Missing support for ICMP policies in SRX generator

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Create a term in an SRX policy
2. Add icmp / icmp-type

term permit-web-services {
  destination-address:: WEB_SERVERS
  destination-port:: WEB_SERVICES
  protocol:: icmp
  icmp-type:: echo-request echo-reply
  action:: accept
}

3. Run aclgen

What is the expected output? What do you see instead?
Expected output:
policy permit-ping {
  match {
    source-address any;
    destination-address WEB_SERVERS;
    application [ icmp-echo-request icmp-echo-response ];
  }
  then {
    permit;
  }
}

application icmp-echo-request {
  term icmp-echo-request protocol icmp icmp-type 8 icmp-code 0 inactivity-timeout 60;
}
application icmp-echo-response {
  term icmp-echo-request protocol icmp icmp-type 0 icmp-code 0 inactivity-timeout 60;
}

Actual output for me without specifying "icmp-type" was this:

policy permit-ping {
  match {
    source-address any;
    destination-address WEB_SERVERS;
    application any;
  }
  then {
    permit;
  }
} 

Original issue reported on code.google.com by m...@google.com on 21 Mar 2012 at 9:43

[GoogleCodeExporter]

Thanks for reporting this Martin.
I think I've resolved this issue in r173 which I submitted this morning.
Please let me know if this resolves the issue.

Original comment by watson@google.com on 23 Mar 2012 at 5:27

• Changed state: Fixed
• Added labels: Priority-High
• Removed labels: Priority-Medium

[GoogleCodeExporter]

Also, I fixed the protocol issue as well which occurred when no protocol was 
specified but no src or dst ports, resulting any a blanket permit all.  It now 
properly restricts to the specified protocol (or any if not specified.)

Original comment by watson@google.com on 23 Mar 2012 at 5:30