1 files changed, 56 insertions, 3 deletions

diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt
index ad6ec8ba8d..2a936f6702 100644
--- a/doc/man/tor.1.txt
+++ b/doc/man/tor.1.txt
@@ -1010,7 +1010,7 @@ forward slash (/) in the configuration file and on the command line.
     equivalent option for directory connections, because all Tor client versions
     that support this option download directory documents via OR connections. +
 +
-    The only protocol supported right now 'haproxy'. This option is only for
+    The only protocol supported right now is 'haproxy'. This option is only for
     clients. (Default: none) +
 +
     The HAProxy version 1 proxy protocol is described in detail at
@@ -2385,6 +2385,16 @@ is non-zero):
     policy options are set, Tor behaves as if ExitRelay were set to 0.
     (Default: auto)
 
+[[ReevaluateExitPolicy]] **ReevaluateExitPolicy** **0**|**1**::
+    If set, reevaluate the exit policy on existing connections when reloading
+    configuration. +
+     +
+    When the exit policy of an exit node change while reloading configuration,
+    connections made prior to this change could violate the new policy. By
+    setting this to 1, Tor will check if such connections exist, and mark them
+    for termination.
+    (Default: 0)
+
 [[ExtendAllowPrivateAddresses]] **ExtendAllowPrivateAddresses** **0**|**1**::
     When this option is enabled, Tor will connect to relays on localhost,
     RFC1918 addresses, and so on. In particular, Tor will make direct OR
@@ -3026,6 +3036,44 @@ Denial of Service mitigation subsystem described above.
     consensus parameter. If not defined in the consensus, the value is 0.
     (Default: auto)
 
+The following options are useful only for a exit relay.
+
+[[DoSStreamCreationEnabled]] **DoSStreamCreationEnabled** **0**|**1**|**auto**::
+
+    Enable the stream DoS mitigation. If set to 1 (enabled), tor will apply
+    rate limit on the creation of new streams and dns requests per circuit.
+    "auto" means use the consensus parameter. If not defined in the consensus,
+    the value is 0. (Default: auto)
+
+[[DoSStreamCreationDefenseType]] **DoSStreamCreationDefenseType** __NUM__::
+
+    This is the type of defense applied to a detected circuit or stream for the
+    stream mitigation. The possible values are:
+     +
+      1: No defense.
+     +
+      2: Reject the stream or resolve request.
+     +
+      3: Close the circuit creating too many streams.
+     +
+    "0" means use the consensus parameter. If not defined in the consensus, the value is 2.
+    (Default: 0)
+
+[[DoSStreamCreationRate]] **DoSStreamCreationRate** __NUM__::
+
+    The allowed rate of stream creation from a single circuit per second. Coupled
+    with the burst (see below), if the limit is reached, actions can be taken
+    against the stream or circuit (DoSStreamCreationDefenseType). If not defined or
+    set to 0, it is controlled by a consensus parameter. If not defined in the
+    consensus, the value is 100. (Default: 0)
+
+[[DoSStreamCreationBurst]] **DoSStreamCreationBurst** __NUM__::
+
+    The allowed burst of stream creation from a circuit per second.
+    See the DoSStreamCreationRate for more details on this detection. If
+    not defined or set to 0, it is controlled by a consensus parameter. If not
+    defined in the consensus, the value is 300. (Default: 0)
+
 
 For onion services, mitigations are a work in progress and multiple options
 are currently available.
@@ -3080,7 +3128,7 @@ hard and are likely different for each service operator.
 Why is this not helping reachability of the service? Because the defenses are
 at the introduction point, an attacker can easily flood all introduction point
 rendering the service unavailable due to no client being able to pass through.
-But, the service itself is not overwhelmed with connetions allowing it to
+But, the service itself is not overwhelmed with connections allowing it to
 function properly for the few clients that were able to go through or other any
 services running on the same tor instance.
 
@@ -3370,6 +3418,11 @@ on the public Tor network.
     multiple times: the values from multiple lines are spliced together. When
     this is set then **VersioningAuthoritativeDirectory** should be set too.
 
+[[MinimalAcceptedServerVersion]] **MinimalAcceptedServerVersion** __STRING__::
+   STRING is the oldest Tor version accepted by the directory authority for
+   relays and bridge. Any older version will be rejected.
+   (Default: 0.4.7.0-alpha-dev)
+
 [[V3AuthDistDelay]] **V3AuthDistDelay** __N__ **seconds**|**minutes**|**hours**::
     V3 authoritative directories only. Configures the server's preferred  delay
     between publishing its consensus and signature and assuming  it has all the
@@ -4064,7 +4117,7 @@ __DataDirectory__/**`stats/hidserv-stats`**::
     of what fraction of the traffic is hidden service rendezvous traffic, and
     approximately how many hidden services the relay has seen.
 
-__DataDirectory__/**networkstatus-bridges`**::
+__DataDirectory__/**`networkstatus-bridges`**::
     Only used by authoritative bridge directories. Contains information
     about bridges that have self-reported themselves to the bridge
     authority.