Skip to content

v1.5.0

Latest
Latest
Compare
Choose a tag to compare
@atenart atenart released this 18 Dec 15:10
· 6 commits to main since this release
v1.5.0
d19e859
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

This version includes major new features, improvements and fixes. It includes 278 non-merge commits since v1.4.0! Many thanks to all the contributors 🥳

Python post-processing

Retis now supports converting its events to Python objects which enables post-processing a collection using custom scripts. A built-in Python interpreter can be used (and can run external Python scripts) as well as an external Python library. All details can be found in the documentation.

This is a major feature enabling users to automate the post-processing inspection of events and to tailor the logic to their exact needs. This can also be used in CI or for writing external tools.

$ retis -p ifdump collect -o --cmd 'ping -c1 1.1.1.1'
...
$ retis python
Python 3.13.0 (main, Oct  8 2024, 00:00:00) [GCC 14.2.1 20240912 (Red Hat 14.2.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
>>> for e in reader.events():
...     if "skb" in e and getattr(e["skb"], "ip", None):
...             print(e["skb"].ip.daddr)
... 
1.1.1.1
192.168.0.42
>>>

Advanced features for meta-filters

Meta-filters can be used to filter packets based on struct sk_buff values, including nested ones. It gains the ability to perform advanced operations like masking and following pointers embedded in a different type. See all the details on the filtering documentation.

Aarch64 support

Retis now compiles and runs on aarch64 machines (and can even be cross-compiled).

Improved date formatting

Timestamps can now be displayed as UTC using the --utc parameter for the collect, print and sort sub-commands.

New ifdump profile

A new profile was added to dump packets after the device in ingress and before the device in egress; like AF_PACKET utilities.

$ retis -p ifdump collect
...

Other improvements

  • Support for parent information, mark and labels in the conntrack collector.
  • Meta-filtering now supports the != operator on strings.
  • Easier definition of probes when collecting events (the type is not required anymore if it can be inferred).
  • The documentation and the project README were improved significantly.
  • Bindgen is now used internally for types shared between eBPF and Rust.
  • Better handling of unknown packets.
  • Drop action support for the OvS collector.
  • And many others!
Assets 2
Loading