bridge: Eject NORMAL flows without a learning entry from datapath.

When revalidating NORMAL flows we consult the learning table, which could be empty if a packet hasn't come to userspace in a while or we just did a bridge flush. If there is no learning entry then existing flows will begin flooding packets until a new flow is setup. The problem is worse with bonding because we can receive one of the flooded packets back on a bond slave and learn that port, causing us to send traffic to the wrong location.
2025-10-15 14:17:18 +00:00 · 2009-10-22 11:40:04 -07:00
parent 5422a9e189
commit 2416b8ecea
1 changed files with 5 additions and 0 deletions
--- a/vswitchd/bridge.c
+++ b/vswitchd/bridge.c
@@ -1947,6 +1947,11 @@ process_flow(struct bridge *br, const flow_t *flow,
                                               tags);
        if (out_port_idx >= 0 && out_port_idx < br->n_ports) {
            out_port = br->ports[out_port_idx];
+        } else if (!packet) {
+            /* If we are revalidating but don't have a learning entry then
+             * eject the flow.  Installing a flow that floods packets will
+             * prevent us from seeing future packets and learning properly. */
+            return false;
        }
    }