Development timeline:


 Oct 16, 2007 - Version 1.6.2-candidate.C.5  (released as beta)

	- updated docs/CHANGES
	- updated docs/README

 Oct 09, 2007 - Version 1.6.2-candidate.C.5  (not released as beta)
	
        - added 'nosrc_pktsok' rules option support to force the 'known_ports' direction preference for 
		connections which receive no packets* from the assumed source
	- added new output field value for 'reversed' (5 == 'MAYBEREVERESED'); indicates 
		when option 'nosrc_pktsok' was applied to force the direction*
	- added default nosrc_pktsok = 0, set to 1 to enable, does not REREVERSE connections which have 
		closed with no packets collected from the assumed source, 'reversed' connections        
		typically result when the initial packet is dropped by the collection engine, 
		or when packets appear to be coming from known_ports (i.e. network scans, or third-party DDOS RESET packets)  
	
	*nosrc_pktsok is not applied to TCP connections whose first packet contained a SYN flag or SYN-ACK flag combination, in which case, the inferred TCP direction is preferred over known_ports 6.


 Sep 30, 2007 - Version 1.6.2-candidate.C.4  (not released as beta)

        - resolve problem not printing known_ports setting in configuration output (i.e. --config)
        - added new output format option 'wildchar=\s'; used by fields sample_src_asc and sample_dst_asc 
           sets character to print in place of nonprintable characters, i.e. 'wildchar=.'
	- add functions print_ascii() and print_hex() to handle printing sampled data in ascii and hex format


 Sep 24, 2007 - Version 1.6.2-candidate.C.3  (released as beta)

     	- document additional prelude-related rule options available in docs/README  


 Sep 06, 2007 - Version 1.6.2-candidate.C.3-customoutputs  (not released - to be released as 1.6.2-candidate.C.3)

	modify apply_rules.cc, build_acl.cc, check_packet.cc, sancp.cc, gvars.h, sancp.h
        - add custom prelude output support to rules for output control; requested by Dean Takemori, forwarded by Sebastian Tricaud   
               	i.e.
                       	var trusty 10.0.0.1
	                8 trusty  any  6  any  22  prelude pass  # disable prelude output on matching secure shell connections
	                8 any  any  6  any  22  prelude log  # enable prelude output on matching secure shell connections
	

 Aug 21, 2007 - Version 1.6.2-candidate.C.2

	modify build_acl.cc
	- add --strip_8021q option, deprecate --strip_8021Q, 
	- remove backwards compatible option --strip_80211
	- fix debug compile errors  (ref: #DEBUG=1 in gvars.h )
	- fix build_acl() to read 'strip_8021q' or 'strip_8021Q' setting from configuration file
	- update print_acl() to print output formats in output from --config output
	
	modified outputFileHandle.cc 
	-add private member 'filetype', 
	-add method printFormat()
	-modify all constructor calls to pass output name to be set as filetype.
	
	modified Makefile
	-add alternate CFLAGS and LFLAGS with -Xlinker support 
	
	modify sancp.cc and gvars.h
	-add output fields 
	  'silence' - seconds since last packet 
	  'timeleft' - seconds until timeout 
	  'expired' - has expired
        -add check whether we received the exit signal before processing packets 
		to avoid logging packets to realtimes and pcap during shutdown 
	
 	modify statefull_logging.cc
	- add 'output_filename' field to --schemas output
	
	modify docs/SCHEMAS
	- update documentation for index and console output types

	modify docs/HELP
	- update documentation


  Aug 16, 2007 - Version 1.6.2-candidate.C.1 (not released)

	applied patch from Sebastien Tricaud to correct compile issue for prelude support
	modify makefile to include /usr/local/lib/pcap (per newsgroup)

  Jul 06, 2007 - Version 1.6.2-candidate.C
       add startup option -p <pidfile> to specify pidfile location

  Jul 06, 2007 - Version 1.6.1-stable - sancp-1.6.1-stable.tar.gz - released as stable
        uploaded version 1.6.1-stable on sourceforge

  Jul 05, 2007 - Version 1.6.2-candidate.C  - sancp-1.6.2-candidate.C.tar.gz -  released as Beta
       integrate prelude-support requested by Frank Van Vliet on 09/19/2005

 Sep 26, 2006 - Version 1.6.1-candidate.B.4 -  sancp-1.6.2.candidate.B.4.tar.gz -  released as Alpha
       integrate prelude-support requested by Frank Van Vliet on 09/19/2005

 Sep 26, 2006 - Version 1.6.1-candidate.B.4 -  sancp-1.6.2.candidate.B.4.tar.gz -  released as Alpha
       fix issue discovered on 09/25/2006, add new signal handling code

 Sep 22, 2006 - Version 1.6.2-candidate.B.3 - sancp-1.6.2.candidate.B.3.tar.gz - released as Alpha
        fix issue discovered on 09/21/2006

 Sep 20, 2006 - Version 1.6.2-candidate.B.2 - sancp-1.6.2.candidate.B.2.tar.gz - released as Alpha
        fix issue discovered on 09/20/2006

