ofproto-dpif: Install drops for flows from invalid in_ports.
Before this patch, if a packet came in on a port which userspace
doesn't know about, it would be silently dropped without installing
a drop flow. Historically, this has been fine because this
situation could only occur during transient reconfiguration
periods. However, in future, this could occur when the tunneling
code decides to reject a packet due to invalid headers. In this
case, it's preferable to drop the packet in the kernel to avoid a
high bandwidth stream of invalid packets DoSing the switch.
Signed-off-by: Ethan Jackson <ethan@nicira.com>