b7 classify sysv ipc ids and ops

author: Paul Buetow <paul@buetow.org> 2026-05-21 17:48:51 +0300
committer: Paul Buetow <paul@buetow.org> 2026-05-21 17:48:51 +0300
commit: e06f421493bc1c95e787b0f49dd655863e7baf81 (patch)
tree: b6b8a59e4326b0b723cd35f1ec2ad46600778c9a /internal/c
parent: 11394edddbb8f02208edb18e06ae40b6912742f4 (diff)
2 files changed, 30 insertions, 30 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c
index f1602e5..70f25ab 100644
--- a/internal/c/generated_tracepoints.c
+++ b/internal/c/generated_tracepoints.c
@@ -2773,7 +2773,7 @@ int handle_sys_exit_mq_getsetattr(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_shmget is a struct null_event (kind=null)
+/// sys_enter_shmget is a struct null_event (kind=sysv-id)
 SEC("tracepoint/syscalls/sys_enter_shmget")
 int handle_sys_enter_shmget(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -2823,7 +2823,7 @@ int handle_sys_exit_shmget(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_shmctl is a struct null_event (kind=null)
+/// sys_enter_shmctl is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_shmctl")
 int handle_sys_enter_shmctl(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -2873,7 +2873,7 @@ int handle_sys_exit_shmctl(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_shmat is a struct null_event (kind=null)
+/// sys_enter_shmat is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_shmat")
 int handle_sys_enter_shmat(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -2923,7 +2923,7 @@ int handle_sys_exit_shmat(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_shmdt is a struct null_event (kind=null)
+/// sys_enter_shmdt is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_shmdt")
 int handle_sys_enter_shmdt(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -2973,7 +2973,7 @@ int handle_sys_exit_shmdt(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_semget is a struct null_event (kind=null)
+/// sys_enter_semget is a struct null_event (kind=sysv-id)
 SEC("tracepoint/syscalls/sys_enter_semget")
 int handle_sys_enter_semget(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3023,7 +3023,7 @@ int handle_sys_exit_semget(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_semctl is a struct null_event (kind=null)
+/// sys_enter_semctl is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_semctl")
 int handle_sys_enter_semctl(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3073,7 +3073,7 @@ int handle_sys_exit_semctl(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_semtimedop is a struct null_event (kind=null)
+/// sys_enter_semtimedop is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_semtimedop")
 int handle_sys_enter_semtimedop(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3123,7 +3123,7 @@ int handle_sys_exit_semtimedop(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_semop is a struct null_event (kind=null)
+/// sys_enter_semop is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_semop")
 int handle_sys_enter_semop(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3173,7 +3173,7 @@ int handle_sys_exit_semop(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_msgget is a struct null_event (kind=null)
+/// sys_enter_msgget is a struct null_event (kind=sysv-id)
 SEC("tracepoint/syscalls/sys_enter_msgget")
 int handle_sys_enter_msgget(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3223,7 +3223,7 @@ int handle_sys_exit_msgget(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_msgctl is a struct null_event (kind=null)
+/// sys_enter_msgctl is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_msgctl")
 int handle_sys_enter_msgctl(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3273,7 +3273,7 @@ int handle_sys_exit_msgctl(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_msgsnd is a struct null_event (kind=null)
+/// sys_enter_msgsnd is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_msgsnd")
 int handle_sys_enter_msgsnd(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3297,7 +3297,7 @@ int handle_sys_enter_msgsnd(struct syscall_trace_enter *ctx) {
     return 0;
 }
 
-/// sys_exit_msgsnd is a struct ret_event (UNCLASSIFIED) (kind=ret)
+/// sys_exit_msgsnd is a struct ret_event (WRITE_CLASSIFIED) (kind=ret)
 SEC("tracepoint/syscalls/sys_exit_msgsnd")
 int handle_sys_exit_msgsnd(struct syscall_trace_exit *ctx) {
     __u32 pid, tid;
@@ -3317,13 +3317,13 @@ int handle_sys_exit_msgsnd(struct syscall_trace_exit *ctx) {
     ev->tid = tid;
     ev->time = bpf_ktime_get_boot_ns();
     ev->ret = ctx->ret;
-    ev->ret_type = UNCLASSIFIED;
+    ev->ret_type = WRITE_CLASSIFIED;
 
     bpf_ringbuf_submit(ev, 0);
     return 0;
 }
 
-/// sys_enter_msgrcv is a struct null_event (kind=null)
+/// sys_enter_msgrcv is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_msgrcv")
 int handle_sys_enter_msgrcv(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3347,7 +3347,7 @@ int handle_sys_enter_msgrcv(struct syscall_trace_enter *ctx) {
     return 0;
 }
 
