From 1e1e88e6d921831b5453752a391c8c1438dec649 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Tue, 18 Nov 2014 11:41:44 +0100
Subject: [PATCH] NEWS: Introduce connmark plugin

---
 NEWS | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/NEWS b/NEWS
index 976f34c181..9a21f84e99 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,12 @@
   as any previous strongSwan release) it must be explicitly enabled using
   the charon.make_before_break strongswan.conf option.
 
+- The new connmark plugin allows a host to bind conntrack flows to a specific
+  CHILD_SA by applying and restoring the SA mark to conntrack entries. This
+  allows a peer to handle multiple transport mode connections coming over the
+  same NAT device for client-initiated flows. A common use case is to protect
+  L2TP/IPsec, as supported by some systems.
+
 
 strongswan-5.2.2
 ----------------
-- 
2.47.2