Merge remote-tracking branch 'public/xxx023'

2024-11-28 06:13:31 +01:00 · 2012-06-15 16:10:59 -04:00 · 2012-06-15 16:10:59 -04:00 · bdfb399867
commit bdfb399867
parent 879b1e1010 cc21e56ed4
31 changed files with 137 additions and 109 deletions
--- a/changes/check_correct_flav_sigs
+++ b/changes/check_correct_flav_sigs
@ -0,0 +1,4 @@
  o Minor bugfixes:
    - When checking for requested signatures on the latest consensus before
      serving it to a client, make sure to check the right consensus flavor.
      Bugfix on 0.2.2.6-alpha.
--- a/changes/descriptor_limit
+++ b/changes/descriptor_limit
@ -0,0 +1,2 @@
  o Code simplification and refactoring:
    - Remove duplicate code for invoking getrlimit() from control.c.
--- a/changes/log_bad_md_entry
+++ b/changes/log_bad_md_entry
@ -0,0 +1,3 @@
  o Minor features (debugging):
    - Log a BUG message at INFO if we have a networkstatus with a missing
      entry for some microdescriptor.
--- a/changes/move_cached_gtod
+++ b/changes/move_cached_gtod
@ -0,0 +1,3 @@
  o Code simplification and refactoring:
    - Move tor_gettimeofday_cached() into compat_libevent.c, and use
      Libevent's notion of cached time when possible.
--- a/src/common/address.c
+++ b/src/common/address.c
@ -1363,7 +1363,7 @@ get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
 /* ======
 * IPv4 helpers
- * XXXX023 IPv6 deprecate some of these.
+ * XXXX024 IPv6 deprecate some of these.
 */
 /** Return true iff <b>ip</b> (in host order) is an IP reserved to localhost,
--- a/src/common/compat.c
+++ b/src/common/compat.c
@ -15,7 +15,7 @@
 /* This is required on rh7 to make strptime not complain.
 * We also need it to make memmem get defined (where available)
 */
-/* XXXX023 We should just use AC_USE_SYSTEM_EXTENSIONS in our autoconf,
+/* XXXX024 We should just  use AC_USE_SYSTEM_EXTENSIONS in our autoconf,
 * and get this (and other important stuff!) automatically. Once we do that,
 * make sure to also change the extern char **environ detection in
 * configure.in, because whether that is declared or not depends on whether
@ -1258,13 +1258,16 @@ tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
 * tell Tor it's allowed to use. */
 #define ULIMIT_BUFFER 32 /* keep 32 extra fd's beyond _ConnLimit */
-/** Learn the maximum allowed number of file descriptors. (Some systems
+/** Learn the maximum allowed number of file descriptors, and tell the system
- * have a low soft limit.
+ * we want to use up to that number. (Some systems have a low soft limit, and
 * let us set it higher.)
 *
 * We compute this by finding the largest number that we can use.
 * If we can't find a number greater than or equal to <b>limit</b>,
 * then we fail: return -1.
 *
 * If <b>limit</b> is 0, then do not adjust the current maximum.
