Fix reject loop issue and add error handling

[GraysonWu]

Fixes #3559
Skip the reject response generation when neither src nor dst are on
current Node.

Re-write the MAC address for RejectPodLocal reject type no matter
AntreaIPAM is on or not. And send the packetOut directly to the
dstPod instead of L3Forwarding table.

Signed-off-by: wgrayson wgrayson@vmware.com

[codecov-commenter]

Codecov Report

Merging #3569 (a5de58d) into main (ac50657) will decrease coverage by 18.63%.
The diff coverage is 34.83%.

❗ Current head a5de58d differs from pull request most recent head 29be1e2. Consider uploading reports for the commit 29be1e2 to get more accurate results

@@             Coverage Diff             @@
##             main    #3569       +/-   ##
===========================================
- Coverage   64.15%   45.52%   -18.64%     
===========================================
  Files         278      362       +84     
  Lines       27833    50754    +22921     
===========================================
+ Hits        17857    23105     +5248     
- Misses       8061    25439    +17378     
- Partials     1915     2210      +295     

Flag	Coverage Δ
e2e-tests	48.68% <34.83%> (?)
integration-tests	38.16% <ø> (?)
kind-e2e-tests	?
unit-tests	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/agent/agent_linux.go	5.55% <ø> (+1.23%)	⬆️
pkg/agent/config/node_config.go	88.88% <ø> (-11.12%)	⬇️
pkg/agent/openflow/multicast.go	0.00% <0.00%> (ø)
pkg/controller/ipam/validate.go	0.00% <0.00%> (-82.26%)	⬇️
pkg/agent/openflow/pipeline.go	68.88% <7.14%> (-5.29%)	⬇️
pkg/features/antrea_features.go	11.11% <10.00%> (-5.56%)	⬇️
pkg/agent/proxy/proxier.go	49.07% <34.78%> (-13.65%)	⬇️
pkg/agent/openflow/service.go	69.76% <42.30%> (-13.91%)	⬇️
pkg/agent/openflow/egress.go	69.44% <50.00%> (-14.77%)	⬇️
pkg/agent/controller/networkpolicy/reject.go	76.47% <55.00%> (-11.44%)	⬇️
... and 395 more

[antoninbas]

if there was a regression, we should add a test so that it doesn't happen again

[GraysonWu]

Do you have any good ideas about how to detect the loop in the test?

[antoninbas]

Do you have any good ideas about how to detect the loop in the test?

Isn't the reject loop causing the Reject functionality to break in some way?

If not, you could think about unit testing this function to make sure it generates the correct Reject packets for a few interesting input PacketIns. Based on the contents of that patch, it seems the loop is caused by a bug in the function and is not related to the OVS flows.

[GraysonWu]

Do you have any good ideas about how to detect the loop in the test?

Isn't the reject loop causing the Reject functionality to break in some way?

If not, you could think about unit testing this function to make sure it generates the correct Reject packets for a few interesting input PacketIns. Based on the contents of that patch, it seems the loop is caused by a bug in the function and is not related to the OVS flows.

My bad. I'm stupid. No matter if the loop will crash the agent or not. The test client won't receive the reject response in a loop situation. Then the test will fail.

[GraysonWu]

Added tests.

[tnqn]

LGTM, one question

[GraysonWu]

/test-all

[GraysonWu]

/test-integration

[antoninbas]

LGTM

[antoninbas]

/test-e2e

[antoninbas]

@GraysonWu looks like jenkins-e2e failed twice, maybe you need to take a look

[GraysonWu]

@GraysonWu looks like jenkins-e2e failed twice, maybe you need to take a look

Those tests failed in apply antrea phase. I think they shouldn't be introduced by this PR. And I'm unable to reproduce it in my env. Opened PR #3590 to just run those failed tests in jenkins. Will update here after test complete.

[GraysonWu]

Tests passed when running alone. One more retry here.
/test-e2e

[GraysonWu]

/test-e2e

[antoninbas]

@GraysonWu could you backport this to 1.6?

[GraysonWu]

Backported to 1.6 and 1.5