test: add unit tests for bpf restart and update logic

[Aryanburnwal05]

This PR adds missing unit tests for the pkg/bpf/restart package to improve coverage around the bpf map lifecycle and struct diffing logic.

Changes included:

• bpf_restart_test.go: Added tests for tracking start/exit lifecycle states and fallback behaviors for InferNextStartType.
• bpf_update_test.go: Added coverage for DiffStructInfoAgainstBTF to verify how it handles structural changes (like field additions, removals, offset or type changes). Also covers map recreation scenarios (needsRecreate) and utility functions.

To run the tests locally:

go test -v kmesh.net/kmesh/pkg/bpf/restart

[kmesh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign kevin-wangzefeng for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the reliability of the Kmesh codebase by introducing critical unit tests for BPF restart and update mechanisms, as well as XDP authentication handlers. These changes ensure that structural changes and lifecycle events are correctly managed, while also providing the necessary infrastructure for kernel-native eBPF support and updating core testing dependencies.

Highlights

• Enhanced Test Coverage: Added comprehensive unit tests for the pkg/bpf/restart package, focusing on map lifecycle management and structural diffing logic.
• XDP Authentication Testing: Introduced new unit tests for the xdp_auth_handler to verify connection reset notification logic.
• Dependency Update: Upgraded the testify testing library to version v1.11.1 in go.mod and updated go.sum accordingly.
• BPF Infrastructure: Added generated bpf2go files to support kernel-native eBPF program interactions.
• Bug Fix: Corrected the initialization of prev_key in deserialization_to_bpf_map.c to ensure safe pointer handling.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

---

The tests were missing, cold and bare, Now coverage fills the empty air. With maps and structs and diffs in line, The Kmesh code will surely shine.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces several unit tests for BPF restart, update, and XDP auth handler functionality, upgrades the testify dependency, initializes prev_key to NULL in map_restore, and adds auto-generated bpf2go files. The review feedback suggests making the Kubernetes start-type inference test hermetic by mocking the client creation with gomonkey, and skipping the XDP connection reset test in unprivileged environments where BPF map creation or memlock removal is not permitted.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

Add the necessary imports for mocking the Kubernetes client and using gomonkey to make the tests hermetic.

import (
	"context"
	"errors"
	"testing"

	"github.com/agiledragon/gomonkey/v2"
	"github.com/stretchr/testify/assert"
	appsv1 "k8s.io/api/apps/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/client-go/kubernetes"
	"k8s.io/client-go/kubernetes/fake"

	"kmesh.net/kmesh/pkg/kube"
)

[gemini-code-assist]

This test is currently non-hermetic. If a developer runs this test locally with a valid kubeconfig pointing to a real or local Kubernetes cluster, kube.CreateKubeClient("") will succeed instead of failing. It will then attempt to make an actual API call to the cluster to fetch a DaemonSet, which can lead to unexpected test failures, hangs, or security/permission issues depending on the active kubeconfig context.

To make this test hermetic and robust, we should mock the Kubernetes client creation. Since gomonkey is already a dependency in go.mod, we can use it to mock kube.CreateKubeClient and test both the Normal fallback path and the Restart success path.

func TestInferNextStartType_Normal(t *testing.T) {
	patches := gomonkey.ApplyFunc(kube.CreateKubeClient, func(string) (kubernetes.Interface, error) {
		return nil, errors.New("mocked error")
	})
	defer patches.Reset()

	startType := InferNextStartType()
	assert.Equal(t, Normal, startType)
}

func TestInferNextStartType_Restart(t *testing.T) {
	t.Setenv("POD_NAME", "kmesh-daemonset-12345")
	t.Setenv("POD_NAMESPACE", "kmesh-system")

	fakeClient := fake.NewSimpleClientset(&appsv1.DaemonSet{
		ObjectMeta: metav1.ObjectMeta{
			Name:      "kmesh",
			Namespace: "kmesh-system",
		},
	})

	patches := gomonkey.ApplyFunc(kube.CreateKubeClient, func(string) (kubernetes.Interface, error) {
		return fakeClient, nil
	})
	defer patches.Reset()

	startType := InferNextStartType()
	assert.Equal(t, Restart, startType)
}

[gemini-code-assist]

If this test is run in an unprivileged environment (e.g., non-root or lacking CAP_BPF/CAP_SYS_RESOURCE), rlimit.RemoveMemlock() or ebpf.NewMap() will fail, causing the test suite to fail. To prevent CI/CD pipeline failures in unprivileged environments, we should skip the test if we don't have the required privileges.

