2.19.0

Revert "Read explicitPeer config settings into params"

.gitignore

@@ -262,3 +262,5 @@ qt/i2pd_qt/*.ui.autosave
 qt/i2pd_qt/*.ui.bk*
 qt/i2pd_qt/*.ui_*
 
+#unknown android stuff
+android/libs/

.travis.yml

@@ -2,34 +2,53 @@ language: cpp
 cache:
   apt: true
 os:
-  - linux
-sudo: required
+- linux
+#- osx
 dist: trusty
+sudo: required
+compiler:
+- g++
+- clang++
+env:
+  global:
+  - MAKEFLAGS="-j 2"
+  matrix:
+  - BUILD_TYPE=make UPNP=ON MAKE_UPNP=yes
+  - BUILD_TYPE=make UPNP=OFF MAKE_UPNP=no
+  - BUILD_TYPE=cmake UPNP=ON MAKE_UPNP=yes
+  - BUILD_TYPE=cmake UPNP=OFF MAKE_UPNP=no
+matrix:
+  exclude:
+  - os: osx
+    env: BUILD_TYPE=cmake UPNP=ON MAKE_UPNP=yes
+  - os: osx
+    env: BUILD_TYPE=cmake UPNP=OFF MAKE_UPNP=no
+  - os: linux
+    compiler: clang++
+    env: BUILD_TYPE=make UPNP=ON MAKE_UPNP=yes
+  - os: linux
+    compiler: clang++
+    env: BUILD_TYPE=make UPNP=OFF MAKE_UPNP=no
 addons:
   apt:
     packages:
-      - build-essential
-      - cmake
-      - g++
-      - clang
-      - libboost-chrono-dev
-      - libboost-date-time-dev
-      - libboost-filesystem-dev
-      - libboost-program-options-dev
-      - libboost-system-dev
-      - libboost-thread-dev
-      - libminiupnpc-dev
-      - libssl-dev
-compiler:
-  - gcc
-  - clang
+    - build-essential
+    - cmake
+    - g++
+    - clang
+    - libboost-chrono-dev
+    - libboost-date-time-dev
+    - libboost-filesystem-dev
+    - libboost-program-options-dev
+    - libboost-system-dev
+    - libboost-thread-dev
+    - libminiupnpc-dev
+    - libssl-dev
 before_install:
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install openssl miniupnpc ; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew unlink boost openssl && brew link boost openssl -f ; fi
-env:
-  matrix:
-    - BUILD_TYPE=Release UPNP=ON
-    - BUILD_TYPE=Release UPNP=OFF
+- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi
+- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install libressl miniupnpc ; fi
+- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew outdated boost || brew upgrade boost ; fi
 script:
-  - cd build && cmake -DCMAKE_BUILD_TYPE=${BUILD_TYPE} -DWITH_UPNP=${UPNP} && make
+- if [[ "$TRAVIS_OS_NAME" == "linux" && "$BUILD_TYPE" == "cmake" ]]; then cd build && cmake -DCMAKE_BUILD_TYPE=Release -DWITH_UPNP=${UPNP} && make ; fi
+- if [[ "$TRAVIS_OS_NAME" == "linux" && "$BUILD_TYPE" == "make" ]]; then make USE_UPNP=${MAKE_UPNP} ; fi
+- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then make HOMEBREW=1 USE_UPNP=${MAKE_UPNP} ; fi

ChangeLog

@@ -1,9 +1,85 @@
 # for this file format description,
 # see https://github.com/olivierlacan/keep-a-changelog
 
