From e8658c9525e49c7536fae2c92d305ce9f694baed Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Mon, 9 Jul 2012 16:20:23 -0700 Subject: [PATCH] VPC: CS-15481: don't allow creating networkACLs for overlapping cidrs/ports --- .../network/vpc/NetworkACLManagerImpl.java | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java index 0664e8a8d0f..6afdbd94148 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java @@ -228,7 +228,7 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{ continue; // Skips my own rule. } - // if rules cidrs are different, we can skip port ranges verification + // if one cidr overlaps another, do port veirficatino boolean duplicatedCidrs = false; // Verify that the rules have different cidrs List ruleCidrList = rule.getSourceCidrList(); @@ -237,15 +237,19 @@ public class NetworkACLManagerImpl implements Manager,NetworkACLManager{ if (ruleCidrList == null || newRuleCidrList == null) { continue; } - - Collection similar = new HashSet(ruleCidrList); - similar.retainAll(newRuleCidrList); - - if (similar.size() > 0) { - duplicatedCidrs = true; + + for (String newCidr : newRuleCidrList) { + for (String ruleCidr : ruleCidrList) { + if (NetUtils.isNetworksOverlap(newCidr, ruleCidr)) { + duplicatedCidrs = true; + break; + } + if (duplicatedCidrs) { + break; + } + } } - if (newRule.getProtocol().equalsIgnoreCase(NetUtils.ICMP_PROTO) && newRule.getProtocol().equalsIgnoreCase(rule.getProtocol())) { if (newRule.getIcmpCode().longValue() == rule.getIcmpCode().longValue() && newRule.getIcmpType().longValue() == rule.getIcmpType().longValue()