From f8f583edd858c32649332788f15b3fabf47f10ed Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Fri, 6 Jun 2014 14:36:38 -0700 Subject: [PATCH] Bug 1165: ContainerFlow boundary is not always enforced for vlans - When a flow add is requested, ForwardingRulesmanager checks whether the requested flow complies with the ContainerFlow(s) for the current container. The check is performed by ContainerFlow.allowsFlow(Flow x). This function checks if the Match portion of the passed Flow does conflict with the container flow (which is a Match itself). It then checks whether the Flow's Actions are allowed by the container flow (this to avoid cross container redirection of traffic). In order to do so, it constructs a Match which summarizes the actions, then it checks if it conflicts with the container flow Match. BUG: During this last step, it misses to account the SetVlan actions. Because of the above bug an app/user can install a flow which leaks traffic from one container to another, when the containers' flows specify vlan as boundary. Change-Id: Id5a5e60c190b4353ed1fd76966e885a021ee4d2a Signed-off-by: Alessandro Boch --- .../controller/sal/core/ContainerFlow.java | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/ContainerFlow.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/ContainerFlow.java index ebf623b7b0..468313c164 100644 --- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/ContainerFlow.java +++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/ContainerFlow.java @@ -17,6 +17,7 @@ import org.opendaylight.controller.sal.action.SetNwDst; import org.opendaylight.controller.sal.action.SetNwSrc; import org.opendaylight.controller.sal.action.SetTpDst; import org.opendaylight.controller.sal.action.SetTpSrc; +import org.opendaylight.controller.sal.action.SetVlanId; import org.opendaylight.controller.sal.flowprogrammer.Flow; import org.opendaylight.controller.sal.match.Match; import org.opendaylight.controller.sal.match.MatchType; @@ -54,18 +55,23 @@ public class ContainerFlow implements Serializable { @Override public boolean equals(Object obj) { - if (this == obj) + if (this == obj) { return true; - if (obj == null) + } + if (obj == null) { return false; - if (getClass() != obj.getClass()) + } + if (getClass() != obj.getClass()) { return false; + } ContainerFlow other = (ContainerFlow) obj; if (match == null) { - if (other.match != null) + if (other.match != null) { return false; - } else if (!match.equals(other.match)) + } + } else if (!match.equals(other.match)) { return false; + } return true; } @@ -95,6 +101,11 @@ public class ContainerFlow implements Serializable { Match actionMatch = new Match(); for (Action action : flow.getActions()) { switch (action.getType()) { + case SET_VLAN_ID: + actionMatch.setField(MatchType.DL_VLAN, + ((Integer) ((SetVlanId) action).getVlanId()) + .shortValue()); + break; case SET_DL_TYPE: actionMatch.setField(MatchType.DL_TYPE, ((Integer) ((SetDlType) action).getDlType()) -- 2.36.6