changelog

CHANGELOG.md

@@ -1,56 +1,5 @@
 # Changelog
 
-## v0.31.3
-
-*April 1st, 2019*
-
-This release includes two security sensitive fixes: it ensures generated private
-keys are valid, and it prevents certain DNS lookups that would cause the node to
-panic if the lookup failed.
-
-### BUG FIXES:
-
-- [crypto/secp256k1] [\#3439](https://github.com/tendermint/tendermint/issues/3439)
-    Ensure generated private keys are valid by randomly sampling until a valid key is found.
-    Previously, it was possible (though rare!) to generate keys that exceeded the curve order.
-    Such keys would lead to invalid signatures.
-- [p2p] [\#3522](https://github.com/tendermint/tendermint/issues/3522) Memoize
-  socket address in peer connections to avoid DNS lookups. Previously, failed
-  DNS lookups could cause the node to panic.
-
-## v0.31.2
-
-*March 30th, 2019*
-
-This release fixes a regression from v0.31.1 where Tendermint panics under
-mempool load for external ABCI apps.
-
-Special thanks to external contributors on this release:
-@guagualvcha
-
-### BREAKING CHANGES:
-
-* CLI/RPC/Config
-
-* Apps
-
-* Go API
-- [libs/autofile] [\#3504](https://github.com/tendermint/tendermint/issues/3504) Remove unused code in autofile package. Deleted functions: `Group.Search`, `Group.FindLast`, `GroupReader.ReadLine`, `GroupReader.PushLine`, `MakeSimpleSearchFunc` (@guagualvcha)
-
-* Blockchain Protocol
-
-* P2P Protocol
-
-### FEATURES:
-
-### IMPROVEMENTS:
-
-- [circle] [\#3497](https://github.com/tendermint/tendermint/issues/3497) Move release management to CircleCI
-
-### BUG FIXES:
-
-- [mempool] [\#3512](https://github.com/tendermint/tendermint/issues/3512) Fix panic from concurrent access to txsMap, a regression for external ABCI apps introduced in v0.31.1
-
 ## v0.31.1
 
 *March 27th, 2019*

CHANGELOG_PENDING.md

@@ -1,6 +1,9 @@
 ## v0.31.2
 
-**
+*March 30th, 2019*
+
+This release fixes a regression from v0.31.1 where Tendermint panics under
+mempool load for external ABCI apps.
 
 ### BREAKING CHANGES:
 
@@ -9,6 +12,7 @@
 * Apps
 
 * Go API
+- [libs/autofile] \#3504 Remove unused code in autofile package. Deleted functions: `Group.Search`, `Group.FindLast`, `GroupReader.ReadLine`, `GroupReader.PushLine`, `MakeSimpleSearchFunc` (@guagualvcha)
 
 * Blockchain Protocol
 
@@ -18,5 +22,8 @@
 
 ### IMPROVEMENTS:
 
+- [circle] \#3497 Move release management to CircleCI
+
 ### BUG FIXES:
 
+- [mempool] \#3512 Fix panic from concurrent access to txsMap, a regression for external ABCI apps introduced in v0.31.1

abci/client/socket_client.go

@@ -210,7 +210,7 @@ func (cli *socketClient) didRecvResponse(res *types.Response) error {
 	cli.reqSent.Remove(next) // Pop first item from linked list
 
 	// Notify reqRes listener if set (request specific callback).
-	// NOTE: it is possible this callback isn't set on the reqres object.
+	// NOTE: it is possible this callback isn't set on the reqres object
 	// at this point, in which case it will be called after, when it is set.
 	// TODO: should we move this after the resCb call so the order is always consistent?
 	if cb := reqres.GetCallback(); cb != nil {

crypto/secp256k1/secp256k1.go

@@ -6,7 +6,6 @@ import (
 	"crypto/subtle"
 	"fmt"
 	"io"
-	"math/big"
 
 	"golang.org/x/crypto/ripemd160"
 
@@ -66,61 +65,32 @@ func (privKey PrivKeySecp256k1) Equals(other crypto.PrivKey) bool {
 }
 
 // GenPrivKey generates a new ECDSA private key on curve secp256k1 private key.
-// It uses OS randomness to generate the private key.
+// It uses OS randomness in conjunction with the current global random seed
+// in tendermint/libs/common to generate the private key.
 func GenPrivKey() PrivKeySecp256k1 {
 	return genPrivKey(crypto.CReader())
 }
 
 // genPrivKey generates a new secp256k1 private key using the provided reader.
 func genPrivKey(rand io.Reader) PrivKeySecp256k1 {
-	var privKeyBytes [32]byte
-	d := new(big.Int)
-	for {
-		privKeyBytes = [32]byte{}
-		_, err := io.ReadFull(rand, privKeyBytes[:])
-		if err != nil {
-			panic(err)
-		}
-
-		d.SetBytes(privKeyBytes[:])
-		// break if we found a valid point (i.e. > 0 and < N == curverOrder)
-		isValidFieldElement := 0 < d.Sign() && d.Cmp(secp256k1.S256().N) < 0
-		if isValidFieldElement {
-			break
-		}
+	privKeyBytes := [32]byte{}
+	_, err := io.ReadFull(rand, privKeyBytes[:])
+	if err != nil {
+		panic(err)
 	}
-
+	// crypto.CRandBytes is guaranteed to be 32 bytes long, so it can be
+	// casted to PrivKeySecp256k1.
 	return PrivKeySecp256k1(privKeyBytes)
 }
 
