handle icmp stuff correctly

2011-02-24 18:28:46 -08:00 · 2011-02-24 18:28:46 -08:00 · 47264e1f3b
parent d66740c6a6
commit 47264e1f3b
3 changed files with 12 additions and 3 deletions
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@ -2106,7 +2106,9 @@ def network_rules(session, args):
                range = start + "/" + end
                if start == "-1":
                    range = "any"
-                    iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range,  '-m', 'set', '--match-set', ipsetname, 'src', '-j', 'ACCEPT']
+                elif end == "-1":
+                    range = start
+                iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range,  '-m', 'set', '--match-set', ipsetname, 'src', '-j', 'ACCEPT']
            util.pread2(iptables)
            util.SMlog(iptables)
        
@ -2117,7 +2119,9 @@ def network_rules(session, args):
                range = start + "/" + end
                if start == "-1":
                    range = "any"
-                    iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range, '-j', 'ACCEPT']
+                elif end == "-1":
+                    range = start
+                iptables = ['iptables', '-I', vmchain, '-p',  'icmp', '--icmp-type',  range, '-j', 'ACCEPT']
            util.pread2(iptables)
            util.SMlog(iptables)
            
--- a/server/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java
+++ b/server/src/com/cloud/api/commands/AuthorizeNetworkGroupIngressCmd.java
@ -101,9 +101,10 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseCmd {
        	if (icmpType == -1 && icmpCode != -1) {
        		throw new ServerApiException(BaseCmd.NET_INVALID_PARAM_ERROR, "Invalid icmp type range" );
        	} 
-        	if (icmpCode > 255) {
+        	if (icmpCode > 15) {
        		throw new ServerApiException(BaseCmd.NET_INVALID_PARAM_ERROR, "Invalid icmp code " );
        	}
+        	
        	startPortOrType = icmpType;
        	endPortOrCode= icmpCode;
        } else if (protocol.equals("all")) {
@ -195,6 +196,7 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseCmd {
                    s_logger.debug( "Invalid cidr (" + cidr + ") given, unable to authorize ingress.");	
                    throw new ServerApiException(BaseCmd.NET_INVALID_PARAM_ERROR, "Invalid cidr (" + cidr + ") given, unable to authorize ingress.");	
        		}
+        		
        		authorizedCidrs.add(cidr);
        	}
        }
--- a/utils/src/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/com/cloud/utils/net/NetUtils.java
@ -407,6 +407,9 @@ public class NetUtils {
        
        if (cidrSizeNum < 0 || cidrSizeNum > 32) return false;
        
+        if (cidrAddress.equals("0.0.0.0") && cidrSizeNum != 0) 
+        	return false;
+        
        return true;
 	}