1 files changed, 29 insertions, 51 deletions

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 41dab4ae38..8ecc4175d1 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -238,7 +238,7 @@ GENERAL OPTIONS
 [[RelayBandwidthBurst]] **RelayBandwidthBurst** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**TBytes**|**KBits**|**MBits**|**GBits**|**TBits**::
     If not 0, limit the maximum token bucket size (also known as the burst) for
     \_relayed traffic_ to the given number of bytes in each direction.
-    They do not include directory fetches by the relay (from authority 
+    They do not include directory fetches by the relay (from authority
     or other relays), because that is considered "client" activity. (Default: 0)
 
 [[PerConnBWRate]] **PerConnBWRate** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**TBytes**|**KBits**|**MBits**|**GBits**|**TBits**::
@@ -608,10 +608,10 @@ GENERAL OPTIONS
     in accordance to RFC 1929. Both username and password must be between 1 and
     255 characters.
 
-[[SocksSocketsGroupWritable]] **SocksSocketsGroupWritable** **0**|**1**::
+[[UnixSocksGroupWritable]] **UnixSocksGroupWritable** **0**|**1**::
     If this option is set to 0, don't allow the filesystem group to read and
-    write unix sockets (e.g. SocksSocket). If the option is set to 1, make
-    the SocksSocket socket readable and writable by the default GID. (Default: 0)
+    write unix sockets (e.g. SocksPort unix:). If the option is set to 1, make
+    the Unix socket readable and writable by the default GID. (Default: 0)
 
 [[KeepalivePeriod]] **KeepalivePeriod** __NUM__::
     To keep firewalls from expiring connections, send a padding keepalive cell
@@ -650,7 +650,8 @@ GENERAL OPTIONS
  +
     The currently recognized domains are: general, crypto, net, config, fs,
     protocol, mm, http, app, control, circ, rend, bug, dir, dirserv, or, edge,
-    acct, hist, and handshake.  Domain names are case-insensitive. +
+    acct, hist, handshake, heartbeat, channel, sched, guard, consdiff, and dos.
+    Domain names are case-insensitive. +
  +
     For example, "`Log [handshake]debug [~net,~mm]info notice stdout`" sends
     to stdout: all handshake messages of any severity, all info-and-higher
@@ -1757,14 +1758,6 @@ The following options are useful only for clients (that is, if
     which are advanced by connection failures. (Default: 0, 3, 7, 3600,
     10800, 25200, 54000, 111600, 262800)
 
-[[ClientBootstrapConsensusMaxDownloadTries]] **ClientBootstrapConsensusMaxDownloadTries** __NUM__::
-    Try this many times to download a consensus while bootstrapping using
-    fallback directory mirrors before giving up. (Default: 7)
-
-[[ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries]] **ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries** __NUM__::
-    Try this many times to download a consensus while bootstrapping using
-    authorities before giving up. (Default: 4)
-
 [[ClientBootstrapConsensusMaxInProgressTries]] **ClientBootstrapConsensusMaxInProgressTries** __NUM__::
     Try this many simultaneous connections to download a consensus before
     waiting for one to complete, timeout, or error out. (Default: 3)
@@ -2696,7 +2689,7 @@ The following options are used to configure a hidden service.
 [[HiddenServiceMaxStreams]] **HiddenServiceMaxStreams** __N__::
    The maximum number of simultaneous streams (connections) per rendezvous
    circuit. The maximum value allowed is 65535. (Setting this to 0 will allow
-   an unlimited number of simultanous streams.) (Default: 0)
+   an unlimited number of simultaneous streams.) (Default: 0)
 
 [[HiddenServiceMaxStreamsCloseCircuit]] **HiddenServiceMaxStreamsCloseCircuit** **0**|**1**::
    If set to 1, then exceeding **HiddenServiceMaxStreams** will cause the
@@ -2766,7 +2759,7 @@ Denial of Service mitigation subsystem.
     address is positively identified, tor will activate defenses against the
     address. See the DoSCircuitCreationDefenseType option for more details.
     This is a client to relay detection only. "auto" means use the consensus
-    parameter.
+    parameter. If not defined in the consensus, the value is 0.
     (Default: auto)
 
 [[DoSCircuitCreationMinConnections]] **DoSCircuitCreationMinConnections** __NUM__::
@@ -2775,19 +2768,22 @@ Denial of Service mitigation subsystem.
     flagged as executing a circuit creation DoS. In other words, once a client
     address reaches the circuit rate and has a minimum of NUM concurrent
     connections, a detection is positive. "0" means use the consensus
-    parameter.
+    parameter. If not defined in the consensus, the value is 3.
     (Default: 0)
 
 [[DoSCircuitCreationRate]] **DoSCircuitCreationRate** __NUM__::
 
     The allowed circuit creation rate per second applied per client IP
-    address. If this option is 0, it obeys a consensus parameter. (Default: 0)
+    address. If this option is 0, it obeys a consensus parameter. If not
+    defined in the consensus, the value is 3.
+    (Default: 0)
 
 [[DoSCircuitCreationBurst]] **DoSCircuitCreationBurst** __NUM__::
 
     The allowed circuit creation burst per client IP address. If the circuit
     rate and the burst are reached, a client is marked as executing a circuit
-    creation DoS. "0" means use the consensus parameter.
+    creation DoS. "0" means use the consensus parameter. If not defined in the
+    consensus, the value is 90.
     (Default: 0)
 
 [[DoSCircuitCreationDefenseType]] **DoSCircuitCreationDefenseType** __NUM__::
@@ -2798,28 +2794,31 @@ Denial of Service mitigation subsystem.
       1: No defense.
       2: Refuse circuit creation for the DoSCircuitCreationDefenseTimePeriod period of time.
 +
-    "0" means use the consensus parameter.
+    "0" means use the consensus parameter. If not defined in the consensus,
+    the value is 2.
     (Default: 0)
 
