Validate port ranges in PF rule only when startPort != endPort in private or public range
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/e441c600 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/e441c600 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/e441c600 Branch: refs/heads/4.0 Commit: e441c600c4d67526b1f6338b93fbc46546b52051 Parents: aa8048a Author: Alena Prokharchyk <[email protected]> Authored: Fri Sep 14 15:22:25 2012 -0700 Committer: Edison Su <[email protected]> Committed: Thu Sep 27 17:21:46 2012 -0700 ---------------------------------------------------------------------- .../com/cloud/network/rules/RulesManagerImpl.java | 19 +++++++++++---- 1 files changed, 14 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/e441c600/server/src/com/cloud/network/rules/RulesManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 3a61db9..37cae90 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -245,13 +245,22 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { dstIp = new Ip(guestNic.getIp4Address()); } - //source start port and source dest port should be the same. The same applies to dest ports - if (rule.getSourcePortStart().intValue() != rule.getDestinationPortStart()) { - throw new InvalidParameterValueException("Private port start should be equal to public port start", null); + //if start port and end port are passed in, and they are not equal to each other, perform the validation + boolean validatePortRange = false; + if (rule.getSourcePortStart().intValue() != rule.getSourcePortEnd().intValue() + || rule.getDestinationPortStart() != rule.getDestinationPortEnd()) { + validatePortRange = true; } - if (rule.getSourcePortEnd().intValue() != rule.getDestinationPortEnd()) { - throw new InvalidParameterValueException("Private port end should be equal to public port end", null); + if (validatePortRange) { + //source start port and source dest port should be the same. The same applies to dest ports + if (rule.getSourcePortStart().intValue() != rule.getDestinationPortStart()) { + throw new InvalidParameterValueException("Private port start should be equal to public port start", null); + } + + if (rule.getSourcePortEnd().intValue() != rule.getDestinationPortEnd()) { + throw new InvalidParameterValueException("Private port end should be equal to public port end", null); + } } Transaction txn = Transaction.currentTxn();
