@cilium/sig-datapath looking for your feedback on this one.

FWIW, I'll also provide my feedback.
Generally speaking, I like the idea of adding an alternative mechanism for BPF unit tests, which doesn't necessarily have to replace the existing one. I like the proposed infra, it is clear to understand and surprisingly simpler than I thought, nice!
Few concerns and inputs:

1. What about the community expertise/willing to review a different programming language? We could use gopacket, but for sure the result would be way more redundant than a 1-line Scapy definition...
2. Agree with all TODOs:
   • TODO1: sometimes we need to simulate L3 packets, so that's needed
   • TODO2: ok
   • TODO3: ok, but it would make having a separate .py file for packet definitions harder (unless indexing a map with test name + index). In any case, having a separate .py file for scapy packet definitions would benefit from linters/suggestions/completions, other than making checkpatch happy.
   • TODO4: definitively agree, I'd prefer a ringbuffer with custom testing events rather than trace pipe, more control and no need to worry if the pipe's already opened by a different process.
3. What's the maximum HD_MAX_BYTES before we hit a bpf complexity issue while dumping the hex? We might be interested also to overlay packets, and in that case at least 2*HD_MAX_BYTES is required.

I'll update my comment in case something else comes to my mind 🤔

@smagnani96 thx for the feedback, appreciated.

I like the proposed infra, it is clear to understand and surprisingly simpler than I thought, nice!

Thx. I think it can be polished slightly.

2. Agree with all TODOs:
   TODO1: sometimes we need to simulate L3 packets, so that's needed

Actually, it might just work today with any sort of buf. The macro comparing already takes an offset, so that should work also out of the box. I will double-check.

TODO3: ok, but it would make having a separate .py file for packet definitions harder (unless indexing a map with test name + index). In any case, having a separate .py file for scapy packet definitions would benefit from linters/suggestions/completions, other than making checkpatch happy.

Not sure I understood your comment; you would have a separate .py file per unit test. In the example:

tc_l2_announcement.py

That would be for v4 L2 announcement only (tc_l2_announcement.c)

3. What's the maximum HD_MAX_BYTES before we hit a bpf complexity issue while dumping the hex? We might be interested also to overlay packets, and in that case at least 2*HD_MAX_BYTES is required.

Bumping HD_MAX_BYTES to 128 might work for most of the programs, I didn't check.

We could could also only conditionally define HD_MAX_BYTES in hexdump.h so that you can define it before the inclusion (but then you have issues with multiple inclusions).

Agree with all TODOs:

• TODO1: sometimes we need to simulate L3 packets, so that's needed

Actually, it might just work today with any sort of buf. The macro comparing already takes an offset, so that should work also out of the box. I will double-check.

Yep, I was referring more of when dumping the packet in trace_diff_pkts.py https://github.com/msune/cilium/blob/63eecfb98263fb8ce53d5b0ecf38ad10a0a84e5b/bpf/tests/scapy/trace_diff_pkts.py#L36-L37:

        expected = Ether(bytes.fromhex(data["expected"]))
        got = Ether(bytes.fromhex(data["got"]))

Not sure I understood your comment; you would have a separate .py file per unit test. In the example:

Ha! Ok got it. I thought you wanted to make it even more granular, like specifying the buffer only locally to the CHECK function rather than locally to the whole test file.

We could could also only conditionally define HD_MAX_BYTES in hexdump.h so that you can define it before the inclusion (but then you have issues with multiple inclusions).

Or pass it as a const to the hexdump function, while also providing some pre-defined values (similarly as we do in the datapath for trace_payload_len / trace_payload_len_overlay)

Yep, I was referring more of when dumping the packet in trace_diff_pkts.py https://github.com/msune/cilium/blob/63eecfb98263fb8ce53d5b0ecf38ad10a0a84e5b/bpf/tests/scapy/trace_diff_pkts.py#L36-L37:

Yep, you are right, that's the part that is missing (I forgot). Let me think about options, but it might be as easy as to add the first expected Layer as part of the macro.

Ha! Ok got it. I thought you wanted to make it even more granular, like specifying the buffer only locally to the CHECK function rather than locally to the whole test file.

To be honest, today you can define them in pkt_constants.py and it works:

# Note: these replicate pktgen.h values
# TODO: it would be ideal to have a single source of truth for these values

...

tcp_svc_three = 53

default_data = "Should not change!!"

# Unit tests packet definitions below!

arp_req = Ether(dst=mac_bcast, src=mac_one)/ARP(op="who-has", psrc=v4_ext_one, pdst=v4_svc_one, hwsrc=mac_one, hwdst=mac_bcast)

scapy/parser.py imports this file, so these symbols are available on all unit tests.

TODO3 suggests to create one of these python "envs" with the packet definitions per unit test so that there are no possible conflicts. It's really a detail, because we could also continue to use a single pkt_constants.py (or use a better name for it), and simply prepend a unit test prefix to it, so that bpf/tests is not cluttered with python files. Either works for me.

Or pass it as a const to the hexdump function, while also providing some pre-defined values (similarly as we do in the datapath for trace_payload_len / trace_payload_len_overlay)

Let me look into it.

[...]

Ha! Ok got it. I thought you wanted to make it even more granular, like specifying the buffer only locally to the CHECK function rather than locally to the whole test file.

To be honest, today you can define them in pkt_constants.py and it works:

# Note: these replicate pktgen.h values
# TODO: it would be ideal to have a single source of truth for these values

...

tcp_svc_three = 53

default_data = "Should not change!!"

# Unit tests packet definitions below!

arp_req = Ether(dst=mac_bcast, src=mac_one)/ARP(op="who-has", psrc=v4_ext_one, pdst=v4_svc_one, hwsrc=mac_one, hwdst=mac_bcast)

scapy/parser.py imports this file, so these symbols are available on all unit tests.

TODO3 suggests to create one of these python "envs" with the packet definitions per unit test so that there are no possible conflicts. It's really a detail, because we could also continue to use a single pkt_constants.py (or use a better name for it), and simply prepend a unit test prefix to it, so that bpf/tests is not cluttered with python files. Either works for me.

Or pass it as a const to the hexdump function, while also providing some pre-defined values (similarly as we do in the datapath for trace_payload_len / trace_payload_len_overlay)

Overall I like the series! After the base is in, I presume other devs who want to use it won't have to touch the python parts, right?

I'd think we should probably convert all the packet builders with this work to simplify the code.

What would be great to improve imho is the macro namings, e.g. things like SCAPY_ASSERT_PKT_BUF, SCAPY_ASSERT_PKT_BUF_OFF, SCAPY_PKT_BUILDER.. maybe we can simplify the names a bit and add documentation for them with a small example. Right now one has to read the macros to understand what they are doing.

Small nit also wrt API: SCAPY_ASSERT_PKT_BUF_OFF has CTX as an arg, in the do {} while body we also use ctx. As I understand both are the same, but in some cases we use CTX and in others ctx? This feels prone to unexpected bugs, rather use (CTX) everywhere.

Overall I like the series! After the base is in, I presume other devs who want to use it won't have to touch the python parts, right?

Correct. The expectation is that no one has to write any Python code other than their packet definitions, e.g.:

arp_req = Ether(dst=mac_bcast, src=mac_one)/ARP(op="who-has", psrc=v4_ext_one, pdst=v4_svc_one, hwsrc=mac_one, hwdst=mac_bcast)

What would be great to improve imho is the macro namings, e.g. things like SCAPY_ASSERT_PKT_BUF, SCAPY_ASSERT_PKT_BUF_OFF, SCAPY_PKT_BUILDER.. maybe we can simplify the names

Fully agree. Not good at names, so any suggestions welcome.

a bit and add documentation for them with a small example. Right now one has to read the macros to understand what they are doing

I will certainly do that if we are in agreement it makes sense to be merged.

Small nit also wrt API: SCAPY_ASSERT_PKT_BUF_OFF has CTX as an arg, in the do {} while body we also use ctx. As I understand both are the same, but in some cases we use CTX and in others ctx? This feels prone to unexpected bugs, rather use (CTX) everywhere.

Good catch. Totally unintentional, should be CTX

Another side note -- no need to address in the first PR.
Sometimes in tests we do modify some ctx layer info within the same CHECK instead of writing a whole new test PKTGEN+CHECK. An example could be found here.
I'm wondering if it can make sense to add helpers to manipulate the ctx data on-the-fly, to avoid having to unpack and check pointers in C to modify some field (ex L4 ports).

Commits 75ff49d, 8f3ab89 do not match "(?m)^Signed-off-by:".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin

Adding a few extra bits for future enhancements.
I often find myself running specific tests only, via:

$ for f in classifiers_l3_dev classifiers_l2_dev; do make -C bpf/tests $f.o && go test ./bpf/tests/bpftest -bpf-test-path $pwd/bpf/tests -exec "sudo -E" -test $f -v; done

This will run only classifiers_l3_dev.c,classifiers_l2_dev.c, no need to build and run the whole tests.
However, that wouldn't be possible for bpf tests leveraging Scapy buffers: our Go bpftests doesn't automatically setup the needed infra as in the Makefile (trace pipe + parsing output).

I think one of these two can be added in a 2nd moment (I can even do it, preferring 1):

1. add a single-target run in the Makefile
2. make our GO bpftest to automatically setup the infra

Ready to merge:

• Dependency images/builder: add python3 scapy dependency (bis) #40874 merged
• Final run with To remove ... commits that show error logs here
• Final run without those commits here

/test

Checkpatch's failure is due to a warning about the use of trace_printk(), safe to ignore in the current case.

@smagnani96 I see you self-requested a review a few days ago, do you want to take another look or are you good with this PR?

@smagnani96 I see you self-requested a review a few days ago, do you want to take another look or are you good with this PR?

I'm reviewing this right now, was waiting for the force-pushes 🙏🏼

LGTM! Would probably create (if not done already) an GH issue to track possible TODOs and enhancements to this (e.g., the cocci script).

Will do once merged, thx!