Merge branch 'maint-0.2.9' into maint-0.3.1

  o Minor bugfix (channel connection):

    - The accurate address of a connection is real_addr, not the addr member.

      TLS Channel remote address is now real_addr content instead of addr

      member. Fixes bug 24952; bugfix on 707c1e2e26 in 0.2.4.11-alpha.

      Patch by "ffmancera".

  o Minor bugfixes (DoS mitigation):

    - Make sure we don't modify consensus parameters if we aren't a public

      relay when a new consensus arrives. Fixes bug 25223; bugfix on

      0.3.3.2-alpha.

  o Major features (denial of service mitigation):

    - Give relays some defenses against the recent network overload. We start

      with three defenses (default parameters in parentheses). First: if a

      single client address makes too many concurrent connections (>100), hang

      up on further connections. Second: if a single client address makes

      circuits too quickly (more than 3 per second, with an allowed burst of

      90) while also having too many connections open (3), refuse new create

      cells for the next while (1-2 hours). Third: if a client asks to

      establish a rendezvous point to you directly, ignore the request. These

      defenses can be manually controlled by new torrc options, but relays

      will also take guidance from consensus parameters, so there's no need to

      configure anything manually. Implements ticket 24902.

  o Minor feature (geoip cache):

    - Make our OOM handler aware of the geoip client history cache so it

      doesn't fill up the memory which is especially important for IPv6 and

      our DoS mitigation subsystem. Closes ticket 25122.

  o Minor bugfixes (DoS mitigation):

    - Add extra safety checks when refilling the circuit creation bucket to

      ensure we never set a value that is above the allowed burst. Fixes

      bug 25202; bugfix on 0.3.3.2-alpha.