Backport release/v6.4: rotation of outbound peers

sei-tendermint/config/config.go

@@ -652,7 +652,7 @@ type P2PConfig struct {
 	// MaxOutboundConnections limits the number of outbound connections to regular (non-persistent) peers.
 	// It should be significantly lower than MaxConnections, unless
 	// the node is supposed to have a small number of connections altogether.
-	MaxOutboundConnections uint
+	MaxOutboundConnections *uint `mapstructure:"max-outbound-connections"`
 
 	// MaxIncomingConnectionAttempts rate limits the number of incoming connection
 	// attempts per IP address.
@@ -703,14 +703,10 @@ type P2PConfig struct {
 // DefaultP2PConfig returns a default configuration for the peer-to-peer layer
 func DefaultP2PConfig() *P2PConfig {
 	return &P2PConfig{
-		ListenAddress:   "tcp://127.0.0.1:26656",
-		ExternalAddress: "",
-		UPNP:            false,
-		MaxConnections:  100,
-		// TODO(gprusak): decrease to 10, once PEX is improved to:
-		// * exchange both inbound and outbound connections information
-		// * exchange information on handshake as well.
-		MaxOutboundConnections:        100,
+		ListenAddress:                 "tcp://127.0.0.1:26656",
+		ExternalAddress:               "",
+		UPNP:                          false,
+		MaxConnections:                100,
 		MaxIncomingConnectionAttempts: 100,
 		FlushThrottleTimeout:          100 * time.Millisecond,
 		MaxPacketMsgPayloadSize:       1000000,

sei-tendermint/crypto/ed25519/ed25519.go

@@ -60,13 +60,14 @@ func SecretKeyFromSecretBytes(b []byte) (SecretKey, error) {
 	if got, want := len(b), ed25519.PrivateKeySize; got != want {
 		return SecretKey{}, fmt.Errorf("ed25519: bad private key length: got %d, want %d", got, want)
 	}
-	raw := utils.Alloc([ed25519.PrivateKeySize]byte(b))
-	runtime.AddCleanup(&raw, func(int) {
+	type Secret = [ed25519.PrivateKeySize]byte
+	raw := utils.Alloc(Secret(b))
+	runtime.AddCleanup(&raw, func(raw *Secret) {
 		// Zero the memory to avoid leaking the secret.
 		for i := range raw {
 			raw[i] = 0
 		}
-	}, 0)
+	}, raw)
 	key := SecretKey{key: &raw}
 	// Zero the input slice to avoid leaking the secret.
 	for i := range b {

sei-tendermint/internal/p2p/address.go

@@ -35,21 +35,6 @@ type NodeAddress struct {
 	Port     uint16
 }
 
-var cgnat = netip.MustParsePrefix("100.64.0.0/10")
-
-// IsPublic checks if the address is routable from the public internet.
-// It is good enough to exclude internal addresses of cloud providers.
-// As a simplification, it treats non-IP Hostnames (DNS addresses) as public.
-// TODO(gprusak): DNS addresses should be eliminated from PEX entirely - all
-// addresses should be resolved locally and only then advertised to peers.
-func (a NodeAddress) IsPublic() bool {
-	ip, err := netip.ParseAddr(a.Hostname)
-	if err != nil {
-		return true
-	}
-	return ip.IsGlobalUnicast() && !ip.IsPrivate() && !cgnat.Contains(ip.Unmap())
-}
-
 // ParseNodeAddress parses a node address URL into a NodeAddress, normalizing
 // and validating it.
 func ParseNodeAddress(urlString string) (NodeAddress, error) {

sei-tendermint/internal/p2p/address_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/sei-protocol/sei-chain/sei-tendermint/crypto/ed25519"
-	"github.com/sei-protocol/sei-chain/sei-tendermint/libs/utils"
 	"github.com/sei-protocol/sei-chain/sei-tendermint/libs/utils/require"
 	"github.com/sei-protocol/sei-chain/sei-tendermint/libs/utils/tcp"
 	"github.com/sei-protocol/sei-chain/sei-tendermint/types"
@@ -278,21 +277,6 @@ func TestNodeAddress_String(t *testing.T) {
 	}
 }
 
-func TestNodeAddress_IsPublic(t *testing.T) {
-	rng := utils.TestRng()
-	id := makeNodeID(rng)
-	testcases := map[string]bool{
-		"192.168.1.10":  false,
-		"93.184.216.34": true,
-		"example.com":   true,
-		"100.64.0.1":    false,
-	}
-	for hostname, isPublic := range testcases {
-		addr := NodeAddress{NodeID: id, Hostname: hostname, Port: defaultPort}
-		require.Equal(t, isPublic, addr.IsPublic())
-	}
-}
-
 func TestNodeAddress_Validate(t *testing.T) {
 	id := types.NodeID("00112233445566778899aabbccddeeff00112233")
 	testcases := []struct {

sei-tendermint/internal/p2p/channel.go

@@ -79,12 +79,12 @@ func (ch *Channel[T]) send(msg T, queues ...*Queue[sendMsg]) {
 }
 
 func (ch *Channel[T]) Send(msg T, to types.NodeID) {
-	c, ok := ch.router.peerManager.Conns().Get(to)
+	c, ok := GetAny(ch.router.peerManager.Conns(), to)
 	if !ok {
 		logger.Debug("dropping message for unconnected peer", "peer", to, "channel", ch.desc.ID)
 		return
 	}
-	if _, contains := c.peerChannels[ch.desc.ID]; !contains {
+	if _, contains := c.Channels[ch.desc.ID]; !contains {
 		// reactor tried to send a message across a channel that the
 		// peer doesn't have available. This is a known issue due to
 		// how peer subscriptions work:
@@ -98,7 +98,7 @@ func (ch *Channel[T]) Send(msg T, to types.NodeID) {
 func (ch *Channel[T]) Broadcast(msg T) {
 	var queues []*Queue[sendMsg]
 	for _, c := range ch.router.peerManager.Conns().All() {
-		if _, ok := c.peerChannels[ch.desc.ID]; ok {
+		if _, ok := c.Channels[ch.desc.ID]; ok {
 			queues = append(queues, c.sendQueue)
 		}
 	}