-[[DoSCircuitCreationDefenseTimePeriod]] **DoSCircuitCreationDefenseTimePeriod** __NUM__::
+[[DoSCircuitCreationDefenseTimePeriod]] **DoSCircuitCreationDefenseTimePeriod** __N__ **seconds**|**minutes**|**hours**::
 
-    The base time period that the DoS defense is activated for. The actual
-    value is selected randomly for each activation from NUM+1 to 3/2 * NUM.
-    "0" means use the consensus parameter.
-    (Default: 0)
+    The base time period in seconds that the DoS defense is activated for. The
+    actual value is selected randomly for each activation from N+1 to 3/2 * N.
+    "0" means use the consensus parameter. If not defined in the consensus,
+    the value is 3600 seconds (1 hour).  (Default: 0)
 
 [[DoSConnectionEnabled]] **DoSConnectionEnabled** **0**|**1**|**auto**::
 
     Enable the connection DoS mitigation. For client address only, this allows
     tor to mitigate against large number of concurrent connections made by a
-    single IP address. "auto" means use the consensus parameter.
+    single IP address. "auto" means use the consensus parameter. If not
+    defined in the consensus, the value is 0.
     (Default: auto)
 
 [[DoSConnectionMaxConcurrentCount]] **DoSConnectionMaxConcurrentCount** __NUM__::
 
     The maximum threshold of concurrent connection from a client IP address.
     Above this limit, a defense selected by DoSConnectionDefenseType is
-    applied. "0" means use the consensus parameter.
+    applied. "0" means use the consensus parameter. If not defined in the
+    consensus, the value is 100.
     (Default: 0)
 
 [[DoSConnectionDefenseType]] **DoSConnectionDefenseType** __NUM__::
@@ -2830,7 +2829,8 @@ Denial of Service mitigation subsystem.
       1: No defense.
       2: Immediately close new connections.
 +
-    "0" means use the consensus parameter.
+    "0" means use the consensus parameter. If not defined in the consensus,
+    the value is 2.
     (Default: 0)
 
 [[DoSRefuseSingleHopClientRendezvous]] **DoSRefuseSingleHopClientRendezvous** **0**|**1**|**auto**::
@@ -2838,7 +2838,7 @@ Denial of Service mitigation subsystem.
     Refuse establishment of rendezvous points for single hop clients. In other
     words, if a client directly connects to the relay and sends an
     ESTABLISH_RENDEZVOUS cell, it is silently dropped. "auto" means use the
-    consensus parameter.
+    consensus parameter. If not defined in the consensus, the value is 0.
     (Default: auto)
 
 TESTING NETWORK OPTIONS
@@ -2865,8 +2865,6 @@ The following options are used for running a testing Tor network.
           4 (for 40 seconds), 8, 16, 32, 60
        ClientBootstrapConsensusAuthorityOnlyDownloadSchedule 0, 1,
           4 (for 40 seconds), 8, 16, 32, 60
-       ClientBootstrapConsensusMaxDownloadTries 80
-       ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 80
        ClientDNSRejectInternalAddresses 0
        ClientRejectInternalAddresses 0
        CountPrivateBandwidth 1
@@ -2889,10 +2887,6 @@ The following options are used for running a testing Tor network.
        TestingBridgeBootstrapDownloadSchedule 0, 0, 5, 10, 15, 20, 30, 60
        TestingClientMaxIntervalWithoutRequest 5 seconds
        TestingDirConnectionMaxStall 30 seconds
-       TestingConsensusMaxDownloadTries 80
-       TestingDescriptorMaxDownloadTries 80
-       TestingMicrodescMaxDownloadTries 80
-       TestingCertMaxDownloadTries 80
        TestingEnableConnBwEvent 1
        TestingEnableCellStatsEvent 1
        TestingEnableTbEmptyEvent 1
@@ -2973,22 +2967,6 @@ The following options are used for running a testing Tor network.
     Changing this requires that **TestingTorNetwork** is set. (Default:
     5 minutes)
 
-[[TestingConsensusMaxDownloadTries]] **TestingConsensusMaxDownloadTries** __NUM__::
-    Try this many times to download a consensus before giving up. Changing
-    this requires that **TestingTorNetwork** is set. (Default: 8)
-
-[[TestingDescriptorMaxDownloadTries]] **TestingDescriptorMaxDownloadTries** __NUM__::
-    Try this often to download a server descriptor before giving up.
-    Changing this requires that **TestingTorNetwork** is set. (Default: 8)
-
-[[TestingMicrodescMaxDownloadTries]] **TestingMicrodescMaxDownloadTries** __NUM__::
-    Try this often to download a microdesc descriptor before giving up.
-    Changing this requires that **TestingTorNetwork** is set. (Default: 8)
-
-[[TestingCertMaxDownloadTries]] **TestingCertMaxDownloadTries** __NUM__::
-    Try this often to download a v3 authority certificate before giving up.
-    Changing this requires that **TestingTorNetwork** is set. (Default: 8)
-
 [[TestingDirAuthVoteExit]] **TestingDirAuthVoteExit** __node__,__node__,__...__::
     A list of identity fingerprints, country codes, and
     address patterns of nodes to vote Exit for regardless of their
@@ -3187,7 +3165,7 @@ __CacheDirectory__**/diff-cache**::
     Directory cache only. Holds older consensuses, and diffs from older
     consensuses to the most recent consensus of each type, compressed
     in various ways. Each file contains a set of key-value arguments
-    decribing its contents, followed by a single NUL byte, followed by the
+    describing its contents, followed by a single NUL byte, followed by the
     main file contents.
 
 __DataDirectory__**/bw_accounting**::