-/// sys_exit_msgrcv is a struct ret_event (UNCLASSIFIED) (kind=ret)
+/// sys_exit_msgrcv is a struct ret_event (READ_CLASSIFIED) (kind=ret)
 SEC("tracepoint/syscalls/sys_exit_msgrcv")
 int handle_sys_exit_msgrcv(struct syscall_trace_exit *ctx) {
     __u32 pid, tid;
@@ -3367,7 +3367,7 @@ int handle_sys_exit_msgrcv(struct syscall_trace_exit *ctx) {
     ev->tid = tid;
     ev->time = bpf_ktime_get_boot_ns();
     ev->ret = ctx->ret;
-    ev->ret_type = UNCLASSIFIED;
+    ev->ret_type = READ_CLASSIFIED;
 
     bpf_ringbuf_submit(ev, 0);
     return 0;
diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt
index 5c13a75..f822594 100644
--- a/internal/c/generated_tracepoints_result.txt
+++ b/internal/c/generated_tracepoints_result.txt
@@ -183,10 +183,10 @@ sys_enter_mq_timedsend is a struct fd_event (kind=fd)
 sys_enter_mq_unlink is a struct path_event (kind=pathname)
 sys_enter_mremap is a struct mem_event (kind=mem)
 sys_enter_mseal is a struct mem_event (kind=mem)
-sys_enter_msgctl is a struct null_event (kind=null)
-sys_enter_msgget is a struct null_event (kind=null)
-sys_enter_msgrcv is a struct null_event (kind=null)
-sys_enter_msgsnd is a struct null_event (kind=null)
+sys_enter_msgctl is a struct null_event (kind=sysv-op)
+sys_enter_msgget is a struct null_event (kind=sysv-id)
+sys_enter_msgrcv is a struct null_event (kind=sysv-op)
+sys_enter_msgsnd is a struct null_event (kind=sysv-op)
 sys_enter_msync is a struct null_event (kind=null)
 sys_enter_munlock is a struct mem_event (kind=mem)
 sys_enter_munlockall is a struct null_event (kind=null)
@@ -275,10 +275,10 @@ sys_enter_sched_setscheduler is a struct null_event (kind=null)
 sys_enter_sched_yield is a struct null_event (kind=null)
 sys_enter_seccomp is a struct null_event (kind=seccomp)
 sys_enter_select is a struct poll_event (kind=poll)
-sys_enter_semctl is a struct null_event (kind=null)
-sys_enter_semget is a struct null_event (kind=null)
-sys_enter_semop is a struct null_event (kind=null)
-sys_enter_semtimedop is a struct null_event (kind=null)
+sys_enter_semctl is a struct null_event (kind=sysv-op)
+sys_enter_semget is a struct null_event (kind=sysv-id)
+sys_enter_semop is a struct null_event (kind=sysv-op)
+sys_enter_semtimedop is a struct null_event (kind=sysv-op)
 sys_enter_sendfile64 is a struct null_event (kind=null)
 sys_enter_sendmmsg is a struct fd_event (kind=fd)
 sys_enter_sendmsg is a struct fd_event (kind=fd)
@@ -308,10 +308,10 @@ sys_enter_settimeofday is a struct null_event (kind=null)
 sys_enter_setuid is a struct null_event (kind=null)
 sys_enter_setxattr is a struct path_event (kind=pathname)
 sys_enter_setxattrat is a struct path_event (kind=pathname)
-sys_enter_shmat is a struct null_event (kind=null)
-sys_enter_shmctl is a struct null_event (kind=null)
-sys_enter_shmdt is a struct null_event (kind=null)
-sys_enter_shmget is a struct null_event (kind=null)
+sys_enter_shmat is a struct null_event (kind=sysv-op)
+sys_enter_shmctl is a struct null_event (kind=sysv-op)
+sys_enter_shmdt is a struct null_event (kind=sysv-op)
+sys_enter_shmget is a struct null_event (kind=sysv-id)
 sys_enter_shutdown is a struct fd_event (kind=fd)
 sys_enter_sigaltstack is a struct null_event (kind=null)
 sys_enter_signalfd is a struct eventfd_event (kind=eventfd)
@@ -552,8 +552,8 @@ sys_exit_mremap is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_mseal is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_msgctl is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_msgget is a struct ret_event (UNCLASSIFIED) (kind=ret)
-sys_exit_msgrcv is a struct ret_event (UNCLASSIFIED) (kind=ret)
-sys_exit_msgsnd is a struct ret_event (UNCLASSIFIED) (kind=ret)
+sys_exit_msgrcv is a struct ret_event (READ_CLASSIFIED) (kind=ret)
+sys_exit_msgsnd is a struct ret_event (WRITE_CLASSIFIED) (kind=ret)
 sys_exit_msync is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_munlock is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_munlockall is a struct ret_event (UNCLASSIFIED) (kind=ret)
author	Paul Buetow <paul@buetow.org>	2026-05-21 17:48:51 +0300
committer	Paul Buetow <paul@buetow.org>	2026-05-21 17:48:51 +0300
commit	e06f421493bc1c95e787b0f49dd655863e7baf81 (patch)
tree	b6b8a59e4326b0b723cd35f1ec2ad46600778c9a /internal/c
parent	11394edddbb8f02208edb18e06ae40b6912742f4 (diff)