Fix packet and security event handling in ring buffer demo. Inline event data population replaces separate event construction function, improving clarity and performance.

Author: congwang-mk

examples/ringbuf_demo.ks

@@ -57,20 +57,6 @@ fn get_timestamp() -> u64 {
   return 1234567890  // Demo timestamp - would be bpf_ktime_get_ns() in real code
 }
 
-@helper  
-fn get_packet_info(ctx: *xdp_md) -> NetworkEvent {
-  var event = NetworkEvent {
-    timestamp: get_timestamp(),
-    event_type: 1,  // PACKET_RECEIVED
-    src_ip: 0x7f000001,  // 127.0.0.1
-    dst_ip: 0x7f000002,  // 127.0.0.2  
-    port: 80,
-    protocol: 6,  // TCP
-    packet_size: 64,
-  }
-  return event
-}
-
 // XDP program that generates network events
 @xdp fn network_monitor(ctx: *xdp_md) -> xdp_action {
   var key: u32 = 0
@@ -84,8 +70,16 @@ fn get_packet_info(ctx: *xdp_md) -> NetworkEvent {
   // Try to reserve space in ring buffer
   var reserved = network_events.reserve()
   if (reserved != null) {
-    // Successfully reserved space - build event and submit
-    // For now, just submit the reserved space
+    // Successfully reserved space - populate event data inline
+    reserved->timestamp = get_timestamp()
+    reserved->event_type = 1  // PACKET_RECEIVED
+    reserved->src_ip = 0x7f000001  // 127.0.0.1
+    reserved->dst_ip = 0x7f000002  // 127.0.0.2
+    reserved->port = 80
+    reserved->protocol = 6  // TCP
+    reserved->packet_size = 64
+    
+    // Submit the populated event
     network_events.submit(reserved)
     stat.events_submitted = stat.events_submitted + 1
   } else {
@@ -101,7 +95,14 @@ fn get_packet_info(ctx: *xdp_md) -> NetworkEvent {
 @kprobe("sys_openat") fn security_monitor(dfd: i32, filename: *u8, flags: i32, mode: u16) -> i32 {
   var reserved = security_events.reserve()
   if (reserved != null) {
-    // Successfully reserved space - submit the event
+    // Successfully reserved space - populate security event inline
+    reserved->timestamp = get_timestamp()
+    reserved->severity = 2  // Medium severity
+    reserved->event_id = 1001  // FILE_OPEN event
+    reserved->pid = 1234  // Demo PID
+    // Note: In real code, would copy actual message data
+    
+    // Submit the populated event
     security_events.submit(reserved)
   } else {
     // Handle full buffer - could discard or try alternative logging
@@ -116,23 +117,23 @@ fn get_packet_info(ctx: *xdp_md) -> NetworkEvent {
 // Event handler for network events
 fn network_event_handler(event: *NetworkEvent) -> i32 {
   print("Network Event:")
-  print("  Timestamp: ", event->timestamp)
-  print("  Type: ", event->event_type)
-  print("  Source IP: ", event->src_ip)
-  print("  Destination IP: ", event->dst_ip)
-  print("  Port: ", event->port)
-  print("  Protocol: ", event->protocol)
-  print("  Packet Size: ", event->packet_size)
+  print("  Timestamp: %llu", event->timestamp)
+  print("  Type: %u", event->event_type)
+  print("  Source IP: %u", event->src_ip)
+  print("  Destination IP: %u", event->dst_ip)
+  print("  Port: %u", event->port)
+  print("  Protocol: %u", event->protocol)
+  print("  Packet Size: %u", event->packet_size)
   return 0
 }
 
 // Event handler for security events  
 fn security_event_handler(event: *SecurityEvent) -> i32 {
   print("Security Event:")
-  print("  Timestamp: ", event->timestamp)
-  print("  Severity: ", event->severity)
-  print("  Event ID: ", event->event_id)
-  print("  PID: ", event->pid)
+  print("  Timestamp: %llu", event->timestamp)
+  print("  Severity: %u", event->severity)
+  print("  Event ID: %u", event->event_id)
+  print("  PID: %u", event->pid)
   print("  Message: [security event]")
   return 0
 }