-var one = new(big.Int).SetInt64(1)
-
 // GenPrivKeySecp256k1 hashes the secret with SHA2, and uses
 // that 32 byte output to create the private key.
-//
-// It makes sure the private key is a valid field element by setting:
-//
-// c = sha256(secret)
-// k = (c mod (n − 1)) + 1, where n = curve order.
-//
 // NOTE: secret should be the output of a KDF like bcrypt,
 // if it's derived from user input.
 func GenPrivKeySecp256k1(secret []byte) PrivKeySecp256k1 {
-	secHash := sha256.Sum256(secret)
-	// to guarantee that we have a valid field element, we use the approach of:
-	// "Suite B Implementer’s Guide to FIPS 186-3", A.2.1
-	// https://apps.nsa.gov/iaarchive/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/suite-b-implementers-guide-to-fips-186-3-ecdsa.cfm
-	// see also https://github.com/golang/go/blob/0380c9ad38843d523d9c9804fe300cb7edd7cd3c/src/crypto/ecdsa/ecdsa.go#L89-L101
-	fe := new(big.Int).SetBytes(secHash[:])
-	n := new(big.Int).Sub(secp256k1.S256().N, one)
-	fe.Mod(fe, n)
-	fe.Add(fe, one)
-
-	feB := fe.Bytes()
-	var privKey32 [32]byte
-	// copy feB over to fixed 32 byte privKey32 and pad (if necessary)
-	copy(privKey32[32-len(feB):32], feB)
-
+	privKey32 := sha256.Sum256(secret)
+	// sha256.Sum256() is guaranteed to be 32 bytes long, so it can be
+	// casted to PrivKeySecp256k1.
 	return PrivKeySecp256k1(privKey32)
 }
 

crypto/secp256k1/secp256k1_cgo_test.go

@@ -1,39 +0,0 @@
-// +build libsecp256k1
-
-package secp256k1
-
-import (
-	"github.com/magiconair/properties/assert"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestPrivKeySecp256k1SignVerify(t *testing.T) {
-	msg := []byte("A.1.2 ECC Key Pair Generation by Testing Candidates")
-	priv := GenPrivKey()
-	tests := []struct {
-		name             string
-		privKey          PrivKeySecp256k1
-		wantSignErr      bool
-		wantVerifyPasses bool
-	}{
-		{name: "valid sign-verify round", privKey: priv, wantSignErr: false, wantVerifyPasses: true},
-		{name: "invalid private key", privKey: [32]byte{}, wantSignErr: true, wantVerifyPasses: false},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got, err := tt.privKey.Sign(msg)
-			if tt.wantSignErr {
-				require.Error(t, err)
-				t.Logf("Got error: %s", err)
-				return
-			}
-			require.NoError(t, err)
-			require.NotNil(t, got)
-
-			pub := tt.privKey.PubKey()
-			assert.Equal(t, tt.wantVerifyPasses, pub.VerifyBytes(msg, got))
-		})
-	}
-}

crypto/secp256k1/secp256k1_internal_test.go

@@ -1,45 +0,0 @@
-package secp256k1
-
-import (
-	"bytes"
-	"math/big"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
-	underlyingSecp256k1 "github.com/btcsuite/btcd/btcec"
-)
-
-func Test_genPrivKey(t *testing.T) {
-
-	empty := make([]byte, 32)
-	oneB := big.NewInt(1).Bytes()
-	onePadded := make([]byte, 32)
-	copy(onePadded[32-len(oneB):32], oneB)
-	t.Logf("one padded: %v, len=%v", onePadded, len(onePadded))
-
-	validOne := append(empty, onePadded...)
-	tests := []struct {
-		name        string
-		notSoRand   []byte
-		shouldPanic bool
-	}{
-		{"empty bytes (panics because 1st 32 bytes are zero and 0 is not a valid field element)", empty, true},
-		{"curve order: N", underlyingSecp256k1.S256().N.Bytes(), true},
-		{"valid because 0 < 1 < N", validOne, false},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.shouldPanic {
-				require.Panics(t, func() {
-					genPrivKey(bytes.NewReader(tt.notSoRand))
-				})
-				return
-			}
-			got := genPrivKey(bytes.NewReader(tt.notSoRand))
-			fe := new(big.Int).SetBytes(got[:])
-			require.True(t, fe.Cmp(underlyingSecp256k1.S256().N) < 0)
-			require.True(t, fe.Sign() > 0)
-		})
-	}
-}

crypto/secp256k1/secp256k1_nocgo_test.go

@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	secp256k1 "github.com/btcsuite/btcd/btcec"
+
 	"github.com/stretchr/testify/require"
 )
 

crypto/secp256k1/secpk256k1_test.go

@@ -2,7 +2,6 @@ package secp256k1_test
 
 import (
 	"encoding/hex"
-	"math/big"
 	"testing"
 
