Annotate usage of low_level_predicate_permits_relay

2 files changed, 15 insertions, 1 deletions

diff --git a/crates/tor-circmgr/src/hspool.rs b/crates/tor-circmgr/src/hspool.rs
index a632ae933..a4b39c180 100644
--- a/crates/tor-circmgr/src/hspool.rs
+++ b/crates/tor-circmgr/src/hspool.rs
@@ -353,6 +353,14 @@ fn circuit_compatible_with_target(
     circ: &ClientCirc,
     exclude_target: &RelayExclusion,
 ) -> bool {
+    // NOTE, TODO #504:
+    // This uses a RelayExclusion directly, when we would be better off
+    // using a RelaySelector to make sure that we had checked every relevant
+    // property.
+    //
+    // The behavior is okay, since we already checked all the properties of the
+    // circuit's relays when we first constructed the circuit.  Still, it would
+    // be better to use refactor and a RelaySelector instead.
     circuit_still_useable(netdir, circ, |relay| {
         exclude_target.low_level_predicate_permits_relay(relay)
     })
diff --git a/crates/tor-guardmgr/src/filter.rs b/crates/tor-guardmgr/src/filter.rs
index 7c712355f..b6358aa15 100644
--- a/crates/tor-guardmgr/src/filter.rs
+++ b/crates/tor-guardmgr/src/filter.rs
@@ -82,7 +82,13 @@ impl GuardFilter {
         let mut guard_bw: RelayWeight = 0.into();
         let mut permitted_bw: RelayWeight = 0.into();
         // TODO #504: This is an unaccompanied RelayUsage, and is therefore a
-        // bit suspect.  We should consider whether we like this behavior.
+        // bit suspect.  We should consider whether we like this behavior,
+        // or whether we should convert it into a RelaySelector.
+        //
+        // It is not _too_ bad, however, since we're only looking at the
+        // fraction of the relays that might be guards; we won't use these
+        // relays without later choosing them via a RelaySelector.  Nonetheless,
+        // it would be better to construct a RelaySelector.
         let usage = RelayUsage::new_guard();
 
         // TODO: There is a case to be made for converting "permitted by this