Skip to content

Tracelog lib: missing switch cases for KEYWORD_PROCESS#317

Merged
kumarvin123 merged 1 commit intomainfrom
user/vinodko/TraceLog
Mar 2, 2026
Merged

Tracelog lib: missing switch cases for KEYWORD_PROCESS#317
kumarvin123 merged 1 commit intomainfrom
user/vinodko/TraceLog

Conversation

@kumarvin123
Copy link
Copy Markdown
Contributor

@kumarvin123 kumarvin123 commented Mar 2, 2026
edited
Loading

Description

Bug fix addressing missing switch cases for KEYWORD_PROCESS in the tracelog library.

#FIXES #63

PR Summary
This pull request updates the tracelog library by adding the missing CASE_PROCESS entries to various logging switch statements, ensuring proper handling of process-related events.

libs/ebpf_ext/ebpf_ext_tracelog.c: Added CASE_PROCESS cases in functions handling NT status failures, message strings, and numeric logging.
libs/ebpf_ext/ebpf_ext_tracelog.c: Tweaked function declaration formatting for consistency.

Describe the purpose of and changes within this Pull Request.

Testing

Do any existing tests cover this change? Are new tests needed?
Existing CI/CD tests

Documentation

Is there any documentation impact for this change?
No

Installation

No
Is there any installer impact for this change?

Copilot AI review requested due to automatic review settings March 2, 2026 22:46
Copilot AI reviewed Mar 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes missing TraceLogging keyword handling for process-related events in the eBPF extension tracelog helper, ensuring EBPF_EXT_TRACELOG_KEYWORD_PROCESS is correctly routed through existing logging switch macros.

Changes:

  • Add CASE_PROCESS branches to multiple keyword switch macros so process keyword logs are emitted for NTSTATUS failures and message/value logging.
  • Minor formatting consistency adjustments in the tracelog implementation (per PR description).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread libs/ebpf_ext/ebpf_ext_tracelog.c
@kumarvin123 kumarvin123 merged commit 63c2030 into main Mar 2, 2026
29 checks passed
@github-project-automation github-project-automation Bot moved this from Todo to Done in eBPF for Windows Triage Mar 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@LakshK98 LakshK98 LakshK98 approved these changes

@Alan-Jowett Alan-Jowett Awaiting requested review from Alan-Jowett Alan-Jowett is a code owner

@matthewige matthewige Awaiting requested review from matthewige matthewige is a code owner

@mikeagun mikeagun Awaiting requested review from mikeagun mikeagun is a code owner

@mtfriesen mtfriesen Awaiting requested review from mtfriesen mtfriesen is a code owner

@poornagmsft poornagmsft Awaiting requested review from poornagmsft poornagmsft is a code owner

@saxena-anurag saxena-anurag Awaiting requested review from saxena-anurag saxena-anurag is a code owner

@shankarseal shankarseal Awaiting requested review from shankarseal shankarseal is a code owner

Assignees

No one assigned

Labels

None yet

Projects

eBPF for Windows Triage
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Tracelog lib: missing switch cases for KEYWORD_PROCESS.

3 participants

@kumarvin123 @LakshK98