 *
 * Otherwise, return 0 and store the maximum we found inside <b>max_out</b>.*/
 int
 set_max_file_descriptors(rlim_t limit, int *max_out)
@ -1297,14 +1300,20 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
  limit = MAX_CONNECTIONS;
 #else /* HAVE_GETRLIMIT */
  struct rlimit rlim;
  tor_assert(limit > 0);
  if (getrlimit(RLIMIT_NOFILE, &rlim) != 0) {
    log_warn(LD_NET, "Could not get maximum number of file descriptors: %s",
             strerror(errno));
    return -1;
  }
-
+  if (limit == 0) {
    /* If limit == 0, return the maximum value without setting it. */
    limit = rlim.rlim_max;
    if (limit > INT_MAX)
      limit = INT_MAX;
    *max_out = limit - ULIMIT_BUFFER;
    return 0;
  }
  if (rlim.rlim_max < limit) {
    log_warn(LD_CONFIG,"We need %lu file descriptors available, and we're "
             "limited to %lu. Please change your ulimit -n.",
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@ -689,3 +689,37 @@ tor_add_bufferevent_to_rate_limit_group(struct bufferevent *bev,
 }
 #endif
 #if defined(LIBEVENT_VERSION_NUMBER) && LIBEVENT_VERSION_NUMBER >= V(2,1,1)
 void
 tor_gettimeofday_cached(struct timeval *tv)
 {
  event_base_gettimeofday_cached(the_event_base, tv);
 }
 void
 tor_gettimeofday_cache_clear(void)
 {
  event_base_update_cache_time(the_event_base);
 }
 #else
 /** Cache the current hi-res time; the cache gets reset when libevent
 * calls us. */
 static struct timeval cached_time_hires = {0, 0};
 /** Return a fairly recent view of the current time. */
 void
 tor_gettimeofday_cached(struct timeval *tv)
 {
  if (cached_time_hires.tv_sec == 0) {
    tor_gettimeofday(&cached_time_hires);
  }
  *tv = cached_time_hires;
 }
 /** Reset the cached view of the current time, so that the next time we try
 * to learn it, we will get an up-to-date value. */
 void
 tor_gettimeofday_cache_clear(void)
 {
  cached_time_hires.tv_sec = 0;
 }
 #endif
--- a/src/common/compat_libevent.h
+++ b/src/common/compat_libevent.h
@ -88,5 +88,8 @@ int tor_add_bufferevent_to_rate_limit_group(struct bufferevent *bev,
                                   struct bufferevent_rate_limit_group *g);
 #endif
 void tor_gettimeofday_cached(struct timeval *tv);
 void tor_gettimeofday_cache_clear(void);
 #endif
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@ -677,12 +677,12 @@ read_to_chunk_tls(buf_t *buf, chunk_t *chunk, tor_tls_t *tls,
 * (because of EOF), set *<b>reached_eof</b> to 1 and return 0. Return -1 on
 * error; else return the number of bytes read.
 */
-/* XXXX023 indicate "read blocked" somehow? */
+/* XXXX024 indicate "read blocked" somehow? */
 int
 read_to_buf(tor_socket_t s, size_t at_most, buf_t *buf, int *reached_eof,
            int *socket_error)
 {
-  /* XXXX023 It's stupid to overload the return values for these functions:
+  /* XXXX024 It's stupid to overload the return values for these functions:
   * "error status" and "number of bytes read" are not mutually exclusive.
   */
  int r = 0;
@ -855,7 +855,7 @@ flush_chunk_tls(tor_tls_t *tls, buf_t *buf, chunk_t *chunk,
 int
 flush_buf(tor_socket_t s, buf_t *buf, size_t sz, size_t *buf_flushlen)
 {
-  /* XXXX023 It's stupid to overload the return values for these functions:
+  /* XXXX024 It's stupid to overload the return values for these functions:
   * "error status" and "number of bytes flushed" are not mutually exclusive.
   */
  int r;
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@ -44,12 +44,12 @@
 /********* START VARIABLES **********/
 /** Global list of circuit build times */
-// XXXX023: Add this as a member for entry_guard_t instead of global?
+// XXXX: Add this as a member for entry_guard_t instead of global?
 // Then we could do per-guard statistics, as guards are likely to
 // vary in their own latency. The downside of this is that guards
 // can change frequently, so we'd be building a lot more circuits
 // most likely.
-/* XXXX023 Make this static; add accessor functions. */
+/* XXXX024 Make this static; add accessor functions. */
 circuit_build_times_t circ_times;
 /** A global list of all circuits at this hop. */
@ -4238,7 +4238,7 @@ entry_guards_compute_status(const or_options_t *options, time_t now)
 * If <b>mark_relay_status</b>, also call router_set_status() on this
 * relay.
 *
- * XXX023 change succeeded and mark_relay_status into 'int flags'.
+ * XXX024 change succeeded and mark_relay_status into 'int flags'.
 */
 int
 entry_guard_register_connect_status(const char *digest, int succeeded,
@ -4763,7 +4763,7 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
    }
    entry_guards = new_entry_guards;
    entry_guards_dirty = 0;
-    /* XXX023 hand new_entry_guards to this func, and move it up a
+    /* XXX024 hand new_entry_guards to this func, and move it up a
     * few lines, so we don't have to re-dirty it */
    if (remove_obsolete_entry_guards(now))
      entry_guards_dirty = 1;
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@ -1180,7 +1180,7 @@ circuit_mark_all_unused_circs(void)
 * This is useful for letting the user change pseudonyms, so new
 * streams will not be linkable to old streams.
