This is a large release with a number of new gadgets and improved functionality for existing gadgets.
New Gadgets:
- DNS: captures DNS requests
- Process collector: gathers information about currently running processes
- Socket collector: gathers information about currently open TCP and UDP sockets
- Seccomp Policy Advisor: generates seccomp policies based on captured syscalls. Optionally integrates with the Kubernetes Security Profiles Operator (Currently CRD only, no CLI)
- Biolatency: wrapper for the BCC biolatency tool (Currently CRD only, no CLI)
Improvements to the BCC tools wrappers
- Enriched output including namespace, pod and container
- Support for JSON output using the –json flag
- Support for using BTF with tools mode core
- Support for automatically downloading BTF symbols from BTFHub
Other improvements
- Added support for arm64 on both Linux and Darwin
- New hook mode: fanotify. Allows capturing container creation from the very beginning (runc specific).
- New way of controlling traces programmatically through a Trace CRD.