 Sep 19, 2006 - Version 1.6.2-candidate.B.1 - sancp-1.6.2.candidate.B.tar.gz - released as Alpha
        add pcap index output support requested by Martin Holste on 09/19/2006
        index records sancp_id, output_filename, start_pos, stop_pos for each packet written to pcap
      
 Sep 17, 2006 - Version 1.6.2-candidate.B - sancp-1.6.2-candidateB.20060917.tar.gz - not released
        incorporate changes from unreleased 1.7.0 branch into 1.6.2, enable logging sampled payload data

 Aug 11, 2006 - Version 1.6.1-dev-solaris -  sancp-1.6.1.solaris.20060811.tar.gz - not released (to be incorporated into 1.6.2) 
         final set of solaris modifications - requires more work

 Aug 09, 2006 - Version 1.6.1-dev-solaris - sancp-1.6.1.solaris.20060809.tar.gz - not released
         third set of solaris modifications

 Aug 24, 2006 - Version 1.6.2-candidate-A - sancp-1.6.2.candidate.A.tar.gz - released as Alpha
        Combine solaris branch of 1.6.1 with patches a, b, c, and d as 1.6.2 candidate A
        Solaris environment and testing provided by Anthony Spina, Sean MacLeod
        
Jul 05, 2006 -  Update sancp.sourcefourge.net post sancp 1.6.1 as Beta
        sancp-1.6.1.fix200511.a.patch - posted to sancp.sourceforge.net as Beta
        sancp-1.6.1.fix200511.b.patch - posted to sancp.sourceforge.net as Beta
        sancp-1.6.1.fix200601.c.patch - posted to sancp.sourceforge.net as Beta
        sancp-1.6.1.fix200606.d.patch - posted to sancp.sourceforge.net as Beta           
        sancp-1.6.1.fix200606.bd.patch - posted to sancp.sourceforge.net as Beta           
        sancp-1.6.1.tar.gz   - posted to sancp.sourceforge.net as Beta  

 Jun 30, 2006 -  Version 1.6.1 patch BD -  sancp-1.6.1-fix200606.bd.patch - released as Beta
        Combined patches contained in sancp-1.6.1-fix200511.b.patch and sancp-1.6.1-fix200606.d.patch
         
 Jun 30, 2006 -  Version 1.6.1 patch D -  sancp-1.6.1.fix200606.d.patch - released as Beta
        Provides fix for 100% CPU utilization issue reported by Clemente Aguiar on 04/03/2006
        Removes tcpoption parsing code from main source, disabling decoding 'wscale' (TCP window scale)
        NOTE: This patch was reported as faulty (will not compile with EXPERIMENTAL_TCPOPTIONS defined)
        and was recreated 07/05/06, copies of this patch dated earlier than 07/05/06 may not work -
        reported by Devin Kowatch 06/30/06

 Jun 16, 2006 -  Version 1.6.1-dev-solaris -  sancp-1.6.1.solaris.20060616.tar.gz - not released
        Resume development of solaris compatability on Sparc Ultra 10 received from Anthony Spina

 Jun 14, 2006 -  Version 1.6.1 patch C - sancp-1.6.1.fix200601.c.patch  - released as Beta
        Resolve compiler issues on x86-64 platform reported by Tomislav Kolanovic on 01/13/2006
         
 Apr 21, 2006 - Version  1.6.1 patch tcpoption  -  patch sancp.experimental_tcpoption.patch.1.6.1 - released as Beta
        Fix segfault, removed section for parsing tcpoptions
 
 Dec 13, 2005 - Version 1.6.1-dev-solaris - sancp-1.6.1.solaris.tar.gz - not released
        Began work on solaris compatability for

 Nov 12, 2005 - Version 1.6.1 patch B - sancp-1.6.1-fix200511.b.patch - released as Beta
        Provides fix for seg-fault at decode:69 reported by Bamm on 10/17/2005

 Nov 12, 2005 - Version 1.6.1 patch A - sancp-1.6.1-fix200511.a.patch - released as Beta
        Provides fix for duplicate connection id at check_packet:187 reported by Richard Bejtlich 11/12/2005

 Nov 01, 2005 - Version 1.7.0-alpha - sancp-1.7.0j.tgz - not released
          End development of branch 1.7.0
          Code to be incorporated into future version 1.6.2

 Oct 14, 2005 - Version 1.7.0-alpha - sancp-1.7.0i.tgz - not released
        Continue development of sampled payload data into logs

 Oct 13, 2005 - Version 1.7.0-alpha - sancp-1.7.0h.tgz - not released
        Create separate fields for sampled payload data from source and destination 

 May 11, 2005 -  Version 1.7.0-alpha - sancp-1.7.0g.tgz  - not released
        Begin development of new branch for adding sample of payload data as stats field

