aboutsummaryrefslogtreecommitdiff
path: root/changes
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-02-16 09:48:11 -0500
committerNick Mathewson <nickm@torproject.org>2018-02-16 09:48:11 -0500
commit2bcd264a28e2d6bec1e806e779bf82435c9c7505 (patch)
treea134a572dd26adf0bef4cf6f2fad56b21c0032b4 /changes
parent3930ffdf63425c344e14c45cff6780108cfa038b (diff)
parentcb92d47deca15c44dd52cad6fc326520648c632e (diff)
downloadtor-2bcd264a28e2d6bec1e806e779bf82435c9c7505.tar.gz
tor-2bcd264a28e2d6bec1e806e779bf82435c9c7505.zip
Merge branch 'maint-0.2.9' into maint-0.3.1
Diffstat (limited to 'changes')
-rw-r--r--changes/bug249525
-rw-r--r--changes/bug252234
-rw-r--r--changes/ticket2490213
-rw-r--r--changes/ticket251224
-rw-r--r--changes/ticket252024
5 files changed, 30 insertions, 0 deletions
diff --git a/changes/bug24952 b/changes/bug24952
new file mode 100644
index 0000000000..93174c04f5
--- /dev/null
+++ b/changes/bug24952
@@ -0,0 +1,5 @@
+ o Minor bugfix (channel connection):
+ - The accurate address of a connection is real_addr, not the addr member.
+ TLS Channel remote address is now real_addr content instead of addr
+ member. Fixes bug 24952; bugfix on 707c1e2e26 in 0.2.4.11-alpha.
+ Patch by "ffmancera".
diff --git a/changes/bug25223 b/changes/bug25223
new file mode 100644
index 0000000000..fdd5563500
--- /dev/null
+++ b/changes/bug25223
@@ -0,0 +1,4 @@
+ o Minor bugfixes (DoS mitigation):
+ - Make sure we don't modify consensus parameters if we aren't a public
+ relay when a new consensus arrives. Fixes bug 25223; bugfix on
+ 0.3.3.2-alpha.
diff --git a/changes/ticket24902 b/changes/ticket24902
new file mode 100644
index 0000000000..1a2ef95cc9
--- /dev/null
+++ b/changes/ticket24902
@@ -0,0 +1,13 @@
+ o Major features (denial of service mitigation):
+ - Give relays some defenses against the recent network overload. We start
+ with three defenses (default parameters in parentheses). First: if a
+ single client address makes too many concurrent connections (>100), hang
+ up on further connections. Second: if a single client address makes
+ circuits too quickly (more than 3 per second, with an allowed burst of
+ 90) while also having too many connections open (3), refuse new create
+ cells for the next while (1-2 hours). Third: if a client asks to
+ establish a rendezvous point to you directly, ignore the request. These
+ defenses can be manually controlled by new torrc options, but relays
+ will also take guidance from consensus parameters, so there's no need to
+ configure anything manually. Implements ticket 24902.
+
diff --git a/changes/ticket25122 b/changes/ticket25122
new file mode 100644
index 0000000000..2921811b22
--- /dev/null
+++ b/changes/ticket25122
@@ -0,0 +1,4 @@
+ o Minor feature (geoip cache):
+ - Make our OOM handler aware of the geoip client history cache so it
+ doesn't fill up the memory which is especially important for IPv6 and
+ our DoS mitigation subsystem. Closes ticket 25122.
diff --git a/changes/ticket25202 b/changes/ticket25202
new file mode 100644
index 0000000000..ba64abad7b
--- /dev/null
+++ b/changes/ticket25202
@@ -0,0 +1,4 @@
+ o Minor bugfixes (DoS mitigation):
+ - Add extra safety checks when refilling the circuit creation bucket to
+ ensure we never set a value that is above the allowed burst. Fixes
+ bug 25202; bugfix on 0.3.3.2-alpha.