diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-02-16 09:41:06 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-02-16 09:41:06 -0500 |
| commit | cb92d47deca15c44dd52cad6fc326520648c632e (patch) | |
| tree | 4a13531c5add07457232ad2d112e0cc17d2a7da6 /changes | |
| parent | 2b99350ca4c905db1bd4f1aecc630b4f55933e96 (diff) | |
| parent | e7f631478254c38d6d8b1bea65840b4c6429e4f4 (diff) | |
| download | tor-cb92d47deca15c44dd52cad6fc326520648c632e.tar.gz tor-cb92d47deca15c44dd52cad6fc326520648c632e.zip | |
Merge remote-tracking branch 'dgoulet/ticket24902_029_05' into maint-0.2.9
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug24952 | 5 | ||||
| -rw-r--r-- | changes/bug25223 | 4 | ||||
| -rw-r--r-- | changes/ticket24902 | 13 | ||||
| -rw-r--r-- | changes/ticket25122 | 4 | ||||
| -rw-r--r-- | changes/ticket25202 | 4 |
5 files changed, 30 insertions, 0 deletions
diff --git a/changes/bug24952 b/changes/bug24952 new file mode 100644 index 0000000000..93174c04f5 --- /dev/null +++ b/changes/bug24952 @@ -0,0 +1,5 @@ + o Minor bugfix (channel connection): + - The accurate address of a connection is real_addr, not the addr member. + TLS Channel remote address is now real_addr content instead of addr + member. Fixes bug 24952; bugfix on 707c1e2e26 in 0.2.4.11-alpha. + Patch by "ffmancera". diff --git a/changes/bug25223 b/changes/bug25223 new file mode 100644 index 0000000000..fdd5563500 --- /dev/null +++ b/changes/bug25223 @@ -0,0 +1,4 @@ + o Minor bugfixes (DoS mitigation): + - Make sure we don't modify consensus parameters if we aren't a public + relay when a new consensus arrives. Fixes bug 25223; bugfix on + 0.3.3.2-alpha. diff --git a/changes/ticket24902 b/changes/ticket24902 new file mode 100644 index 0000000000..1a2ef95cc9 --- /dev/null +++ b/changes/ticket24902 @@ -0,0 +1,13 @@ + o Major features (denial of service mitigation): + - Give relays some defenses against the recent network overload. We start + with three defenses (default parameters in parentheses). First: if a + single client address makes too many concurrent connections (>100), hang + up on further connections. Second: if a single client address makes + circuits too quickly (more than 3 per second, with an allowed burst of + 90) while also having too many connections open (3), refuse new create + cells for the next while (1-2 hours). Third: if a client asks to + establish a rendezvous point to you directly, ignore the request. These + defenses can be manually controlled by new torrc options, but relays + will also take guidance from consensus parameters, so there's no need to + configure anything manually. Implements ticket 24902. + diff --git a/changes/ticket25122 b/changes/ticket25122 new file mode 100644 index 0000000000..2921811b22 --- /dev/null +++ b/changes/ticket25122 @@ -0,0 +1,4 @@ + o Minor feature (geoip cache): + - Make our OOM handler aware of the geoip client history cache so it + doesn't fill up the memory which is especially important for IPv6 and + our DoS mitigation subsystem. Closes ticket 25122. diff --git a/changes/ticket25202 b/changes/ticket25202 new file mode 100644 index 0000000000..ba64abad7b --- /dev/null +++ b/changes/ticket25202 @@ -0,0 +1,4 @@ + o Minor bugfixes (DoS mitigation): + - Add extra safety checks when refilling the circuit creation bucket to + ensure we never set a value that is above the allowed burst. Fixes + bug 25202; bugfix on 0.3.3.2-alpha. |