From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=f749hF7+; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id 9EF685A0619 for ; Thu, 16 Oct 2025 23:31:28 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1760650287; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7245omh3tXs3NN+ZXwDm/w0LCRWfXZPaUUMSv9I0mtQ=; b=f749hF7+lZf0rHTevxmfdukAzfutlsCx2cJNs/f0070LHgM/drm0y7vr/qpd5hH5tvebKl TswyUezIbXTj6PjUe+SJQVv6OiiKpBhWIgzdUlYKk3Rv3mMXLJE5bqimLpegukQXSWQtlb TEb7sTHPZuncx8G3P6q04n8meVFnX1Q= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-363-BV2EWCikNx2oDrG9nkI1LQ-1; Thu, 16 Oct 2025 17:31:25 -0400 X-MC-Unique: BV2EWCikNx2oDrG9nkI1LQ-1 X-Mimecast-MFC-AGG-ID: BV2EWCikNx2oDrG9nkI1LQ_1760650285 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-470fd59d325so6345745e9.0 for ; Thu, 16 Oct 2025 14:31:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760650284; x=1761255084; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=eyx1bJqKc+s/dZEUuBVfg9Q2XwpGpK2r6KZia9OS8HA=; b=JEDNC5VrjC6fjGhBWG8rKCXOe2DlVdp2m5bPSzd6NfvYuCNcZK69JNJiHAvuoosGIy JNbpDTZB79lfbRSd8n5KcGZEQswNRe8twYGKmLVb4DZZV89kcQF0NUCdHXcByb84iiDy gkLrR6yuATaFWbcPopNVk8GjajVwpEu3zrWamIkSPye/0UL0AXxusWtEintnP3T9mT3b RgDRicDl9qbK1cB0CA17Yj2W7AL+WvD4t1fJ7DP1c+PgsVB+4tha77Z7pz2cxY+LWjOa gWYRz7ngy2ZuDXIiqrDXvxd6I3NGiyYI2cdNFEFkyIucmyS0bSBEYOs2xFENqjG867fe 3Icw== X-Gm-Message-State: AOJu0YzW0I6Gypuu5LA/DLb/VQRNHuah4QyCtHH3RKkkmDC7QUMyQkoy G7NY7BrIc6URgfSCNFMUXYYL86mCH36qdNojpfhQYN2q+SYlS4zX5wgGeE+Nsk2HKELqNkmYd4/ SyTA+CjLBhFp4LeO3B+masgsDT0ES3fwFpWFapl3Be5B6CoPSz5HqW15FZXiP2w== X-Gm-Gg: ASbGncsTgMHzRTd9ePrGGbjNPK7gF0WToG7JMfaFzp+GpkjCC5WZyKaSirnqjEjDs+c NcUsyDbFm7OmZoyB4AP5uVTcTwuKdr+LGL6RQaBagEWHAWXpEl3iibAL9oFMWCyyOjipP0TvC80 4YZeQOIc26PwotszTcCObLcimlKsY/2UbLF1tpYcdgSDKqoCR8hVHLoeBQLEW26UCgJHwZ38pHC 0EtmY6HyaFmqMWtxWA4/beezzLxWTRR3WZYdNQ2XwK2qbPNVc6yt4A2L1LQtcxEsLQKyeAOd4k0 TlSKK0HUlM0/GfMA4rprQij+w5Al/RYuQaTIqRhJtsc6bOQdjKfev4kRTNaTFho95ang5x6W9rG xWdUrzQlTHg== X-Received: by 2002:a05:600c:3149:b0:46f:b43a:aef0 with SMTP id 5b1f17b1804b1-47117925e63mr8079385e9.41.1760650283116; Thu, 16 Oct 2025 14:31:23 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGfNAYRDVBAhj1QQY0MSmKpX2P+/fC05Y/bD9DHqQdtRJ+xL+8MWEt28kG7+PhaC2zb7iIbvQ== X-Received: by 2002:a05:600c:3149:b0:46f:b43a:aef0 with SMTP id 5b1f17b1804b1-47117925e63mr8079165e9.41.1760650282303; Thu, 16 Oct 2025 14:31:22 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4711443ec3asm44860205e9.11.2025.10.16.14.31.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Oct 2025 14:31:21 -0700 (PDT) Date: Thu, 16 Oct 2025 23:31:19 +0200 From: Stefano Brivio To: David Gibson Subject: Re: [PATCH 3/3] test: Re-implement pasta NDP tests using tunbridge & exeter Message-ID: <20251016233119.4f5e155e@elisabeth> In-Reply-To: References: <20251002075708.461931-1-david@gibson.dropbear.id.au> <20251002075708.461931-4-david@gibson.dropbear.id.au> <20251007220110.3c8bf21c@elisabeth> <20251009010248.1ebc1a50@elisabeth> <20251010012023.11f3a517@elisabeth> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: grV6_uQ4FOXxuaTMNF1ZdvkMtF6TMMYRBOMqNNfICAU_1760650285 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: T4ROGBAWV3NDUR3P53GPWG3EYBDH3BZL X-Message-ID-Hash: T4ROGBAWV3NDUR3P53GPWG3EYBDH3BZL X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Fri, 10 Oct 2025 13:17:13 +1100 David Gibson wrote: > On Fri, Oct 10, 2025 at 01:20:23AM +0200, Stefano Brivio wrote: > > On Thu, 9 Oct 2025 15:47:01 +1100 > > David Gibson wrote: > > =20 > > > On Thu, Oct 09, 2025 at 01:02:48AM +0200, Stefano Brivio wrote: =20 > > > > On Wed, 8 Oct 2025 13:32:27 +1100 > > > > David Gibson wrote: > > > > =20 > > > > > On Tue, Oct 07, 2025 at 10:01:10PM +0200, Stefano Brivio wrote: = =20 > > > > > > On Thu, 2 Oct 2025 17:57:08 +1000 > > > > > > David Gibson wrote: > > > > > > =20 > > > > > > > Convert the pasta NDP tests from shell and our own DSL to Pyt= hon using > > > > > > > the exeter test protocol and tunbridge network simulation lib= rary. > > > > > > >=20 > > > > > > > Signed-off-by: David Gibson > > > > > > > --- > > > > > > > test/Makefile | 2 +- > > > > > > > test/pasta/dhcp | 5 ++++ > > > > > > > test/pasta/ndp.py | 59 ++++++++++++++++++++++++++++++++= ++++++++++ > > > > > > > test/run | 6 +++-- > > > > > > > test/tasst/__init__.py | 4 +++ > > > > > > > test/tasst/pasta.py | 40 ++++++++++++++++++++++++++++ > > > > > > > 6 files changed, 113 insertions(+), 3 deletions(-) > > > > > > > create mode 100755 test/pasta/ndp.py > > > > > > > create mode 100644 test/tasst/pasta.py > > > > > > >=20 > > > > > > > diff --git a/test/Makefile b/test/Makefile > > > > > > > index f66c7e7e..95e3d75e 100644 > > > > > > > --- a/test/Makefile > > > > > > > +++ b/test/Makefile > > > > > > > @@ -67,7 +67,7 @@ ASSETS =3D $(DOWNLOAD_ASSETS) $(LOCAL_ASSET= S) > > > > > > > =20 > > > > > > > EXETER_SH =3D smoke/smoke.sh build/static_checkers.sh > > > > > > > EXETER_PYPATH =3D exeter/py3:tunbridge/:. > > > > > > > -EXETER_PYTHON =3D smoke/smoke.py build/build.py > > > > > > > +EXETER_PYTHON =3D smoke/smoke.py build/build.py pasta/ndp.py > > > > > > > EXETER_BATS =3D $(EXETER_SH:%=3D%.bats) $(EXETER_PYTHON:%=3D= %.bats) > > > > > > > BATS_FILES =3D $(EXETER_BATS) \ > > > > > > > =09podman/test/system/505-networking-pasta.bats > > > > > > > diff --git a/test/pasta/dhcp b/test/pasta/dhcp > > > > > > > index e1c66be6..61279fbf 100644 > > > > > > > --- a/test/pasta/dhcp > > > > > > > +++ b/test/pasta/dhcp > > > > > > > @@ -18,6 +18,11 @@ test=09Interface name > > > > > > > nsout=09IFNAME ip -j link show | jq -rM '.[] | select(.link_= type =3D=3D "ether").ifname' > > > > > > > check=09[ -n "__IFNAME__" ] > > > > > > > =20 > > > > > > > +# Bring up the interface > > > > > > > +ns=09ip link set dev __IFNAME__ up > > > > > > > +# Wait for SLAAC & DAD to complete > > > > > > > +ns=09while ! ip -j -6 addr show dev __IFNAME__ | jq -e '.[].= addr_info.[] | select(.protocol =3D=3D "kernel_ra")'; do sleep 0.1; done > > > > > > > + > > > > > > > test=09DHCP: address > > > > > > > ns=09/sbin/dhclient -4 --no-pid __IFNAME__ > > > > > > > nsout=09ADDR ip -j -4 addr show|jq -rM '.[] | select(.ifname= =3D=3D "__IFNAME__").addr_info[0].local' > > > > > > > diff --git a/test/pasta/ndp.py b/test/pasta/ndp.py > > > > > > > new file mode 100755 > > > > > > > index 00000000..8c7ce31e > > > > > > > --- /dev/null > > > > > > > +++ b/test/pasta/ndp.py > > > > > > > @@ -0,0 +1,59 @@ > > > > > > > +#! /usr/bin/env python3 > > > > > > > +# > > > > > > > +# SPDX-License-Identifier: GPL-2.0-or-later > > > > > > > +# > > > > > > > +# test/pasta/ndp.py - pasta NDP functionality > > > > > > > +# > > > > > > > +# Copyright Red Hat > > > > > > > +# Author: David Gibson > > > > > > > + > > > > > > > +import contextlib > > > > > > > +import dataclasses > > > > > > > +from typing import Iterator > > > > > > > + > > > > > > > +import exeter > > > > > > > +import tunbridge > > > > > > > +import tasst > > > > > > > + > > > > > > > + > > > > > > > +@dataclasses.dataclass > > > > > > > +class UnconfiguredScenario(exeter.Scenario): > > > > > > > + """Tests for a pasta instance without --config-net""" > > > > > > > + > > > > > > > + host: tunbridge.Site > > > > > > > + guest: tunbridge.Site > > > > > > > + ifname: str > > > > > > > + addr6: tunbridge.ip.AddrMask6 > > > > > > > + gw6: tunbridge.ip.Addr6 =20 > > > > > >=20 > > > > > > Until this point, it looks like stuff I can happily copy and pa= ste, > > > > > > and grasp, even. But then: > > > > > > =20 > > > > > > > + @exeter.scenariotest > > > > > > > + def test_ifname(self) -> None: > > > > > > > + ifs =3D tunbridge.ip.ifs(self.guest) > > > > > > > + exeter.assert_eq(set(ifs), {'lo', self.ifname}) = =20 > > > > > >=20 > > > > > > ...why does a "Scenario" have a .ifname? =20 > > > > >=20 > > > > > Yeah, the readability of the Scenario mechanism was something I w= as > > > > > particularly concerned about. I think the concept is valuable, b= ut > > > > > I'm very open to different ways of naming or organising it, if we= can > > > > > up with something better. =20 > > > >=20 > > > > From the description you give below, the name seems to fit. > > > > =20 > > > > > A "Scenario" (specifically a subclass of exeter.Scenario) is a gr= oup > > > > > of tests with a common set of parameters. In this case > > > > > UnconfiguredScenario is a bunch of tests about the behaviour of p= asta > > > > > without --config-net. Each of those tests has access to the host= and > > > > > guest sites, the expected interface name, address and gateway in = the > > > > > guest - that is, the contents of an UncofiguredScenario instance.= =20 > > > >=20 > > > > I'm not sure if I understand this correctly, but if each guest has = a > > > > single interface, that sounds a bit limiting. =20 > > >=20 > > > Sorry, to be clear: a Scenario in the general sense can contain > > > whatever parameters you like. This *particular* Scenario - > > > UnconfiguredScenario - has just those things, because those are all > > > that its tests require. =20 > >=20 > > Ah, okay. Still, if I now want to take UnconfiguredScenario and add a > > couple of dummy interfaces to it for a quick test, I guess I have the > > choice to either do that with some "external" hack, or... copy and > > rename it, so that it doesn't affect all the usages? =20 >=20 > No. A Scenario instance isn't responsible for managing the simulated > environment - that's the setup function - it's just conveying the > information about it that the tests need. So, you can make a setup > function that adds the dummy interfaces, and still yield an > UnconfiguredScenario. It doesn't need to have information about the > dummy interfaces because the tests carried by UnconfiguredScenario > don't care about them. Oh, sorry, it's a class, of course, I see now. > The scenario mechanism does several things: > 1) Groups together some related (parameterized) tests > 2) Allows all of those tests to be registered at once > 3) Provides a mechanism for providing a bunch of information to > those tests (without requiring them each to have a large set of > direct parameters) >=20 > I'm aware that doing those things with the same construct may be > confusing - it's just ways of doing them separately also seem > confusing and/or awkward in their own ways. Maybe there's a better > way, but I haven't spotted it yet. It really is confusing to me, but the description above is rather clear so I'll try to propose something once I get to write some kind of setup function and test cases myself. > > > > Actually, I think any abstraction that doesn't offer arbitrary sets= of > > > > (and relationships between) the objects shown via netlink (or, at > > > > least, namespaces, links, routes, addresses, neighbours) might be > > > > limiting and not generic enough. =20 > > >=20 > > > Absolutely, and the abstraction does allow that. > > > =20 > > > > > That instance describes a real (simulated) environment in which w= e can > > > > > run those tests. > > > > >=20 > > > > > You use this by supplying a function which sets things up, then y= ields > > > > > an UnconfiguredScenario instance describing what it set up. exet= er > > > > > will run all of the UnconfiguredScenario tests on the environment= the > > > > > setup function created, each one as a separate test case. =20 > > > >=20 > > > > This part is now clear to me, and I think it's not complicated to g= rasp > > > > the concept vaguely but enough to copy, paste, and modify code doin= g > > > > this. =20 > > >=20 > > > Ok. > > > =20 > > > > It would be even better to hide this entirely, because "yielding a > > > > scenario" is a Python thing. In general, there's an imperative part= in > > > > all this (bordering functional programming, but still, not descript= ive) > > > > which I struggle to see as beneficial. > > > >=20 > > > > Here the tasks at hand are, roughly: > > > >=20 > > > > 1. represent two network namespaces, with two interfaces each (loop= back > > > > and non-loopback), with pasta connecting one of the interfaces o= f the > > > > inner one =20 > > >=20 > > > There's a bit more to it than that - we need to specify the host's > > > routing setup, because that will affect what pasta does. That's what > > > simple_host() is about, creating a host with the single gateway > > > routing that's our easiest / most common case. =20 > >=20 > > Okay, sure, by "interfaces" I meant configured interfaces with > > addresses and a default route, too. But that doesn't really modify my > > point, that is: > > =20 > > > > 2. bring up one of the interfaces > > > >=20 > > > > 3. compare addresses > > > >=20 > > > > ...and doing 1. like that is simply not... intuitive, I think. = =20 > > >=20 > > > I'm not really clear on what you're getting at here. There is an > > > unavoidable tradeoff here between obviousness for a single case, > > > versus reuseability for multiple related cases. Is it just that some > > > of the relevant setup is hidden inside simple_host() that's the > > > problem? Or is it something else? =20 > >=20 > > ...yes, one part is that it's hidden. Another part are, specifically, > > these lines: > >=20 > > =09host: tunbridge.Site > > =09guest: tunbridge.Site > > =09ifname: str > >=20 > > =09[...] > >=20 > > =09@exeter.scenariotest > > =09def test_ifname(self) -> None: > >=20 > > =09[...] > >=20 > > None of these clearly links to "two network namespaces: A, with > > interface a1 and address x1, ...". =20 >=20 > Fair. This needs a docstring explaining the parameters / fields. That might help a tiny bit but I think the syntax and notations are kind of self-explanatory. My concern is at a more conceptual level, and it's better summarised below, but here, specifically, we're writing: host: tunbridge.Site to say: give me the "host" network namespace and to say that, in my ideal world, I would probably go for something on the line(s) of: A > > I understand this is probably very close to the bare minimum you can > > get by modelling this all with actual code, and that's why I think > > actual (imperative/functional) code is usually not used to > > model/describe things. =20 >=20 > Imperative/functional code as opposed to..? ...declarative. > > > > > Usually, there are multiple ways to set up a suitable enviroment: > > > > > running pasta with an existing guest ns vs. pasta creating the ns= is a > > > > > simple example. You can create different setup functions for eac= h of > > > > > those, and re-use all the tests in the Scenario against each