etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

VPC: CS-15818 - don't allow having ICMP networkACLs with the same cidr and icmpType=-1 for rule1 and icmpType!=-1 for rule 2 as the rule1 covers rule2 in this case

This commit is contained in:
Alena Prokharchyk 2012-08-02 17:05:36 -07:00
parent 102a563cdd
commit 967ff1141b
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
View File

@ -155,11 +155,11 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
//validate icmp code and type
if (icmpType != null) {
if (!NetUtils.validateIcmpType(icmpType)) {
if (icmpType.longValue() != -1 && !NetUtils.validateIcmpType(icmpType.longValue())) {
throw new InvalidParameterValueException("Invalid icmp type; should belong to [0-255] range", null);
}
if (icmpCode != null) {
if (!NetUtils.validateIcmpCode(icmpCode)) {
if (icmpCode.longValue() != -1 && !NetUtils.validateIcmpCode(icmpCode.longValue())) {
throw new InvalidParameterValueException("Invalid icmp code; should belong to [0-15] range and can" +
" be defined when icmpType belongs to [0-40] range", null);
}
@ -266,8 +266,10 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
if (newRule.getProtocol().equalsIgnoreCase(NetUtils.ICMP_PROTO)
&& newRule.getProtocol().equalsIgnoreCase(rule.getProtocol())) {
if (newRule.getIcmpCode().longValue() == rule.getIcmpCode().longValue()
&& newRule.getIcmpType().longValue() == rule.getIcmpType().longValue()
if ((newRule.getIcmpCode().longValue() == rule.getIcmpCode().longValue()
|| rule.getIcmpCode().longValue() == -1 || newRule.getIcmpCode().longValue() == -1)
&& (newRule.getIcmpType().longValue() == rule.getIcmpType().longValue()
|| rule.getIcmpType().longValue() == -1 || newRule.getIcmpType().longValue() == -1)
&& newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()) && duplicatedCidrs) {
List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
idList.add(new IdentityProxy(rule, rule.getId(), "ruleId"));

4
utils/src/com/cloud/utils/net/NetUtils.java
View File

@ -1148,7 +1148,7 @@ public class NetUtils {
return true;
}
public static boolean validateIcmpType(int icmpType) {
public static boolean validateIcmpType(long icmpType) {
//Source - http://www.erg.abdn.ac.uk/~gorry/course/inet-pages/icmp-code.html
if(!(icmpType >=0 && icmpType <=255)) {
s_logger.warn("impcType is not within 0-255 range");
@ -1157,7 +1157,7 @@ public class NetUtils {
return true;
}
public static boolean validateIcmpCode(int icmpCode) {
public static boolean validateIcmpCode(long icmpCode) {
//Source - http://www.erg.abdn.ac.uk/~gorry/course/inet-pages/icmp-code.html
if(!(icmpCode >=0 && icmpCode <=15)) {