From b5690e7c81140582722edcb40940f2caca8762d7 Mon Sep 17 00:00:00 2001
From: Rob Hoes <rob.hoes@citrix.com>
Date: Fri, 7 Oct 2016 16:39:49 +0100
Subject: [PATCH] Set no-flood on PVS-proxy ports

This adds some protection against unicast floods (which happen as part of MAC
learning) getting out of hand.

Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
---
 lib/network_utils.ml       | 4 ++++
 networkd/network_server.ml | 1 +
 2 files changed, 5 insertions(+)

diff --git a/lib/network_utils.ml b/lib/network_utils.ml
index 77a433a71..ec787d1e3 100644
--- a/lib/network_utils.ml
+++ b/lib/network_utils.ml
@@ -1027,6 +1027,10 @@ module Ovs = struct
 				) ports)
 		in
 		List.iter (fun flow -> ignore (ofctl ~log:true ["add-flow"; bridge; flow])) flows
+
+	let mod_port bridge port action =
+		ofctl ~log:true ["mod-port"; bridge; port; action] |> ignore
+
 	end
 	include Make(Cli)
 end
diff --git a/networkd/network_server.ml b/networkd/network_server.ml
index 00283d187..1ebcb4189 100644
--- a/networkd/network_server.ml
+++ b/networkd/network_server.ml
@@ -774,6 +774,7 @@ module Bridge = struct
 		match !backend_kind with
 		| Openvswitch ->
 			ignore (Ovs.create_port ~internal:true name bridge);
+			Ovs.mod_port bridge name "no-flood";
 			Interface.bring_up () dbg ~name
 		| Bridge ->
 			raise Not_implemented