func Test_xdpNotifyConnRst(t *testing.T) {
	err := rlimit.RemoveMemlock()
	if err != nil {
		t.Skipf("skipping test; failed to remove memlock (requires root/CAP_SYS_RESOURCE): %v", err)
	}

	mapOfAuth, err := ebpf.NewMap(&ebpf.MapSpec{
		Name:       "test_map_of_auth_result",
		Type:       ebpf.Hash,
		KeySize:    uint32(TUPLE_LEN),
		ValueSize:  uint32(unsafe.Sizeof(uint32(0))),
		MaxEntries: 4096,
	})
	if err != nil {
		t.Skipf("skipping test; failed to create ebpf map (requires root/CAP_BPF): %v", err)
	}
	defer mapOfAuth.Close()

[Copilot]

Pull request overview

This PR primarily adds unit tests to improve coverage for BPF restart/update logic, and also includes a dependency bump plus additional unrelated generated/artifact changes.

Changes:

• Added unit tests for pkg/bpf/restart covering start/exit lifecycle state and struct-layout diffing / recreate decisions.
• Added an auth-related unit test for xdpNotifyConnRst.
• Updated dependencies (testify) and added generated bpf2go artifacts, plus a small C fix in map restore logic.

Reviewed changes

Copilot reviewed 2 out of 10 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
pkg/bpf/restart/bpf_update_test.go	Adds tests for unionKeys, DiffStructInfoAgainstBTF, and needsRecreate.
pkg/bpf/restart/bpf_restart_test.go	Adds tests for start/exit type getters/setters and InferNextStartType.
pkg/auth/xdp_auth_handler_test.go	Adds tests for xdpNotifyConnRst key mutation/insertion behavior.
go.mod	Bumps github.com/stretchr/testify to v1.11.1.
go.sum	Adds checksum entries for github.com/stretchr/testify v1.11.1.
bpf/kmesh/bpf2go/kernelnative/kmeshsockopscompat_bpfel.go	Adds generated bpf2go bindings for kernel-native sockops compat (little-endian).
bpf/kmesh/bpf2go/kernelnative/kmeshsockopscompat_bpfeb.go	Adds generated bpf2go bindings for kernel-native sockops compat (big-endian).
bpf/kmesh/bpf2go/kernelnative/kmeshsockops_bpfel.go	Adds generated bpf2go bindings for kernel-native sockops (little-endian).
bpf/kmesh/bpf2go/kernelnative/kmeshsockops_bpfeb.go	Adds generated bpf2go bindings for kernel-native sockops (big-endian).
bpf/kmesh/bpf2go/kernelnative/kmeshcgroupsockcompat_bpfel.go	Adds generated bpf2go bindings for kernel-native cgroup sock compat (little-endian).
bpf/kmesh/bpf2go/kernelnative/kmeshcgroupsockcompat_bpfeb.go	Adds generated bpf2go bindings for kernel-native cgroup sock compat (big-endian).
bpf/kmesh/bpf2go/kernelnative/kmeshcgroupsock_bpfel.go	Adds generated bpf2go bindings for kernel-native cgroup sock (little-endian).
bpf/kmesh/bpf2go/kernelnative/kmeshcgroupsock_bpfeb.go	Adds generated bpf2go bindings for kernel-native cgroup sock (big-endian).
bpf/deserialization_to_bpf_map/deserialization_to_bpf_map.c	Initializes prev_key to NULL before the first bpf_map_get_next_key call.

Files not reviewed (8)

• bpf/kmesh/bpf2go/kernelnative/kmeshcgroupsock_bpfeb.go: Generated file
• bpf/kmesh/bpf2go/kernelnative/kmeshcgroupsock_bpfel.go: Generated file
• bpf/kmesh/bpf2go/kernelnative/kmeshcgroupsockcompat_bpfeb.go: Generated file
• bpf/kmesh/bpf2go/kernelnative/kmeshcgroupsockcompat_bpfel.go: Generated file
• bpf/kmesh/bpf2go/kernelnative/kmeshsockops_bpfeb.go: Generated file
• bpf/kmesh/bpf2go/kernelnative/kmeshsockops_bpfel.go: Generated file
• bpf/kmesh/bpf2go/kernelnative/kmeshsockopscompat_bpfeb.go: Generated file
• bpf/kmesh/bpf2go/kernelnative/kmeshsockopscompat_bpfel.go: Generated file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.