of t= hose > > > > > setups. > > > > > =20 > > > > > > > + > > > > > > > + @tunbridge.ndp.NdpScenario.subscenario > > > > > > > + def test_ndp(self) -> tunbridge.ndp.NdpScenario: > > > > > > > + tunbridge.ip.ifup(self.guest, self.ifname) =20 > > > > > >=20 > > > > > > This raises the question of how much of tunbridge one needs to = know to > > > > > > be able to write a basic test. Why is ifup() in 'ip'? I thought= it > > > > > > would be more of a "link" thing. =20 > > > > >=20 > > > > > Finding misleading names is a big reason for seeking early feedba= ck. > > > > > There's kind of a reason for ifup to be in ip: it optionally take= s IP > > > > > addresses to configure on the interface. But... there's no inher= ent > > > > > reason it couldn't take other sorts of network address too, so I'= ll > > > > > look into moving that into a "link" module or something like it. = =20 > > > >=20 > > > > I think sticking to netlink objects would make this a bit more > > > > familiar, if possible. =20 > > >=20 > > > Noted. > > > =20 > > > > > > I admit I haven't had time to browse tunbridge recently, I'm ju= st > > > > > > looking at this series right now. =20 > > > > >=20 > > > > > That's fine. At some point it would be good to have you look at > > > > > tunbridge too, but reading this series _without_ reading tunbridg= e is > > > > > a very useful perspective at this stage. > > > > > =20 > > > > > > =20 > > > > > > > + return tunbridge.ndp.NdpScenario(client=3Dself.guest= , > > > > > > > + ifname=3Dself.ifnam= e, > > > > > > > + network=3Dself.addr= 6.network, > > > > > > > + gateway=3Dself.gw6)= =20 > > > > > >=20 > > > > > > This makes sense to me. =20 > > > > >=20 > > > > > Ok, good. The Scenario stuff might not be as impenetrable as I > > > > > feared. =20 > > > >=20 > > > > Here I was simply commenting on the fact that I intuitively underst= and > > > > those arguments and how they belong to the scenario, not on the > > > > Scenario abstraction itself, but in any case, yes, given a bit of t= ime > > > > and sufficient motivation, I don't think it's impenetrable either. = =20 > > >=20 > > > I should clarify - this is not as impenetrable as I feared for a firs= t > > > draft. Therefore, I am encouraged to think I can lift it up to > > > actually nice to use in the relatively near future. > > > =20 > > > > So, while at it, let me share my most substantial worry about all t= his > > > > at the moment. While not impenetrable implies it's usable, I'm not = sure > > > > how much further that goes. > > > >=20 > > > > That's mostly fine if the only goal is to develop and run tests for > > > > passt (and I say "mostly" because to run these tests as part of > > > > automatic distribution testing you need to package them, and have > > > > packages for many distributions, which is a bit difficult to justif= y if > > > > you have a single usage, but let's set this aside for a moment). > > > >=20 > > > > Still, that single-goal perspective doesn't look sustainable to me. > > > > That's the case for the current test suite, but it was never meant = to > > > > be a real "framework" or simulator or anything anybody would like t= o > > > > use for anything else. > > > >=20 > > > > If I'm looking for a tool that lets me quickly set up a VXLAN tunne= l > > > > between two nodes and try to flip offloads on and off I think it's > > > > unreasonable to expect I'll go for some Scenario abstraction on the > > > > basis of being, after all... not impenetrable. =20 > > >=20 > > > Scenarios aren't about writing *a* test. If you have a one off test > > > with a one-off setup, you can just write that out. Positing the > > > existence of a vxlan() function in tunbridge, this would be something= like: > > >=20 > > > =09with back_to_back(...): > > > =09=09with vxlan(...): > > > =09=09=09site.fg(some commands) > > > =09=09=09assert > > >=20 > > > Scenarios (which are an exeter thing, not a tunbridge thing) are > > > strictly about reusing tests in multiple related but non-identical > > > situations. > > >=20 > > > Using them in just this initial patch probably looks a bit like > > > overkill. But the point is that we don't have to redefine the same > > > tests when we want to run them for pasta and for passt, and in a bunc= h > > > of different configurations of each. =20 > >=20 > > I see, I'm quite convinced by the concept itself, actually. What I > > really can't wrap my head around is that particular syntax and > > imperative code to describe a topology with a VXLAN tunnel. > > =20 > > > > And this kind of stuff is a very recurrent need in Linux networking > > > > development, in my experience, as well as an unsatisfied need in > > > > testing of many related projects. =20 > > >=20 > > > Agreed. > > > =20 > > > > Of course, one pressing goal right now is to have a more structured= way > > > > to define tests for passt, and anything that lets us achieve that g= oal > > > > with a reasonable amount of time and effort is welcome. > > > >=20 > > > > But not having an interface that lets people build a test tunnel > > > > between two nodes in a couple of minutes of reading examples carrie= s a > > > > serious risk that this gets stuck "forever" to passt and its tests.