 */
-/* XXX023 this is a bad name for what this function does */
+/* XXX024 this is a bad name for what this function does */
 void
 circuit_expire_all_dirty_circs(void)
 {
@ -1191,7 +1191,7 @@ circuit_expire_all_dirty_circs(void)
    if (CIRCUIT_IS_ORIGIN(circ) &&
        !circ->marked_for_close &&
        circ->timestamp_dirty)
-      /* XXXX023 This is a screwed-up way to say "This is too dirty
+      /* XXXX024 This is a screwed-up way to say "This is too dirty
       * for new circuits. */
      circ->timestamp_dirty -= options->MaxCircuitDirtiness;
  }
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@ -1475,7 +1475,7 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
        return -1;
      }
    } else {
-      /* XXXX023 Duplicates checks in connection_ap_handshake_attach_circuit:
+      /* XXXX024 Duplicates checks in connection_ap_handshake_attach_circuit:
       * refactor into a single function? */
      const node_t *node = node_get_by_nickname(conn->chosen_exit_name, 1);
      int opt = conn->chosen_exit_optional;
@ -1916,7 +1916,7 @@ connection_ap_handshake_attach_circuit(entry_connection_t *conn)
    /* find the circuit that we should use, if there is one. */
    retval = circuit_get_open_circ_or_launch(
        conn, CIRCUIT_PURPOSE_C_GENERAL, &circ);
-    if (retval < 1) // XXX022 if we totally fail, this still returns 0 -RD
+    if (retval < 1) // XXX023 if we totally fail, this still returns 0 -RD
      return retval;
    log_debug(LD_APP|LD_CIRC,
--- a/src/or/config.c
+++ b/src/or/config.c
@ -1692,7 +1692,7 @@ options_act(const or_options_t *old_options)
       || !geoip_is_loaded())) {
    /* XXXX Don't use this "<default>" junk; make our filename options
     * understand prefixes somehow. -NM */
-    /* XXXX023 Reload GeoIPFile on SIGHUP. -NM */
+    /* XXXX024 Reload GeoIPFile on SIGHUP. -NM */
    char *actual_fname = tor_strdup(options->GeoIPFile);
 #ifdef _WIN32
    if (!strcmp(actual_fname, "<default>")) {
@ -4103,7 +4103,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
             "ignore you.");
  }
-  /*XXXX023 checking for defaults manually like this is a bit fragile.*/
+  /*XXXX checking for defaults manually like this is a bit fragile.*/
  /* Keep changes to hard-coded values synchronous to man page and default
   * values table. */
--- a/src/or/connection.c
+++ b/src/or/connection.c
@ -1048,7 +1048,12 @@ connection_listener_new(const struct sockaddr *listensockaddr,
    if (port_cfg->session_group >= 0) {
      lis_conn->session_group = port_cfg->session_group;
    } else {
-      /* XXXX023 This can wrap after ~INT_MAX ports are opened. */
+      /* This can wrap afuter ~INT_MAX listeners are opened.  But I don't
       * believe that matters, since you would need to open a ridiculous
       * number of listeners while keeping the early ones open before you ever
       * hit this.  An OR with a dozen ports open, for example, would have to
       * close and re-open its listers every second for 4 years nonstop.
       */
      lis_conn->session_group = global_next_session_group--;
    }
  }
@ -2280,7 +2285,7 @@ static void
 record_num_bytes_transferred(connection_t *conn,
                             time_t now, size_t num_read, size_t num_written)
 {
-  /* XXX023 check if this is necessary */
+  /* XXX024 check if this is necessary */
  if (num_written >= INT_MAX || num_read >= INT_MAX) {
    log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
             "connection type=%s, state=%s",
@ -2925,7 +2930,7 @@ evbuffer_inbuf_callback(struct evbuffer *buf,
    connection_consider_empty_read_buckets(conn);
    if (conn->type == CONN_TYPE_AP) {
      edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
-      /*XXXX022 check for overflow*/
+      /*XXXX024 check for overflow*/
      edge_conn->n_read += (int)info->n_added;
    }
  }
@ -2946,7 +2951,7 @@ evbuffer_outbuf_callback(struct evbuffer *buf,
    connection_consider_empty_write_buckets(conn);
    if (conn->type == CONN_TYPE_AP) {
      edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
-      /*XXXX022 check for overflow*/
+      /*XXXX024 check for overflow*/
      edge_conn->n_written += (int)info->n_deleted;
    }
  }
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@ -76,7 +76,7 @@ _connection_mark_unattached_ap(entry_connection_t *conn, int endreason,
   * being attached to a circuit, assume that an attempt to connect to
   * the destination hidden service has just ended.
