This roadmap outlines the path from initial scaffolding to a production-ready Linux network monitoring utility.
Goal: Establish the communication bridge between the Linux Kernel and Rust.
- Project Scaffolding: Initialize Cargo workspace, documentation structure, and Git repository.
- Toolchain Configuration: Setup
rust-toolchain.tomlfor nightly/stable selection and installbpf-linker. - eBPF Build System (xtask): Implement an
xtaskto automate eBPF compilation and userspace execution (Standardayaworkflow). - Kernel Scaffolding: Create the initial eBPF program with
kprobesfortcp_sendmsgandudp_sendmsg. - Data Pipeline: Implement BPF Maps (Hash Maps) to store bandwidth stats per PID.
- Observability: Integrate
aya-logfor kernel-space logging and debugging. - Capability Management: Implement logic to verify
CAP_BPFandCAP_NET_ADMINat startup. - Embedded Bytecode: Configure
include_bytes!to bundle the eBPF object into the Rust binary.
Goal: A functional Terminal UI displaying real-time process bandwidth.
- Process Resolver: Build a
/proccrawler to map PIDs to human-readable application names. - TUI Scaffolding: Initialize
Ratatuiwith a basic layout (Header, Process Table, Footer). - Real-time Refresh: Implement a 1Hz (or higher) refresh loop that pulls data from BPF maps.
- Sorting & Filtering: Add ability to sort by "Upload"/"Download" and filter by process name.
- Cumulative Stats: Track total data consumed since the application started.
- TUI Polish: Make the UI more beautiful with advanced Ratatui widgets (Sparklines, Alignment, Dialogs).
Goal: Add intelligence, control, and deep-packet insights.
- The "Kill-Switch": Implement the
khotkey to sendSIGKILLto a selected bandwidth-hogging process. - Protocol Expansion: Implement
udp_sendmsgandicmptracking to cover non-TCP traffic. - Connection Deep-Dive: Add a "Socket View" to see individual IP:Port connections for a specific PID.
- Reverse DNS Resolution: Resolve destination IPs to hostnames (e.g.,
172.217.16.14->google.com). - Geo-IP & ASN Mapping: Map IPs to countries and organizations (e.g., "Dublin, IE - Amazon.com").
- Protocol Heuristics: Identify common traffic types (HTTPS, DNS, SSH, Bittorrent) based on port and pattern analysis.
- Traffic Persistence: Save and reload session history to track bandwidth across app restarts.
- Interactive Graphs: Full-screen historical graph mode for specific processes.
- Smart Alerts: System notifications for when a process exceeds a defined bandwidth threshold.
- Help Overlay: A dedicated
?screen explaining all keybindings and features. - TUI Refinement:
- Custom Themes: Support for selectable color schemes (e.g., Dracula, Solarized, Monokai).
- Mouse Support: Basic click-to-select and scroll support for the process table.
- Extended Mouse Support: Clickable table headers for sorting and interactive dialog elements.
- Time-Travel/Historical Analysis: Ability to select specific time frames from the database to analyze past network activity.
- Global Dashboard (Overall View): Comprehensive system-wide analysis with aggregated protocol stats, top-talkers, and network health metrics.
- Tabbed Navigation: Implement a tabbed interface to seamlessly switch between "Global Dashboard", "Process Monitor", and "Alerts".
- Graph UI Overhaul: Enhanced visualization with better axes, legends, and multi-process overlay support with logarithmic scaling.
- Adaptive Theming: Support for terminal default colors (transparency/ANSI) and system-wide theme detection.
- Persistent Configuration: Implement
~/.config/netmonitor/config.tomlfor saving user preferences and thresholds. - Container & Service Context: Resolve and display systemd service, Docker container, and K8s pod names for PIDs.
- Active Traffic Shaping: "Throttling" process bandwidth directly from the TUI using
cgroup_skbeBPF. - Writing the ReadMe: Comprehensive documentation of new features, configuration, and advanced usage.
- Phase 3 Final Review: A comprehensive, project-wide code review and refactor session to ensure stability before Phase 4.
Goal: Professional-grade reliability and automated verification.
- Automated Testing Suite:
- Implement unit tests for userspace logic (Resolver, Config, TUI state).
- Implement eBPF integration tests (using
aya-testor similar).
- Headless Data Exporting: Implement
--jsonand--csvoutput modes for scripting/automation. - Performance Audit: Verify CPU usage remains <1% under heavy network load.
- CO-RE Validation: Test the binary on multiple kernel versions (BTF support).
- Headless Mode: Implement a mode for JSON/CSV output or Prometheus exporting.
- Background Mode: Implement
netmonitord(Systemd service) for continuous logging. - CI/CD Pipeline: Setup GitHub Actions for automated linting (
clippy), formatting (fmt), and workspace testing. - Automated Packaging: Integrate
cargo-debto generate.debartifacts in CI/CD and xtask. - Documentation Expansion:
- Create initial
manpages for terminal-based help. - Generate API/Kernel technical specifications.
- Create initial
- Milestone: Tag v0.1.0-beta.1 (Beta Release)
Goal: Getting NetMonitor into the hands of early users for real-world testing.
- Community Feedback Loop: Establish a Beta/Release Candidate (RC) phase for real-world user feedback.
- Packaging Validation:
- Verify
.debpackage installs across different Debian/Ubuntu versions. - Test static binary portability.
- Verify
- User Manual: Finalize a compelling
README.mdwith high-quality GIFs and usage examples.
Goal: Long-term sustainability, security, and official stable release.
- Security Audit: Detailed review of eBPF capability usage and memory safety in userspace.
- Graceful Degradation: Implement fallback logic for legacy kernels or missing system dependencies.
- Least Privilege Hardening: Ensure the application runs with the absolute minimum required Linux capabilities.
- Open Source Readiness: Draft
CONTRIBUTING.mdand establish public issue tracking. - Maintenance Strategy: Define the release cycle and LTS (Long Term Support) goals.
- Milestone: Tag v0.1.0 (Official Stable Release & Distribution)