reduced profile persist interval

Makefile

@@ -69,6 +69,9 @@ else ifneq (, $(findstring freebsd, $(SYS))$(findstring openbsd, $(SYS)))
 else ifneq (, $(findstring haiku, $(SYS)))
 	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
 	include Makefile.haiku
+else ifneq (, $(findstring solaris, $(SYS)))
+	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
+	include Makefile.solaris
 else # not supported
 	$(error Not supported platform)
 endif

Makefile.solaris

@@ -0,0 +1,9 @@
+CXX = g++
+INCFLAGS = -I/usr/openssl/3/include
+CXXFLAGS := -Wall -std=c++20
+LDLIBS = -L/usr/openssl/3/lib/64 -lssl -lcrypto -lboost_program_options -lz -lpthread -lsocket
+
+ifeq ($(USE_UPNP),yes)
+	DEFINES += -DUSE_UPNP
+	LDLIBS += -lminiupnpc
+endif

daemon/I2PControl.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -15,7 +15,6 @@
 // Use global placeholders from boost introduced when local_time.hpp is loaded
 #define BOOST_BIND_GLOBAL_PLACEHOLDERS
 #include <boost/property_tree/json_parser.hpp>
-#include <boost/lexical_cast.hpp>
 
 #include "FS.h"
 #include "Log.h"
@@ -30,11 +29,24 @@ namespace i2p
 namespace client
 {
 	I2PControlService::I2PControlService (const std::string& address, int port):
-		m_IsRunning (false), m_Thread (nullptr),
-		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint(boost::asio::ip::make_address(address), port)),
+		m_IsRunning (false),	
 		m_SSLContext (boost::asio::ssl::context::sslv23),
 		m_ShutdownTimer (m_Service)
 	{
+		if (port)		
+			m_Acceptor = std::make_unique<boost::asio::ip::tcp::acceptor>(m_Service,
+				boost::asio::ip::tcp::endpoint(boost::asio::ip::make_address(address), port));
+		else
+#if defined(BOOST_ASIO_HAS_LOCAL_SOCKETS)
+		{		
+			std::remove (address.c_str ());	// just in case
+			m_LocalAcceptor = std::make_unique<boost::asio::local::stream_protocol::acceptor>(m_Service,
+				boost::asio::local::stream_protocol::endpoint(address));	
+		}	
+#else
+			LogPrint(eLogError, "I2PControl: Local sockets are not supported");
+#endif				
+				
 		i2p::config::GetOption("i2pcontrol.password", m_Password);
 
 		// certificate / keys
@@ -98,7 +110,7 @@ namespace client
 		{
 			Accept ();
 			m_IsRunning = true;
-			m_Thread = new std::thread (std::bind (&I2PControlService::Run, this));
+			m_Thread = std::make_unique<std::thread>(std::bind (&I2PControlService::Run, this));
 		}
 	}
 
@@ -107,12 +119,19 @@ namespace client
 		if (m_IsRunning)
 		{
 			m_IsRunning = false;
-			m_Acceptor.cancel ();
+			if (m_Acceptor) m_Acceptor->cancel ();
+#if defined(BOOST_ASIO_HAS_LOCAL_SOCKETS)
+			if (m_LocalAcceptor) 
+			{
+				auto path = m_LocalAcceptor->local_endpoint().path();
+				m_LocalAcceptor->cancel ();
+				std::remove (path.c_str ());
+			}	
+#endif			
 			m_Service.stop ();
 			if (m_Thread)
 			{
 				m_Thread->join ();
-				delete m_Thread;
 				m_Thread = nullptr;
 			}
 		}
@@ -134,40 +153,60 @@ namespace client
 
 	void I2PControlService::Accept ()
 	{
-		auto newSocket = std::make_shared<ssl_socket> (m_Service, m_SSLContext);
-		m_Acceptor.async_accept (newSocket->lowest_layer(), std::bind (&I2PControlService::HandleAccept, this,
-			std::placeholders::_1, newSocket));
+		if (m_Acceptor)
+		{	
+			auto newSocket = std::make_shared<boost::asio::ssl::stream<boost::asio::ip::tcp::socket> > (m_Service, m_SSLContext);
+			m_Acceptor->async_accept (newSocket->lowest_layer(),
+				[this, newSocket](const boost::system::error_code& ecode)
+				{
+					HandleAccepted (ecode, newSocket);
+				});		
+		}	
+#if defined(BOOST_ASIO_HAS_LOCAL_SOCKETS)
+		else if (m_LocalAcceptor)
+		{
+			auto newSocket = std::make_shared<boost::asio::ssl::stream<boost::asio::local::stream_protocol::socket> > (m_Service, m_SSLContext);
+			m_LocalAcceptor->async_accept (newSocket->lowest_layer(),
+				[this, newSocket](const boost::system::error_code& ecode)
+				{
+					HandleAccepted (ecode, newSocket);
+				});		
+		}	
+#endif		
 	}
 
