Browse Source

Handle icmp type 0 validation correctly

Change-Id: I83ee7460a6021e9e9b1fb6b708f478ce47b7e36d
changes/73/741873/1
asarfaty 3 weeks ago
committed by Adit Sarfaty
parent
commit
3f4f651a7f
2 changed files with 22 additions and 1 deletions
  1. +21
    -0
      vmware_nsxlib/tests/unit/v3/test_security.py
  2. +1
    -1
      vmware_nsxlib/v3/utils.py

+ 21
- 0
vmware_nsxlib/tests/unit/v3/test_security.py View File

@@ -255,6 +255,27 @@ class TestNsxLibFirewallSection(nsxlib_testcase.NsxLibTestCase):
None, section_id, group_id, False,
"ALLOW", rules, {rule_id: target_id})

def test_create_rule_with_illegal_icmp_0_255(self):
rule_id = uuidutils.generate_uuid()
rule = {'id': rule_id,
'ethertype': 'IPv4',
'protocol': 'icmp',
'direction': 'egress',
'port_range_min': 0,
'port_range_max': 255,
'remote_ip_prefix': None}
rules = [rule]
section_id = 'section-id'
group_id = 'nsgroup-id'
target_id = 'dummy'
with mock.patch("vmware_nsxlib.v3.NsxLib.get_version",
return_value="2.4.0"):
self.assertRaises(
nsxlib_exc.InvalidInput,
self.nsxlib.firewall_section.create_section_rules,
section_id, group_id, False,
"ALLOW", rules, {rule_id: target_id})

def test_create_with_rules(self):
expected_body = {
'display_name': 'display-name',


+ 1
- 1
vmware_nsxlib/v3/utils.py View File

@@ -567,7 +567,7 @@ def validate_icmp_params(icmp_type, icmp_code, icmp_version=4, strict=False):
if icmp_version != 4:
# ICMPv6 is currently not supported
return
if icmp_type:
if icmp_type is not None:
if (strict and icmp_type not in
constants.IPV4_ICMP_STRICT_TYPES):
raise nsxlib_exceptions.InvalidInput(


Loading…
Cancel
Save