On Thu, Oct 09, 2025 at 01:02:48AM +0200, Stefano Brivio wrote: > On Wed, 8 Oct 2025 13:32:27 +1100 > David Gibson wrote: > > > On Tue, Oct 07, 2025 at 10:01:10PM +0200, Stefano Brivio wrote: > > > On Thu, 2 Oct 2025 17:57:08 +1000 > > > David Gibson wrote: > > > > > > > Convert the pasta NDP tests from shell and our own DSL to Python using > > > > the exeter test protocol and tunbridge network simulation library. > > > > > > > > Signed-off-by: David Gibson > > > > --- > > > > test/Makefile | 2 +- > > > > test/pasta/dhcp | 5 ++++ > > > > test/pasta/ndp.py | 59 ++++++++++++++++++++++++++++++++++++++++++ > > > > test/run | 6 +++-- > > > > test/tasst/__init__.py | 4 +++ > > > > test/tasst/pasta.py | 40 ++++++++++++++++++++++++++++ > > > > 6 files changed, 113 insertions(+), 3 deletions(-) > > > > create mode 100755 test/pasta/ndp.py > > > > create mode 100644 test/tasst/pasta.py > > > > > > > > diff --git a/test/Makefile b/test/Makefile > > > > index f66c7e7e..95e3d75e 100644 > > > > --- a/test/Makefile > > > > +++ b/test/Makefile > > > > @@ -67,7 +67,7 @@ ASSETS = $(DOWNLOAD_ASSETS) $(LOCAL_ASSETS) > > > > > > > > EXETER_SH = smoke/smoke.sh build/static_checkers.sh > > > > EXETER_PYPATH = exeter/py3:tunbridge/:. > > > > -EXETER_PYTHON = smoke/smoke.py build/build.py > > > > +EXETER_PYTHON = smoke/smoke.py build/build.py pasta/ndp.py > > > > EXETER_BATS = $(EXETER_SH:%=%.bats) $(EXETER_PYTHON:%=%.bats) > > > > BATS_FILES = $(EXETER_BATS) \ > > > > podman/test/system/505-networking-pasta.bats > > > > diff --git a/test/pasta/dhcp b/test/pasta/dhcp > > > > index e1c66be6..61279fbf 100644 > > > > --- a/test/pasta/dhcp > > > > +++ b/test/pasta/dhcp > > > > @@ -18,6 +18,11 @@ test Interface name > > > > nsout IFNAME ip -j link show | jq -rM '.[] | select(.link_type == "ether").ifname' > > > > check [ -n "__IFNAME__" ] > > > > > > > > +# Bring up the interface > > > > +ns ip link set dev __IFNAME__ up > > > > +# Wait for SLAAC & DAD to complete > > > > +ns while ! ip -j -6 addr show dev __IFNAME__ | jq -e '.[].addr_info.[] | select(.protocol == "kernel_ra")'; do sleep 0.1; done > > > > + > > > > test DHCP: address > > > > ns /sbin/dhclient -4 --no-pid __IFNAME__ > > > > nsout ADDR ip -j -4 addr show|jq -rM '.[] | select(.ifname == "__IFNAME__").addr_info[0].local' > > > > diff --git a/test/pasta/ndp.py b/test/pasta/ndp.py > > > > new file mode 100755 > > > > index 00000000..8c7ce31e > > > > --- /dev/null > > > > +++ b/test/pasta/ndp.py > > > > @@ -0,0 +1,59 @@ > > > > +#! /usr/bin/env python3 > > > > +# > > > > +# SPDX-License-Identifier: GPL-2.0-or-later > > > > +# > > > > +# test/pasta/ndp.py - pasta NDP functionality > > > > +# > > > > +# Copyright Red Hat > > > > +# Author: David Gibson > > > > + > > > > +import contextlib > > > > +import dataclasses > > > > +from typing import Iterator > > > > + > > > > +import exeter > > > > +import tunbridge > > > > +import tasst > > > > + > > > > + > > > > +@dataclasses.dataclass > > > > +class UnconfiguredScenario(exeter.Scenario): > > > > + """Tests for a pasta instance without --config-net""" > > > > + > > > > + host: tunbridge.Site > > > > + guest: tunbridge.Site > > > > + ifname: str > > > > + addr6: tunbridge.ip.AddrMask6 > > > > + gw6: tunbridge.ip.Addr6 > > > > > > Until this point, it looks like stuff I can happily copy and paste, > > > and grasp, even. But then: > > > > > > > + @exeter.scenariotest > > > > + def test_ifname(self) -> None: > > > > + ifs = tunbridge.ip.ifs(self.guest) > > > > + exeter.assert_eq(set(ifs), {'lo', self.ifname}) > > > > > > ...why does a "Scenario" have a .ifname? > > > > Yeah, the readability of the Scenario mechanism was something I was > > particularly concerned about. I think the concept is valuable, but > > I'm very open to different ways of naming or organising it, if we can > > up with something better. > > From the description you give below, the name seems to fit. > > > A "Scenario" (specifically a subclass of exeter.Scenario) is a group > > of tests with a common set