Make sure a node won鈥檛 get connected to itself, nor saving itself in the host list. It鈥檚 a likely scenario when querying other peers for their list of peers (#147), but it can also happen by mistake, when initiating a connection manually.
We might just want to check if before attempting to add a new outbound connection, and not in a new inbound connection, because the same node will control these two sides.
To be clear, do we only want to make sure we are not connecting to our own external IP address and our listen port? Alternatively, we could prevent any connections to ourselves via external IP, and still allow connections to our own machine via 127.0.0.1. Also, should we put in logic to prevent connections to ourselves via 127.0.0.1 and our listen port?
Another approach would be not allowing connections to nodes with the same public key as your own node. But this should be used as last resort and for edge cases because it requires the handshake to happen.
I propose blocking connections to your external IP and P2P port and blocking the same public key for everything else.
nodePubKey is different from mine: all other IP address and port combinations, which includes own external IP address with a different port.Reason for this is simple: two xud's might just be sitting behind the same IP of the same VPN provider.
We can put in a check for public key, but as @michael1011 says it's an edge case and can only happen after handshake. I think it's best to catch this before the handshake begins. But it sounds like there's agreement on only checking to stop connections to our own IP and listen port, otherwise allow the connection. Like @kilrau says it's possible for two nodes to have the same external IP even when running on separate machines.
Agree, we need to apply this to both internal/external IP address + listenPort.
We can add nodePubKey check as well, in case we missed it. Although last time I checked, trying to connect to yourself via external IP leads to immediate disconnection.
Summary:
internal/external IP address + listenPort is myIP+Port combination (as per https://github.com/ExchangeUnion/xud/issues/181), if yes don't connect.nodePubKey =/ ownNodePubKey. hosts table. During testing this got messy real fast as every host is sharing it's localhost with me... . We'll allow ownExternalIP into the host table, but filter on connection attempt. Reason: my ownExternalIP+Port can change 
And just FYI: we already have the case where 2 xuds are behind the same domain (0.tcp.ngrok.io) but get identified by different ports ;)
Guys, the PubKey is available now as part of the handshake. Why don't we kill this by checking it?
Can easily be done as part of handleHello
What do you think? @sangaman @michael1011 @moshababo @kilrau
@offerm What I am thinking right now is:
point 2 is a must.
point 1 is nice to have.
The value that we gain from 2 is huge regardless of 1.
IMHO, it should be done asap.
Offer
Yes, let's do both, 1+2 https://github.com/ExchangeUnion/xud/issues/177#issuecomment-411369865 @michael1011 @offerm
Who did put the pubKey into the handshake now btw? Kudos for that, we should have done this way earlier.
That was me in #243.
Most helpful comment
Agree, we need to apply this to both internal/external IP address + listenPort.
We can add
nodePubKeycheck as well, in case we missed it. Although last time I checked, trying to connect to yourself via external IP leads to immediate disconnection.