- Add Landlock sandbox and capability dropping for Linux security
- Reorganize platform code into per-platform directories
- Add eBPF thread name resolution to main process names
- Add AUR package automation workflow
- Simplify QUIC DPI and unify SNI extraction
- Fix RateTracker test determinism
- Fix cross-compilation build issues for eBPF on non-Linux platforms
- Switch FreeBSD to native VM builds instead of cross-compilation
- Fix build.rs to check TARGET instead of host platform
- Network interface statistics feature with cross-platform support
- Link layer parsing improvements and modularization
- Windows and macOS interface statistics fixes
Remove CAP_NET_ADMIN requirement and eliminate need for CAP_SYS_ADMIN on
modern kernels by using non-promiscuous mode for packet capture. This
significantly reduces security surface by following principle of least privilege.
Make eBPF the default build configuration on Linux for better
performance and lower overhead process identification.
Changes:
- Set default features to include ebpf in Cargo.toml
- Remove explicit --features linux-default from build configs
- Update all documentation to reflect eBPF is now default
- Add instructions for building without eBPF (--no-default-features)
eBPF automatically falls back to procfs if it fails to load.
Closes#32
- Remove AppImage files (incompatible with capabilities/setcap)
- Add icon and desktop file to cargo-generate-rpm in Cargo.toml
- Add icon and desktop file to Fedora COPR spec file
- RPM packages now have proper desktop integration like DEB packages