 Nov 01, 2004 - Version 1.6.1 - sancp-1.6.1.tar.gz - released as Beta
        Fixed problem introduced in version 1.6.0 with addition of src_mac and dst_mac reported by Bamm and Rich
        Fixed bug in sample init.d/sancpd startup script reported on #snort-gui
        Increased counters from 32bit to 64bit values:src_pkts, dst_pkts, src_bytes, dst_bytes, total_bytes, collected, and climit

 Sep 13, 2004 - Version 1.6.0  - sancp-1.6.0.tar.gz - released as Beta
        Fixed major bug with reading from a pcap file using -r option affecting how packets are decoded.
        New default output fields added: src_mac and dst_mac; see columns 49 and 50

 Sep 02, 2004 - Version 1.5.7  - sancp-1.5.7.tar.gz - released as Beta
        Disabled additional logging of realtimes to console, use -K to re-enable this 'feature.'
        Added forking -D (daemon) mode and suppresses -K, if enabled

 May 26, 2004 - Version 1.5.6 - sancp-1.5.6.tar.gz - released as Beta
       Resolved permission error when using options -u and -g to change the effective UID and GID.

 May 06, 2004 - Version 1.5.5 - sancp-1.5.5.tar.gz - released as Beta
        Increased byte and packet counters to 64bit values, rather than 32 bit
        Database tables supporting these as 32bit values should be changed to support 64bit values.
        src_pkts, dst_pkts, src_bytes, dst_bytes, climit, collected

 May 05, 2004 - Version 1.5.4 - sancp-1.5.4.tar.gz - released as Beta
        Increased byte and packet counters to 32bit values, rather than 16 bit
        Fixed incorrect behaviour of -R command line switch

 Jan 19, 2004 - Version 1.5.3 -  sancp-1.5.3.tar.gz - released as Beta

 Jan 19, 2004 - Version 1.5.2.1 -  sancp-1.5.2.1.tar.gz - released as Beta

 Jan 19, 2004 - Version 1.5.2 -  sancp-1.5.2.tar.gz - released as Beta

 Jan 17, 2004 - Version 1.5.1 -  sancp-1.5.1.tar.gz - released as Beta

 Jan 15, 2004 - Version 1.5.0 -  sancp-1.5.0.tar.gz  - released as Beta

Jan 01, 2004 - Version 1.4.1- released as Beta
        Added ability to track last connection id assigned. Stored as 64bit value in .cnxid file
        Added -C (--last_cnxid) option to specify the last connection id assigned, must be greater
        than the value stored in the .cnxid file.


Dec 15, 2003  - Version 1.4.0 - sancp-1.4.0.tgz - released as Beta
        Expanded rules to handle ethernet protocol numbers; but only IP is parsed beyond the ethernet header
        Concept of a 'default' rule is more clearly expressed in the configuration file itself
        New rules format - we now require ethernet protocol to be specified
        New var support for rules and known_ports definition
        vars can be used for: ethernet protocol, ip address, ip protocol, tcp/udp ports
        Added three new 'default' and rule options: rule id (rid), status number, and node id
        Expanded rule delimiters to include space, tab, comma, and equal signs
        BPF filter can be specified in the configuration file
        Extensive work done on configuration dump output. It now prints in a re-usable
        format, displays all defaults, known_ports, vars, and rules.
        Fixed memory leak issues with vars.
        Fixed open file handle issues


Nov 30, 2003  - Version 1.3.1 - released as Beta
        re-combined conf and rules (rewrote code to handle both interchangably)
        standardized the argument and rules parsers
        fixed problem with -F and -r options (when used together)
        fixed some fileHandle class problems regarding storing filenames

Nov 26, 2003  - Version 1.3.0 - released as Beta
        Split configuration and rules into two files
                sancp.conf, sancp.rules
        Redesigned rules
        Changed many command line options, removed others
        Renamed output files (stats,pcap,realtime)
        Updated the documentation
        Made many code changes to support new configuration and rule options


Nov 17, 2003 - 
        Specify one of seven special syslog facilities
        LOG_LOCAL1-7; the default facility is LOG_DAEMON.
            i.e. --log_facility "LOCAL1"
        Specify user and group for sancp to run under
            (setuid and setgid called after opening pcap handles)
        GMT supported (as default), use --local_time to force
            sancp to record timestamps using the local/system timezone.
        Grouped most global variables into a central structure.


Oct 21, 2003 - Version 1.2.1 - released as Beta
        Added os_info fields for destination to connection log output
         added -NO2 option which disables printing this additional
         information (for backwards compatability)
        Fixed bad mss value


Oct 13, 2003 - Version 1.2.0 - released as Beta
        ncp changes name to sancp
        Added 'lag' option
        Changed error messages to go to syslog
        Made a few corrections to documentation
        Updated Makefile
        Made a few changes to rule parsing routine
        Added quiet_mode
        Added daemon_mode
        Cleaned up pcapFileHandle.cc
        Cleaned up fileHandle.cc
        Added a few more global variables to gVars

Sept 28, 2003 - Version 1.2  - released as Beta
        posted to metre.net 
