From 2416b8eceae7b2508fe72efbc17d9cb71b69d330 Mon Sep 17 00:00:00 2001
From: Jesse Gross <jesse@nicira.com>
Date: Thu, 22 Oct 2009 11:40:04 -0700
Subject: [PATCH] bridge: Eject NORMAL flows without a learning entry from
 datapath.

When revalidating NORMAL flows we consult the learning table, which
could be empty if a packet hasn't come to userspace in a while or we
just did a bridge flush.  If there is no learning entry then existing
flows will begin flooding packets until a new flow is setup.  The
problem is worse with bonding because we can receive one of the flooded
packets back on a bond slave and learn that port, causing us to send
traffic to the wrong location.
---
 vswitchd/bridge.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c
index fda80f1a2..05003e1c1 100644
--- a/vswitchd/bridge.c
+++ b/vswitchd/bridge.c
@@ -1947,6 +1947,11 @@ process_flow(struct bridge *br, const flow_t *flow,
                                                tags);
         if (out_port_idx >= 0 && out_port_idx < br->n_ports) {
             out_port = br->ports[out_port_idx];
+        } else if (!packet) {
+            /* If we are revalidating but don't have a learning entry then
+             * eject the flow.  Installing a flow that floods packets will
+             * prevent us from seeing future packets and learning properly. */
+            return false;
         }
     }
 
-- 
2.45.2