Release Notes

New Features

• Enhanced Event Tracking: Added support for io_uring_sqe events, improving the tracking of I/O operations.
• Parent Command Line Information: Added parent command line information for execve and execve_script events, providing more context for process execution.
• Filter Information: Included filter information in scan results, making it easier to understand and debug filtering rules.
• Configuration Validation: Added a new command to validate configuration files, ensuring that configurations are correct before deployment.
• Filter Testing: Ability to test filter with the test command

Improvements

• Performance Boost: Increased scan speed by aligning with new gene-rs APIs, resulting in faster and more efficient scans.
• Documentation Updates: Add Linux kernel prototypes to every kprobes and test compatibility in CI/CD
• Code Refactoring: Refactored EncodedEvent to EbpfEvent enum, improving code structure, maintainability and speed.

Fixes

• Linux v6.15 Compatibility: Fixed issues with io_uring probes for Linux kernel version 6.15, ensuring compatibility with the latest kernel versions.
• eBPF Probe Load Failure: Fixed probe loading failure that were silenced out (unintentionally)
• Kernel Tracking Test: Fixed the kernel tracking test in CI, ensuring more reliable test results.
• Unused Event Removal: Removed unused task_sched event and related hooks, cleaning up the codebase.

Maintenance

• Dependency Updates: Updated various dependencies, including tokio and yara-x, to their latest stable versions, ensuring better performance and security.
• Toolchain Upgrades: Upgraded the toolchain and added clippy for better code analysis and quality.
• Release Process: Streamlined the release process by removing unused cargo release configs and updating release scripts.

Change Log

• feat: validate config file by @qjerome in #198
• chore: bump crates by @qjerome in #199
• chore(deps): bump tokio from 1.42.0 to 1.43.1 by @dependabot in #200
• fix: test command missing false negatives by @qjerome in #201
• feat: filter info by @qjerome in #203
• feat: add parent_command_line for execve and execve_script by @Vladimir-A in #192
• perf: increase scan speed by @qjerome in #204
• refactor: EncodedEvent to EbpfEvent enum by @qjerome in #206
• feat: io_uring_sqe event by @qjerome in #208
• fix(ci): pass kernel tracking test by @qjerome in #209
• fix: silent eBPF probe load failure by @qjerome in #210
• fix: io_uring probes for linux v6.15 by @qjerome in #211
• remove: unused task_sched event and related hook by @qjerome in #212
• chore: update dependencies by @qjerome in #213
• doc(ebpf): update match-proto directives by @qjerome in #214

New Contributors

• @Vladimir-A made their first contribution in #192

Full Changelog: v0.5.5...v0.6.0