Restrict Me2Me host to the 12400-12409 port range.

Also added options in the simple_host to specify port range to use


Review URL: http://codereview.chromium.org/9148089

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@117695 0039d316-1c4b-4281-b951-d872f2087c98

14 files changed, 112 insertions, 32 deletions

diff --git a/remoting/host/chromoting_host.cc b/remoting/host/chromoting_host.cc
index 21a3d3e..b1997ed 100644
--- a/remoting/host/chromoting_host.cc
+++ b/remoting/host/chromoting_host.cc
@@ -30,13 +30,14 @@ using remoting::protocol::InputStub;
 
 namespace remoting {
 
-ChromotingHost::ChromotingHost(ChromotingHostContext* context,
-                               SignalStrategy* signal_strategy,
-                               DesktopEnvironment* environment,
-                               bool allow_nat_traversal)
+ChromotingHost::ChromotingHost(
+    ChromotingHostContext* context,
+    SignalStrategy* signal_strategy,
+    DesktopEnvironment* environment,
+    const protocol::NetworkSettings& network_settings)
     : context_(context),
       desktop_environment_(environment),
-      allow_nat_traversal_(allow_nat_traversal),
+      network_settings_(network_settings),
       have_shared_secret_(false),
       signal_strategy_(signal_strategy),
       stopping_recorders_(0),
@@ -67,7 +68,7 @@ void ChromotingHost::Start() {
   // Create and start session manager.
   session_manager_.reset(
       new protocol::JingleSessionManager(context_->network_message_loop()));
-  session_manager_->Init(signal_strategy_, this, allow_nat_traversal_);
+  session_manager_->Init(signal_strategy_, this, network_settings_);
 }
 
 // This method is called when we need to destroy the host process.
diff --git a/remoting/host/chromoting_host.h b/remoting/host/chromoting_host.h
index 1c1022f..5d7d1051 100644
--- a/remoting/host/chromoting_host.h
+++ b/remoting/host/chromoting_host.h
@@ -69,7 +69,7 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>,
   ChromotingHost(ChromotingHostContext* context,
                  SignalStrategy* signal_strategy,
                  DesktopEnvironment* environment,
-                 bool allow_nat_traversal);
+                 const protocol::NetworkSettings& network_settings);
 
   // Asynchronously start the host process.
   //
@@ -173,7 +173,7 @@ class ChromotingHost : public base::RefCountedThreadSafe<ChromotingHost>,
   // Parameters specified when the host was created.
   ChromotingHostContext* context_;
   DesktopEnvironment* desktop_environment_;
-  bool allow_nat_traversal_;
+  protocol::NetworkSettings network_settings_;
 
   // TODO(lambroslambrou): The following is a temporary fix for Me2Me
   // (crbug.com/105995), pending the AuthenticatorFactory work.
diff --git a/remoting/host/chromoting_host_unittest.cc b/remoting/host/chromoting_host_unittest.cc
index b1a364e..5ba4370 100644
--- a/remoting/host/chromoting_host_unittest.cc
+++ b/remoting/host/chromoting_host_unittest.cc
@@ -94,7 +94,8 @@ class ChromotingHostTest : public testing::Test {
         new DesktopEnvironment(&context_, capturer, event_executor_));
 
     host_ = new ChromotingHost(
-        &context_, &signal_strategy_, desktop_environment_.get(), false);
+        &context_, &signal_strategy_, desktop_environment_.get(),
+        protocol::NetworkSettings());
 
     disconnect_window_ = new MockDisconnectWindow();
     continue_window_ = new MockContinueWindow();
diff --git a/remoting/host/plugin/host_script_object.cc b/remoting/host/plugin/host_script_object.cc
index c060c88..1a26b49 100644
--- a/remoting/host/plugin/host_script_object.cc
+++ b/remoting/host/plugin/host_script_object.cc
@@ -522,8 +522,8 @@ void HostNPScriptObject::FinishConnectNetworkThread(
   // Create the Host.
   LOG(INFO) << "NAT state: " << nat_traversal_enabled_;
   host_ = new ChromotingHost(
-      &host_context_, signal_strategy_.get(),
-      desktop_environment_.get(), nat_traversal_enabled_);
+      &host_context_, signal_strategy_.get(), desktop_environment_.get(),
+      protocol::NetworkSettings(nat_traversal_enabled_));
   host_->AddStatusObserver(this);
   log_to_server_.reset(new LogToServer(signal_strategy_.get()));
   host_->AddStatusObserver(log_to_server_.get());
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index 609ff64..33c5728 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -38,17 +38,23 @@
 #endif
 
 namespace {
+
 // These are used for parsing the config-file locations from the command line,
 // and for defining the default locations if the switches are not present.
 const char kAuthConfigSwitchName[] = "auth-config";
 const char kHostConfigSwitchName[] = "host-config";
+
 const FilePath::CharType kDefaultConfigDir[] =
     FILE_PATH_LITERAL(".config/chrome-remote-desktop");
 const FilePath::CharType kDefaultAuthConfigFile[] =
     FILE_PATH_LITERAL("auth.json");
 const FilePath::CharType kDefaultHostConfigFile[] =
     FILE_PATH_LITERAL("host.json");
-}
+
+const int kMinPortNumber = 12400;
+const int kMaxPortNumber = 12409;
+
+}  // namespace
 
 namespace remoting {
 
@@ -154,8 +160,14 @@ class HostProcess {
 
     desktop_environment_.reset(DesktopEnvironment::Create(&context_));
 
