eBPF

  • Updated on May 20, 2025
  • Published on Feb 15, 2025
  • 1 minute(s) read
Prev Next

1.23.0 — 19th May

eBPF’s 1.23.0 release provides the following updates:

Updates

  • Support for OpenSSL 3.3+
    Added compatibility for OpenSSL version 3.3 and above, ensuring continued TLS key capture capabilities with the latest OpenSSL releases.

Resolved Issues

  • Stat Count Mismatch
    Resolved an issue where statistical counters could show mismatched values under certain conditions.

1.22.0 — 30th April

eBPF’s 1.22.0 release provides the following updates:

Resolved issue

Security fix for eBPF vulnerabilities

Addressed eBPF-related vulnerabilities to improve the agent's overall security and stability.

1.21.0 —  31st January

eBPF’s 1.21.0 release provides the following updates

Update

  • Optimized TLS Probing for Reduced CPU Usage
    The eBPF tracer now includes an option to optimize CPU usage for OpenSSL/BoringSSL-based processes. Instead of placing uprobes on the frequently called SSL_read and SSL_write functions, which can lead to high CPU overhead for some processes like Ruby, the tracer can now place probes on the TLS handshake function. This ensures uprobes are executed only once per new TLS connection, significantly reducing performance impact for applications with frequent SSL function calls.

    Example Configuration:

    ssl_keylog_include_rules:
  - exec_name: ruby

  • Uprobes per monitored Process

    Introduced support for attaching uprobes on a per-process basis, offering lesser overhead to unmonitored process using shared libraries.