Add store_through_chain

Adds support for globals
SO......
*I'm not merging this because it's complete, but because I don't want it to diverge from master too much.
*Stuff I still need to complete:
-> Structs and eval expressions in these globals.
-> handling the global keyword.
-> assigning back to the global and reading from inside a function.
-> Basically, `global` keyword in Python is used to write only and reading can be done directly without declaring as global as a direct assign without global declaration is going to diverge from Python.
-> The above logic is going to be supported by `global_sym_tab` generated using the new order of passes that we are doing.
-> This needs to be fixed and done ASAP to avoid conflicts. so yes, im  gonna do it soon.

.github/workflows/format.yml

@@ -12,8 +12,8 @@ jobs:
     name: Format
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-python@v5
+    - uses: actions/checkout@v5
+    - uses: actions/setup-python@v6
       with:
         python-version: "3.x"
     - uses: pre-commit/action@v3.0.1

TODO.md

@@ -4,9 +4,10 @@
 - Add all maps
 - XDP support in pylibbpf
 - ringbuf support
-- recursive expression resolution
+- Add oneline IfExpr conditionals (wishlist)
 
 ## Long term
 
 - Refactor the codebase to be better than a hackathon project
 - Port to C++ and use actual LLVM?
+- Fix struct_kioctx issue in the vmlinux transpiler

examples/kprobes.py

@@ -0,0 +1,27 @@
+from pythonbpf import bpf, section, bpfglobal, BPF
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("kretprobe/do_unlinkat")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    return c_int64(0)
+
+@bpf
+@section("kprobe/do_unlinkat")
+def hello_world2(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    return c_int64(0)
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+b = BPF()
+b.load_and_attach()
+while True:
+    print("running")
+# Now cat /sys/kernel/debug/tracing/trace_pipe to see results of unlink kprobe.

pythonbpf/assign_pass.py

@@ -0,0 +1,57 @@
+import ast
+import logging
+from llvmlite import ir
+from pythonbpf.expr import eval_expr
+
+logger = logging.getLogger(__name__)
+
+
+def handle_variable_assignment(
+    func, module, builder, var_name, rval, local_sym_tab, map_sym_tab, structs_sym_tab
+):
+    """Handle single named variable assignment."""
+
+    if var_name not in local_sym_tab:
+        logger.error(f"Variable {var_name} not declared.")
+        return False
+
+    var_ptr = local_sym_tab[var_name].var
+    var_type = local_sym_tab[var_name].ir_type
+
+    # NOTE: Special case for struct initialization
+    if isinstance(rval, ast.Call) and isinstance(rval.func, ast.Name):
+        struct_name = rval.func.id
+        if struct_name in structs_sym_tab and len(rval.args) == 0:
+            struct_info = structs_sym_tab[struct_name]
+            ir_struct = struct_info.ir_type
+
+            builder.store(ir.Constant(ir_struct, None), var_ptr)
+            logger.info(f"Initialized struct {struct_name} for variable {var_name}")
+            return True
+
+    val_result = eval_expr(
+        func, module, builder, rval, local_sym_tab, map_sym_tab, structs_sym_tab
+    )
+    if val_result is None:
+        logger.error(f"Failed to evaluate value for {var_name}")
+        return False
+
+    val, val_type = val_result
+    if val_type != var_type:
+        if isinstance(val_type, ir.IntType) and isinstance(var_type, ir.IntType):
+            # Allow implicit int widening
+            if val_type.width < var_type.width:
+                val = builder.sext(val, var_type)
+                logger.info(f"Implicitly widened int for variable {var_name}")
+            elif val_type.width > var_type.width:
+                val = builder.trunc(val, var_type)
+                logger.info(f"Implicitly truncated int for variable {var_name}")
+        else:
+            logger.error(
+                f"Type mismatch for variable {var_name}: {val_type} vs {var_type}"
+            )
+            return False
+
+    builder.store(val, var_ptr)
+    logger.info(f"Assigned value to variable {var_name}")
+    return True

pythonbpf/binary_ops.py

@@ -6,38 +6,57 @@ import logging
 logger: Logger = logging.getLogger(__name__)
 
