From: Martin Willi <martin@revosec.ch>
Date: Tue, 18 Nov 2014 10:41:44 +0000 (+0100)
Subject: NEWS: Introduce connmark plugin
X-Git-Tag: 5.3.0dr1~76^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e1e88e6d921831b5453752a391c8c1438dec649;p=thirdparty%2Fstrongswan.git

NEWS: Introduce connmark plugin
---

diff --git a/NEWS b/NEWS
index 976f34c181..9a21f84e99 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,12 @@
   as any previous strongSwan release) it must be explicitly enabled using
   the charon.make_before_break strongswan.conf option.
 
+- The new connmark plugin allows a host to bind conntrack flows to a specific
+  CHILD_SA by applying and restoring the SA mark to conntrack entries. This
+  allows a peer to handle multiple transport mode connections coming over the
+  same NAT device for client-initiated flows. A common use case is to protect
+  L2TP/IPsec, as supported by some systems.
+
 
 strongswan-5.2.2
 ----------------