v0.10

Major changes

This is a big release with some new major features added (though we still stay within minor version update, as there might be still some minor breaking changes). Most notable changes:

• Function arguments capture (-A argument). Retsnoop now can capture all input arguments for all traced functions and print them in human-readable form. See README for more details.
• Injected probes (-J). In addition to traced functions specified with -e and -a flags, it's now possible to also specify a single-point injected probes (kprobes, kretprobes, tracepoints, and raw tracepoints). Note that for kprobe, it's possible to specify extra offset (e.g., -J kprobe:bprm_execve+12), which allows to trace inlined functions and internals of functions (normally retsnoop only traces function entry and exit). See README for more details.
• Retsnoop can also capture extra context for injected probes, just use -A and -J together. For kprobes and kretprobes registers state is captured, for tracepoints and raw tracepoints their actual arguments are captured. See README for more details.
• (Breaking change!) It's now possible to enable only function call trace mode (-T) separately from default call stack mode. The latter now is controlled with -E flag. The important distinction and a breaking change is that with function call trace mode --success-stacks/-S option is implied, which makes most sense for function call tracing. When retsnoop -E is specified, even with -T, the original behavior of tracing and emitting only erroring call stacks (i.e., those that end up returning error from entry functions specified with -e arguments). So, in short:
  • retsnoop -T emits all function call trace, both successful and erroring;
  • retsnoop -E (or just retsnoop, as -E is the default mode) emits only erroring call stacks (no function call traces);
  • retsnoop -E -S will emit call stacks only (no function call traces), but both erroring and successful ones;
  • retsnoop -E -T will emit both call stacks and function call traces, but only erroring ones;
  • retsnoop -E -T -S will do both call stacks and function call trace for both successful and erroring cases.
• Added kernel module BTF support, improving tracing functions defined in kernel modules.
• Added advanced configuration options, specified with -C flag. See retsnoop --config-help for list of supported options and more details.
• Significant rework of --help output.
• Many smaller bug fixes and usability improvements.

What's Changed

• Fix typos in README by @Antiz96 in #57
• Makefile: use LDFLAGS for linking by @martinetd in #58
• Makefile: Update variables for package builds with external artifacts by @martinetd in #56
• Makefile: Do not rebuild the sidecar if not the default path by @martinetd in #59
• Support module BTF and lots of log improvements by @anakryiko in #60
• Lbr improvements by @anakryiko in #61
• Retsnoop session revamp by @anakryiko in #62
• Retsnoop function args capture support by @anakryiko in #63
• Retsnoop config and function args capture polish by @anakryiko in #64
• Bump gimli stack by @michel-slm in #66
• Retsnoop vararg support in printf-like functions by @anakryiko in #68
• retsnoop: make func call trace and call stack modes independent by @anakryiko in #69
• Retsnoop injection probes and other improvements by @anakryiko in #70
• retsnoop: handle idle threads properly by @anakryiko in #71
• Retsnoop improvements for LBR, stitched stacks, and interim stacks by @anakryiko in #72
• Retsnoop ARM64 improvements by @anakryiko in #75

New Contributors

• @Antiz96 made their first contribution in #57

Full Changelog: v0.9.8...v0.10