datapath: Allow pop and push MPLS actions after pop VLAN

This patch loosens the restrictions surrounding push and pop MPLS actions
such that they will be allowed after a pop VLAN action if the inner
ethernet type is acceptable for pop and push MPLS actions. This implies
that there is only one VLAN tag present.

Some analysis of logic of this change is as follows:

    The purpose of tracking vlan_tci is to allow prohibition of push
    and pop MPLS actions in the presence of a VLAN. In this scenario
    the VLAN_TAG_PRESENT bit of vlan_tci is set and eth_type is that of
    the packet with the outermost VLAN tag removed.

    A pop VLAN action may clear vlan_tci as it removes the outermost
    VLAN tag and the push and pop MPLS logic may rely on eth_type for
    their prohibition logic.

    This will not allow push and pop MPLS on packets with multiple VLAN
    tags, regardless of if they are all remove using POP VLAN, as there
    is no mechanism to expose the inner ethernet type beyond that of
    the outermost VLAN tag.

Suggested-by: Jesse Gross <jgross@nicira.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>

datapath/flow_netlink.c

@@ -1666,6 +1666,7 @@ static int ovs_nla_copy_actions__(const struct nlattr *attr,
 		}
 
 		case OVS_ACTION_ATTR_POP_VLAN:
+			vlan_tci = htons(0);
 			break;
 
 		case OVS_ACTION_ATTR_PUSH_VLAN:
@@ -1687,13 +1688,7 @@ static int ovs_nla_copy_actions__(const struct nlattr *attr,
 				return -EINVAL;
 			/* Prohibit push MPLS other than to a white list
 			 * for packets that have a known tag order.
-			 *
-			 * vlan_tci indicates that the packet at one
-			 * point had a VLAN. It may have been subsequently
-			 * removed using pop VLAN so this rule is stricter
-			 * than necessary. This is because it is not
-			 * possible to know if a VLAN is still present
-			 * after a pop VLAN action. */
+			 */
 			if (vlan_tci & htons(VLAN_TAG_PRESENT) ||
 			    (eth_type != htons(ETH_P_IP) &&
 			     eth_type != htons(ETH_P_IPV6) &&