+    protocol::NetworkSettings network_settings;
+    network_settings.allow_nat_traversal = false;
+    network_settings.min_port = kMinPortNumber;
+    network_settings.max_port = kMaxPortNumber;
+
     host_ = new ChromotingHost(
-        &context_, signal_strategy_.get(), desktop_environment_.get(), false);
+        &context_, signal_strategy_.get(), desktop_environment_.get(),
+        network_settings);
 
     heartbeat_sender_.reset(
         new HeartbeatSender(host_id_, signal_strategy_.get(), &key_pair_));
diff --git a/remoting/host/simple_host_process.cc b/remoting/host/simple_host_process.cc
index 59f93a9..f06ba79 100644
--- a/remoting/host/simple_host_process.cc
+++ b/remoting/host/simple_host_process.cc
@@ -26,6 +26,7 @@
 #include "base/logging.h"
 #include "base/message_loop.h"
 #include "base/path_service.h"
+#include "base/string_number_conversions.h"
 #include "base/utf_string_conversions.h"
 #include "base/threading/thread.h"
 #include "crypto/nss_util.h"
@@ -61,6 +62,7 @@ HMODULE g_hModule = NULL;
 
 using remoting::protocol::CandidateSessionConfig;
 using remoting::protocol::ChannelConfig;
+using remoting::protocol::NetworkSettings;
 
 namespace {
 
@@ -74,6 +76,9 @@ const char kFakeSwitchName[] = "fake";
 const char kIT2MeSwitchName[] = "it2me";
 const char kConfigSwitchName[] = "config";
 const char kVideoSwitchName[] = "video";
+const char kDisableNatTraversalSwitchName[] = "disable-nat-traversal";
+const char kMinPortSwitchName[] = "min-port";
+const char kMaxPortSwitchName[] = "max-port";
 
 const char kVideoSwitchValueVerbatim[] = "verbatim";
 const char kVideoSwitchValueZip[] = "zip";
@@ -147,6 +152,8 @@ class SimpleHost {
     protocol_config_.reset(protocol_config);
   }
 
+  NetworkSettings* network_settings() { return &network_settings_; }
+
  private:
   static void SetIT2MeAccessCode(scoped_refptr<ChromotingHost> host,
                                  HostKeyPair* key_pair,
@@ -207,7 +214,7 @@ class SimpleHost {
     }
 
     host_ = new ChromotingHost(&context_, signal_strategy_.get(),
-                               desktop_environment_.get(), false);
+                               desktop_environment_.get(), network_settings_);
     host_->set_it2me(is_it2me_);
 
     log_to_server_.reset(new LogToServer(signal_strategy_.get()));
@@ -256,6 +263,7 @@ class SimpleHost {
   FilePath config_path_;
   bool fake_;
   bool is_it2me_;
+  NetworkSettings network_settings_;
   scoped_ptr<CandidateSessionConfig> protocol_config_;
 
   std::string host_id_;
@@ -328,5 +336,34 @@ int main(int argc, char** argv) {
     simple_host.set_protocol_config(config.release());
   }
 
+  if (cmd_line->HasSwitch(kDisableNatTraversalSwitchName))
+    simple_host.network_settings()->allow_nat_traversal = false;
+
+  if (cmd_line->HasSwitch(kMinPortSwitchName)) {
+    std::string min_port_str =
+        cmd_line->GetSwitchValueASCII(kMinPortSwitchName);
+    int min_port = 0;
+    if (!base::StringToInt(min_port_str, &min_port) ||
+        min_port < 0 || min_port > 65535) {
+      LOG(ERROR) << "Invalid min-port value: " << min_port
+                 << ". Expected integer in range [0, 65535].";
+      return 1;
+    }
+    simple_host.network_settings()->min_port = min_port;
+  }
+
+  if (cmd_line->HasSwitch(kMaxPortSwitchName)) {
+    std::string max_port_str =
+        cmd_line->GetSwitchValueASCII(kMaxPortSwitchName);
+    int max_port = 0;
+    if (!base::StringToInt(max_port_str, &max_port) ||
+        max_port < 0 || max_port > 65535) {
+      LOG(ERROR) << "Invalid max-port value: " << max_port
+                 << ". Expected integer in range [0, 65535].";
+      return 1;
+    }
+    simple_host.network_settings()->max_port = max_port;
+  }
+
   return simple_host.Run();
 }
diff --git a/remoting/protocol/connection_to_host.cc b/remoting/protocol/connection_to_host.cc
index 92f77bf..9d00f8d 100644
--- a/remoting/protocol/connection_to_host.cc
+++ b/remoting/protocol/connection_to_host.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -75,7 +75,8 @@ void ConnectionToHost::Connect(scoped_refptr<XmppProxy> xmpp_proxy,
   signal_strategy_->Connect();
 
