webrtcprivate: add transport

config/config.go

@@ -34,6 +34,8 @@ import (
 	relayv2 "github.com/libp2p/go-libp2p/p2p/protocol/circuitv2/relay"
 	"github.com/libp2p/go-libp2p/p2p/protocol/holepunch"
 	"github.com/libp2p/go-libp2p/p2p/transport/quicreuse"
+	libp2pwebrtcprivate "github.com/libp2p/go-libp2p/p2p/transport/webrtcprivate"
+	"github.com/pion/webrtc/v3"
 	"github.com/prometheus/client_golang/prometheus"
 
 	ma "github.com/multiformats/go-multiaddr"
@@ -65,6 +67,8 @@ type Security struct {
 	Constructor interface{}
 }
 
+type ICEServer = webrtc.ICEServer
+
 // Config describes a set of settings for a libp2p node
 //
 // This is *not* a stable interface. Use the options defined in the root
@@ -128,6 +132,9 @@ type Config struct {
 	DialRanker network.DialRanker
 
 	SwarmOpts []swarm.Option
+
+	WebRTCPrivate     bool
+	WebRTCStunServers []ICEServer
 }
 
 func (cfg *Config) makeSwarm(eventBus event.Bus, enableMetrics bool) (*swarm.Swarm, error) {
@@ -208,6 +215,7 @@ func (cfg *Config) addTransports(h host.Host) error {
 		fx.Provide(func() pnet.PSK { return cfg.PSK }),
 		fx.Provide(func() network.ResourceManager { return cfg.ResourceManager }),
 		fx.Provide(func() *madns.Resolver { return cfg.MultiaddrResolver }),
+		fx.Provide(func() []ICEServer { return cfg.WebRTCStunServers }),
 	}
 	fxopts = append(fxopts, cfg.Transports...)
 	if cfg.Insecure {
@@ -284,6 +292,9 @@ func (cfg *Config) addTransports(h host.Host) error {
 	if cfg.Relay {
 		fxopts = append(fxopts, fx.Invoke(circuitv2.AddTransport))
 	}
+	if cfg.WebRTCPrivate {
+		fxopts = append(fxopts, fx.Invoke(libp2pwebrtcprivate.AddTransport))
+	}
 	app := fx.New(fxopts...)
 	if err := app.Err(); err != nil {
 		h.Close()

core/network/context.go

@@ -29,6 +29,13 @@ func WithForceDirectDial(ctx context.Context, reason string) context.Context {
 	return context.WithValue(ctx, forceDirectDial, reason)
 }
 
+// WithoutForceDirectDial constructs a new context with the ForceDirectDial option dropped.
+// This is useful in case establishing a direct connection first requires establishing a
+// relayed connection e.g. dialing /webrtc addresses.
+func WithoutForceDirectDial(ctx context.Context) context.Context {
+	return context.WithValue(ctx, forceDirectDial, nil)
+}
+
 // EXPERIMENTAL
 // GetForceDirectDial returns true if the force direct dial option is set in the context.
 func GetForceDirectDial(ctx context.Context) (forceDirect bool, reason string) {

options.go

@@ -598,3 +598,11 @@ func SwarmOpts(opts ...swarm.Option) Option {
 		return nil
 	}
 }
+
+func EnableWebRTCPrivate(stunServers []config.ICEServer) Option {
+	return func(cfg *Config) error {
+		cfg.WebRTCPrivate = true
+		cfg.WebRTCStunServers = stunServers
+		return nil
+	}
+}

p2p/host/autorelay/relay_finder.go

@@ -726,7 +726,7 @@ func (rf *relayFinder) relayAddrs(addrs []ma.Multiaddr) []ma.Multiaddr {
 
 	// only keep private addrs from the original addr set
 	for _, addr := range addrs {
-		if manet.IsPrivateAddr(addr) {
+		if !manet.IsPublicAddr(addr) {
 			raddrs = append(raddrs, addr)
 		}
 	}

p2p/host/basic/basic_host.go

@@ -27,6 +27,7 @@ import (
 	"github.com/libp2p/go-libp2p/p2p/protocol/holepunch"
 	"github.com/libp2p/go-libp2p/p2p/protocol/identify"
 	"github.com/libp2p/go-libp2p/p2p/protocol/ping"
+	libp2pwebrtcprivate "github.com/libp2p/go-libp2p/p2p/transport/webrtcprivate"
 	libp2pwebtransport "github.com/libp2p/go-libp2p/p2p/transport/webtransport"
 	"github.com/prometheus/client_golang/prometheus"
 
