Skip to content

retsnoop v0.9.1
Compare
Choose a tag to compare
@anakryiko anakryiko released this 05 Oct 04:55
· 199 commits to master since this release
v0.9.1
296c21e

Few nice improvements with no major new features:

  • dropped the requirement for /proc/config.gz presence for multi-kprobe detection (just using BPF CO-RE now for detection);
  • use dynamically allocated internal formatting buffers for stacks and traces, thus allowing much larger traces without dropping any information (at the expense of more memory usage, of course);
  • force-flush stdout before (potentially very long) detachment to improve retsnoop usage in scripts;
  • emit detected features when printing version and --verbose flag is specified:
$ sudo ./retsnoop -Vv
retsnoop v0.9.1
Feature detection:
        BPF ringbuf map supported: yes
        bpf_get_func_ip() supported: yes
        bpf_get_branch_snapshot() supported: yes
        BPF cookie supported: yes
        multi-attach kprobe supported: yes
Feature calibration:
        kretprobe IP offset: 4
        fexit sleep fix: yes
        fentry re-entry protection: yes

All just nice quality of life improvements. Enjoy!

Assets 5
Loading