Bug fixes

• Fixed segfault that happens at startup (#1475, #1528)
• Fixed memory leaks from certain thread/socket operations (#1491)
• Fixed handling of SEND_SIG_NOINFO in the eBPF driver (#1493)
• Fixed a regression in reading certain partial container events from scap files (#1513)
• Updated use of Kubernetes APIs to support v1.16 (#1521)
• Fixed rare driver deadlock that could occur during a context switch (#1522)
• Fixed EPEL repo link in the install script (#1534)
• Added more detail to probe loader error message (#1541)

Bug fixes

• Fixed docker builds (#1492)

Internal changes

• Prevent double-definition of ASSERT macro (#1490)

New Features

• Added fillers for chmod syscalls (#1472)
• Added support for reporting cpu usage per docker cpuset (#1473)

Bug fixes

• Fixed build error on older Linux kernels (#1477)
• Fixed driver build for RHEL 7.7/4.13+ w/CONFIG_VIRT_CPU_ACCOUNTING_GEN (#1471)
• Fixed cmake to look for pkg-config before building grpc (#1470)
• Fixed printing of strings (#1466)
• readv input parsing improvements (#1463)

Internal changes

• Fixed comment about scap minor version (#1476)

New features

• Suport Kubernetes liveness/readiness probes [#1320]

Bug fixes

• Fix kernel panic when tracing signals that use SEND_SIG_NOINFO [#1460]
• Add prebuilt probes for CoreOS on OpenShift 4
• Fix eBPF probe for ChromiumOS [#1431]
• Fix edge cases in handling clone() and prlimit() system calls [#1401, #1465]
• Stability and performance fixes

Bug fixes

• Changes to build the kmod with 5.1 kernels [#1413]
• Explicitly disable psl to address build failures on MAC OS [#1417]

Internal changes

• Fix handling of container metadata in "infra" events [#1418]

New features

• Perform docker metadata fetches asynchronously: When new containers are discovered, fetch metadata about the container asynchronously, which should significantly reduce the likelihood of dropped system call events. [#1326] [#1378] [#1374] [#1381] [#1373] [#1382] [#1388] [#1389] [#1384] [#1392] [#1396] [#1411]
• Add field to display time in ISO 8601 UTC [#1317] [#1360]
• Performance improvements of ring buffer processing [#1372]
• Support major/minor device numbers for fd events [#1315] #1383]
• Add the ability to prepend encoded log severity in the log message [#1327]
• Raise the iov limit in eBPF [#1390]
• Changes to pull user event logging out into a separate component. [#1375]
• Log a debug message when looking up an IP address of an incomplete container [#1398]
• Support cri-o container metadata caching [#1399]
• Logging API with lazy parameter evaluation [#1394]
• Support BPM container type [#1319]

Bug fixes

• Fix bug in fullcapture range check [#1386]
• Allow chisels to receive the full content of big buffers. [#1361]
• start the analyzer before forcing next for a scap file [#1366]
• Create a grpc_channel_registry for all channels [#1369]
• Modified the behavior of fullcapture port range [#1370]
• Check file before dereferencing [#1397]
• Fix build for older kernels (<3.9) [#1400]
• Added -fno-stack-protector to avoid clang errors [#1401]
• Addl loop prevention for traverse_parent_state [#1411]

Internal changes

• Add interfaces for async metrics collection [#1346]
• Use epel 7-11 (7-9 is no longer available) [#1362]
• Make some global variables related to fetching container state thread-local [#1356]
• Allow downloading prebuilt modules without SSL verification [#1358]
• add test helper to container manager. [#1365]
• Cleanup old docker images after building a new ebpf-probe-builder [#1367]
• valgrind clean for analyzer end to end test [#1387]
• flush flags change to new namespace, add code enabling easy use of sinsp_threadinfo in std::set/map [#1395]
• add friend class for unit testing [#1406]

New features

• Support Linux 5.0
  • Redefine asm_volatile_goto needed for 5.0 kernels (#1332)
  • Update for change to access_ok in Linux 5.0 (#1302)
• CRI container runtime support
  • runtimeSpec.linux returned by containerd is an object, not an array (#1343)
  • Fix gRPC build with gcc 7 (#1322)
  • CRI-O container support (#1310)
  • Fix check for Docker pause containers [SMAGENT-1305] (#1306)
  • Detect CRI pod sandbox containers (#1297)
  • Container Runtime Interface support (#1277)
• Prebuilt probes
  • Prebuild minikube kernel modules (#1294)
  • Build probe modification to include Fedora-Atomic. [SMAGENT-1251] (#1293)

