search

np-guard / models

Models for connectivity and network resources
https://pkg.go.dev/github.com/np-guard/models
Apache License 2.0
1 stars 0 forks source link

icmp union strange result #65

Closed haim-kermany closed 1 week ago

haim-kermany commented 1 week ago

(came from icmpv6 rule)

obj1: ICMP icmp-type: 135-136 obj2: ICMP ob1 union obj2: ICMP icmp-type: 0-16,135-136

haim-kermany commented 1 week ago

the issue is that the max value of icmp-type is defined at the model to be 16, the max value of icmp-code is 5. these max values are based on https://datatracker.ietf.org/doc/html/rfc792.

on the other hand, these parameters has 8bits, and and defined to be 0-255 here: https://vdc-download.vmware.com/vmwb-repository/dcr-public/ce4128ae-8334-4f91-871b-ecce254cf69e/488f1280-204c-441d-8520-8279ac33d54b/api_includes/types_ICMPTypeServiceEntry.html

in practice, at the services I get from the nsx api, the values of icmp-code is 0, (or missing), the values of icmp-type is 0-143

haim-kermany commented 1 week ago

@adisos @zivnevo @kyorav

adisos commented 1 week ago

Thanks @haim-kermany . Can you push the branch with the test that demonstrates this issue?

haim-kermany commented 1 week ago

created a pr with the test only.

adisos commented 1 week ago

Pushed to this branch a fix for this issue.