 
-def recursive_dereferencer(var, builder):
-    """dereference until primitive type comes out"""
-    # TODO: Not worrying about stack overflow for now
+def deref_to_val(var, builder):
+    """Dereference a variable to get its value and pointer chain."""
     logger.info(f"Dereferencing {var}, type is {var.type}")
-    if isinstance(var.type, ir.PointerType):
-        a = builder.load(var)
-        return recursive_dereferencer(a, builder)
-    elif isinstance(var.type, ir.IntType):
-        return var
+
+    chain = [var]
+    cur = var
+
+    while isinstance(cur.type, ir.PointerType):
+        cur = builder.load(cur)
+        chain.append(cur)
+
+    if isinstance(cur.type, ir.IntType):
+        logger.info(f"dereference chain: {chain}")
+        return cur, chain
     else:
-        raise TypeError(f"Unsupported type for dereferencing: {var.type}")
+        raise TypeError(f"Unsupported type for dereferencing: {cur.type}")
 
 
 def get_operand_value(operand, builder, local_sym_tab):
     """Extract the value from an operand, handling variables and constants."""
     if isinstance(operand, ast.Name):
         if operand.id in local_sym_tab:
-            return recursive_dereferencer(local_sym_tab[operand.id].var, builder)
+            var = local_sym_tab[operand.id].var
+            val, chain = deref_to_val(var, builder)
+            return val, chain, var
         raise ValueError(f"Undefined variable: {operand.id}")
     elif isinstance(operand, ast.Constant):
         if isinstance(operand.value, int):
-            return ir.Constant(ir.IntType(64), operand.value)
+            cst = ir.Constant(ir.IntType(64), operand.value)
+            return cst, [cst], None
         raise TypeError(f"Unsupported constant type: {type(operand.value)}")
     elif isinstance(operand, ast.BinOp):
-        return handle_binary_op_impl(operand, builder, local_sym_tab)
+        res = handle_binary_op_impl(operand, builder, local_sym_tab)
+        return res, [res], None
     raise TypeError(f"Unsupported operand type: {type(operand)}")
 
 
+def store_through_chain(value, chain, builder):
+    """Store a value through a pointer chain."""
+    if not chain or len(chain) < 2:
+        raise ValueError("Pointer chain must have at least two elements")
+
+    for ptr in reversed(chain[1:]):
+        builder.store(value, ptr)
+        value = ptr
+
+
 def handle_binary_op_impl(rval, builder, local_sym_tab):
     op = rval.op
-    left = get_operand_value(rval.left, builder, local_sym_tab)
-    right = get_operand_value(rval.right, builder, local_sym_tab)
+    left, _, _ = get_operand_value(rval.left, builder, local_sym_tab)
+    right, _, _ = get_operand_value(rval.right, builder, local_sym_tab)
     logger.info(f"left is {left}, right is {right}, op is {op}")
 
     # Map AST operation nodes to LLVM IR builder methods

pythonbpf/codegen.py

@@ -4,7 +4,11 @@ from .license_pass import license_processing
 from .functions import func_proc
 from .maps import maps_proc
 from .structs import structs_proc
-from .globals_pass import globals_processing
+from .globals_pass import (
+    globals_list_creation,
+    globals_processing,
+    populate_global_symbol_table,
+)
 from .debuginfo import DW_LANG_C11, DwarfBehaviorEnum, DebugInfoGenerator
 import os
 import subprocess
@@ -40,12 +44,15 @@ def processor(source_code, filename, module):
     for func_node in bpf_chunks:
         logger.info(f"Found BPF function/struct: {func_node.name}")
 
+    populate_global_symbol_table(tree, module)
+    license_processing(tree, module)
+    globals_processing(tree, module)
+
     structs_sym_tab = structs_proc(tree, module, bpf_chunks)
     map_sym_tab = maps_proc(tree, module, bpf_chunks)
     func_proc(tree, module, bpf_chunks, map_sym_tab, structs_sym_tab)
 