-	void I2PControlService::HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket)
+	template<typename ssl_socket> 
+	void I2PControlService::HandleAccepted (const boost::system::error_code& ecode,
+		std::shared_ptr<ssl_socket> newSocket)
 	{
 		if (ecode != boost::asio::error::operation_aborted)
 			Accept ();
 
-		if (ecode) {
+		if (ecode) 
+		{
 			LogPrint (eLogError, "I2PControl: Accept error: ", ecode.message ());
 			return;
 		}
-		LogPrint (eLogDebug, "I2PControl: New request from ", socket->lowest_layer ().remote_endpoint ());
-		Handshake (socket);
-	}
-
+		LogPrint (eLogDebug, "I2PControl: New request from ", newSocket->lowest_layer ().remote_endpoint ());
+		Handshake (newSocket);
+	}	
+		
+	template<typename ssl_socket>
 	void I2PControlService::Handshake (std::shared_ptr<ssl_socket> socket)
 	{
 		socket->async_handshake(boost::asio::ssl::stream_base::server,
-		std::bind( &I2PControlService::HandleHandshake, this, std::placeholders::_1, socket));
-	}
-
-	void I2PControlService::HandleHandshake (const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket)
-	{
-		if (ecode) {
-			LogPrint (eLogError, "I2PControl: Handshake error: ", ecode.message ());
-			return;
-		}
-		//std::this_thread::sleep_for (std::chrono::milliseconds(5));
-		ReadRequest (socket);
+			[this, socket](const boost::system::error_code& ecode)
+		    {
+				if (ecode) 
+				{
+					LogPrint (eLogError, "I2PControl: Handshake error: ", ecode.message ());
+					return;
+				}
+				ReadRequest (socket);
+			});			                        
 	}
 
+	template<typename ssl_socket>
 	void I2PControlService::ReadRequest (std::shared_ptr<ssl_socket> socket)
 	{
 		auto request = std::make_shared<I2PControlBuffer>();
@@ -177,10 +216,13 @@ namespace client
 #else
 			boost::asio::buffer (request->data (), request->size ()),
 #endif
-			std::bind(&I2PControlService::HandleRequestReceived, this,
-			std::placeholders::_1, std::placeholders::_2, socket, request));
+		    [this, socket, request](const boost::system::error_code& ecode, size_t bytes_transferred)
+		    {
+				HandleRequestReceived (ecode, bytes_transferred, socket, request);
+			});
 	}
 
+	template<typename ssl_socket>
 	void I2PControlService::HandleRequestReceived (const boost::system::error_code& ecode,
 		size_t bytes_transferred, std::shared_ptr<ssl_socket> socket,
 		std::shared_ptr<I2PControlBuffer> buf)
@@ -258,6 +300,7 @@ namespace client
 		}
 	}
 
+	template<typename ssl_socket>
 	void I2PControlService::SendResponse (std::shared_ptr<ssl_socket> socket,
 		std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml)
 	{
@@ -267,7 +310,7 @@ namespace client
 			std::ostringstream header;
 			header << "HTTP/1.1 200 OK\r\n";
 			header << "Connection: close\r\n";
-			header << "Content-Length: " << boost::lexical_cast<std::string>(len) << "\r\n";
+			header << "Content-Length: " << std::to_string(len) << "\r\n";
 			header << "Content-Type: application/json\r\n";
 			header << "Date: ";
 			std::time_t t = std::time (nullptr);
@@ -280,16 +323,11 @@ namespace client
 		memcpy (buf->data () + offset, response.str ().c_str (), len);
 		boost::asio::async_write (*socket, boost::asio::buffer (buf->data (), offset + len),
 			boost::asio::transfer_all (),
-			std::bind(&I2PControlService::HandleResponseSent, this,
-				std::placeholders::_1, std::placeholders::_2, socket, buf));
-	}
-
-	void I2PControlService::HandleResponseSent (const boost::system::error_code& ecode, std::size_t bytes_transferred,
-		std::shared_ptr<ssl_socket> socket, std::shared_ptr<I2PControlBuffer> buf)
-	{
-		if (ecode) {
-			LogPrint (eLogError, "I2PControl: Write error: ", ecode.message ());
-		}
+		    [socket, buf](const boost::system::error_code& ecode, std::size_t bytes_transferred)
+		    {
+				if (ecode)
+					LogPrint (eLogError, "I2PControl: Write error: ", ecode.message ());
+			});	
 	}
 
