All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog.
Types of changes:
- Added: for new features.
- Changed: for changes in existing functionality.
- Deprecated: for soon-to-be removed features.
- Removed: for now removed features.
- Fixed: for any bug fixes.
- Security: in case of vulnerabilities.
0.7.0 - 2024-12-17
- falcoctl to manage driver download and installation in containers
- Bump falco libs to 0.18.1 and drivers to 7.3.0+driver, falcoctl 0.10.0
- Bump UBI to 9.4-1214.1729773476
- falco-driver-loader - replaced with falcoctl
0.6.3 - 2024-04-07
- Bump xxhash to 0.8.2 (includes s390x fixes)
- Fix main thread issue
0.6.2 - 2024-03-04
- Fix segfaulting issues in k8s/kind
0.6.1 - 2024-02-23
- s390x support for libSysFlow
- Bump Falco libs to 0.13.4 and drivers to 6.0.1+driver
- Update build pipeline to use shared libelf
- Bump UBI to 9.3-1552
0.6.0 - 2023-11-28
- CO-RE eBPF driver support
- Update c++ compatibility to c++17
- Add sparsehash as part of compiled dependencies
- Bump Falco libs to 0.12.0, driver to 5.1.0
- Bump Falco to 0.35.1
- Bump UBI to 9.3-1361.1699548029
0.5.1 - 2023-06-07
- Add support for renameat2 system call
- Strip binaries and static libraries before packaging (to reduce package sizes)
- Add cwd (current working directory) attribute to process object
- Add env (environment variables vector) attribute to process object
- Add configuration object cleanup in sysflow context object destructor
- Bump Falco libs to 0.11.2, driver to 5.0.1
- Bump Falco to 0.34.1
- Bump UBI to to 8.8-854
- Bump GHC Filesystem version to v1.5.12
- Bump elfutils to 0.187
- Replaced mumurhash with xxhash
- Updated libSysFlow to new libsinsp events API
- Updated build for libtbb v2021.8.0 (updated in Falco libs)
- Remove duplicate config variable assignment in sysflow context constructor
- Fixed getPath and getAbsolutePath functions in utils (caused paths for AT syscalls to resolve to an empty string)
- Fix path sanitization (libsinsp PR981)
0.5.0 - 2022-10-17
- Add libsysflow
- Add example consumer of libsysflow
- Add support for k8s pod and event objects
- Add build pipeline and static libraries based on musl
- Add better exception handling with error codes
- Add support for bundled builds of libs and libsysflow
- Add libs system call specialization support
- Add collection modes
- Add documentation for libsysflow
- Add collection modes for libsysflow
- Refactor the src directory to separate the collector and libsysflow
- Package static linked binary (based on musl build) into binary packages
- Bumped Falco libs to 8cca3ab
- Bumped UBI to 8.6-943
- Fix stop condition for traversing process tree
- Fix exepath in execveat events
- Fix logging error from google init
- Fix (partial) missing values in process exec paths
- Shutdow glog during driver destruction
- Added logging cleanup on constructor exception
0.4.4 - 2022-07-26
- Bumped UBI version to 8.6-855
- Copies dkms to runtime image
- Revert clang version to clang-9 in docker image (eBPF prove is failing checks on clang-13)
0.4.3 - 2022-06-21
- Add plugin dir configuration to systemd service
0.4.2 - 2022-06-13
- Bumped SysFlow version to 0.4.2
0.4.1 - 2022-05-26
- Bumped UBI version to 8.6-754
- Compiles from source and links libelf, glog, and snappy statically to sysporter
- Packages dkms sources and installation script as part of binary packages
- Removed binary package requirements from installers
- Add DRIVER_OPTS binary packages configuration environment for the driver loader
- Add optimization options in binary package configuration
- Update default configuration settings for binary package
0.4.0 - 2022-02-18
- Packaging in deb, rpm, and targz formats
- Updated to use falco-libs and falco pre-0.31.0
- Compilies avro and json statically into syspoter
- Updated collector usage string to document -u and -w flags
- Collector now tries to reconnect when the processor socket connection is severed
- Updated CI to automate packaging or release assets with release notes
- Bumped UBI version to 8.5-226.
- Removed header imports causing a conflict between validate-json and json libraries built by falco libs
- Cleanup module paths and makefiles
- Remove build dependency on sysdig (uses falco libs now)
0.3.1 - 2021-09-29
- Bumped UBI version to 8.4-211.
0.3.0 - 2021-09-20
- Trace file information to SysFlow header object
- Concurrent export of SysFlow traces to socket and file
- Moved away from Dockerhub CI.
- Upgraded to sysdig 0.27.1
- Tracking latest sysflow APIs.
0.2.2 - 2020-12-07
- Upgraded system packages in base image
- Tracking latest sysflow APIs.
0.2.1 - 2020-12-02
- Tracking latest sysflow APIs.
0.2.0 - 2020-12-01
- Added optional enabling of ProcessFlow objects through
ENABLE_PROC_FLOW=1
. - Added enablement of sysdig syscall drop mode support through
ENABLE_DROP_MODE=1
. - Added ability to disable non-file related FileFlows with
FILE_ONLY=1
. - Added ability to disable, limit file read based fileflows with
FILE_READ_MODE=
.0
enable all file reads.1
disable all file reads.2
disable file reads to:"/proc/", "/dev/", "/sys/", "//sys/", "/lib/", "/lib64/", "/usr/lib/", "/usr/lib64/"
- Added LLVM to support eBPF probes in future release.
- Added Non-RHEL dependent developer build based on centos packages.
- Added debug Dockerfile for performance profiling with google-perf-tools.
- Port to sysdig probe 0.27.0.
sysporter
now compiled with optimization 3.
- Fixed parenting issue for multi-thread applications.
- Fixed performance bottlenecks around utils::getExportTime function.
- Fixed command line parsing issue on PPC and Z platforms.
0.1.0 - 2020-10-30
- Added support for containerd; container runtime auto-detection.
- Removed dependency to ncurses.
0.1.0-rc4 - 2020-08-10
- Added node IP field to the header.
- Added entry field to the process object.
- Implemented ProcessFlow object.
- Added mmap support for files.
- Add labels for container images.
- Embed license file inside the container image.
- New Avro schema (version 2).
- Increased the nf/ff expire time to 60 seconds.
- Port to sysdig probe 0.26.7.
- Increased
sf-collector
version to the latest release candidate 0.1.0-rc4. - Adding patch level to comply with semantic versioning.
- Fixed SIGTERM bug.
- Fixed container context to prevent a sysporter crash due to a null variable.
- Fixed memory leak found in sysdig 0.26.4 [CRITICAL].
0.1-rc3 - 2020-03-17
- Added domain sockets as additional output to the collector..
- Ported base image to ubi/ubi8.
- Split the base/mods images from runtime image to speedup CI cycles.
- Changed logger to use glog.
- Updated filesystem module to version v1.2.10 (for computing canonical paths).
- Increased
sf-collector
version to the latest release candidate 0.1-rc3.
- Fixed ppid issue with children missing parent processes that terminate before a child is spawned.
- Fixed issue 12.
- Fixed issue 13.
- Fixed corrupt memory error that caused coredump when using domain socket interface.
0.1-rc2 - 2019-11-08
- Port to Sysdig probe 0.26.4.
- Increased
sf-collector
version to the latest release candidate 0.1-rc2.
- Added script for debugging collector with Valgrind.
0.1-rc1 - 2019-10-31
- First release candidate of SysFlow Collector.