diff options
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug24952 | 5 | ||||
| -rw-r--r-- | changes/ticket24902 | 13 |
2 files changed, 18 insertions, 0 deletions
diff --git a/changes/bug24952 b/changes/bug24952 new file mode 100644 index 0000000000..93174c04f5 --- /dev/null +++ b/changes/bug24952 @@ -0,0 +1,5 @@ + o Minor bugfix (channel connection): + - The accurate address of a connection is real_addr, not the addr member. + TLS Channel remote address is now real_addr content instead of addr + member. Fixes bug 24952; bugfix on 707c1e2e26 in 0.2.4.11-alpha. + Patch by "ffmancera". diff --git a/changes/ticket24902 b/changes/ticket24902 new file mode 100644 index 0000000000..1a2ef95cc9 --- /dev/null +++ b/changes/ticket24902 @@ -0,0 +1,13 @@ + o Major features (denial of service mitigation): + - Give relays some defenses against the recent network overload. We start + with three defenses (default parameters in parentheses). First: if a + single client address makes too many concurrent connections (>100), hang + up on further connections. Second: if a single client address makes + circuits too quickly (more than 3 per second, with an allowed burst of + 90) while also having too many connections open (3), refuse new create + cells for the next while (1-2 hours). Third: if a client asks to + establish a rendezvous point to you directly, ignore the request. These + defenses can be manually controlled by new torrc options, but relays + will also take guidance from consensus parameters, so there's no need to + configure anything manually. Implements ticket 24902. + |