Changing src,dst check in egress named port to dst,dst

[vakalapa]

K8s e2e NetworkPolicy tests are failing for "should allow egress access on one named port"

Below is the rule NPM install incase of egress named port

Chain AZURE-NPM-EGRESS-PORT (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set azure-npm-2135863571 src match-set azure-npm-708566763 src 
    match-set azure-npm-3050895063 src,dst /* ALLOW-ALL-TO-TCP-PORT-serve-80-FROM-pod-name:client-a-IN-ns-network-policy-6141 */

ipset list azure-npm-3050895063
Name: azure-npm-3050895063
Type: hash:ip,port
Revision: 5
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 256
References: 1
Number of entries: 1
Members:
10.240.2.227,tcp:80

The above ipset is used for src,dst match, since this is a hash:ip,port ipset, Src:ip and Dst:port will be checked. Thiscauses problem as the Dst:Ip and Dst:port needs to be checked.

Fix: Solution is to change the matchset from src,dst to dst,dst. This solved the issue.

Named Port k8s e2e tests results with this fix:

Ran 6 of 5704 Specs in 1022.099 seconds
SUCCESS! -- 6 Passed | 0 Failed | 0 Pending | 5698 Skipped

Summarizing 3 Failures:

[Fail] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client [It] should enforce policy based on Multiple PodSelectors and NamespaceSelectors [Feature:NetworkPolicy]

[Fail] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client [It] should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy]

[Fail] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client [It] should allow ingress access from updated namespace [Feature:NetworkPolicy]

Ran 61 of 5704 Specs in 12353.162 seconds
FAIL! -- 58 Passed | 3 Failed | 0 Pending | 5643 Skipped
--- FAIL: TestE2E (12353.17s)

[codecov]

Codecov Report

Merging #768 (a64d153) into master (a1f13a8) will decrease coverage by 0.05%.
The diff coverage is 20.00%.

@@            Coverage Diff             @@
##           master     #768      +/-   ##
==========================================
- Coverage   41.79%   41.73%   -0.06%     
==========================================
  Files         142      142              
  Lines       13763    13763              
==========================================
- Hits         5752     5744       -8     
- Misses       7293     7302       +9     
+ Partials      718      717       -1