 	"github.com/btcsuite/btcutil/base58"
@@ -85,28 +84,3 @@ func TestSecp256k1LoadPrivkeyAndSerializeIsIdentity(t *testing.T) {
 		require.Equal(t, privKeyBytes[:], serializedBytes)
 	}
 }
-
-func TestGenPrivKeySecp256k1(t *testing.T) {
-	// curve oder N
-	N := underlyingSecp256k1.S256().N
-	tests := []struct {
-		name   string
-		secret []byte
-	}{
-		{"empty secret", []byte{}},
-		{"some long secret", []byte("We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.")},
-		{"another seed used in cosmos tests #1", []byte{0}},
-		{"another seed used in cosmos tests #2", []byte("mySecret")},
-		{"another seed used in cosmos tests #3", []byte("")},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			gotPrivKey := secp256k1.GenPrivKeySecp256k1(tt.secret)
-			require.NotNil(t, gotPrivKey)
-			// interpret as a big.Int and make sure it is a valid field element:
-			fe := new(big.Int).SetBytes(gotPrivKey[:])
-			require.True(t, fe.Cmp(N) < 0)
-			require.True(t, fe.Sign() > 0)
-		})
-	}
-}

mempool/cache_test.go

@@ -19,7 +19,7 @@ func TestCacheRemove(t *testing.T) {
 	for i := 0; i < numTxs; i++ {
 		// probability of collision is 2**-256
 		txBytes := make([]byte, 32)
-		rand.Read(txBytes) // nolint: gosec
+		rand.Read(txBytes)
 		txs[i] = txBytes
 		cache.Push(txBytes)
 		// make sure its added to both the linked list and the map

mempool/mempool.go

@@ -167,8 +167,8 @@ type Mempool struct {
 	preCheck     PreCheckFunc
 	postCheck    PostCheckFunc
 
-	// Track whether we're rechecking txs.
-	// These are not protected by a mutex and are expected to be mutated
+	// track whether we're rechecking txs.
+	// these are not protected by a mutex and are expected to be mutated
 	// in serial (ie. by abci responses which are called in serial).
 	recheckCursor *clist.CElement // next expected response
 	recheckEnd    *clist.CElement // re-checking stops here
@@ -177,7 +177,7 @@ type Mempool struct {
 	notifiedTxsAvailable bool
 	txsAvailable         chan struct{} // fires once for each height, when the mempool is not empty
 
-	// Map for quick access to txs to record sender in CheckTx.
+	// map for quick access to txs to record sender in CheckTx.
 	// txsMap: txKey -> CElement
 	txsMap sync.Map
 
@@ -461,8 +461,11 @@ func (mem *Mempool) globalCb(req *abci.Request, res *abci.Response) {
 func (mem *Mempool) reqResCb(tx []byte, peerID uint16, externalCb func(*abci.Response)) func(res *abci.Response) {
 	return func(res *abci.Response) {
 		if mem.recheckCursor != nil {
-			// this should never happen
-			panic("recheck cursor is not nil in reqResCb")
+			// this should not be possible.
+			// rechecks should only happen during Update
+			// after all checktxs were flushed and before
+			// any new ones happened.
+			return
 		}
 
 		mem.resCbFirstTime(tx, peerID, res)

node/node.go

@@ -489,7 +489,7 @@ func NewNode(config *cfg.Config,
 	addrBook := pex.NewAddrBook(config.P2P.AddrBookFile(), config.P2P.AddrBookStrict)
 
 	// Add ourselves to addrbook to prevent dialing ourselves
-	addrBook.AddOurAddress(sw.NetAddress())
+	addrBook.AddOurAddress(nodeInfo.NetAddress())
 
 	addrBook.SetLogger(p2pLogger.With("book", config.P2P.AddrBookFile()))
 	if config.P2P.PexReactor {

p2p/mock/peer.go

@@ -62,7 +62,7 @@ func (mp *Peer) Get(key string) interface{} {
 func (mp *Peer) Set(key string, value interface{}) {
 	mp.kv[key] = value
 }
-func (mp *Peer) RemoteIP() net.IP            { return mp.ip }
-func (mp *Peer) SocketAddr() *p2p.NetAddress { return mp.addr }
-func (mp *Peer) RemoteAddr() net.Addr        { return &net.TCPAddr{IP: mp.ip, Port: 8800} }
-func (mp *Peer) CloseConn() error            { return nil }
+func (mp *Peer) RemoteIP() net.IP              { return mp.ip }
+func (mp *Peer) OriginalAddr() *p2p.NetAddress { return mp.addr }
+func (mp *Peer) RemoteAddr() net.Addr          { return &net.TCPAddr{IP: mp.ip, Port: 8800} }
+func (mp *Peer) CloseConn() error              { return nil }

p2p/node_info.go

@@ -23,10 +23,16 @@ func MaxNodeInfoSize() int {
 // NodeInfo exposes basic info of a node
 // and determines if we're compatible.
 type NodeInfo interface {
-	ID() ID
+	nodeInfoAddress
 	nodeInfoTransport
 }
 
+// nodeInfoAddress exposes just the core info of a node.
+type nodeInfoAddress interface {
+	ID() ID
+	NetAddress() *NetAddress
+}
+
 // nodeInfoTransport validates a nodeInfo and checks
 // our compatibility with it. It's for use in the handshake.
 type nodeInfoTransport interface {
@@ -215,7 +221,7 @@ func (info DefaultNodeInfo) NetAddress() *NetAddress {
 	if err != nil {
 		switch err.(type) {
 		case ErrNetAddressLookup:
-			// XXX If the peer provided a host name and the lookup fails here
+			// XXX If the peer provided a host name  and the lookup fails here
 			// we're out of luck.
 			// TODO: use a NetAddress in DefaultNodeInfo
 		default:

p2p/peer.go

@@ -29,7 +29,7 @@ type Peer interface {
 
 	NodeInfo() NodeInfo // peer's info
 	Status() tmconn.ConnectionStatus
-	SocketAddr() *NetAddress // actual address of the socket
+	OriginalAddr() *NetAddress // original address for outbound peers
 