 // handlers

daemon/I2PControl.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -35,8 +35,6 @@ namespace client
 
 	class I2PControlService: public I2PControlHandlers
 	{
-		typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> ssl_socket;
-
 		public:
 
 			I2PControlService (const std::string& address, int port);
@@ -49,16 +47,18 @@ namespace client
 
 			void Run ();
 			void Accept ();
-			void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket);
+			template<typename ssl_socket> 
+			void HandleAccepted (const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> newSocket);
+			template<typename ssl_socket>
 			void Handshake (std::shared_ptr<ssl_socket> socket);
-			void HandleHandshake (const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket);
+			template<typename ssl_socket>
 			void ReadRequest (std::shared_ptr<ssl_socket> socket);
+			template<typename ssl_socket>
 			void HandleRequestReceived (const boost::system::error_code& ecode, size_t bytes_transferred,
 				std::shared_ptr<ssl_socket> socket, std::shared_ptr<I2PControlBuffer> buf);
+			template<typename ssl_socket>
 			void SendResponse (std::shared_ptr<ssl_socket> socket,
 				std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml);
-			void HandleResponseSent (const boost::system::error_code& ecode, std::size_t bytes_transferred,
-				std::shared_ptr<ssl_socket> socket, std::shared_ptr<I2PControlBuffer> buf);
 
 			void CreateCertificate (const char *crt_path, const char *key_path);
 
@@ -86,10 +86,13 @@ namespace client
 
 			std::string m_Password;
 			bool m_IsRunning;
-			std::thread * m_Thread;
+			std::unique_ptr<std::thread> m_Thread;
 
 			boost::asio::io_context m_Service;
-			boost::asio::ip::tcp::acceptor m_Acceptor;
+			std::unique_ptr<boost::asio::ip::tcp::acceptor> m_Acceptor;
+#if defined(BOOST_ASIO_HAS_LOCAL_SOCKETS)
+			std::unique_ptr<boost::asio::local::stream_protocol::acceptor> m_LocalAcceptor;
+#endif		
 			boost::asio::ssl::context m_SSLContext;
 			boost::asio::deadline_timer m_ShutdownTimer;
 			std::set<std::string> m_Tokens;

libi2pd/Identity.cpp

@@ -399,12 +399,8 @@ namespace data
 				return std::make_shared<i2p::crypto::ECIESX25519AEADRatchetEncryptor>(key);
 			break;
 			case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC:
-			case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST:
 				return std::make_shared<i2p::crypto::ECIESP256Encryptor>(key);
 			break;
-			case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC:
-				return std::make_shared<i2p::crypto::ECIESGOSTR3410Encryptor>(key);
-			break;
 			default:
 				LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)keyType);
 		};
@@ -673,12 +669,8 @@ namespace data
 				return std::make_shared<i2p::crypto::ECIESX25519AEADRatchetDecryptor>(key);
 			break;
 			case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC:
-			case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST:
 				return std::make_shared<i2p::crypto::ECIESP256Decryptor>(key);
 			break;
-			case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC:
-				return std::make_shared<i2p::crypto::ECIESGOSTR3410Decryptor>(key);
-			break;
 			default:
 				LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)cryptoType);
 		};
@@ -753,12 +745,8 @@ namespace data
 				i2p::crypto::GenerateElGamalKeyPair(priv, pub);
 			break;
 			case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC:
-			case CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST:
 				i2p::crypto::CreateECIESP256RandomKeys (priv, pub);
 			break;
-			case CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC:
-				i2p::crypto::CreateECIESGOSTR3410RandomKeys (priv, pub);
-			break;
 			case CRYPTO_KEY_TYPE_ECIES_X25519_AEAD:
 				i2p::crypto::CreateECIESX25519AEADRatchetRandomKeys (priv, pub);
 			break;