-    license_processing(tree, module)
-    globals_processing(tree, module)
+    globals_list_creation(tree, module)
 
 
 def compile_to_ir(filename: str, output: str, loglevel=logging.INFO):

pythonbpf/functions/functions_pass.py

@@ -8,6 +8,7 @@ from pythonbpf.helper import HelperHandlerRegistry, handle_helper_call
 from pythonbpf.type_deducer import ctypes_to_ir
 from pythonbpf.binary_ops import handle_binary_op
 from pythonbpf.expr import eval_expr, handle_expr, convert_to_bool
+from pythonbpf.assign_pass import handle_variable_assignment
 
 from .return_utils import _handle_none_return, _handle_xdp_return, _is_xdp_name
 
@@ -48,13 +49,35 @@ def handle_assign(
     func, module, builder, stmt, map_sym_tab, local_sym_tab, structs_sym_tab
 ):
     """Handle assignment statements in the function body."""
+
+    # TODO: Support this later
+    # GH #37
     if len(stmt.targets) != 1:
-        logger.info("Unsupported multiassignment")
+        logger.error("Multi-target assignment is not supported for now")
+        return
+
+    target = stmt.targets[0]
+    rval = stmt.value
+
+    if isinstance(target, ast.Name):
+        # NOTE: Simple variable assignment case: x = 5
+        var_name = target.id
+        result = handle_variable_assignment(
+            func,
+            module,
+            builder,
+            var_name,
+            rval,
+            local_sym_tab,
+            map_sym_tab,
+            structs_sym_tab,
+        )
+        if not result:
+            logger.error(f"Failed to handle assignment to {var_name}")
         return
 
     num_types = ("c_int32", "c_int64", "c_uint32", "c_uint64")
 
-    target = stmt.targets[0]
     logger.info(f"Handling assignment to {ast.dump(target)}")
     if not isinstance(target, ast.Name) and not isinstance(target, ast.Attribute):
         logger.info("Unsupported assignment target")

pythonbpf/globals_pass.py

@@ -1,8 +1,121 @@
 from llvmlite import ir
 import ast
 
+from logging import Logger
+import logging
+from .type_deducer import ctypes_to_ir
 
-def emit_globals(module: ir.Module, names: list[str]):
+logger: Logger = logging.getLogger(__name__)
+
+# TODO: this is going to be a huge fuck of a headache in the future.
+global_sym_tab = []
+
+
+def populate_global_symbol_table(tree, module: ir.Module):
+    for node in tree.body:
+        if isinstance(node, ast.FunctionDef):
+            for dec in node.decorator_list:
+                if (
+                    isinstance(dec, ast.Call)
+                    and isinstance(dec.func, ast.Name)
+                    and dec.func.id == "section"
+                    and len(dec.args) == 1
+                    and isinstance(dec.args[0], ast.Constant)
+                    and isinstance(dec.args[0].value, str)
+                ):
+                    global_sym_tab.append(node)
+                elif isinstance(dec, ast.Name) and dec.id == "bpfglobal":
+                    global_sym_tab.append(node)
+
+                elif isinstance(dec, ast.Name) and dec.id == "map":
+                    global_sym_tab.append(node)
+    return False
+
+
+def emit_global(module: ir.Module, node, name):
+    logger.info(f"global identifier {name} processing")
+    # deduce LLVM type from the annotated return
+    if not isinstance(node.returns, ast.Name):
+        raise ValueError(f"Unsupported return annotation {ast.dump(node.returns)}")
+    ty = ctypes_to_ir(node.returns.id)
+
+    # extract the return expression
+    # TODO: turn this return extractor into a generic function I can use everywhere.
+    ret_stmt = node.body[0]
+    if not isinstance(ret_stmt, ast.Return) or ret_stmt.value is None:
+        raise ValueError(f"Global '{name}' has no valid return")
+
+    init_val = ret_stmt.value
+
+    # simple constant like "return 0"
+    if isinstance(init_val, ast.Constant):
+        llvm_init = ir.Constant(ty, init_val.value)
+
+    # variable reference like "return SOME_CONST"
+    elif isinstance(init_val, ast.Name):
+        # need symbol resolution here, stub as 0 for now
+        raise ValueError(f"Name reference {init_val.id} not yet supported")
+
+    # constructor call like "return c_int64(0)" or dataclass(...)
+    elif isinstance(init_val, ast.Call):
+        if len(init_val.args) >= 1 and isinstance(init_val.args[0], ast.Constant):
+            llvm_init = ir.Constant(ty, init_val.args[0].value)
+        else:
+            logger.info("Defaulting to zero as no constant argument found")
+            llvm_init = ir.Constant(ty, 0)
+    else:
+        raise ValueError(f"Unsupported return expr {ast.dump(init_val)}")
+
+    gvar = ir.GlobalVariable(module, ty, name=name)
+    gvar.initializer = llvm_init
+    gvar.align = 8
+    gvar.linkage = "dso_local"
+    gvar.global_constant = False
+    return gvar
+
+
+def globals_processing(tree, module):
+    """Process stuff decorated with @bpf and @bpfglobal except license and return the section name"""
+    globals_sym_tab = []
+
+    for node in tree.body:
+        # Skip non-assignment and non-function nodes
+        if not (isinstance(node, ast.FunctionDef)):
+            continue
+
+        # Get the name based on node type
+        if isinstance(node, ast.FunctionDef):
+            name = node.name
+        else:
+            continue
+
+        # Check for duplicate names
+        if name in globals_sym_tab:
+            raise SyntaxError(f"ERROR: Global name '{name}' previously defined")
+        else:
+            globals_sym_tab.append(name)
+
+        if isinstance(node, ast.FunctionDef) and node.name != "LICENSE":
+            decorators = [
+                dec.id for dec in node.decorator_list if isinstance(dec, ast.Name)
+            ]
+            if "bpf" in decorators and "bpfglobal" in decorators:
+                if (
+                    len(node.body) == 1
+                    and isinstance(node.body[0], ast.Return)
+                    and node.body[0].value is not None
+                    and isinstance(
+                        node.body[0].value, (ast.Constant, ast.Name, ast.Call)
+                    )
+                ):
+                    emit_global(module, node, name)
+                else:
+                    raise SyntaxError(f"ERROR: Invalid syntax for {name} global")
+
+    return None
+
+
+def emit_llvm_compiler_used(module: ir.Module, names: list[str]):
     """
     Emit the @llvm.compiler.used global given a list of function/global names.
     """
@@ -24,7 +137,7 @@ def emit_globals(module: ir.Module, names: list[str]):
     gv.section = "llvm.metadata"
 
