Skip to content

Releases: falcosecurity/libs

8.0.0+driver

20 Jan 13:23
Compare
Choose a tag to compare

API
SCHEMA

Driver Testing Matrix amd64

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-4.19 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2-5.10 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.15 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2023-6.1 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.0 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.7 🟢 🟢 🟢 🟢 🟢 🟢
centos-3.10 🟢 🟢 🟢 🟡 🟡 🟡
centos-4.18 🟢 🟢 🟢 🟢 🟢 🟢
centos-5.14 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.17 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.8 🟢 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-3.10 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-4.14 🟢 🟢 🟢 🟢 🟢 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-5.4 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-4.15 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-5.8 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

Driver Testing Matrix arm64

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-4.14 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢 🟢
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

v8.0.0+driver

Released on 2025-01-20

Major Changes

Bug Fixes

  • fix(driver/bpf): fix sys_poll_x verifier bug on fedora 40 [#2095] - @albe19029

Non user-facing changes

  • fix(driver): take the unix path directly from the kernel [#2215] - @Andreagit97
  • fix(modern): move args declaration at the beginning [#2220] - @Andreagit97
  • fix(driver): include jiffies.h to prevent warning about missing prototype [#2143] - @hhoffstaette
  • fix(driver/bpf): fixed a typo in old ebpf probe code for linux >= 6.11. [#2114] - @FedeDP
  • chore(driver/bpf): properly include sched.h in types.h since it uses TASK_COMM_LEN [#2087] - @FedeDP
  • fix(schema): make OPENAT2_E DIRFD_PARAM point to the right param [#2084] - @gnosek

Statistics

MERGED PRS NUMBER
Not user-facing 6
Release note 3
Total 9

Release Manager @FedeDP

0.20.0

20 Jan 13:18
Compare
Choose a tag to compare

MIN_DRIVER_API
MIN_DRIVER_SCHEMA

v0.20.0

Released on 2025-01-20

Breaking Changes ⚠️

  • fix(libsinsp)!: make proc.p* (proc.pname...) behave like proc.a*[1] (proc.aname...) [#2230] - @LucaGuerra
  • cleanup(userspace/libsinsp)!: drop m_program_hash and m_program_hash_scripts from threadinfo [#2222] - @FedeDP

Major Changes

  • new(driver): add arguments for sendmmsg and recvmmsg syscalls [#2027] - @Molter73
  • new(userspace/libsinsp): proper containerd engine support [#2195] - @therealbobo
  • new(userspace): plugin api to dump async events [#2152] - @FedeDP

Minor Changes

  • chore(libsinsp_e2e): add unix_udp_client_server_read test [#2231] - @therealbobo
  • cleanup(userspace/libsinsp): call sinsp_observer methods after an event has been processed by all parsers [#2222] - @FedeDP
  • update(elftoolchain/libelf): update to r4073-0 [#2226] - @LucaGuerra
  • update(userspace/libsinsp): sinsp_container_manager can now handle multiple CRI engines simultaneously [#2141] - @leogr

Bug Fixes

  • fix(driver): properly add back fallback to user data when peer socket data is missing [#2231] - @therealbobo
  • fix(driver/modern_bpf): lower sendmmsg and recvmmsg loop support to 8 to avoid limit size failures [#2231] - @therealbobo
  • fix(driver): add a check on the SCHEMA version compatibility [#2228] - @Andreagit97
  • fix(libsinsp): do not reformat input buffer strings while applying arg filters [#2214] - @LucaGuerra
  • fix(libsinsp): enable metrics collector on all platforms [#1870] - @mrgian
  • fix(userspace/libsinsp): use comm file instead of status to get proc comm [#2197] - @FedeDP

