summaryrefslogtreecommitdiff
path: root/internal/generate
diff options
context:
space:
mode:
Diffstat (limited to 'internal/generate')
-rw-r--r--internal/generate/codegen_test.go36
-rw-r--r--internal/generate/family_test.go11
-rw-r--r--internal/generate/retclassify_test.go10
-rw-r--r--internal/generate/testdata.go35
4 files changed, 92 insertions, 0 deletions
diff --git a/internal/generate/codegen_test.go b/internal/generate/codegen_test.go
index 68a372e..be94724 100644
--- a/internal/generate/codegen_test.go
+++ b/internal/generate/codegen_test.go
@@ -48,6 +48,42 @@ func TestGenerateModuleHandlers(t *testing.T) {
requireContains(t, finitOut, "ev->fd = (__s32)ctx->args[0];")
}
+// TestGenerateBindHandler locks in the generated BPF C for bind(2):
+//
+// int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
+//
+// bind assigns an address to a socket and returns 0 on success or -1 on error.
+// Its sockfd is at args[0], so the enter handler is a KindFd fd_event capturing
+// ev->fd = args[0] — matching its socket siblings connect/listen/accept/
+// getsockname/getpeername. The addr pointer (args[1]) and addrlen (args[2]) must
+// NOT be captured: bind reads no path and copies no userspace buffer we track.
+// The exit handler is a plain ret_event marked UNCLASSIFIED (0/-1, no byte
+// count), so it must not carry a READ/WRITE/TRANSFER classification.
+func TestGenerateBindHandler(t *testing.T) {
+ output := generateFromPair(t, FormatBind, FormatExitBind)
+
+ // Enter: KindFd fd_event capturing the sockfd from args[0].
+ requireContains(t, output, `SEC("tracepoint/syscalls/sys_enter_bind")`)
+ requireContains(t, output, "struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0);")
+ requireContains(t, output, "ev->event_type = ENTER_FD_EVENT;")
+ requireContains(t, output, "ev->trace_id = SYS_ENTER_BIND;")
+ requireContains(t, output, "ev->fd = (__s32)ctx->args[0];")
+
+ // Negative guards: the sockaddr pointer (args[1]) must never be read as a
+ // path/buffer, and addrlen (args[2]) must not be captured as another fd.
+ requireNotContains(t, output, "bpf_probe_read_user_str")
+ requireNotContains(t, output, "ev->fd = (__s32)ctx->args[1];")
+ requireNotContains(t, output, "ev->fd = (__s32)ctx->args[2];")
+
+ // Exit: plain ret_event, UNCLASSIFIED (bind returns 0/-1, no byte count).
+ requireContains(t, output, `SEC("tracepoint/syscalls/sys_exit_bind")`)
+ requireContains(t, output, "struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);")
+ requireContains(t, output, "ev->ret_type = UNCLASSIFIED;")
+ requireNotContains(t, output, "ev->ret_type = READ_CLASSIFIED;")
+ requireNotContains(t, output, "ev->ret_type = WRITE_CLASSIFIED;")
+ requireNotContains(t, output, "ev->ret_type = TRANSFER_CLASSIFIED;")
+}
+
func TestGeneratePidfdGetfdHandlerUsesPidfdArgument(t *testing.T) {
output := generateFromPair(t, FormatPidfdGetfd, FormatExitPidfdGetfd)
diff --git a/internal/generate/family_test.go b/internal/generate/family_test.go
index ee92740..d86cc4a 100644
--- a/internal/generate/family_test.go
+++ b/internal/generate/family_test.go
@@ -9,6 +9,17 @@ func TestClassifySyscallFamily(t *testing.T) {
}{
{"sys_enter_accept", FamilyNetwork},
{"sys_exit_accept", FamilyNetwork},
+ // bind(2) assigns an address to a socket; it is a socket-setup syscall and
+ // shares FamilyNetwork with its connect/listen/accept/getsockname/
+ // getpeername siblings. Assert both enter and exit (and the closest
+ // siblings) so a stray reclassification of any one trips this test. Keep in
+ // sync with the Network list in docs/syscall-tracing-plan.md.
