eCapture v0.2.0 release (Linux x86_64/aarch64, Android kernel 4.18+).

What's Changed

• Directly search so in search path when /usr/bin/curl is not exist by @tiann in #97
• Add GitHub Action ：Golangci lint by @cfc4n in #99
• Add Chinese name 旁观者. by @cfc4n in #103
• build: change tar.gz file path in checksum.txt by @cfc4n in #104
• Support Golang HTTPS introspection by @chenhengqi in #100
• New Feature: support Android without GKI (kernel version > 4.18) by @cfc4n in #107
• fixed :#108 tls module cannot to capture payload on Aarch64 kernel 4.18 by @huzai9527 in #109
• fixed #108: ip address lost on aarch64 kernel 4.18 by @cfc4n in #111
• New feature: add payload parser. by @cfc4n in #113
• document: message friendly by @cfc4n in #119

New Contributors

• @tiann made their first contribution in #97
• @chenhengqi made their first contribution in #100

Full Changelog: v0.1.10...v0.2.0

eCapture v0.1.10 release (Linux x86_64/aarch64, Android GKI).

What's Changed

• user : fixed bug. #76 libpthread.so not found. by @cfc4n in #77
• Support for ARM64 architecture by @cfc4n in #75
• fixed: outputing blank text on linux 4.18 #81 by @cfc4n in #82
• New feature: update ebpfmanager package to 0.3.0 by @cfc4n in #83
• New feature: #80 event filter by uid by @cfc4n in #84
• New feature: #85 event filter by uid for module tls by @cfc4n in #86
• New feature: #87 support Android GKI by @cfc4n in #88
• fixed: #92 github checkout error while a PR sent. by @cfc4n in #93
• New Feature: #79 Auto release for android gki by @cfc4n in #94

Full Changelog: v0.1.9...v0.1.10

eCapture v0.1.9 release (Linux x86_64/aarch64).

What's Changed

• code refactoring: event dispatcher by @cfc4n in #58
• add notes for how to use ecapture in other libs by @xjas in #60
• add TLS/SSL Version info (openssl). by @cfc4n in #62
• Update README.md by @nfsec in #63
• fix some typos by @cuishuang in #68
• Add nosearch argument to skip auto search lib path by @vincentmli in #70

New Contributors

• @xjas made their first contribution in #60
• @nfsec made their first contribution in #63
• @cuishuang made their first contribution in #68
• @vincentmli made their first contribution in #70

Full Changelog: v0.1.8...v0.1.9

eCapture v0.1.8 release.

What's Changed

• ADD mysqld dispatch_command return value. by @cfc4n in #44
• autogen vmlinux header file to compatible current OS by @cfc4n in #50
• feat: support postgres query hook by @yihong0618 in #51
• added return value of bash module. by @huzai9527 in #52
• change bash line size to 256 bytes by @yindex in #55
• add errnumber flag for command bash by @huzai9527 in #56

New Contributors

• @huzai9527 made their first contribution in #52
• @yindex made their first contribution in #55

Full Changelog: v0.1.7...v0.1.8

eCapture v0.1.7 release.

What's Changed

• user: fix #29 ubuntu21.10 error :connect symbol cant found by @cfc4n in #30
• support no co-re version on linux kernel >= 5.2 by @cfc4n in #32
• merge two Makefile files. by @cfc4n in #33
• images : fix #34 Inaccurate/Confusing Diagrams by @cfc4n in #36
• Fix #37 Shared object dependence by @cfc4n in #38
• README grammar fix by @chriskaliX in #35
• Fix #39 .rodata: map create: read- and write-only maps not supported (requires >= v5.2) by @cfc4n in #40
• set clang version lower to 9 from 12 by @cfc4n in #41

New Contributors

• @cfc4n made their first contribution in #30

Full Changelog: v0.1.6...v0.1.7

eCapture v0.1.6 release.

What's Changed

• access registers with PT_REGS macros & add LINUX_ARCH flags by @chriskaliX in #12
• fix: #14 to support some arch linux by @yihong0618 in #15
• cli: fix rootCmd.Long text typo by @xujiajiadexiaokeai in #22

New Contributors

• @xujiajiadexiaokeai made their first contribution in #22

Full Changelog: v0.1.5...v0.1.6

v0.1.6 (2022-04-07)

• 更新mysqld数据库审计模块
• 更新tls网络捕获模块

mysqld

• 支持mysql5.7/8.0, MariadDB 10.5+的Mysqld数据库的查询审计
  • 自动识别mysqld版本 。
  • 自动查找hook的sql 查询函数。

tls

• 支持openssl的IP地址关联
  • 支持网络IP地址的存储、关联到网络数据中。
  • 支持自定义libpthread.so路径指定（定位connect函数）。

checksum

MD5 (ecapture) = a091904b36ceaebbbd977e9eaac790b7

eCapture v0.1.5 release.

v0.1.5 (2022-03-25)

• 增加mysqld数据库审计模块

mysqld 模块

• 支持mysql5.6的mariaDB数据库的查询审计
  • 支持mysqld path参数，默认path目录为/usr/sbin/mariadb 。
  • 支持function name、offset两个参数自定义。offset参数针对符号表没函数名的场景。

Full Changelog: v0.1.4...v0.1.5

eCapture v0.1.4 release.

v0.1.4 (2022-03-22)

• 调整运行环境检测方式
  • 判断BTF支持的方法，改为优先判断/sys/kernel/btf/vmlinux文件，以及其他BTF特征的vmlinux-*目录等 。
  • 增加运行原理图。

tls(openssl) 模块

• 支持gnutls 、 nspr 两个类库的数据捕获
• 重命名子命令，由openssl改为tls

Full Changelog: v0.1.3...v0.1.4

ecapture v0.1.3 release.

• 增加运行环境检测
  • 检测linux kernel必须大于4.18 。
  • 检测kernel config中CONFIG_DEBUG_INFO_BTF必须有，且值为y。
• 去除编译生成的文件（./bin/、./assets/、./user/bytecode/）
• 整理go mod依赖文件

v0.1.2

• 增加运行时的系统内核配置检测，要求CONFIG_DEBUG_INFO_BTF=y。
• 增加公众号二维码。