 
-def globals_processing(tree, module: ir.Module):
+def globals_list_creation(tree, module: ir.Module):
     collected = ["LICENSE"]
 
     for node in tree.body:
@@ -40,10 +153,11 @@ def globals_processing(tree, module: ir.Module):
                 ):
                     collected.append(node.name)
 
-                elif isinstance(dec, ast.Name) and dec.id == "bpfglobal":
-                    collected.append(node.name)
+                # NOTE: all globals other than
+                # elif isinstance(dec, ast.Name) and dec.id == "bpfglobal":
+                #     collected.append(node.name)
 
                 elif isinstance(dec, ast.Name) and dec.id == "map":
                     collected.append(node.name)
 
-    emit_globals(module, collected)
+    emit_llvm_compiler_used(module, collected)

tests/c-form/globals.bpf.c

@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include <linux/types.h>
+
+struct test_struct {
+    __u64 a;
+    __u64 b;
+};
+
+struct test_struct w = {};
+volatile __u64 prev_time = 0;
+
+SEC("tracepoint/syscalls/sys_enter_execve")
+int trace_execve(void *ctx)
+{
+    bpf_printk("previous %ul now %ul", w.b, w.a);
+    __u64 ts = bpf_ktime_get_ns();
+    bpf_printk("prev %ul now %ul", prev_time, ts);
+    w.a = ts;
+    w.b = prev_time;
+    prev_time = ts;
+    return 0;
+}
+
+char LICENSE[] SEC("license") = "GPL";

tests/c-form/kprobe.bpf.c

@@ -0,0 +1,19 @@
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+
+char LICENSE[] SEC("license") = "Dual BSD/GPL";
+
+SEC("kprobe/do_unlinkat")
+int kprobe_execve(struct pt_regs *ctx)
+{
+    bpf_printk("unlinkat created");
+    return 0;
+}
+
+SEC("kretprobe/do_unlinkat")
+int kretprobe_execve(struct pt_regs *ctx)
+{
+    bpf_printk("unlinkat returned\n");
+    return 0;
+}