= =20 > > >=20 > > > Right. I see the concern. Again it comes back to this tradeoff > > > between immediate readability of a single test, versus reusability of > > > logic across a whole bunch of tests. I _think_ most of your concerns > > > are coming down to the fact that the steps for building the simulated > > > networks aren't obvious to you, because they're hidden within helpers= . =20 > >=20 > > Hmm, no, not so much, that part is clear and I'm convinced we need > > something like that. > > =20 > > > So... I guess I hope that this will become better with a larger > > > library of example tests? =20 > >=20 > > It should make things easier to grasp, but not really address my > > main concern, see below. > > =20 > > > > > > > + > > > > > > > + > > > > > > > +@UnconfiguredScenario.test > > > > > > > +@contextlib.contextmanager > > > > > > > +def simh_pasta_setup() -> Iterator[UnconfiguredScenario]: > > > > > > > + with (tunbridge.sample.simple_host('host') as simh, > > > > > > > + tunbridge.sample.isolated('guest', simh.site) as g= uest): > > > > > > > + assert simh.ip6 is not None > > > > > > > + assert simh.gw6_ll is not None > > > > > > > + with tasst.pasta.pasta(simh.site, guest): > > > > > > > + yield UnconfiguredScenario(host=3Dsimh.site, > > > > > > > + guest=3Dguest, > > > > > > > + ifname=3Dsimh.ifname, > > > > > > > + addr6=3Dsimh.ip6, > > > > > > > + gw6=3Dsimh.gw6_ll) = =20 > > > > > >=20 > > > > > > ...and this too. > > > > > >=20 > > > > > > But there's one thing I'm missing: if it's a network simulator,= why do > > > > > > you need to call a simple_host() method to *describe* the fact = that you > > > > > > have a host / site? That looks rather unexpected. > > > > > >=20 > > > > > > I mean, I would have expected a syntax, in pseudocode, expressi= ng: > > > > > >=20 > > > > > > 1. x :=3D node (properties such as a list of interfaces a, b, c= ) > > > > > >=20 > > > > > > 2. pasta implements/connects a > > > > > >=20 > > > > > > ...I think this is mostly embedded in the sample.simple_host() = thing, > > > > > > but I'm not sure how. Maybe it will become clearer once I actua= lly look > > > > > > into tunbridge, though. =20 > > > > >=20 > > > > > Right. "simple_host" isn't just an arbitrary node, but a (small) > > > > > predefined network topology: a node configured with a single defa= ult > > > > > gateway (also simulated, albeit minimally) - that is, the "classi= c" > > > > > pasta host. The idea is that the tunbridge.sample module will ha= ve a > > > > > bunch of such example networks - so far there's: > > > > > - isolated() (node with loopback only) > > > > > - back_to_back() (two nodes connected by a veth) > > > > > - simple_host() > > > > >=20 > > > > > Suggestions for better names welcome, as always. =20 > > > >=20 > > > > I'm a bit worried by the mere fact that those example networks (and > > > > they're all methods instead of some kind of grammar!) are needed. = =20 > > >=20 > > > Depends what you mean by "needed". You could open code the contents > > > of simple_host() in each test - it's not that much - but doing that > > > every time seems tedious. The idea here is you can build complex > > > networks by composing simple components into small chunks, then small > > > chunks into bigger chunks and so forth. > > > =20 > > > > Anyway, I don't find back_to_back() particularly descriptive (what = =20 > > >=20 > > > Understood. To me it suggests two machines directly connected, rathe= r > > > than via a switch or a router... but that might be because I was > > > connecting physical machines like that in the 90s. =20 > >=20 > > Oh, because you'd turn their back to each other... I see now. I > > happened to do that with Ethernet but usually as a "first install" or > > whatever emergency hack, so I would just grab/make a long cable. > > =20 > > > > makes it not front-to-front?). Perhaps a more mundane "two_nodes()" > > > > makes it more obvious (they won't be isolated, of course). =20 > > >=20 > > > I'll consider that option for the next spin. > > >=20 > > > Another possible option: what about isolated_node() for the lo-only > > > node, and isolated_pair() for the veth pair (the implication being > > > they're connected to each other, but isolated from the rest of the > > > world). Not sure if that's more confusing or less... > > >=20 > > > ...actually, I think I just talked myself out of that idea. On the > > > same grounds isolated() is probably not great - the node *starts* > > > isolated, but it probably won't stay that way (e.g. back_to_back() > > > takes two isolated()s then connects them with a veth()). I'll rethin= k > > > the names on that basis. =20 > >=20 > > Right, two isolated nodes are not really supposed to talk to each other= . > > =20 > > > > > > Of course, I'm trying to push away my bias coming from the fact= I was, > > > > > > several years ago, for kselftests, aiming at something like thi= s > > > > > > instead: > > > > > >=20 > > > > > > =09A veth B > > > > > > =09x=3D$(addr A veth) > > > > > > =09B ping -c1 $x > > > > > > =09A $x vxlan B $(addr B veth) > > > > > > =09... > > > > > >=20 > > > > > > (where 'veth', 'vxlan' were both reserved keywords). Maybe once > > > > > > non-trivial links are implemented in tunbridge it will all beco= me more > > > > > > obvious. =20 > > > > >=20 > > > > > I think tunbridge is not dissimilar to this, though with function= s > > > > > rather than reserved words. =20 > > > >=20 > > > > That's pretty much the whole difference I was trying to convey, tho= ugh. > > > > Syntax is not entirely irrelevant. Of course, it doesn't need to be > > > > reserved words in arbitrary positions, but probably there are other > > > > ways to consider. =20 > > >=20 > > > Syntax certainly isn't irrelevant, but so far I haven't grasped what > > > you dislike about the function syntax versus a specialized grammer. > > > Is it: > > > - The irritating silly parentheses? > > > - Longish (qualified) function names? > > > - The indentation from the with syntax? > > > - Something else? =20 > >=20 > > It's *also* the first two =20 >=20 > Ok. First I can't easily change. Second can be mitigated by handling > the imports differently. >=20 > > (the indentation looks actually convenient), =20 >=20 > Ok, good. I also think this is useful because it conveys the lifetime > of each object, which will be important once we get to tests where you > need to change things part way through. >=20 > > but that's not my main point. My main point is that this isn't > > fundamentally declarative. You're turning it into something that > > resembles that, but the syntax is still from an imperative programming > > language. > >=20 > > And in my mind the main feature of a network (topology) simulator is > > that you describe the topology (and it will build it for you), not that > > you... have to build a description? > >=20 > > Using an example that's obviously familiar to you: think of taking a > > device tree for some system with a couple of USB and I=C2=B2C busses an= d a > > flash controller, and writing all that in Python based on some form of > > "bus" module/component. =20 >=20 > I mean... old school Open Firmware kind of is this, but with Forth > instead of Python. Okay, you can model data structures in Python, obviously, but that wasn't my point. Anyway, it's all in the example below. > > Once one sees how practical device trees are for that, the Python > > version would look wrong, wouldn't it? =20 >=20 > That really depends on the context. If I was making an API for > building a device tree, I'd probably come up with something pretty > like this. ...an API for building one, yes. But not if you were writing a device tree itself. > > Now, while I think that some single bits of DTS syntax are > > unnecessarily complicated, conceptually, a "networking" device tree > > would look more usable to me than the approach you're taking. > >=20 > > Of course, we need the whole "testing" / exeter part as well, and test > > cases are fundamentally sequential/imperative. > >=20 > > But (sorry, it's been a few years I don't touch these): > >=20 > > namespace@1 { > > interfaces { > > lo { > > address =3D 127.0.0.1; > > }; > > eth0 { > > address =3D ...; > > }; > > }; > > routes { > > /* something simpler than ip -j ro sh ? */ > > }; > > } > >=20 > > ... > >=20 > > link@... { > > vxlan { > > endpoints { > > a { > > ns =3D <&namespace@1>; > > }; > > b ... > >=20 > > ... > > =20 > > this looks much more natural to me, as an input for a simulator (I > > would personally make the syntax much more "elastic" by just throwing a > > link into a namespace but I'm trying to keep it clean just for this > > example). =20 >=20 > Aha, I think I finally get what you're saying. More below. >=20 > > Maybe tunbridge implements this somewhere and I missed it? Or would > > this be part of a "Scenario" description eventually? =20 >=20 > This is entirely unrelated to what Scenario is trying to accomplish. > That may cause you to reconsider whether "Scenario" is a good name, > which is ok. >=20 >=20 > So. A declarative way of defining networks would be nice to have. >From my perspective that's fundamental, rather. I gave it for granted. > I think doing it with the flexibility we want is much harder than you > estimate. I'll pretend I'm not