Bug fixes

• Fix for newer versions of LXC not being detected (#1345)
• Build fixes
  • [SMAGENT-1433] pull legacy GCC artifacts from local cache as debian no longer supports (#1342)
  • Use TBB_INCLUDE_DIR for consistency w/ falco agent (#1329)
  • SMAGENT-1297: Rebuild gcc-plugins before building kernel module (#1305)
  • Modified BPF probe builder (#1301)
• Stability fixes
  • Call set*ent() before reading the user/group NSS database (#1341)
  • Properly initialize default settings for tracers (#1339)
  • Fix bpf ptrace filler (#1338)
  • Fix potential memory leak in libelf (#1337)
  • Fix case where fclose could be called twice. (#1330)
  • Handle mmap failure gracefully (#1324)

Internal changes

• Add stream event details in csysdig output (#1335)
• SMAGENT-1400: Make sinsp_logger thread-safe (#1333)
• Never drop socket syscalls to ensure we have fdinfo for subsequent binds. SMAGENT-1270 (#1312)
• Infer fd info for sendto system call [SMAGENT-1282] (#1304)
• Async framework base [SMAGENT-1247] (#1303)
• Handle events for unknown threads after scap start [SMAGENT-1082] (#1296)
• Add ability to print filtercheck field names only (#1288)

New Features

• Added the ability to specify a set of ports where data is captured with bigger snaplen (20000) (#1256)

Bug Fixes

• Made fd resolution work for getsockopt (#1280)
• Check getsockopt event before accessing it (#1284)
• Fixed snprintf placeholder for size_t/{u,}int64_t (#1279)
• Disabled reading environment from /proc by default (#1272)
• Excluding suppressed processes during initial /proc scan (#1269)
• Fixed Windows build in CYGWIN environment (#1270)
• Changes to eliminate warnings with gcc 5.4 (#1271)
• Trigger build errors for extra compiler warnings (#1265)
• Handling thread table overflows (#1263)
• Deleted threadinfos that we failed to add to the thread table (#1260)
• Reduce CPU usage (#1261)
• Lua parser interfaces (#1254)
• Fixed a compile issue when trying to make the project using VS2017 on Windows 10 (#1248)
• Added ifdef guards to socket options with (#1257),(#1258)
• Improved getsockopt()/setsockopt() support (#1188)
• Fix fd.net comparisons with in operator (#1252)
• Only check out sysdig for initial invocation (#1251)
• Build probe modules only with sysdig directory (#1244)
• Fixed spelling and copy/pased comment errors (#1250)

Bug Fixes

• Fix struct packing[#1246]

New Features

• Switch to Apache 2.0 License: All userspace code moves from GPL to Apache 2 license. Kernel module switches to dual-license MIT + GPLv2. Enjoy! [#1233] [#1242]
• Complete IPv6 Support. Sysdig previously had partial IPv6 support, but this release rounds out full support for ipv6 addresses in filter fields, csysdig, etc. [#1204]
• loginuid support. Add user.loginuid & user.loginname to track login users, which do not change despite sudo/su operations. [#1189] [#1214] [#1218] [#1219] [#1227]
• Track connections by domain name: New fields fd.*ip.name allow matching connection ips with resolved domain names. [#1213]
• Add endswith filter to support suffix matching on strings [#1209]
• Add minikube support to the kernel module probe loader script [#1205]
• Improve error string return handling at startup/when reading capture files [#1215]
• Disable boot2docker kernel module builds for pre-built kernel modules [#1232]
• eBPF Support Improvements/Fixes [#1235] [#1236] [#1237] [#1239]

Bug Fixes

• Improve/fix windows build [#1242]
• Don't drop setns events when in dropping mode [#1198]
• At startup, wait a bit for an existing sysdig-probe module to be unloaded before loading a new one [#1201]
• Support extracting container metadata for containers spawned with just an image id and not an image name [#1207]
• Properly extract image metadata when the image contains a host:port component [#1206]
• Minor compilation bug fixes [#1212]
• Small packaging fixes [#1228] [#1229] [#1231]
• Fix an inconsistency when writing capture files containing unknown fds [#1234]