lib: matcher: add ip4.dscp matcher #1225
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| # Run CI when a commit lands on the main branch and when a PR for main is | |
| # opened. | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - 'ci/*' | |
| pull_request: | |
| branches: | |
| - main | |
| env: | |
| REGISTRY: ghcr.io | |
| permissions: | |
| checks: write | |
| contents: read | |
| id-token: write | |
| packages: write | |
| pages: write | |
| pull-requests: write | |
| jobs: | |
| create-images: | |
| timeout-minutes: 15 | |
| strategy: | |
| matrix: | |
| host: | |
| - { name: ubuntu-24.04, arch: x64 } | |
| - { name: 4-core-ubuntu-arm, arch: arm64 } | |
| distribution: | |
| - { name: fedora, version: "43" } | |
| - { name: fedora, version: "42" } | |
| - { name: fedora, version: "41" } | |
| - { name: ubuntu, version: "24.04" } | |
| - { name: ubuntu, version: "25.04" } | |
| - { name: ubuntu, version: "25.10" } | |
| runs-on: [ "${{ matrix.host.name }}" ] | |
| name: "Image: ${{ matrix.distribution.name }} ${{ matrix.distribution.version }} (${{ matrix.host.arch}})" | |
| steps: | |
| - name: Checkout bpfilter | |
| uses: actions/checkout@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log to GHCR | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Build the container images and use the existing images as cache | |
| - name: Build and push container image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| file: .github/${{ matrix.distribution.name }}-${{ matrix.distribution.version }}.Dockerfile | |
| push: ${{ github.event_name == 'push' && 'true' || 'false' }} | |
| tags: ghcr.io/facebook/bpfilter:${{ matrix.distribution.name }}-${{ matrix.distribution.version }}-${{ matrix.host.arch}} | |
| cache-from: type=gha,scope=${{ matrix.distribution.name }}-${{ matrix.distribution.version }}-${{ matrix.host.arch}} | |
| cache-to: type=gha,mode=max,scope=${{ matrix.distribution.name }}-${{ matrix.distribution.version }}-${{ matrix.host.arch}} | |
| build: | |
| needs: create-images | |
| timeout-minutes: 5 | |
| strategy: | |
| matrix: | |
| host: | |
| - { name: ubuntu-24.04, arch: x64 } | |
| - { name: 4-core-ubuntu-arm, arch: arm64 } | |
| distribution: | |
| - { name: fedora, version: "43" } | |
| - { name: fedora, version: "42" } | |
| - { name: fedora, version: "41" } | |
| - { name: ubuntu, version: "24.04" } | |
| - { name: ubuntu, version: "25.04" } | |
| - { name: ubuntu, version: "25.10" } | |
| runs-on: [ "${{ matrix.host.name }}" ] | |
| container: ghcr.io/facebook/bpfilter:${{ matrix.distribution.name }}-${{ matrix.distribution.version }}-${{ matrix.host.arch}} | |
| name: "Build: ${{ matrix.distribution.name }} ${{ matrix.distribution.version }} (${{ matrix.host.arch}})" | |
| steps: | |
| - name: Checkout bpfilter | |
| uses: actions/checkout@v2 | |
| - name: Configure the build | |
| run: cmake -S $GITHUB_WORKSPACE -B $GITHUB_WORKSPACE/build -DNO_BENCHMARKS=1 | |
| - name: Build all | |
| run: make -C $GITHUB_WORKSPACE/build -j `nproc` | |
| test: | |
| needs: create-images | |
| timeout-minutes: 5 | |
| strategy: | |
| matrix: | |
| host: | |
| - { name: ubuntu-24.04, arch: x64 } | |
| - { name: 4-core-ubuntu-arm, arch: arm64 } | |
| runs-on: [ "${{ matrix.host.name }}" ] | |
| container: | |
| image: ghcr.io/facebook/bpfilter:fedora-43-${{ matrix.host.arch }} | |
| options: --privileged | |
| name: "Test: ${{ matrix.host.arch }}" | |
| steps: | |
| - name: Checkout bpfilter | |
| uses: actions/checkout@v2 | |
| - name: Restore the cached test results | |
| uses: actions/cache@v4 | |
| if: matrix.host.arch == 'x64' | |
| with: | |
| path: build/coverage | |
| key: tests-results-${{ github.run_id }} | |
| - name: Mount bpffs | |
| run: mount bpffs /sys/fs/bpf -t bpf | |
| - name: Configure the build | |
