From: Martin Willi <martin@revosec.ch>
Date: Fri, 11 Oct 2013 09:40:02 +0000 (+0200)
Subject: NEWS: Updates for the ah, libipsec-usestats and printf-hook merges
X-Git-Tag: 5.1.1rc1~45
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=390d2b50b3ad0426d23d72f96682853141fb1a0a;p=thirdparty%2Fstrongswan.git

NEWS: Updates for the ah, libipsec-usestats and printf-hook merges
---

diff --git a/NEWS b/NEWS
index dca9b236da..b2a0587024 100644
--- a/NEWS
+++ b/NEWS
@@ -17,14 +17,27 @@ strongswan-5.1.1
   modeconfig=push option enables it for both client and server, the same way
   as pluto used it.
 
+- Using the "ah" ipsec.conf keyword on both IKEv1 and IKEv2 connections,
+  charon can negotiate and install Security Associations integrity-protected by
+  the Authentication Header protocol. Supported are plain AH(+IPComp) SAs only,
+  but not the deprecated RFC2401 style ESP+AH bundles.
+
 - The left and right options in ipsec.conf can take multiple address ranges
   and subnets. This allows connection matching against a larger set of
   addresses, for example to use a different connection for clients connecting
   from a internal network.
 
+- The kernel-libipsec userland IPsec backend now supports usage statistics,
+  volume based rekeying and accepts ESPv3 style TFC padded packets.
+
 - load-tester supports transport mode connections and more complex traffic
   selectors, including such using unique ports for each tunnel.
 
+- libstrongswan now can provide an experimental custom implementation of the
+  printf family functions based on klibc if neither Vstr nor glibc style printf
+  hooks are available. This can avoid the Vstr dependency on some systems at
+  the cost of slower and less complete printf functions.
+
 
 strongswan-5.1.0
 ----------------