of parameters. In this case > > UnconfiguredScenario is a bunch of tests about the behaviour of pasta > > without --config-net. Each of those tests has access to the host and > > guest sites, the expected interface name, address and gateway in the > > guest - that is, the contents of an UncofiguredScenario instance. > > I'm not sure if I understand this correctly, but if each guest has a > single interface, that sounds a bit limiting. Sorry, to be clear: a Scenario in the general sense can contain whatever parameters you like. This *particular* Scenario - UnconfiguredScenario - has just those things, because those are all that its tests require. > Actually, I think any abstraction that doesn't offer arbitrary sets of > (and relationships between) the objects shown via netlink (or, at > least, namespaces, links, routes, addresses, neighbours) might be > limiting and not generic enough. Absolutely, and the abstraction does allow that. > > That instance describes a real (simulated) environment in which we can > > run those tests. > > > > You use this by supplying a function which sets things up, then yields > > an UnconfiguredScenario instance describing what it set up. exeter > > will run all of the UnconfiguredScenario tests on the environment the > > setup function created, each one as a separate test case. > > This part is now clear to me, and I think it's not complicated to grasp > the concept vaguely but enough to copy, paste, and modify code doing > this. Ok. > It would be even better to hide this entirely, because "yielding a > scenario" is a Python thing. In general, there's an imperative part in > all this (bordering functional programming, but still, not descriptive) > which I struggle to see as beneficial. > > Here the tasks at hand are, roughly: > > 1. represent two network namespaces, with two interfaces each (loopback > and non-loopback), with pasta connecting one of the interfaces of the > inner one There's a bit more to it than that - we need to specify the host's routing setup, because that will affect what pasta does. That's what simple_host() is about, creating a host with the single gateway routing that's our easiest / most common case. > 2. bring up one of the interfaces > > 3. compare addresses > > ...and doing 1. like that is simply not... intuitive, I think. I'm not really clear on what you're getting at here. There is an unavoidable tradeoff here between obviousness for a single case, versus reuseability for multiple related cases. Is it just that some of the relevant setup is hidden inside simple_host() that's the problem? Or is it something else? > > Usually, there are multiple ways to set up a suitable enviroment: > > running pasta with an existing guest ns vs. pasta creating the ns is a > > simple example. You can create different setup functions for each of > > those, and re-use all the tests in the Scenario against each of those > > setups. > > > > > > + > > > > + @tunbridge.ndp.NdpScenario.subscenario > > > > + def test_ndp(self) -> tunbridge.ndp.NdpScenario: > > > > + tunbridge.ip.ifup(self.guest, self.ifname) > > > > > > This raises the question of how much of tunbridge one needs to know to > > > be able to write a basic test. Why is ifup() in 'ip'? I thought it > > > would be more of a "link" thing. > > > > Finding misleading names is a big reason for seeking early feedback. > > There's kind of a reason for ifup to be in ip: it optionally takes IP > > addresses to configure on the interface. But... there's no inherent > > reason it couldn't take other sorts of network address too, so I'll > > look into moving that into a "link" module or something like it. > > I think sticking to netlink objects would make this a bit more > familiar, if possible. Noted. > > > I admit I haven't had time to browse tunbridge recently, I'm just > > > looking at this series right now. > > > > That's fine. At some point it would be good to have you look at > > tunbridge too, but reading this series _without_ reading tunbridge is > > a