Cisco object-group ACLs don't properly render ICMP type and code

[abates]

Policy terms with an icmp type and code are not correctly rendered when using the Cisco generator and the object-group argument. The rendered lines are missing the icmp-type and code.

For example, using the following policy:

# NETWORK.net
header {
    target:: ciscoxr ICMP_EXAMPLE object-group
}

term PERMIT_ICMP_ECHO_REPLY {
    protocol:: icmp
    action:: accept
    icmp-type:: echo-reply
}

aclgen renders the following:

! $Id:$
! $Date:$
! $Revision:$
no ip access-list extended ICMP_EXAMPLE
ip access-list extended ICMP_EXAMPLE
 remark $Id:$


 remark PERMIT_ICMP_ECHO_REPLY
 permit icmp any any

exit

Note the missing icmp-type following permit icmp any any. The expected output is:

! $Id:$
! $Date:$
! $Revision:$
no ip access-list extended ICMP_EXAMPLE
ip access-list extended ICMP_EXAMPLE
 remark $Id:$


 remark PERMIT_ICMP_ECHO_REPLY
 permit icmp any any 0

exit