b7 classify sysv ipc ids and ops

author: Paul Buetow <paul@buetow.org> 2026-05-21 17:48:51 +0300
committer: Paul Buetow <paul@buetow.org> 2026-05-21 17:48:51 +0300
commit: e06f421493bc1c95e787b0f49dd655863e7baf81 (patch)
tree: b6b8a59e4326b0b723cd35f1ec2ad46600778c9a /internal
parent: 11394edddbb8f02208edb18e06ae40b6912742f4 (diff)
10 files changed, 147 insertions, 45 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c
index f1602e5..70f25ab 100644
--- a/internal/c/generated_tracepoints.c
+++ b/internal/c/generated_tracepoints.c
@@ -2773,7 +2773,7 @@ int handle_sys_exit_mq_getsetattr(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_shmget is a struct null_event (kind=null)
+/// sys_enter_shmget is a struct null_event (kind=sysv-id)
 SEC("tracepoint/syscalls/sys_enter_shmget")
 int handle_sys_enter_shmget(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -2823,7 +2823,7 @@ int handle_sys_exit_shmget(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_shmctl is a struct null_event (kind=null)
+/// sys_enter_shmctl is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_shmctl")
 int handle_sys_enter_shmctl(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -2873,7 +2873,7 @@ int handle_sys_exit_shmctl(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_shmat is a struct null_event (kind=null)
+/// sys_enter_shmat is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_shmat")
 int handle_sys_enter_shmat(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -2923,7 +2923,7 @@ int handle_sys_exit_shmat(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_shmdt is a struct null_event (kind=null)
+/// sys_enter_shmdt is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_shmdt")
 int handle_sys_enter_shmdt(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -2973,7 +2973,7 @@ int handle_sys_exit_shmdt(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_semget is a struct null_event (kind=null)
+/// sys_enter_semget is a struct null_event (kind=sysv-id)
 SEC("tracepoint/syscalls/sys_enter_semget")
 int handle_sys_enter_semget(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3023,7 +3023,7 @@ int handle_sys_exit_semget(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_semctl is a struct null_event (kind=null)
+/// sys_enter_semctl is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_semctl")
 int handle_sys_enter_semctl(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3073,7 +3073,7 @@ int handle_sys_exit_semctl(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_semtimedop is a struct null_event (kind=null)
+/// sys_enter_semtimedop is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_semtimedop")
 int handle_sys_enter_semtimedop(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3123,7 +3123,7 @@ int handle_sys_exit_semtimedop(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_semop is a struct null_event (kind=null)
+/// sys_enter_semop is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_semop")
 int handle_sys_enter_semop(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3173,7 +3173,7 @@ int handle_sys_exit_semop(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_msgget is a struct null_event (kind=null)
+/// sys_enter_msgget is a struct null_event (kind=sysv-id)
 SEC("tracepoint/syscalls/sys_enter_msgget")
 int handle_sys_enter_msgget(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3223,7 +3223,7 @@ int handle_sys_exit_msgget(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_msgctl is a struct null_event (kind=null)
+/// sys_enter_msgctl is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_msgctl")
 int handle_sys_enter_msgctl(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3273,7 +3273,7 @@ int handle_sys_exit_msgctl(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_msgsnd is a struct null_event (kind=null)
+/// sys_enter_msgsnd is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_msgsnd")
 int handle_sys_enter_msgsnd(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3297,7 +3297,7 @@ int handle_sys_enter_msgsnd(struct syscall_trace_enter *ctx) {
     return 0;
 }
 
-/// sys_exit_msgsnd is a struct ret_event (UNCLASSIFIED) (kind=ret)
+/// sys_exit_msgsnd is a struct ret_event (WRITE_CLASSIFIED) (kind=ret)
 SEC("tracepoint/syscalls/sys_exit_msgsnd")
 int handle_sys_exit_msgsnd(struct syscall_trace_exit *ctx) {
     __u32 pid, tid;
@@ -3317,13 +3317,13 @@ int handle_sys_exit_msgsnd(struct syscall_trace_exit *ctx) {
     ev->tid = tid;
     ev->time = bpf_ktime_get_boot_ns();
     ev->ret = ctx->ret;
-    ev->ret_type = UNCLASSIFIED;
+    ev->ret_type = WRITE_CLASSIFIED;
 
     bpf_ringbuf_submit(ev, 0);
     return 0;
 }
 
-/// sys_enter_msgrcv is a struct null_event (kind=null)
+/// sys_enter_msgrcv is a struct null_event (kind=sysv-op)
 SEC("tracepoint/syscalls/sys_enter_msgrcv")
 int handle_sys_enter_msgrcv(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -3347,7 +3347,7 @@ int handle_sys_enter_msgrcv(struct syscall_trace_enter *ctx) {
     return 0;
 }
 