+## [2.19.0] - 2018-06-26
+### Added
+- ECIES support for RouterInfo
+- HTTP outproxy authorization
+- AVX/AESNI runtime detection
+- Initial implementation of NTCP2
+- I2CP session reconfigure
+- I2CP method ClientServicesInfo
+- Datagrams to websocks
+### Changed
+- RouterInfo uses EdDSA signature by default
+- Remove stream bans
+- Android build system changed to gradle
+- Multiple changes in QT GUI
+- Dockerfile
+### Fixed
+- zero tunnelID issue
+- tunnels reload
+- headers in webconsole
+- XSS in webconsole from SAM session name
+- build for gcc 8
+- cmake build scripts
+- systemd service files
+- some netbsd issues
+
+## [2.18.0] - 2018-01-30
+### Added
+- Show tunnel nicknames for I2CP destination in WebUI
+- Re-create HTTP and SOCKS proxy by tunnel reload
+- Graceful shutdown as soon as no more transit tunnels
+### Changed
+- Regenerate shared local destination by tunnel reload
+- Use transient local destination by default if not specified
+- Return correct code if pid file can't be created
+- Timing and number of attempts for adressbook requests
+- Certificates list
+### Fixed
+- Malformed addressbook subsctiption request
+- Build with boost 1.66
+- Few race conditions for SAM
+- Check LeaseSet's signature before update
+
+## [2.17.0] - 2017-12-04
+### Added
+- Reseed through HTTP and SOCKS proxy
+- Show status of client services through web console
+- Change log level through web connsole
+- transient keys for tunnels
+- i2p.streaming.initialAckDelay parameter
+- CRYPTO_TYPE for SAM destination
+- signature and crypto type for newkeys BOB command
+### Changed
+- Correct publication of ECIES destinations
+- Disable RSA signatures completely
+### Fixed
+- CVE-2017-17066
+- Possible buffer overflow for RSA-4096
+- Shutdown from web console for Windows
+- Web console page layout
+## [2.16.0] - 2017-11-13
+### Added
+- https and "Connect" method for HTTP proxy
+- outproxy for HTTP proxy
+- initial support of ECIES crypto
+- NTCP soft and hard descriptors limits
+- Support full timestamps in logs
+### Changed
+- Faster implmentation of GOST R 34.11 hash
+- Reject routers with RSA signtures
+- Reload config and shudown from Windows GUI
+- Update tunnels address(destination) without restart
+### Fixed
+- BOB crashes if destination is not set
+- Correct SAM tunnel name
+- QT GUI issues
+
 ## [2.15.0] - 2017-08-17
 ### Added
-- QT GUI 
+- QT GUI
 - Ability to add and remove I2P tunnels without restart
 - Ability to disable SOCKS outproxy option
 ### Changed
@@ -47,7 +123,7 @@
 - Some stats in a main window for Windows version
 ### Changed
 - Reseed servers list
-- MTU of 1488 for ipv6 
+- MTU of 1488 for ipv6
 - Android and Mac OS X versions use OpenSSL 1.1
 - New logo for Android
 ### Fixed
@@ -77,7 +153,7 @@
 ## [2.10.2] - 2016-12-04
 ### Fixed
 - Fixes UPnP discovery bug, producing excessive CPU usage
-- Fixes sudden SSU thread stop for Windows. 
+- Fixes sudden SSU thread stop for Windows.
 
 ## [2.10.1] - 2016-11-07
 ### Fixed
@@ -128,12 +204,12 @@
 - Configurable limit of transit tunnels
 
 ### Changed
-- Speed-up of assymetric crypto for non-x64 platforms
+- Speed-up of asymmetric crypto for non-x64 platforms
 - Refactoring of web-console
 
 ## [2.6.0] - 2016-03-31
 ### Added
-- Gracefull shutdown on SIGINT
+- Graceful shutdown on SIGINT
 - Numeric bandwidth limits (was: by router class)
 - Jumpservices in web-console
 - Logging to syslog

