You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ko...@apache.org on 2013/04/02 14:22:16 UTC
git commit: updated refs/heads/cisco-vnmc-api-integration to 05e3d04
Updated Branches:
refs/heads/cisco-vnmc-api-integration bcecb589d -> 05e3d04b5
Added changes related to icmp
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/05e3d04b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/05e3d04b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/05e3d04b
Branch: refs/heads/cisco-vnmc-api-integration
Commit: 05e3d04b55549ef098a769509171b24ca4a62957
Parents: bcecb58
Author: Koushik Das <ko...@citrix.com>
Authored: Tue Apr 2 17:50:57 2013 +0530
Committer: Koushik Das <ko...@citrix.com>
Committed: Tue Apr 2 17:50:57 2013 +0530
----------------------------------------------------------------------
.../network/cisco/create-egress-acl-rule.xml | 12 +-
.../cisco/create-generic-egress-acl-rule.xml | 122 +++++++++++++++
.../cisco/create-generic-ingress-acl-rule.xml | 121 ++++++++++++++
.../network/cisco/create-ingress-acl-rule.xml | 4 +-
.../cloud/network/cisco/CiscoVnmcConnection.java | 10 ++
.../network/cisco/CiscoVnmcConnectionImpl.java | 64 ++++++++-
.../cloud/network/element/CiscoVnmcElement.java | 4 +-
.../cloud/network/resource/CiscoVnmcResource.java | 40 ++++--
8 files changed, 354 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/05e3d04b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
index 5256759..930272e 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
@@ -192,10 +192,10 @@ under the License.
aclrulename="dummy"
descr=value
actiontype="drop" or "permit"
- protocolvalue = "TCP" or UDP or ICMP
- deststartip="source start ip"
- destendip="source end ip"
- sourcestartport="start port at destination"
- sourceendport="end port at destination"
- sourceip="public ip at destination"
+ protocolvalue = "TCP" or "UDP"
+ deststartip="destination start ip"
+ destendip="destination end ip"
+ sourcestartport="start port at source"
+ sourceendport="end port at source"
+ sourceip="source ip"
--!>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/05e3d04b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
new file mode 100755
index 0000000..92c2504
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
@@ -0,0 +1,122 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+ cookie="%cookie%"
+ inHierarchical="false">
+ <inConfigs>
+
+ <pair key="%aclruledn%">
+ <policyRule
+ descr="%descr%"
+ dn="%aclruledn%"
+ name="%aclrulename%"
+ order="%order%"
+ status="created"/>
+ </pair>
+
+ <pair key="%aclruledn%/rule-action-0">
+ <fwpolicyAction
+ actionType="%actiontype%"
+ dn="%aclruledn%/rule-action-0"
+ id="0"
+ status="created"/>
+ </pair>
+
+ <pair key="%aclruledn%/rule-cond-2">
+ <policyRuleCondition
+ dn="%aclruledn%/rule-cond-2"
+ id="2"
+ order="unspecified"
+ status="created"/>
+ </pair>
+ <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+ <policyNetworkExpression
+ dn="%aclruledn%/rule-cond-2/nw-expr2"
+ id="2"
+ opr="eq"
+ status="created"/>
+ </pair>
+ <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+ <policyProtocol
+ dataType="string"
+ descr=""
+ dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+ id="2"
+ name=""
+ placement="none"
+ status="created"
+ value="%protocolvalue%"/>
+ </pair>
+
+ <pair key="%aclruledn%/rule-cond-3">
+ <policyRuleCondition
+ dn="%aclruledn%/rule-cond-3"
+ id="3"
+ order="unspecified"
+ status="created"/>
+ </pair>
+ <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+ <policyNetworkExpression
+ dn="%aclruledn%/rule-cond-3/nw-expr2"
+ id="2"
+ opr="range"
+ status="created"/>
+ </pair>
+ <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+ <policyNwAttrQualifier
+ attrEp="destination"
+ dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+ status="created"/>
+ </pair>
+ <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+ <policyIPAddress
+ dataType="string"
+ descr=""
+ dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+ id="2"
+ name=""
+ placement="begin"
+ status="created"
+ value="%deststartip%"/>
+ </pair>
+ <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+ <policyIPAddress
+ dataType="string"
+ descr=""
+ dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+ id="3"
+ name=""
+ placement="end"
+ status="created"
+ value="%destendip%"/>
+ </pair>
+
+ </inConfigs>
+</configConfMos>
+
+<!--
+ aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+ aclrulename="dummy"
+ descr=value
+ actiontype="drop" or "permit"
+ protocolvalue = "TCP" or "UDP" or "ICMP"
+ deststartip="destination start ip"
+ destendip="destination end ip"
+ sourceip="source ip"
+--!>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/05e3d04b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml
new file mode 100755
index 0000000..7c11641
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml
@@ -0,0 +1,121 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+ cookie="%cookie%"
+ inHierarchical="false">
+ <inConfigs>
+
+ <pair key="%aclruledn%">
+ <policyRule
+ descr="%descr%"
+ dn="%aclruledn%"
+ name="%aclrulename%"
+ order="%order%"
+ status="created"/>
+ </pair>
+
+ <pair key="%aclruledn%/rule-action-0">
+ <fwpolicyAction
+ actionType="%actiontype%"
+ dn="%aclruledn%/rule-action-0"
+ id="0"
+ status="created"/>
+ </pair>
+
+ <pair key="%aclruledn%/rule-cond-2">
+ <policyRuleCondition
+ dn="%aclruledn%/rule-cond-2"
+ id="2"
+ order="unspecified"
+ status="created"/>
+ </pair>
+ <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+ <policyNetworkExpression
+ dn="%aclruledn%/rule-cond-2/nw-expr2"
+ id="2"
+ opr="eq"
+ status="created"/>
+ </pair>
+ <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+ <policyProtocol
+ dataType="string"
+ descr=""
+ dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+ id="2"
+ name=""
+ placement="none"
+ status="created"
+ value="%protocolvalue%"/>
+ </pair>
+
+ <pair key="%aclruledn%/rule-cond-3">
+ <policyRuleCondition
+ dn="%aclruledn%/rule-cond-3"
+ id="3"
+ order="unspecified"
+ status="created"/>
+ </pair>
+ <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+ <policyNetworkExpression
+ dn="%aclruledn%/rule-cond-3/nw-expr2"
+ id="2"
+ opr="range"
+ status="created"/>
+ </pair>
+ <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+ <policyNwAttrQualifier
+ attrEp="source"
+ dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+ status="created"/>
+ </pair>
+ <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+ <policyIPAddress
+ dataType="string"
+ descr=""
+ dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+ id="2"
+ name=""
+ placement="begin"
+ status="created"
+ value="%sourcestartip%"/>
+ </pair>
+ <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+ <policyIPAddress
+ dataType="string"
+ descr=""
+ dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+ id="3"
+ name=""
+ placement="end"
+ status="created"
+ value="%sourceendip%"/>
+ </pair>
+
+ </inConfigs>
+</configConfMos>
+
+<!--
+ aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+ aclrulename="dummy"
+ descr=value
+ actiontype="drop" or "permit"
+ protocolvalue = "TCP" or "UDP" or "ICMP"
+ sourcestartip = "source start IP"
+ sourceendip = "source end IP"
+--!>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/05e3d04b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
index be70483..1af30b4 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
@@ -192,10 +192,10 @@ under the License.
