Validate port ranges in PF rule only when startPort != endPort in private or public range
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/6875f489 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/6875f489 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/6875f489 Branch: refs/heads/master Commit: 6875f48966b7cbfeeab1300b7e08353dbae2cd5b Parents: bbbccc0 Author: Alena Prokharchyk <[email protected]> Authored: Fri Sep 14 15:22:25 2012 -0700 Committer: Alena Prokharchyk <[email protected]> Committed: Thu Sep 27 10:50:30 2012 -0700 ---------------------------------------------------------------------- .../com/cloud/network/rules/RulesManagerImpl.java | 19 +++++++++++---- 1 files changed, 14 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6875f489/server/src/com/cloud/network/rules/RulesManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 3a61db9..37cae90 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -245,13 +245,22 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { dstIp = new Ip(guestNic.getIp4Address()); } - //source start port and source dest port should be the same. The same applies to dest ports - if (rule.getSourcePortStart().intValue() != rule.getDestinationPortStart()) { - throw new InvalidParameterValueException("Private port start should be equal to public port start", null); + //if start port and end port are passed in, and they are not equal to each other, perform the validation + boolean validatePortRange = false; + if (rule.getSourcePortStart().intValue() != rule.getSourcePortEnd().intValue() + || rule.getDestinationPortStart() != rule.getDestinationPortEnd()) { + validatePortRange = true; } - if (rule.getSourcePortEnd().intValue() != rule.getDestinationPortEnd()) { - throw new InvalidParameterValueException("Private port end should be equal to public port end", null); + if (validatePortRange) { + //source start port and source dest port should be the same. The same applies to dest ports + if (rule.getSourcePortStart().intValue() != rule.getDestinationPortStart()) { + throw new InvalidParameterValueException("Private port start should be equal to public port start", null); + } + + if (rule.getSourcePortEnd().intValue() != rule.getDestinationPortEnd()) { + throw new InvalidParameterValueException("Private port end should be equal to public port end", null); + } } Transaction txn = Transaction.currentTxn();
