kevinveenbirkenbach/automtu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Docker MTU apply support and docker-ordered persistence

Browse Source 
https://chatgpt.com/share/69733e45-96ec-800f-9aad-0cac7306dedd
This commit is contained in:
Kevin Veen-Birkenbach
2026-01-23 10:53:29 +01:00
parent f534d025d0
commit fc5dee4dc0
11 changed files with 432 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
tests/unit/test_cli.py
View File

@@ -23,8 +23,7 @@ class TestCli(unittest.TestCase):
"1472",
"--pmtu-policy",
"median",
"--apply-egress-mtu",
"--apply-wg-mtu",
"--apply-all",
"--wg-if",
"wg0",
"--wg-overhead",
@@ -36,6 +35,8 @@ class TestCli(unittest.TestCase):
"1372",
"--force-egress-mtu",
"1452",
"--docker-if",
"docker0,br-123",
"--dry-run",
"--print-mtu",
"wg",
@@ -49,14 +50,22 @@ class TestCli(unittest.TestCase):
self.assertEqual(args.pmtu_min_payload, 1200)
self.assertEqual(args.pmtu_max_payload, 1472)
self.assertEqual(args.pmtu_policy, "median")
self.assertTrue(args.apply_egress_mtu)
self.assertTrue(args.apply_wg_mtu)
self.assertTrue(args.apply_all)
self.assertFalse(args.apply_egress_mtu) # apply_all expands in core()
self.assertFalse(args.apply_wg_mtu)
self.assertFalse(args.apply_docker_mtu)
self.assertEqual(args.wg_if, "wg0")
self.assertEqual(args.wg_overhead, 80)
self.assertEqual(args.wg_min, 1280)
self.assertTrue(args.auto_pmtu_from_wg)
self.assertEqual(args.set_wg_mtu, 1372)
self.assertEqual(args.force_egress_mtu, 1452)
self.assertEqual(args.docker_if, ["docker0,br-123"])
self.assertFalse(args.docker_no_user_bridges)
self.assertTrue(args.dry_run)
self.assertEqual(args.print_mtu, "wg")
self.assertFalse(args.print_json)

76
tests/unit/test_core.py
View File

@@ -22,10 +22,18 @@ class TestCore(unittest.TestCase):
pmtu_policy="min",
apply_egress_mtu=True,
apply_wg_mtu=True,
apply_docker_mtu=False,
apply_all=False,
docker_if=None,
docker_no_user_bridges=False,
wg_if="wg0",
wg_overhead=80,
wg_min=1280,
set_wg_mtu=None,
persist=None,
uninstall=False,
print_mtu=None,
print_json=False,
)
# PMTU probes: 1452 and 1500 -> min policy => 1452, effective=min(base(1500),1452)=1452
@@ -40,6 +48,7 @@ class TestCore(unittest.TestCase):
patch("automtu.core.wg_is_active", return_value=False),
patch("automtu.core.wg_peer_endpoints", return_value=[]),
patch("automtu.core.default_route_uses_iface", return_value=False),
patch("automtu.core.detect_docker_ifaces", return_value=[]),
):
buf = io.StringIO()
with redirect_stdout(buf):
@@ -52,10 +61,66 @@ class TestCore(unittest.TestCase):
self.assertIn("Selected Path MTU (policy=min): 1452", s)
self.assertIn("Computed wg0 MTU: 1372", s)
# apply egress and wg are both true -> two calls in order
mock_set.assert_any_call("eth0", 1452, True)
mock_set.assert_any_call("wg0", 1372, True)
def test_run_automtu_apply_all_includes_docker_bridge(self) -> None:
args = SimpleNamespace(
dry_run=True,
egress_if="eth0",
prefer_wg_egress=False,
force_egress_mtu=None,
pmtu_target=None,
auto_pmtu_from_wg=False,
pmtu_min_payload=1200,
pmtu_max_payload=1472,
pmtu_timeout=1.0,
pmtu_policy="min",
apply_egress_mtu=False,
apply_wg_mtu=False,
apply_docker_mtu=False,
apply_all=True, # expands in core()
docker_if=None,
docker_no_user_bridges=False,
wg_if="wg0",
wg_overhead=80,
wg_min=1280,
set_wg_mtu=None,
persist=None,
uninstall=False,
print_mtu=None,
print_json=False,
)
with (
patch("automtu.core.require_root", return_value=None),
patch(
"automtu.core.iface_exists",
side_effect=lambda name: name in {"eth0", "wg0", "docker0", "br-abc"},
),
patch("automtu.core.read_iface_mtu", return_value=1500),
patch("automtu.core.set_iface_mtu") as mock_set,
patch("automtu.core.wg_is_active", return_value=True),
patch(
"automtu.core.detect_docker_ifaces", return_value=["docker0", "br-abc"]
),
):
buf = io.StringIO()
with redirect_stdout(buf):
rc = run_automtu(args)
self.assertEqual(rc, 0)
# egress applied
mock_set.assert_any_call("eth0", 1500, True)
# wg applied (1500-80=1420)
mock_set.assert_any_call("wg0", 1420, True)
# docker applied
mock_set.assert_any_call("docker0", 1500, True)
mock_set.assert_any_call("br-abc", 1500, True)
def test_run_automtu_does_not_apply_wg_without_flag(self) -> None:
args = SimpleNamespace(
dry_run=True,
@@ -70,10 +135,18 @@ class TestCore(unittest.TestCase):
pmtu_policy="min",
apply_egress_mtu=False,
apply_wg_mtu=False,
apply_docker_mtu=False,
apply_all=False,
docker_if=None,
docker_no_user_bridges=False,
wg_if="wg0",
wg_overhead=80,
wg_min=1280,
set_wg_mtu=None,
persist=None,
uninstall=False,
print_mtu=None,
print_json=False,
)
with (
@@ -81,6 +154,7 @@ class TestCore(unittest.TestCase):
patch("automtu.core.iface_exists", return_value=True),
patch("automtu.core.read_iface_mtu", return_value=1500),
patch("automtu.core.set_iface_mtu") as mock_set,
patch("automtu.core.detect_docker_ifaces", return_value=[]),
):
buf = io.StringIO()
with redirect_stdout(buf):