aclrulename="dummy"
descr=value
actiontype="drop" or "permit"
- protocolvalue = "TCP" or UDP or ICMP
+ protocolvalue = "TCP" or "UDP"
sourcestartip="source start ip"
sourceendip="source end ip"
deststartport="start port at destination"
destendport="end port at destination"
- destinationip="public ip at destination"
+ destip="destination ip"
--!>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/05e3d04b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
index 2c2a74f..2f67bdb 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
@@ -143,12 +143,22 @@ public interface CiscoVnmcConnection {
String destStartPort, String destEndPort, String destIp)
throws ExecutionException;
+ public boolean createTenantVDCIngressAclRule(String tenantName,
+ String identifier, String policyIdentifier,
+ String protocol, String sourceStartIp, String sourceEndIp, String destIp)
+ throws ExecutionException;
+
public boolean createTenantVDCEgressAclRule(String tenantName,
String identifier, String policyIdentifier,
String protocol, String sourceStartPort, String sourceEndPort, String sourceIp,
String destStartIp, String destEndIp)
throws ExecutionException;
+ public boolean createTenantVDCEgressAclRule(String tenantName,
+ String identifier, String policyIdentifier,
+ String protocol, String sourceIp, String destStartIp, String destEndIp)
+ throws ExecutionException;
+
public boolean deleteTenantVDCAclRule(String tenantName,
String identifier, String policyIdentifier) throws ExecutionException;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/05e3d04b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
index 0196dc5..360a056 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
@@ -93,6 +93,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
CREATE_ACL_POLICY_REF("create-acl-policy-ref.xml", "policy-mgr"),
CREATE_INGRESS_ACL_RULE("create-ingress-acl-rule.xml", "policy-mgr"),
CREATE_EGRESS_ACL_RULE("create-egress-acl-rule.xml", "policy-mgr"),
+ CREATE_GENERIC_INGRESS_ACL_RULE("create-generic-ingress-acl-rule.xml", "policy-mgr"),
+ CREATE_GENERIC_EGRESS_ACL_RULE("create-generic-egress-acl-rule.xml", "policy-mgr"),
DELETE_RULE("delete-rule.xml", "policy-mgr"),
@@ -674,10 +676,11 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
String destStartPort, String destEndPort, String destIp) throws ExecutionException {
String xml = VnmcXml.CREATE_INGRESS_ACL_RULE.getXml();
String service = VnmcXml.CREATE_INGRESS_ACL_RULE.getService();
+
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
- xml = replaceXmlValue(xml, "descr", "Ingress ACL policy for Tenant VDC" + tenantName);
+ xml = replaceXmlValue(xml, "descr", "Ingress ACL rule for Tenant VDC " + tenantName);
xml = replaceXmlValue(xml, "actiontype", "permit");
xml = replaceXmlValue(xml, "protocolvalue", protocol);
xml = replaceXmlValue(xml, "sourcestartip", sourceStartIp);
@@ -698,21 +701,78 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
}
@Override
+ public boolean createTenantVDCIngressAclRule(String tenantName,
+ String identifier, String policyIdentifier,
+ String protocol, String sourceStartIp, String sourceEndIp,
+ String destIp) throws ExecutionException {
+ String xml = VnmcXml.CREATE_GENERIC_INGRESS_ACL_RULE.getXml();
+ String service = VnmcXml.CREATE_GENERIC_INGRESS_ACL_RULE.getService();
+
+ xml = replaceXmlValue(xml, "cookie", _cookie);
+ xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+ xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+ xml = replaceXmlValue(xml, "descr", "Ingress ACL rule for Tenant VDC " + tenantName);
+ xml = replaceXmlValue(xml, "actiontype", "permit");
+ xml = replaceXmlValue(xml, "protocolvalue", protocol);
+ xml = replaceXmlValue(xml, "sourcestartip", sourceStartIp);
+ xml = replaceXmlValue(xml, "sourceendip", sourceEndIp);
+
+ List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+ int order = 100;
+ if (rules != null) {
+ order += rules.size();
+ }
+ xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+ String response = sendRequest(service, xml);
+ return verifySuccess(response);
+ }
+
+ @Override
public boolean createTenantVDCEgressAclRule(String tenantName,
String identifier, String policyIdentifier,
String protocol, String sourceStartPort, String sourceEndPort, String sourceIp,
String destStartIp, String destEndIp) throws ExecutionException {
String xml = VnmcXml.CREATE_EGRESS_ACL_RULE.getXml();
String service = VnmcXml.CREATE_EGRESS_ACL_RULE.getService();
+
xml = replaceXmlValue(xml, "cookie", _cookie);
xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
- xml = replaceXmlValue(xml, "descr", "Egress ACL policy for Tenant VDC" + tenantName);
+ xml = replaceXmlValue(xml, "descr", "Egress ACL rule for Tenant VDC " + tenantName);
xml = replaceXmlValue(xml, "actiontype", "permit");
xml = replaceXmlValue(xml, "protocolvalue", protocol);
+ xml = replaceXmlValue(xml, "deststartip", destStartIp);
+ xml = replaceXmlValue(xml, "destendip", destEndIp);