tests/failing_tests/assign/retype.py

@@ -0,0 +1,39 @@
+from pythonbpf import bpf, map, section, bpfglobal, compile
+from ctypes import c_void_p, c_int64, c_uint64
+from pythonbpf.maps import HashMap
+
+
+# NOTE: This example tries to reinterpret the variable `x` to a different type.
+# We do not allow this for now, as stack allocations are typed and have to be
+# done in the first basic block. Allowing re-interpretation would require
+# re-allocation of stack space (possibly in a new basic block), which is not
+# supported in eBPF yet.
+# We can allow bitcasts in cases where the width of the types is the same in
+# the future. But for now, we do not allow any re-interpretation of variables.
+
+@bpf
+@map
+def last() -> HashMap:
+    return HashMap(key=c_uint64, value=c_uint64, max_entries=3)
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int64:
+    last.update(0, 1)
+    x = last.lookup(0)
+    x = 20
+    if x == 2:
+        print("Hello, World!")
+    else:
+        print("Goodbye, World!")
+    return
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tests/failing_tests/conditionals/oneline.py

@@ -0,0 +1,18 @@
+from pythonbpf import bpf, section, bpfglobal, compile
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("Hello, World!") if True else print("Goodbye, World!")
+    return
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tests/failing_tests/globals.py

@@ -0,0 +1,101 @@
+import logging
+
+from pythonbpf import compile, bpf, section, bpfglobal, compile_to_ir
+from ctypes import c_void_p, c_int64, c_int32
+
+@bpf
+@bpfglobal
+def somevalue() -> c_int32:
+    return c_int32(42)
+
+@bpf
+@bpfglobal
+def somevalue2() -> c_int64:
+    return c_int64(69)
+
+@bpf
+@bpfglobal
+def somevalue1() -> c_int32:
+    return c_int32(42)
+
+
+# --- Passing examples ---
+
+# Simple constant return
+@bpf
+@bpfglobal
+def g1() -> c_int64:
+    return c_int64(42)
+
+# Constructor with one constant argument
+@bpf
+@bpfglobal
+def g2() -> c_int64:
+    return c_int64(69)
+
+
+# --- Failing examples ---
+
+# No return annotation
+# @bpf
+# @bpfglobal
+# def g3():
+#     return 42
+
+# Return annotation is complex
+# @bpf
+# @bpfglobal
+# def g4() -> List[int]:
+#     return []
+
+# # Return is missing
+# @bpf
+# @bpfglobal
+# def g5() -> c_int64:
+#     pass
+
+# # Return is a variable reference
+# #TODO: maybe fix this sometime later. It defaults to 0
+# CONST = 5
+# @bpf
+# @bpfglobal
+# def g6() -> c_int64:
+#     return c_int64(CONST)
+
+# Constructor with multiple args
+#TODO: this is not working. should it work ?
+@bpf
+@bpfglobal
+def g7() -> c_int64:
+    return c_int64(1)
+
+# Dataclass call
+#TODO: fails with dataclass
+# @dataclass
+# class Point:
+#     x: c_int64
+#     y: c_int64
+
+# @bpf
+# @bpfglobal
+# def g8() -> Point:
+#     return Point(1, 2)
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def sometag(ctx: c_void_p) -> c_int64:
+    print("test")
+    global somevalue
+    somevalue = 2
+    print(f"{somevalue}")
+    return c_int64(1)
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("globals.py", "globals.ll", loglevel=logging.INFO)
+compile()

tests/failing_tests/undeclared_values.py

@@ -0,0 +1,21 @@
+import logging
+
+from pythonbpf import compile, bpf, section, bpfglobal, compile_to_ir
+from ctypes import c_void_p, c_int64
+
+# This should not pass as somevalue is not declared at all.
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def sometag(ctx: c_void_p) -> c_int64:
+    print("test")
+    print(f"{somevalue}")  # noqa: F821
+    return c_int64(1)
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("globals.py", "globals.ll", loglevel=logging.INFO)
+compile()

tests/passing_tests/assign/cst_var_binop.py

@@ -0,0 +1,27 @@
+from pythonbpf import bpf, section, bpfglobal, compile
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int64:
+    x = 1
+    print(f"Initial x: {x}")
+    a = 20
+    x = a
+    print(f"Updated x with a: {x}")
+    x = (x + x) * 3
+    if x == 2:
+        print("Hello, World!")
+    else:
+        print(f"Goodbye, World! {x}")
+    return
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tools/vmlinux-gen.py