@@ -801,9 +802,38 @@ func (h *BasicHost) Addrs() []ma.Multiaddr {
 			addrs[i] = addrWithCerthash
 		}
 	}
+
+	// Append webrtc addresses to circuit-v2 addresses
+	hasWebRTCPrivate := false
+	for _, addr := range addrs {
+		if addr.Equal(libp2pwebrtcprivate.WebRTCAddr) {
+			hasWebRTCPrivate = true
+			break
+		}
+	}
+	if hasWebRTCPrivate {
+		for _, addr := range addrs {
+			if _, err := addr.ValueForProtocol(ma.P_CIRCUIT); err == nil {
+				if isBrowserDialableAddr(addr) {
+					addrs = append(addrs, addr.Encapsulate(libp2pwebrtcprivate.WebRTCAddr))
+				}
+			}
+		}
+	}
 	return addrs
 }
 
+var browserProtocols = []int{ma.P_WEBTRANSPORT, ma.P_WEBRTC_DIRECT, ma.P_WSS}
+
+func isBrowserDialableAddr(addr ma.Multiaddr) bool {
+	for _, p := range browserProtocols {
+		if _, err := addr.ValueForProtocol(p); err == nil {
+			return true
+		}
+	}
+	return false
+}
+
 // NormalizeMultiaddr returns a multiaddr suitable for equality checks.
 // If the multiaddr is a webtransport component, it removes the certhashes.
 func (h *BasicHost) NormalizeMultiaddr(addr ma.Multiaddr) ma.Multiaddr {

p2p/net/swarm/dial_ranker.go

@@ -43,7 +43,10 @@ func NoDelayDialRanker(addrs []ma.Multiaddr) []network.AddrDelay {
 // no additional latency in the vast majority of cases.
 //
 // Private and public address groups are dialed in parallel.
+//
 // Dialing relay addresses is delayed by 500 ms, if we have any non-relay alternatives.
+// We treat webrtc addresses the same as relay addresses as we need a relay connection to establish a
+// webrtc connection. So any available direct addresses are preferred over webrtc addresses.
 //
 // Within each group (private, public, relay addresses) we apply the following ranking logic:
 //
@@ -72,7 +75,8 @@ func NoDelayDialRanker(addrs []ma.Multiaddr) []network.AddrDelay {
 //
 // We dial lowest ports first as they are more likely to be the listen port.
 func DefaultDialRanker(addrs []ma.Multiaddr) []network.AddrDelay {
-	relay, addrs := filterAddrs(addrs, isRelayAddr)
+	// includes /webrtc addresses too
+	relay, addrs := filterAddrs(addrs, func(a ma.Multiaddr) bool { return isProtocolAddr(a, ma.P_CIRCUIT) })
 	pvt, addrs := filterAddrs(addrs, manet.IsPrivateAddr)
 	public, addrs := filterAddrs(addrs, func(a ma.Multiaddr) bool { return isProtocolAddr(a, ma.P_IP4) || isProtocolAddr(a, ma.P_IP6) })
 

p2p/net/swarm/swarm_dial.go

@@ -597,11 +597,6 @@ func isFdConsumingAddr(addr ma.Multiaddr) bool {
 	return err1 == nil || err2 == nil
 }
 
-func isRelayAddr(addr ma.Multiaddr) bool {
-	_, err := addr.ValueForProtocol(ma.P_CIRCUIT)
-	return err == nil
-}
-
 // filterLowPriorityAddresses removes addresses inplace for which we have a better alternative
 //  1. If a /quic-v1 address is present, filter out /quic and /webtransport address on the same 2-tuple:
 //     QUIC v1 is preferred over the deprecated QUIC draft-29, and given the choice, we prefer using

p2p/net/swarm/swarm_transport.go

@@ -27,7 +27,10 @@ func (s *Swarm) TransportForDialing(a ma.Multiaddr) transport.Transport {
 		}
 		return nil
 	}
-	if isRelayAddr(a) {
+	if isProtocolAddr(a, ma.P_WEBRTC) {
+		return s.transports.m[ma.P_WEBRTC]
+	}
+	if isProtocolAddr(a, ma.P_CIRCUIT) {
 		return s.transports.m[ma.P_CIRCUIT]
 	}
 	for _, t := range s.transports.m {

p2p/protocol/holepunch/holepunch_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/libp2p/go-libp2p/core/network"
 	"github.com/libp2p/go-libp2p/core/peer"
 	"github.com/libp2p/go-libp2p/core/peerstore"
+	"github.com/libp2p/go-libp2p/p2p/protocol/circuitv2/client"
 	"github.com/libp2p/go-libp2p/p2p/protocol/circuitv2/proto"
 	relayv2 "github.com/libp2p/go-libp2p/p2p/protocol/circuitv2/relay"
 	"github.com/libp2p/go-libp2p/p2p/protocol/holepunch"
@@ -511,3 +512,57 @@ func mkHostWithHolePunchSvc(t *testing.T, opts ...holepunch.Option) (host.Host,
 	require.NoError(t, err)
 	return h, hps
 }
+
+func TestWebRTCDirectConnect(t *testing.T) {
+	relay1, err := libp2p.New()
+	require.NoError(t, err)
+
+	_, err = relayv2.New(relay1)
+	require.NoError(t, err)
+
+	relay1info := peer.AddrInfo{
+		ID:    relay1.ID(),
+		Addrs: relay1.Addrs(),
+	}
+
+	h1, err := libp2p.New(
+		libp2p.NoListenAddrs,
+		libp2p.EnableRelay(),
+		libp2p.EnableWebRTCPrivate(nil),
+		libp2p.EnableHolePunching(),
+	)
+	require.NoError(t, err)
+
+	h2, err := libp2p.New(
+		libp2p.NoListenAddrs,
+		libp2p.EnableRelay(),
+		libp2p.EnableWebRTCPrivate(nil),
+	)
+	require.NoError(t, err)
+
+	err = h2.Connect(context.Background(), relay1info)
+	require.NoError(t, err)
+
+	_, err = client.Reserve(context.Background(), h2, relay1info)
+	require.NoError(t, err)
+
+	webrtcAddr := ma.StringCast(relay1info.Addrs[0].String() + "/p2p/" + relay1info.ID.String() + "/p2p-circuit/webrtc")
+	relayAddrs := ma.StringCast(relay1info.Addrs[0].String() + "/p2p/" + relay1info.ID.String() + "/p2p-circuit/")
+	h1.Peerstore().AddAddrs(h2.ID(), []ma.Multiaddr{webrtcAddr, relayAddrs}, peerstore.TempAddrTTL)
+
+	err = h1.Connect(context.Background(), peer.AddrInfo{ID: h2.ID()})
+	require.NoError(t, err)
+	require.Eventually(
+		t,
+		func() bool {
+			for _, c := range h1.Network().ConnsToPeer(h2.ID()) {
+				if !c.Stat().Transient {
+					return true
+				}
+			}
+			return false
+		},
+		5*time.Second,
+		100*time.Millisecond,
+	)
+}

p2p/protocol/holepunch/holepuncher.go

@@ -108,6 +108,9 @@ func (hp *holePuncher) directConnect(rp peer.ID) error {
 	// short-circuit hole punching if a direct dial works.
 	// attempt a direct connection ONLY if we have a public address for the remote peer
 	for _, a := range hp.host.Peerstore().Addrs(rp) {
+		// Here we consider /webrtc addresses as relay addresses and skip them as they're
+		// also holepunched. We will dial the /webrtc addresses along with other addresses
+		// obtained in DCUtR
 		if manet.IsPublicAddr(a) && !isRelayAddress(a) {
 			forceDirectConnCtx := network.WithForceDirectDial(hp.ctx, "hole-punching")
 			dialCtx, cancel := context.WithTimeout(forceDirectConnCtx, dialTimeout)
@@ -136,6 +139,7 @@ func (hp *holePuncher) directConnect(rp peer.ID) error {
 		if err != nil {
 			log.Debugw("hole punching failed", "peer", rp, "error", err)
 			hp.tracer.ProtocolError(rp, err)
+			hp.maybeDialWebRTC(rp)
 			return err
 		}
 		synTime := rtt / 2
@@ -171,6 +175,20 @@ func (hp *holePuncher) directConnect(rp peer.ID) error {
 	return fmt.Errorf("all retries for hole punch with peer %s failed", rp)
 }
 
+func (hp *holePuncher) maybeDialWebRTC(p peer.ID) {
+	addrs := hp.host.Peerstore().Addrs(p)
+	for _, a := range addrs {
+		if _, err := a.ValueForProtocol(ma.P_WEBRTC); err == nil {
+			ctx := network.WithForceDirectDial(hp.ctx, "webrtc holepunch")
+			err := hp.host.Connect(ctx, peer.AddrInfo{ID: p}) // address is already in peerstore
+			if err != nil {
+				log.Debugf("holepunch attempt to %s over /webrtc failed: %s", p, err)
+			}
+			return
+		}
+	}
+}
+
 // initiateHolePunch opens a new hole punching coordination stream,
 // exchanges the addresses and measures the RTT.
 func (hp *holePuncher) initiateHolePunch(rp peer.ID) ([]ma.Multiaddr, []ma.Multiaddr, time.Duration, error) {

p2p/protocol/holepunch/svc.go

@@ -84,6 +84,8 @@ func NewService(h host.Host, ids identify.IDService, opts ...Option) (*Service,
 			return nil, err
 		}
 	}
+	s.host.Network().Notify(s)
+
 	s.tracer.Start()
 
 	s.refCount.Add(1)
@@ -283,3 +285,42 @@ func (s *Service) DirectConnect(p peer.ID) error {
 	s.holePuncherMx.Unlock()
 	return holePuncher.DirectConnect(p)
 }
+
+var _ network.Notifiee = &Service{}
+
+func (s *Service) Connected(_ network.Network, conn network.Conn) {
+	// Dial /webrtc address if it's a relay connection to a browser node
+	if conn.Stat().Direction == network.DirOutbound && conn.Stat().Transient {
+		s.refCount.Add(1)
+		go func() {
+			defer s.refCount.Done()
+			select {
+			// waiting for Identify here will allow us to access the peer's public and observed addresses
+			// that we can dial to for a hole punch.
+			case <-s.ids.IdentifyWait(conn):
+			case <-s.ctx.Done():
+				return
+			}
+			p := conn.RemotePeer()
+			// Peer supports DCUtR, let it trigger holepunch
+			if protos, err := s.host.Peerstore().SupportsProtocols(p, Protocol); err == nil && len(protos) > 0 {
+				return
+			}
+			// No DCUtR support, connect with peer over /webrtc
+			for _, addr := range s.host.Peerstore().Addrs(p) {
+				if _, err := addr.ValueForProtocol(ma.P_WEBRTC); err == nil {
+					ctx := network.WithForceDirectDial(s.ctx, "webrtc holepunch")
+					err := s.host.Connect(ctx, peer.AddrInfo{ID: p}) // address is already in peerstore
+					if err != nil {
+						log.Debugf("holepunch attempt to %s over /webrtc failed: %s", p, err)
+					}
+					return
+				}
+			}
+		}()
+	}
+}
+
+func (*Service) Disconnected(_ network.Network, v network.Conn) {}
+func (*Service) Listen(n network.Network, a ma.Multiaddr)       {}
+func (*Service) ListenClose(n network.Network, a ma.Multiaddr)  {}

p2p/test/basichost/basic_host_test.go

@@ -10,6 +10,7 @@ import (
 	"github.com/libp2p/go-libp2p/core/network"
 	"github.com/libp2p/go-libp2p/core/peer"
 	"github.com/libp2p/go-libp2p/core/peerstore"
+	"github.com/libp2p/go-libp2p/p2p/host/autorelay"
 	"github.com/libp2p/go-libp2p/p2p/protocol/circuitv2/client"
 	"github.com/libp2p/go-libp2p/p2p/protocol/circuitv2/relay"
 	ma "github.com/multiformats/go-multiaddr"
@@ -158,3 +159,43 @@ func TestNewStreamTransientConnection(t *testing.T) {
 	<-done
 	<-done
 }
+
+func TestWebRTCPrivateAddressAdvertisement(t *testing.T) {
+	r, err := libp2p.New(
+		// We need a public address for the relay
+		libp2p.AddrsFactory(func(addrs []ma.Multiaddr) []ma.Multiaddr {
+			return append(addrs, ma.StringCast("/ip4/1.2.3.4/udp/1/quic-v1/webtransport"))
+		}),
+		libp2p.EnableRelayService(),
+		libp2p.ForceReachabilityPublic(),
+	)
+	require.NoError(t, err)
+
+	relay1info := peer.AddrInfo{
+		ID:    r.ID(),
+		Addrs: r.Addrs(),
+	}
+
+	h, err := libp2p.New(
+		libp2p.ListenAddrStrings("/ip4/127.0.0.1/udp/0/quic-v1"),
+		libp2p.EnableRelay(),
+		libp2p.EnableWebRTCPrivate(nil),
+		libp2p.EnableAutoRelayWithStaticRelays(
+			[]peer.AddrInfo{relay1info},
+			autorelay.WithBootDelay(0),
+		),
+		libp2p.ForceReachabilityPrivate(),
+	)
+	require.NoError(t, err)
+
+	require.Eventually(t, func() bool {
+		for _, a := range h.Addrs() {
+			_, rerr := a.ValueForProtocol(ma.P_CIRCUIT)
+			_, werr := a.ValueForProtocol(ma.P_WEBRTC)
+			if rerr == nil && werr == nil {
+				return true
+			}
+		}
+		return false
+	}, 5*time.Second, 50*time.Millisecond)
+}