Skip to content

0.21.0
Compare
Choose a tag to compare
@mstemm mstemm released this 29 Mar 23:44
· 664 commits to master since this release
0.21.0
567c2e2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New Features

  • Track Versioning in Capture Files: With this release, we will increment the pcap major/minor version in capture files when a release adds new event types, additional event fields, etc. that are incompatible with earlier sysdig versions. [#1081] [#1084]
  • Add s390x as a platform using Docker [#1029]
  • When saving container information, also store certain mesos-related environment information associated with the first process in the container [#1021] [#1057]
  • New filtercheck fd.connected returns whether or not a network connection file descriptor is actually bound to a remote endpoint. Think of udp sockets that only use sendto() vs udp sockets that use connect() and then send(), or tcp sockets that have been created but not connect()ed yet. [#1051]
  • New filtercheck fd.name_changed is true when an event changes the connection information for a connection fd. This can occur in some cases such as udp connections where a connect() changes the connection information for a fd.
  • Make the thread table size configurable via sinsp::set_max_thread_table_size() [#1056]
  • Add support for new AWS Linux 2 AMI [#1058]
  • Add process group id to execve events [#1044] [#1080]
  • Improved windows support [#1063] [#1069]
  • Use gcc 5 by default to compile properly on Ubuntu Xenial, remove gcc 4.9 [#1067]
  • Expand the set of system calls returned by the driver when in dropping mode [#1075]
  • Handle AT_FDCWD arguments to linkat, openat, etc. and resolve the path relative to the cwd [#1020]
  • Update fetching kernel sources for recent Debian releases [#1083]

Bug Fixes

  • When used with Falco, Allow "in" operator to work with non-string values [#1049] [#1073] [#1072]
  • Make sure inspector does not dereference scap handle until initialization is complete [#1048]
  • When extracting fields from a formatted filtercheck string, handle cases where the filtercheck includes array indexing like proc.aname[2] [#1047]
  • Fix incorrect assignment of client/server role for UDP sockets that initially do a recvfrom() followed by a later connect() [#1053]
  • Cleanups to c++ friend usage [#1066]
  • Fix bugs when matching fd.*net filterchecks, change them to filter only (e.g. not printable) [#1070]
  • Improve handling of socket/bind events to set protocol/role [#1071]
  • Fix fd.directory filtercheck for short paths like /file [#1074]
  • Small improvements/fixes to various fs-related syscalls [#1076]
Assets 2
Loading