Release v0.18.0

Added

• Process Grouping: Expandable tree view to group connections by process (a to toggle grouping, Space to expand/collapse)
• Traffic Visualization Graph Tab: New Graph tab with real-time network traffic graphs and bandwidth visualization (press Tab to cycle through tabs)
• Network Health Visualization: Health indicators in Graph tab showing connection quality metrics
• Reverse DNS Hostnames: Display reverse DNS names in Details tab and filter PTR traffic (--resolve-dns to enable, d to toggle display)
• BPF Filter Support: New --bpf-filter option for custom packet capture filtering (e.g., --bpf-filter "port 443")
• Clear All Connections: New hotkey (x) to clear all tracked connections
• Enhanced JSON Logging: Added pid, process_name, service_name fields to JSON log output
• New DPI Protocols: NTP, mDNS, LLMNR, DHCP, SNMP, SSDP, NetBIOS protocol detection with enhanced ARP display
• Static Musl Builds: Linux static binary builds using musl for better portability
• Platform-Specific Help: CLI help now shows platform-specific options

Fixed

• macOS BPF Filter: Skip PKTAP when BPF filter is specified to avoid conflicts
• Linux Clipboard: Handle clipboard access blocked by Landlock sandbox gracefully
• Interface Stats: Use safer pointer dereference in interface statistics

Changed

• FreeBSD Builds: Moved to separate rustnet-bsd repository for native builds
• CI Improvements: Homebrew formula auto-update on release, AUR workflow on publish
• Dependencies: Updated ratatui to 0.30.0, various dependency updates
• Documentation: Added contribution guidelines, Chocolatey and Arch Linux installation instructions

Release v0.17.0

Added

• Landlock Sandbox for Linux: Filesystem and network sandboxing for enhanced security
  • Restricts filesystem access to /proc only after initialization
  • Network sandbox blocks TCP bind/connect on kernel 6.4+
  • Drops CAP_NET_RAW capability after pcap handle is opened
  • New CLI options: --no-sandbox and --sandbox-strict
  • Comprehensive security documentation in SECURITY.md
• eBPF Thread Name Resolution: Resolve eBPF thread names (e.g., 'Socket Thread') to main process names (e.g., 'firefox')
  • Uses periodic procfs PID cache for resolution
  • Falls back to eBPF name for short-lived processes
• AUR Package Automation: Automated Arch Linux AUR package publishing workflow

Changed

• Platform Code Reorganization: Restructured platform-specific code into cleaner module hierarchy
  • src/network/platform/linux/ - Linux-specific code with eBPF and sandbox subdirectories
  • src/network/platform/macos/ - macOS-specific code
  • src/network/platform/freebsd/ - FreeBSD-specific code
  • src/network/platform/windows/ - Windows-specific code
• QUIC DPI Simplification: Unified SNI extraction helpers and simplified QUIC protocol handling

Fixed

• Test Determinism: Made RateTracker tests deterministic with injectable timestamps

What's Changed

• feat: reorganize platform code into per-platform directories by @domcyrus in #81
• chore(deps): bump vmactions/freebsd-vm from 1.2.7 to 1.2.8 in the actions group by @dependabot[bot] in #82
• chore(deps): bump pcap from 2.3.0 to 2.4.0 in the rust-dependencies group by @dependabot[bot] in #83
• refactor: simplify QUIC DPI and reorganize platform code by @domcyrus in #84
• fix: make RateTracker tests deterministic with injectable timestamps by @domcyrus in #85
• feat: add Landlock sandbox and capability dropping for Linux by @domcyrus in #86
• fix(linux): resolve eBPF thread names to main process names by @domcyrus in #87

Full Changelog: v0.16.1...v0.17.0

Release v0.16.1

Added

• Network Interface Statistics: Real-time monitoring of network interface statistics across all platforms
  • Cross-platform support for Linux, macOS, Windows, and FreeBSD
  • Display of interface-level metrics including packets sent/received, bytes transferred, and errors
  • Platform-specific implementations optimized for each operating system
  • New interface statistics module with dedicated platform handlers
  • TCP network analytics 🎉 :)

Fixed

• Cross-Compilation: Fixed eBPF build issues when cross-compiling to non-Linux platforms
  • Made libbpf-cargo an optional build dependency
  • Fixed build.rs to check TARGET environment variable instead of host platform
  • Prevents Linux-specific dependencies from being built for FreeBSD, macOS, and Windows
• FreeBSD Build: Switched from cross-compilation to native FreeBSD VM builds
  • Uses vmactions/freebsd-vm for native FreeBSD compilation
  • Eliminates cross-compilation sysroot and library linking issues
  • Ensures FreeBSD builds work reliably with native package manager