very useful perspective at this stage. > > > > > > > > > + return tunbridge.ndp.NdpScenario(client=self.guest, > > > > + ifname=self.ifname, > > > > + network=self.addr6.network, > > > > + gateway=self.gw6) > > > > > > This makes sense to me. > > > > Ok, good. The Scenario stuff might not be as impenetrable as I > > feared. > > Here I was simply commenting on the fact that I intuitively understand > those arguments and how they belong to the scenario, not on the > Scenario abstraction itself, but in any case, yes, given a bit of time > and sufficient motivation, I don't think it's impenetrable either. I should clarify - this is not as impenetrable as I feared for a first draft. Therefore, I am encouraged to think I can lift it up to actually nice to use in the relatively near future. > So, while at it, let me share my most substantial worry about all this > at the moment. While not impenetrable implies it's usable, I'm not sure > how much further that goes. > > That's mostly fine if the only goal is to develop and run tests for > passt (and I say "mostly" because to run these tests as part of > automatic distribution testing you need to package them, and have > packages for many distributions, which is a bit difficult to justify if > you have a single usage, but let's set this aside for a moment). > > Still, that single-goal perspective doesn't look sustainable to me. > That's the case for the current test suite, but it was never meant to > be a real "framework" or simulator or anything anybody would like to > use for anything else. > > If I'm looking for a tool that lets me quickly set up a VXLAN tunnel > between two nodes and try to flip offloads on and off I think it's > unreasonable to expect I'll go for some Scenario abstraction on the > basis of being, after all... not impenetrable. Scenarios aren't about writing *a* test. If you have a one off test with a one-off setup, you can just write that out. Positing the existence of a vxlan() function in tunbridge, this would be something like: with back_to_back(...): with vxlan(...): site.fg(some commands) assert Scenarios (which are an exeter thing, not a tunbridge thing) are strictly about reusing tests in multiple related but non-identical situations. Using them in just this initial patch probably looks a bit like overkill. But the point is that we don't have to redefine the same tests when we want to run them for pasta and for passt, and in a bunch of different configurations of each. > And this kind of stuff is a very recurrent need in Linux networking > development, in my experience, as well as an unsatisfied need in > testing of many related projects. Agreed. > Of course, one pressing goal right now is to have a more structured way > to define tests for passt, and anything that lets us achieve that goal > with a reasonable amount of time and effort is welcome. > > But not having an interface that lets people build a test tunnel > between two nodes in a couple of minutes of reading examples carries a > serious risk that this gets stuck "forever" to passt and its tests. Right. I see the concern. Again it comes back to this tradeoff between immediate readability of a single test, versus reusability of logic across a whole bunch of tests. I _think_ most of your concerns are coming down to the fact that the steps for building the simulated networks aren't obvious to you, because they're hidden within helpers. So... I guess I hope that this will become better with a larger library of example tests? > > > > + > > > > + > > > > +@UnconfiguredScenario.test > > > > +@contextlib.contextmanager > > > > +def simh_pasta_setup() -> Iterator[UnconfiguredScenario]: > > > > + with (tunbridge.sample.simple_host('host') as simh, > > > > + tunbridge.sample.isolated('guest', simh.site) as guest): > > > > + assert simh.ip6 is not None > > > > + assert simh.gw6_ll is not None > > > > + with tasst.pasta.pasta(simh.site, guest): > > > > + yield