Non user-facing changes

  • fix(libsinsp/runc): typo [#2244] - @therealbobo
  • fix(libsinsp/runc): augument containerd filter [#2242] - @therealbobo
  • fix(libsinsp): allow reading scap from stdin [#2241] - @therealbobo
  • cleanup(ci): use github-provided arm runners [#2236] - @FedeDP
  • docs(userspace/libsinsp/filter/parser): fix grammar doc [#2239] - @leogr
  • chore(libsinsp/runc): report correct container id with short cid [#2238] - @therealbobo
  • docs(userspace/libsinsp/filter/parser): update grammar doc [#2237] - @leogr
  • fix(libsinsp/runc): use old logic and fallback for containerd [#2235] - @therealbobo
  • fix(test/libsinsp_e2e): fixed tcp related libsinsp_e2e tests. [#2234] - @FedeDP
  • refactor(libsinp): refactor filter transformers to use interfaces [#2224] - @therealbobo
  • fix(userspace/libsinsp): keep event thread after execve [#2212] - @erthalion
  • cleanup: avoid including libscap/strl.h in connect_x [#2225] - @Andreagit97
  • new: make ACCEPT_{E,X} and ACCEPT_5_E converter-managed [#2211] - @ekoops
  • fix: dangling pointer and mixed-signedness warning [#2223] - @federico-sysdig
  • update(driver): update syscalls tables and driver report. [#2219] - @github-actions[bot]
  • chore(ci): bump zig version. [#2218] - @FedeDP
  • cleanup(libsinsp): remove assert that may trigger under normal circumstances [#2213] - @LucaGuerra
  • fix(ci): run apt-get update in coverage ci. [#2209] - @FedeDP
  • new: extend LISTEN_X [#2208] - @ekoops
  • new(driver): update exit events PPME_SOCKET_SOCKET_X with enter params [#2206] - @Andreagit97
  • new(driver): update exit events PPME_SOCKET_BIND_X with enter params [#2205] - @ekoops
  • chore(userspace/libsinsp): move user group manager on container_id changed refresh to a RAII object [#2194] - @FedeDP
  • fix: send enter events also with scap files not only in live captures [#2202] - @Andreagit97
  • feat(sinsp/threadinfo): expose thread uid and gid as static fields [#2196] - @ekoops
  • chore(deps): Bump the actions group with 2 updates [#2204] - @dependabot[bot]
  • chore(ci): fix shared-libs and emscripten CI [#2203] - @Andreagit97
  • cleanup(build): move NOMINMAX definition at compile time for windows builds [#2199] - @FedeDP
  • fix: some issues with Clang 18 [#2201] - @federico-sysdig
  • new(libs): replace elfutils/libelf with elftoolchain/libelf (but with fork this time) [#2175] - @LucaGuerra
  • chore: update pre-commit stages [#2169] - @Andreagit97
  • chore(deps): Bump the actions group with 2 updates [#2189] - @dependabot[bot]
  • cleanup(userspace/libsinsp): drop sinsp m_suppressed_comms unused field [#2191] - @FedeDP
  • fix(userspace/libsinsp): always initialize sinsp_evt with a proper source_idx and source_name [#2190] - @FedeDP
  • chore: fix windows build [#2188] - @Andreagit97
  • cleanup: remove some extra code [#2186] - @Andreagit97
  • new(driver): update exit events PPME_SYSCALL_READ_X and PPME_SYSCALL_PREAD_X with enter params [#2176] - @Andreagit97
  • new(sinsp-example): add gvisor support [#2185] - @Andreagit97
  • update(libsinsp/filter): parse wider whitespace combinations in filter expressions [#2183] - @jasondellaluce
  • update(tests): fix emscripten build [#2184] - @Andreagit97
  • fix(userspace/libsinsp): let plugins parse events before eventually filtering them out through inspector global filter [#2182] - @FedeDP
  • new(userspace/libsinsp): support plugins in sinsp-example. [#2179] - @FedeDP
  • new(tests): introduce a new test helper [#2181] - @Andreagit97
  • cleanup(sinsp): remove some duplicated code [...
Read more

0.20.0-rc2

17 Jan 09:57
Compare
Choose a tag to compare
0.20.0-rc2 Pre-release
Pre-release
chore(ci): switch to github-provided arm64 runners.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

0.20.0-rc1

15 Jan 12:56
Compare
Choose a tag to compare
0.20.0-rc1 Pre-release
Pre-release
fix(test/libsinsp_e2e): fixed tcp related libsinsp_e2e tests.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

0.19.0

25 Nov 16:23
Compare
Choose a tag to compare

MIN_DRIVER_API
MIN_DRIVER_SCHEMA

v0.19.0

Released on 2024-11-25

Major Changes

  • new(userspace/libsinsp): expose get_owner_last_error in plugin's capture listening capability [#2147] - @FedeDP
  • new(libsinsp): add len() filter transformer [#2131] - @LucaGuerra
  • new(userspace/libsinsp): expose threadinfo cgroups in plugins table api [#2107] - @FedeDP
  • new(userspace): added new addOutput json entry for plugin get_field() API [#2116] - @FedeDP
  • new: add container.host_pid container.host_network and container.host_ipc fields [#2047] - @loresuso
  • new(libsinsp): print LIST() in markdown format for list fields [#2091] - @LucaGuerra

