summaryrefslogtreecommitdiff
path: root/internal/generate/codegen_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/generate/codegen_test.go')
-rw-r--r--internal/generate/codegen_test.go39
1 files changed, 39 insertions, 0 deletions
diff --git a/internal/generate/codegen_test.go b/internal/generate/codegen_test.go
index be94724..baf47d1 100644
--- a/internal/generate/codegen_test.go
+++ b/internal/generate/codegen_test.go
@@ -84,6 +84,45 @@ func TestGenerateBindHandler(t *testing.T) {
requireNotContains(t, output, "ev->ret_type = TRANSFER_CLASSIFIED;")
}
+// TestGenerateGetsocknameHandler locks in the generated BPF C for getsockname(2):
+//
+// int getsockname(int sockfd, struct sockaddr *addr, socklen_t *addrlen)
+//
+// getsockname returns the local address a socket is bound to and yields 0 on
+// success or -1 on error. Its sockfd is at args[0], so the enter handler is a
+// KindFd fd_event capturing ev->fd = args[0] — matching its socket siblings
+// bind/connect/listen/accept/getpeername. The addr output pointer (args[1]) and
+// the addrlen in/out pointer (args[2]) must NOT be captured: getsockname reads
+// no path and copies no userspace buffer we track. The exit handler is a plain
+// ret_event marked UNCLASSIFIED (0/-1, no byte count), so it must not carry a
+// READ/WRITE/TRANSFER classification — guarding against any mistaken
+// recvfrom/sendto-style byte-transfer accounting.
+func TestGenerateGetsocknameHandler(t *testing.T) {
+ output := generateFromPair(t, FormatGetsockname, FormatExitGetsockname)
+
+ // Enter: KindFd fd_event capturing the sockfd from args[0].
+ requireContains(t, output, `SEC("tracepoint/syscalls/sys_enter_getsockname")`)
+ requireContains(t, output, "struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0);")
+ requireContains(t, output, "ev->event_type = ENTER_FD_EVENT;")
+ requireContains(t, output, "ev->trace_id = SYS_ENTER_GETSOCKNAME;")
+ requireContains(t, output, "ev->fd = (__s32)ctx->args[0];")
+
+ // Negative guards: the sockaddr output pointer (args[1]) must never be read
+ // as a path/buffer, and the addrlen pointer (args[2]) must not be captured as
+ // another fd.
+ requireNotContains(t, output, "bpf_probe_read_user_str")
+ requireNotContains(t, output, "ev->fd = (__s32)ctx->args[1];")
+ requireNotContains(t, output, "ev->fd = (__s32)ctx->args[2];")
+
+ // Exit: plain ret_event, UNCLASSIFIED (getsockname returns 0/-1, no byte count).
+ requireContains(t, output, `SEC("tracepoint/syscalls/sys_exit_getsockname")`)
+ requireContains(t, output, "struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);")
+ requireContains(t, output, "ev->ret_type = UNCLASSIFIED;")
+ requireNotContains(t, output, "ev->ret_type = READ_CLASSIFIED;")
+ requireNotContains(t, output, "ev->ret_type = WRITE_CLASSIFIED;")
+ requireNotContains(t, output, "ev->ret_type = TRANSFER_CLASSIFIED;")
+}
+
func TestGeneratePidfdGetfdHandlerUsesPidfdArgument(t *testing.T) {
output := generateFromPair(t, FormatPidfdGetfd, FormatExitPidfdGetfd)
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-16 08:35:50 +0000