When there is no openflow firewall, aka the ovs agent security group
is disabled or Noop/HybridIptable, this patch will introduce a different
ingress pipeline for bridge ports which will avoid ingress flood:
(1) table=0, in_port=patch_bridge,dl_vlan=physical_vlan action=mod_vlan:local_vlan,goto:60 (original)
(2) table=60, in_port=patch_bridge action=goto:61 (new)
(3) table=61, dl_dst=local_port_mac,dl_vlan=local_vlan, action=strip_vlan,output:<ofport> (changes)
And changes the local ports pipeline:
(1) table=0, in_port=local_ofport action=goto:25 (original)
(2) table=25, in_port=local_ofport,dl_src=local_port_mac action=goto:60 (original)
(3) table=60, in_port=local_ofport,dl_src=local_port_mac action=local_vlan->reg6,goto:61 (changes)
(4) table=61, dl_dst=local_port_mac,reg6=local_vlan, action=output:<ofport> (changes)
Closes-Bug: #1884708
Closes-Bug: #1881070
Related-Bug: #1732067
Related-Bug: #1866445
Related-Bug: #1883321
Change-Id: Iecf9cffaf02616342f1727ad7db85545d8adbec2
(cherry picked from commit 959d8b6d73)