libi2pd/Identity.h

@@ -64,9 +64,7 @@ namespace data
 	const uint16_t CRYPTO_KEY_TYPE_ELGAMAL = 0;
 	const uint16_t CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC = 1;
 	const uint16_t CRYPTO_KEY_TYPE_ECIES_X25519_AEAD = 4;
-	const uint16_t CRYPTO_KEY_TYPE_ECIES_P256_SHA256_AES256CBC_TEST = 65280; // TODO: remove later
-	const uint16_t CRYPTO_KEY_TYPE_ECIES_GOSTR3410_CRYPTO_PRO_A_SHA256_AES256CBC = 65281; // TODO: use GOST R 34.11 instead SHA256 and GOST 28147-89 instead AES
-
+	
 	const uint16_t SIGNING_KEY_TYPE_DSA_SHA1 = 0;
 	const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA256_P256 = 1;
 	const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA384_P384 = 2;
@@ -75,7 +73,7 @@ namespace data
 	const uint16_t SIGNING_KEY_TYPE_RSA_SHA384_3072 = 5;
 	const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6;
 	const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 = 7;
-	const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519ph = 8; // not implemented
+	const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519ph = 8; // since openssl 3.0.0
 	const uint16_t SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256 = 9;
 	const uint16_t SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512 = 10; // approved by FSB
 	const uint16_t SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519 = 11; // for LeaseSet2 only

libi2pd/Profiling.cpp

@@ -310,7 +310,7 @@ namespace data
 			{
 				if (it->second->IsUpdated () && ts > it->second->GetLastPersistTime () + PEER_PROFILE_PERSIST_INTERVAL)
 				{
-					tmp.push_back (std::make_pair (it->first, it->second));
+					tmp.push_back (*it);
 					it->second->SetLastPersistTime (ts);
 					it->second->SetUpdated (false);
 				}	

libi2pd/Profiling.h

@@ -41,7 +41,7 @@ namespace data
 	const int PEER_PROFILE_OBSOLETE_PROFILES_CLEAN_VARIANCE = 2400; // in seconds (40 minutes)
 	const int PEER_PROFILE_DECLINED_RECENTLY_INTERVAL = 330; // in seconds (5.5 minutes)
 	const int PEER_PROFILE_MAX_DECLINED_INTERVAL = 4400; // in second (1.5 hours)
-	const int PEER_PROFILE_PERSIST_INTERVAL = 3300; // in seconds (55 minutes)
+	const int PEER_PROFILE_PERSIST_INTERVAL = 1320; // in seconds (22 minutes)
 	const int PEER_PROFILE_UNREACHABLE_INTERVAL = 480; // in seconds (8 minutes)
 	const int PEER_PROFILE_USEFUL_THRESHOLD = 3;
 	const int PEER_PROFILE_ALWAYS_DECLINING_NUM = 5; // num declines in row to consider always declined

libi2pd/Signature.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -149,5 +149,56 @@ namespace crypto
 			LogPrint (eLogError, "EdDSA signing key is not set");
 	}
 #endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x030000000)
+	static const OSSL_PARAM EDDSA25519phParams[] =
+	{
+		OSSL_PARAM_utf8_string ("instance", (char *)"Ed25519ph", 9),
+		OSSL_PARAM_END
+	};
+		
+	bool EDDSA25519phVerifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
+	{
+		auto pkey = GetPkey ();
+		if (pkey)
+		{	
+			uint8_t digest[64];
+			SHA512 (buf, len, digest);
+			EVP_MD_CTX * ctx = EVP_MD_CTX_create ();
+			EVP_DigestVerifyInit_ex (ctx, NULL, NULL, NULL, NULL, pkey, EDDSA25519phParams);
+			auto ret = EVP_DigestVerify (ctx, signature, 64, digest, 64);
+			EVP_MD_CTX_destroy (ctx);	
+			return ret;	
+		}	
+		else
+			LogPrint (eLogError, "EdDSA verification key is not set");
+		return false;
+	}
+
+	EDDSA25519phSigner::EDDSA25519phSigner (const uint8_t * signingPrivateKey): 
+		EDDSA25519Signer (signingPrivateKey)
+	{		
+	}
+		
+	void EDDSA25519phSigner::Sign (const uint8_t * buf, int len, uint8_t * signature) const
+	{
+		auto pkey = GetPkey ();
+		if (pkey)
+		{	
+			uint8_t digest[64];
+			SHA512 (buf, len, digest);
+			EVP_MD_CTX * ctx = EVP_MD_CTX_create ();
+			size_t l = 64;
+			uint8_t sig[64];
+			EVP_DigestSignInit_ex (ctx, NULL, NULL, NULL, NULL, pkey, EDDSA25519phParams);
+			if (!EVP_DigestSign (ctx, sig, &l, digest, 64))
+				LogPrint (eLogError, "EdDSA signing failed");
+			memcpy (signature, sig, 64);
+			EVP_MD_CTX_destroy (ctx);
+		}
+		else
+			LogPrint (eLogError, "EdDSA signing key is not set");
+	}		
+#endif		
 }
 }

libi2pd/Signature.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -303,14 +303,28 @@ namespace crypto
 
 		private:
 
