Note on this release — GitHub Actions was in a degraded-performance incident when this tag was pushed, so the usual auto-built release binaries are missing. They'll be added when the workflow recovers and we re-run it. In the meantime, install via cargo install netwatch-tui (now at 0.21.7 on crates.io) or cargo install --git https://github.com/matthart1983/netwatch --tag v0.21.7 netwatch-tui --force --locked.
This release bundles fixes from v0.21.6 (also affected by the Actions outage — superseded by this one).
Fixed
v0.21.7
- Capture toggle (`c` on the Packets tab) no longer fails with `Capture failed: libpcap error: socket: Operation not permitted` on Linux under the default sandbox. Multiple UI actions re-open a pcap handle mid-run — toggling capture from the Packets tab (`c`), cycling the capture interface (`i`), arming the Flight Recorder (`Shift+R`) when capture is paused. Each calls `socket(AF_PACKET, SOCK_RAW, …)` which needs CAP_NET_RAW. The default sandbox now keeps CAP_NET_RAW; `--sandbox-strict` users still get the cap dropped (opt-in fail-closed semantics).
v0.21.6
- Saving settings under the Linux sandbox no longer fails with "Permission denied (os error 13)". The Landlock allow-list put the config dir in the read-only bucket but `NetwatchConfig::save()` writes there. Worst-case symptom: the Sandbox setting itself couldn't be flipped to escape the restriction. Moved config_dir to the read-write list.
- Gateway probe no longer reports a fake 100% loss on systems with restrictive `ping_group_range`. Added a TCP-connect fallback that runs only when ICMP returns 100% loss: tries port 80, 443, 53 in order (stopping at the first to respond), counts `ConnectionRefused` as success because a RST proves the host is up.
See CHANGELOG.md for full history.