   session_manager_.reset(new PepperSessionManager(pp_instance_));
-  session_manager_->Init(signal_strategy_.get(), this, allow_nat_traversal_);
+  session_manager_->Init(signal_strategy_.get(), this,
+                         NetworkSettings(allow_nat_traversal_));
 }
 
 void ConnectionToHost::Disconnect(const base::Closure& shutdown_task) {
diff --git a/remoting/protocol/jingle_session_manager.cc b/remoting/protocol/jingle_session_manager.cc
index a40c397..60d84e7 100644
--- a/remoting/protocol/jingle_session_manager.cc
+++ b/remoting/protocol/jingle_session_manager.cc
@@ -46,7 +46,7 @@ JingleSessionManager::~JingleSessionManager() {
 void JingleSessionManager::Init(
     SignalStrategy* signal_strategy,
     SessionManager::Listener* listener,
-    bool allow_nat_traversal) {
+    const NetworkSettings& network_settings) {
   DCHECK(CalledOnValidThread());
 
   DCHECK(signal_strategy);
@@ -54,7 +54,7 @@ void JingleSessionManager::Init(
 
   signal_strategy_ = signal_strategy;
   listener_ = listener;
-  allow_nat_traversal_ = allow_nat_traversal;
+  allow_nat_traversal_ = network_settings.allow_nat_traversal;
 
   signal_strategy_->AddListener(this);
 
@@ -75,7 +75,7 @@ void JingleSessionManager::Init(
   // so we explicitly disables TCP connections.
   int port_allocator_flags = cricket::PORTALLOCATOR_DISABLE_TCP;
 
-  if (allow_nat_traversal) {
+  if (allow_nat_traversal_) {
     http_port_allocator_ = new cricket::HttpPortAllocator(
         network_manager_.get(), socket_factory_.get(), "transp2");
     port_allocator_.reset(http_port_allocator_);
@@ -88,6 +88,9 @@ void JingleSessionManager::Init(
   }
   port_allocator_->set_flags(port_allocator_flags);
 
+  port_allocator_->SetPortRange(
+      network_settings.min_port, network_settings.max_port);
+
   // Initialize |cricket_session_manager_|.
   cricket_session_manager_.reset(
       new cricket::SessionManager(port_allocator_.get()));
diff --git a/remoting/protocol/jingle_session_manager.h b/remoting/protocol/jingle_session_manager.h
index 79b8e31..cb5c8ab 100644
--- a/remoting/protocol/jingle_session_manager.h
+++ b/remoting/protocol/jingle_session_manager.h
@@ -43,7 +43,7 @@ class JingleSessionManager : public SessionManager,
   // SessionManager interface.
   virtual void Init(SignalStrategy* signal_strategy,
                     SessionManager::Listener* listener,
-                    bool allow_nat_traversal) OVERRIDE;
+                    const NetworkSettings& network_settings) OVERRIDE;
   virtual Session* Connect(
       const std::string& host_jid,
       Authenticator* authenticator,
diff --git a/remoting/protocol/jingle_session_unittest.cc b/remoting/protocol/jingle_session_unittest.cc
index 4a087d0..441e19b 100644
--- a/remoting/protocol/jingle_session_unittest.cc
+++ b/remoting/protocol/jingle_session_unittest.cc
@@ -132,8 +132,8 @@ class JingleSessionTest : public testing::Test {
         .Times(1);
     host_server_.reset(new JingleSessionManager(
         base::MessageLoopProxy::current()));
-    host_server_->Init(
-        host_signal_strategy_.get(), &host_server_listener_, false);
+    host_server_->Init(host_signal_strategy_.get(), &host_server_listener_,
+                       NetworkSettings());
 
     scoped_ptr<AuthenticatorFactory> factory(
         new FakeHostAuthenticatorFactory(auth_round_trips, auth_action, true));
@@ -143,8 +143,8 @@ class JingleSessionTest : public testing::Test {
         .Times(1);
     client_server_.reset(new JingleSessionManager(
         base::MessageLoopProxy::current()));
-    client_server_->Init(
-        client_signal_strategy_.get(), &client_server_listener_, false);
+    client_server_->Init(client_signal_strategy_.get(),
+                         &client_server_listener_, NetworkSettings());
   }
 