Full Changelog: v0.16.0...v0.16.1

Release v0.15.0

Added

• Ubuntu PPA Packaging: Official Ubuntu PPA repository for easy installation on Ubuntu/Debian-based distributions
  • Automated GitHub Actions workflow for PPA releases
  • Support for multiple Ubuntu versions

Changed

• Bandwidth Sorting: Changed bandwidth sorting to use combined up+down total instead of separate up/down sorting
  • Simpler sorting behavior: press s once to sort by total bandwidth
  • Display still shows "Down/Up" with individual values
  • Arrow indicator shows when sorting by combined bandwidth total
• Packet Capture Permissions: Removed CAP_NET_ADMIN and CAP_SYS_ADMIN requirements
  • Uses read-only packet capture (non-promiscuous mode)
  • Reduced security footprint with minimal required capabilities

Fixed

• Bandwidth Rate Tracking: Improved accuracy and stability of bandwidth rate calculations
  • More consistent rate measurements
  • Better handling of network traffic bursts

What's Changed

• Add Ubuntu PPA packaging support by @domcyrus in #47
• docs: add Ubuntu PPA and Fedora COPR installation instructions by @domcyrus in #48
• chore(deps): bump libc from 0.2.176 to 0.2.177 by @dependabot[bot] in #57
• chore(deps): bump clap_mangen from 0.2.29 to 0.2.30 by @dependabot[bot] in #56
• chore(deps): bump clap from 4.5.48 to 4.5.49 by @dependabot[bot] in #55
• chore(deps): bump clap_complete from 4.5.58 to 4.5.59 by @dependabot[bot] in #54
• chore(deps): bump zip from 5.1.1 to 6.0.0 by @dependabot[bot] in #53
• chore(deps): bump actions/attest-build-provenance from 1 to 3 by @dependabot[bot] in #52
• chore(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #51
• chore(deps): bump docker/build-push-action from 5 to 6 by @dependabot[bot] in #50
• chore(deps): bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #49
• chore(deps): bump windows from 0.61.3 to 0.62.2 by @dependabot[bot] in #58
• feat: remove CAP_NET_ADMIN and CAP_SYS_ADMIN, use read-only packet capture by @domcyrus in #59
• chore(deps): bump clap from 4.5.49 to 4.5.50 by @dependabot[bot] in #60
• chore(deps): bump dns-lookup from 3.0.0 to 3.0.1 by @dependabot[bot] in #61
• chore(deps): bump clap_mangen from 0.2.30 to 0.2.31 by @dependabot[bot] in #62
• fix: improve bandwidth rate tracking accuracy and stability by @domcyrus in #63
• Sort bandwidth by combined up+down total by @domcyrus in #64

New Contributors

• @dependabot[bot] made their first contribution in #57

Full Changelog: v0.14.0...v0.15.0

Release v0.14.0

Added

• eBPF Enabled by Default on Linux: eBPF support is now enabled by default on Linux builds for enhanced performance
  • Provides faster socket tracking with reduced overhead
  • Includes CO-RE (Compile Once - Run Everywhere) support
  • Graceful fallback to procfs when eBPF is unavailable
• JSON Logging for SIEM Integration: New JSON-structured logging output for security information and event management systems
  • Enables integration with enterprise monitoring and security platforms
  • Structured log format for easier parsing and analysis
• TUN/TAP Interface Support: Added support for TUN/TAP virtual network interfaces
  • Enables monitoring of VPN connections and virtual network devices
  • Expands interface compatibility for complex network setups
• Fedora COPR RPM Packaging: Official Fedora COPR repository for easy installation on Fedora/RHEL-based distributions

Fixed

• High CPU Usage on Linux: Eliminated excessive procfs scanning causing high CPU utilization
  • Optimized process lookup frequency and caching strategy
  • Significantly reduced system resource consumption during monitoring

Changed

• Build Dependencies: Bundled vmlinux.h files to eliminate network dependency during builds
  • Improves build reliability and offline build capability
  • Reduces external dependencies for compilation
• Documentation: Restructured documentation into focused files with improved musl static build documentation

Full Changelog: v0.13.0...v0.14.0

Release v0.13.0

Added

• Windows Process Identification: Implemented full process lookup using Windows IP Helper API
  • Uses GetExtendedTcpTable and GetExtendedUdpTable for connection-to-process mapping
  • Resolves process names via OpenProcess and QueryFullProcessImageNameW
  • Supports both TCP/UDP and IPv4/IPv6 connections
  • Implements time-based caching with 2-second TTL for performance
  • Migrated from winapi to windows crate (v0.59) for better maintainability
• Privilege Detection: Pre-flight privilege checking before network interface access
  • Detects insufficient privileges on Linux, macOS, and Windows
  • Provides platform-specific instructions (sudo, setcap, Docker flags)
  • Shows errors before TUI initialization for better visibility
  • Detects container environments with Docker-specific guidance

