Validation on Router Advertisement for Firewall Rules

[nhayfield]

ISSUE TYPE

• Bug Report

COMPONENT NAME

Firewall Rules for VMs

##### CLOUDSTACK VERSION
Latest

##### CONFIGURATION
N/A


##### OS / ENVIRONMENT
N/A


##### SUMMARY
https://github.com/apache/cloudstack/blob/master/server/src/main/java/com/cloud/network/vpc/NetworkACLServiceImpl.java/#LC527

The code on this page uses the function NetUtils.validateIcmpCode to validate that the code is between 0-15. 
However there is a case in our system where an apparently valid code is 16. 

If you look at the spec for Type 9 Router Advertisement: 
https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-codes-9/#table-icmp-parameters-ext-classes

The valid codes are 0 and 16. 

Not sure if this is intended to eliminate this option or not.

Actual place to update appears to be here:
https://github.com/apache/cloudstack/blob/master/utils/src/main/java/com/cloud/utils/net/NetUtils.java/#LC1214

[ustcweizhou]

good. it is better to change valid range to 0-16

[DaanHoogland]

The 15 probably was introduced for type 3. i agree that we should allow 16 (for type 9) but a proper implementation would validate based on type.

[yadvr]

Please review #3468 @ustcweizhou @DaanHoogland