Fix network policy ingress policy stats

[ceclinux]

This PR fixes #1976. The miscalculation is caused by L2ForwardingCalcTable with rule

Specifically, packets to the gateway port or the tunnel port will also go to ConntrackCommitTable and bypass the NetworkPolicy ingress rule tables, as NetworkPolicy ingress rules are not enforced for these packets on the source Node.

Therefore, these packets will not get counted in this case.

[codecov-io]

Codecov Report

Merging #2078 (8e756c3) into main (599d663) will decrease coverage by 5.98%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #2078      +/-   ##
==========================================
- Coverage   61.05%   55.07%   -5.99%     
==========================================
  Files         270      270              
  Lines       20366    20368       +2     
==========================================
- Hits        12435    11218    -1217     
- Misses       6636     7960    +1324     
+ Partials     1295     1190     -105     

Flag	Coverage Δ
kind-e2e-tests	40.42% <100.00%> (-11.34%)	⬇️
unit-tests	41.39% <0.00%> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/agent/openflow/client.go	51.06% <100.00%> (-8.78%)	⬇️
pkg/apis/controlplane/helper.go	25.00% <0.00%> (-75.00%)	⬇️
pkg/apis/controlplane/v1beta2/helper.go	25.00% <0.00%> (-75.00%)	⬇️
pkg/controller/networkpolicy/mutate.go	0.00% <0.00%> (-71.77%)	⬇️
pkg/controller/networkpolicy/store/group.go	5.00% <0.00%> (-70.00%)	⬇️
pkg/controller/networkpolicy/validate.go	0.00% <0.00%> (-69.47%)	⬇️
pkg/k8s/name.go	33.33% <0.00%> (-66.67%)	⬇️
pkg/agent/controller/networkpolicy/packetin.go	6.20% <0.00%> (-65.52%)	⬇️
...formers/externalversions/security/v1alpha1/tier.go	0.00% <0.00%> (-64.29%)	⬇️
...ers/externalversions/core/v1alpha2/clustergroup.go	0.00% <0.00%> (-64.29%)	⬇️
... and 67 more

[tnqn]

And please remove the issue link from the title of the commit message.

[ceclinux]

And please remove the issue link from the title of the commit message.

commit message updated

[ceclinux]

It seems updated TestNetworkPolicyStats will still failed in noencap mode. I will take a look later

[tnqn]

Could you also wrap the commit message body to ~76 characters per line?
https://github.com/golang/go/wiki/CommitMessage

[ceclinux]

@tnqn Thanks for review. It seems the current changes make all the tests pass. However, I will update the code and reply the comments after looking at different trafficEncapModes to double check if the change will affect these modes or not. Will at you after that.

[ceclinux]

Could you also wrap the commit message body to ~76 characters per line?
https://github.com/golang/go/wiki/CommitMessage

commit message formatted

[codecov-commenter]

Codecov Report

Merging #2078 (2b8f42a) into main (599d663) will increase coverage by 0.20%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #2078      +/-   ##
==========================================
+ Coverage   61.05%   61.26%   +0.20%     
==========================================
  Files         270      269       -1     
  Lines       20366    20422      +56     
==========================================
+ Hits        12435    12511      +76     
+ Misses       6636     6623      -13     
+ Partials     1295     1288       -7     

Flag	Coverage Δ
kind-e2e-tests	52.06% <100.00%> (+0.30%)	⬆️
unit-tests	41.43% <66.66%> (+0.07%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/agent/openflow/pipeline.go	70.52% <100.00%> (+0.50%)	⬆️
pkg/controller/networkpolicy/tier.go	47.50% <0.00%> (-5.00%)	⬇️
pkg/antctl/raw/traceflow/command.go	23.82% <0.00%> (-1.92%)	⬇️
...ntroller/networkpolicy/networkpolicy_controller.go	69.35% <0.00%> (-1.75%)	⬇️
...agent/controller/traceflow/traceflow_controller.go	72.95% <0.00%> (-0.33%)	⬇️
pkg/agent/flowexporter/connections/connections.go	76.05% <0.00%> (-0.17%)	⬇️
pkg/antctl/antctl.go	100.00% <0.00%> (ø)
pkg/ipfix/ipfix_process.go	100.00% <0.00%> (ø)
...ntroller/networkpolicy/networkpolicy_controller.go	84.56% <0.00%> (ø)
pkg/ipfix/ipfix_set.go
... and 13 more

[tnqn]

/test-all

[tnqn]

LGTM, @jianjuns @antoninbas you may want to take a look too as it changes the default table of l2ForwardingCalcTable to fix the ingress traffic stats.

[antoninbas]

LGTM

[tnqn]

/test-integration

[tnqn]

@ceclinux could you check the integration failure: https://jenkins.antrea-ci.rocks/job/antrea-integration-manual-for-pull-request/8/console? It seems related to this change

[ceclinux]

@ceclinux could you check the integration failure: https://jenkins.antrea-ci.rocks/job/antrea-integration-manual-for-pull-request/8/console? It seems related to this change

sure.

[ceclinux]

/test-integration

[ceclinux]

/test-integration

[ceclinux]

updated and integration tests passed @tnqn

[tnqn]

/test-all