Skip to content

v0.2.0

Compare
Choose a tag to compare
@qjerome qjerome released this 11 Apr 14:14
· 302 commits to main since this release
883b76c

Changelog:

e8c60be - improved xtask and provide a way to configure custom bpf-linker
880f21a - Added xtasks commands to build build-tools (LLVM and bpf-linker)
f7b826e - Created types.h not do depend on kernel headers to build project
24009a8 - Shim building is made with bindgen crate instead of command line
9d51b87 - added info.event.source field, to be used by external tools to identify kunai logs
0cb6c14 - fix #4: "file not found" error string when the file does not exist
7e93900 - stabilizing read_kernel_at for 5.4
6b13658 - fix #3
8f23823 - fix ci failing because of --free-space option
b8d2705 - implemented task clone probe and event
d7d5004 - implemented a way to test kernel compatibility
f274cfb - prioritize tracepoint + utility functions
d3a5eb8 - prctl probe implemented
9aedaba - fix event processing bug leaving always one event in queue
7eb7c2d - fix #12
b24be6f - gene integration
d0ef7c7 - fix #23
c9c6d51 - fix #25
7fba77d - fix #26
92209bc - implementated IoC scanning fix #22
e808367 - fix #27
a4295d4 - fix #30 fix #21
d24fc25 - fix namespaces tests
a26220e - new Container enum
7ee8795 - minor refactor in namespaces.rs
1980f61 - fix #20 : parent image is set to "kernel" when parent is a kthread. Also fix ancestors.
35aac7c - refactored correlation related struct and fn to be less confusing
83a9dfb - fix #17 : data model harmonization
9f83a87 - fix file_unlink probe reporting bpf errors in very specific conditions
a93fc76 - fix #35 bug in schedule probe
da93fa5 - fix #36 error in prctl probe
a3ce05b - fix #34 error in clone probe
d459e20 - detect containers on procfs
b217037 - new probe for finit_module
b0fd394 - fix #38 simplify clone probe
adc104f - fix #16 improved errors happening in BPF and refactored kunai-common
7bbdae9 - improved dns_query related probes in the aim of removing all possible errors
b2ed03e - new podman container
52fbfbf - fix issue #48 in eBPF cgroup parsing we now give a chance to userland to resolve cgroup
09ce207 - fix #50 removed completely FdMap
f0e0f97 - fix #53 ancestor in all events
75bb362 - fixed bug if KernelVersion::from_sys
9b85d44 - improved perf of write events with caching
4edac4a - fix #54 remove mount event
d4efffe - migration to latest stable Aya \o/