Dockerfile

@@ -1,54 +0,0 @@
-FROM alpine:latest
-
-MAINTAINER Mikal Villa <mikal@sigterm.no>
-
-ENV GIT_BRANCH="master"
-ENV I2PD_PREFIX="/opt/i2pd-${GIT_BRANCH}"
-ENV PATH=${I2PD_PREFIX}/bin:$PATH
-
-ENV GOSU_VERSION=1.7
-ENV GOSU_SHASUM="34049cfc713e8b74b90d6de49690fa601dc040021980812b2f1f691534be8a50  /usr/local/bin/gosu"
-
-RUN mkdir /user && adduser -S -h /user i2pd && chown -R i2pd:nobody /user
-
-
-#
-# Each RUN is a layer, adding the dependencies and building i2pd in one layer takes around 8-900Mb, so to keep the 
-# image under 20mb we need to remove all the build dependencies in the same "RUN" / layer.
-#
-
-# 1. install deps, clone and build. 
-# 2. strip binaries. 
-# 3. Purge all dependencies and other unrelated packages, including build directory. 
-RUN apk --no-cache --virtual build-dependendencies add make gcc g++ libtool boost-dev build-base openssl-dev openssl git \
-    && mkdir -p /tmp/build \
-    && cd /tmp/build && git clone -b ${GIT_BRANCH} https://github.com/PurpleI2P/i2pd.git \
-    && cd i2pd \
-    && make -j4 \
-    && mkdir -p ${I2PD_PREFIX}/bin \
-    && mv i2pd ${I2PD_PREFIX}/bin/ \
-    && cd ${I2PD_PREFIX}/bin \
-    && strip i2pd \
-    && rm -fr /tmp/build && apk --purge del build-dependendencies build-base fortify-headers boost-dev zlib-dev openssl-dev \
-    boost-python3 python3 gdbm boost-unit_test_framework boost-python linux-headers boost-prg_exec_monitor \
-    boost-serialization boost-signals boost-wave boost-wserialization boost-math boost-graph boost-regex git pcre \
-    libtool g++ gcc pkgconfig
-
-# 2. Adding required libraries to run i2pd to ensure it will run.
-RUN apk --no-cache add boost-filesystem boost-system boost-program_options boost-date_time boost-thread boost-iostreams openssl musl-utils libstdc++
-
-# Gosu is a replacement for su/sudo in docker and not a backdoor :) See https://github.com/tianon/gosu
-RUN wget -O /usr/local/bin/gosu https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64 \
-    && echo "${GOSU_SHASUM}" | sha256sum -c && chmod +x /usr/local/bin/gosu
-
-COPY entrypoint.sh /entrypoint.sh
-
-RUN chmod a+x /entrypoint.sh
-RUN echo "export PATH=${PATH}" >> /etc/profile
-
-VOLUME [ "/var/lib/i2pd" ]
-
-EXPOSE 7070 4444 4447 7656 2827 7654 7650
-
-ENTRYPOINT [ "/entrypoint.sh" ]
-

Makefile

@@ -1,9 +1,9 @@
-UNAME := $(shell uname -s)
+SYS := $(shell $(CXX) -dumpmachine)
 SHLIB := libi2pd.so
 ARLIB := libi2pd.a
 SHLIB_CLIENT := libi2pdclient.so
 ARLIB_CLIENT := libi2pdclient.a
-I2PD  := i2pd
+I2PD := i2pd
 GREP := grep
 DEPS := obj/make.dep
 
@@ -23,22 +23,24 @@ ifeq ($(WEBSOCKETS),1)
 	NEEDED_CXXFLAGS += -DWITH_EVENTS
 endif
 
-ifeq ($(UNAME),Darwin)
+ifneq (, $(findstring darwin, $(SYS)))
 	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
 	ifeq ($(HOMEBREW),1)
 		include Makefile.homebrew
 	else
 		include Makefile.osx
 	endif
-else ifeq ($(shell echo $(UNAME) | $(GREP) -Ec '(Free|Open)BSD'),1)
-	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
-	include Makefile.bsd
-else ifeq ($(UNAME),Linux)
+else ifneq (, $(findstring linux, $(SYS))$(findstring gnu, $(SYS)))
 	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
 	include Makefile.linux
-else
+else ifneq (, $(findstring freebsd, $(SYS))$(findstring openbsd, $(SYS)))
+	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
+	include Makefile.bsd
+else ifneq (, $(findstring mingw, $(SYS))$(findstring cygwin, $(SYS)))
 	DAEMON_SRC += Win32/DaemonWin32.cpp Win32/Win32Service.cpp Win32/Win32App.cpp
 	include Makefile.mingw
+else # not supported
+$(error Not supported platform)
 endif
 
 ifeq ($(USE_MESHNET),yes)
@@ -89,14 +91,14 @@ $(SHLIB_CLIENT): $(patsubst %.cpp,obj/%.o,$(LIB_CLIENT_SRC))
 	$(CXX) $(LDFLAGS) $(LDLIBS) -shared -o $@ $^
 
 $(ARLIB): $(patsubst %.cpp,obj/%.o,$(LIB_SRC))
-	ar -r $@ $^
+	$(AR) -r $@ $^
 
 $(ARLIB_CLIENT): $(patsubst %.cpp,obj/%.o,$(LIB_CLIENT_SRC))
-	ar -r $@ $^
+	$(AR) -r $@ $^
 
 clean:
-	rm -rf obj
-	rm -rf docs/generated
+	$(RM) -r obj
+	$(RM) -r docs/generated
 	$(RM) $(I2PD) $(SHLIB) $(ARLIB) $(SHLIB_CLIENT) $(ARLIB_CLIENT)
 
 strip: $(I2PD) $(SHLIB_CLIENT) $(SHLIB)