   *
-   * XXX023 This condition doesn't limit to only streams failing
+   * XXXX This condition doesn't limit to only streams failing
   * without ever being attached.  That sloppiness should be harmless,
   * but we should fix it someday anyway. */
  if ((edge_conn->on_circuit != NULL || edge_conn->edge_has_sent_end) &&
@ -622,7 +622,7 @@ connection_ap_expire_beginning(void)
    /* kludge to make us not try this circuit again, yet to allow
     * current streams on it to survive if they can: make it
     * unattractive to use for new streams */
-    /* XXXX023 this is a kludgy way to do this. */
+    /* XXXX024 this is a kludgy way to do this. */
    tor_assert(circ->timestamp_dirty);
    circ->timestamp_dirty -= options->MaxCircuitDirtiness;
    /* give our stream another 'cutoff' seconds to try */
@ -664,7 +664,7 @@ connection_ap_attach_pending(void)
 /** Tell any AP streams that are waiting for a one-hop tunnel to
 * <b>failed_digest</b> that they are going to fail. */
-/* XXX023 We should get rid of this function, and instead attach
+/* XXX024 We should get rid of this function, and instead attach
 * one-hop streams to circ->p_streams so they get marked in
 * circuit_mark_for_close like normal p_streams. */
 void
@ -1991,7 +1991,7 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
      connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
      return -1;
    }
-    /* XXXX022-1090 Should we also allow foo.bar.exit if ExitNodes is set and
+    /* XXXX024-1090 Should we also allow foo.bar.exit if ExitNodes is set and
       Bar is not listed in it?  I say yes, but our revised manpage branch
       implies no. */
  }
@ -2572,12 +2572,12 @@ connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
  edge_conn->stream_id = get_unique_stream_id_by_circ(circ);
  if (edge_conn->stream_id==0) {
-    /* XXXX023 Instead of closing this stream, we should make it get
+    /* XXXX024 Instead of closing this stream, we should make it get
     * retried on another circuit. */
    connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
    /* Mark this circuit "unusable for new streams". */
-    /* XXXX023 this is a kludgy way to do this. */
+    /* XXXX024 this is a kludgy way to do this. */
    tor_assert(circ->_base.timestamp_dirty);
    circ->_base.timestamp_dirty -= get_options()->MaxCircuitDirtiness;
    return -1;
@ -2657,12 +2657,12 @@ connection_ap_handshake_send_resolve(entry_connection_t *ap_conn)
  edge_conn->stream_id = get_unique_stream_id_by_circ(circ);
  if (edge_conn->stream_id==0) {
-    /* XXXX023 Instead of closing this stream, we should make it get
+    /* XXXX024 Instead of closing this stream, we should make it get
     * retried on another circuit. */
    connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
    /* Mark this circuit "unusable for new streams". */
-    /* XXXX023 this is a kludgy way to do this. */
+    /* XXXX024 this is a kludgy way to do this. */
    tor_assert(circ->_base.timestamp_dirty);
    circ->_base.timestamp_dirty -= get_options()->MaxCircuitDirtiness;
    return -1;
@ -2834,7 +2834,7 @@ tell_controller_about_resolved_result(entry_connection_t *conn,
 * certain errors or for values that didn't come via DNS.  <b>expires</b> is
 * a time when the answer expires, or -1 or TIME_MAX if there's a good TTL.
 **/
-/* XXXX023 the use of the ttl and expires fields is nutty.  Let's make this
+/* XXXX the use of the ttl and expires fields is nutty.  Let's make this
 * interface and those that use it less ugly. */
 void
 connection_ap_handshake_socks_resolved(entry_connection_t *conn,
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@ -401,7 +401,7 @@ connection_or_process_inbuf(or_connection_t *conn)
   * check would otherwise just let data accumulate.  It serves no purpose
   * in 0.2.3.
