diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java index bb9d8e0b73b..bdb777c108f 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java @@ -151,7 +151,20 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{ if (protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (portStart != null || portEnd != null)) { throw new InvalidParameterValueException("Can't specify start/end port when protocol is ICMP", null); - } + } + + //validate icmp code and type + if (icmpType != null) { + if (!NetUtils.validateIcmpType(icmpType)) { + throw new InvalidParameterValueException("Invalid icmp type; should belong to [0-255] range", null); + } + if (icmpCode != null) { + if (!NetUtils.validateIcmpCode(icmpCode)) { + throw new InvalidParameterValueException("Invalid icmp code; should belong to [0-15] range and can" + + " be defined when icmpType belongs to [0-40] range", null); + } + } + } validateNetworkACL(caller, network, portStart, portEnd, protocol); diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java index 5676fda8be2..c6f2096a8af 100755 --- a/utils/src/com/cloud/utils/net/NetUtils.java +++ b/utils/src/com/cloud/utils/net/NetUtils.java @@ -1147,4 +1147,24 @@ public class NetUtils { } return true; } + + public static boolean validateIcmpType(int icmpType) { + //Source - http://www.erg.abdn.ac.uk/~gorry/course/inet-pages/icmp-code.html + if(!(icmpType >=0 && icmpType <=255)) { + s_logger.warn("impcType is not within 0-255 range"); + return false; + } + return true; + } + + public static boolean validateIcmpCode(int icmpCode) { + + //Source - http://www.erg.abdn.ac.uk/~gorry/course/inet-pages/icmp-code.html + if(!(icmpCode >=0 && icmpCode <=15)) { + s_logger.warn("Icmp code should be within 0-15 range"); + return false; + } + + return true; + } }