v1.0.0

First stable release. Parallel pairing with an automatic disk-backed fallback under memory pressure, Linux cooked-capture support, per-packet CRC-32 FCS validation, and a redesigned stats/log surface. No change to hashcat output: 22000 / 37100 / per-AKM lines are byte-identical to v0.3.10 for any capture.

Highlights

• Rayon work-stealing Phase 4 pairing with streaming per-group fan-out (--threads N); the all-pairs Vec is gone, so peak memory drops by sizeof(PairedHash) * total_pairs.
• Disk-backed fallback: when RSS crosses 80% of system RAM, MessageStore, PmkidStore, and hash-line dedup spill to temp files and the run degrades to disk speed instead of OOMing (override via WPAWOLF_MEM_THRESHOLD). Collect-then-pair semantics are preserved.
• Linux cooked capture: DLT 113 (SLL) and DLT 276 (SLL2), dispatched on ARPHRD 801/802/803. Captures from the any pseudo-device now produce hashes instead of being dropped.
• Cross-platform memory monitoring via sysinfo (Linux, macOS, Windows).
• --max-eapol-per-type N: opt-in pairing cap (off by default) that bounds each N#E# combo to N^2 pairs so a pathological rotating-ANonce group can't fan out to billions of near-duplicate lines. Default runs stay byte-identical to the uncapped behaviour.

Parsing and recovery

• Per-packet CRC-32 FCS validation on every DLT via the 0x2144DF1C residue check, with five counted outcomes. Frames whose link-layer header never announced an FCS no longer leak 4 trailing checksum bytes into the IE walker.
• Tiered recovery of corrupt link-layer headers: radiotap it_present length recompute (Tier 2) and a CRC-32 offset scan (Tier 3). Non-zero it_version is counted, not dropped.
• Out-of-order 802.11 MSDU fragment reassembly (fragments buffer in any arrival order).
• Best-effort frame recovery from DLT-0 (unspecified link type) captures.
• Input-timestamp sanitization so corrupt capture clocks no longer poison the duration / session-gap rows.

Performance and memory

• O(1) exact dedup-on-insert in MessageStore.
• Per-packet buffer recycling in the pcap and pcapng readers (~34% fewer heap allocations on a 5.4 GB corpus).
• Cold Option<FtFields> boxed across EapolMessage / PairedHash / PmkidEntry (-19% store footprint; ~14% lower peak RSS combined with buffer recycling).

Diagnostics

• Stats banner redesigned as a formal contract (STATS.md): W=60 value column, four issue classes (dropped / recovered / diagnostic / informational), per-phase wallclock, throughput, peak RSS, and disk-mode rows, plus many new counters. make audit-stats diffs the banner against the code in both directions.
• Per-hash-type breakdown now reports found / written, so crackable material with no configured sink is visible instead of silently uncounted.
• --log redesigned as a triage tool: file= / frame= context, high-volume categories aggregated into per-reason summary lines, and obvious high-volume rejections kept banner-only.

Correctness

• MLD canonicalization is now additive: the MLD-keyed copy is added while the original link-keyed form is kept, so a single-link association to one BSSID of an 802.11be Multi-Link AP still cracks (its PTK is derived under the link MAC). Verified as a complete superset of hcxpcapngtool with zero misses on a 70.8M-packet corpus.

Breaking changes

• --per-file removed. The disk-backed fallback bounds memory without giving up cross-file pairing, so the trade-off no longer buys anything. Delete the flag from any scripts.
• --strict is now --eapoltimeout=5 --rc-drift=8 --dedup-hash-combos --nc-dedup.
• Runtime dependencies go from 2 to 5: adds rayon, sysinfo, and crc32fast (all MIT / Apache-2.0, pass cargo deny).

Compatibility

• Hashcat output is unchanged: 22000 / 37100 / per-AKM lines are byte-identical to v0.3.10 for any capture.

Full Changelog: v0.3.10...v1.0.0