-/// sys_exit_msgrcv is a struct ret_event (UNCLASSIFIED) (kind=ret)
+/// sys_exit_msgrcv is a struct ret_event (READ_CLASSIFIED) (kind=ret)
 SEC("tracepoint/syscalls/sys_exit_msgrcv")
 int handle_sys_exit_msgrcv(struct syscall_trace_exit *ctx) {
     __u32 pid, tid;
@@ -3367,7 +3367,7 @@ int handle_sys_exit_msgrcv(struct syscall_trace_exit *ctx) {
     ev->tid = tid;
     ev->time = bpf_ktime_get_boot_ns();
     ev->ret = ctx->ret;
-    ev->ret_type = UNCLASSIFIED;
+    ev->ret_type = READ_CLASSIFIED;
 
     bpf_ringbuf_submit(ev, 0);
     return 0;
diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt
index 5c13a75..f822594 100644
--- a/internal/c/generated_tracepoints_result.txt
+++ b/internal/c/generated_tracepoints_result.txt
@@ -183,10 +183,10 @@ sys_enter_mq_timedsend is a struct fd_event (kind=fd)
 sys_enter_mq_unlink is a struct path_event (kind=pathname)
 sys_enter_mremap is a struct mem_event (kind=mem)
 sys_enter_mseal is a struct mem_event (kind=mem)
-sys_enter_msgctl is a struct null_event (kind=null)
-sys_enter_msgget is a struct null_event (kind=null)
-sys_enter_msgrcv is a struct null_event (kind=null)
-sys_enter_msgsnd is a struct null_event (kind=null)
+sys_enter_msgctl is a struct null_event (kind=sysv-op)
+sys_enter_msgget is a struct null_event (kind=sysv-id)
+sys_enter_msgrcv is a struct null_event (kind=sysv-op)
+sys_enter_msgsnd is a struct null_event (kind=sysv-op)
 sys_enter_msync is a struct null_event (kind=null)
 sys_enter_munlock is a struct mem_event (kind=mem)
 sys_enter_munlockall is a struct null_event (kind=null)
@@ -275,10 +275,10 @@ sys_enter_sched_setscheduler is a struct null_event (kind=null)
 sys_enter_sched_yield is a struct null_event (kind=null)
 sys_enter_seccomp is a struct null_event (kind=seccomp)
 sys_enter_select is a struct poll_event (kind=poll)
-sys_enter_semctl is a struct null_event (kind=null)
-sys_enter_semget is a struct null_event (kind=null)
-sys_enter_semop is a struct null_event (kind=null)
-sys_enter_semtimedop is a struct null_event (kind=null)
+sys_enter_semctl is a struct null_event (kind=sysv-op)
+sys_enter_semget is a struct null_event (kind=sysv-id)
+sys_enter_semop is a struct null_event (kind=sysv-op)
+sys_enter_semtimedop is a struct null_event (kind=sysv-op)
 sys_enter_sendfile64 is a struct null_event (kind=null)
 sys_enter_sendmmsg is a struct fd_event (kind=fd)
 sys_enter_sendmsg is a struct fd_event (kind=fd)
@@ -308,10 +308,10 @@ sys_enter_settimeofday is a struct null_event (kind=null)
 sys_enter_setuid is a struct null_event (kind=null)
 sys_enter_setxattr is a struct path_event (kind=pathname)
 sys_enter_setxattrat is a struct path_event (kind=pathname)
-sys_enter_shmat is a struct null_event (kind=null)
-sys_enter_shmctl is a struct null_event (kind=null)
-sys_enter_shmdt is a struct null_event (kind=null)
-sys_enter_shmget is a struct null_event (kind=null)
+sys_enter_shmat is a struct null_event (kind=sysv-op)
+sys_enter_shmctl is a struct null_event (kind=sysv-op)
+sys_enter_shmdt is a struct null_event (kind=sysv-op)
+sys_enter_shmget is a struct null_event (kind=sysv-id)
 sys_enter_shutdown is a struct fd_event (kind=fd)
 sys_enter_sigaltstack is a struct null_event (kind=null)
 sys_enter_signalfd is a struct eventfd_event (kind=eventfd)
@@ -552,8 +552,8 @@ sys_exit_mremap is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_mseal is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_msgctl is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_msgget is a struct ret_event (UNCLASSIFIED) (kind=ret)
-sys_exit_msgrcv is a struct ret_event (UNCLASSIFIED) (kind=ret)
-sys_exit_msgsnd is a struct ret_event (UNCLASSIFIED) (kind=ret)
+sys_exit_msgrcv is a struct ret_event (READ_CLASSIFIED) (kind=ret)
+sys_exit_msgsnd is a struct ret_event (WRITE_CLASSIFIED) (kind=ret)
 sys_exit_msync is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_munlock is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_munlockall is a struct ret_event (UNCLASSIFIED) (kind=ret)
diff --git a/internal/generate/classify.go b/internal/generate/classify.go
index 4ab63ad..9c37646 100644
--- a/internal/generate/classify.go
+++ b/internal/generate/classify.go
@@ -33,6 +33,8 @@ const (
 	KindPerfOpen
 	KindSeccomp
 	KindModule
+	KindSysVId
+	KindSysVOp
 )
 
