datapath: Add force commit.

Upstream patch:

    commit dd41d33f0b033885211a5d6f3ee19e73238aa9ee
    Author: Jarno Rajahalme <jarno@ovn.org>
    Date:   Thu Feb 9 11:22:00 2017 -0800

    openvswitch: Add force commit.

    Stateful network admission policy may allow connections to one
    direction and reject connections initiated in the other direction.
    After policy change it is possible that for a new connection an
    overlapping conntrack entry already exists, where the original
    direction of the existing connection is opposed to the new
    connection's initial packet.

    Most importantly, conntrack state relating to the current packet gets
    the "reply" designation based on whether the original direction tuple
    or the reply direction tuple matched.  If this "directionality" is
    wrong w.r.t. to the stateful network admission policy it may happen
    that packets in neither direction are correctly admitted.

    This patch adds a new "force commit" option to the OVS conntrack
    action that checks the original direction of an existing conntrack
    entry.  If that direction is opposed to the current packet, the
    existing conntrack entry is deleted and a new one is subsequently
    created in the correct direction.

    Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
    Acked-by: Pravin B Shelar <pshelar@ovn.org>
    Acked-by: Joe Stringer <joe@ovn.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>

lib/dpif-netdev.c

@@ -5126,6 +5126,8 @@ dp_execute_cb(void *aux_, struct dp_packet_batch *packets_,
             enum ovs_ct_attr sub_type = nl_attr_type(b);
 
             switch(sub_type) {
+            case OVS_CT_ATTR_FORCE_COMMIT:
+                /* Not implemented yet. */
             case OVS_CT_ATTR_COMMIT:
                 commit = true;
                 break;