Skip to content

kern/: refactor eBPF kernel code — extract headers, normalize style#955

Draft
Copilot wants to merge 2 commits intomasterfrom
copilot/refactor-ebpf-kernel-code
Draft

kern/: refactor eBPF kernel code — extract headers, normalize style#955
Copilot wants to merge 2 commits intomasterfrom
copilot/refactor-ebpf-kernel-code

Conversation

Copy link
Contributor

Copilot AI commented Mar 15, 2026
edited
Loading

Refactor the ./kern/ eBPF C code to separate declarations from implementations, eliminate dead code, and normalize style. bpf/*, boringssl*_kern.c, gnutls*_kern.c, and openssl*_kern.c are untouched.

Changes

  • New kern/nspr.h — extracts structs, BPF maps, and helper functions out of nspr_kern.c into a dedicated header, matching the pattern of openssl.h/gnutls.h. Renames generic ssl_* symbols to nspr_* to avoid collision with OpenSSL's identically-named types:

    // Before (all inlined in nspr_kern.c):
enum ssl_data_event_type { kSSLRead, kSSLWrite };
struct ssl_data_event_t { ... };
struct { ... } active_ssl_read_args_map SEC(".maps");
// ...

// After (nspr.h):
enum nspr_data_event_type { kNSPRRead, kNSPRWrite };
struct nspr_data_event_t { ... };
struct { ... } active_nspr_read_args_map SEC(".maps");

  • go_argument.h — all three helper functions (go_get_argument_by_reg, go_get_argument_by_stack, go_get_argument) changed from plain non-static definitions to static __always_inline, preventing multiple-definition errors if included in multiple translation units and following eBPF inline conventions.

  • zsh_kern.c — added the missing Apache 2.0 license header present in every other *_kern.c file.

  • Dead code removal — removed unused uid/current_uid_gid variable declarations (the corresponding structs have no uid field) from:

    • nspr_kern.c (all 4 probe functions)
    • mysqld_kern.c (all 4 probe functions)
    • openssl.h (kretprobe_connect, probe_SSL_set_fd)
    • bash_kern.c (uretprobe_bash_retval)

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

@cfc4n
Refactor kern/: extract nspr.h, fix go_argument.h, add license, remov…
d0aa056 
…e unused variables

Co-authored-by: cfc4n <709947+cfc4n@users.noreply.github.com>
Copilot AI changed the title [WIP] Refactor eBPF kernel code in ./kern/ directory kern/: refactor eBPF kernel code — extract headers, normalize style Mar 15, 2026
Copilot AI requested a review from cfc4n March 15, 2026 15:57
@github-actions
Copy link

github-actions bot commented Mar 15, 2026

✅ E2E Test Results: PASSED

Test Run: #23113892002

Tests Executed:

  • TLS/OpenSSL Module (curl → github.com)
  • GnuTLS Module (wget/curl → github.com)
  • GoTLS Module (Go client → github.com)

✅ All e2e tests passed successfully! The TLS capture functionality is working correctly.

Automated e2e test results for commit 97e54e6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfc4n cfc4n Awaiting requested review from cfc4n

At least 1 approving review is required to merge this pull request.

Assignees

@cfc4n cfc4n

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cfc4n