081ed44a1d
The new macspoofchk field is added to the bridge plugin to support anti-mac-spoofing. When the parameter is enabled, traffic is limited to the mac addresses of the container interface (the veth peer that is placed in the container ns). Any traffic that exits the pod is checked against the source mac address that is expected. If the mac address is different, the frames are dropped. The implementation is using nftables and should only be used on nodes that support it. Signed-off-by: Edward Haas <edwardh@redhat.com>
81 lines
2.0 KiB
YAML
81 lines
2.0 KiB
YAML
---
|
|
name: test
|
|
|
|
on: ["push", "pull_request"]
|
|
|
|
env:
|
|
GO_VERSION: "1.16"
|
|
LINUX_ARCHES: "amd64 386 arm arm64 s390x mips64le ppc64le"
|
|
|
|
jobs:
|
|
build:
|
|
name: Build all linux architectures
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: setup go
|
|
uses: actions/setup-go@v2
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Build on all supported architectures
|
|
run: |
|
|
set -e
|
|
for arch in ${LINUX_ARCHES}; do
|
|
echo "Building for arch $arch"
|
|
GOARCH=$arch ./build_linux.sh
|
|
rm bin/*
|
|
done
|
|
|
|
test-linux:
|
|
name: Run tests on Linux amd64
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install kernel module
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install linux-modules-extra-$(uname -r)
|
|
- name: Install nftables
|
|
run: sudo apt-get install nftables
|
|
|
|
- name: setup go
|
|
uses: actions/setup-go@v2
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
- name: Set up Go for root
|
|
run: |
|
|
sudo ln -sf `which go` `sudo which go` || true
|
|
sudo go version
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Install test binaries
|
|
env:
|
|
GO111MODULE: off
|
|
run: |
|
|
go get github.com/containernetworking/cni/cnitool
|
|
go get github.com/mattn/goveralls
|
|
go get github.com/modocache/gover
|
|
|
|
- name: test
|
|
run: PATH=$PATH:$(go env GOPATH)/bin COVERALLS=1 ./test_linux.sh
|
|
|
|
- name: Send coverage to coveralls
|
|
env:
|
|
COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
PATH=$PATH:$(go env GOPATH)/bin
|
|
gover
|
|
goveralls -coverprofile=gover.coverprofile -service=github
|
|
|
|
test-win:
|
|
name: Build and run tests on Windows
|
|
runs-on: windows-latest
|
|
steps:
|
|
- name: setup go
|
|
uses: actions/setup-go@v2
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
- uses: actions/checkout@v2
|
|
- name: test
|
|
run: bash ./test_windows.sh
|