- Major TUI refresh: redesigned tabs, stats panel, and details view
- New per-field colors, status dot, and magenta panel borders
- Remote address scope labels (PUBLIC/PRIVATE/etc.) in the connection list
- CLI: reverse DNS resolution enabled by default (--no-resolve-dns to opt out)
- QUIC parser hardening: bounds checks for varint/token_len
- Dependency and OUI database updates
- Release pipeline reliability fixes
- Windows restricted token sandbox (#206)
- macOS Seatbelt sandboxing, later tightened (#196, #203)
- Linux sandbox hardening: drop capabilities and clear ambient set (#208)
- UI: process privilege shown in security section (#197)
- Filter: exact port matching and regex support (#195)
- VLAN support in PKTAP/SLL parsers and L3 extraction (#202, #199)
- IGMP protocol parsing (#209)
- Process name for wildcard /proc/net entries (#218)
- CPU efficiency improvements in sort/snapshot/rate/timeout paths (#213, #220, #212, #222) — thanks @deepakpjose
- FreeBSD platform cleanup (#205)
- Fix default interface selection (#194), root detection on Unix (#192)
- Dependency updates
- Process grouping with expandable tree view
- Traffic visualization Graph tab
- Reverse DNS hostname display
- BPF filter support
- New DPI protocols: NTP, mDNS, DHCP, SNMP, SSDP, NetBIOS
- Static musl builds for Linux
- Add Landlock sandbox and capability dropping for Linux security
- Reorganize platform code into per-platform directories
- Add eBPF thread name resolution to main process names
- Add AUR package automation workflow
- Simplify QUIC DPI and unify SNI extraction
- Fix RateTracker test determinism
- Fix cross-compilation build issues for eBPF on non-Linux platforms
- Switch FreeBSD to native VM builds instead of cross-compilation
- Fix build.rs to check TARGET instead of host platform
- Network interface statistics feature with cross-platform support
- Link layer parsing improvements and modularization
- Windows and macOS interface statistics fixes
Remove CAP_NET_ADMIN requirement and eliminate need for CAP_SYS_ADMIN on
modern kernels by using non-promiscuous mode for packet capture. This
significantly reduces security surface by following principle of least privilege.
Make eBPF the default build configuration on Linux for better
performance and lower overhead process identification.
Changes:
- Set default features to include ebpf in Cargo.toml
- Remove explicit --features linux-default from build configs
- Update all documentation to reflect eBPF is now default
- Add instructions for building without eBPF (--no-default-features)
eBPF automatically falls back to procfs if it fails to load.
Closes#32
- Remove AppImage files (incompatible with capabilities/setcap)
- Add icon and desktop file to cargo-generate-rpm in Cargo.toml
- Add icon and desktop file to Fedora COPR spec file
- RPM packages now have proper desktop integration like DEB packages
Marco Cadetg