commenting on this line by... oops. :) > It looks easy for simple static situations like the > examples above, but: >=20 > * If you want to describe a topology that changes partway through, > that's a huge step up in complexity, and kind of necessarily > reintroduces imperative elements. But you can use JSON or a ton of other formats that allow for ordering of elements. Alternatively, one could add attributes for lifecycle and timing (think of nftables sets) but it looks much less intuitive than the alternative. > Device tree absolutely suffers > from this - that's what motivated the godawful runtime overlay > mechanism, and right now, I'm struggling to find time to > participate in the latest of many discussions about how to better > handle devices which can be runtime added and removed. I'm not suggesting that we use ANS Forth by the way. > * If you want to build complex scenarios out of simpler ones, you > need what amounts to a macro system. There are a ton of ways. You can also use a filesystem and includes. Or simply definitions of blocks, not necessarily macros, and JSON implicitly gives you all that. As it's nothing security relevant, I would actually go with something that's in theory more complicated but in practice more digestible such as YAML. > Again, a big leap up in > complexity. Device tree struggles with this too - it originated > primarily as a machine->machine format, where having heaps of > repeated information is fine. As it transitioned to being a > human->machine format, not so much. Hence /include/, expression > support and semi-standard running dts files through cpp before > compilation. It's still pretty clunky in this regard. It absolutely is, but that's because it was designed for a different purpose. > Plus.. I think the interpreter for this hypothetical declarative > language would need an internal structure pretty similar to what > tunbridge, so this is kind of already a first step towards it. Okay, that's good to know. I'm estimating I'm currently writing about 5-10 scripts per month, including pasta/iproute2 one-liners, setting up strange stuff, to reproduce / debug issues. Given that this looks so fundamental for my usage I'm thinking that I could make at least part of this a priority of mine. I realised I can implement netlink stuff and handling of networking configuration concepts quite fast with Rust and neli, so I'm pondering to write a proof of concept that can parse the example above (minus Forth notations, but with some kind of pointer) and make it create at least namespaces, links, addresses, and routes. If it helps visualising how that could possibly look like with / in tunbridge itself, I'll take care of it soon rather than later. The only little problem is that I'm much faster with Rust (because of neli) than I can possibly picture myself with Python, and that doesn't play along with tunbridge. But perhaps as a proof of concept it helps anyway? In general, do you think there's something in particular I could contribute at this stage, if I want to see my declarative dream come true? > > > > > It's a bit hidden here, because we're > > > > > using these pre-built chunks - I expect that would be the case fo= r > > > > > your system as well, once you get to complex enough setups that y= ou > > > > > want to re-use non-trivial pieces. > > > > >=20 > > > > > For example the guts of back_to_back() is: > > > > >=20 > > > > > with isolated(f'{name}0', sb) as s0, \ > > > > > isolated(f'{name}1', sb) as s1: > > > > > if0, if1 =3D f'veth{name}0', f'veth{name}1' > > > > > with veth.veth(s0, if0, s1, if1): > > > > > =09 ... > > > > >=20 > > > > > There's more, but that's mostly about IP allocation (it optionall= y > > > > > does that). > > > > > =20 > > > > > > > + > > > > > > > + > > > > > > > +if __name__ =3D=3D '__main__': > > > > > > > + exeter.main() > > > > > > > diff --git a/test/run b/test/run > > > > > > > index 3872a56e..4f09d767 100755 > > > > > > > --- a/test/run > > > > > > > +++ b/test/run > > > > > > > @@ -43,8 +43,10 @@ KERNEL=3D${KERNEL:-"/boot/vmlinuz-$(uname = -r)"} > > > > > > > =20 > > > > > > > COMMIT=3D"$(git log --oneline --no-decorate -1)" > > > > > > > =20 > > > > > > > -# Let exeter tests written in Python find their modules > > > > > > > +# Let exeter tests written in Python find their modules and = binaries to run > > > > > > > export PYTHONPATH=3D${BASEPATH}/exeter/py3:${BASEPATH}/tunbr= idge:${BASEPATH} > > > > > > > +export PASTA=3D${PASTA:-${BASEPATH}/../pasta} > > > > > > > + > > > > > > > =20 > > > > > > > . lib/util > > > > > > > . lib/context > > > > > > > @@ -75,8 +77,8 @@ run() { > > > > > > > =09exeter build/build.py > > > > > > > =09exeter build/static_checkers.sh > > > > > > > =20 > > > > > > > +=09exeter pasta/ndp.py > > > > > > > =09setup pasta > > > > > > > -=09test pasta/ndp > > > > > > > =09test pasta/dhcp > > > > > > > =09test pasta/tcp > > > > > > > =09test pasta/udp > > > > > > > diff --git a/test/tasst/__init__.py b/test/tasst/__init__.py > > > > > > > index fd4fe9a8..f5386b3a 100644 > > > > > > > --- a/test/tasst/__init__.py > > > > > > > +++ b/test/tasst/__init__.py > > > > > > > @@ -8,3 +8,7 @@ > > > > > > > # > > > > > > > # Copyright Red Hat > > > > > > > # Author: David Gibson > > > > > > > + > > > > > > > +from . import pasta > > > > > > > + > > > > > > > +__all__ =3D ['pasta'] > > > > > > > diff --git a/test/tasst/pasta.py b/test/tasst/pasta.py > > > > > > > new file mode 100644 > > > > > > > index 00000000..91f59036 > > > > > > > --- /dev/null > > > > > > > +++ b/test/tasst/pasta.py > > > > > > > @@ -0,0 +1,40 @@ > > > > > > > +#! /usr/bin/env python3 > > > > > > > +# > > > > > > > +# SPDX-License-Identifier: GPL-2.0-or-later > > > > > > > +# > > > > > > > +# TASST - Test A Simple Socket Transport > > > > > > > +# > > > > > > > +# test/tasst/pasta.py - Helpers for seeting up pasta instanc= es > > > > > > > +# > > > > > > > +# Copyright Red Hat > > > > > > > +# Author: David Gibson > > > > > > > + > > > > > > > +import contextlib > > > > > > > +import os > > > > > > > +from typing import Iterator > > > > > > > + > > > > > > > +import tunbridge > > > > > > > + > > > > > > > + > > > > > > > +@contextlib.contextmanager > > > > > > > +def pasta(host: tunbridge.Site, guest: tunbridge.Site, *opts= : str) \ > > > > > > > + -> Iterator[tunbridge.site.SiteProcess]: > > > > > > > + if tunbridge.unshare.parent(guest) is not host: > > > > > > > + raise ValueError("pasta guest must be a namespace un= der host site") > > > > > > > + > > > > > > > + # This implies guest is a namespace site > > > > > > > + assert isinstance(guest, tunbridge.unshare.NsenterSite) > > > > > > > + > > > > > > > + exe =3D os.environ['PASTA'] > > > > > > > + > > > > > > > + with host.tempdir() as piddir: > > > > > > > + pidfile =3D os.path.join(piddir, 'pasta.pid') > > > > > > > + cmd =3D [exe, '-f', '-P', pidfile] + list(opts) + [f= '{guest.pid}'] > > > > > > > + with host.bg(*cmd, stop=3DTrue) as pasta: > > > > > > > + # Wait for the PID file to be written > > > > > > > + pidstr =3D None > > > > > > > + while not pidstr: > > > > > > > + pidstr =3D host.readfile(pidfile, check=3DFa= lse) > > > > > > > + pid =3D int(pidstr) > > > > > > > + print(f'pasta started, host: {host}, guest: {gue= st}, pid: {pid}') > > > > > > > + yield pasta =20 > > > > > >=20 > > > > > > ...perhaps we could also print version and path. =20 > > > > >=20 > > > > > Path I can easily add. Version would require an extra invocation= of > > > > > pasta, which I don't really want to do. =20 > > > >=20 > > > > Ah, right, never mind. The path will be good enough for that. > > > > =20 > > > > > > This part also looks > > > > > > quite readable and intuitive to me without having looked into t= unbridge > > > > > > recently. =20 > > > > >=20 > > > > > Ok, that's promising. =20 > > > >=20 > > > > I mean, I think it's all usable for the moment, and perhaps a start= ing > > > > point for some other kind of... front-end? I'm not sure. As I menti= oned > > > > I'm a bit worried about the potential for universal intuitiveness a= nd > > > > usability. =20 > > >=20 > > > So am I, but I have to weigh it against being able to re-use both > > > tests and setups without having to re-express both in each case. =20 > >=20 > > I think setups written like that are reusable (or can be made > > reusable). My usability point is about other project/usages. For passt > > and pasta themselves, this level or reusability looks enough to me for > > the foreseeable future. > >=20 > > Even though, one day, I guess we might want to generate pseudo-random > > (fractal-tree-like?) topologies (and I was recently trying out a > > pasta-in-pasta-in-pasta-in-pasta-in-pasta setup to reproduce that > > HTTP/FIN issue). For that, a declarative approach would make things > > easier, I suppose. =20 >=20 > Declarative, or imperative? I actually have something like that in > tunbridge's selftests: a function that builds a stack of N nested > namespaces. > https://gitlab.com/dgibson/tunbridge/-/blob/main/tunbridge/unshare.py= #L302 ...but they are all the same. Think, for example, of connecting every odd-numbered pair with veth tunnels, and every even-numbered pair with pasta. Say: n1 <-- veth --> n2 <-- pasta --> n3 <-- veth --> n4. What's really well suited for this situation, in my experience, is a declarative description format that can be easily generated and manipulated by imperative code. The name of this kind of "indirection" in computer science research currently escapes me, but I'm fairly sure there must be some theory about it. In any case, I can include something like this in my (now planned) proof of concept. --=20 Stefano