-#if OPENSSL_EDDSA
+#if OPENSSL_EDDSA	
+			
 			EVP_PKEY * m_Pkey;
+			
+		protected:
+
+			EVP_PKEY * GetPkey () const { return m_Pkey; };
 #else
 			EDDSAPoint m_PublicKey;
 			uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH];
 #endif
 	};
 
+#if (OPENSSL_VERSION_NUMBER >= 0x030000000) // since 3.0.0
+	class EDDSA25519phVerifier: public EDDSA25519Verifier
+	{
+		public:
+
+			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
+	};
+#endif	
+	
 	class EDDSA25519SignerCompat: public Signer
 	{
 		public:
@@ -339,6 +353,10 @@ namespace crypto
 
 			void Sign (const uint8_t * buf, int len, uint8_t * signature) const;
 
+		protected:
+
+			EVP_PKEY * GetPkey () const { return m_Pkey; };
+			
 		private:
 
 			EVP_PKEY * m_Pkey;
@@ -350,6 +368,18 @@ namespace crypto
 
 #endif
 
+#if (OPENSSL_VERSION_NUMBER >= 0x030000000) // since 3.0.0
+	class EDDSA25519phSigner: public EDDSA25519Signer
+	{
+		public:
+
+			EDDSA25519phSigner (const uint8_t * signingPrivateKey);
+		
+			void Sign (const uint8_t * buf, int len, uint8_t * signature) const;
+	};
+	
+#endif	
+	
 	inline void CreateEDDSA25519RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
 	{
 #if OPENSSL_EDDSA

libi2pd/TransitTunnel.cpp

@@ -131,27 +131,35 @@ namespace tunnel
 
 		LogPrint (eLogDebug, "TransitTunnel: handle msg for endpoint ", GetTunnelID ());
 		std::lock_guard<std::mutex> l(m_HandleMutex);
-		m_Endpoint.HandleDecryptedTunnelDataMsg (newMsg);
+		if (!m_Endpoint) m_Endpoint = std::make_unique<TunnelEndpoint>(false); // transit endpoint is always outbound
+		m_Endpoint->HandleDecryptedTunnelDataMsg (newMsg);
 	}
 
 	void TransitTunnelEndpoint::FlushTunnelDataMsgs ()
 	{
-		std::lock_guard<std::mutex> l(m_HandleMutex);
-		m_Endpoint.FlushI2NPMsgs ();
+		if (m_Endpoint)
+		{
+			std::lock_guard<std::mutex> l(m_HandleMutex);
+			m_Endpoint->FlushI2NPMsgs ();
+		}	
 	}	
 
 	void TransitTunnelEndpoint::Cleanup ()
 	{ 
-		std::lock_guard<std::mutex> l(m_HandleMutex);
-		m_Endpoint.Cleanup ();
+		if (m_Endpoint)
+		{	
+			std::lock_guard<std::mutex> l(m_HandleMutex);
+			m_Endpoint->Cleanup ();
+		}	
 	}	
 		
 	std::string TransitTunnelEndpoint::GetNextPeerName () const
 	{ 
-		auto hash = m_Endpoint.GetCurrentHash ();
+		if (!m_Endpoint) return "";
+		auto hash = m_Endpoint->GetCurrentHash ();
 		if (hash)
 		{	
-			const auto& sender = m_Endpoint.GetSender ();
+			const auto& sender = m_Endpoint->GetSender ();
 			if (sender)
 			{
 				auto transport = sender->GetCurrentTransport ();

libi2pd/TransitTunnel.h

@@ -97,20 +97,19 @@ namespace tunnel
 			TransitTunnelEndpoint (uint32_t receiveTunnelID,
 				const i2p::data::IdentHash& nextIdent, uint32_t nextTunnelID,
 				const i2p::crypto::AESKey& layerKey, const i2p::crypto::AESKey& ivKey):
-				TransitTunnel (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey),
-				m_Endpoint (false) {}; // transit endpoint is always outbound
+				TransitTunnel (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey) {}; 
 