Makefile.bsd

@@ -1,5 +1,5 @@
 CXX = clang++
-CXXFLAGS = -O2
+CXXFLAGS ?= -g -Wall -Wextra -Wno-unused-parameter -pedantic -Wno-misleading-indentation
 ## NOTE: NEEDED_CXXFLAGS is here so that custom CXXFLAGS can be specified at build time
 ## **without** overwriting the CXXFLAGS which we need in order to build.
 ## For example, when adding 'hardening flags' to the build

Makefile.homebrew

@@ -1,27 +1,45 @@
 # root directory holding homebrew
-BREWROOT = /usr/local/
+BREWROOT = /usr/local
 BOOSTROOT = ${BREWROOT}/opt/boost
 SSLROOT = ${BREWROOT}/opt/libressl
-CXX = clang++
-CXXFLAGS = -g -Wall -std=c++11 -DMAC_OSX
+UPNPROOT = ${BREWROOT}/opt/miniupnpc
+CXXFLAGS = -g -Wall -std=c++11 -DMAC_OSX -Wno-overloaded-virtual
 INCFLAGS = -I${SSLROOT}/include -I${BOOSTROOT}/include
-LDFLAGS = -L${SSLROOT}/lib -L${BOOSTROOT}/lib
-LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
+
+ifndef TRAVIS
+	CXX = clang++
+endif
+
+ifeq ($(USE_STATIC),yes)
+	LDLIBS = -lz ${SSLROOT}/lib/libcrypto.a ${SSLROOT}/lib/libssl.a ${BOOSTROOT}/lib/libboost_system.a ${BOOSTROOT}/lib/libboost_date_time.a ${BOOSTROOT}/lib/libboost_filesystem.a ${BOOSTROOT}/lib/libboost_program_options.a -lpthread
+else
+	LDFLAGS = -L${SSLROOT}/lib -L${BOOSTROOT}/lib
+	LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
+endif
 
 ifeq ($(USE_UPNP),yes)
 	LDFLAGS += -ldl
 	CXXFLAGS += -DUSE_UPNP
-	LDLIBS += -lminiupnpc
+	INCFLAGS += -I${UPNPROOT}/include
+	ifeq ($(USE_STATIC),yes)
+		LDLIBS += ${UPNPROOT}/lib/libminiupnpc.a
+	else
+		LDFLAGS += -L${UPNPROOT}/lib
+		LDLIBS += -lminiupnpc
+	endif
 endif
 
 # OSX Notes
 # http://www.hutsby.net/2011/08/macs-with-aes-ni.html
 # Seems like all recent Mac's have AES-NI, after firmware upgrade 2.2
 # Found no good way to detect it from command line. TODO: Might be some osx sysinfo magic
-# note from psi: 2009 macbook does not have aesni
-#ifeq ($(USE_AESNI),yes)
-#	CXXFLAGS += -maes -DAESNI
-#endif
+ifeq ($(USE_AESNI),yes)
+	CXXFLAGS += -maes -DAESNI
+endif
+ifeq ($(USE_AVX),1)
+	CXXFLAGS += -mavx
+endif
+
 
 # Disabled, since it will be the default make rule. I think its better
 # to define the default rule in Makefile and not Makefile.<ostype> - torkel

Makefile.linux

@@ -12,7 +12,7 @@ INCFLAGS ?=
 # detect proper flag for c++11 support by compilers
 CXXVER := $(shell $(CXX) -dumpversion)
 ifeq ($(shell expr match $(CXX) 'clang'),5)
-	NEEDED_CXXFLAGS += -std=c++11 
+	NEEDED_CXXFLAGS += -std=c++11
 else ifeq ($(shell expr match ${CXXVER} "4\.[0-9][0-9]"),4) # gcc >= 4.10
 	NEEDED_CXXFLAGS += -std=c++11
 else ifeq ($(shell expr match ${CXXVER} "4\.[7-9]"),3) # >= 4.7
@@ -21,8 +21,10 @@ else ifeq ($(shell expr match ${CXXVER} "4\.6"),3) # = 4.6
 	NEEDED_CXXFLAGS += -std=c++0x
 else ifeq ($(shell expr match ${CXXVER} "[5-7]\.[0-9]"),3) # gcc >= 5.0
 	NEEDED_CXXFLAGS += -std=c++11
+else ifeq ($(shell expr match ${CXXVER} "[7-8]"),1) # gcc 7 ubuntu or gcc 8 arch
+	NEEDED_CXXFLAGS += -std=c++11
 else # not supported
-	$(error Compiler too old)
+$(error Compiler too old)
 endif
 