@@ -0,0 +1,369 @@
+#!/usr/bin/env python3
+"""
+BTF to Python ctypes Converter
+Converts Linux kernel BTF (BPF Type Format) to Python ctypes definitions.
+
+This tool automates the process of:
+1. Dumping BTF from vmlinux
+2. Preprocessing enum definitions
+3. Processing struct kioctx to extract anonymous nested structs
+4. Running C preprocessor
+5. Converting to Python ctypes using clang2py
+6. Post-processing the output
+
+Requirements:
+- bpftool
+- clang
+- ctypeslib2 (pip install ctypeslib2)
+"""
+
+import argparse
+import os
+import re
+import subprocess
+import sys
+import tempfile
+
+
+class BTFConverter:
+    def __init__(self, btf_source="/sys/kernel/btf/vmlinux", output_file="vmlinux.py",
+                 keep_intermediate=False, verbose=False):
+        self.btf_source = btf_source
+        self.output_file = output_file
+        self.keep_intermediate = keep_intermediate
+        self.verbose = verbose
+        self.temp_dir = tempfile.mkdtemp() if not keep_intermediate else "."
+
+    def log(self, message):
+        """Print message if verbose mode is enabled."""
+        if self.verbose:
+            print(f"[*] {message}")
+
+    def run_command(self, cmd, description):
+        """Run a shell command and handle errors."""
+        self.log(f"{description}...")
+        try:
+            result = subprocess.run(
+                cmd,
+                shell=True,
+                check=True,
+                capture_output=True,
+                text=True
+            )
+            if self.verbose and result.stdout:
+                print(result.stdout)
+            return result
+        except subprocess.CalledProcessError as e:
+            print(f"Error during {description}:", file=sys.stderr)
+            print(e.stderr, file=sys.stderr)
+            sys.exit(1)
+
+    def step1_dump_btf(self):
+        """Step 1: Dump BTF from vmlinux."""
+        vmlinux_h = os.path.join(self.temp_dir, "vmlinux.h")
+        cmd = f"bpftool btf dump file {self.btf_source} format c > {vmlinux_h}"
+        self.run_command(cmd, "Dumping BTF from vmlinux")
+        return vmlinux_h
+
+    def step2_preprocess_enums(self, input_file):
+        """Step 1.5: Preprocess enum definitions."""
+        self.log("Preprocessing enum definitions...")
+
+        with open(input_file, 'r') as f:
+            original_code = f.read()
+
+        # Extract anonymous enums
+        enums = re.findall(
+            r'(?<!typedef\s)(enum\s*\{[^}]*\})\s*(\w+)\s*(?::\s*\d+)?\s*;',
+            original_code
+        )
+        enum_defs = [enum_block + ';' for enum_block, _ in enums]
+
+        # Replace anonymous enums with int declarations
+        processed_code = re.sub(
+            r'(?<!typedef\s)enum\s*\{[^}]*\}\s*(\w+)\s*(?::\s*\d+)?\s*;',
+            r'int \1;',
+            original_code
+        )
+
+        # Prepend enum definitions
+        if enum_defs:
+            enum_text = '\n'.join(enum_defs) + '\n\n'
+            processed_code = enum_text + processed_code
+
+        output_file = os.path.join(self.temp_dir, "vmlinux_processed.h")
+        with open(output_file, 'w') as f:
+            f.write(processed_code)
+
+        return output_file
+
+    def step2_5_process_kioctx(self, input_file):
+        #TODO: this is a very bad bug and design decision. A single struct has an issue mostly.
+        """Step 2.5: Process struct kioctx to extract nested anonymous structs."""
+        self.log("Processing struct kioctx nested structs...")
+
+        with open(input_file, 'r') as f:
+            content = f.read()
+
+        # Pattern to match struct kioctx with its full body (handles multiple nesting levels)
+        kioctx_pattern = r'struct\s+kioctx\s*\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\}\s*;'
+
+        def process_kioctx_replacement(match):
+            full_struct = match.group(0)
+            self.log(f"Found struct kioctx, length: {len(full_struct)} chars")
+
+            # Extract the struct body (everything between outermost { and })
+            body_match = re.search(r'struct\s+kioctx\s*\{(.*)\}\s*;', full_struct, re.DOTALL)
+            if not body_match:
+                return full_struct
+
+            body = body_match.group(1)
+
+            # Find all anonymous structs within the body
+            # Pattern: struct { ... } followed by ; (not a member name)