 			void Cleanup () override;
 		
 			void HandleTunnelDataMsg (std::shared_ptr<i2p::I2NPMessage>&& tunnelMsg) override;
 			void FlushTunnelDataMsgs () override;
-			size_t GetNumTransmittedBytes () const override { return m_Endpoint.GetNumReceivedBytes (); }
+			size_t GetNumTransmittedBytes () const override { return m_Endpoint ? m_Endpoint->GetNumReceivedBytes () : 0; }
 			std::string GetNextPeerName () const override;
 			
 		private:
 
 			std::mutex m_HandleMutex;
-			TunnelEndpoint m_Endpoint;
+			std::unique_ptr<TunnelEndpoint> m_Endpoint;
 	};
 
 	std::shared_ptr<TransitTunnel> CreateTransitTunnel (uint32_t receiveTunnelID,

libi2pd/Transports.cpp

@@ -680,8 +680,21 @@ namespace transport
 		auto directTransports = compatibleTransports & peer->router->GetPublishedTransports ();
 		peer->numAttempts = 0;
 		peer->priority.clear ();
-		bool isReal = peer->router->GetProfile ()->IsReal (); 
-		bool ssu2 = isReal ? (m_Rng () & 1) : false; // try NTCP2 if router is not confirmed real
+		
+		std::shared_ptr<RouterProfile> profile;
+		if (peer->router->HasProfile ()) profile = peer->router->GetProfile (); // only if in memory
+		bool ssu2 = false; // NTCP2 by default
+		bool isReal = profile ? profile->IsReal () : true;
+		if (isReal) 
+		{	
+			ssu2 = m_Rng () & 1; // 1/2
+			if (ssu2 && !profile)
+			{	
+				profile = peer->router->GetProfile (); // load profile if necessary
+				isReal = profile->IsReal ();  
+				if (!isReal) ssu2 = false; // try NTCP2 if router is not confirmed real
+			}
+		}	
 		const auto& priority = ssu2 ? ssu2Priority : ntcp2Priority;
 		if (directTransports)
 		{	

libi2pd_client/BOB.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -16,6 +16,24 @@ namespace i2p
 {
 namespace client
 {
+	void BOBI2PTunnelIncomingConnection::Established ()
+	{
+		if (m_IsQuiet)
+			StreamReceive ();
+		else
+		{
+			// send destination first like received from I2P
+			std::string dest = GetStream ()->GetRemoteIdentity ()->ToBase64 ();
+			dest += "\n";
+			if (dest.size() <= I2P_TUNNEL_CONNECTION_BUFFER_SIZE)
+				memcpy (GetStreamBuffer (), dest.c_str (), dest.size ());
+			else
+				memset (GetStreamBuffer (), 0, I2P_TUNNEL_CONNECTION_BUFFER_SIZE);
+			HandleStreamReceive (boost::system::error_code (), dest.size ());
+		}
+		Receive ();
+	}	
+	
 	BOBI2PInboundTunnel::BOBI2PInboundTunnel (const boost::asio::ip::tcp::endpoint& ep, std::shared_ptr<ClientDestination> localDestination):
 		BOBI2PTunnel (localDestination), m_Acceptor (localDestination->GetService (), ep)
 	{
@@ -156,7 +174,7 @@ namespace client
 	{
 		if (stream)
 		{
-			auto conn = std::make_shared<I2PTunnelConnection> (this, stream, m_Endpoint, m_IsQuiet);
+			auto conn = std::make_shared<BOBI2PTunnelIncomingConnection> (this, stream, m_Endpoint, m_IsQuiet);
 			AddHandler (conn);
 			conn->Connect ();
 		}

libi2pd_client/BOB.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -71,6 +71,23 @@ namespace client
 	const char BOB_HELP_STATUS[] = "status <NICKNAME> - Display status of a nicknamed tunnel.";
 	const char BOB_HELP_HELP [] = "help <COMMAND> - Get help on a command.";
 
+	class BOBI2PTunnelIncomingConnection: public I2PTunnelConnection
+	{
+		public:
+
+			BOBI2PTunnelIncomingConnection (I2PService * owner, std::shared_ptr<i2p::stream::Stream> stream,
+				const boost::asio::ip::tcp::endpoint& target, bool quiet):
+				I2PTunnelConnection (owner, stream, target), m_IsQuiet (quiet) {};
+
+		protected:
+
+			void Established () override;
+		
+		private:
+
+			bool m_IsQuiet; // don't send destination
+	};
+	
 	class BOBI2PTunnel: public I2PService
 	{
 		public:

libi2pd_client/I2PTunnel.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -32,8 +32,7 @@ namespace client
 
