Loading doc/tor.1.txt +21 −14 Original line number Diff line number Diff line Loading @@ -2454,7 +2454,7 @@ Denial of Service mitigation subsystem. address is positively identified, tor will activate defenses against the address. See the DoSCircuitCreationDefenseType option for more details. This is a client to relay detection only. "auto" means use the consensus parameter. parameter. If not defined in the consensus, the value is 0. (Default: auto) [[DoSCircuitCreationMinConnections]] **DoSCircuitCreationMinConnections** __NUM__:: Loading @@ -2463,19 +2463,22 @@ Denial of Service mitigation subsystem. flagged as executing a circuit creation DoS. In other words, once a client address reaches the circuit rate and has a minimum of NUM concurrent connections, a detection is positive. "0" means use the consensus parameter. parameter. If not defined in the consensus, the value is 3. (Default: 0) [[DoSCircuitCreationRate]] **DoSCircuitCreationRate** __NUM__:: The allowed circuit creation rate per second applied per client IP address. If this option is 0, it obeys a consensus parameter. (Default: 0) address. If this option is 0, it obeys a consensus parameter. If not defined in the consensus, the value is 3. (Default: 0) [[DoSCircuitCreationBurst]] **DoSCircuitCreationBurst** __NUM__:: The allowed circuit creation burst per client IP address. If the circuit rate and the burst are reached, a client is marked as executing a circuit creation DoS. "0" means use the consensus parameter. creation DoS. "0" means use the consensus parameter. If not defined in the consensus, the value is 90. (Default: 0) [[DoSCircuitCreationDefenseType]] **DoSCircuitCreationDefenseType** __NUM__:: Loading @@ -2486,28 +2489,31 @@ Denial of Service mitigation subsystem. 1: No defense. 2: Refuse circuit creation for the DoSCircuitCreationDefenseTimePeriod period of time. + "0" means use the consensus parameter. "0" means use the consensus parameter. If not defined in the consensus, the value is 2. (Default: 0) [[DoSCircuitCreationDefenseTimePeriod]] **DoSCircuitCreationDefenseTimePeriod** __NUM__:: [[DoSCircuitCreationDefenseTimePeriod]] **DoSCircuitCreationDefenseTimePeriod** __N__ **seconds**|**minutes**|**hours**:: The base time period that the DoS defense is activated for. The actual value is selected randomly for each activation from NUM+1 to 3/2 * NUM. "0" means use the consensus parameter. (Default: 0) The base time period in seconds that the DoS defense is activated for. The actual value is selected randomly for each activation from N+1 to 3/2 * N. "0" means use the consensus parameter. If not defined in the consensus, the value is 3600 seconds (1 hour). (Default: 0) [[DoSConnectionEnabled]] **DoSConnectionEnabled** **0**|**1**|**auto**:: Enable the connection DoS mitigation. For client address only, this allows tor to mitigate against large number of concurrent connections made by a single IP address. "auto" means use the consensus parameter. single IP address. "auto" means use the consensus parameter. If not defined in the consensus, the value is 0. (Default: auto) [[DoSConnectionMaxConcurrentCount]] **DoSConnectionMaxConcurrentCount** __NUM__:: The maximum threshold of concurrent connection from a client IP address. Above this limit, a defense selected by DoSConnectionDefenseType is applied. "0" means use the consensus parameter. applied. "0" means use the consensus parameter. If not defined in the consensus, the value is 100. (Default: 0) [[DoSConnectionDefenseType]] **DoSConnectionDefenseType** __NUM__:: Loading @@ -2518,7 +2524,8 @@ Denial of Service mitigation subsystem. 1: No defense. 2: Immediately close new connections. + "0" means use the consensus parameter. "0" means use the consensus parameter. If not defined in the consensus, the value is 2. (Default: 0) [[DoSRefuseSingleHopClientRendezvous]] **DoSRefuseSingleHopClientRendezvous** **0**|**1**|**auto**:: Loading @@ -2526,7 +2533,7 @@ Denial of Service mitigation subsystem. Refuse establishment of rendezvous points for single hop clients. In other words, if a client directly connects to the relay and sends an ESTABLISH_RENDEZVOUS cell, it is silently dropped. "auto" means use the consensus parameter. consensus parameter. If not defined in the consensus, the value is 0. (Default: auto) TESTING NETWORK OPTIONS Loading Loading
