Comment 12 for bug 2031087

Nailed it:

[rocky@devstack-2 ovn]$ git bisect bad
8cab00bdb581f714dcfdc4fb08affe0319c211a6 is the first bad commit
commit 8cab00bdb581f714dcfdc4fb08affe0319c211a6
Author: Numan Siddique <email address hidden>
Date: Thu May 19 11:17:39 2022 -0400

    ovn-controller: Add OF rules for port security.

    ovn-controller will now generate OF rules for in port security and
    out port security checks in OF tables - 73, 74 and 75. These flows
    will be added if a port binding has port security defined in the
    Port_Binding.Port_Security column which is newly added in this patch.

    The idea of this patch is to program these OF rules directly within
    the ovn-controller instead of ovn-northd generating logical flows.
    This helps in reducing the numnber of logical flows overall in the
    Southbound database.

    Upcoming patches will add the necessary OVN actions which ovn-northd
    can make use of.

    Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2078927
    Suggested-by: Dumitru Ceara <email address hidden>
    Acked-by: Mark Michelson <email address hidden>
    Signed-off-by: Numan Siddique <email address hidden>
    Signed-off-by: Mark Michelson <email address hidden>

 controller/binding.c | 78 ++++-
 controller/binding.h | 23 +-
 controller/lflow.c | 792 ++++++++++++++++++++++++++++++++++++++++++-
 controller/lflow.h | 4 +
 controller/ovn-controller.c | 21 +-
 include/ovn/actions.h | 4 +
 include/ovn/logical-fields.h | 1 +
 ovn-sb.ovsschema | 7 +-
 ovn-sb.xml | 15 +
 tests/ovn.at | 288 ++++++++++++++++
 10 files changed, 1199 insertions(+), 34 deletions(-)

Reproduced and bisected this using devstack master (21eac99e4e342108d7905f64c3e5474b70c9273f) on Rocky 9, then building and installing OVN and OVS from source into /opt/ovn and overriding the ExecStop/ExecStart settings in ovn-controller/ovn-northd.service to use /opt/ovn/share/ovn/scripts/ovn-ctl instead of the default from the RDO RPM.