add a method to perform a peer ID comparison on inbound connections #82
Conversation
We need this to check that we're connected to the expected peer when the underlying connection resulted from a TCP simultaneous open.
| // full libp2p-transport connection. | ||
| // It verifies that the remote peer ID matches p. | ||
| // This is needed when upgrading a connection that resulted from a TCP simultaneous connect. | ||
| func (u *Upgrader) UpgradeInboundWithPeerCheck(ctx context.Context, t transport.Transport, maconn manet.Conn, p peer.ID) (transport.CapableConn, error) { |
There was a problem hiding this comment.
This doesn't do anything. Why do we need it?
There was a problem hiding this comment.
Oh, I see. Is this really necessary? We can just as easily check after the fact.
There was a problem hiding this comment.
We can do it either way. I don’t have a strong opinion on this, I just thought it would be nice to abort as early as possible.
There was a problem hiding this comment.
Alternatively, how about exposing upgrade as Upgrade and deprecating the others?
NOTE: the current patch won't work because setupSecurity assumes that "no peer id" means "inbound".
There was a problem hiding this comment.
You're right. If we want to kill the connection on the TLS / noise level, this needs to be wired through the SecureTransport / SecureMuxer interfaces.
|
Closing this PR because it is broken, and doing this right will require a much larger change (see libp2p/go-libp2p-core#211 as a starting point). |
We need this to check that we're connected to the expected peer when the underlying connection resulted from a TCP simultaneous open.