   *
-   * XXX023 Remove this check once we verify that the above paragraph is
+   * XXX024 Remove this check once we verify that the above paragraph is
   * 100% true. */
  if (buf_datalen(conn->_base.inbuf) > MAX_OR_INBUF_WHEN_NONOPEN) {
    log_fn(LOG_PROTOCOL_WARN, LD_NET, "Accumulated too much data (%d bytes) "
--- a/src/or/control.c
+++ b/src/or/control.c
@ -1466,26 +1466,9 @@ getinfo_helper_misc(control_connection_t *conn, const char *question,
      }
    #endif
  } else if (!strcmp(question, "process/descriptor-limit")) {
-    /** platform specifc limits are from the set_max_file_descriptors function
+    int max_fds=-1;
-      * of src/common/compat.c */
+    set_max_file_descriptors(0, &max_fds);
-    /* XXXX023 This is duplicated code from compat.c; it should turn into a
+    tor_asprintf(answer, "%d", max_fds);
     * function.  */
    #ifdef HAVE_GETRLIMIT
      struct rlimit descriptorLimit;
      if (getrlimit(RLIMIT_NOFILE, &descriptorLimit) == 0) {
        tor_asprintf(answer, U64_FORMAT,
                     U64_PRINTF_ARG(descriptorLimit.rlim_max));
      } else {
        *answer = tor_strdup("-1");
      }
    #elif defined(CYGWIN) || defined(__CYGWIN__)
      *answer = tor_strdup("3200");
    #elif defined(_WIN32)
      *answer = tor_strdup("15000");
    #else
      *answer = tor_strdup("15000");
    #endif
  } else if (!strcmp(question, "dir-usage")) {
    *answer = directory_dump_request_log();
  } else if (!strcmp(question, "fingerprint")) {
--- a/src/or/directory.c
+++ b/src/or/directory.c
@ -2775,10 +2775,11 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
      else
        request_type = "/tor/status/?";
    } else {
-      networkstatus_t *v = networkstatus_get_latest_consensus();
+      networkstatus_t *v;
      time_t now = time(NULL);
      const char *want_fps = NULL;
      char *flavor = NULL;
      int flav = FLAV_NS;
      #define CONSENSUS_URL_PREFIX "/tor/status-vote/current/consensus/"
      #define CONSENSUS_FLAVORED_PREFIX "/tor/status-vote/current/consensus-"
      /* figure out the flavor if any, and who we wanted to sign the thing */
@ -2792,12 +2793,16 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
        } else {
          flavor = tor_strdup(f);
        }
        flav = networkstatus_parse_flavor_name(flavor);
        if (flav < 0)
          flav = FLAV_NS;
      } else {
        if (!strcmpstart(url, CONSENSUS_URL_PREFIX))
          want_fps = url+strlen(CONSENSUS_URL_PREFIX);
      }
-      /* XXXX023 MICRODESC NM NM should check document of correct flavor */
+      v = networkstatus_get_latest_consensus_by_flavor(flav);
      if (v && want_fps &&
          !client_likes_consensus(v, want_fps)) {
        write_http_status_line(conn, 404, "Consensus not signed by sufficient "
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@ -975,7 +975,7 @@ running_long_enough_to_decide_unreachable(void)
 void
 dirserv_set_router_is_running(routerinfo_t *router, time_t now)
 {
-  /*XXXX023 This function is a mess.  Separate out the part that calculates
+  /*XXXX024 This function is a mess.  Separate out the part that calculates
    whether it's reachable and the part that tells rephist that the router was
    unreachable.