 	Send(byte, []byte) bool
 	TrySend(byte, []byte) bool
@@ -46,7 +46,7 @@ type peerConn struct {
 	persistent bool
 	conn       net.Conn // source connection
 
-	socketAddr *NetAddress
+	originalAddr *NetAddress // nil for inbound connections
 
 	// cached RemoteIP()
 	ip net.IP
@@ -55,14 +55,14 @@ type peerConn struct {
 func newPeerConn(
 	outbound, persistent bool,
 	conn net.Conn,
-	socketAddr *NetAddress,
+	originalAddr *NetAddress,
 ) peerConn {
 
 	return peerConn{
-		outbound:   outbound,
-		persistent: persistent,
-		conn:       conn,
-		socketAddr: socketAddr,
+		outbound:     outbound,
+		persistent:   persistent,
+		conn:         conn,
+		originalAddr: originalAddr,
 	}
 }
 
@@ -223,12 +223,13 @@ func (p *peer) NodeInfo() NodeInfo {
 	return p.nodeInfo
 }
 
-// SocketAddr returns the address of the socket.
-// For outbound peers, it's the address dialed (after DNS resolution).
-// For inbound peers, it's the address returned by the underlying connection
-// (not what's reported in the peer's NodeInfo).
-func (p *peer) SocketAddr() *NetAddress {
-	return p.peerConn.socketAddr
+// OriginalAddr returns the original address, which was used to connect with
+// the peer. Returns nil for inbound peers.
+func (p *peer) OriginalAddr() *NetAddress {
+	if p.peerConn.outbound {
+		return p.peerConn.originalAddr
+	}
+	return nil
 }
 
 // Status returns the peer's ConnectionStatus.

p2p/peer_set_test.go

@@ -29,7 +29,7 @@ func (mp *mockPeer) IsPersistent() bool                      { return true }
 func (mp *mockPeer) Get(s string) interface{}                { return s }
 func (mp *mockPeer) Set(string, interface{})                 {}
 func (mp *mockPeer) RemoteIP() net.IP                        { return mp.ip }
-func (mp *mockPeer) SocketAddr() *NetAddress                 { return nil }
+func (mp *mockPeer) OriginalAddr() *NetAddress               { return nil }
 func (mp *mockPeer) RemoteAddr() net.Addr                    { return &net.TCPAddr{IP: mp.ip, Port: 8800} }
 func (mp *mockPeer) CloseConn() error                        { return nil }
 

p2p/peer_test.go

@@ -109,27 +109,25 @@ func testOutboundPeerConn(
 	persistent bool,
 	ourNodePrivKey crypto.PrivKey,
 ) (peerConn, error) {
-
-	var pc peerConn
 	conn, err := testDial(addr, config)
 	if err != nil {
-		return pc, cmn.ErrorWrap(err, "Error creating peer")
+		return peerConn{}, cmn.ErrorWrap(err, "Error creating peer")
 	}
 
-	pc, err = testPeerConn(conn, config, true, persistent, ourNodePrivKey, addr)
+	pc, err := testPeerConn(conn, config, true, persistent, ourNodePrivKey, addr)
 	if err != nil {
 		if cerr := conn.Close(); cerr != nil {
-			return pc, cmn.ErrorWrap(err, cerr.Error())
+			return peerConn{}, cmn.ErrorWrap(err, cerr.Error())
 		}
-		return pc, err
+		return peerConn{}, err
 	}
 
 	// ensure dialed ID matches connection ID
 	if addr.ID != pc.ID() {
 		if cerr := conn.Close(); cerr != nil {
-			return pc, cmn.ErrorWrap(err, cerr.Error())
+			return peerConn{}, cmn.ErrorWrap(err, cerr.Error())
 		}
-		return pc, ErrSwitchAuthenticationFailure{addr, pc.ID()}
+		return peerConn{}, ErrSwitchAuthenticationFailure{addr, pc.ID()}
 	}
 
 	return pc, nil

p2p/pex/pex_reactor.go

@@ -167,7 +167,7 @@ func (r *PEXReactor) AddPeer(p Peer) {
 		}
 	} else {
 		// inbound peer is its own source
-		addr := p.SocketAddr()
+		addr := p.NodeInfo().NetAddress()
 		src := addr
 
 		// add to book. dont RequestAddrs right away because
@@ -309,7 +309,7 @@ func (r *PEXReactor) ReceiveAddrs(addrs []*p2p.NetAddress, src Peer) error {
 	}
 	r.requestsSent.Delete(id)
 
-	srcAddr := src.SocketAddr()
+	srcAddr := src.NodeInfo().NetAddress()
 	for _, netAddr := range addrs {
 		// Validate netAddr. Disconnect from a peer if it sends us invalid data.
 		if netAddr == nil {

p2p/pex/pex_reactor_test.go

@@ -96,7 +96,7 @@ func TestPEXReactorRunning(t *testing.T) {
 	}
 
 	addOtherNodeAddrToAddrBook := func(switchIndex, otherSwitchIndex int) {
-		addr := switches[otherSwitchIndex].NetAddress()
+		addr := switches[otherSwitchIndex].NodeInfo().NetAddress()
 		books[switchIndex].AddAddress(addr, addr)
 	}
 
@@ -127,7 +127,7 @@ func TestPEXReactorReceive(t *testing.T) {
 	r.RequestAddrs(peer)
 
 	size := book.Size()
-	addrs := []*p2p.NetAddress{peer.SocketAddr()}
+	addrs := []*p2p.NetAddress{peer.NodeInfo().NetAddress()}
 	msg := cdc.MustMarshalBinaryBare(&pexAddrsMessage{Addrs: addrs})
 	r.Receive(PexChannel, peer, msg)
 	assert.Equal(t, size+1, book.Size())
@@ -184,7 +184,7 @@ func TestPEXReactorAddrsMessageAbuse(t *testing.T) {
 	assert.True(t, r.requestsSent.Has(id))
 	assert.True(t, sw.Peers().Has(peer.ID()))
 
-	addrs := []*p2p.NetAddress{peer.SocketAddr()}
+	addrs := []*p2p.NetAddress{peer.NodeInfo().NetAddress()}
 	msg := cdc.MustMarshalBinaryBare(&pexAddrsMessage{Addrs: addrs})
 
 	// receive some addrs. should clear the request
@@ -229,7 +229,7 @@ func TestCheckSeeds(t *testing.T) {
 	badPeerConfig = &PEXReactorConfig{
 		Seeds: []string{"ed3dfd27bfc4af18f67a49862f04cc100696e84d@bad.network.addr:26657",
 			"d824b13cb5d40fa1d8a614e089357c7eff31b670@anotherbad.network.addr:26657",
-			seed.NetAddress().String()},
+			seed.NodeInfo().NetAddress().String()},
 	}
 	peer = testCreatePeerWithConfig(dir, 2, badPeerConfig)
 	require.Nil(t, peer.Start())
@@ -263,13 +263,12 @@ func TestConnectionSpeedForPeerReceivedFromSeed(t *testing.T) {
 	defer os.RemoveAll(dir) // nolint: errcheck
 
 	// 1. create peer
-	peerSwitch := testCreateDefaultPeer(dir, 1)
-	require.Nil(t, peerSwitch.Start())
-	defer peerSwitch.Stop()
+	peer := testCreateDefaultPeer(dir, 1)
+	require.Nil(t, peer.Start())
+	defer peer.Stop()
 
 	// 2. Create seed which knows about the peer
-	peerAddr := peerSwitch.NetAddress()
-	seed := testCreateSeed(dir, 2, []*p2p.NetAddress{peerAddr}, []*p2p.NetAddress{peerAddr})
+	seed := testCreateSeed(dir, 2, []*p2p.NetAddress{peer.NodeInfo().NetAddress()}, []*p2p.NetAddress{peer.NodeInfo().NetAddress()})
 	require.Nil(t, seed.Start())
 	defer seed.Stop()
 
@@ -296,7 +295,7 @@ func TestPEXReactorCrawlStatus(t *testing.T) {
 	// Create a peer, add it to the peer set and the addrbook.
 	peer := p2p.CreateRandomPeer(false)
 	p2p.AddPeerToSwitch(pexR.Switch, peer)
-	addr1 := peer.SocketAddr()
+	addr1 := peer.NodeInfo().NetAddress()
 	pexR.book.AddAddress(addr1, addr1)
 
 	// Add a non-connected address to the book.
@@ -360,7 +359,7 @@ func TestPEXReactorSeedModeFlushStop(t *testing.T) {
 	reactor := switches[0].Reactors()["pex"].(*PEXReactor)
 	peerID := switches[1].NodeInfo().ID()
 
-	err = switches[1].DialPeerWithAddress(switches[0].NetAddress(), false)
+	err = switches[1].DialPeerWithAddress(switches[0].NodeInfo().NetAddress(), false)
 	assert.NoError(t, err)
 
 	// sleep up to a second while waiting for the peer to send us a message.
@@ -398,7 +397,7 @@ func TestPEXReactorDoesNotAddPrivatePeersToAddrBook(t *testing.T) {
 	pexR.RequestAddrs(peer)
 
 	size := book.Size()
-	addrs := []*p2p.NetAddress{peer.SocketAddr()}
+	addrs := []*p2p.NetAddress{peer.NodeInfo().NetAddress()}
 	msg := cdc.MustMarshalBinaryBare(&pexAddrsMessage{Addrs: addrs})
 	pexR.Receive(PexChannel, peer, msg)
 	assert.Equal(t, size, book.Size())
@@ -415,7 +414,7 @@ func TestPEXReactorDialPeer(t *testing.T) {
 	sw.SetAddrBook(book)
 
 	peer := mock.NewPeer(nil)
-	addr := peer.SocketAddr()
+	addr := peer.NodeInfo().NetAddress()
 
 	assert.Equal(t, 0, pexR.AttemptsToDial(addr))
 
@@ -548,7 +547,7 @@ func testCreateSeed(dir string, id int, knownAddrs, srcAddrs []*p2p.NetAddress)
 // Starting and stopping the peer is left to the caller
 func testCreatePeerWithSeed(dir string, id int, seed *p2p.Switch) *p2p.Switch {
 	conf := &PEXReactorConfig{
-		Seeds: []string{seed.NetAddress().String()},
+		Seeds: []string{seed.NodeInfo().NetAddress().String()},
 	}
 	return testCreatePeerWithConfig(dir, id, conf)
 }

p2p/switch.go

@@ -86,12 +86,6 @@ type Switch struct {
 	metrics *Metrics
 }
 
-// NetAddress returns the address the switch is listening on.
-func (sw *Switch) NetAddress() *NetAddress {
-	addr := sw.transport.NetAddress()
-	return &addr
-}
-
 // SwitchOption sets an optional parameter on the Switch.
 type SwitchOption func(*Switch)
 
@@ -295,7 +289,13 @@ func (sw *Switch) StopPeerForError(peer Peer, reason interface{}) {
 	sw.stopAndRemovePeer(peer, reason)
 
 	if peer.IsPersistent() {
-		go sw.reconnectToPeer(peer.SocketAddr())
+		addr := peer.OriginalAddr()
+		if addr == nil {
+			// FIXME: persistent peers can't be inbound right now.
+			// self-reported address for inbound persistent peers
+			addr = peer.NodeInfo().NetAddress()
+		}
+		go sw.reconnectToPeer(addr)
 	}
 }
 
@@ -383,7 +383,7 @@ func (sw *Switch) SetAddrBook(addrBook AddrBook) {
 // like contributed to consensus.
 func (sw *Switch) MarkPeerAsGood(peer Peer) {
 	if sw.addrBook != nil {
-		sw.addrBook.MarkGood(peer.SocketAddr())
+		sw.addrBook.MarkGood(peer.NodeInfo().NetAddress())
 	}
 }
 
@@ -400,7 +400,7 @@ func (sw *Switch) DialPeersAsync(addrBook AddrBook, peers []string, persistent b
 		sw.Logger.Error("Error in peer's address", "err", err)
 	}
 
-	ourAddr := sw.NetAddress()
+	ourAddr := sw.nodeInfo.NetAddress()
 
 	// TODO: this code feels like it's in the wrong place.
 	// The integration tests depend on the addrBook being saved
@@ -536,7 +536,7 @@ func (sw *Switch) acceptRoutine() {
 		if in >= sw.config.MaxNumInboundPeers {
 			sw.Logger.Info(
 				"Ignoring inbound connection: already have enough inbound peers",
-				"address", p.SocketAddr(),
+				"address", p.NodeInfo().NetAddress().String(),
 				"have", in,
 				"max", sw.config.MaxNumInboundPeers,
 			)
@@ -653,7 +653,7 @@ func (sw *Switch) addPeer(p Peer) error {
 		return err
 	}
 
-	p.SetLogger(sw.Logger.With("peer", p.SocketAddr()))
+	p.SetLogger(sw.Logger.With("peer", p.NodeInfo().NetAddress()))
 
 	// Handle the shut down case where the switch has stopped but we're
 	// concurrently trying to add a peer.

p2p/switch_test.go

@@ -161,6 +161,10 @@ func assertMsgReceivedWithTimeout(t *testing.T, msgBytes []byte, channel byte, r
 
 func TestSwitchFiltersOutItself(t *testing.T) {
 	s1 := MakeSwitch(cfg, 1, "127.0.0.1", "123.123.123", initSwitchFunc)
+	// addr := s1.NodeInfo().NetAddress()
+
+	// // add ourselves like we do in node.go#427
+	// s1.addrBook.AddOurAddress(addr)
 
 	// simulate s1 having a public IP by creating a remote peer with the same ID
 	rp := &remotePeer{PrivKey: s1.nodeKey.PrivKey, Config: cfg}
@@ -494,7 +498,7 @@ func TestSwitchAcceptRoutine(t *testing.T) {
 		rp := &remotePeer{PrivKey: ed25519.GenPrivKey(), Config: cfg}
 		remotePeers = append(remotePeers, rp)
 		rp.Start()
-		c, err := rp.Dial(sw.NetAddress())
+		c, err := rp.Dial(sw.NodeInfo().NetAddress())
 		require.NoError(t, err)
 		// spawn a reading routine to prevent connection from closing
 		go func(c net.Conn) {
@@ -513,7 +517,7 @@ func TestSwitchAcceptRoutine(t *testing.T) {
 	// 2. check we close new connections if we already have MaxNumInboundPeers peers
 	rp := &remotePeer{PrivKey: ed25519.GenPrivKey(), Config: cfg}
 	rp.Start()
-	conn, err := rp.Dial(sw.NetAddress())
+	conn, err := rp.Dial(sw.NodeInfo().NetAddress())
 	require.NoError(t, err)
 	// check conn is closed
 	one := make([]byte, 1)
@@ -533,10 +537,6 @@ type errorTransport struct {
 	acceptErr error
 }
 