 func (k TracepointKind) MetadataName() string {
@@ -91,6 +93,10 @@ func (k TracepointKind) MetadataName() string {
 		return "seccomp"
 	case KindModule:
 		return "module"
+	case KindSysVId:
+		return "sysv-id"
+	case KindSysVOp:
+		return "sysv-op"
 	default:
 		return "none"
 	}
@@ -332,6 +338,30 @@ func classifyNameOnly(name string) (ClassificationResult, bool) {
 		return ClassificationResult{Kind: KindModule}, true
 	case "sys_exit_delete_module":
 		return ClassificationResult{Kind: KindModule}, true
+	case "sys_enter_msgget":
+		return ClassificationResult{Kind: KindSysVId}, true
+	case "sys_enter_semget":
+		return ClassificationResult{Kind: KindSysVId}, true
+	case "sys_enter_shmget":
+		return ClassificationResult{Kind: KindSysVId}, true
+	case "sys_enter_msgsnd":
+		return ClassificationResult{Kind: KindSysVOp}, true
+	case "sys_enter_msgrcv":
+		return ClassificationResult{Kind: KindSysVOp}, true
+	case "sys_enter_msgctl":
+		return ClassificationResult{Kind: KindSysVOp}, true
+	case "sys_enter_semop":
+		return ClassificationResult{Kind: KindSysVOp}, true
+	case "sys_enter_semtimedop":
+		return ClassificationResult{Kind: KindSysVOp}, true
+	case "sys_enter_semctl":
+		return ClassificationResult{Kind: KindSysVOp}, true
+	case "sys_enter_shmat":
+		return ClassificationResult{Kind: KindSysVOp}, true
+	case "sys_enter_shmdt":
+		return ClassificationResult{Kind: KindSysVOp}, true
+	case "sys_enter_shmctl":
+		return ClassificationResult{Kind: KindSysVOp}, true
 	case "sys_enter_pidfd_send_signal":
 		return ClassificationResult{Kind: KindFd}, true
 	case "sys_enter_kexec_file_load":
@@ -650,6 +680,7 @@ var retClassifications = map[string]RetClassification{
 	"readv":            ReadClassified,
 	"recvmsg":          ReadClassified,
 	"recvfrom":         ReadClassified,
+	"msgrcv":           ReadClassified,
 	"getrandom":        ReadClassified,
 	"syslog":           ReadClassified,
 	"mq_timedreceive":  ReadClassified,
@@ -666,6 +697,7 @@ var retClassifications = map[string]RetClassification{
 	"pwritev2":          WriteClassified,
 	"sendmsg":           WriteClassified,
 	"sendto":            WriteClassified,
+	"msgsnd":            WriteClassified,
 	"write":             WriteClassified,
 	"writev":            WriteClassified,
 	"mq_timedsend":      WriteClassified,
diff --git a/internal/generate/classify_test.go b/internal/generate/classify_test.go
index b35f1b1..364de2c 100644
--- a/internal/generate/classify_test.go
+++ b/internal/generate/classify_test.go
@@ -906,6 +906,41 @@ func TestClassifyE7NullNameOnlyKinds(t *testing.T) {
 	}
 }
 
