From 3e9eea42f0e53b58338a2ca3383f8fcb53519ba6 Mon Sep 17 00:00:00 2001
From: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Date: Wed, 1 Aug 2012 19:39:52 -0700
Subject: [PATCH] VPC: CS-15813 - ICMP type and code validation

---
 .../network/vpc/NetworkACLManagerImpl.java    | 15 +++++++++++++-
 utils/src/com/cloud/utils/net/NetUtils.java   | 20 +++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
index bb9d8e0b73b..bdb777c108f 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -151,7 +151,20 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
 
         if (protocol.equalsIgnoreCase(NetUtils.ICMP_PROTO) && (portStart != null || portEnd != null)) {
             throw new InvalidParameterValueException("Can't specify start/end port when protocol is ICMP", null);
-        } 
+        }
+        
+        //validate icmp code and type
+        if (icmpType != null) {
+            if (!NetUtils.validateIcmpType(icmpType)) {
+                throw new InvalidParameterValueException("Invalid icmp type; should belong to [0-255] range", null);
+            }
+            if (icmpCode != null) {
+                if (!NetUtils.validateIcmpCode(icmpCode)) {
+                    throw new InvalidParameterValueException("Invalid icmp code; should belong to [0-15] range and can" +
+                            " be defined when icmpType belongs to [0-40] range", null);
+                }
+            }
+        }
 
         validateNetworkACL(caller, network, portStart, portEnd, protocol);
 
diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java
index 5676fda8be2..c6f2096a8af 100755
--- a/utils/src/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/com/cloud/utils/net/NetUtils.java
@@ -1147,4 +1147,24 @@ public class NetUtils {
         }
         return true;
     }
+    
+    public static boolean validateIcmpType(int icmpType) {
+        //Source - http://www.erg.abdn.ac.uk/~gorry/course/inet-pages/icmp-code.html
+        if(!(icmpType >=0 && icmpType <=255)) {
+            s_logger.warn("impcType is not within 0-255 range");
+            return false;
+        }
+        return true;
+    }
+    
+    public static boolean validateIcmpCode(int icmpCode) {
+        
+        //Source - http://www.erg.abdn.ac.uk/~gorry/course/inet-pages/icmp-code.html
+        if(!(icmpCode >=0 && icmpCode <=15)) {
+            s_logger.warn("Icmp code should be within 0-15 range");
+            return false;
+        }
+        
+        return true;
+    }
 }