 	I2PTunnelConnection::I2PTunnelConnection (I2PService * owner, std::shared_ptr<boost::asio::ip::tcp::socket> socket,
 		std::shared_ptr<const i2p::data::LeaseSet> leaseSet, uint16_t port):
-		I2PServiceHandler(owner), m_Socket (socket), m_RemoteEndpoint (socket->remote_endpoint ()),
-		m_IsQuiet (true)
+		I2PServiceHandler(owner), m_Socket (socket), m_RemoteEndpoint (socket->remote_endpoint ())
 	{
 		m_Stream = GetOwner()->GetLocalDestination ()->CreateStream (leaseSet, port);
 	}
@@ -41,14 +40,13 @@ namespace client
 	I2PTunnelConnection::I2PTunnelConnection (I2PService * owner,
 		std::shared_ptr<boost::asio::ip::tcp::socket> socket, std::shared_ptr<i2p::stream::Stream> stream):
 		I2PServiceHandler(owner), m_Socket (socket), m_Stream (stream),
-		m_RemoteEndpoint (socket->remote_endpoint ()), m_IsQuiet (true)
+		m_RemoteEndpoint (socket->remote_endpoint ())
 	{
 	}
 
 	I2PTunnelConnection::I2PTunnelConnection (I2PService * owner, std::shared_ptr<i2p::stream::Stream> stream,
-		const boost::asio::ip::tcp::endpoint& target, bool quiet,
-	    std::shared_ptr<boost::asio::ssl::context> sslCtx):
-		I2PServiceHandler(owner), m_Stream (stream), m_RemoteEndpoint (target), m_IsQuiet (quiet)
+		const boost::asio::ip::tcp::endpoint& target,std::shared_ptr<boost::asio::ssl::context> sslCtx):
+		I2PServiceHandler(owner), m_Stream (stream), m_RemoteEndpoint (target)
 	{
 		m_Socket = std::make_shared<boost::asio::ip::tcp::socket> (owner->GetService ());
 		if (sslCtx)
@@ -292,18 +290,7 @@ namespace client
 
 	void I2PTunnelConnection::Established ()
 	{
-		if (m_IsQuiet)
-			StreamReceive ();
-		else
-		{
-			// send destination first like received from I2P
-			std::string dest = m_Stream->GetRemoteIdentity ()->ToBase64 ();
-			dest += "\n";
-			if(sizeof(m_StreamBuffer) >= dest.size()) {
-				memcpy (m_StreamBuffer, dest.c_str (), dest.size ());
-			}
-			HandleStreamReceive (boost::system::error_code (), dest.size ());
-		}
+		StreamReceive ();
 		Receive ();
 	}
 
@@ -377,7 +364,7 @@ namespace client
 	I2PServerTunnelConnectionHTTP::I2PServerTunnelConnectionHTTP (I2PService * owner, std::shared_ptr<i2p::stream::Stream> stream,
 		const boost::asio::ip::tcp::endpoint& target, const std::string& host, const std::string& XI2P,
 	    std::shared_ptr<boost::asio::ssl::context> sslCtx):
-		I2PTunnelConnection (owner, stream, target, true, sslCtx), m_Host (host), m_XI2P (XI2P),
+		I2PTunnelConnection (owner, stream, target, sslCtx), m_Host (host), m_XI2P (XI2P),
 		m_HeaderSent (false), m_ResponseHeaderSent (false)
 	{
 		if (sslCtx)
@@ -528,7 +515,7 @@ namespace client
 	I2PTunnelConnectionIRC::I2PTunnelConnectionIRC (I2PService * owner, std::shared_ptr<i2p::stream::Stream> stream,
 		const boost::asio::ip::tcp::endpoint& target, const std::string& webircpass,
 	    std::shared_ptr<boost::asio::ssl::context> sslCtx):
-		I2PTunnelConnection (owner, stream, target, true, sslCtx), m_From (stream->GetRemoteIdentity ()),
+		I2PTunnelConnection (owner, stream, target, sslCtx), m_From (stream->GetRemoteIdentity ()),
 		m_NeedsWebIrc (webircpass.length() ? true : false), m_WebircPass (webircpass)
 	{
 	}
@@ -857,7 +844,7 @@ namespace client
 
 	std::shared_ptr<I2PTunnelConnection> I2PServerTunnel::CreateI2PConnection (std::shared_ptr<i2p::stream::Stream> stream)
 	{
-		return std::make_shared<I2PTunnelConnection> (this, stream, GetEndpoint (), true, m_SSLCtx);
+		return std::make_shared<I2PTunnelConnection> (this, stream, GetEndpoint (), m_SSLCtx);
 
