From 967ff1141b5bcceea61840a8573ec067522fe55f Mon Sep 17 00:00:00 2001
From: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Date: Thu, 2 Aug 2012 17:05:36 -0700
Subject: [PATCH] VPC: CS-15818 - don't allow having ICMP networkACLs with the
 same cidr and icmpType=-1 for rule1 and icmpType!=-1 for rule 2 as the rule1
 covers rule2 in this case

---
 .../com/cloud/network/vpc/NetworkACLManagerImpl.java   | 10 ++++++----
 utils/src/com/cloud/utils/net/NetUtils.java            |  4 ++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
index bdb777c108f..1e5968b14f7 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
@@ -155,11 +155,11 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
         
         //validate icmp code and type
         if (icmpType != null) {
-            if (!NetUtils.validateIcmpType(icmpType)) {
+            if (icmpType.longValue() != -1 && !NetUtils.validateIcmpType(icmpType.longValue())) {
                 throw new InvalidParameterValueException("Invalid icmp type; should belong to [0-255] range", null);
             }
             if (icmpCode != null) {
-                if (!NetUtils.validateIcmpCode(icmpCode)) {
+                if (icmpCode.longValue() != -1 && !NetUtils.validateIcmpCode(icmpCode.longValue())) {
                     throw new InvalidParameterValueException("Invalid icmp code; should belong to [0-15] range and can" +
                             " be defined when icmpType belongs to [0-40] range", null);
                 }
@@ -266,8 +266,10 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{
 
             if (newRule.getProtocol().equalsIgnoreCase(NetUtils.ICMP_PROTO) 
                     && newRule.getProtocol().equalsIgnoreCase(rule.getProtocol())) {
-                if (newRule.getIcmpCode().longValue() == rule.getIcmpCode().longValue() 
-                        && newRule.getIcmpType().longValue() == rule.getIcmpType().longValue()
+                if ((newRule.getIcmpCode().longValue() == rule.getIcmpCode().longValue() 
+                        || rule.getIcmpCode().longValue() == -1 || newRule.getIcmpCode().longValue() == -1)
+                        && (newRule.getIcmpType().longValue() == rule.getIcmpType().longValue() 
+                        || rule.getIcmpType().longValue() == -1 || newRule.getIcmpType().longValue() == -1)
                         && newRule.getProtocol().equalsIgnoreCase(rule.getProtocol()) && duplicatedCidrs) {
                     List<IdentityProxy> idList = new ArrayList<IdentityProxy>();
                     idList.add(new IdentityProxy(rule, rule.getId(), "ruleId"));
diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java
index c6f2096a8af..65ec6aebb2f 100755
--- a/utils/src/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/com/cloud/utils/net/NetUtils.java
@@ -1148,7 +1148,7 @@ public class NetUtils {
         return true;
     }
     
-    public static boolean validateIcmpType(int icmpType) {
+    public static boolean validateIcmpType(long icmpType) {
         //Source - http://www.erg.abdn.ac.uk/~gorry/course/inet-pages/icmp-code.html
         if(!(icmpType >=0 && icmpType <=255)) {
             s_logger.warn("impcType is not within 0-255 range");
@@ -1157,7 +1157,7 @@ public class NetUtils {
         return true;
     }
     
-    public static boolean validateIcmpCode(int icmpCode) {
+    public static boolean validateIcmpCode(long icmpCode) {
         
         //Source - http://www.erg.abdn.ac.uk/~gorry/course/inet-pages/icmp-code.html
         if(!(icmpCode >=0 && icmpCode <=15)) {