Bug Fixes

  • fix(userspace/libsinsp): multiple fixes related to rawargs. [#2130] - @FedeDP
  • fix(build): pkgconfig files should be now generated properly even in static library builds [#2005] - @gnosek
  • fix(build): scap_engine_gvisor is now a separate shared library [#2005] - @gnosek

Non user-facing changes

Read more

0.18.2

20 Nov 09:38
Compare
Choose a tag to compare

MIN_DRIVER_API
MIN_DRIVER_SCHEMA

v0.18.2

Released on 2024-11-20

Non user-facing changes

  • fix(modern): check cred field is not NULL before the access [#2119] - @Andreagit97
  • fix(modern_ebpf): address verifier issues on kernel versions >=6.11.4 [#2150] - @Andreagit97

Statistics

MERGED PRS NUMBER
Not user-facing 2
Release note 0
Total 2

Release Manager @FedeDP

0.18.1

25 Sep 12:58
Compare
Choose a tag to compare

MIN_DRIVER_API
MIN_DRIVER_SCHEMA

v0.18.1

Released on 2024-09-25

Bug Fixes

  • fix(userspace/libsinsp): avoid dereferencing a possible nullptr in parsers [#2081] - @FedeDP

Statistics

MERGED PRS NUMBER
Not user-facing 0
Release note 1
Total 1

Release Manager @FedeDP

7.3.0+driver

18 Sep 07:51
Compare
Choose a tag to compare

API
SCHEMA

Driver Testing Matrix amd64

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-4.19 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2-5.10 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.15 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2023-6.1 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.0 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.7 🟢 🟢 🟢 🟢 🟢 🟢
centos-3.10 🟢 🟢 🟢 🟡 🟡 🟡
centos-4.18 🟢 🟢 🟢 🟢 🟢 🟢
centos-5.14 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.17 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.8 🟢 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-3.10 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-4.14 🟢 🟢 🟢 🟢 🟢 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-5.4 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-4.15 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-5.8 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

Driver Testing Matrix arm64

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-4.14 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢 🟢
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

v7.3.0+driver

Released on 2024-09-18

Major Changes

  • new(driver,userspace): add fields proc.is_exe_lower_layer, fd.is_upper_layer and fd.is_lower_layer for Overlay FS [#1936] - @eddyduer-sysdig

Bug Fixes

  • fix(driver): fixed build against linux 6.11. [#2011] - @FedeDP
  • fix(driver): fix dynamic snaplen logic (SCAP_FULLCAPTURE_PORT_RANGE and SCAP_STATSD_PORT) [#2006] - @Andreagit97
  • fix(driver/bpf): fixed a couple of verifier issues. [#1896] - @FedeDP

Non user-facing changes

Statistics

MERGED PRS NUMBER
Not user-facing 10
Release note 4
Total 14

Release Manager @FedeDP

0.18.0

18 Sep 07:49
Compare
Choose a tag to compare

MIN_DRIVER_API
MIN_DRIVER_SCHEMA

v0.18.0

Released on 2024-09-18

Breaking Changes ⚠️

  • new(sinsp)!: sinsp::open_plugin now takes a sinsp_plugin_platform instead of sinsp_mode_t [#1969] - @gnosek
  • cleanup(sinsp)!: remove static container arguments from sinsp constructor [#2016] - @Molter73

Major Changes

  • new(libsinsp): inspector thread pool [#1949] - @mrgian
  • new(scap, sinsp): linux_hostinfo platform for use with non-syscall source plugins [#1969] - @gnosek
  • new(build): add experimental ThreadSanitizer build [#2014] - @LucaGuerra
  • new(libscap): upon detecting ring buffer corruption, an annotated dump of the whole ring buffer will be printed to stderr [#1997] - @gnosek
  • new(userpsac/libsinsp): support regular expression operator in sinsp filters [#1904] - @jasondellaluce
  • new(libsinsp): add basename() string transformer [#1943] - @LucaGuerra
  • new(ci,docs): added heaptrack to our new perf related CI. [#1932] - @FedeDP
  • new(ci): added perf CI job around scap file read. [#1924] - @FedeDP
  • new(ci): added an initial perf-related CI. [#1918] - @FedeDP
  • new: introduce proc.{stdin,stdout,stderr}.{name,type} fields [#1916] - @loresuso

