[tor/release-0.3.2] man: Document default values if not in the consensus for DoS mitigation - tor-commits

16 Feb 2018

commit 9cf8d669fa416c151f60cb795555b6ef2ab53ecf
Author: David Goulet dgoulet@torproject.org
Date:   Tue Feb 13 10:53:47 2018 -0500
man: Document default values if not in the consensus for DoS mitigation
Fixes #25236
Signed-off-by: David Goulet dgoulet@torproject.org
---
 doc/tor.1.txt | 35 +++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 58997cdf3..a7ee7d11c 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2454,7 +2454,7 @@ Denial of Service mitigation subsystem.
     address is positively identified, tor will activate defenses against the
     address. See the DoSCircuitCreationDefenseType option for more details.
     This is a client to relay detection only. "auto" means use the consensus
-    parameter.
+    parameter. If not defined in the consensus, the value is 0.
     (Default: auto)
[[DoSCircuitCreationMinConnections]] **DoSCircuitCreationMinConnections** __NUM__::
@@ -2463,19 +2463,22 @@ Denial of Service mitigation subsystem.
     flagged as executing a circuit creation DoS. In other words, once a client
     address reaches the circuit rate and has a minimum of NUM concurrent
     connections, a detection is positive. "0" means use the consensus
-    parameter.
+    parameter. If not defined in the consensus, the value is 3.
     (Default: 0)
[[DoSCircuitCreationRate]] **DoSCircuitCreationRate** __NUM__::
The allowed circuit creation rate per second applied per client IP
-    address. If this option is 0, it obeys a consensus parameter. (Default: 0)
+    address. If this option is 0, it obeys a consensus parameter. If not
+    defined in the consensus, the value is 3.
+    (Default: 0)
[[DoSCircuitCreationBurst]] **DoSCircuitCreationBurst** __NUM__::
The allowed circuit creation burst per client IP address. If the circuit
     rate and the burst are reached, a client is marked as executing a circuit
-    creation DoS. "0" means use the consensus parameter.
+    creation DoS. "0" means use the consensus parameter. If not defined in the
+    consensus, the value is 90.
     (Default: 0)
[[DoSCircuitCreationDefenseType]] **DoSCircuitCreationDefenseType** __NUM__::
@@ -2486,28 +2489,31 @@ Denial of Service mitigation subsystem.
       1: No defense.
       2: Refuse circuit creation for the DoSCircuitCreationDefenseTimePeriod period of time.
 +
-    "0" means use the consensus parameter.
+    "0" means use the consensus parameter. If not defined in the consensus,
+    the value is 2.
     (Default: 0)
-[[DoSCircuitCreationDefenseTimePeriod]] **DoSCircuitCreationDefenseTimePeriod** __NUM__::
+[[DoSCircuitCreationDefenseTimePeriod]] **DoSCircuitCreationDefenseTimePeriod** __N__ **seconds**|**minutes**|**hours**::
-    The base time period that the DoS defense is activated for. The actual
-    value is selected randomly for each activation from NUM+1 to 3/2 * NUM.
-    "0" means use the consensus parameter.
-    (Default: 0)
+    The base time period in seconds that the DoS defense is activated for. The
+    actual value is selected randomly for each activation from N+1 to 3/2 * N.
+    "0" means use the consensus parameter. If not defined in the consensus,
+    the value is 3600 seconds (1 hour).  (Default: 0)
[[DoSConnectionEnabled]] **DoSConnectionEnabled** **0**|**1**|**auto**::
Enable the connection DoS mitigation. For client address only, this allows
     tor to mitigate against large number of concurrent connections made by a
-    single IP address. "auto" means use the consensus parameter.
+    single IP address. "auto" means use the consensus parameter. If not
+    defined in the consensus, the value is 0.
     (Default: auto)
[[DoSConnectionMaxConcurrentCount]] **DoSConnectionMaxConcurrentCount** __NUM__::
The maximum threshold of concurrent connection from a client IP address.
     Above this limit, a defense selected by DoSConnectionDefenseType is
-    applied. "0" means use the consensus parameter.
+    applied. "0" means use the consensus parameter. If not defined in the
+    consensus, the value is 100.
     (Default: 0)
[[DoSConnectionDefenseType]] **DoSConnectionDefenseType** __NUM__::
@@ -2518,7 +2524,8 @@ Denial of Service mitigation subsystem.
       1: No defense.
       2: Immediately close new connections.
 +
-    "0" means use the consensus parameter.
+    "0" means use the consensus parameter. If not defined in the consensus,
+    the value is 2.
     (Default: 0)
[[DoSRefuseSingleHopClientRendezvous]] **DoSRefuseSingleHopClientRendezvous** **0**|**1**|**auto**::
@@ -2526,7 +2533,7 @@ Denial of Service mitigation subsystem.
     Refuse establishment of rendezvous points for single hop clients. In other
     words, if a client directly connects to the relay and sends an
     ESTABLISH_RENDEZVOUS cell, it is silently dropped. "auto" means use the
-    consensus parameter.
+    consensus parameter. If not defined in the consensus, the value is 0.
     (Default: auto)
TESTING NETWORK OPTIONS

    