p2p: process handshakes asynchronously

[ebuchman]

Reported by an auditor.

New connections are currently accepted synchronously, so any new connection must wait until the last one is setup before it can start. This may allow an attacker to prevent a node from acquiring new peers.

We should also check and reject connections from duplicate IPs right away, rather than waiting for after the handshake.

[xla]

Relaed #2006

[ValarDragon]

Is this an issue with synchronicity, or that the connection setups aren't processed in parallel?

Also what does rejecting a duplicate IP right away mean precisely. Is this for seperate node ID's under the same IP? If so we need to check if we've connected to that IP before, as a seed node could report that node ID incorrectly to prevent connections to that IP. Is this for a node at an IP which we're already connected to? If so that makes total sense.

[ebuchman]

Is this an issue with synchronicity, or that the connection setups aren't processed in parallel?

We should process the connections in parallel.

Also what does rejecting a duplicate IP right away mean precisely.

It means right after we accept a connection from the listener, we should check the remote IP on it so we don't bother doing the handshake if its the same as a peer we already have. Note we won't have an ID yet because we won't yet have done the authenc handshake.

[xla]

#2006 is now #2067

[ebuchman]

Fixed!