   */
@ -1793,7 +1793,7 @@ dirserv_thinks_router_is_unreliable(time_t now,
 {
  if (need_uptime) {
    if (!enough_mtbf_info) {
-      /* XXX023 Once most authorities are on v3, we should change the rule from
+      /* XXX024 Once most authorities are on v3, we should change the rule from
       * "use uptime if we don't have mtbf data" to "don't advertise Stable on
       * v3 if we don't have enough mtbf data."  Or maybe not, since if we ever
       * hit a point where we need to reset a lot of authorities at once,
@ -2321,7 +2321,7 @@ is_router_version_good_for_possible_guard(const char *platform)
  tor_version_t router_version;
-  /* XXX023 This block should be extracted into its own function. */
+  /* XXX024 This block should be extracted into its own function. */
  /* XXXX Begin code copied from tor_version_as_new_as (in routerparse.c) */
  {
    char *s, *s2, *start;
@ -3402,7 +3402,7 @@ lookup_cached_dir_by_fp(const char *fp)
    d = strmap_get(cached_consensuses, "ns");
  else if (memchr(fp, '\0', DIGEST_LEN) && cached_consensuses &&
           (d = strmap_get(cached_consensuses, fp))) {
-    /* this here interface is a nasty hack XXXX023 */;
+    /* this here interface is a nasty hack XXXX024 */;
  } else if (router_digest_is_me(fp) && the_v2_networkstatus)
    d = the_v2_networkstatus;
  else if (cached_v2_networkstatus)
@ -3613,7 +3613,7 @@ connection_dirserv_add_servers_to_outbuf(dir_connection_t *conn)
    }
    body = signed_descriptor_get_body(sd);
    if (conn->zlib_state) {
-      /* XXXX022 This 'last' business should actually happen on the last
+      /* XXXX024 This 'last' business should actually happen on the last
       * routerinfo, not on the last fingerprint. */
      int last = ! smartlist_len(conn->fingerprint_stack);
      connection_write_to_buf_zlib(body, sd->signed_descriptor_len, conn,
@ -3656,7 +3656,7 @@ connection_dirserv_add_microdescs_to_outbuf(dir_connection_t *conn)
    if (!md)
      continue;
    if (conn->zlib_state) {
-      /* XXXX022 This 'last' business should actually happen on the last
+      /* XXXX024 This 'last' business should actually happen on the last
       * routerinfo, not on the last fingerprint. */
      int last = !smartlist_len(conn->fingerprint_stack);
      connection_write_to_buf_zlib(md->body, md->bodylen, conn, last);
--- a/src/or/dnsserv.c
+++ b/src/or/dnsserv.c
@ -19,7 +19,7 @@
 #ifdef HAVE_EVENT2_DNS_H
 #include <event2/dns.h>
 #include <event2/dns_compat.h>
-/* XXXX023 this implies we want an improved evdns  */
+/* XXXX this implies we want an improved evdns  */
 #include <event2/dns_struct.h>
 #else
 #include "eventdns.h"
--- a/src/or/main.c
+++ b/src/or/main.c
@ -1435,11 +1435,8 @@ run_scheduled_events(time_t now)
   *    We do this before step 4, so it can try building more if
   *    it's not comfortable with the number of available circuits.
   */
-  /* XXXX022 If our circuit build timeout is much lower than a second, maybe
+  /* (If our circuit build timeout can ever become lower than a second (which
-   * we should do this more often? -NM
+   * it can't, currently), we should do this more often.) */
   * It can't be lower than 1.5 seconds currently; see
   * circuit_build_times_min_timeout(). -RD
   */
  circuit_expire_building();
  /** 3b. Also look at pending streams and prune the ones that 'began'
--- a/src/or/microdesc.c
+++ b/src/or/microdesc.c
@ -477,7 +477,7 @@ microdesc_cache_rebuild(microdesc_cache_t *cache, int force)
    md->body = (char*)cache->cache_content->data + md->off;
    if (PREDICT_UNLIKELY(
             md->bodylen < 9 || fast_memneq(md->body, "onion-key", 9) != 0)) {
-      /* XXXX023 once bug 2022 is solved, we can kill this block and turn it
+      /* XXXX once bug 2022 is solved, we can kill this block and turn it
       * into just the tor_assert(!memcmp) */
      off_t avail = cache->cache_content->size - md->off;
      char *bad_str;
@ -643,8 +643,13 @@ microdesc_list_missing_digest256(networkstatus_t *ns, microdesc_cache_t *cache,
      continue;
    if (skip && digestmap_get(skip, rs->descriptor_digest))
      continue;
-    if (tor_mem_is_zero(rs->descriptor_digest, DIGEST256_LEN))
+    if (tor_mem_is_zero(rs->descriptor_digest, DIGEST256_LEN)) {
-      continue; /* This indicates a bug somewhere XXXX023*/
+      log_info(LD_BUG, "Found an entry in networktatus with no microdescriptor "
               "digest. (Router %s=%s at %s:%d.)", rs->nickname,
               hex_str(rs->identity_digest, DIGEST_LEN),
               fmt_addr32(rs->addr), rs->or_port);
      continue;
    }
    /* XXXX Also skip if we're a noncache and wouldn't use this router.