-func (et errorTransport) NetAddress() NetAddress {
-	panic("not implemented")
-}
-
 func (et errorTransport) Accept(c peerConfig) (Peer, error) {
 	return nil, et.acceptErr
 }

p2p/test_util.go

@@ -35,8 +35,7 @@ func CreateRandomPeer(outbound bool) *peer {
 	addr, netAddr := CreateRoutableAddr()
 	p := &peer{
 		peerConn: peerConn{
-			outbound:   outbound,
-			socketAddr: netAddr,
+			outbound: outbound,
 		},
 		nodeInfo: mockNodeInfo{netAddr},
 		mconn:    &conn.MConnection{},
@@ -175,15 +174,10 @@ func MakeSwitch(
 		PrivKey: ed25519.GenPrivKey(),
 	}
 	nodeInfo := testNodeInfo(nodeKey.ID(), fmt.Sprintf("node%d", i))
-	addr, err := NewNetAddressString(
-		IDAddressString(nodeKey.ID(), nodeInfo.(DefaultNodeInfo).ListenAddr),
-	)
-	if err != nil {
-		panic(err)
-	}
 
 	t := NewMultiplexTransport(nodeInfo, nodeKey, MConnConfig(cfg))
 
+	addr := nodeInfo.NetAddress()
 	if err := t.Listen(*addr); err != nil {
 		panic(err)
 	}
@@ -220,7 +214,7 @@ func testPeerConn(
 	cfg *config.P2PConfig,
 	outbound, persistent bool,
 	ourNodePrivKey crypto.PrivKey,
-	socketAddr *NetAddress,
+	originalAddr *NetAddress,
 ) (pc peerConn, err error) {
 	conn := rawConn
 
@@ -237,7 +231,12 @@ func testPeerConn(
 	}
 
 	// Only the information we already have
-	return newPeerConn(outbound, persistent, conn, socketAddr), nil
+	return peerConn{
+		outbound:     outbound,
+		persistent:   persistent,
+		conn:         conn,
+		originalAddr: originalAddr,
+	}, nil
 }
 
 //----------------------------------------------------------------

p2p/transport.go

@@ -24,7 +24,6 @@ type IPResolver interface {
 // accept is the container to carry the upgraded connection and NodeInfo from an
 // asynchronously running routine to the Accept method.
 type accept struct {
-	netAddr  *NetAddress
 	conn     net.Conn
 	nodeInfo NodeInfo
 	err      error
@@ -48,9 +47,6 @@ type peerConfig struct {
 // the transport. Each transport is also responsible to filter establishing
 // peers specific to its domain.
 type Transport interface {
-	// Listening address.
-	NetAddress() NetAddress
-
 	// Accept returns a newly connected Peer.
 	Accept(peerConfig) (Peer, error)
 
@@ -119,7 +115,6 @@ func MultiplexTransportResolver(resolver IPResolver) MultiplexTransportOption {
 // MultiplexTransport accepts and dials tcp connections and upgrades them to
 // multiplexed peers.
 type MultiplexTransport struct {
-	netAddr  NetAddress
 	listener net.Listener
 
 	acceptc chan accept
@@ -166,11 +161,6 @@ func NewMultiplexTransport(
 	}
 }
 
-// NetAddress implements Transport.
-func (mt *MultiplexTransport) NetAddress() NetAddress {
-	return mt.netAddr
-}
-
 // Accept implements Transport.
 func (mt *MultiplexTransport) Accept(cfg peerConfig) (Peer, error) {
 	select {
@@ -183,7 +173,7 @@ func (mt *MultiplexTransport) Accept(cfg peerConfig) (Peer, error) {
 
 		cfg.outbound = false
 
-		return mt.wrapPeer(a.conn, a.nodeInfo, cfg, a.netAddr), nil
+		return mt.wrapPeer(a.conn, a.nodeInfo, cfg, nil), nil
 	case <-mt.closec:
 		return nil, ErrTransportClosed{}
 	}
@@ -234,7 +224,6 @@ func (mt *MultiplexTransport) Listen(addr NetAddress) error {
 		return err
 	}
 
-	mt.netAddr = addr
 	mt.listener = ln
 
 	go mt.acceptPeers()
@@ -269,21 +258,15 @@ func (mt *MultiplexTransport) acceptPeers() {
 			var (
 				nodeInfo   NodeInfo
 				secretConn *conn.SecretConnection
-				netAddr    *NetAddress
 			)
 
 			err := mt.filterConn(c)
 			if err == nil {
 				secretConn, nodeInfo, err = mt.upgrade(c, nil)
-				if err == nil {
-					addr := c.RemoteAddr()
-					id := PubKeyToID(secretConn.RemotePubKey())
-					netAddr = NewNetAddress(id, addr)
-				}
 			}
 
 			select {
-			case mt.acceptc <- accept{netAddr, secretConn, nodeInfo, err}:
+			case mt.acceptc <- accept{secretConn, nodeInfo, err}:
 				// Make the upgraded peer available.
 			case <-mt.closec:
 				// Give up if the transport was closed.
@@ -443,14 +426,14 @@ func (mt *MultiplexTransport) wrapPeer(
 	c net.Conn,
 	ni NodeInfo,
 	cfg peerConfig,
-	socketAddr *NetAddress,
+	dialedAddr *NetAddress,
 ) Peer {
 
 	peerConn := newPeerConn(
 		cfg.outbound,
 		cfg.persistent,
 		c,
-		socketAddr,
+		dialedAddr,
 	)
 
 	p := newPeer(

p2p/transport_test.go

@@ -8,8 +8,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/stretchr/testify/require"
-
 	"github.com/tendermint/tendermint/crypto/ed25519"
 	"github.com/tendermint/tendermint/p2p/conn"
 )
@@ -144,23 +142,43 @@ func TestTransportMultiplexConnFilterTimeout(t *testing.T) {
 
 func TestTransportMultiplexAcceptMultiple(t *testing.T) {
 	mt := testSetupMultiplexTransport(t)
-	id, addr := mt.nodeKey.ID(), mt.listener.Addr().String()
-	laddr, err := NewNetAddressStringWithOptionalID(IDAddressString(id, addr))
-	require.NoError(t, err)
 
 	var (
-		seed     = rand.New(rand.NewSource(time.Now().UnixNano()))
-		nDialers = seed.Intn(64) + 64
-		errc     = make(chan error, nDialers)
+		seed = rand.New(rand.NewSource(time.Now().UnixNano()))
+		errc = make(chan error, seed.Intn(64)+64)
 	)
 
 	// Setup dialers.
-	for i := 0; i < nDialers; i++ {
-		go testDialer(*laddr, errc)
+	for i := 0; i < cap(errc); i++ {
+		go func() {
+			var (
+				pv     = ed25519.GenPrivKey()
+				dialer = newMultiplexTransport(
+					testNodeInfo(PubKeyToID(pv.PubKey()), defaultNodeName),
+					NodeKey{
+						PrivKey: pv,
+					},
+				)
+			)
+			addr, err := NewNetAddressStringWithOptionalID(IDAddressString(mt.nodeKey.ID(), mt.listener.Addr().String()))
+			if err != nil {
+				errc <- err
+				return
+			}
+
+			_, err = dialer.Dial(*addr, peerConfig{})
+			if err != nil {
+				errc <- err
+				return
+			}
+
+			// Signal that the connection was established.
+			errc <- nil
+		}()
 	}
 
 	// Catch connection errors.
-	for i := 0; i < nDialers; i++ {
+	for i := 0; i < cap(errc); i++ {
 		if err := <-errc; err != nil {
 			t.Fatal(err)
 		}
@@ -198,27 +216,6 @@ func TestTransportMultiplexAcceptMultiple(t *testing.T) {
 	}
 }
 
-func testDialer(dialAddr NetAddress, errc chan error) {
-	var (
-		pv     = ed25519.GenPrivKey()
-		dialer = newMultiplexTransport(
-			testNodeInfo(PubKeyToID(pv.PubKey()), defaultNodeName),
-			NodeKey{
-				PrivKey: pv,
-			},
-		)
-	)
-
-	_, err := dialer.Dial(dialAddr, peerConfig{})
-	if err != nil {
-		errc <- err
-		return
-	}
-
-	// Signal that the connection was established.
-	errc <- nil
-}
-
 func TestTransportMultiplexAcceptNonBlocking(t *testing.T) {
 	mt := testSetupMultiplexTransport(t)
 
@@ -594,7 +591,6 @@ func TestTransportHandshake(t *testing.T) {
 	}
 }
 
-// create listener
 func testSetupMultiplexTransport(t *testing.T) *MultiplexTransport {
 	var (
 		pv = ed25519.GenPrivKey()

rpc/core/consensus.go

@@ -218,7 +218,7 @@ func DumpConsensusState(ctx *rpctypes.Context) (*ctypes.ResultDumpConsensusState
 		}
 		peerStates[i] = ctypes.PeerStateInfo{
 			// Peer basic info.
-			NodeAddress: peer.SocketAddr().String(),
+			NodeAddress: peer.NodeInfo().NetAddress().String(),
 			// Peer consensus state.
 			PeerState: peerStateJSON,
 		}

scripts/release_management/github-draft.py

@@ -29,10 +29,10 @@ def request(org, repo, data):
   return json.loads(responsedata)
 
 
-def create_draft(org,repo,branch,version):
+def create_draft(org,repo,version):
   draft = {
     'tag_name': version,
-    'target_commitish': '{0}'.format(branch),
+    'target_commitish': 'master',
     'name': '{0} (WARNING: ALPHA SOFTWARE)'.format(version),
     'body': '<a href=https://github.com/{0}/{1}/blob/master/CHANGELOG.md#{2}>https://github.com/{0}/{1}/blob/master/CHANGELOG.md#{2}</a>'.format(org,repo,version.replace('v','').replace('.','')),
     'draft': True,
@@ -45,7 +45,6 @@ if __name__ == "__main__":
   parser = argparse.ArgumentParser()
   parser.add_argument("--org", default="tendermint", help="GitHub organization")
   parser.add_argument("--repo", default="tendermint", help="GitHub repository")
-  parser.add_argument("--branch", default=os.environ.get('CIRCLE_BRANCH'), help="Branch to build from, e.g.: v1.0")
   parser.add_argument("--version", default=os.environ.get('CIRCLE_TAG'), help="Version number for binary, e.g.: v1.0.0")
   args = parser.parse_args()
 
@@ -55,7 +54,7 @@ if __name__ == "__main__":
   if not os.environ.has_key('GITHUB_TOKEN'):
     raise parser.error('environment variable GITHUB_TOKEN is required')
 
-  release = create_draft(args.org,args.repo,args.branch,args.version)
+  release = create_draft(args.org,args.repo,args.version)
 
   print(release["id"])
 

version/version.go

@@ -20,7 +20,7 @@ const (
 	// Must be a string because scripts like dist.sh read this file.
 	// XXX: Don't change the name of this variable or you will break
 	// automation :)
-	TMCoreSemVer = "0.31.3"
+	TMCoreSemVer = "0.31.1"
 
 	// ABCISemVer is the semantic version of the ABCI library
 	ABCISemVer  = "0.16.0"