etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug 12973: FIX : Icmp code/type validation for ingress/egress rules causing host plugin failure.

This commit is contained in:
Naredula Janardhana Reddy 2012-01-11 10:50:19 +05:30
parent f2d927ccd4
commit e82ec99261
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/vm/hypervisor/xenserver/vmops
View File

@ -1286,7 +1286,7 @@ def network_rules(session, args):
range = start + "/" + end
if start == "-1":
range = "any"
iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-m', 'set', keyword, ipsetname, 'src', '-j', 'ACCEPT']
iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-m', 'set', keyword, ipsetname, 'src', '-j', 'ACCEPT']
cmds.append(iptables)
util.SMlog(iptables)
@ -1297,7 +1297,7 @@ def network_rules(session, args):
range = start + "/" + end
if start == "-1":
range = "any"
iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-j', 'ACCEPT']
iptables = ['iptables', '-I', vmchain, '-p', 'icmp', '--icmp-type', range, '-j', 'ACCEPT']
cmds.append(iptables)
util.SMlog(iptables)

7
server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
View File

@ -564,8 +564,11 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
if (icmpType == -1 && icmpCode != -1) {
throw new InvalidParameterValueException("Invalid icmp type range");
}
if (icmpCode > 255) {
throw new InvalidParameterValueException("Invalid icmp code ");
if (icmpType != -1 && icmpCode == -1) {
throw new InvalidParameterValueException("Invalid icmp code: need non-negative icmp code ");
}
if (icmpCode > 255 || icmpType > 255 || icmpCode < -1 || icmpType < -1) {
throw new InvalidParameterValueException("Invalid icmp type/code ");
}
startPortOrType = icmpType;
endPortOrCode = icmpCode;