+            anon_struct_pattern = r'struct\s*\{[^}]*\}'
+
+            anon_structs = []
+            anon_counter = 4  # Start from 4, counting down to 1
+
+            def replace_anonymous_struct(m):
+                nonlocal anon_counter
+                anon_struct_content = m.group(0)
+
+                # Extract the body of the anonymous struct
+                anon_body_match = re.search(r'struct\s*\{(.*)\}', anon_struct_content, re.DOTALL)
+                if not anon_body_match:
+                    return anon_struct_content
+
+                anon_body = anon_body_match.group(1)
+
+                # Create the named struct definition
+                anon_name = f"__anon{anon_counter}"
+                member_name = f"a{anon_counter}"
+
+                # Store the struct definition
+                anon_structs.append(f"struct {anon_name} {{{anon_body}}};")
+
+                anon_counter -= 1
+
+                # Return the member declaration
+                return f"struct {anon_name} {member_name}"
+
+            # Process the body, finding and replacing anonymous structs
+            # We need to be careful to only match anonymous structs followed by ;
+            processed_body = body
+
+            # Find all occurrences and process them
+            pattern_with_semicolon = r'struct\s*\{([^}]*)\}\s*;'
+            matches = list(re.finditer(pattern_with_semicolon, body, re.DOTALL))
+
+            if not matches:
+                self.log("No anonymous structs found in kioctx")
+                return full_struct
+
+            self.log(f"Found {len(matches)} anonymous struct(s)")
+
+            # Process in reverse order to maintain string positions
+            for match in reversed(matches):
+                anon_struct_content = match.group(1)
+                start_pos = match.start()
+                end_pos = match.end()
+
+                # Create the named struct definition
+                anon_name = f"__anon{anon_counter}"
+                member_name = f"a{anon_counter}"
+
+                # Store the struct definition
+                anon_structs.insert(0, f"struct {anon_name} {{{anon_struct_content}}};")
+
+                # Replace in the body
+                replacement = f"struct {anon_name} {member_name};"
+                processed_body = processed_body[:start_pos] + replacement + processed_body[end_pos:]
+
+                anon_counter -= 1
+
+            # Rebuild the complete definition
+            if anon_structs:
+                # Prepend the anonymous struct definitions
+                anon_definitions = '\n'.join(anon_structs) + '\n\n'
+                new_struct = f"struct kioctx {{{processed_body}}};"
+                return anon_definitions + new_struct
+            else:
+                return full_struct
+
+        # Apply the transformation
+        processed_content = re.sub(
+            kioctx_pattern,
+            process_kioctx_replacement,
+            content,
+            flags=re.DOTALL
+        )
+
+        output_file = os.path.join(self.temp_dir, "vmlinux_kioctx_processed.h")
+        with open(output_file, 'w') as f:
+            f.write(processed_content)
+
+        self.log(f"Saved kioctx-processed output to {output_file}")
+        return output_file
+
+    def step3_run_preprocessor(self, input_file):
+        """Step 2: Run C preprocessor."""
+        output_file = os.path.join(self.temp_dir, "vmlinux.i")
+        cmd = f"clang -E {input_file} > {output_file}"
+        self.run_command(cmd, "Running C preprocessor")
+        return output_file
+
+    def step4_convert_to_ctypes(self, input_file):
+        """Step 3: Convert to Python ctypes using clang2py."""
+        output_file = os.path.join(self.temp_dir, "vmlinux_raw.py")
+        cmd = (
+            f"clang2py {input_file} -o {output_file} "
+            f"--clang-args=\"-fno-ms-extensions -I/usr/include -I/usr/include/linux\""
+        )
+        self.run_command(cmd, "Converting to Python ctypes")
+        return output_file
+
+    def step5_postprocess(self, input_file):
+        """Step 4: Post-process the generated Python file."""
+        self.log("Post-processing Python ctypes definitions...")
+
+        with open(input_file, "r") as f:
+            data = f.read()
+
+        # Remove lines like ('_45', ctypes.c_int64, 0)
+        data = re.sub(r"\('_[0-9]+',\s*ctypes\.[a-zA-Z0-9_]+,\s*0\),?\s*\n?", "", data)