+func TestClassifyB7NameOnlyKinds(t *testing.T) {
+	tests := []struct {
+		name string
+		want TracepointKind
+	}{
+		{"sys_enter_msgget", KindSysVId},
+		{"sys_enter_semget", KindSysVId},
+		{"sys_enter_shmget", KindSysVId},
+		{"sys_enter_msgsnd", KindSysVOp},
+		{"sys_enter_msgrcv", KindSysVOp},
+		{"sys_enter_msgctl", KindSysVOp},
+		{"sys_enter_semop", KindSysVOp},
+		{"sys_enter_semtimedop", KindSysVOp},
+		{"sys_enter_semctl", KindSysVOp},
+		{"sys_enter_shmat", KindSysVOp},
+		{"sys_enter_shmdt", KindSysVOp},
+		{"sys_enter_shmctl", KindSysVOp},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := ClassifyFormat(&Format{
+				Name: tt.name,
+				ExternalFields: []Field{
+					{Type: "long", Name: "__syscall_nr"},
+					{Type: "long", Name: "arg0"},
+				},
+			})
+			if r.Kind != tt.want {
+				t.Fatalf("%s: got kind %d, want %d", tt.name, r.Kind, tt.want)
+			}
+		})
+	}
+}
+
 func TestClassifyAcctPathname(t *testing.T) {
 	r := ClassifyFormat(&Format{
 		Name: "sys_enter_acct",
@@ -1123,6 +1158,18 @@ func TestClassifySyscallPairAccepted(t *testing.T) {
 		{"seccomp", syntheticEnter("seccomp", 9368), syntheticExit("seccomp", 9367), KindSeccomp},
 		{"init_module", syntheticEnter("init_module", 9370), syntheticExit("init_module", 9369), KindModule},
 		{"delete_module", syntheticEnter("delete_module", 9372), syntheticExit("delete_module", 9371), KindModule},
+		{"msgget", syntheticEnter("msgget", 9394), syntheticExit("msgget", 9393), KindSysVId},
+		{"semget", syntheticEnter("semget", 9396), syntheticExit("semget", 9395), KindSysVId},
+		{"shmget", syntheticEnter("shmget", 9398), syntheticExit("shmget", 9397), KindSysVId},
+		{"msgsnd", syntheticEnter("msgsnd", 9400), syntheticExit("msgsnd", 9399), KindSysVOp},
+		{"msgrcv", syntheticEnter("msgrcv", 9402), syntheticExit("msgrcv", 9401), KindSysVOp},
+		{"msgctl", syntheticEnter("msgctl", 9404), syntheticExit("msgctl", 9403), KindSysVOp},
+		{"semop", syntheticEnter("semop", 9406), syntheticExit("semop", 9405), KindSysVOp},
+		{"semtimedop", syntheticEnter("semtimedop", 9408), syntheticExit("semtimedop", 9407), KindSysVOp},
+		{"semctl", syntheticEnter("semctl", 9410), syntheticExit("semctl", 9409), KindSysVOp},
+		{"shmat", syntheticEnter("shmat", 9412), syntheticExit("shmat", 9411), KindSysVOp},
+		{"shmdt", syntheticEnter("shmdt", 9414), syntheticExit("shmdt", 9413), KindSysVOp},
+		{"shmctl", syntheticEnter("shmctl", 9416), syntheticExit("shmctl", 9415), KindSysVOp},
 		{"mount", FormatMount, FormatExitMount, KindPathname},
 		{"umount", FormatUmount, FormatExitUmount, KindPathname},
 		{"move_mount", FormatMoveMount, FormatExitMoveMount, KindTwoFd},
diff --git a/internal/generate/codegen_test.go b/internal/generate/codegen_test.go
index 2b9f9e2..c431f5c 100644
--- a/internal/generate/codegen_test.go
+++ b/internal/generate/codegen_test.go
@@ -584,6 +584,8 @@ func TestGenerateAllEventTypes(t *testing.T) {
 		{KindPerfOpen, "ENTER_PERF_OPEN_EVENT", "EXIT_PERF_OPEN_EVENT"},
 		{KindSeccomp, "ENTER_NULL_EVENT", "EXIT_NULL_EVENT"},
 		{KindModule, "ENTER_NULL_EVENT", "EXIT_NULL_EVENT"},
+		{KindSysVId, "ENTER_NULL_EVENT", "EXIT_NULL_EVENT"},
+		{KindSysVOp, "ENTER_NULL_EVENT", "EXIT_NULL_EVENT"},
 	}
 
 	for _, tt := range tests {
@@ -628,6 +630,8 @@ func TestEventStructNames(t *testing.T) {
 		{KindPerfOpen, "perf_open_event"},
 		{KindSeccomp, "null_event"},
 		{KindModule, "null_event"},
+		{KindSysVId, "null_event"},
+		{KindSysVOp, "null_event"},
 	}
 
 	for _, tt := range tests {
@@ -646,7 +650,7 @@ func TestEnterReject(t *testing.T) {
 		t.Error("KindNone should be enter-rejected")
 	}
 
