Handle icmp type 0 validation correctly

Change-Id: I83ee7460a6021e9e9b1fb6b708f478ce47b7e36d
2020-07-19 07:47:09 +02:00 · 2020-07-19 07:47:09 +02:00 · 3f4f651a7f
parent 1fa605d79b
commit 3f4f651a7f
2 changed files with 22 additions and 1 deletions
--- a/vmware_nsxlib/tests/unit/v3/test_security.py
+++ b/vmware_nsxlib/tests/unit/v3/test_security.py
@ -255,6 +255,27 @@ class TestNsxLibFirewallSection(nsxlib_testcase.NsxLibTestCase):
                              None, section_id, group_id, False,
                              "ALLOW", rules, {rule_id: target_id})

+    def test_create_rule_with_illegal_icmp_0_255(self):
+        rule_id = uuidutils.generate_uuid()
+        rule = {'id': rule_id,
+                'ethertype': 'IPv4',
+                'protocol': 'icmp',
+                'direction': 'egress',
+                'port_range_min': 0,
+                'port_range_max': 255,
+                'remote_ip_prefix': None}
+        rules = [rule]
+        section_id = 'section-id'
+        group_id = 'nsgroup-id'
+        target_id = 'dummy'
+        with mock.patch("vmware_nsxlib.v3.NsxLib.get_version",
+                        return_value="2.4.0"):
+            self.assertRaises(
+                nsxlib_exc.InvalidInput,
+                self.nsxlib.firewall_section.create_section_rules,
+                section_id, group_id, False,
+                "ALLOW", rules, {rule_id: target_id})
+
    def test_create_with_rules(self):
        expected_body = {
            'display_name': 'display-name',
--- a/vmware_nsxlib/v3/utils.py
+++ b/vmware_nsxlib/v3/utils.py
@ -567,7 +567,7 @@ def validate_icmp_params(icmp_type, icmp_code, icmp_version=4, strict=False):
    if icmp_version != 4:
        # ICMPv6 is currently not supported
        return
-    if icmp_type:
+    if icmp_type is not None:
        if (strict and icmp_type not in
                constants.IPV4_ICMP_STRICT_TYPES):
            raise nsxlib_exceptions.InvalidInput(