+ {"sys_enter_bind", FamilyNetwork},
+ {"sys_exit_bind", FamilyNetwork},
+ {"sys_enter_connect", FamilyNetwork},
+ {"sys_enter_listen", FamilyNetwork},
+ {"sys_enter_getsockname", FamilyNetwork},
+ {"sys_enter_getpeername", FamilyNetwork},
{"sys_enter_pipe2", FamilyIPC},
{"sys_enter_munmap", FamilyMemory},
// process_madvise(2) gives memory advice (MADV_COLD/PAGEOUT/...) about
diff --git a/internal/generate/retclassify_test.go b/internal/generate/retclassify_test.go
index 29e2b0f..f26d803 100644
--- a/internal/generate/retclassify_test.go
+++ b/internal/generate/retclassify_test.go
@@ -99,6 +99,16 @@ func TestClassifyRetUnclassified(t *testing.T) {
// exit must stay UNCLASSIFIED (plain ret_event), exactly like its
// pid/tid-returning Process siblings setsid/getsid/getpid/getppid above.
"set_tid_address",
+ // bind(2) assigns an address to a socket and returns int 0 on success or
+ // -1 on error — a status code, NOT a transferred byte count. Its exit must
+ // stay UNCLASSIFIED (plain ret_event), exactly like its socket-setup
+ // siblings connect/listen/getsockname/getpeername (asserted alongside it),
+ // so it is never mistaken for a recvfrom/sendto-style byte transfer.
+ "bind",
+ "connect",
+ "listen",
+ "getsockname",
+ "getpeername",
}
for _, name := range unclassified {
if got := ClassifyRet("sys_exit_" + name); got != Unclassified {
diff --git a/internal/generate/testdata.go b/internal/generate/testdata.go
index 6555fc7..f26234f 100644
--- a/internal/generate/testdata.go
+++ b/internal/generate/testdata.go
@@ -2156,3 +2156,38 @@ format:
print fmt: "0x%lx", REC->ret
`
+
+// FormatBind / FormatExitBind mirror the real kernel tracepoint format for
+// bind(2): int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen).
+// The leading "fd" field (sockfd at args[0]) makes it a KindFd fd_event; the
+// addr pointer and addrlen must NOT be captured. On exit bind returns 0/-1,
+// which is UNCLASSIFIED (a plain ret_event, no read/write/transfer byte count).
+const FormatBind = `name: sys_enter_bind
+ID: 1843
+format:
+ field:unsigned short common_type; offset:0; size:2; signed:0;
+ field:unsigned char common_flags; offset:2; size:1; signed:0;
+ field:unsigned char common_preempt_count; offset:3; size:1; signed:0;
+ field:int common_pid; offset:4; size:4; signed:1;
+
+ field:int __syscall_nr; offset:8; size:4; signed:1;
+ field:int fd; offset:16; size:8; signed:0;
+ field:struct sockaddr * umyaddr; offset:24; size:8; signed:0;
+ field:int addrlen; offset:32; size:8; signed:0;
+
+print fmt: "fd: 0x%08lx, umyaddr: 0x%08lx, addrlen: 0x%08lx", ((unsigned long)(REC->fd)), ((unsigned long)(REC->umyaddr)), ((unsigned long)(REC->addrlen))
+`
+
+const FormatExitBind = `name: sys_exit_bind
+ID: 1842
+format:
+ field:unsigned short common_type; offset:0; size:2; signed:0;
+ field:unsigned char common_flags; offset:2; size:1; signed:0;
+ field:unsigned char common_preempt_count; offset:3; size:1; signed:0;
+ field:int common_pid; offset:4; size:4; signed:1;
+
+ field:int __syscall_nr; offset:8; size:4; signed:1;
+ field:long ret; offset:16; size:8; signed:1;
+
+print fmt: "0x%lx", REC->ret
+`
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-16 21:32:31 +0000