Skip to content

0.22.0
Compare
Choose a tag to compare
@h-w-chen h-w-chen released this 13 Jul 16:45
· 575 commits to master since this release
0.22.0
38a1c42
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Highlight

eBPF support for sysdig

New features

  • eBPF support for sysdig: eBPF as the instrumentation backend in kernel space (beta)
    [#1110] [#1115] [#1116] [#1117] [#1122] [#1124] [#1125] [#1128] [#1132] [#1134] [#1145]
  • Parsing an argument passed to sysdig-probe-loader as a custom URL for the kernel module like -e SYSDIG_PROBE_URL=http://54.183.253.176:52354 [#1085]
  • Several changes to expand the set of events that are skipped by falco, and to centralize the logic for knowing which events to skip [#1105]
  • Improved proc lookup in libsinsp [#1107] [#1110] [#1112]
  • Improved performance [#1126] [#1120] [#1121] [#1137]
  • In dropping mode, drop events that don't change system state [#1123]
  • Introduce non-STL thread table API [#1142]
  • Add the ability to ignore events by process name (comm). At the scap level, ignoring is by tid. At the sinsp level, as threads are added/removed from the thread table the comm is checked against a set of comms and if found the tid is added to the scap-level ignore hash table [#1139]
  • The container_manager can now receive callbacks to call when a new container is detected or an inactive one is removed [#1133]
  • Add support for adding custom container types alongside Docker etc (on sinsp level) [#1149]
    Parse and store three new container_info fields: repository, tag and digest [#1127]
  • Skip proc scan in sinsp_dumper w/ threads_from_sinsp=true [#1164]
  • Allow k8s filterchecks with analyzer [#1160]
  • When creating the sysdig docker image, add the ability to directly set the sysdig version via the environment variable SYSDIG_VERSION [#1166]

Bug fixes

  • Enable SME on userspace mappings [#1096]
  • Falco might read a trace file containing older events. These events shouldn't be skipped simply because a newer version of the event exists [#1106]
  • Get setpgid() handling working when the caller is in a pid namespace [#1080]
  • Fix cwd initialization from non main thread forks [#1087]
  • Fix netmask: Faster filter processing on PT_IPV4NET [#1091]
  • Fix evt.abspath filter parsing: Don't compare the filter name against the whole string [#1093]
  • Allow fd.port to be used with in operator [#1101]
  • Allow evttype filters to work with syscalls [#1100]
  • Preserve order between catchall & other filters [#1103]
  • Detect tracer fds that were created before sysdig starts up [#1113]
  • Write trailing newlines immediately even in JSON mode [#876]
  • Fix for Linux 4.17 socket ops->getname API change [#1161]
  • http_code type should be long not int [#1159]
  • Replace the raw pointer with a weak_ptr that will become NULL when the parent threadinfo goes out of scope [#1143]
  • string_to_cmpop is used in the lua api callbacks for parsing filters [#1153]
  • gcc-7 requires to use std::function [#1158]
  • Sanity check ptid/comm pointers [#115]
  • Fix a malformed URL that was causing a 301 from the docker daemon; get docker image tag from images endpoint [#1174]
  • Fix wrong handling of old docker versions [#1175]
  • Several changes to update the flags used for filterchecks to make them accurately reflect how they can be used [#1109]
  • Make sure the agent compiles under cygwin [#1119]

Misc

Assets 2
Loading