- When a flow add is requested, ForwardingRulesmanager checks whether
the requested flow complies with the ContainerFlow(s) for the current container.
The check is performed by ContainerFlow.allowsFlow(Flow x).
This function checks if the Match portion of the passed Flow does conflict with the
container flow (which is a Match itself). It then checks whether the Flow's Actions
are allowed by the container flow (this to avoid cross container redirection of traffic).
In order to do so, it constructs a Match which summarizes the actions, then it checks if
it conflicts with the container flow Match.
BUG: During this last step, it misses to account the SetVlan actions.
Because of the above bug an app/user can install a flow which leaks traffic from one
container to another, when the containers' flows specify vlan as boundary.
Change-Id: Id5a5e60c190b4353ed1fd76966e885a021ee4d2a
Signed-off-by: Alessandro Boch <aboch@cisco.com>
import org.opendaylight.controller.sal.action.SetNwSrc;
import org.opendaylight.controller.sal.action.SetTpDst;
import org.opendaylight.controller.sal.action.SetTpSrc;
import org.opendaylight.controller.sal.action.SetNwSrc;
import org.opendaylight.controller.sal.action.SetTpDst;
import org.opendaylight.controller.sal.action.SetTpSrc;
+import org.opendaylight.controller.sal.action.SetVlanId;
import org.opendaylight.controller.sal.flowprogrammer.Flow;
import org.opendaylight.controller.sal.match.Match;
import org.opendaylight.controller.sal.match.MatchType;
import org.opendaylight.controller.sal.flowprogrammer.Flow;
import org.opendaylight.controller.sal.match.Match;
import org.opendaylight.controller.sal.match.MatchType;
@Override
public boolean equals(Object obj) {
@Override
public boolean equals(Object obj) {
- if (getClass() != obj.getClass())
+ }
+ if (getClass() != obj.getClass()) {
ContainerFlow other = (ContainerFlow) obj;
if (match == null) {
ContainerFlow other = (ContainerFlow) obj;
if (match == null) {
- if (other.match != null)
+ if (other.match != null) {
- } else if (!match.equals(other.match))
+ }
+ } else if (!match.equals(other.match)) {
Match actionMatch = new Match();
for (Action action : flow.getActions()) {
switch (action.getType()) {
Match actionMatch = new Match();
for (Action action : flow.getActions()) {
switch (action.getType()) {
+ case SET_VLAN_ID:
+ actionMatch.setField(MatchType.DL_VLAN,
+ ((Integer) ((SetVlanId) action).getVlanId())
+ .shortValue());
+ break;
case SET_DL_TYPE:
actionMatch.setField(MatchType.DL_TYPE,
((Integer) ((SetDlType) action).getDlType())
case SET_DL_TYPE:
actionMatch.setField(MatchType.DL_TYPE,
((Integer) ((SetDlType) action).getDlType())
Code Review / controller.git / commitdiff