From: Jesse Gross <jesse@nicira.com>
Date: Thu, 22 Oct 2009 18:40:04 +0000 (-0700)
Subject: bridge: Eject NORMAL flows without a learning entry from datapath.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2416b8ecea;p=openvswitch

bridge: Eject NORMAL flows without a learning entry from datapath.

When revalidating NORMAL flows we consult the learning table, which
could be empty if a packet hasn't come to userspace in a while or we
just did a bridge flush.  If there is no learning entry then existing
flows will begin flooding packets until a new flow is setup.  The
problem is worse with bonding because we can receive one of the flooded
packets back on a bond slave and learn that port, causing us to send
traffic to the wrong location.
---

diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c
index fda80f1a..05003e1c 100644
--- a/vswitchd/bridge.c
+++ b/vswitchd/bridge.c
@@ -1947,6 +1947,11 @@ process_flow(struct bridge *br, const flow_t *flow,
                                                tags);
         if (out_port_idx >= 0 && out_port_idx < br->n_ports) {
             out_port = br->ports[out_port_idx];
+        } else if (!packet) {
+            /* If we are revalidating but don't have a learning entry then
+             * eject the flow.  Installing a flow that floods packets will
+             * prevent us from seeing future packets and learning properly. */
+            return false;
         }
     }