secchan: Make fail-open work using a wildcard rule (and flush the flow table).
Fail-open was implemented by grabbing packets as they came in and then
shoving them into a learning switch, but this interacted badly with
vswitch. First, it didn't respect the vswitch architecture; e.g. VLAN
and bonding settings were ignored. Second, it didn't override any rules
that were still in the flow table from the last time we were connected to
a controller, which could cause other things to break if those rules were
bad (or if some host just wasn't authenticated etc.)
This commit fixes these problems by making fail-open use a wildcard rule
and OFPP_NORMAL, so that vswitch then implements VLANs etc., and by
flushing the flow table when we go into fail-open, getting rid of any
bad rules.
projects / openvswitch / commit