-	accepted := []TracepointKind{KindFd, KindOpen, KindMqOpen, KindExec, KindPathname, KindName, KindFcntl, KindNull, KindDup3, KindOpenByHandleAt, KindSocket, KindSocketpair, KindAccept, KindPipe, KindEventfd, KindPidfd, KindEpollCtl, KindTwoFd, KindPoll, KindMem, KindSleep, KindKeyctl, KindPtrace, KindPerfOpen, KindSeccomp, KindModule}
+	accepted := []TracepointKind{KindFd, KindOpen, KindMqOpen, KindExec, KindPathname, KindName, KindFcntl, KindNull, KindDup3, KindOpenByHandleAt, KindSocket, KindSocketpair, KindAccept, KindPipe, KindEventfd, KindPidfd, KindEpollCtl, KindTwoFd, KindPoll, KindMem, KindSleep, KindKeyctl, KindPtrace, KindPerfOpen, KindSeccomp, KindModule, KindSysVId, KindSysVOp}
 	for _, k := range accepted {
 		if isEnterRejected(k) {
 			t.Errorf("kind %d should NOT be enter-rejected", k)
diff --git a/internal/generate/kindregistry.go b/internal/generate/kindregistry.go
index 0ce4d2b..8f83e69 100644
--- a/internal/generate/kindregistry.go
+++ b/internal/generate/kindregistry.go
@@ -43,6 +43,8 @@ var kindRegistry = map[TracepointKind]kindMeta{
 	KindPerfOpen:       {structName: "perf_open_event", enterAccepted: true},
 	KindSeccomp:        {structName: "null_event", enterAccepted: true},
 	KindModule:         {structName: "null_event", enterAccepted: true},
+	KindSysVId:         {structName: "null_event", enterAccepted: true},
+	KindSysVOp:         {structName: "null_event", enterAccepted: true},
 	// KindNone is intentionally absent: it represents "unclassified" and is
 	// never enter-accepted. lookupKind returns the zero kindMeta (enterAccepted=false)
 	// for any unregistered kind, so KindNone is implicitly rejected.
diff --git a/internal/generate/retclassify_test.go b/internal/generate/retclassify_test.go
index 4e9655b..04120ee 100644
--- a/internal/generate/retclassify_test.go
+++ b/internal/generate/retclassify_test.go
@@ -7,7 +7,7 @@ func TestClassifyRetRead(t *testing.T) {
 		"fgetxattr", "flistxattr", "getdents", "getdents64", "getxattr",
 		"lgetxattr", "listxattr", "llistxattr", "pread64", "preadv",
 		"preadv2", "process_vm_readv", "read", "readlink", "readlinkat",
-		"readv", "recvmsg", "recvfrom", "syslog", "mq_timedreceive", "getrandom",
+		"readv", "recvmsg", "recvfrom", "syslog", "mq_timedreceive", "getrandom", "msgrcv",
 	}
 	for _, name := range reads {
 		if got := ClassifyRet("sys_exit_" + name); got != ReadClassified {
@@ -19,7 +19,7 @@ func TestClassifyRetRead(t *testing.T) {
 func TestClassifyRetWrite(t *testing.T) {
 	writes := []string{
 		"process_vm_writev", "pwrite64", "pwritev", "pwritev2",
-		"sendmsg", "sendto", "write", "writev", "mq_timedsend",
+		"sendmsg", "sendto", "write", "writev", "mq_timedsend", "msgsnd",
 	}
 	for _, name := range writes {
 		if got := ClassifyRet("sys_exit_" + name); got != WriteClassified {
diff --git a/internal/generate/tracepointsgo_test.go b/internal/generate/tracepointsgo_test.go
index ee15b81..25de0b1 100644
--- a/internal/generate/tracepointsgo_test.go
+++ b/internal/generate/tracepointsgo_test.go
@@ -132,6 +132,7 @@ sys_enter_open_by_handle_at is a struct open_by_handle_at_event
 sys_enter_mq_open is a struct mq_open_event
 sys_enter_epoll_ctl is a struct epoll_ctl_event
 sys_enter_pidfd_open is a struct eventfd_event (kind=pidfd)
+sys_enter_msgsnd is a struct null_event (kind=sysv-op)
 `
 	output, err := ExtractTracepointsWithKinds(strings.NewReader(sampleGeneratedC), strings.NewReader(kindData))
 	if err != nil {
@@ -142,4 +143,5 @@ sys_enter_pidfd_open is a struct eventfd_event (kind=pidfd)
 	requireContains(t, output, `"mq_open": "mq-open",`)
 	requireContains(t, output, `"epoll_ctl": "epoll-ctl",`)
 	requireContains(t, output, `"pidfd_open": "pidfd",`)
+	requireContains(t, output, `"msgsnd": "sysv-op",`)
 }
diff --git a/internal/tracepoints/dimension_selector_test.go b/internal/tracepoints/dimension_selector_test.go
index 2ca65c6..c952e67 100644
--- a/internal/tracepoints/dimension_selector_test.go
+++ b/internal/tracepoints/dimension_selector_test.go
@@ -108,6 +108,21 @@ func TestParseSelectorWithDimensionsSeccompKindOnly(t *testing.T) {
 	}
 }
 
