Fix documentation: correct comm() usage, XDP types, copyright year, and add uv support

Co-authored-by: r41k0u <76248539+r41k0u@users.noreply.github.com>

docs/user-guide/decorators.md

@@ -108,12 +108,13 @@ def trace_open_return(ctx):
 For network packet processing at the earliest point:
 
 ```python
-from ctypes import c_uint32
+from pythonbpf.helper import XDP_PASS
+from ctypes import c_void_p, c_int64
 
 @section("xdp")
-def xdp_prog(ctx: c_void_p) -> c_uint32:
-    # XDP_PASS = 2, XDP_DROP = 1, XDP_ABORTED = 0
-    return c_uint32(2)
+def xdp_prog(ctx: c_void_p) -> c_int64:
+    # XDP_PASS, XDP_DROP, XDP_ABORTED constants available from pythonbpf.helper
+    return XDP_PASS
 ```
 
 #### TC (Traffic Control)
@@ -257,7 +258,8 @@ def track_processes(ctx: c_void_p) -> c_int64:
     event = ProcessEvent()
     event.timestamp = ktime()
     event.pid = pid()
-    event.comm = comm()
+    # Note: comm() requires a buffer parameter
+    # comm(event.comm)  # Fills event.comm with process name
     
     events.output(event)
     return c_int64(0)

docs/user-guide/helpers.md

@@ -39,14 +39,19 @@ from pythonbpf.helper import comm
 @bpf
 @section("tracepoint/syscalls/sys_enter_execve")
 def trace_exec(ctx: c_void_p) -> c_int64:
-    process_name = comm()
+    # comm requires a buffer to fill
+    process_name = str(16)
+    comm(process_name)
     print(f"Executing: {process_name}")
     return c_int64(0)
 ```
 
-**Returns:** `str(16)` - The command name of the current task
+**Parameters:**
+* `buf` - Buffer to fill with the process command name
 
-**Note:** The returned string is limited to 16 characters (TASK_COMM_LEN).
+**Returns:** `c_int64` - 0 on success, negative on error
+
+**Note:** The buffer should be at least 16 bytes (TASK_COMM_LEN) to hold the full command name.
 
 #### uid()
 
@@ -406,17 +411,16 @@ trace_pipe()
 
 ```python
 from pythonbpf import bpf, section, bpfglobal, BPF, trace_pipe
-from pythonbpf.helper import pid, comm, uid
+from pythonbpf.helper import pid, uid
 from ctypes import c_void_p, c_int64
 
 @bpf
 @section("tracepoint/syscalls/sys_enter_execve")
 def track_exec(ctx: c_void_p) -> c_int64:
     process_id = pid()
-    process_name = comm()
     user_id = uid()
     
-    print(f"User {user_id} started {process_name} (PID: {process_id})")
+    print(f"User {user_id} started process (PID: {process_id})")
     return c_int64(0)
 
 @bpf
@@ -477,7 +481,7 @@ for cpu, count in map_obj.items():
 
 ```python
 from pythonbpf import bpf, section, bpfglobal, BPF, trace_pipe
-from pythonbpf.helper import random, pid, comm
+from pythonbpf.helper import random, pid
 from ctypes import c_void_p, c_int64
 
 @bpf
@@ -486,8 +490,7 @@ def sample_opens(ctx: c_void_p) -> c_int64:
     # Sample 5% of events
     if (random() % 100) < 5:
         process_id = pid()
-        process_name = comm()
-        print(f"Sampled: {process_name} ({process_id}) opening file")
+        print(f"Sampled: PID {process_id} opening file")
     
     return c_int64(0)
 

docs/user-guide/maps.md

@@ -215,7 +215,8 @@ def log_exec(ctx: c_void_p) -> c_int64:
     event = ProcessEvent()
     event.timestamp = ktime()
     event.pid = pid()
-    event.comm = comm()
+    # Note: comm() requires a buffer parameter
+    # comm(event.comm)  # Fills event.comm with process name
     events.output(event)
     return c_int64(0)
 

docs/user-guide/structs.md

@@ -119,10 +119,11 @@ def capture_event(ctx: c_void_p) -> c_int64:
     # Set fields
     event.timestamp = ktime()
     event.pid = pid()
-    event.comm = comm()
+    # Note: comm() requires a buffer parameter to fill
+    # comm(event.comm)  # Fills event.comm with process name
     
     # Use the struct
-    print(f"Process {event.comm} with PID {event.pid}")
+    print(f"Process with PID {event.pid}")
     
     return c_int64(0)
 ```
@@ -204,7 +205,8 @@ def trace_fork(ctx: c_void_p) -> c_int64:
     event = ProcessEvent()
     event.timestamp = ktime()
     event.pid = pid()
-    event.comm = comm()
+    # Note: comm() requires a buffer parameter
+    # comm(event.comm)  # Fills event.comm with process name
     
     # Send to userspace
     events.output(event)
@@ -265,7 +267,8 @@ Assign values to fields:
 event = Event()
 event.timestamp = ktime()
 event.pid = pid()
-event.comm = comm()
+# Note: comm() requires a buffer parameter
+# comm(event.comm)  # Fills event.comm with process name
 ```
 
 ### String Fields
@@ -285,8 +288,8 @@ def example(ctx: c_void_p) -> c_int64:
     # Assign string value
     msg.text = "Hello from BPF"
     
-    # Use helper to get process name
-    msg.text = comm()
+    # Use helper to get process name (requires buffer)
+    # comm(msg.text)  # Fills msg.text with process name
     
     return c_int64(0)
 ```
@@ -316,6 +319,7 @@ class MyStruct:
 ```python
 from pythonbpf import bpf, struct, map, section
 from pythonbpf.maps import RingBuffer
+from pythonbpf.helper import ktime, XDP_PASS
 from ctypes import c_void_p, c_int64, c_uint8, c_uint16, c_uint32, c_uint64
 
 @bpf
@@ -336,7 +340,7 @@ def packets() -> RingBuffer:
 
 @bpf
 @section("xdp")
-def capture_packets(ctx: c_void_p) -> c_uint32:
+def capture_packets(ctx: c_void_p) -> c_int64:
     pkt = PacketEvent()
     pkt.timestamp = ktime()
     # Parse packet data from ctx...
@@ -344,7 +348,7 @@ def capture_packets(ctx: c_void_p) -> c_uint32:
     packets.output(pkt)
     
     # XDP_PASS
-    return c_uint32(2)
+    return XDP_PASS
 ```
 
 ### Process Lifecycle Tracking
@@ -377,7 +381,8 @@ def track_fork(ctx: c_void_p) -> c_int64:
     info = ProcessLifecycle()
     info.pid = process_id
     info.start_time = ktime()
-    info.comm = comm()
+    # Note: comm() requires a buffer parameter
+    # comm(info.comm)  # Fills info.comm with process name
     
     process_info.update(process_id, info)