Before, if a hub connected a number of OpenFlow switches and the controller,
then in-band control traffic from one of the OpenFlow switches would be
seen by each of the other switches and forwarded up to the controller as
an ofp_packet_in message. That message would then be seen by all of the
other OpenFlow switches and also forwarded, and so on in an infinite loop.
This change prevents this situation by keeping secchan from forwarding
ofp_packet_in messages for a packet destined to the controller that
arrives on the port where the controller is located.
This code has at least two weaknesses. First, if the controller's port
changes, then the flows set up to drop packets will not be deleted. This
should not be a major problem: if this inadvertently kills a switch's
connection to the controller, then the switch will realize it after it
stops receiving data and re-connect. Its new connection will have new
flow data and therefore its packets will not be dropped.
Second, the notion of the "controller's port" does not take into account
the possibility of loops in the network topology. We need spanning tree
protocol for that.
Ben Pfaff
d7f1e2b535