+func TestParseSelectorWithDimensionsSysVOpKindOnly(t *testing.T) {
+	sel, err := ParseSelectorWithDimensions("", "", DimensionSelectorConfig{
+		TraceKinds: "sysv-op",
+	})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if !sel.ShouldAttach("sys_enter_msgsnd") {
+		t.Fatal("expected msgsnd to be attached for sysv-op kind")
+	}
+	if sel.ShouldAttach("sys_enter_openat") {
+		t.Fatal("expected openat to be excluded when only sysv-op kind is enabled")
+	}
+}
+
 func TestParseSelectorWithDimensionsSyscallOnly(t *testing.T) {
 	sel, err := ParseSelectorWithDimensions("", "", DimensionSelectorConfig{
 		TraceSyscalls: "openat",
diff --git a/internal/tracepoints/generated_tracepoints.go b/internal/tracepoints/generated_tracepoints.go
index b90bcdf..12261c6 100644
--- a/internal/tracepoints/generated_tracepoints.go
+++ b/internal/tracepoints/generated_tracepoints.go
@@ -1294,10 +1294,10 @@ var syscallKinds = map[string]string{
 	"mq_unlink":               "pathname",
 	"mremap":                  "mem",
 	"mseal":                   "mem",
-	"msgctl":                  "null",
-	"msgget":                  "null",
-	"msgrcv":                  "null",
-	"msgsnd":                  "null",
+	"msgctl":                  "sysv-op",
+	"msgget":                  "sysv-id",
+	"msgrcv":                  "sysv-op",
+	"msgsnd":                  "sysv-op",
 	"msync":                   "null",
 	"munlock":                 "mem",
 	"munlockall":              "null",
@@ -1386,10 +1386,10 @@ var syscallKinds = map[string]string{
 	"sched_yield":             "null",
 	"seccomp":                 "seccomp",
 	"select":                  "poll",
-	"semctl":                  "null",
-	"semget":                  "null",
-	"semop":                   "null",
-	"semtimedop":              "null",
+	"semctl":                  "sysv-op",
+	"semget":                  "sysv-id",
+	"semop":                   "sysv-op",
+	"semtimedop":              "sysv-op",
 	"sendfile64":              "null",
 	"sendmmsg":                "fd",
 	"sendmsg":                 "fd",
@@ -1419,10 +1419,10 @@ var syscallKinds = map[string]string{
 	"setuid":                  "null",
 	"setxattr":                "pathname",
 	"setxattrat":              "pathname",
-	"shmat":                   "null",
-	"shmctl":                  "null",
-	"shmdt":                   "null",
-	"shmget":                  "null",
+	"shmat":                   "sysv-op",
+	"shmctl":                  "sysv-op",
+	"shmdt":                   "sysv-op",
+	"shmget":                  "sysv-id",
 	"shutdown":                "fd",
 	"sigaltstack":             "null",
 	"signalfd":                "eventfd",
author	Paul Buetow <paul@buetow.org>	2026-05-21 17:48:51 +0300
committer	Paul Buetow <paul@buetow.org>	2026-05-21 17:48:51 +0300
commit	e06f421493bc1c95e787b0f49dd655863e7baf81 (patch)
tree	b6b8a59e4326b0b723cd35f1ec2ad46600778c9a /internal
parent	11394edddbb8f02208edb18e06ae40b6912742f4 (diff)