Skip to content

Releases: XuanLee-HEALER/netoproc

v0.6.0 — Windows Compatibility + CI

21 Feb 02:32
@XuanLee-HEALER XuanLee-HEALER
v0.6.0
93cf83f

Choose a tag to compare

View all tags
v0.6.0 — Windows Compatibility + CI Latest
Latest

What's New

PacketSource trait — zero-cost generic capture abstraction

Introduced a PacketSource trait in src/capture/mod.rs that provides a unified interface over the three platform-specific capture backends:

  • impl PacketSource for BpfCapture (macOS)
  • impl PacketSource for AfPacketCapture (Linux)
  • impl PacketSource for RawSocketCapture (Windows)

capture_loop, dns_capture_loop, and process_refresh_loop are now generic functions (<S: PacketSource>, <F: Fn() -> ProcessTable>), monomorphized per platform at compile time with zero runtime overhead. This also enables mock injection for unit-testing the attribution pipeline without live capture hardware.

CaptureStats is consolidated to src/capture/mod.rs (previously duplicated across three platform files).

Windows compatibility test suite

  • tests/windows_compat.rs — 59 tests covering packet parsing, byte-order conversion, port annotation, TCP state mapping, bounds checking, and Windows-specific algorithm verification; compiled and run on all three platforms
  • tests/windows_integration.rs — 17 tests: 12 cross-platform library tests (TC-WIN-1..12) + 5 binary CLI tests (TC-WIN-B1..5, exercising --help, --version, invalid args, --capture-mode=ebpf warning on Windows)

GitHub Actions CI pipeline

Full multi-platform CI in .github/workflows/ci.yml:

Job Runner What runs
fmt macos-latest cargo fmt --check
clippy macos-latest cargo clippy --all-targets -D warnings
markdownlint ubuntu-latest markdownlint-cli2 on all *.md files
test macos-latest Unit tests on stable + beta toolchains
test-linux ubuntu-latest Tier 1 (no-root): unit, proc parsing, compat, enrichment, eBPF stub; Tier 2 (sudo -E): AF_PACKET + BPF integration
test-windows windows-latest Unit tests, windows_compat, windows_integration
build macos-latest Release binary artifact (gated on all test jobs)

All Markdown documentation linted with markdownlint-cli2 (888 pre-existing issues fixed; config in .markdownlint-cli2.yaml).

Full Changelog

See CHANGELOG.md for the complete history from v0.1.0 to v0.6.0.

Assets 2
Loading

v0.3.0 — Unknown Traffic Enrichment

20 Feb 04:07
@XuanLee-HEALER XuanLee-HEALER
v0.3.0
8394333

Choose a tag to compare

View all tags
v0.3.0 — Unknown Traffic Enrichment

What's New

Non-root netoproc cannot see other users' process sockets on macOS, so system daemon traffic is lumped under "unknown". This release enriches that unknown traffic so users can infer what it is.

Features

  • Port & IP annotations: Automatically labels connections with human-readable names (e.g., "Apple Push/iCloud - HTTPS", "Google DNS", "local network - DNS")
  • Per-remote-address grouping: Unknown traffic is broken down by remote address with individual byte counts
  • Async reverse DNS: Resolves remote IP addresses to hostnames in the background (disable with --no-dns)
  • Pretty output sub-rows: --format pretty now shows indented detail rows under the unknown aggregate (top 10 by traffic)
  • TUI unknown details: Monitor mode renders unknown sub-rows with dimmed styling

Backward Compatibility

  • TSV and JSON output formats are unchanged — no breaking changes
  • Enrichment detail only appears in --format pretty and TUI mode

New Files

  • src/enrichment/ — annotation and DNS resolution module
  • tests/enrichment_integration.rs — 28 integration tests

Dependencies

  • Added dns-lookup = "2" for reverse DNS resolution

Full Changelog: v0.2.0...v0.3.0

Loading