Releases: ti-mo/conntracct
0.2.7 - bugfix for kernel 4.16.x and lower
Conntracct 0.2.6 failed to load on kernels between 4.9.x and 4.16.x due to a BPF function not being inlined.
Changelog
7100893 bpf - change __inline to __always_inline to force inlining of all functions
0.2.6 - Invalid conn sample bugfix
This is an important bugfix, any users are highly encouraged to upgrade.
Previously, we were sampling events related to broadcasts and multicasts
that were never inserted into the conntrack table. Conntrack has
protocol-specific handlers that may give some flows an early drop if tracking
them doesn't make much sense.
These events are now dropped, since they were cause unbounded growth in the
internal bookkeeping BPF map. Another plus: the first packet of a flow no
longer has an empty start timestamp!
Changelog
a18175c Merge pull request #34 from ti-mo/drop-invalid-conn-samples
4e1e471 bpf - ignore samples for invalid flows (ct->status == 0)
09fca1d bpf - no longer expect the start timestamp of the first flow event to be zero
2898a56 bpf - update prebuilt ELF binaries
0.2.5
Changelog
e97d97d Add support for kernel 5.5 and up, disable CONFIG_CC_HAS_ASM_INLINE
cda965d Leftover improvements from arm6/7 porting attempt
e299d42 Merge pull request #28 from ti-mo/support-kernel-5.5
531030b Merge pull request #29 from ti-mo/remove-cgo
8c74a2c Merge pull request #31 from ti-mo/arm-builds
4ff121a Merge pull request #32 from ti-mo/sink-elastic-upsert
201329f README.md - rephrase overview, add compatibility chart
b4b1a7f Remove CGO dependency by adopting cilium/ebpf
efdb4d3 bpf - make nf_conn memory address 64 bits wide
e73cf57 bpf - strongly-typed map definitions, use _inline instead of attribute...
ebd6d61 bpf/acct.c - downsize initial flow{cooldown,origin} max_entries
d558b94 go.sum - tidy stale ebpf dependency
63c1c99 magefile - build with CGO_ENABLED=0
8128484 pkg/bpf - clean up trace and perf events in Close()
cc1d4c8 pkg/bpf - remove overengineered errWorker infrastructure. unmarshal errs = panic()
3772d59 pkg/bpf - show selected probe version when bpf load fails
0f59ee9 sinks/elastic - upsert a single document per flow instead of sampling
0.2.4 - Deterministic Flow Hashing with Blake3
Changelog
47d42e7 Merge pull request #27 from ti-mo/probe/flow-hash
99f03b4 docs - es: notes on building bw graphs in Kibana/Grafana
7c76099 pkg/bpf - FlowID field with blake3 flow hash
8940173 pkg/bpf - downsize flow_id to 32 bits, use Hasher sync.Pool
ad437fd sinks/elastic - change flow_id to 'keyword' to make searchable
0.2.3 - Periodically recalculate boot time offset
This release fixes an issue with a timestamp discrepancy when suspending a machine while conntracct was running. The boot time offset is now recalculated every 2 seconds.
Changelog
- b99a251 .goreleaser - remove archive filename replacements
- 5a7dde8 Merge pull request #26 from ti-mo/boottime/recalculate
- fb91d5d pipeline,cmd - trap SIGHUP, warn when kprobe_events cannot be written to
- 22b47a1 pkg/boottime - re-calculate boot time every 2 seconds
- c34bc29 sinks - use boottime.Absolute to obtain absolute event time stamps
First binary release!
InfluxDB and StdOut sinks
First release of the tool, featuring InfluxDB and StdOut sinks.
Basic sink configuration format.