49
tests/unit/test_docker.py Normal file
View File

@@ -0,0 +1,49 @@
import unittest
from unittest.mock import patch
import automtu.docker as docker
class TestDocker(unittest.TestCase):
def test_detect_docker_ifaces_explicit_dedup_and_drop_unknown(self) -> None:
# explicit args are repeatable and/or comma-separated
args = ["docker0,br-abc,unknown0", "br-abc,docker0"]
def fake_iface_exists(name: str) -> bool:
return name in {"docker0", "br-abc"} # unknown0 does not exist
with patch("automtu.docker.iface_exists", side_effect=fake_iface_exists):
got = docker.detect_docker_ifaces(args, include_user_bridges=True)
# preserve order, de-dup, drop unknown
self.assertEqual(got, ["docker0", "br-abc"])
def test_detect_docker_ifaces_auto_detect_docker0_only(self) -> None:
# no explicit args -> auto detect
def fake_iface_exists(name: str) -> bool:
return name == "docker0"
with patch("automtu.docker.iface_exists", side_effect=fake_iface_exists):
got = docker.detect_docker_ifaces(None, include_user_bridges=False)
self.assertEqual(got, ["docker0"])
def test_detect_docker_ifaces_auto_detect_includes_user_bridges(self) -> None:
# docker0 exists + br-* exists in list_ifaces -> included if include_user_bridges=True
def fake_iface_exists(name: str) -> bool:
return name in {"docker0", "br-abc"} # br-abc exists, br-nope does not
with (
patch("automtu.docker.iface_exists", side_effect=fake_iface_exists),
patch(
"automtu.docker.list_ifaces",
return_value=["lo", "eth0", "br-abc", "br-nope", "wg0"],
),
):
got = docker.detect_docker_ifaces(None, include_user_bridges=True)
self.assertEqual(got, ["docker0", "br-abc"])
if __name__ == "__main__":
unittest.main(verbosity=2)

15
tests/unit/test_net.py
View File

@@ -1,4 +1,5 @@
import unittest
from pathlib import Path
from unittest.mock import patch
import automtu.net as net
@@ -44,6 +45,20 @@ class TestNet(unittest.TestCase):
self.assertTrue(net.default_route_uses_iface("eth0"))
self.assertFalse(net.default_route_uses_iface("wg0"))
def test_list_ifaces_returns_sorted_names(self) -> None:
fake = [
Path("/sys/class/net/eth0"),
Path("/sys/class/net/lo"),
Path("/sys/class/net/wg0"),
]
with (
patch("automtu.net.pathlib.Path.exists", return_value=True),
patch("automtu.net.pathlib.Path.iterdir", return_value=fake),
patch.object(Path, "is_dir", return_value=True),
):
self.assertEqual(net.list_ifaces(), ["eth0", "lo", "wg0"])
if __name__ == "__main__":
unittest.main(verbosity=2)