Fixed

• Packet Length Calculation: Use actual packet length from IP headers instead of captured length
  • Extracts Total Length field from IP headers for accurate byte counting
  • Fixes severe undercounting for large packets (NFS, jumbo frames)
  • Resolves issues with snaplen-limited capture buffers

Changed

• Documentation: Updated ROADMAP.md and README.md with Windows process identification status and Arch Linux installation instructions

What's Changed

• fix: use actual packet length from IP headers instead of captured length by @domcyrus in #35
• Feat/privilege detection by @domcyrus in #31
• feat: implement Windows process identification via IP Helper API by @domcyrus in #37

Full Changelog: v0.12.1...v0.13.0

Release v0.12.0

Added

• Vim-style Navigation: Jump to beginning of connection list with g and end with G (Shift+g)
• Table Sorting: Comprehensive sorting functionality for all connection table columns
  • Press s to cycle through sortable columns (Protocol, Local Address, Remote Address, State, Service, Application, Bandwidth ↓, Bandwidth ↑, Process)
  • Press S (Shift+s) to toggle sort direction (ascending/descending)
  • Visual indicators with arrows and cyan highlighting on active sort column
  • Sort by download/upload bandwidth to find bandwidth hogs
  • Alphabetical sorting for text columns
• Port Display Toggle: Press p to switch between service names and port numbers display
• Connection Navigation Improvements: Enhanced navigation with better visual cleanup indication
• Localhost Filtering Control: New --show-localhost command-line flag to override default localhost filtering

Fixed

• Windows Double Key Issue: Fixed duplicate key event handling on Windows platforms
• Windows MSI Runtime Dependencies: Added startup check for missing Npcap/WinPcap DLLs
  • Displays helpful error message with installation instructions when DLLs are missing
  • Added winapi dependency for Windows DLL detection
  • Updated README with runtime dependency information
• Linux Interface Selection: Fixed "any" interface selection on Linux
  • Improved interface detection and validation
  • Better error handling for interface configuration
• Package Dependencies: Removed unnecessary runtime dependencies (clang, llvm) from RPM and DEB packages
  • Reduces installation footprint and dependency conflicts
• Docker Build: Removed armv7 architecture from Docker builds for improved stability

Changed

• Documentation: Updated roadmap and README with new features and keyboard shortcuts

What's Changed

• feat: add port option with using p by @domcyrus in #21
• feat: adding sort by @domcyrus in #22
• feat: improve connection navigation and cleanup indication by @domcyrus in #23
• fix: allow any interface on linux by @domcyrus in #24
• fix: any interface on linux and add --show-localhost by @domcyrus in #25
• fix: windows msi missing VC++ dist by @domcyrus in #26
• Fix windows double key issue by @domcyrus in #27

Full Changelog: v0.11.0...v0.12.0

Release v0.11.0

Added

• Docker Support with eBPF: Docker images now include eBPF support for enhanced performance
  • Multi-architecture Docker builds (amd64, arm64, armv7)
  • eBPF-enabled images for advanced socket tracking on Linux
  • Optimized container builds with proper dependency management
• Cross-Platform Packaging and Release Automation: Comprehensive automated release workflow
  • Automated DEB, RPM, DMG, and MSI package generation
  • Cross-platform CI/CD improvements

Fixed

• RPM Package Dependencies: Corrected libelf dependency specification in RPM packages
• Windows MSI Packaging: Fixed MSI installer generation issues
• Release Workflow: Resolved various release automation issues

What's Changed

• fix: release workflow by @domcyrus in #17

Full Changelog: v0.10.0...v0.11.0

RustNet v0.10.0

Release v0.10.0

Added

• Rust Version Requirements: Added minimum Rust version requirement (1.88.0+) for let-chains support

Changed

• Build Requirements: Now requires Rust 1.88.0 or later for advanced language features

RustNet v0.9.0

Added

• Experimental eBPF Support for Linux: Enhanced socket tracking with optional eBPF backend
  • eBPF-based socket tracker with CO-RE (Compile Once - Run Everywhere) support
  • Minimal vmlinux header (5.5KB instead of full 3.4MB file)
  • Graceful fallback mechanism to procfs when eBPF unavailable
  • Support for both IPv4 and IPv6 socket tracking
  • Optional feature disabled by default (enable with --features=ebpf)
  • Comprehensive capability checking for required permissions
• Windows Platform Support: Network monitoring capability on Windows (without process identification)