UnconfiguredScenario(host=simh.site, > > > > + guest=guest, > > > > + ifname=simh.ifname, > > > > + addr6=simh.ip6, > > > > + gw6=simh.gw6_ll) > > > > > > ...and this too. > > > > > > But there's one thing I'm missing: if it's a network simulator, why do > > > you need to call a simple_host() method to *describe* the fact that you > > > have a host / site? That looks rather unexpected. > > > > > > I mean, I would have expected a syntax, in pseudocode, expressing: > > > > > > 1. x := node (properties such as a list of interfaces a, b, c) > > > > > > 2. pasta implements/connects a > > > > > > ...I think this is mostly embedded in the sample.simple_host() thing, > > > but I'm not sure how. Maybe it will become clearer once I actually look > > > into tunbridge, though. > > > > Right. "simple_host" isn't just an arbitrary node, but a (small) > > predefined network topology: a node configured with a single default > > gateway (also simulated, albeit minimally) - that is, the "classic" > > pasta host. The idea is that the tunbridge.sample module will have a > > bunch of such example networks - so far there's: > > - isolated() (node with loopback only) > > - back_to_back() (two nodes connected by a veth) > > - simple_host() > > > > Suggestions for better names welcome, as always. > > I'm a bit worried by the mere fact that those example networks (and > they're all methods instead of some kind of grammar!) are needed. Depends what you mean by "needed". You could open code the contents of simple_host() in each test - it's not that much - but doing that every time seems tedious. The idea here is you can build complex networks by composing simple components into small chunks, then small chunks into bigger chunks and so forth. > Anyway, I don't find back_to_back() particularly descriptive (what Understood. To me it suggests two machines directly connected, rather than via a switch or a router... but that might be because I was connecting physical machines like that in the 90s. > makes it not front-to-front?). Perhaps a more mundane "two_nodes()" > makes it more obvious (they won't be isolated, of course). I'll consider that option for the next spin. Another possible option: what about isolated_node() for the lo-only node, and isolated_pair() for the veth pair (the implication being they're connected to each other, but isolated from the rest of the world). Not sure if that's more confusing or less... ...actually, I think I just talked myself out of that idea. On the same grounds isolated() is probably not great - the node *starts* isolated, but it probably won't stay that way (e.g. back_to_back() takes two isolated()s then connects them with a veth()). I'll rethink the names on that basis. > > > Of course, I'm trying to push away my bias coming from the fact I was, > > > several years ago, for kselftests, aiming at something like this > > > instead: > > > > > > A veth B > > > x=$(addr A veth) > > > B ping -c1 $x > > > A $x vxlan B $(addr B veth) > > > ... > > > > > > (where 'veth', 'vxlan' were both reserved keywords). Maybe once > > > non-trivial links are implemented in tunbridge it will all become more > > > obvious. > > > > I think tunbridge is not dissimilar to this, though with functions > > rather than reserved words. > > That's pretty much the whole difference I was trying to convey, though. > Syntax is not entirely irrelevant. Of course, it doesn't need to be > reserved words in arbitrary positions, but probably there are other > ways to consider. Syntax certainly isn't irrelevant, but so far I haven't grasped what you dislike about the function syntax versus a specialized grammer. Is it: - The irritating silly parentheses? - Longish (qualified) function names? - The indentation from the with syntax? - Something else? > > It's a bit hidden here, because we're > > using these pre-built chunks - I expect that would be the case for > > your system as well, once you get to complex enough setups that you > > want to re-use non-trivial pieces. > > > > For example the guts of back_to_back() is: > > > > with isolated(f'{name}0', sb) as