What's New
PacketSource trait — zero-cost generic capture abstraction
Introduced a PacketSource trait in src/capture/mod.rs that provides a unified interface over the three platform-specific capture backends:
impl PacketSource for BpfCapture(macOS)impl PacketSource for AfPacketCapture(Linux)impl PacketSource for RawSocketCapture(Windows)
capture_loop, dns_capture_loop, and process_refresh_loop are now generic functions (<S: PacketSource>, <F: Fn() -> ProcessTable>), monomorphized per platform at compile time with zero runtime overhead. This also enables mock injection for unit-testing the attribution pipeline without live capture hardware.
CaptureStats is consolidated to src/capture/mod.rs (previously duplicated across three platform files).
Windows compatibility test suite
tests/windows_compat.rs— 59 tests covering packet parsing, byte-order conversion, port annotation, TCP state mapping, bounds checking, and Windows-specific algorithm verification; compiled and run on all three platformstests/windows_integration.rs— 17 tests: 12 cross-platform library tests (TC-WIN-1..12) + 5 binary CLI tests (TC-WIN-B1..5, exercising--help,--version, invalid args,--capture-mode=ebpfwarning on Windows)
GitHub Actions CI pipeline
Full multi-platform CI in .github/workflows/ci.yml:
| Job | Runner | What runs |
|---|---|---|
fmt |
macos-latest |
cargo fmt --check |
clippy |
macos-latest |
cargo clippy --all-targets -D warnings |
markdownlint |
ubuntu-latest |
markdownlint-cli2 on all *.md files |
test |
macos-latest |
Unit tests on stable + beta toolchains |
test-linux |
ubuntu-latest |
Tier 1 (no-root): unit, proc parsing, compat, enrichment, eBPF stub; Tier 2 (sudo -E): AF_PACKET + BPF integration |
test-windows |
windows-latest |
Unit tests, windows_compat, windows_integration |
build |
macos-latest |
Release binary artifact (gated on all test jobs) |
All Markdown documentation linted with markdownlint-cli2 (888 pre-existing issues fixed; config in .markdownlint-cli2.yaml).
Full Changelog
See CHANGELOG.md for the complete history from v0.1.0 to v0.6.0.