     * XXXX NM Microdesc
     */
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@ -1836,7 +1836,7 @@ networkstatus_set_current_consensus(const char *consensus,
    routerstatus_list_update_named_server_map();
    cell_ewma_set_scale_factor(options, current_consensus);
-    /* XXXX023 this call might be unnecessary here: can changing the
+    /* XXXX024 this call might be unnecessary here: can changing the
     * current consensus really alter our view of any OR's rate limits? */
    connection_or_update_token_buckets(get_connection_array(), options);
--- a/src/or/relay.c
+++ b/src/or/relay.c
@ -52,11 +52,6 @@ static int circuit_consider_stop_edge_reading(circuit_t *circ,
                                              crypt_path_t *layer_hint);
 static int circuit_queue_streams_are_blocked(circuit_t *circ);
 /* XXXX023 move this all to compat_libevent */
 /** Cache the current hi-res time; the cache gets reset when libevent
 * calls us. */
 static struct timeval cached_time_hires = {0, 0};
 /** Stop reading on edge connections when we have this many cells
 * waiting on the appropriate queue. */
 #define CELL_QUEUE_HIGHWATER_SIZE 256
@ -64,24 +59,6 @@ static struct timeval cached_time_hires = {0, 0};
 * cells. */
 #define CELL_QUEUE_LOWWATER_SIZE 64
 /** Return a fairly recent view of the current time. */
 static void
 tor_gettimeofday_cached(struct timeval *tv)
 {
  if (cached_time_hires.tv_sec == 0) {
    tor_gettimeofday(&cached_time_hires);
  }
  *tv = cached_time_hires;
 }
 /** Reset the cached view of the current time, so that the next time we try
 * to learn it, we will get an up-to-date value. */
 void
 tor_gettimeofday_cache_clear(void)
 {
  cached_time_hires.tv_sec = 0;
 }
 /** Stats: how many relay cells have originated at this hop, or have
 * been relayed onward (not recognized at this hop)?
 */
@ -799,7 +776,7 @@ connection_ap_process_end_not_open(
          /* We haven't retried too many times; reattach the connection. */
          circuit_log_path(LOG_INFO,LD_APP,circ);
          /* Mark this circuit "unusable for new streams". */
-          /* XXXX023 this is a kludgy way to do this. */
+          /* XXXX024 this is a kludgy way to do this. */
          tor_assert(circ->_base.timestamp_dirty);
          circ->_base.timestamp_dirty -= get_options()->MaxCircuitDirtiness;
@ -1462,7 +1439,7 @@ connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial,
  stats_n_data_cells_packaged += 1;
  if (PREDICT_UNLIKELY(sending_from_optimistic)) {
-    /* XXX023 We could be more efficient here by sometimes packing
+    /* XXXX We could be more efficient here by sometimes packing
     * previously-sent optimistic data in the same cell with data
     * from the inbuf. */
    generic_buffer_get(entry_conn->sending_optimistic_data, payload, length);
--- a/src/or/relay.h
+++ b/src/or/relay.h
@ -64,8 +64,6 @@ void cell_ewma_set_scale_factor(const or_options_t *options,
                                const networkstatus_t *consensus);
 void circuit_clear_cell_queue(circuit_t *circ, or_connection_t *orconn);
 void tor_gettimeofday_cache_clear(void);
 #ifdef RELAY_PRIVATE
 int relay_crypt(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction,
                crypt_path_t **layer_hint, char *recognized);
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@ -830,7 +830,7 @@ rend_client_rendezvous_acked(origin_circuit_t *circ, const uint8_t *request,
  /* Set timestamp_dirty, because circuit_expire_building expects it
   * to specify when a circuit entered the _C_REND_READY state. */
  circ->_base.timestamp_dirty = time(NULL);
-  /* XXXX023 This is a pretty brute-force approach. It'd be better to
+  /* XXXX This is a pretty brute-force approach. It'd be better to
   * attach only the connections that are waiting on this circuit, rather
   * than trying to attach them all. See comments bug 743. */
  /* If we already have the introduction circuit built, make sure we send
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@ -1033,7 +1033,7 @@ rend_service_note_removing_intro_point(rend_service_t *service,
 /** Respond to an INTRODUCE2 cell by launching a circuit to the chosen
 * rendezvous point.
 */
- /* XXX022 this function sure could use some organizing. -RD */
+ /* XXXX024 this function sure could use some organizing. -RD */
 int
 rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
                       size_t request_len)
@ -2255,7 +2255,7 @@ rend_services_introduce(void)
         *
         * Unfortunately, we can't find out when the new descriptor
         * has actually been uploaded, so we'll have to settle for a
-         * five-minute timer.  Start it.  XXX023 This sucks. */
+         * five-minute timer.  Start it.  XXXX024 This sucks. */
        intro->time_expiring = now;
        intro_point_set_changed = 1;
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@ -588,7 +588,7 @@ rep_hist_get_weighted_time_known(const char *id, time_t when)
 int
 rep_hist_have_measured_enough_stability(void)
 {
-  /* XXXX022 This doesn't do so well when we change our opinion
+  /* XXXX023 This doesn't do so well when we change our opinion
   * as to whether we're tracking router stability. */
  return started_tracking_stability < time(NULL) - 4*60*60;
 }
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@ -1831,7 +1831,7 @@ smartlist_choose_node_by_bandwidth_weights(smartlist_t *sl,
      sl_last_weighted_bw_of_me = weight*this_bw;
  } SMARTLIST_FOREACH_END(node);
-  /* XXXX023 this is a kludge to expose these values. */
+  /* XXXX this is a kludge to expose these values. */
  sl_last_total_weighted_bw = weighted_bw;
  log_debug(LD_CIRC, "Choosing node for rule %s based on weights "
@ -1960,7 +1960,7 @@ smartlist_choose_node_by_bandwidth(smartlist_t *sl,
      if (node->rs->has_bandwidth) {
        this_bw = kb_to_bytes(node->rs->bandwidth);
      } else { /* guess */
-        /* XXX023 once consensuses always list bandwidths, we can take
+        /* XXX024 once consensuses always list bandwidths, we can take
         * this guessing business out. -RD */
        is_known = 0;
        flags = node->rs->is_fast ? 1 : 0;
@ -2079,7 +2079,7 @@ smartlist_choose_node_by_bandwidth(smartlist_t *sl,
    }
  }
-  /* XXXX023 this is a kludge to expose these values. */
+  /* XXXX this is a kludge to expose these values. */
  sl_last_total_weighted_bw = total_bw;
  log_debug(LD_CIRC, "Total weighted bw = "U64_FORMAT
@ -4753,7 +4753,7 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote,
 /** How often should we launch a server/authority request to be sure of getting
 * a guess for our IP? */
-/*XXXX023 this info should come from netinfo cells or something, or we should
+/*XXXX024 this info should come from netinfo cells or something, or we should
 * do this only when we aren't seeing incoming data. see bug 652. */
 #define DUMMY_DOWNLOAD_INTERVAL (20*60)
@ -4764,7 +4764,7 @@ launch_dummy_descriptor_download_as_needed(time_t now,
                                           const or_options_t *options)
 {
  static time_t last_dummy_download = 0;
-  /* XXXX023 we could be smarter here; see notes on bug 652. */
+  /* XXXX024 we could be smarter here; see notes on bug 652. */
  /* If we're a server that doesn't have a configured address, we rely on
   * directory fetches to learn when our address changes.  So if we haven't
   * tried to get any routerdescs in a long time, try a dummy fetch now. */
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@ -1836,7 +1836,7 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string)
    struct in_addr in;
    char *address = NULL;
    tor_assert(tok->n_args);
-    /* XXX023 use some tor_addr parse function below instead. -RD */
+    /* XXX024 use some tor_addr parse function below instead. -RD */
    if (tor_addr_port_split(LOG_WARN, tok->args[0], &address,
                            &cert->dir_port) < 0 ||
        tor_inet_aton(address, &in) == 0) {
--- a/src/or/transports.c
+++ b/src/or/transports.c
@ -1002,7 +1002,7 @@ create_managed_proxy_environment(const managed_proxy_t *mp)
      tor_free(bindaddr_tmp);
    }
-    /* XXX023 Remove the '=' here once versions of obfsproxy which
+    /* XXX024 Remove the '=' here once versions of obfsproxy which
     * assert that this env var exists are sufficiently dead.
     *
     * (If we remove this line entirely, some joker will stick this
		`@ -0,0 +1,2 @@`
							`o Code simplification and refactoring:`
							`- Remove duplicate code for invoking getrlimit() from control.c.`