NEWS: Introduce connmark plugin

author Martin Willi <martin@revosec.ch>

Tue, 18 Nov 2014 10:41:44 +0000 (11:41 +0100)

committer Martin Willi <martin@revosec.ch>

Fri, 20 Feb 2015 15:34:54 +0000 (16:34 +0100)
author Martin Willi <martin@revosec.ch>
Tue, 18 Nov 2014 10:41:44 +0000 (11:41 +0100)
committer Martin Willi <martin@revosec.ch>
Fri, 20 Feb 2015 15:34:54 +0000 (16:34 +0100)
diff --git a/NEWS b/NEWS

index 976f34c181d5b60df96fb87f05a8a12a7b0a9b97..9a21f84e99d686736fb0fa73b35dd71cd2b48726 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,12 @@
    as any previous strongSwan release) it must be explicitly enabled using
    the charon.make_before_break strongswan.conf option.
  
+- The new connmark plugin allows a host to bind conntrack flows to a specific
+  CHILD_SA by applying and restoring the SA mark to conntrack entries. This
+  allows a peer to handle multiple transport mode connections coming over the
+  same NAT device for client-initiated flows. A common use case is to protect
+  L2TP/IPsec, as supported by some systems.
+
  
  strongswan-5.2.2
  ----------------
author	Martin Willi <martin@revosec.ch>
	Tue, 18 Nov 2014 10:41:44 +0000 (11:41 +0100)
committer	Martin Willi <martin@revosec.ch>
	Fri, 20 Feb 2015 15:34:54 +0000 (16:34 +0100)