xml = replaceXmlValue(xml, "sourcestartport", sourceStartPort);
xml = replaceXmlValue(xml, "sourceendport", sourceEndPort);
xml = replaceXmlValue(xml, "sourceip", sourceIp);
+
+ List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+ int order = 100;
+ if (rules != null) {
+ order += rules.size();
+ }
+ xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+ String response = sendRequest(service, xml);
+ return verifySuccess(response);
+ }
+
+ @Override
+ public boolean createTenantVDCEgressAclRule(String tenantName,
+ String identifier, String policyIdentifier,
+ String protocol, String sourceIp,
+ String destStartIp, String destEndIp) throws ExecutionException {
+ String xml = VnmcXml.CREATE_GENERIC_EGRESS_ACL_RULE.getXml();
+ String service = VnmcXml.CREATE_GENERIC_EGRESS_ACL_RULE.getService();
+
+ xml = replaceXmlValue(xml, "cookie", _cookie);
+ xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+ xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+ xml = replaceXmlValue(xml, "descr", "Egress ACL rule for Tenant VDC " + tenantName);
+ xml = replaceXmlValue(xml, "actiontype", "permit");
+ xml = replaceXmlValue(xml, "protocolvalue", protocol);
xml = replaceXmlValue(xml, "deststartip", destStartIp);
xml = replaceXmlValue(xml, "destendip", destEndIp);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/05e3d04b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
index 39ae60b..8b5741f 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
@@ -187,7 +187,9 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
Map<Capability, String> firewallCapabilities = new HashMap<Capability, String>();
firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
+ firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress,egress");
firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
+ firewallCapabilities.put(Capability.SupportedEgressProtocols, "tcp,udp,icmp");
firewallCapabilities.put(Capability.MultipleIps, "true");
capabilities.put(Service.Firewall, firewallCapabilities);
@@ -650,7 +652,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
for (FirewallRule rule : rules) {
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
- FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr());
+ FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), rule.getPurpose(), rule.getTrafficType());
rulesTO.add(ruleTO);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/05e3d04b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
index 57c0ed1..4e98d93 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@@ -358,25 +358,41 @@ public class CiscoVnmcResource implements ServerResource {
for (FirewallRuleTO rule : publicIpRulesMap.get(publicIp)) {
if (rule.revoked()) {
- if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), publicIp)) {
+ if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
throw new Exception("Failed to delete ACL rule in VNMC for guest network with vlan " + vlanId);
}
} else {
String[] externalIpRange = getIpRangeFromCidr(rule.getSourceCidrList().get(0));
if (rule.getTrafficType() == TrafficType.Ingress) {
- if (!_connection.createTenantVDCIngressAclRule(tenant,
- Long.toString(rule.getId()), policyIdentifier,
- rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1],
- Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp)) {
- throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
+ if (!rule.getProtocol().equalsIgnoreCase("icmp")) {
+ if (!_connection.createTenantVDCIngressAclRule(tenant,
+ Long.toString(rule.getId()), policyIdentifier,
+ rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1],
+ Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp)) {
+ throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
+ }
+ } else {
+ if (!_connection.createTenantVDCIngressAclRule(tenant,
+ Long.toString(rule.getId()), policyIdentifier,
+ rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1], publicIp)) {
+ throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
+ }
}
} else {
- if (!_connection.createTenantVDCEgressAclRule(tenant,
- Long.toString(rule.getId()), policyIdentifier,
- rule.getProtocol().toUpperCase(),
- Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp,
- externalIpRange[0], externalIpRange[1])) {
- throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
+ if (!rule.getProtocol().equalsIgnoreCase("icmp")) {
+ if (!_connection.createTenantVDCEgressAclRule(tenant,
+ Long.toString(rule.getId()), policyIdentifier,
+ rule.getProtocol().toUpperCase(),
+ Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp,
+ externalIpRange[0], externalIpRange[1])) {
+ throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
+ }
+ } else {
+ if (!_connection.createTenantVDCEgressAclRule(tenant,
+ Long.toString(rule.getId()), policyIdentifier,
+ rule.getProtocol().toUpperCase(), publicIp, externalIpRange[0], externalIpRange[1])) {
+ throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
+ }
}
}
}