Add connection rate limiting.

[tinc] / doc / tinc.texi

diff --git a/doc/tinc.texi b/doc/tinc.texi
index 08021f9..a39e9ae 100644 (file)
--- a/doc/tinc.texi
+++ b/doc/tinc.texi
@@ -1101,6 +1101,13 @@ impossible to crack a single key.
 This option controls the amount of time MAC addresses are kept before they are removed.
 This only has effect when Mode is set to "switch".
 
 This option controls the amount of time MAC addresses are kept before they are removed.
 This only has effect when Mode is set to "switch".
 

+@cindex MaxConnectionBurst
+@item MaxConnectionBurst = <@var{count}> (100)
+This option controls how many connections tinc accepts in quick succession.
+If there are more connections than the given number in a short time interval,
+tinc will reduce the number of accepted connections to only one per second,
+until the burst has passed.
+

 @cindex Name
 @item Name = <@var{name}> [required]
 This is a symbolic name for this connection.
 @cindex Name
 @item Name = <@var{name}> [required]
 This is a symbolic name for this connection.


@@ -1182,7 +1189,6 @@ reordering. Setting this to zero will disable replay tracking completely and
 pass all traffic, but leaves tinc vulnerable to replay-based attacks on your
 traffic.
 
 pass all traffic, but leaves tinc vulnerable to replay-based attacks on your
 traffic.
 

-

 @cindex StrictSubnets
 @item StrictSubnets <yes|no> (no) [experimental]
 When this option is enabled tinc will only use Subnet statements which are
 @cindex StrictSubnets
 @item StrictSubnets <yes|no> (no) [experimental]
 When this option is enabled tinc will only use Subnet statements which are