 	}
 

libi2pd_client/I2PTunnel.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -27,7 +27,7 @@ namespace i2p
 {
 namespace client
 {
-	const size_t I2P_TUNNEL_CONNECTION_BUFFER_SIZE = 65536;
+	const size_t I2P_TUNNEL_CONNECTION_BUFFER_SIZE = 16384;
 	const int I2P_TUNNEL_CONNECTION_MAX_IDLE = 3600; // in seconds
 	const int I2P_TUNNEL_DESTINATION_REQUEST_TIMEOUT = 10; // in seconds
 	// for HTTP tunnels
@@ -45,7 +45,7 @@ namespace client
 			I2PTunnelConnection (I2PService * owner, std::shared_ptr<boost::asio::ip::tcp::socket> socket,
 				std::shared_ptr<i2p::stream::Stream> stream); // to I2P using simplified API
 			I2PTunnelConnection (I2PService * owner, std::shared_ptr<i2p::stream::Stream> stream,
-				const boost::asio::ip::tcp::endpoint& target, bool quiet = true,
+				const boost::asio::ip::tcp::endpoint& target,
 			    std::shared_ptr<boost::asio::ssl::context> sslCtx = nullptr); // from I2P
 			~I2PTunnelConnection ();
 			void I2PConnect (const uint8_t * msg = nullptr, size_t len = 0);
@@ -54,25 +54,27 @@ namespace client
 
 		protected:
 
+			virtual void Established ();
 			void Terminate ();
 
 			void Receive ();
 			void StreamReceive ();
+			void HandleStreamReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 			virtual void Write (const uint8_t * buf, size_t len); // can be overloaded
 			virtual void WriteToStream (const uint8_t * buf, size_t len); // can be overloaded
 
 			std::shared_ptr<boost::asio::ip::tcp::socket> GetSocket () const { return m_Socket; };
+			std::shared_ptr<i2p::stream::Stream> GetStream () const { return m_Stream; };
 			std::shared_ptr<boost::asio::ssl::stream<boost::asio::ip::tcp::socket&> > GetSSL () const { return m_SSL; };
-
+			uint8_t * GetStreamBuffer () { return m_StreamBuffer; };
+		
 		private:
 
 			void HandleConnect (const boost::system::error_code& ecode);
 			void HandleHandshake (const boost::system::error_code& ecode);
-			void Established ();
 			void HandleReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 			void HandleWrite (const boost::system::error_code& ecode);
-			void HandleStreamReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
-
+			
 		private:
 
 			uint8_t m_Buffer[I2P_TUNNEL_CONNECTION_BUFFER_SIZE], m_StreamBuffer[I2P_TUNNEL_CONNECTION_BUFFER_SIZE];
@@ -80,7 +82,6 @@ namespace client
 			std::shared_ptr<boost::asio::ssl::stream<boost::asio::ip::tcp::socket&> > m_SSL;
 			std::shared_ptr<i2p::stream::Stream> m_Stream;
 			boost::asio::ip::tcp::endpoint m_RemoteEndpoint;
-			bool m_IsQuiet; // don't send destination
 	};
 
 	class I2PClientTunnelConnectionHTTP: public I2PTunnelConnection
@@ -94,7 +95,7 @@ namespace client
 
 		protected:
 
-			void Write (const uint8_t * buf, size_t len);
+			void Write (const uint8_t * buf, size_t len) override;
 
 		private:
 
@@ -112,8 +113,8 @@ namespace client
 
 		protected:
 
-			void Write (const uint8_t * buf, size_t len);
-			void WriteToStream (const uint8_t * buf, size_t len);
+			void Write (const uint8_t * buf, size_t len) override;
+			void WriteToStream (const uint8_t * buf, size_t len) override;
 
 		private:
 
@@ -132,7 +133,7 @@ namespace client
 
 		protected:
 
-			void Write (const uint8_t * buf, size_t len);
+			void Write (const uint8_t * buf, size_t len) override;
 
 		private: