network: allow icmp code 16 in firewall rules (#3468)

yadvr · web-flow · commit e4ddee6fb9dc · 2019-07-05T23:10:02.000+05:30
This allows for icmp code range 0-16. Type 9 Router advertisement reference: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-codes-9/#table-icmp-parameters-ext-classes Fixes #3349 Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
diff --git a/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -545,7 +545,7 @@ protected void validateIcmpTypeAndCode(NetworkACLItemVO networkACLItemVO) {
         }
         if (icmpCode != null) {
             if (icmpCode.longValue() != -1 && !NetUtils.validateIcmpCode(icmpCode.longValue())) {
-                throw new InvalidParameterValueException(String.format("Invalid icmp code [%d]. It should belong to [0-15] range and can be defined when icmpType belongs to [0-40] range", icmpCode));
+                throw new InvalidParameterValueException(String.format("Invalid icmp code [%d]. It should belong to [0-16] range and can be defined when icmpType belongs to [0-40] range", icmpCode));
             }
         }
     }
diff --git a/server/src/test/java/com/cloud/network/vpc/NetworkACLServiceImplTest.java b/server/src/test/java/com/cloud/network/vpc/NetworkACLServiceImplTest.java
@@ -685,7 +685,7 @@ public void validateIcmpTypeAndCodeTestIcmpTypeNegativeOneAndIcmpCodeNegativeOne
     @Test(expected = InvalidParameterValueException.class)
     public void validateIcmpTypeAndCodeTestIcmpTypeValidAndIcmpCodeInvalid() {
         Mockito.when(networkAclItemVoMock.getIcmpType()).thenReturn(255);
-        Mockito.when(networkAclItemVoMock.getIcmpCode()).thenReturn(16);
+        Mockito.when(networkAclItemVoMock.getIcmpCode()).thenReturn(17);
 
         networkAclServiceImpl.validateIcmpTypeAndCode(networkAclItemVoMock);
     }
diff --git a/utils/src/main/java/com/cloud/utils/net/NetUtils.java b/utils/src/main/java/com/cloud/utils/net/NetUtils.java
@@ -1215,9 +1215,9 @@ public static boolean validateIcmpType(final long icmpType) {
 
     public static boolean validateIcmpCode(final long icmpCode) {
 
-        //Source - http://www.erg.abdn.ac.uk/~gorry/course/inet-pages/icmp-code.html
-        if (!(icmpCode >= 0 && icmpCode <= 15)) {
-            s_logger.warn("Icmp code should be within 0-15 range");
+        // Reference: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-codes-9/#table-icmp-parameters-ext-classes
+        if (!(icmpCode >= 0 && icmpCode <= 16)) {
+            s_logger.warn("Icmp code should be within 0-16 range");
             return false;
         }
 

Original file line number	Diff line number	Diff line change
`@@ -545,7 +545,7 @@ protected void validateIcmpTypeAndCode(NetworkACLItemVO networkACLItemVO) {`
`545`	`545`	`}`
`546`	`546`	`if (icmpCode != null) {`
`547`	`547`	`if (icmpCode.longValue() != -1 && !NetUtils.validateIcmpCode(icmpCode.longValue())) {`
`548`		`- throw new InvalidParameterValueException(String.format("Invalid icmp code [%d]. It should belong to [0-15] range and can be defined when icmpType belongs to [0-40] range", icmpCode));`
	`548`	`+ throw new InvalidParameterValueException(String.format("Invalid icmp code [%d]. It should belong to [0-16] range and can be defined when icmpType belongs to [0-40] range", icmpCode));`
`549`	`549`	`}`
`550`	`550`	`}`
`551`	`551`	`}`
Original file line number	Diff line number	Diff line change
`@@ -685,7 +685,7 @@ public void validateIcmpTypeAndCodeTestIcmpTypeNegativeOneAndIcmpCodeNegativeOne`
`685`	`685`	`@Test(expected = InvalidParameterValueException.class)`
`686`	`686`	`public void validateIcmpTypeAndCodeTestIcmpTypeValidAndIcmpCodeInvalid() {`
`687`	`687`	`Mockito.when(networkAclItemVoMock.getIcmpType()).thenReturn(255);`
`688`		`- Mockito.when(networkAclItemVoMock.getIcmpCode()).thenReturn(16);`
	`688`	`+ Mockito.when(networkAclItemVoMock.getIcmpCode()).thenReturn(17);`
`689`	`689`
`690`	`690`	`networkAclServiceImpl.validateIcmpTypeAndCode(networkAclItemVoMock);`
`691`	`691`	`}`