93
tests/unit/test_persist.py
View File

@@ -23,7 +23,7 @@ class TestPersist(unittest.TestCase):
)
def test_strip_persist_args_removes_uninstall(self) -> None:
argv = ["automtu", "--persist", "systemd", "--uninstall", "--apply-wg-mtu"]
argv = ["automtu", "--persist", "docker", "--uninstall", "--apply-wg-mtu"]
self.assertEqual(
persist._strip_persist_args(argv),
["automtu", "--apply-wg-mtu"],
@@ -52,6 +52,43 @@ class TestPersist(unittest.TestCase):
"ExecStart=/usr/bin/automtu --auto-pmtu-from-wg --apply-wg-mtu", s
)
def test_persist_systemd_adds_docker_ordering_if_apply_docker_mtu_present(
self,
) -> None:
argv = ["automtu", "--apply-docker-mtu", "--persist", "systemd"]
with (
patch("automtu.persist.shutil.which", return_value="/usr/bin/automtu"),
patch("automtu.persist._SYSTEMD_UNIT_PATH", Path("/tmp/automtu.service")),
):
out = io.StringIO()
with redirect_stdout(out):
persist.persist_systemd(argv, dry=True)
s = out.getvalue()
self.assertIn("After=network-online.target docker.service", s)
self.assertIn("Wants=network-online.target docker.service", s)
def test_persist_docker_dry_run_prints_unit_with_docker_ordering(self) -> None:
argv = ["automtu", "--dry-run", "--persist", "docker"]
with (
patch("automtu.persist.shutil.which", return_value="/usr/bin/automtu"),
patch(
"automtu.persist._DOCKER_SYSTEMD_UNIT_PATH",
Path("/tmp/automtu-docker.service"),
),
):
out = io.StringIO()
with redirect_stdout(out):
persist.persist_docker(argv, dry=True)
s = out.getvalue()
self.assertIn("DRY-RUN", s)
self.assertIn("After=network-online.target docker.service", s)
self.assertIn("Wants=network-online.target docker.service", s)
self.assertIn("ExecStart=/usr/bin/automtu --dry-run", s)
def test_uninstall_systemd_dry_run_prints_actions(self) -> None:
with patch("automtu.persist._SYSTEMD_UNIT_PATH", Path("/tmp/automtu.service")):
out = io.StringIO()
@@ -62,52 +99,18 @@ class TestPersist(unittest.TestCase):
self.assertIn("DRY-RUN", s)
self.assertIn("systemctl disable", s)
def test_uninstall_systemd_runs_disable_and_removes_unit_when_present(self) -> None:
fake_path = Path("/tmp/automtu.service")
calls = []
def fake_run(cmd, check=False): # type: ignore[no-untyped-def]
calls.append((tuple(cmd), bool(check)))
with (
patch("automtu.persist._SYSTEMD_UNIT_PATH", fake_path),
patch("automtu.persist.subprocess.run", side_effect=fake_run),
patch.object(Path, "exists", return_value=True),
patch.object(Path, "unlink", return_value=None),
def test_uninstall_docker_dry_run_prints_actions(self) -> None:
with patch(
"automtu.persist._DOCKER_SYSTEMD_UNIT_PATH",
Path("/tmp/automtu-docker.service"),
):
persist.uninstall_systemd(dry=False)
out = io.StringIO()
with redirect_stdout(out):
persist.uninstall_docker(dry=True)
# Must disable unit and reload daemon
self.assertIn((("systemctl", "disable", "automtu.service"), True), calls)
self.assertIn((("systemctl", "daemon-reload"), True), calls)
def test_persist_systemd_writes_unit_and_enables(self) -> None:
argv = ["automtu", "--apply-wg-mtu", "--persist", "systemd"]
writes = {"text": None}
calls = []
def fake_write_text(self, txt, *args, **kwargs): # type: ignore[no-untyped-def]
writes["text"] = txt
return len(txt)
def fake_run(cmd, check=False): # type: ignore[no-untyped-def]
calls.append((tuple(cmd), bool(check)))
with (
patch("automtu.persist.shutil.which", return_value="/usr/bin/automtu"),
patch("automtu.persist._SYSTEMD_UNIT_PATH", Path("/tmp/automtu.service")),
patch.object(Path, "write_text", new=fake_write_text),
patch("automtu.persist.subprocess.run", side_effect=fake_run),
):
persist.persist_systemd(argv, dry=False)
self.assertIsNotNone(writes["text"])
self.assertIn("ExecStart=/usr/bin/automtu --apply-wg-mtu", writes["text"] or "")
self.assertIn((("systemctl", "daemon-reload"), True), calls)
self.assertIn((("systemctl", "enable", "automtu.service"), True), calls)
s = out.getvalue()
self.assertIn("DRY-RUN", s)
self.assertIn("automtu-docker.service", s)
if __name__ == "__main__":