$Id: CHANGES,v 1.56 2002/04/08 19:12:30 crowland Exp crowland $

Psionic PortSentry 2.x Changes

12-23-2001 - Project Begins. 

12-23-2001 - 2.0b1 - Here's what I did while rotting in the Greensville, SC 
and Charlottesville, NC airports today:
	- Researched pcap support
	- Wrote pcap functional spec
	- Broke out new functions for AdvancedStealthMode
	- Added in JRF's patch

3-05-2002 - 2.0b1 - Sat down last week and finally banged all of this out. Here are the 
changes:
	- Implemented pcap support
	- Cleaned up almost every major function.
	- Deleted lots of redundant code.
	- Consolidated functions
	- Broke out analysis engine to add in new checks.
	- Pulled JRF's patch (sorry Jeremy). Testing with new pcap support for stability
	first and then will apply changes.
	- The PORT_BANNER Option has gone away.
	- The "Classic" TCP/UDP modes have gone away.
	- Advanced mode TCP/UPD mode is not in operation yet and will be added back 
	later.
	- PortSentry runs all protection modes from one process
	- PortSentry no longer has command line options. Everything is in the config 
	file.
	- Eliminated multiple blocked file types.
	- Test, test, test
	
3-26-2002 - 2.0b1 - More fixes
	- Cleaned up various functions
	- Fixed TCP/UDP port parsing function to build out BPF filter
	- Made configtoken function null out variable before use to allow
	for checking empty config variables
	- TCP and UDP modes now work
	- Parent process now exits without bogus "Shutting down" message
	

3-27-2002
	- Removed check in SubstString function to check for too great a 
	length in passed arguments because the arithmetic was wrong anyway
	and it's not needed because excess length is chopped anyway.
	- Remove DynString function because it's not being used now.
	- Reads in INTERFACE option from config. Auto-determines interface if set to "auto"

3-29-2002
	- Fixed BPF filter generation. Now ignores local system IP 
	correctly.
	- Put in INTERACE_ADDRESS config option to bypass libpcap's seeming
	inability to determine the interfaces own address. This needs to
	be changed to do this automatically later.
	- Cleaned up adminalert messages to some degree. Made initconfig
	report adminalerts on config errors for consistency.
	- Changed .conf comments and removed 333.444.555.666 in bogus 
	addresses and replaced with XXX.XXX.XXX.XXX because some people
	don't read the directions and try to use the 333.444.555.666
	address for a bogus route.
	- Print out monitored port list to log file on init

4-8-2002 
	- Removed alerting for unused TCP flags because it can false 
	alarm with Explicit Congestion Notification aware kernels. These
	flags are still reported under the unknown scan type though.
	- Cleaned up for public beta.
	- Changed package so everything runs from portsentry2 directory
	to prevent people from mashing versions


