- eBPF enabled by default on Linux for enhanced performance
- JSON logging for SIEM integration
- TUN/TAP interface support for VPN monitoring
- Fix: Eliminated excessive procfs scanning causing high CPU usage
- Fedora COPR RPM packaging
- Bundled vmlinux.h files for improved build reliability
Add --json-log flag to output connection events as JSON lines.
Logs new_connection and connection_closed events with IPs, ports,
protocol, DPI info, and traffic statistics for SIEM tools.
- Windows process identification via IP Helper API
- Privilege detection with platform-specific guidance
- Fix packet length calculation for large packets
- Add Windows process lookup using GetExtendedTcpTable/GetExtendedUdpTable
- Resolve process names via OpenProcess and QueryFullProcessImageNameW
- Support TCP/UDP IPv4 and IPv6 connections
- Implement time-based caching with 2-second TTL
- Fix port byte order conversion from network to host order
- Migrate from winapi to windows crate (v0.59)
- Add debug logging for process lookup operations
- Update documentation in ROADMAP.md and README.md
Closes#36
* fix: remove vmlinux crate dep
* fix: download architecture-specific vmlinux.h at build time
Instead of using a git dependency (not allowed on crates.io), download the
architecture-specific vmlinux.h header at build time from the libbpf/vmlinux.h
repository. This approach:
- Removes git dependency from Cargo.toml (crates.io compatible)
- Downloads correct arch-specific header (x86, aarch64, arm)
- Caches downloaded headers in OUT_DIR (reuses between builds)
- Works with cargo install
- Supports cross-compilation for all architectures
The vmlinux.h file (~3-4MB per arch) is downloaded once per architecture
and cached, so subsequent builds are fast.
* fix: use ureq with rustls instead of http_req
http_req depends on native-tls/openssl-sys which requires OpenSSL to be
installed in the cross-compilation containers. Switch to ureq with the
rustls backend which has no system dependencies and works in all
cross-compilation environments.
* fix: follow symlink when downloading vmlinux.h
The vmlinux.h files in the libbpf/vmlinux.h repository are symlinks to
versioned files (e.g. vmlinux_6.14.h). When downloading via
raw.githubusercontent.com, we get the symlink content (just the target
filename) instead of the actual file.
Solution: Download the symlink first to get the target filename, then
download the actual versioned file. This ensures we get the full header
content instead of just the symlink text.
* add crate publish workflow
### Added
- Vim-style navigation (g/G) for jumping to beginning/end of connection list
- Comprehensive table sorting functionality with visual indicators
- Port display toggle (p key) to switch between service names and port numbers
- Enhanced connection navigation with better cleanup indication
- Localhost filtering control with --show-localhost flag
### Fixed
- Windows double key event handling
- Windows MSI runtime dependency checks for Npcap/WinPcap
- Linux "any" interface selection
- Package dependencies cleanup (removed clang/llvm from RPM/DEB)
- Docker build stability (removed armv7)
* Remove musl targets to simplify Linux builds and fix cross-compilation issues
* Enable eBPF by default on Linux via linux-default feature for better packet capture
* Add macOS code signing and notarization support with graceful fallback for unsigned builds
* Fix Windows MSI packaging with improved WiX configuration and Npcap library linking
* Auto-extract changelog content from CHANGELOG.md into GitHub release notes
* Fix ARM cross-compilation (aarch64, armv7) with proper library paths and eBPF support
* Add comprehensive installation documentation for DMG, MSI, DEB, and RPM packages
* Allow re-running releases with --clobber flag for artifact uploads
- Add GitHub Actions workflow for automated releases
- Create .deb, .rpm, AppImage, .dmg, and .msi packages
- Generate shell completions and manpages in build.rs
- Add platform-specific icons from rustnet3.svg
- Include eBPF dependencies for Linux packages
- Support Windows 32-bit and 64-bit builds
- Extract shared CLI module to prevent duplication
* feat: Add experimental eBPF support for enhanced socket tracking
- Implement eBPF-based socket tracker for Linux with CO-RE support
- Add minimal vmlinux header (5.5KB) instead of full 3.4MB file
- Create graceful fallback mechanism to procfs when eBPF unavailable
- Add comprehensive eBPF build documentation
- Integrate libbpf-rs for eBPF program loading and management
- Support both IPv4 and IPv6 socket tracking
- Add capability checking for required permissions
The eBPF feature is optional and disabled by default. When enabled,
it provides faster and more accurate process-to-socket mapping on
Linux systems with appropriate permissions.
- Added SSH Deep Packet Inspection (DPI) with comprehensive protocol analysis
- Enhanced connection filtering with SSH-specific filters
- Improved CI/CD with path-based GitHub Actions triggers
- Updated documentation with SSH examples and state descriptions