| run: cmake -S $GITHUB_WORKSPACE -B $GITHUB_WORKSPACE/build -DWITH_COVERAGE=1 | |
| - name: Build tests | |
| run: make -C $GITHUB_WORKSPACE/build -j `nproc` test_bin | |
| - name: ewef | |
| run: sudo ls | |
| - name: Run unit tests | |
| run: ctest --test-dir $GITHUB_WORKSPACE/build -L unit --verbose | |
| - name: Run end-to-end tests | |
| run: ctest --test-dir $GITHUB_WORKSPACE/build -L e2e --verbose | |
| - name: Run integration tests | |
| run: ctest --test-dir $GITHUB_WORKSPACE/build -L integration --verbose | |
| - name: Run checks | |
| run: ctest --test-dir $GITHUB_WORKSPACE/build -L check --verbose | |
| - name: Generate the coverage report | |
| run: make -C $GITHUB_WORKSPACE/build coverage | |
| benchmark: | |
| runs-on: self-hosted | |
| # Ensure benchmarks are not run concurrently on bf-bench-3 | |
| concurrency: | |
| group: do-no-run-benchmarks-concurrently | |
| cancel-in-progress: false | |
| name: "Benchmark" | |
| steps: | |
| - name: Checkout bpfilter repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| # Run bfbencher with the same cache directory for every job, so | |
| # results are shared. | |
| # On pull requests, compare the X latest changes on main against the | |
| # last commit of the PR. Otherwise, run the benchmarks up to HEAD. | |
| # On job retry, the last commit of the PR will always be retried. | |
| - name: Run bfbencher | |
| env: | |
| # Override rich's default terminal width to prevent wrapping. | |
| COLUMNS: 150 | |
| IS_RETRY: ${{ github.run_attempt > 1 }} | |
| run: | | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| git fetch origin main | |
| BENCH_UNTIL="origin/main" | |
| BENCH_INCLUDE="--include HEAD" | |
| BENCH_FAIL_ON="--fail-on-significant-change worse" | |
| if [ "$IS_RETRY" = "true" ]; then | |
| BENCH_RETRY="--retry HEAD" | |
| else | |
| BENCH_RETRY="" | |
| fi | |
| else | |
| BENCH_UNTIL="HEAD" | |
| BENCH_INCLUDE="" | |
| BENCH_FAIL_ON="" | |
| fi | |
| tools/benchmarks/bfbencher \ | |
| --since 30bd49f \ | |
| --until $BENCH_UNTIL \ | |
| $BENCH_INCLUDE \ | |
| --cache-dir ~/bfbencher-cache \ | |
| --report-path index.html \ | |
| --pr-report-path $GITHUB_STEP_SUMMARY \ | |
| $BENCH_RETRY \ | |
| $BENCH_FAIL_ON \ | |
| --bind-node 0 \ | |
| --no-preempt \ | |
| --cpu-pin 3 \ | |
| --slice benchmark.slice | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: benchmarks-report | |
| path: index.html | |
| doc: | |
| needs: [ test, benchmark ] | |
| timeout-minutes: 5 | |
| runs-on: [ "ubuntu-24.04" ] | |
| container: ghcr.io/facebook/bpfilter:fedora-43-x64 | |
| name: "Documentation" | |
| steps: | |
| - name: Checkout bpfilter | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Mark the repository as safe for Git | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| - name: Configure the build | |
| run: cmake -S $GITHUB_WORKSPACE -B $GITHUB_WORKSPACE/build | |
| - name: Restore the cached tests results | |
| uses: actions/cache@v4 | |
| with: | |
| path: build/coverage | |
| key: tests-results-${{ github.run_id }} | |
| - name: Build | |
| run: make -C $GITHUB_WORKSPACE/build -j `nproc` doc | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: benchmarks-report | |
| path: ${{ github.workspace }}/build/doc/html/external/benchmarks/ | |
| - name: Fix permissions | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| chmod -c -R +rX "$GITHUB_WORKSPACE/build/doc/html" | while read line; do | |
| echo "::warning title=Invalid file permissions automatically fixed::$line" | |
| done | |
| - name: Upload artifact | |
| uses: actions/upload-pages-artifact@v3 | |
| if: github.ref == 'refs/heads/main' | |
| with: | |
| path: build/doc/html | |
| - name: Deploy to GitHub Pages | |
| uses: actions/deploy-pages@v4 | |
| if: github.ref == 'refs/heads/main' |