doc/tor.1.txt +21 −14 Original line number Diff line number Diff line Loading @@ -2454,7 +2454,7 @@ Denial of Service mitigation subsystem. address is positively identified, tor will activate defenses against the address. See the DoSCircuitCreationDefenseType option for more details. This is a client to relay detection only. "auto" means use the consensus parameter. parameter. If not defined in the consensus, the value is 0. (Default: auto) [[DoSCircuitCreationMinConnections]] **DoSCircuitCreationMinConnections** __NUM__:: Loading @@ -2463,19 +2463,22 @@ Denial of Service mitigation subsystem. flagged as executing a circuit creation DoS. In other words, once a client address reaches the circuit rate and has a minimum of NUM concurrent connections, a detection is positive. "0" means use the consensus parameter. parameter. If not defined in the consensus, the value is 3. (Default: 0) [[DoSCircuitCreationRate]] **DoSCircuitCreationRate** __NUM__:: The allowed circuit creation rate per second applied per client IP address. If this option is 0, it obeys a consensus parameter. (Default: 0) address. If this option is 0, it obeys a consensus parameter. If not defined in the consensus, the value is 3. (Default: 0) [[DoSCircuitCreationBurst]] **DoSCircuitCreationBurst** __NUM__:: The allowed circuit creation burst per client IP address. If the circuit rate and the burst are reached, a client is marked as executing a circuit creation DoS. "0" means use the consensus parameter. creation DoS. "0" means use the consensus parameter. If not defined in the consensus, the value is 90. (Default: 0) [[DoSCircuitCreationDefenseType]] **DoSCircuitCreationDefenseType** __NUM__:: Loading @@ -2486,28 +2489,31 @@ Denial of Service mitigation subsystem. 1: No defense. 2: Refuse circuit creation for the DoSCircuitCreationDefenseTimePeriod period of time. + "0" means use the consensus parameter. "0" means use the consensus parameter. If not defined in the consensus, the value is 2. (Default: 0) [[DoSCircuitCreationDefenseTimePeriod]] **DoSCircuitCreationDefenseTimePeriod** __NUM__:: [[DoSCircuitCreationDefenseTimePeriod]] **DoSCircuitCreationDefenseTimePeriod** __N__ **seconds**|**minutes**|**hours**:: The base time period that the DoS defense is activated for. The actual value is selected randomly for each activation from NUM+1 to 3/2 * NUM. "0" means use the consensus parameter. (Default: 0) The base time period in seconds that the DoS defense is activated for. The actual value is selected randomly for each activation from N+1 to 3/2 * N. "0" means use the consensus parameter. If not defined in the consensus, the value is 3600 seconds (1 hour). (Default: 0) [[DoSConnectionEnabled]] **DoSConnectionEnabled** **0**|**1**|**auto**:: Enable the connection DoS mitigation. For client address only, this allows tor to mitigate against large number of concurrent connections made by a single IP address. "auto" means use the consensus parameter. single IP address. "auto" means use the consensus parameter. If not defined in the consensus, the value is 0. (Default: auto) [[DoSConnectionMaxConcurrentCount]] **DoSConnectionMaxConcurrentCount** __NUM__:: The maximum threshold of concurrent connection from a client IP address. Above this limit, a defense selected by DoSConnectionDefenseType is applied. "0" means use the consensus parameter. applied. "0" means use the consensus parameter. If not defined in the consensus, the value is 100. (Default: 0) [[DoSConnectionDefenseType]] **DoSConnectionDefenseType** __NUM__:: Loading @@ -2518,7 +2524,8 @@ Denial of Service mitigation subsystem. 1: No defense. 2: Immediately close new connections. + "0" means use the consensus parameter. "0" means use the consensus parameter. If not defined in the consensus, the value is 2. (Default: 0) [[DoSRefuseSingleHopClientRendezvous]] **DoSRefuseSingleHopClientRendezvous** **0**|**1**|**auto**:: Loading @@ -2526,7 +2533,7 @@ Denial of Service mitigation subsystem. Refuse establishment of rendezvous points for single hop clients. In other words, if a client directly connects to the relay and sends an ESTABLISH_RENDEZVOUS cell, it is silently dropped. "auto" means use the consensus parameter. consensus parameter. If not defined in the consensus, the value is 0. (Default: auto) TESTING NETWORK OPTIONS Loading
David Goulet <dgoulet@torproject.org>