Skip to content

sock_hc: always report binds, regardless of analysis scope#85

Merged
lacraig2 merged 1 commit into
mainfrom
netbinds-always-report
Jun 29, 2026
Merged

sock_hc: always report binds, regardless of analysis scope#85
lacraig2 merged 1 commit into
mainfrom
netbinds-always-report

Conversation

@lacraig2

Copy link
Copy Markdown
Contributor

What

Removes the igloo_in_scope gates on igloo_sock_bind / igloo_sock_release so netbinds always reports, for every process — including Penguin's own infrastructure (vpnguin/console/gdbserver/guesthopper).

Why

The firmware-scoping feature (igloo_driver #84) gated bind emission by UTS-namespace membership, which silently dropped infra binds from netbinds.csv. That broke the indiv_debug+gdbserver test (gdbserver is launched as infra, so its 0.0.0.0:1234 bind never appeared) and, more importantly, hid useful bind visibility for Penguin's own services.

We're keeping syscall/exec scoping (that's the noise we actually want gone) but bind visibility should be unconditional.

Scope

  • scope.c, igloo_in_scope, SET_SCOPE_ENABLED, and the per-hook scope_filter path are untouched — syscall/exec scoping still works.
  • Only the two sock gates (+ a now-unused scope.h include) are removed.

Pairs with penguin (shell-coverage moves to a busybox env-marker; pin bump) and busybox (env-gated coverage) changes.

The netbinds logger should capture every bind/release, including Penguin's
own infrastructure (vpnguin/console/gdbserver, etc.). Remove the
igloo_in_scope gates added with the scope feature so bind visibility is no
longer tied to the firmware subtree. Syscall/exec scoping (scope.c,
igloo_in_scope, the per-hook scope_filter) is unchanged.
@lacraig2 lacraig2 merged commit 6554a33 into main Jun 29, 2026
1 check passed
@lacraig2 lacraig2 deleted the netbinds-always-report branch June 29, 2026 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant