);
-  state_.DoTransition(TCPSocketState::LISTEN, pp_result == PP_OK);
+#if defined(OS_CHROMEOS)
+  OpenFirewallHole(context, pp_result);
+#else
+  OnListenCompleted(context, pp_result);
+#endif
 }
 
 void PepperTCPSocketMessageFilter::OnResolveCompleted(
@@ -926,6 +937,47 @@ void PepperTCPSocketMessageFilter::OnWriteCompleted(
   write_buffer_base_ = NULL;
 }
 
+void PepperTCPSocketMessageFilter::OnListenCompleted(
+    const ppapi::host::ReplyMessageContext& context,
+    int32_t pp_result) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+  SendListenReply(context, pp_result);
+  state_.DoTransition(TCPSocketState::LISTEN, pp_result == PP_OK);
+}
+
+#if defined(OS_CHROMEOS)
+void PepperTCPSocketMessageFilter::OpenFirewallHole(
+    const ppapi::host::ReplyMessageContext& context,
+    int32_t pp_result) {
+  if (pp_result != PP_OK) {
+    return;
+  }
+
+  net::IPEndPoint local_addr;
+  // Has already been called successfully in DoBind().
+  socket_->GetLocalAddress(&local_addr);
+  pepper_socket_utils::FirewallHoleOpenCallback callback =
+      base::Bind(&PepperTCPSocketMessageFilter::OnFirewallHoleOpened,
+                 base::Unretained(this), context, pp_result);

[bbudge, 2015/07/22 02:00:48]

Why base::Unretained(this) instead of just 'this'?
Here and below.

[avallee, 2015/07/24 18:33:00]

Was copying the other code in this file. Removed since it works without
unretained and is safer.

+  BrowserThread::PostTask(BrowserThread::UI, FROM_HERE,
+                          base::Bind(&pepper_socket_utils::OpenTCPFirewallHole,
+                                     local_addr, callback));
+}
+
+void PepperTCPSocketMessageFilter::OnFirewallHoleOpened(
+    const ppapi::host::ReplyMessageContext& context,
+    int32_t result,
+    scoped_ptr<chromeos::FirewallHole> hole) {
+  LOG_IF(WARNING, !hole.get()) << "Firewall hole could not be opened.";
+  firewall_hole_.reset(hole.release());
+
+  BrowserThread::PostTask(
+      BrowserThread::IO, FROM_HERE,
+      base::Bind(&PepperTCPSocketMessageFilter::OnListenCompleted,
+                 base::Unretained(this), context, result));
+}
+#endif  // defined(OS_CHROMEOS)
+
 void PepperTCPSocketMessageFilter::OnAcceptCompleted(
     const ppapi::host::ReplyMessageContext& context,
     int net_result) {