+
+        # Replace ('_20', ctypes.c_uint64, 64) → ('_20', ctypes.c_uint64)
+        data = re.sub(r"\('(_[0-9]+)',\s*(ctypes\.[a-zA-Z0-9_]+),\s*[0-9]+\)", r"('\1', \2)", data)
+
+        # Replace ('_20', ctypes.c_char, 8) with ('_20', ctypes.c_uint8, 8)
+        data = re.sub(
+            r"(ctypes\.c_char)(\s*,\s*\d+\))",
+            r"ctypes.c_uint8\2",
+            data
+        )
+
+        # Remove ctypes. prefix from invalid entries
+        invalid_ctypes = ["bpf_iter_state", "_cache_type", "fs_context_purpose"]
+        for name in invalid_ctypes:
+            data = re.sub(rf"\bctypes\.{name}\b", name, data)
+
+        with open(self.output_file, "w") as f:
+            f.write(data)
+
+        self.log(f"Saved final output to {self.output_file}")
+
+    def cleanup(self):
+        """Remove temporary files if not keeping them."""
+        if not self.keep_intermediate and self.temp_dir != ".":
+            self.log(f"Cleaning up temporary directory: {self.temp_dir}")
+            import shutil
+            shutil.rmtree(self.temp_dir, ignore_errors=True)
+
+    def convert(self):
+        """Run the complete conversion pipeline."""
+        try:
+            self.log("Starting BTF to Python ctypes conversion...")
+
+            # Check dependencies
+            self.check_dependencies()
+
+            # Run conversion pipeline
+            vmlinux_h = self.step1_dump_btf()
+            vmlinux_processed_h = self.step2_preprocess_enums(vmlinux_h)
+            vmlinux_kioctx_h = self.step2_5_process_kioctx(vmlinux_processed_h)
+            vmlinux_i = self.step3_run_preprocessor(vmlinux_kioctx_h)
+            vmlinux_raw_py = self.step4_convert_to_ctypes(vmlinux_i)
+            self.step5_postprocess(vmlinux_raw_py)
+
+            print(f"\n✓ Conversion complete! Output saved to: {self.output_file}")
+
+        except Exception as e:
+            print(f"\n✗ Error during conversion: {e}", file=sys.stderr)
+            import traceback
+            traceback.print_exc()
+            sys.exit(1)
+        finally:
+            self.cleanup()
+
+    def check_dependencies(self):
+        """Check if required tools are available."""
+        self.log("Checking dependencies...")
+
+        dependencies = {
+            "bpftool": "bpftool --version",
+            "clang": "clang --version",
+            "clang2py": "clang2py --version"
+        }
+
+        missing = []
+        for tool, cmd in dependencies.items():
+            try:
+                subprocess.run(
+                    cmd,
+                    shell=True,
+                    check=True,
+                    capture_output=True
+                )
+            except subprocess.CalledProcessError:
+                missing.append(tool)
+
+        if missing:
+            print("Error: Missing required dependencies:", file=sys.stderr)
+            for tool in missing:
+                print(f"  - {tool}", file=sys.stderr)
+            if "clang2py" in missing:
+                print("\nInstall ctypeslib2: pip install ctypeslib2", file=sys.stderr)
+            sys.exit(1)
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        description="Convert Linux kernel BTF to Python ctypes definitions",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        epilog="""
+Examples:
+  %(prog)s
+  %(prog)s -o kernel_types.py
+  %(prog)s --btf-source /sys/kernel/btf/custom_module -k -v
+        """
+    )
+
+    parser.add_argument(
+        "--btf-source",
+        default="/sys/kernel/btf/vmlinux",
+        help="Path to BTF source (default: /sys/kernel/btf/vmlinux)"
+    )
+
+    parser.add_argument(
+        "-o", "--output",
+        default="vmlinux.py",
+        help="Output Python file (default: vmlinux.py)"
+    )
+
+    parser.add_argument(
+        "-k", "--keep-intermediate",
+        action="store_true",
+        help="Keep intermediate files (vmlinux.h, vmlinux_processed.h, etc.)"
+    )
+
+    parser.add_argument(
+        "-v", "--verbose",
+        action="store_true",
+        help="Enable verbose output"
+    )
+
+    args = parser.parse_args()
+
+    converter = BTFConverter(
+        btf_source=args.btf_source,
+        output_file=args.output,
+        keep_intermediate=args.keep_intermediate,
+        verbose=args.verbose
+    )
+
+    converter.convert()
+
+
+if __name__ == "__main__":
+    main()