Skip to content
This repository has been archived by the owner on Nov 19, 2021. It is now read-only.

Releases: criticalstack/swoll

v0.1.5

10 Feb 19:33
da26d28
Compare
Choose a tag to compare

This is a minor release.

  • Added latency helpers and display
  • Added a CFLAG to the BPF Makefile to fix potential compile errors on newer kernels.

v0.1.4

04 Feb 17:55
4658a5b
Compare
Choose a tag to compare

image

In-kernel filtering has been reworked!

  • Along with a cleaner userland API:
	filter := kernel.NewFilter(probe.Module())
	if err := filter.AddRule(
		kernel.NewFilterRuleN(
			kernel.FilterRuleSetModeSyscall(),
			kernel.FilterRuleSetSyscall("execve"),
			kernel.FilterRuleSetPidNamespace(4026531836),
			kernel.FilterRuleSetSampleRate(10),
			kernel.FilterRuleSetActionAllow())); err != nil {
		log.Fatal(err)
	}
	if err := filter.Enable(); err != nil {
		log.Fatal(err)
	}
        fmt.Println(filter.GetRunning())
  • The kernel filtering has been optimized, now with fewer branches!

Changelog

4658a5b A cleaner API for filtering. (#10)
950b701 README

v0.1.3

29 Jan 17:08
64cf876
Compare
Choose a tag to compare

image

  • Moved the bindata generated Assets api for public (non-lib-internal) use.
  • event.Trace->Argv is now a call.Function instead of a naked interface{}
  • Added call.Function.Arguments() accessor method.
  • Moved cmd/loadBPFargs helper function into cmd/loader.go
  • Removed event.TraceEvent.WithTopology (now covered by WithContainerLookup
  • event.TraceEvent.WithContainerLookup is now used as a callback for resolving
    pid-namespace->container info.
  • Added kernel.Probe.DetectAndSetOffsets() helpers for auto-discovering proper struct
    member offsets using the running kernel.
  • kernel.Probe.InitProbe() now has optional configuration options
    • WithOffsetDetection() - struct task_struct member offset detection
    • WithDefaultFilter() - sets up default kernel filters for the BPF
  • Moved hub.Hub under the Topology API (pkg/topology)
  • Moved hub.Job under the Topology API (pkg/topology)
  • the Hub API no longer uses its own hub.Observer, this is derived from the
    Observer it was created with.
  • A metric load of documentation additions along with some pretty verbose
    examples. Check them out here: https://github.com/criticalstack/swoll/tree/v0.1.3/examples

v0.1.2

17 Nov 15:38
fc45033
Compare
Choose a tag to compare

Changelog

6969f1e Replace drone with GitHub Actions
fc45033 Update create-release.yaml
184a0f9 Updated README.md
d1df6f6 updated helm charts (thanks @ktravis)