Minor Changes

  • cleanup(engines): detach per-cpu kernel metrics from global kernel metrics [#2031] - @Andreagit97
  • cleanup(sinsp): add set_static_container method [#2016] - @Molter73
  • cleanup(libsinsp): do not crash on g_invalidchar in windows debug builds [#1990] - @LucaGuerra
  • Fix a bug in libsinsp::filter::ast::binary_check_expr::is_equal(), where two binary check expressions were considered equal even if they had different operators. For example evt.num >= 0 was mistakenly considered equal to evt.num = 0. [#1952] - @mstemm
  • cleanup(libsinsp): introduce param->asstd::string(), add error for unsupported types [#1893] - @LucaGuerra
  • refactor(userspace/libsinsp): polish and enable filter caching [#1906] - @jasondellaluce
  • update(cmake): propagate position-independent code option to dependencies [#1878] - @jasondellaluce

Bug Fixes

  • fix(libsinsp): solve field-field comparison pointer instability issues [#2063] - @jasondellaluce
  • fix(sinsp): plugin capture listen capability exception [#2050] - @mrgian
  • fix(libsinsp/state): ensure deep copy semantics and proper memory ownership in dynamic structs [#2026] - @jasondellaluce
  • fix(libpman): try to get a new event on the same CPU after increasing the producer [#2009] - @Andreagit97
  • fix(userspace/libsinsp): fixed CO_IN filter crafted value. [#2019] - @FedeDP
  • fix(libsinsp): simplify sinsp_split, modify set_env/args [#1962] - @LucaGuerra
  • fix(userspace/libsinsp): assorted pass-by-reference performance optimizations [#1965] - @jasondellaluce
  • fix(libsinsp): use size_type in basename transformer, fix build on Windows [#1945] - @LucaGuerra
  • fix(userspace/libsinsp): solve fdtables 'type' field returning random data [#1903] - @jasondellaluce

Non user-facing changes

  • new(tests): add tests for contains/icontains [#1912] - @LucaGuerra
  • fix(libscap): use the correct memory barrier for ARM64 [#2067] - @Andreagit97
  • ci: pin dependencies [#2055] - @Andreagit97
  • fix(test/drivers): fixed s390x Werror related failures for drivers tests [#2066] - @FedeDP
  • chore(sinsp): rename thread_pool to sinsp_thread_pool to avoid symbol conflicts [#2065] - @mrgian
  • fix(ci): avoid running drivers CI jobs that need secrets in PR coming from forks [#2060] - @FedeDP
  • fix(ci): fix some warnings as error [#2062] - @Andreagit97
  • fix(build): fix tests build warnings (fatal with -Werror) [#2053] - @gnosek
  • chore: ignore the commit used for formatting [#2054] - @Andreagit97
  • chore(libs): apply code formatting [#2051] - @poiana
  • ci(semgrep): update semgrep docker image [#2048] - @francesco-furlan
  • fix(sinsp): fix fs.path filterchecks for relative paths (add dirfd concept) [#1993] - @incertum
  • chore: scaffolding for enabling code formatting [#2038] - @Andreagit97
  • chore(cmake): honor CMAKE_BUILD_TYPE while building bundled grpc and protobuf [#2043] - @FedeDP
  • chore(userspace/libsinsp): only link libanl if present. [#2036] - @FedeDP
  • fix(userspace/libsinsp): fixed a couple of UBs [#2045] - @FedeDP
  • cleanup(ci): don't run drivers CI job that use secrets on forks. [#2041] - @FedeDP
  • Use absolute path for clang executable in modern_bpf driver [#2032] - @Molter73
  • fix(ci): only account for mean values in google benchmarks perf CI checks [#2030] - @FedeDP
  • fix(CI): restore e2e sinsp report uploading [#2024] - @Andreagit97
  • new(ci,benchmarks): added more benchmarks and make use of them in perf CI [#2023] - @FedeDP
  • feat(libsinsp): Add wrapper for read/write lock [#1877] - @greyhame-s
  • update(cri): cri-dockerd support [#1907] - @incertum
  • cleanup(tests): move some scap files under the scap file test suite [#2001] - @Andreagit97
  • new(tests): introduce the first google benchmark [#2021] - @Andreagit97
  • chore: add CMakePresets.json file [#1986] - @Andreagit97
  • chore(ci): update kernel-testing related matrix comment if already existent [#2020] - @FedeDP
  • chore(ci): disable unstable scap-related perf test from perf PR comment and check [#2017] - @FedeDP
  • fix(libsinsp/tests): assorted fixes (memory layout, syn...
Read more

0.18.0-rc2

16 Sep 07:51
Compare
Choose a tag to compare
0.18.0-rc2 Pre-release
Pre-release
fix: fix some warnings as errors

Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>