s0, \ > > isolated(f'{name}1', sb) as s1: > > if0, if1 = f'veth{name}0', f'veth{name}1' > > with veth.veth(s0, if0, s1, if1): > > ... > > > > There's more, but that's mostly about IP allocation (it optionally > > does that). > > > > > > + > > > > + > > > > +if __name__ == '__main__': > > > > + exeter.main() > > > > diff --git a/test/run b/test/run > > > > index 3872a56e..4f09d767 100755 > > > > --- a/test/run > > > > +++ b/test/run > > > > @@ -43,8 +43,10 @@ KERNEL=${KERNEL:-"/boot/vmlinuz-$(uname -r)"} > > > > > > > > COMMIT="$(git log --oneline --no-decorate -1)" > > > > > > > > -# Let exeter tests written in Python find their modules > > > > +# Let exeter tests written in Python find their modules and binaries to run > > > > export PYTHONPATH=${BASEPATH}/exeter/py3:${BASEPATH}/tunbridge:${BASEPATH} > > > > +export PASTA=${PASTA:-${BASEPATH}/../pasta} > > > > + > > > > > > > > . lib/util > > > > . lib/context > > > > @@ -75,8 +77,8 @@ run() { > > > > exeter build/build.py > > > > exeter build/static_checkers.sh > > > > > > > > + exeter pasta/ndp.py > > > > setup pasta > > > > - test pasta/ndp > > > > test pasta/dhcp > > > > test pasta/tcp > > > > test pasta/udp > > > > diff --git a/test/tasst/__init__.py b/test/tasst/__init__.py > > > > index fd4fe9a8..f5386b3a 100644 > > > > --- a/test/tasst/__init__.py > > > > +++ b/test/tasst/__init__.py > > > > @@ -8,3 +8,7 @@ > > > > # > > > > # Copyright Red Hat > > > > # Author: David Gibson > > > > + > > > > +from . import pasta > > > > + > > > > +__all__ = ['pasta'] > > > > diff --git a/test/tasst/pasta.py b/test/tasst/pasta.py > > > > new file mode 100644 > > > > index 00000000..91f59036 > > > > --- /dev/null > > > > +++ b/test/tasst/pasta.py > > > > @@ -0,0 +1,40 @@ > > > > +#! /usr/bin/env python3 > > > > +# > > > > +# SPDX-License-Identifier: GPL-2.0-or-later > > > > +# > > > > +# TASST - Test A Simple Socket Transport > > > > +# > > > > +# test/tasst/pasta.py - Helpers for seeting up pasta instances > > > > +# > > > > +# Copyright Red Hat > > > > +# Author: David Gibson > > > > + > > > > +import contextlib > > > > +import os > > > > +from typing import Iterator > > > > + > > > > +import tunbridge > > > > + > > > > + > > > > +@contextlib.contextmanager > > > > +def pasta(host: tunbridge.Site, guest: tunbridge.Site, *opts: str) \ > > > > + -> Iterator[tunbridge.site.SiteProcess]: > > > > + if tunbridge.unshare.parent(guest) is not host: > > > > + raise ValueError("pasta guest must be a namespace under host site") > > > > + > > > > + # This implies guest is a namespace site > > > > + assert isinstance(guest, tunbridge.unshare.NsenterSite) > > > > + > > > > + exe = os.environ['PASTA'] > > > > + > > > > + with host.tempdir() as piddir: > > > > + pidfile = os.path.join(piddir, 'pasta.pid') > > > > + cmd = [exe, '-f', '-P', pidfile] + list(opts) + [f'{guest.pid}'] > > > > + with host.bg(*cmd, stop=True) as pasta: > > > > + # Wait for the PID file to be written > > > > + pidstr = None > > > > + while not pidstr: > > > > + pidstr = host.readfile(pidfile, check=False) > > > > + pid = int(pidstr) > > > > + print(f'pasta started, host: {host}, guest: {guest}, pid: {pid}') > > > > + yield pasta > > > > > > ...perhaps we could also print version and path. > > > > Path I can easily add. Version would require an extra invocation of > > pasta, which I don't really want to do. > > Ah, right, never mind. The path will be good enough for that. > > > > This part also looks > > > quite readable and intuitive to me without having looked into tunbridge > > > recently. > > > > Ok, that's promising. > > I mean, I think it's all usable for the moment, and perhaps a starting > point for some other kind of... front-end? I'm not sure. As I mentioned > I'm a bit worried about the potential for universal intuitiveness and > usability. So am I, but I have to weigh it against being able to re-use both tests and setups without having to re-express both in each case. -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson