Marten Seemann

> @marten-seemann I am not sure it would be easy to source the local and remote multi-addresses for the connection that we require for calling InterceptSecured in go-libp2p-tls. Yes, we'd...

> @marten-seemann InterceptSecured should be called straight after the handshake has taken place -- as soon as we've authenticated the peer and we have a peer ID. The `tls.VerifyPeerCertificate` is...

> Take a look at libp2p/go-libp2p-quic-transport#156 -- I think it solves it elegantly, although ideally quic-go would expose these hooks so we're not hijacking the hook that the crypto/tls package...

Fair enough. Then I suggest we go with libp2p/go-libp2p-quic-transport#157, instead of making QUIC a special case here.

> Basically, @marten-seemann's saying that we should either: > > 1. Always try to check as early as possible (e.g., in the TLS/SECIO/Noise transports). > 2. Consistently check after the...

Now that we have ipcidr support (thanks @MarcoPolo!), it should be trivial to just use that, see https://github.com/libp2p/go-libp2p/pull/1606 for example. No need to merge any more code here.

To further debug https://github.com/testground/testground/issues/1488, it would be very useful to be able to record tcpdumps on all the endpoints. I'm not sure how mounting another container would allow us to...

That's correct. `Close` is equivalent to calling both `CloseRead` and `CloseWrite`. By calling `CloseRead`, you declare "I'm done reading from this stream". If you just want to close the write...

A deferred close won't work. We need to close the write side of the stream, so the peer's `ReadAll` that's copying the data returns. So the right order would be:...

Datagram support is not yet implemented.