mirror/rustnet
1
0
Fork 0
mirror of https://github.com/domcyrus/rustnet.git synced 2026-01-01 11:30:14 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
fix/invalid-pointer-access
rustnet/ROADMAP.md
Marco Cadetg 844f82ce60 Add reverse DNS hostnames to Details tab and filter PTR traffic (#104) 
* feat: add reverse DNS resolution for IP addresses

- Add --resolve-dns flag to enable background DNS resolution
- Add --show-ptr-lookups flag to show/hide PTR lookup connections
- Create dns.rs module with async resolver and LRU cache
- Display hostnames in UI with 'd' key toggle
- Include hostname fields in JSON log output when resolved

Closes #97
2025-12-21 14:29:12 +01:00

149 lines
8.6 KiB
Markdown
Raw Permalink Blame History

# RustNet Roadmap
This document outlines the planned features and improvements for RustNet.
## Platform Support
- [x] **macOS Support**: Full support including:
- BPF device access and permissions setup
- PKTAP (Packet Tap) headers for process identification from packet metadata
- Fallback to `lsof` system commands for process-socket associations
- DMG installation packages for Apple Silicon and Intel
- Homebrew installation support
- [x] **Windows Support**: Full functionality working with:
- Npcap SDK and runtime integration
- MSI installation packages for 64-bit and 32-bit
- Process identification via Windows IP Helper API (GetExtendedTcpTable/GetExtendedUdpTable)
- [x] **FreeBSD Support**: Full support including:
- Process identification via `sockstat` command parsing
- BPF device access and permissions setup
- Native libpcap packet capture
- Cross-compilation support from Linux
- [ ] **OpenBSD and NetBSD Support**: Future platforms to support
- [x] **Linux Process Identification**: **Experimental eBPF Support Implemented** - Basic eBPF-based process identification now available with `--features ebpf`. Provides efficient kernel-level process-to-connection mapping with lower overhead than procfs. Currently has limitations (see eBPF Improvements section below).
## eBPF Improvements (Linux)
The experimental eBPF support provides efficient process identification but has several areas for improvement:
### Current Limitations
- **Process Names Limited to 16 Characters**: Uses kernel `comm` field, causing truncation (e.g., "Firefox" → "Socket Thread")
- **Thread Names vs Process Names**: Shows thread command names instead of full executable names
### Planned Improvements
- **Hybrid eBPF + Procfs Approach**: Use eBPF for connection tracking, selectively lookup full process names via procfs for better accuracy
- **Full Executable Path Resolution**: Investigate accessing full process executable path from eBPF programs
- **Better Process-Thread Mapping**: Improve mapping from thread IDs to parent process information
- **Enhanced BTF Support**: Better compatibility across different kernel versions and distributions
- **Performance Optimizations**: Reduce eBPF map lookups and improve connection-to-process matching efficiency
### Future Enhancements
- **Real-time Process Updates**: Track process name changes and executable updates
- **Container Support**: Better process identification within containerized environments
- **Security Context**: Include process security attributes (capabilities, SELinux context, etc.)
## Features
### Monitoring & Protocol Support
- [x] **Real-time Network Monitoring**: Monitor active TCP, UDP, ICMP, and ARP connections
- [x] **Connection States**: Comprehensive state tracking for:
- TCP states (ESTABLISHED, SYN_SENT, TIME_WAIT, CLOSED, etc.)
- QUIC states (QUIC_INITIAL, QUIC_HANDSHAKE, QUIC_CONNECTED, QUIC_DRAINING)
- DNS states (DNS_QUERY, DNS_RESPONSE)
- SSH states (BANNER, KEYEXCHANGE, AUTHENTICATION, ESTABLISHED)
- Activity states (UDP_ACTIVE, UDP_IDLE, UDP_STALE)
- [x] **Deep Packet Inspection (DPI)**: Application protocol detection:
- HTTP with host information
- HTTPS/TLS with SNI (Server Name Indication)
- DNS queries and responses
- SSH connections with version detection, software identification, and state tracking
- QUIC protocol with CONNECTION_CLOSE frame detection and RFC 9000 compliance
- [ ] **DPI Enhancements**: Improve deep packet inspection capabilities:
- Support more protocols (e.g. FTP, SMTP, IMAP, etc.)
- More accurate SNI detection for QUIC/HTTPS
- [x] **Connection Lifecycle Management**: Smart protocol-aware timeouts with visual staleness indicators (yellow at 75%, red at 90%)
- [x] **Process Identification**: Associate network connections with running processes (with experimental eBPF support on Linux)
- [x] **Service Name Resolution**: Identify well-known services using port numbers
- [x] **Cross-platform Support**: Works on Linux, macOS, Windows, and FreeBSD
- [x] **DNS Reverse Lookup**: Add optional hostname resolution (toggle between IP and hostname display) - `--resolve-dns` flag with `d` key toggle
- [ ] **IPv6 Support**: Full IPv6 connection tracking and display, including DNS resolution (needs testing)
### Filtering & Search
- [x] **Advanced Filtering**: Real-time vim/fzf-style filtering with:
- Navigate while typing filters
- Fuzzy search across all connection fields including DPI data
- Keyword filters: `port:`, `src:`, `dst:`, `sni:`, `process:`, `sport:`, `dport:`, `ssh:`, `state:`
- State filtering for all protocol states
- [ ] **Search/Filter Enhancements**:
- Regular expression support
### Sorting & Display
- [x] **Sorting**: Comprehensive table sorting with:
- Sort by all columns: Protocol, Local/Remote Address, State, Service, Application, Bandwidth (Down/Up), Process
- Intuitive left-to-right column cycling with `s` key
- Direction toggle with `S` (Shift+s) for ascending/descending
- Visual indicators: cyan/underlined active column, arrows showing direction
- Smart defaults: bandwidth descending (show hogs), text ascending (alphabetical)
- Bandwidth sorting: sorts by combined up+down bandwidth total
- Seamless integration with filtering
### Performance & Architecture
- [x] **Multi-threaded Processing**: Concurrent packet processing across multiple threads
- [x] **Optional Logging**: Detailed logging with configurable log levels (disabled by default)
### Packaging & Distribution
- [x] **Package Distribution**: Pre-built packages available:
- [x] **macOS DMG packages**: Apple Silicon and Intel (via GitHub Actions release workflow)
- [x] **Windows MSI packages**: 64-bit and 32-bit (via cargo-wix)
- [x] **Linux DEB packages**: amd64, arm64, armhf (via cargo-deb)
- [x] **Linux RPM packages**: x86_64, aarch64 (via cargo-generate-rpm)
- [x] **Cargo crates.io**: Published as `rustnet-monitor` (version 0.10.0+)
- [x] **Docker images**: Available on GitHub Container Registry with eBPF support
- [x] **Homebrew formula**: Available in separate tap repository (domcyrus/rustnet)
### Future Enhancements
- [ ] **Internationalization (i18n)**: Support for multiple languages in the UI
- [ ] **Connection History**: Store and display historical connection data
- [ ] **Export Functionality**: Export connections to CSV/JSON formats
- [ ] **Configuration File**: Support for persistent configuration (filters, UI preferences)
- [ ] **Connection Alerts**: Notifications for new connections or suspicious activity
- [ ] **GeoIP Integration**: Maybe add geographical location of remote IPs
- [ ] **Protocol Statistics**: Summary view of protocol distribution
- [ ] **Rate Limiting Detection**: Identify connections with unusual traffic patterns
## UI Improvements
- [x] **Terminal User Interface**: TUI built with ratatui with adjustable column widths
- [x] **Sortable Columns**: Keyboard-based sorting by all table columns
- [x] **Keyboard Controls**: Comprehensive keyboard navigation (q, Ctrl+C, Tab, arrows, j/k, PageUp/Down, Enter, Esc, c, p, s, S, h, /)
- [x] **Connection Details View**: Detailed information about selected connections (Enter key)
- [x] **Help Screen**: Toggle help screen with keyboard shortcuts (h key)
- [x] **Clipboard Support**: Copy remote address to clipboard (c key)
- [x] **Service/Port Toggle**: Toggle between service names and port numbers (p key)
- [x] **Platform-Specific CLI Help**: Show only relevant options per platform (hide Linux sandbox options on macOS, hide PKTAP notes on Linux)
- [ ] **Resizable Columns**: Dynamic column width adjustment
- [ ] **Connection Grouping**: Group connections by process/service
- [ ] **ASCII Graphs**: Terminal-based graphs for bandwidth/packet visualization
- [ ] **Mouse Support**: Click to select connections
- [ ] **Split Pane View**: Show multiple views simultaneously
## Development
- [x] **Unit Tests**: Basic unit tests in 12+ source modules (DPI protocols, filtering, services, network capture, etc.)
- [x] **Integration Tests**: Platform-specific integration tests for Linux and macOS (tests/integration_tests.rs)
- [ ] **Comprehensive Test Coverage**: Expand test coverage across all modules
- [x] **CI/CD Pipeline**: Automated builds and releases for all platforms (GitHub Actions)
- [x] **Release workflow**: Multi-platform builds with cross-compilation
- [x] **Docker workflow**: Automated Docker image builds
- [x] **Rust workflow**: Basic CI checks
- [x] **Documentation**: Comprehensive README with usage guides, architecture overview, and troubleshooting
- [x] **Packaging/Distribution**: Create packages for easy installation on Linux, macOS, and Windows
- DMG packages with code signing
- MSI packages with code signing for Windows
Reference in New Issue View Git Blame Copy Permalink