Add SecureMuxer interface to facilitate simultaneous open

[vyzo]

For libp2p/go-libp2p#1039.

Also fixes a bug in the insecure transport that was breaking tests in go-conn-security: the remote peer ID was not set for connections with /plaintext/1.0.0.

Edit:

The two main changes this PR introduces are:

1. A context API to instruct libp2p Swarm to force a direct connection to the peer even if a proxied connection to it already exists. This is to implemented the Hole Punching co-ordination Spec described in relay/DCUtR: Add Direct Connection Upgrade through Relay protocol specs#173. You can see how this API is used at https://github.com/libp2p/go-libp2p/pull/711/files.

2. We introduce an interface that allows negotiating a security protocol between peers even if it's a simultaneous connect. This is for multistream-select 1.0: simultaneous open protocol extension specs#196.

[Stebalien]

I'd like to consider using a special sentinel error instead. That is, return a connection and a special ErrSimultaniousConnect.

This way we can avoid polluting the interfaces too much.

[vyzo]

What would the error buy us? We can still secure the connection with simultaneous open.

[vyzo]

also, simultaneous connect is not an error!

[Stebalien]

I'm just trying to prevent this TCP specific feature from leaking into the interface.

[Stebalien]

We discussed this synchronously. I was assuming we'd be able to come up with a better interface the next time we add a transport from scratch. However, @vyzo convinced me otherwise.

The only viable alternative is to add a third Secure(ctx, insecure, p) (Conn, iAmInitiator bool, error) function. However, that has no real benefit over SecureOutbound

Well, I guess it has a slight benefit: Transports that aren't TCP could skip this whole dance. Maybe that's worth it @vyzo? Regardless, my hope to avoid messing with the interfaces seems moot.

[Stebalien]

Per our discussion, let's figure out when this can happen. We normally won't get a "simultaneous accept".

[vyzo]

Well, there is symmetry in having the boolean indicator in the interface, plus it opens the door to active implementations that can deal with the situation.

[marten-seemann]

@vyzo I have the same concern as @Stebalien. Can you explain what you mean by active implementations? Is that some kind of hole punching technique you're referring to?

[vyzo]

I don't have anything that is doing active listen yet, but we could conceivably solve the accept-accept scenario in hole punching (that according to the literature can happen, we'll see in practice).
Other than that, it's symmetry of the interface.

[marten-seemann]

What is the accept-accept scenario? Opening a TCP socket is a purely local operation that doesn't send any packets on the wire, isn't it? So this can't possibly lead to the establishment of a connection.

[vyzo]

It something that can happen with hole-punching, because you are both listening and opening a connection on the same time.
So it is conceivable that the SYNs will get through the NAT/firewall and the OS routes them to the listening socket instead of the connecting socket.
It is supposed to be unlikely, but something that can happen nonetheless.

[aarshkshah1992]

@Stebalien @marten-seemann @vyzo

Given our goal of getting to TCP hole punching quickly, I'd like to put a hold on the discussion and use this interface changes as is because it does do a good job of solving the simultaneous connect problem in go-multistream.

I am happy to mark the interface as experimental if we want to evolve this in the future.

Please let me know if there are strong objections to this,

[aarshkshah1992]

Hey, his was subsusmed in #180 and #181 . However, I believe the "Also fixes a bug in the insecure transport that was breaking tests in go-conn-security: the remote peer ID was not set for connections with /plaintext/1.0.0." stuff hasn't made in I think. We can probably raise a separate PR just for that and get it in.

[vyzo]

yeah, let's cherry-pick that.