   void CloseSessionManager() {
diff --git a/remoting/protocol/pepper_session_manager.cc b/remoting/protocol/pepper_session_manager.cc
index a9e7471..877b650 100644
--- a/remoting/protocol/pepper_session_manager.cc
+++ b/remoting/protocol/pepper_session_manager.cc
@@ -34,11 +34,15 @@ PepperSessionManager::~PepperSessionManager() {
 void PepperSessionManager::Init(
     SignalStrategy* signal_strategy,
     SessionManager::Listener* listener,
-    bool allow_nat_traversal) {
+    const NetworkSettings& network_settings) {
   listener_ = listener;
   signal_strategy_ = signal_strategy;
   iq_sender_.reset(new IqSender(signal_strategy_));
-  allow_nat_traversal_ = allow_nat_traversal;
+  allow_nat_traversal_ = network_settings.allow_nat_traversal;
+
+  // Limiting the port range is not supported yet.
+  DCHECK(network_settings.max_port == 0 &&
+         network_settings.min_port == 0);
 
   signal_strategy_->AddListener(this);
 
diff --git a/remoting/protocol/pepper_session_manager.h b/remoting/protocol/pepper_session_manager.h
index 784b297..4db2f05 100644
--- a/remoting/protocol/pepper_session_manager.h
+++ b/remoting/protocol/pepper_session_manager.h
@@ -50,7 +50,7 @@ class PepperSessionManager : public SessionManager,
   // SessionManager interface.
   virtual void Init(SignalStrategy* signal_strategy,
                     SessionManager::Listener* listener,
-                    bool allow_nat_traversal) OVERRIDE;
+                    const NetworkSettings& network_settings) OVERRIDE;
   virtual Session* Connect(
       const std::string& host_jid,
       Authenticator* authenticator,
diff --git a/remoting/protocol/pepper_session_unittest.cc b/remoting/protocol/pepper_session_unittest.cc
index 39d9b34..bec6e95 100644
--- a/remoting/protocol/pepper_session_unittest.cc
+++ b/remoting/protocol/pepper_session_unittest.cc
@@ -98,8 +98,8 @@ class PepperSessionTest : public testing::Test {
         .Times(1);
     host_server_.reset(new JingleSessionManager(
         base::MessageLoopProxy::current()));
-    host_server_->Init(
-        host_signal_strategy_.get(), &host_server_listener_, false);
+    host_server_->Init(host_signal_strategy_.get(), &host_server_listener_,
+                       NetworkSettings(false));
 
     scoped_ptr<AuthenticatorFactory> factory(
         new FakeHostAuthenticatorFactory(auth_round_trips, auth_action, true));
@@ -108,8 +108,8 @@ class PepperSessionTest : public testing::Test {
     EXPECT_CALL(client_server_listener_, OnSessionManagerReady())
         .Times(1);
     client_server_.reset(new PepperSessionManager(NULL));
-    client_server_->Init(
-        client_signal_strategy_.get(), &client_server_listener_, false);
+    client_server_->Init(client_signal_strategy_.get(),
+                         &client_server_listener_, NetworkSettings());
   }
 
   void CloseSessionManager() {
diff --git a/remoting/protocol/session_manager.h b/remoting/protocol/session_manager.h
index 879dc70..0d1129e 100644
--- a/remoting/protocol/session_manager.h
+++ b/remoting/protocol/session_manager.h
@@ -69,6 +69,27 @@ namespace protocol {
 class Authenticator;
 class AuthenticatorFactory;
 
+struct NetworkSettings {
+  NetworkSettings()
+      : allow_nat_traversal(false),
+        min_port(0),
+        max_port(0) {
+  }
+
+  explicit NetworkSettings(bool allow_nat_traversal_value)
+      : allow_nat_traversal(allow_nat_traversal_value),
+        min_port(0),
+        max_port(0) {
+  }
+
+  bool allow_nat_traversal;
+
+  // |min_port| and |max_port| specify range (inclusive) of ports used by
+  // P2P sessions. Any port can be used when both values are set to 0.
+  int min_port;
+  int max_port;
+};
+
 // Generic interface for Chromoting session manager.
 //
 // TODO(sergeyu): Split this into two separate interfaces: one for the
@@ -118,7 +139,7 @@ class SessionManager : public base::NonThreadSafe {
   // |certificate|.
   virtual void Init(SignalStrategy* signal_strategy,
                     Listener* listener,
-                    bool allow_nat_traversal) = 0;
+                    const NetworkSettings& network_settings) = 0;
 
   // Tries to create a session to the host |jid|. Must be called only
   // after initialization has finished successfully, i.e. after