Releases: retis-org/retis
v1.4.0
This version includes multiple improvements, features and fixes. 119 non-merge commits since v1.3.0! Thanks to everyone who contributed 😄
Auto-completion
Retis now supports auto-completion. For Bash this can be set up using source <(retis sh-complete --shell bash). See the official documentation for more details.
Bitfield support in meta-filtering
Meta filtering allows to match packets based on their metadata, aka. direct field checking in struct sk_buff. This now also supports bitfields. See the official documentation for more details.
Retis inspect command
A new sub-command was added, inspect, to filter and display compatible probes on a running kernel. This can be used to get a list of where Retis could add probes. See retis inspect --help for more information.
Probe-stack mode
A new parameter was added to the collect sub-command, --probe-stack. When this is set Retis evaluates where additional probes could be added based on functions reported in the stack traces; and installs probes on those functions at runtime. See retis collect --help.
Other improvements
- Better support of early Rx and Tx packets.
--skb-sectionsselection simplifications (as a side effectpcapsubcommand does not require a special collection configuration anymore).- ICMPv6, GSO support and better csum info in the skb events. SMP id is also now reported on all events.
- Complete rework of our build system (now using
make). - And many more (logging in BPF, authors file, bug fixes, etc)!
v1.3.2
10 non-merge commits since v1.3.1.
- Wait for probes to be installed before starting the collection of events. This fixes potential inconsistencies in the first events (some missing events and some issues with tracking).
- Updated
btf-rsto 1.1. This fixes a corner case issue where some symbols could not be found, eg. when using user-defined probes.
v1.3.1
A few fixes. 16 non-merge commits since v1.3.0.
- Improved symbols validation.
- Fixed packet size computation in BPF for some cases.
- Improved meta filtering input validation.
- Better fixed a BPF verifier issue on older kernels.
- Fixed a BPF verifier issue on newer kernels.
- Added Centos Stream 8 to the runtime CI and upgraded f38 to f39.
v1.3.0
This version includes multiple improvements, new features and fixes. 136 commits since v1.2.0!
PCAP post-processing
A new post-processing command, pcap, is introduced and can be used to generate pcap-ng files for consumption by other tools. First, a capture of events must be performed using Retis. Then, the pcap post-processing command can be used to generate pcap-ng files (filtering for a single probe for now).
$ retis -p pcap,generic collect -o
$ retis pcap --probe tp:net:netif_receive_skb | tcpdump -nnr -
$ retis pcap --probe tp:net:net_dev_start_xmit -o retis.pcap
$ wireshark retis.pcap
More information in the online documentation.
Meta filtering
Meta filtering allows to match packets based on their metadata, aka. direct field checking in struct sk_buff. Metadata filters can match against any subfield of the sk_buff and subsequent inner data structures. Meta filtering also automatically follows struct pointers, so indirect access to structures pointed by an sk_buff field is possible.
$ retis collect -m 'sk_buff.dev.nd_net.net.ns.inum == 4026531840'
$ retis collect -m 'sk_buff.dev.name == "eth0"'
More information in the online documentation.
L3 filtering
Retis now automatically detects and generates L2/L3 filters based on the expression. This allows to match both packets fully formed and packets not having a valid L2 header yet. The following filter internally generates two filters. For packets not having a valid L2 header the filter would match packets with tcp source or destination port 443. For packets with valid L2 header both arp and tcp packets would be matched.
$ retis collect -f 'arp or tcp port 443'
L2+L3 packet filter(s) loaded
More information in the online documentation.
Other improvements
- Wildcard support for all probe types (was kprobe-only). Eg.
$ retis collect -p tp:skb:* - Pager support in post-processing commands.
- Non-core drop reasons support.
- Improved logging.
- Mulitple improvements & fixes.