Amend allowed ICMP types and codes in strict mode

Ensure that everything that is allowed by MP is included
in IPV4_ICMP_STRICT_TYPES

Change-Id: Ic42014d7b8a8f8b7b8bb1c5883a548e3ce36a660

vmware_nsxlib/tests/unit/v3/test_security.py

@@ -241,8 +241,8 @@ class TestNsxLibFirewallSection(nsxlib_testcase.NsxLibTestCase):
                 'ethertype': 'IPv4',
                 'protocol': 'icmp',
                 'direction': 'egress',
-                'port_range_min': 4,
+                'port_range_min': 9,
-                'port_range_max': 0,
+                'port_range_max': 16,
                 'remote_ip_prefix': None}
         rules = [rule]
         section_id = 'section-id'

vmware_nsxlib/v3/constants.py

@@ -111,19 +111,7 @@ IPV4_ICMP_TYPES = {0: [0],  # Echo reply
                    35: [0],  # Mobile registration request
                    36: [0],  # Mobile registration reply
                    }
-# Supported strict ICMP types and their codes
+# Supported strict ICMP types and codes. MP accepts everything except 9:16
-IPV4_ICMP_STRICT_TYPES = {0: [0],  # Echo reply
+IPV4_ICMP_STRICT_TYPES = IPV4_ICMP_TYPES.copy()
-                          8: [0],  # Echo request
+# Note: replace item 9 as we did a shallow copy
-                          9: [0],  # Router advertisement
+IPV4_ICMP_STRICT_TYPES[9] = [0]
-                          10: [0],  # Router Selection
-                          13: [0],  # Timestamp
-                          14: [0],  # Timestamp reply
-                          15: [0],  # Information request
-                          16: [0],  # Information reply
-                          17: [0],  # Address mask request
-                          18: [0],  # Address mask reply
-                          33: [0],  # Where-Are-You
-                          34: [0],  # I-Am-Here
-                          35: [0],  # Mobile registration request
-                          36: [0],  # Mobile registration reply
-                          }