Bug 1165: ContainerFlow boundary is not always enforced for vlans 91/7791/2
authorAlessandro Boch <aboch@cisco.com>
Fri, 6 Jun 2014 21:36:38 +0000 (14:36 -0700)
committerAlessandro Boch <aboch@cisco.com>
Fri, 6 Jun 2014 22:30:20 +0000 (15:30 -0700)
- When a flow add is requested, ForwardingRulesmanager checks whether
  the requested flow complies with the ContainerFlow(s) for the current container.
  The check is performed by ContainerFlow.allowsFlow(Flow x).
  This function checks if the Match portion of the passed Flow does conflict with the
  container flow (which is a Match itself). It then checks whether the Flow's Actions
  are allowed by the container flow (this to avoid cross container redirection of traffic).
  In order to do so, it constructs a Match which summarizes the actions, then it checks if
  it conflicts with the container flow Match.
  BUG: During this last step, it misses to account the SetVlan actions.
  Because of the above bug  an app/user can install a flow which leaks traffic from one
  container to another, when the containers' flows specify vlan as boundary.

Change-Id: Id5a5e60c190b4353ed1fd76966e885a021ee4d2a
Signed-off-by: Alessandro Boch <aboch@cisco.com>
opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/ContainerFlow.java

index ebf623b..468313c 100644 (file)
@@ -17,6 +17,7 @@ import org.opendaylight.controller.sal.action.SetNwDst;
 import org.opendaylight.controller.sal.action.SetNwSrc;
 import org.opendaylight.controller.sal.action.SetTpDst;
 import org.opendaylight.controller.sal.action.SetTpSrc;
+import org.opendaylight.controller.sal.action.SetVlanId;
 import org.opendaylight.controller.sal.flowprogrammer.Flow;
 import org.opendaylight.controller.sal.match.Match;
 import org.opendaylight.controller.sal.match.MatchType;
@@ -54,18 +55,23 @@ public class ContainerFlow implements Serializable {
 
     @Override
     public boolean equals(Object obj) {
-        if (this == obj)
+        if (this == obj) {
             return true;
-        if (obj == null)
+        }
+        if (obj == null) {
             return false;
-        if (getClass() != obj.getClass())
+        }
+        if (getClass() != obj.getClass()) {
             return false;
+        }
         ContainerFlow other = (ContainerFlow) obj;
         if (match == null) {
-            if (other.match != null)
+            if (other.match != null) {
                 return false;
-        } else if (!match.equals(other.match))
+            }
+        } else if (!match.equals(other.match)) {
             return false;
+        }
         return true;
     }
 
@@ -95,6 +101,11 @@ public class ContainerFlow implements Serializable {
         Match actionMatch = new Match();
         for (Action action : flow.getActions()) {
             switch (action.getType()) {
+            case SET_VLAN_ID:
+                actionMatch.setField(MatchType.DL_VLAN,
+                        ((Integer) ((SetVlanId) action).getVlanId())
+                                .shortValue());
+                break;
             case SET_DL_TYPE:
                 actionMatch.setField(MatchType.DL_TYPE,
                         ((Integer) ((SetDlType) action).getDlType())

©2013 OpenDaylight, A Linux Foundation Collaborative Project. All Rights Reserved.
OpenDaylight is a registered trademark of The OpenDaylight Project, Inc.
Linux Foundation and OpenDaylight are registered trademarks of the Linux Foundation.
Linux is a registered trademark of Linus Torvalds.