* feat: add Landlock sandbox and capability dropping for Linux
- Restrict filesystem access to /proc only after initialization
- Block TCP bind/connect on kernel 6.4+ (network sandbox)
- Drop CAP_NET_RAW after pcap handle opened
- Add --no-sandbox and --sandbox-strict CLI options
- Show privilege info on non-Linux platforms in UI
- Add SECURITY.md documentation
* fix: remove unused set_sandbox_info and hide Landlock line on non-Linux
* fix: gate SandboxInfo to Linux only to fix clippy warnings
* fix: add is_admin() function for Windows builds
The Windows build was failing because ui.rs called crate::is_admin()
but the function didn't exist. Added the implementation using Windows
Security API to check if the process has elevated privileges.
Also added Win32_Security feature to windows crate dependencies.
* fix: add is_admin() to main.rs for Windows binary crate
The previous fix added is_admin() to lib.rs but ui.rs is compiled
as part of the binary crate (main.rs), not the library crate.
Added the function to main.rs so crate::is_admin() resolves correctly.
Adds real-time TCP connection quality monitoring:
- Retransmission detection via sequence number analysis
- Out-of-order packet tracking
- Fast retransmit detection (RFC 2581)
- Per-connection and aggregate statistics
- Network Stats panel in UI
- Platform-independent implementation using pcap data
Statistics show both active (current connections) and total
(cumulative) counts. Individual connection details display
per-connection metrics for troubleshooting network issues.
Changed bandwidth sorting to use the sum of upload and download speeds
instead of separate sorting for each direction. This provides a simpler
way to identify connections with the highest total bandwidth usage.
- Replace BandwidthDown/BandwidthUp with single BandwidthTotal enum
- Update sort logic to calculate combined rates
- Simplify UI to show "Down/Up ↓/↑" indicator
- Update documentation and tests
Remove CAP_NET_ADMIN requirement and eliminate need for CAP_SYS_ADMIN on
modern kernels by using non-promiscuous mode for packet capture. This
significantly reduces security surface by following principle of least privilege.
* feat: add TUN/TAP interface support
Add comprehensive support for TUN/TAP virtual network interfaces by
refactoring link layer parsing into modular components.
New modules:
- link_layer: Modular packet parsing (ethernet, raw_ip, linux_sll, tun_tap)
- protocol: Dedicated TCP/UDP/ICMP parsers
Changes:
- Remove TUN/TAP interface exclusions in capture.rs
- Add TUN/TAP detection and parsing support
- macOS PKTAP support with conditional compilation
Platform compatibility:
- Linux: Full TUN/TAP support
- macOS: TUN (utun*) and TAP support
- Windows: No breaking changes
Fixes#39
Split large README.md (1101 lines) into separate documentation files
for better organization and maintainability:
- README.md: condensed to 233 lines with quick start and overview
- INSTALL.md: complete installation guide and permissions setup
- USAGE.md: detailed usage guide with filtering and sorting
- ARCHITECTURE.md: technical details and platform implementations
- EBPF_BUILD.md: updated references to new INSTALL.md structure
Added collapsible sections in README for optional details and
included "Documentation Moved" section for backward compatibility
with external links.
