content/browser/renderer_host/pepper/pepper_socket_utils.cc - Issue 2650793003: Fix Pepper socket API to open incoming ports in the firewall.

Side by Side Diff: content/browser/renderer_host/pepper/pepper_socket_utils.cc

Issue 2650793003: Fix Pepper socket API to open incoming ports in the firewall. (Closed)

Patch Set: . Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/renderer_host/pepper/pepper_socket_utils.h"	5 #include "content/browser/renderer_host/pepper/pepper_socket_utils.h"

6	6

7 #include <string>	7 #include <string>

8 #include <vector>	8 #include <vector>

9	9

10 #include "base/logging.h"	10 #include "base/logging.h"

(...skipping 138 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
149 bool IsLoopbackAddress(const net::IPAddress& address) {	149 bool IsLoopbackAddress(const net::IPAddress& address) {

150 if (address.IsIPv4()) {	150 if (address.IsIPv4()) {

151 return net::IPAddressStartsWith(address, kIPv4LocalhostPrefix);	151 return net::IPAddressStartsWith(address, kIPv4LocalhostPrefix);

152 } else if (address.IsIPv6()) {	152 } else if (address.IsIPv6()) {

153 // ::1 is the only loopback address in ipv6.	153 // ::1 is the only loopback address in ipv6.

154 return address == net::IPAddress::IPv6Localhost();	154 return address == net::IPAddress::IPv6Localhost();

155 }	155 }

156 return false;	156 return false;

157 }	157 }

158	158

159 std::string AddressToFirewallString(const net::IPAddress& address) {

160 if (address.IsZero() \|\| address.empty()) {

161 return std::string();

162 }

163

164 return address.ToString();

165 }

166

167 } // namespace	159 } // namespace

168	160

169 void OpenFirewallHole(const net::IPEndPoint& address,	161 void OpenFirewallHole(const net::IPEndPoint& address,

170 chromeos::FirewallHole::PortType type,	162 chromeos::FirewallHole::PortType type,

171 FirewallHoleOpenCallback callback) {	163 FirewallHoleOpenCallback callback) {

172 if (IsLoopbackAddress(address.address())) {	164 if (IsLoopbackAddress(address.address())) {

173 callback.Run(nullptr);	165 callback.Run(nullptr);

174 return;	166 return;

175 }	167 }

176 std::string address_string = AddressToFirewallString(address.address());

177	168

178 chromeos::FirewallHole::Open(type, address.port(), address_string, callback);	169 // TODO(sergeyu): Currently an empty string is passed as interface name, which

	170 // means the port will be opened on all network interfaces. Interface name

	171 // can be resolved by the address, but the best solution would be to update

	172 // firewalld to allow filtering by destination address, not just destination

	173 // port. iptables already support it.

	174 chromeos::FirewallHole::Open(type, address.port(), std::string(), callback);
	avallee 2017/01/23 19:28:23 Might be a bit of plumbing to have both interface Might be a bit of plumbing to have both interface or address strings all the way to firewalld but that would be ideal. The other thing I had considered was looking up which interface had that address, but that might not be available here or even a 1-1 mapping.
179 }	175 }

180	176

181 void OpenTCPFirewallHole(const net::IPEndPoint& address,	177 void OpenTCPFirewallHole(const net::IPEndPoint& address,

182 FirewallHoleOpenCallback callback) {	178 FirewallHoleOpenCallback callback) {

183 OpenFirewallHole(address, chromeos::FirewallHole::PortType::TCP, callback);	179 OpenFirewallHole(address, chromeos::FirewallHole::PortType::TCP, callback);

184 }	180 }

185	181

186 void OpenUDPFirewallHole(const net::IPEndPoint& address,	182 void OpenUDPFirewallHole(const net::IPEndPoint& address,

187 FirewallHoleOpenCallback callback) {	183 FirewallHoleOpenCallback callback) {

188 OpenFirewallHole(address, chromeos::FirewallHole::PortType::UDP, callback);	184 OpenFirewallHole(address, chromeos::FirewallHole::PortType::UDP, callback);

189 }	185 }

190 #endif // defined(OS_CHROMEOS)	186 #endif // defined(OS_CHROMEOS)

191	187

192 } // namespace pepper_socket_utils	188 } // namespace pepper_socket_utils

193 } // namespace content	189 } // namespace content

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »