67 add seccomp and module trace kinds

4 files changed, 57 insertions, 1 deletions

diff --git a/internal/generate/classify.go b/internal/generate/classify.go
index 0bfac0c..fdffdeb 100644
--- a/internal/generate/classify.go
+++ b/internal/generate/classify.go
@@ -31,6 +31,8 @@ const (
 	KindKeyctl
 	KindPtrace
 	KindPerfOpen
+	KindSeccomp
+	KindModule
 )
 
 func (k TracepointKind) MetadataName() string {
@@ -85,6 +87,10 @@ func (k TracepointKind) MetadataName() string {
 		return "ptrace"
 	case KindPerfOpen:
 		return "perf-open"
+	case KindSeccomp:
+		return "seccomp"
+	case KindModule:
+		return "module"
 	default:
 		return "none"
 	}
@@ -314,6 +320,18 @@ func classifyNameOnly(name string) (ClassificationResult, bool) {
 		return ClassificationResult{Kind: KindPtrace}, true
 	case "sys_enter_perf_event_open":
 		return ClassificationResult{Kind: KindPerfOpen}, true
+	case "sys_enter_seccomp":
+		return ClassificationResult{Kind: KindSeccomp}, true
+	case "sys_exit_seccomp":
+		return ClassificationResult{Kind: KindSeccomp}, true
+	case "sys_enter_init_module":
+		return ClassificationResult{Kind: KindModule}, true
+	case "sys_exit_init_module":
+		return ClassificationResult{Kind: KindModule}, true
+	case "sys_enter_delete_module":
+		return ClassificationResult{Kind: KindModule}, true
+	case "sys_exit_delete_module":
+		return ClassificationResult{Kind: KindModule}, true
 	case "sys_enter_pidfd_send_signal":
 		return ClassificationResult{Kind: KindFd}, true
 	case "sys_enter_kexec_file_load":
diff --git a/internal/generate/classify_test.go b/internal/generate/classify_test.go
index 590b0bb..85a7863 100644
--- a/internal/generate/classify_test.go
+++ b/internal/generate/classify_test.go
@@ -721,6 +721,35 @@ func TestClassifyI7NameOnlyKinds(t *testing.T) {
 	}
 }
 
+func TestClassify67NameOnlyKinds(t *testing.T) {
+	tests := []struct {
+		name string
+		want TracepointKind
+	}{
+		{"sys_enter_seccomp", KindSeccomp},
+		{"sys_exit_seccomp", KindSeccomp},
+		{"sys_enter_init_module", KindModule},
+		{"sys_exit_init_module", KindModule},
+		{"sys_enter_delete_module", KindModule},
+		{"sys_exit_delete_module", KindModule},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := ClassifyFormat(&Format{
+				Name: tt.name,
+				ExternalFields: []Field{
+					{Type: "long", Name: "__syscall_nr"},
+					{Type: "long", Name: "arg0"},
+				},
+			})
+			if r.Kind != tt.want {
+				t.Fatalf("%s: got kind %d, want %d", tt.name, r.Kind, tt.want)
+			}
+		})
+	}
+}
+
 func TestClassifyMount(t *testing.T) {
 	r := classifyFromData(t, FormatMount)
 	if r.Kind != KindPathname {
@@ -919,6 +948,9 @@ func TestClassifySyscallPairAccepted(t *testing.T) {
 		{"request_key", syntheticEnter("request_key", 9204), syntheticExit("request_key", 9203), KindKeyctl},
 		{"ptrace", syntheticEnter("ptrace", 9206), syntheticExit("ptrace", 9205), KindPtrace},
 		{"perf_event_open", syntheticEnter("perf_event_open", 9208), syntheticExit("perf_event_open", 9207), KindPerfOpen},
+		{"seccomp", syntheticEnter("seccomp", 9368), syntheticExit("seccomp", 9367), KindSeccomp},
+		{"init_module", syntheticEnter("init_module", 9370), syntheticExit("init_module", 9369), KindModule},
+		{"delete_module", syntheticEnter("delete_module", 9372), syntheticExit("delete_module", 9371), KindModule},
 		{"mount", FormatMount, FormatExitMount, KindPathname},
 		{"umount", FormatUmount, FormatExitUmount, KindPathname},
 		{"move_mount", FormatMoveMount, FormatExitMoveMount, KindTwoFd},
diff --git a/internal/generate/codegen_test.go b/internal/generate/codegen_test.go
index 4faed24..2b9f9e2 100644
--- a/internal/generate/codegen_test.go
+++ b/internal/generate/codegen_test.go
@@ -582,6 +582,8 @@ func TestGenerateAllEventTypes(t *testing.T) {
 		{KindKeyctl, "ENTER_KEYCTL_EVENT", "EXIT_KEYCTL_EVENT"},
 		{KindPtrace, "ENTER_PTRACE_EVENT", "EXIT_PTRACE_EVENT"},
 		{KindPerfOpen, "ENTER_PERF_OPEN_EVENT", "EXIT_PERF_OPEN_EVENT"},
+		{KindSeccomp, "ENTER_NULL_EVENT", "EXIT_NULL_EVENT"},
+		{KindModule, "ENTER_NULL_EVENT", "EXIT_NULL_EVENT"},
 	}
 
 	for _, tt := range tests {
@@ -624,6 +626,8 @@ func TestEventStructNames(t *testing.T) {
 		{KindKeyctl, "keyctl_event"},
 		{KindPtrace, "ptrace_event"},
 		{KindPerfOpen, "perf_open_event"},
+		{KindSeccomp, "null_event"},
+		{KindModule, "null_event"},
 	}
 
 	for _, tt := range tests {
@@ -642,7 +646,7 @@ func TestEnterReject(t *testing.T) {
 		t.Error("KindNone should be enter-rejected")
 	}
 
-	accepted := []TracepointKind{KindFd, KindOpen, KindMqOpen, KindExec, KindPathname, KindName, KindFcntl, KindNull, KindDup3, KindOpenByHandleAt, KindSocket, KindSocketpair, KindAccept, KindPipe, KindEventfd, KindPidfd, KindEpollCtl, KindTwoFd, KindPoll, KindMem, KindSleep, KindKeyctl, KindPtrace, KindPerfOpen}
+	accepted := []TracepointKind{KindFd, KindOpen, KindMqOpen, KindExec, KindPathname, KindName, KindFcntl, KindNull, KindDup3, KindOpenByHandleAt, KindSocket, KindSocketpair, KindAccept, KindPipe, KindEventfd, KindPidfd, KindEpollCtl, KindTwoFd, KindPoll, KindMem, KindSleep, KindKeyctl, KindPtrace, KindPerfOpen, KindSeccomp, KindModule}
 	for _, k := range accepted {
 		if isEnterRejected(k) {
 			t.Errorf("kind %d should NOT be enter-rejected", k)
diff --git a/internal/generate/kindregistry.go b/internal/generate/kindregistry.go
index 9387e19..0ce4d2b 100644
--- a/internal/generate/kindregistry.go
+++ b/internal/generate/kindregistry.go
@@ -41,6 +41,8 @@ var kindRegistry = map[TracepointKind]kindMeta{
 	KindKeyctl:         {structName: "keyctl_event", enterAccepted: true},
 	KindPtrace:         {structName: "ptrace_event", enterAccepted: true},
 	KindPerfOpen:       {structName: "perf_open_event", enterAccepted: true},
+	KindSeccomp:        {structName: "null_event", enterAccepted: true},
+	KindModule:         {structName: "null_event", enterAccepted: true},
 	// KindNone is intentionally absent: it represents "unclassified" and is
 	// never enter-accepted. lookupKind returns the zero kindMeta (enterAccepted=false)
 	// for any unregistered kind, so KindNone is implicitly rejected.