datapath: Don't drop packets with partial vlan tags.

In the future it is likely that our vlan support will expand to
include multiply tagged packets.  When this happens, we would
ideally like for it to be consistent with our current tagging.

Currently, if we receive a packet with a partial VLAN tag we will
automatically drop it in the kernel, which is unique among the
protocols we support.  The only other reason to drop a packet is
a memory allocation error.  For a doubly tagged packet, we will
parse the first tag and indicate that another tag was present but
do not drop if the second tag is incorrect as we do not parse it.

This changes the behavior of the vlan parser to match other protocols
and also deeper tags by indicating the presence of a broken tag with
the 802.1Q EtherType but no vlan information.  This shifts the policy
decision to userspace on whether to drop broken tags and allows us to
uniformly add new levels of tag parsing.

Although additional levels of control are provided to userspace, this
maintains the current behavior of dropping packets with a broken
tag when using the NORMAL action because that is the correct behavior
for an 802.1Q-aware switch.  The userspace flow parser actually
already had the new behavior so this corrects an inconsistency.

Reported-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

lib/dpif-netdev.c

@@ -1313,7 +1313,7 @@ dp_netdev_execute_actions(struct dp_netdev *dp,
 
         case OVS_ACTION_ATTR_PUSH_VLAN:
             vlan = nl_attr_get(a);
-            eth_push_vlan(packet, vlan->vlan_tci);
+            eth_push_vlan(packet, vlan->vlan_tci & ~htons(VLAN_CFI));
             break;
 
         case OVS_ACTION_ATTR_POP_VLAN: