Merge remote-tracking branch 'public/xxx023'

changes/check_correct_flav_sigs

@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - When checking for requested signatures on the latest consensus before
+      serving it to a client, make sure to check the right consensus flavor.
+      Bugfix on 0.2.2.6-alpha.

changes/descriptor_limit

@@ -0,0 +1,2 @@
+  o Code simplification and refactoring:
+    - Remove duplicate code for invoking getrlimit() from control.c.

changes/log_bad_md_entry

@@ -0,0 +1,3 @@
+  o Minor features (debugging):
+    - Log a BUG message at INFO if we have a networkstatus with a missing
+      entry for some microdescriptor.

changes/move_cached_gtod

@@ -0,0 +1,3 @@
+  o Code simplification and refactoring:
+    - Move tor_gettimeofday_cached() into compat_libevent.c, and use
+      Libevent's notion of cached time when possible.

src/common/address.c

@@ -1363,7 +1363,7 @@ get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
 
 /* ======
  * IPv4 helpers
- * XXXX023 IPv6 deprecate some of these.
+ * XXXX024 IPv6 deprecate some of these.
  */
 
 /** Return true iff <b>ip</b> (in host order) is an IP reserved to localhost,

src/common/compat.c

@@ -15,7 +15,7 @@
 /* This is required on rh7 to make strptime not complain.
  * We also need it to make memmem get defined (where available)
  */
-/* XXXX023 We should just use AC_USE_SYSTEM_EXTENSIONS in our autoconf,
+/* XXXX024 We should just  use AC_USE_SYSTEM_EXTENSIONS in our autoconf,
  * and get this (and other important stuff!) automatically. Once we do that,
  * make sure to also change the extern char **environ detection in
  * configure.in, because whether that is declared or not depends on whether
@@ -1258,13 +1258,16 @@ tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
  * tell Tor it's allowed to use. */
 #define ULIMIT_BUFFER 32 /* keep 32 extra fd's beyond _ConnLimit */
 
-/** Learn the maximum allowed number of file descriptors. (Some systems
- * have a low soft limit.
+/** Learn the maximum allowed number of file descriptors, and tell the system
+ * we want to use up to that number. (Some systems have a low soft limit, and
+ * let us set it higher.)
  *
  * We compute this by finding the largest number that we can use.
  * If we can't find a number greater than or equal to <b>limit</b>,
  * then we fail: return -1.
  *
+ * If <b>limit</b> is 0, then do not adjust the current maximum.
+ *
  * Otherwise, return 0 and store the maximum we found inside <b>max_out</b>.*/
 int
 set_max_file_descriptors(rlim_t limit, int *max_out)
@@ -1297,14 +1300,20 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
   limit = MAX_CONNECTIONS;
 #else /* HAVE_GETRLIMIT */
   struct rlimit rlim;
-  tor_assert(limit > 0);
 
   if (getrlimit(RLIMIT_NOFILE, &rlim) != 0) {
     log_warn(LD_NET, "Could not get maximum number of file descriptors: %s",
              strerror(errno));
     return -1;
   }
-
+  if (limit == 0) {
+    /* If limit == 0, return the maximum value without setting it. */
+    limit = rlim.rlim_max;
+    if (limit > INT_MAX)
+      limit = INT_MAX;
+    *max_out = limit - ULIMIT_BUFFER;
+    return 0;
+  }
   if (rlim.rlim_max < limit) {
     log_warn(LD_CONFIG,"We need %lu file descriptors available, and we're "
              "limited to %lu. Please change your ulimit -n.",

src/common/compat_libevent.c

@@ -689,3 +689,37 @@ tor_add_bufferevent_to_rate_limit_group(struct bufferevent *bev,
 }
 #endif
 
+#if defined(LIBEVENT_VERSION_NUMBER) && LIBEVENT_VERSION_NUMBER >= V(2,1,1)
+void
+tor_gettimeofday_cached(struct timeval *tv)
+{
+  event_base_gettimeofday_cached(the_event_base, tv);
+}
+void
+tor_gettimeofday_cache_clear(void)
+{
+  event_base_update_cache_time(the_event_base);
+}
+#else
+/** Cache the current hi-res time; the cache gets reset when libevent
+ * calls us. */
+static struct timeval cached_time_hires = {0, 0};
+
+/** Return a fairly recent view of the current time. */
+void
+tor_gettimeofday_cached(struct timeval *tv)
+{
+  if (cached_time_hires.tv_sec == 0) {
+    tor_gettimeofday(&cached_time_hires);
+  }
+  *tv = cached_time_hires;
+}
+
+/** Reset the cached view of the current time, so that the next time we try
+ * to learn it, we will get an up-to-date value. */
+void
+tor_gettimeofday_cache_clear(void)
+{
+  cached_time_hires.tv_sec = 0;
+}
+#endif

src/common/compat_libevent.h

@@ -88,5 +88,8 @@ int tor_add_bufferevent_to_rate_limit_group(struct bufferevent *bev,
                                    struct bufferevent_rate_limit_group *g);
 #endif
 
+void tor_gettimeofday_cached(struct timeval *tv);
+void tor_gettimeofday_cache_clear(void);
+
 #endif
 

src/or/buffers.c

@@ -677,12 +677,12 @@ read_to_chunk_tls(buf_t *buf, chunk_t *chunk, tor_tls_t *tls,
  * (because of EOF), set *<b>reached_eof</b> to 1 and return 0. Return -1 on
  * error; else return the number of bytes read.
  */
-/* XXXX023 indicate "read blocked" somehow? */
+/* XXXX024 indicate "read blocked" somehow? */
 int
 read_to_buf(tor_socket_t s, size_t at_most, buf_t *buf, int *reached_eof,
             int *socket_error)
 {
-  /* XXXX023 It's stupid to overload the return values for these functions:
+  /* XXXX024 It's stupid to overload the return values for these functions:
    * "error status" and "number of bytes read" are not mutually exclusive.
    */
   int r = 0;
@@ -855,7 +855,7 @@ flush_chunk_tls(tor_tls_t *tls, buf_t *buf, chunk_t *chunk,
 int
 flush_buf(tor_socket_t s, buf_t *buf, size_t sz, size_t *buf_flushlen)
 {
-  /* XXXX023 It's stupid to overload the return values for these functions:
+  /* XXXX024 It's stupid to overload the return values for these functions:
    * "error status" and "number of bytes flushed" are not mutually exclusive.
    */
   int r;

src/or/circuitbuild.c

@@ -44,12 +44,12 @@
 
 /********* START VARIABLES **********/
 /** Global list of circuit build times */
-// XXXX023: Add this as a member for entry_guard_t instead of global?
+// XXXX: Add this as a member for entry_guard_t instead of global?
 // Then we could do per-guard statistics, as guards are likely to
 // vary in their own latency. The downside of this is that guards
 // can change frequently, so we'd be building a lot more circuits
 // most likely.
-/* XXXX023 Make this static; add accessor functions. */
+/* XXXX024 Make this static; add accessor functions. */
 circuit_build_times_t circ_times;
 
 /** A global list of all circuits at this hop. */
@@ -4238,7 +4238,7 @@ entry_guards_compute_status(const or_options_t *options, time_t now)
  * If <b>mark_relay_status</b>, also call router_set_status() on this
  * relay.
  *
- * XXX023 change succeeded and mark_relay_status into 'int flags'.
+ * XXX024 change succeeded and mark_relay_status into 'int flags'.
  */
 int
 entry_guard_register_connect_status(const char *digest, int succeeded,
@@ -4763,7 +4763,7 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
     }
     entry_guards = new_entry_guards;
     entry_guards_dirty = 0;
-    /* XXX023 hand new_entry_guards to this func, and move it up a
+    /* XXX024 hand new_entry_guards to this func, and move it up a
      * few lines, so we don't have to re-dirty it */
     if (remove_obsolete_entry_guards(now))
       entry_guards_dirty = 1;

src/or/circuitlist.c

@@ -1180,7 +1180,7 @@ circuit_mark_all_unused_circs(void)
  * This is useful for letting the user change pseudonyms, so new
  * streams will not be linkable to old streams.
  */
-/* XXX023 this is a bad name for what this function does */
+/* XXX024 this is a bad name for what this function does */
 void
 circuit_expire_all_dirty_circs(void)
 {
@@ -1191,7 +1191,7 @@ circuit_expire_all_dirty_circs(void)
     if (CIRCUIT_IS_ORIGIN(circ) &&
         !circ->marked_for_close &&
         circ->timestamp_dirty)
-      /* XXXX023 This is a screwed-up way to say "This is too dirty
+      /* XXXX024 This is a screwed-up way to say "This is too dirty
        * for new circuits. */
       circ->timestamp_dirty -= options->MaxCircuitDirtiness;
   }

src/or/circuituse.c

@@ -1475,7 +1475,7 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
         return -1;
       }
     } else {
-      /* XXXX023 Duplicates checks in connection_ap_handshake_attach_circuit:
+      /* XXXX024 Duplicates checks in connection_ap_handshake_attach_circuit:
        * refactor into a single function? */
       const node_t *node = node_get_by_nickname(conn->chosen_exit_name, 1);
       int opt = conn->chosen_exit_optional;
@@ -1916,7 +1916,7 @@ connection_ap_handshake_attach_circuit(entry_connection_t *conn)
     /* find the circuit that we should use, if there is one. */
     retval = circuit_get_open_circ_or_launch(
         conn, CIRCUIT_PURPOSE_C_GENERAL, &circ);
-    if (retval < 1) // XXX022 if we totally fail, this still returns 0 -RD
+    if (retval < 1) // XXX023 if we totally fail, this still returns 0 -RD
       return retval;
 
     log_debug(LD_APP|LD_CIRC,

src/or/config.c

@@ -1692,7 +1692,7 @@ options_act(const or_options_t *old_options)
        || !geoip_is_loaded())) {
     /* XXXX Don't use this "<default>" junk; make our filename options
      * understand prefixes somehow. -NM */
-    /* XXXX023 Reload GeoIPFile on SIGHUP. -NM */
+    /* XXXX024 Reload GeoIPFile on SIGHUP. -NM */
     char *actual_fname = tor_strdup(options->GeoIPFile);
 #ifdef _WIN32
     if (!strcmp(actual_fname, "<default>")) {
@@ -4103,7 +4103,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
              "ignore you.");
   }
 
-  /*XXXX023 checking for defaults manually like this is a bit fragile.*/
+  /*XXXX checking for defaults manually like this is a bit fragile.*/
 
   /* Keep changes to hard-coded values synchronous to man page and default
    * values table. */

src/or/connection.c

@@ -1048,7 +1048,12 @@ connection_listener_new(const struct sockaddr *listensockaddr,
     if (port_cfg->session_group >= 0) {
       lis_conn->session_group = port_cfg->session_group;
     } else {
-      /* XXXX023 This can wrap after ~INT_MAX ports are opened. */
+      /* This can wrap afuter ~INT_MAX listeners are opened.  But I don't
+       * believe that matters, since you would need to open a ridiculous
+       * number of listeners while keeping the early ones open before you ever
+       * hit this.  An OR with a dozen ports open, for example, would have to
+       * close and re-open its listers every second for 4 years nonstop.
+       */
       lis_conn->session_group = global_next_session_group--;
     }
   }
@@ -2280,7 +2285,7 @@ static void
 record_num_bytes_transferred(connection_t *conn,
                              time_t now, size_t num_read, size_t num_written)
 {
-  /* XXX023 check if this is necessary */
+  /* XXX024 check if this is necessary */
   if (num_written >= INT_MAX || num_read >= INT_MAX) {
     log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
              "connection type=%s, state=%s",
@@ -2925,7 +2930,7 @@ evbuffer_inbuf_callback(struct evbuffer *buf,
     connection_consider_empty_read_buckets(conn);
     if (conn->type == CONN_TYPE_AP) {
       edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
-      /*XXXX022 check for overflow*/
+      /*XXXX024 check for overflow*/
       edge_conn->n_read += (int)info->n_added;
     }
   }
@@ -2946,7 +2951,7 @@ evbuffer_outbuf_callback(struct evbuffer *buf,
     connection_consider_empty_write_buckets(conn);
     if (conn->type == CONN_TYPE_AP) {
       edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
-      /*XXXX022 check for overflow*/
+      /*XXXX024 check for overflow*/
       edge_conn->n_written += (int)info->n_deleted;
     }
   }

src/or/connection_edge.c

@@ -76,7 +76,7 @@ _connection_mark_unattached_ap(entry_connection_t *conn, int endreason,
    * being attached to a circuit, assume that an attempt to connect to
    * the destination hidden service has just ended.
    *
-   * XXX023 This condition doesn't limit to only streams failing
+   * XXXX This condition doesn't limit to only streams failing
    * without ever being attached.  That sloppiness should be harmless,
    * but we should fix it someday anyway. */
   if ((edge_conn->on_circuit != NULL || edge_conn->edge_has_sent_end) &&
@@ -622,7 +622,7 @@ connection_ap_expire_beginning(void)
     /* kludge to make us not try this circuit again, yet to allow
      * current streams on it to survive if they can: make it
      * unattractive to use for new streams */
-    /* XXXX023 this is a kludgy way to do this. */
+    /* XXXX024 this is a kludgy way to do this. */
     tor_assert(circ->timestamp_dirty);
     circ->timestamp_dirty -= options->MaxCircuitDirtiness;
     /* give our stream another 'cutoff' seconds to try */
@@ -664,7 +664,7 @@ connection_ap_attach_pending(void)
 
 /** Tell any AP streams that are waiting for a one-hop tunnel to
  * <b>failed_digest</b> that they are going to fail. */
-/* XXX023 We should get rid of this function, and instead attach
+/* XXX024 We should get rid of this function, and instead attach
  * one-hop streams to circ->p_streams so they get marked in
  * circuit_mark_for_close like normal p_streams. */
 void
@@ -1991,7 +1991,7 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
       return -1;
     }
-    /* XXXX022-1090 Should we also allow foo.bar.exit if ExitNodes is set and
+    /* XXXX024-1090 Should we also allow foo.bar.exit if ExitNodes is set and
        Bar is not listed in it?  I say yes, but our revised manpage branch
        implies no. */
   }
@@ -2572,12 +2572,12 @@ connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
 
   edge_conn->stream_id = get_unique_stream_id_by_circ(circ);
   if (edge_conn->stream_id==0) {
-    /* XXXX023 Instead of closing this stream, we should make it get
+    /* XXXX024 Instead of closing this stream, we should make it get
      * retried on another circuit. */
     connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
 
     /* Mark this circuit "unusable for new streams". */
-    /* XXXX023 this is a kludgy way to do this. */
+    /* XXXX024 this is a kludgy way to do this. */
     tor_assert(circ->_base.timestamp_dirty);
     circ->_base.timestamp_dirty -= get_options()->MaxCircuitDirtiness;
     return -1;
@@ -2657,12 +2657,12 @@ connection_ap_handshake_send_resolve(entry_connection_t *ap_conn)
 
   edge_conn->stream_id = get_unique_stream_id_by_circ(circ);
   if (edge_conn->stream_id==0) {
-    /* XXXX023 Instead of closing this stream, we should make it get
+    /* XXXX024 Instead of closing this stream, we should make it get
      * retried on another circuit. */
     connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
 
     /* Mark this circuit "unusable for new streams". */
-    /* XXXX023 this is a kludgy way to do this. */
+    /* XXXX024 this is a kludgy way to do this. */
     tor_assert(circ->_base.timestamp_dirty);
     circ->_base.timestamp_dirty -= get_options()->MaxCircuitDirtiness;
     return -1;
@@ -2834,7 +2834,7 @@ tell_controller_about_resolved_result(entry_connection_t *conn,
  * certain errors or for values that didn't come via DNS.  <b>expires</b> is
  * a time when the answer expires, or -1 or TIME_MAX if there's a good TTL.
  **/
-/* XXXX023 the use of the ttl and expires fields is nutty.  Let's make this
+/* XXXX the use of the ttl and expires fields is nutty.  Let's make this
  * interface and those that use it less ugly. */
 void
 connection_ap_handshake_socks_resolved(entry_connection_t *conn,

src/or/connection_or.c

@@ -401,7 +401,7 @@ connection_or_process_inbuf(or_connection_t *conn)
    * check would otherwise just let data accumulate.  It serves no purpose
    * in 0.2.3.
    *
-   * XXX023 Remove this check once we verify that the above paragraph is
+   * XXX024 Remove this check once we verify that the above paragraph is
    * 100% true. */
   if (buf_datalen(conn->_base.inbuf) > MAX_OR_INBUF_WHEN_NONOPEN) {
     log_fn(LOG_PROTOCOL_WARN, LD_NET, "Accumulated too much data (%d bytes) "

src/or/control.c

@@ -1466,26 +1466,9 @@ getinfo_helper_misc(control_connection_t *conn, const char *question,
       }
     #endif
   } else if (!strcmp(question, "process/descriptor-limit")) {
-    /** platform specifc limits are from the set_max_file_descriptors function
-      * of src/common/compat.c */
-    /* XXXX023 This is duplicated code from compat.c; it should turn into a
-     * function.  */
-    #ifdef HAVE_GETRLIMIT
-      struct rlimit descriptorLimit;
-
-      if (getrlimit(RLIMIT_NOFILE, &descriptorLimit) == 0) {
-        tor_asprintf(answer, U64_FORMAT,
-                     U64_PRINTF_ARG(descriptorLimit.rlim_max));
-      } else {
-        *answer = tor_strdup("-1");
-      }
-    #elif defined(CYGWIN) || defined(__CYGWIN__)
-      *answer = tor_strdup("3200");
-    #elif defined(_WIN32)
-      *answer = tor_strdup("15000");
-    #else
-      *answer = tor_strdup("15000");
-    #endif
+    int max_fds=-1;
+    set_max_file_descriptors(0, &max_fds);
+    tor_asprintf(answer, "%d", max_fds);
   } else if (!strcmp(question, "dir-usage")) {
     *answer = directory_dump_request_log();
   } else if (!strcmp(question, "fingerprint")) {

src/or/directory.c

@@ -2775,10 +2775,11 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
       else
         request_type = "/tor/status/?";
     } else {
-      networkstatus_t *v = networkstatus_get_latest_consensus();
+      networkstatus_t *v;
       time_t now = time(NULL);
       const char *want_fps = NULL;
       char *flavor = NULL;
+      int flav = FLAV_NS;
       #define CONSENSUS_URL_PREFIX "/tor/status-vote/current/consensus/"
       #define CONSENSUS_FLAVORED_PREFIX "/tor/status-vote/current/consensus-"
       /* figure out the flavor if any, and who we wanted to sign the thing */
@@ -2792,12 +2793,16 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
         } else {
           flavor = tor_strdup(f);
         }
+        flav = networkstatus_parse_flavor_name(flavor);
+        if (flav < 0)
+          flav = FLAV_NS;
       } else {
         if (!strcmpstart(url, CONSENSUS_URL_PREFIX))
           want_fps = url+strlen(CONSENSUS_URL_PREFIX);
       }
 
-      /* XXXX023 MICRODESC NM NM should check document of correct flavor */
+      v = networkstatus_get_latest_consensus_by_flavor(flav);
+
       if (v && want_fps &&
           !client_likes_consensus(v, want_fps)) {
         write_http_status_line(conn, 404, "Consensus not signed by sufficient "

src/or/dirserv.c

@@ -975,7 +975,7 @@ running_long_enough_to_decide_unreachable(void)
 void
 dirserv_set_router_is_running(routerinfo_t *router, time_t now)
 {
-  /*XXXX023 This function is a mess.  Separate out the part that calculates
+  /*XXXX024 This function is a mess.  Separate out the part that calculates
     whether it's reachable and the part that tells rephist that the router was
     unreachable.
    */
@@ -1793,7 +1793,7 @@ dirserv_thinks_router_is_unreliable(time_t now,
 {
   if (need_uptime) {
     if (!enough_mtbf_info) {
-      /* XXX023 Once most authorities are on v3, we should change the rule from
+      /* XXX024 Once most authorities are on v3, we should change the rule from
        * "use uptime if we don't have mtbf data" to "don't advertise Stable on
        * v3 if we don't have enough mtbf data."  Or maybe not, since if we ever
        * hit a point where we need to reset a lot of authorities at once,
@@ -2321,7 +2321,7 @@ is_router_version_good_for_possible_guard(const char *platform)
 
   tor_version_t router_version;
 
-  /* XXX023 This block should be extracted into its own function. */
+  /* XXX024 This block should be extracted into its own function. */
   /* XXXX Begin code copied from tor_version_as_new_as (in routerparse.c) */
   {
     char *s, *s2, *start;
@@ -3402,7 +3402,7 @@ lookup_cached_dir_by_fp(const char *fp)
     d = strmap_get(cached_consensuses, "ns");
   else if (memchr(fp, '\0', DIGEST_LEN) && cached_consensuses &&
            (d = strmap_get(cached_consensuses, fp))) {
-    /* this here interface is a nasty hack XXXX023 */;
+    /* this here interface is a nasty hack XXXX024 */;
   } else if (router_digest_is_me(fp) && the_v2_networkstatus)
     d = the_v2_networkstatus;
   else if (cached_v2_networkstatus)
@@ -3613,7 +3613,7 @@ connection_dirserv_add_servers_to_outbuf(dir_connection_t *conn)
     }
     body = signed_descriptor_get_body(sd);
     if (conn->zlib_state) {
-      /* XXXX022 This 'last' business should actually happen on the last
+      /* XXXX024 This 'last' business should actually happen on the last
        * routerinfo, not on the last fingerprint. */
       int last = ! smartlist_len(conn->fingerprint_stack);
       connection_write_to_buf_zlib(body, sd->signed_descriptor_len, conn,
@@ -3656,7 +3656,7 @@ connection_dirserv_add_microdescs_to_outbuf(dir_connection_t *conn)
     if (!md)
       continue;
     if (conn->zlib_state) {
-      /* XXXX022 This 'last' business should actually happen on the last
+      /* XXXX024 This 'last' business should actually happen on the last
        * routerinfo, not on the last fingerprint. */
       int last = !smartlist_len(conn->fingerprint_stack);
       connection_write_to_buf_zlib(md->body, md->bodylen, conn, last);

src/or/dnsserv.c

@@ -19,7 +19,7 @@
 #ifdef HAVE_EVENT2_DNS_H
 #include <event2/dns.h>
 #include <event2/dns_compat.h>
-/* XXXX023 this implies we want an improved evdns  */
+/* XXXX this implies we want an improved evdns  */
 #include <event2/dns_struct.h>
 #else
 #include "eventdns.h"

src/or/main.c

@@ -1435,11 +1435,8 @@ run_scheduled_events(time_t now)
    *    We do this before step 4, so it can try building more if
    *    it's not comfortable with the number of available circuits.
    */
-  /* XXXX022 If our circuit build timeout is much lower than a second, maybe
-   * we should do this more often? -NM
-   * It can't be lower than 1.5 seconds currently; see
-   * circuit_build_times_min_timeout(). -RD
-   */
+  /* (If our circuit build timeout can ever become lower than a second (which
+   * it can't, currently), we should do this more often.) */
   circuit_expire_building();
 
   /** 3b. Also look at pending streams and prune the ones that 'began'

src/or/microdesc.c

@@ -477,7 +477,7 @@ microdesc_cache_rebuild(microdesc_cache_t *cache, int force)
     md->body = (char*)cache->cache_content->data + md->off;
     if (PREDICT_UNLIKELY(
              md->bodylen < 9 || fast_memneq(md->body, "onion-key", 9) != 0)) {
-      /* XXXX023 once bug 2022 is solved, we can kill this block and turn it
+      /* XXXX once bug 2022 is solved, we can kill this block and turn it
        * into just the tor_assert(!memcmp) */
       off_t avail = cache->cache_content->size - md->off;
       char *bad_str;
@@ -643,8 +643,13 @@ microdesc_list_missing_digest256(networkstatus_t *ns, microdesc_cache_t *cache,
       continue;
     if (skip && digestmap_get(skip, rs->descriptor_digest))
       continue;
-    if (tor_mem_is_zero(rs->descriptor_digest, DIGEST256_LEN))
-      continue; /* This indicates a bug somewhere XXXX023*/
+    if (tor_mem_is_zero(rs->descriptor_digest, DIGEST256_LEN)) {
+      log_info(LD_BUG, "Found an entry in networktatus with no microdescriptor "
+               "digest. (Router %s=%s at %s:%d.)", rs->nickname,
+               hex_str(rs->identity_digest, DIGEST_LEN),
+               fmt_addr32(rs->addr), rs->or_port);
+      continue;
+    }
     /* XXXX Also skip if we're a noncache and wouldn't use this router.
      * XXXX NM Microdesc
      */

src/or/networkstatus.c

@@ -1836,7 +1836,7 @@ networkstatus_set_current_consensus(const char *consensus,
     routerstatus_list_update_named_server_map();
     cell_ewma_set_scale_factor(options, current_consensus);
 
-    /* XXXX023 this call might be unnecessary here: can changing the
+    /* XXXX024 this call might be unnecessary here: can changing the
      * current consensus really alter our view of any OR's rate limits? */
     connection_or_update_token_buckets(get_connection_array(), options);
 

src/or/relay.c

@@ -52,11 +52,6 @@ static int circuit_consider_stop_edge_reading(circuit_t *circ,
                                               crypt_path_t *layer_hint);
 static int circuit_queue_streams_are_blocked(circuit_t *circ);
 
-/* XXXX023 move this all to compat_libevent */
-/** Cache the current hi-res time; the cache gets reset when libevent
- * calls us. */
-static struct timeval cached_time_hires = {0, 0};
-
 /** Stop reading on edge connections when we have this many cells
  * waiting on the appropriate queue. */
 #define CELL_QUEUE_HIGHWATER_SIZE 256
@@ -64,24 +59,6 @@ static struct timeval cached_time_hires = {0, 0};
  * cells. */
 #define CELL_QUEUE_LOWWATER_SIZE 64
 
-/** Return a fairly recent view of the current time. */
-static void
-tor_gettimeofday_cached(struct timeval *tv)
-{
-  if (cached_time_hires.tv_sec == 0) {
-    tor_gettimeofday(&cached_time_hires);
-  }
-  *tv = cached_time_hires;
-}
-
-/** Reset the cached view of the current time, so that the next time we try
- * to learn it, we will get an up-to-date value. */
-void
-tor_gettimeofday_cache_clear(void)
-{
-  cached_time_hires.tv_sec = 0;
-}
-
 /** Stats: how many relay cells have originated at this hop, or have
  * been relayed onward (not recognized at this hop)?
  */
@@ -799,7 +776,7 @@ connection_ap_process_end_not_open(
           /* We haven't retried too many times; reattach the connection. */
           circuit_log_path(LOG_INFO,LD_APP,circ);
           /* Mark this circuit "unusable for new streams". */
-          /* XXXX023 this is a kludgy way to do this. */
+          /* XXXX024 this is a kludgy way to do this. */
           tor_assert(circ->_base.timestamp_dirty);
           circ->_base.timestamp_dirty -= get_options()->MaxCircuitDirtiness;
 
@@ -1462,7 +1439,7 @@ connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial,
   stats_n_data_cells_packaged += 1;
 
   if (PREDICT_UNLIKELY(sending_from_optimistic)) {
-    /* XXX023 We could be more efficient here by sometimes packing
+    /* XXXX We could be more efficient here by sometimes packing
      * previously-sent optimistic data in the same cell with data
      * from the inbuf. */
     generic_buffer_get(entry_conn->sending_optimistic_data, payload, length);

src/or/relay.h

@@ -64,8 +64,6 @@ void cell_ewma_set_scale_factor(const or_options_t *options,
                                 const networkstatus_t *consensus);
 void circuit_clear_cell_queue(circuit_t *circ, or_connection_t *orconn);
 
-void tor_gettimeofday_cache_clear(void);
-
 #ifdef RELAY_PRIVATE
 int relay_crypt(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction,
                 crypt_path_t **layer_hint, char *recognized);

src/or/rendclient.c

@@ -830,7 +830,7 @@ rend_client_rendezvous_acked(origin_circuit_t *circ, const uint8_t *request,
   /* Set timestamp_dirty, because circuit_expire_building expects it
    * to specify when a circuit entered the _C_REND_READY state. */
   circ->_base.timestamp_dirty = time(NULL);
-  /* XXXX023 This is a pretty brute-force approach. It'd be better to
+  /* XXXX This is a pretty brute-force approach. It'd be better to
    * attach only the connections that are waiting on this circuit, rather
    * than trying to attach them all. See comments bug 743. */
   /* If we already have the introduction circuit built, make sure we send

src/or/rendservice.c

@@ -1033,7 +1033,7 @@ rend_service_note_removing_intro_point(rend_service_t *service,
 /** Respond to an INTRODUCE2 cell by launching a circuit to the chosen
  * rendezvous point.
  */
- /* XXX022 this function sure could use some organizing. -RD */
+ /* XXXX024 this function sure could use some organizing. -RD */
 int
 rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
                        size_t request_len)
@@ -2255,7 +2255,7 @@ rend_services_introduce(void)
          *
          * Unfortunately, we can't find out when the new descriptor
          * has actually been uploaded, so we'll have to settle for a
-         * five-minute timer.  Start it.  XXX023 This sucks. */
+         * five-minute timer.  Start it.  XXXX024 This sucks. */
         intro->time_expiring = now;
 
         intro_point_set_changed = 1;

src/or/rephist.c

@@ -588,7 +588,7 @@ rep_hist_get_weighted_time_known(const char *id, time_t when)
 int
 rep_hist_have_measured_enough_stability(void)
 {
-  /* XXXX022 This doesn't do so well when we change our opinion
+  /* XXXX023 This doesn't do so well when we change our opinion
    * as to whether we're tracking router stability. */
   return started_tracking_stability < time(NULL) - 4*60*60;
 }

src/or/routerlist.c

@@ -1831,7 +1831,7 @@ smartlist_choose_node_by_bandwidth_weights(smartlist_t *sl,
       sl_last_weighted_bw_of_me = weight*this_bw;
   } SMARTLIST_FOREACH_END(node);
 
-  /* XXXX023 this is a kludge to expose these values. */
+  /* XXXX this is a kludge to expose these values. */
   sl_last_total_weighted_bw = weighted_bw;
 
   log_debug(LD_CIRC, "Choosing node for rule %s based on weights "
@@ -1960,7 +1960,7 @@ smartlist_choose_node_by_bandwidth(smartlist_t *sl,
       if (node->rs->has_bandwidth) {
         this_bw = kb_to_bytes(node->rs->bandwidth);
       } else { /* guess */
-        /* XXX023 once consensuses always list bandwidths, we can take
+        /* XXX024 once consensuses always list bandwidths, we can take
          * this guessing business out. -RD */
         is_known = 0;
         flags = node->rs->is_fast ? 1 : 0;
@@ -2079,7 +2079,7 @@ smartlist_choose_node_by_bandwidth(smartlist_t *sl,
     }
   }
 
-  /* XXXX023 this is a kludge to expose these values. */
+  /* XXXX this is a kludge to expose these values. */
   sl_last_total_weighted_bw = total_bw;
 
   log_debug(LD_CIRC, "Total weighted bw = "U64_FORMAT
@@ -4753,7 +4753,7 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote,
 
 /** How often should we launch a server/authority request to be sure of getting
  * a guess for our IP? */
-/*XXXX023 this info should come from netinfo cells or something, or we should
+/*XXXX024 this info should come from netinfo cells or something, or we should
  * do this only when we aren't seeing incoming data. see bug 652. */
 #define DUMMY_DOWNLOAD_INTERVAL (20*60)
 
@@ -4764,7 +4764,7 @@ launch_dummy_descriptor_download_as_needed(time_t now,
                                            const or_options_t *options)
 {
   static time_t last_dummy_download = 0;
-  /* XXXX023 we could be smarter here; see notes on bug 652. */
+  /* XXXX024 we could be smarter here; see notes on bug 652. */
   /* If we're a server that doesn't have a configured address, we rely on
    * directory fetches to learn when our address changes.  So if we haven't
    * tried to get any routerdescs in a long time, try a dummy fetch now. */

src/or/routerparse.c

@@ -1836,7 +1836,7 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string)
     struct in_addr in;
     char *address = NULL;
     tor_assert(tok->n_args);
-    /* XXX023 use some tor_addr parse function below instead. -RD */
+    /* XXX024 use some tor_addr parse function below instead. -RD */
     if (tor_addr_port_split(LOG_WARN, tok->args[0], &address,
                             &cert->dir_port) < 0 ||
         tor_inet_aton(address, &in) == 0) {

src/or/transports.c

@@ -1002,7 +1002,7 @@ create_managed_proxy_environment(const managed_proxy_t *mp)
       tor_free(bindaddr_tmp);
     }
 
-    /* XXX023 Remove the '=' here once versions of obfsproxy which
+    /* XXX024 Remove the '=' here once versions of obfsproxy which
      * assert that this env var exists are sufficiently dead.
      *
      * (If we remove this line entirely, some joker will stick this