diff options
| author | Jorge Lucangeli Obes <jorgelo@chromium.org> | 2015-02-12 11:49:38 -0800 |
|---|---|---|
| committer | Gilad Arnold <garnold@google.com> | 2015-08-10 23:11:52 -0700 |
| commit | eee27d2ce09514ff5d758f2e2b43b1b1f8832775 (patch) | |
| tree | 927e5e94a4e0b78aa17c5571c17e248d629a9e5c /iptables.h | |
| parent | 9b84ba149e26978e22bc97bdb0f2ce9d31e5f645 (diff) | |
| download | firewalld-eee27d2ce09514ff5d758f2e2b43b1b1f8832775.tar.gz | |
firewalld, permission_broker: add initial support for interfaces.
This is the first patch in a two-patch series. It adds support for specifying
interfaces to firewalld. The next patch will make permission_broker use this
support.
BUG=brillo:185
TEST=unit tests
TEST=platform_Firewall
Change-Id: Ic3247a20a55427e85a4fb1ff4beadb813f8e9b7c
Reviewed-on: https://chromium-review.googlesource.com/249360
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Zeping Qiu <zqiu@chromium.org>
Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
Diffstat (limited to 'iptables.h')
| -rw-r--r-- | iptables.h | 29 |
1 files changed, 18 insertions, 11 deletions
@@ -7,8 +7,9 @@ #include <stdint.h> +#include <set> #include <string> -#include <unordered_set> +#include <utility> #include <base/macros.h> #include <chromeos/errors/error.h> @@ -21,14 +22,16 @@ enum ProtocolEnum { kProtocolTcp, kProtocolUdp }; class IpTables : public org::chromium::FirewalldInterface { public: + typedef std::pair<uint16_t, std::string> Hole; + IpTables(); ~IpTables(); // D-Bus methods. - bool PunchTcpHole(uint16_t in_port) override; - bool PunchUdpHole(uint16_t in_port) override; - bool PlugTcpHole(uint16_t in_port) override; - bool PlugUdpHole(uint16_t in_port) override; + bool PunchTcpHole(uint16_t in_port, const std::string& in_interface) override; + bool PunchUdpHole(uint16_t in_port, const std::string& in_interface) override; + bool PlugTcpHole(uint16_t in_port, const std::string& in_interface) override; + bool PlugUdpHole(uint16_t in_port, const std::string& in_interface) override; protected: // Test-only. @@ -38,24 +41,28 @@ class IpTables : public org::chromium::FirewalldInterface { friend class IpTablesTest; bool PunchHole(uint16_t port, - std::unordered_set<uint16_t>* holes, + const std::string& interface, + std::set<Hole>* holes, enum ProtocolEnum protocol); bool PlugHole(uint16_t port, - std::unordered_set<uint16_t>* holes, + const std::string& interface, + std::set<Hole>* holes, enum ProtocolEnum protocol); void PlugAllHoles(); bool AddAllowRule(enum ProtocolEnum protocol, - uint16_t port); + uint16_t port, + const std::string& interface); bool DeleteAllowRule(enum ProtocolEnum protocol, - uint16_t port); + uint16_t port, + const std::string& interface); std::string executable_path_; // Keep track of firewall holes to avoid adding redundant firewall rules. - std::unordered_set<uint16_t> tcp_holes_; - std::unordered_set<uint16_t> udp_holes_; + std::set<Hole> tcp_holes_; + std::set<Hole> udp_holes_; DISALLOW_COPY_AND_ASSIGN(IpTables); }; |