1 files changed, 57 insertions, 5 deletions

diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt
index 1589809b1a..78449e3f72 100644
--- a/doc/man/tor.1.txt
+++ b/doc/man/tor.1.txt
@@ -2385,6 +2385,16 @@ is non-zero):
     policy options are set, Tor behaves as if ExitRelay were set to 0.
     (Default: auto)
 
+[[ReevaluateExitPolicy]] **ReevaluateExitPolicy** **0**|**1**::
+    If set, reevaluate the exit policy on existing connections when reloading
+    configuration. +
+     +
+    When the exit policy of an exit node change while reloading configuration,
+    connections made prior to this change could violate the new policy. By
+    setting this to 1, Tor will check if such connections exist, and mark them
+    for termination.
+    (Default: 0)
+
 [[ExtendAllowPrivateAddresses]] **ExtendAllowPrivateAddresses** **0**|**1**::
     When this option is enabled, Tor will connect to relays on localhost,
     RFC1918 addresses, and so on. In particular, Tor will make direct OR
@@ -2795,17 +2805,16 @@ types of statistics that Tor relays collect and publish:
      +
     A relay is considered overloaded if at least one of these conditions is
     met:
-        - Onionskins are starting to be dropped.
+        - A certain ratio of ntor onionskins are dropped.
         - The OOM was invoked.
+        - TCP Port exhaustion.
 
-        - (Exit only) DNS timeout occurs X% of the time over Y seconds (values
-          controlled by consensus parameters, see param-spec.txt).
      +
     If ExtraInfoStatistics is enabled, it can also put two more specific
     overload lines in the extra-info document if at least one of these
     conditions is met:
-        - TCP Port exhaustion.
         - Connection rate limits have been reached (read and write side).
+        - File descriptors are exhausted.
 
 [[PaddingStatistics]] **PaddingStatistics** **0**|**1**::
     Relays and bridges only.
@@ -3027,6 +3036,44 @@ Denial of Service mitigation subsystem described above.
     consensus parameter. If not defined in the consensus, the value is 0.
     (Default: auto)
 
+The following options are useful only for a exit relay.
+
+[[DoSStreamCreationEnabled]] **DoSStreamCreationEnabled** **0**|**1**|**auto**::
+
+    Enable the stream DoS mitigation. If set to 1 (enabled), tor will apply
+    rate limit on the creation of new streams and dns requests per circuit.
+    "auto" means use the consensus parameter. If not defined in the consensus,
+    the value is 0. (Default: auto)
+
+[[DoSStreamCreationDefenseType]] **DoSStreamCreationDefenseType** __NUM__::
+
+    This is the type of defense applied to a detected circuit or stream for the
+    stream mitigation. The possible values are:
+     +
+      1: No defense.
+     +
+      2: Reject the stream or resolve request.
+     +
+      3: Close the circuit creating too many streams.
+     +
+    "0" means use the consensus parameter. If not defined in the consensus, the value is 2.
+    (Default: 0)
+
+[[DoSStreamCreationRate]] **DoSStreamCreationRate** __NUM__::
+
+    The allowed rate of stream creation from a single circuit per second. Coupled
+    with the burst (see below), if the limit is reached, actions can be taken
+    against the stream or circuit (DoSStreamCreationDefenseType). If not defined or
+    set to 0, it is controlled by a consensus parameter. If not defined in the
+    consensus, the value is 100. (Default: 0)
+
+[[DoSStreamCreationBurst]] **DoSStreamCreationBurst** __NUM__::
+
+    The allowed burst of stream creation from a circuit per second.
+    See the DoSStreamCreationRate for more details on this detection. If
+    not defined or set to 0, it is controlled by a consensus parameter. If not
+    defined in the consensus, the value is 300. (Default: 0)
+
 
 For onion services, mitigations are a work in progress and multiple options
 are currently available.
@@ -3371,6 +3418,11 @@ on the public Tor network.
     multiple times: the values from multiple lines are spliced together. When
     this is set then **VersioningAuthoritativeDirectory** should be set too.
 
+[[MinimalAcceptedServerVersion]] **MinimalAcceptedServerVersion** __STRING__::
+   STRING is the oldest Tor version accepted by the directory authority for
+   relays and bridge. Any older version will be rejected.
+   (Default: 0.4.7.0-alpha-dev)
+
 [[V3AuthDistDelay]] **V3AuthDistDelay** __N__ **seconds**|**minutes**|**hours**::
     V3 authoritative directories only. Configures the server's preferred  delay
     between publishing its consensus and signature and assuming  it has all the
@@ -4065,7 +4117,7 @@ __DataDirectory__/**`stats/hidserv-stats`**::
     of what fraction of the traffic is hidden service rendezvous traffic, and
     approximately how many hidden services the relay has seen.
 
-__DataDirectory__/**networkstatus-bridges`**::
+__DataDirectory__/**`networkstatus-bridges`**::
     Only used by authoritative bridge directories. Contains information
     about bridges that have self-reported themselves to the bridge
     authority.