 NEEDED_CXXFLAGS += -fPIC
@@ -58,7 +60,12 @@ endif
 ifeq ($(USE_AESNI),yes)
 #check if AES-NI is supported by CPU
 ifneq ($(shell $(GREP) -c aes /proc/cpuinfo),0)
-	CPU_FLAGS += -maes -DAESNI
+	machine := $(shell uname -m)
+	ifeq ($(machine), aarch64)
+		CXXFLAGS += -DARM64AES
+	else
+		CPU_FLAGS += -maes -DAESNI
+	endif
 endif
 endif
 

Makefile.mingw

@@ -4,8 +4,8 @@ WINDRES = windres
 CXXFLAGS = -Os -D_MT -DWIN32 -D_WINDOWS -DWIN32_LEAN_AND_MEAN
 NEEDED_CXXFLAGS = -std=c++11
 BOOST_SUFFIX = -mt
-INCFLAGS = -I/usr/include/ -I/usr/local/include/ -I. -Idaemon
-LDFLAGS = -Wl,-rpath,/usr/local/lib -Wl,-Bstatic -static-libgcc -static-libstdc++ -L/usr/local/lib
+INCFLAGS = -Idaemon -I.
+LDFLAGS = -s -Wl,-rpath,/usr/local/lib -Wl,-Bstatic -static-libgcc -static-libstdc++
 
 # UPNP Support
 ifeq ($(USE_UPNP),yes)
@@ -30,7 +30,7 @@ LDLIBS += \
 
 ifeq ($(USE_WIN32_APP), yes)
 	CXXFLAGS += -DWIN32_APP
-	LDFLAGS += -mwindows -s
+	LDFLAGS += -mwindows
 	DAEMON_RC += Win32/Resource.rc
 	DAEMON_OBJS += $(patsubst %.rc,obj/%.o,$(DAEMON_RC))
 endif
@@ -47,8 +47,7 @@ ifeq ($(USE_AVX),1)
 endif
 
 ifeq ($(USE_ASLR),yes)
-	LDFLAGS += -Wl,--nxcompat -Wl,--high-entropy-va \
-	-Wl,--dynamicbase,--export-all-symbols
+	LDFLAGS += -Wl,--nxcompat -Wl,--high-entropy-va -Wl,--dynamicbase,--export-all-symbols
 endif
 
 obj/%.o : %.rc

Makefile.osx

@@ -1,33 +1,33 @@
 CXX = clang++
 CXXFLAGS = -Os -Wall -std=c++11 -DMAC_OSX
 #CXXFLAGS = -g -O2 -Wall -std=c++11
-INCFLAGS = -I/usr/local/include 
+INCFLAGS = -I/usr/local/include
 LDFLAGS = -Wl,-rpath,/usr/local/lib -L/usr/local/lib
 
 ifeq ($(USE_STATIC),yes)
-LDLIBS = -lz /usr/local/lib/libcrypto.a /usr/local/lib/libssl.a /usr/local/lib/libboost_system.a /usr/local/lib/libboost_date_time.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread
+	LDLIBS = -lz /usr/local/lib/libcrypto.a /usr/local/lib/libssl.a /usr/local/lib/libboost_system.a /usr/local/lib/libboost_date_time.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread
 else
-LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
+	LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
 endif
 
 ifeq ($(USE_UPNP),yes)
-  LDFLAGS += -ldl
-  CXXFLAGS += -DUSE_UPNP
-ifeq ($(USE_STATIC),yes)
-  LDLIBS += /usr/local/lib/libminiupnpc.a
-else
-  LDLIBS += -lminiupnpc
-endif
+	LDFLAGS += -ldl
+	CXXFLAGS += -DUSE_UPNP
+	ifeq ($(USE_STATIC),yes)
+		LDLIBS += /usr/local/lib/libminiupnpc.a
+	else
+		LDLIBS += -lminiupnpc
+	endif
 endif
 
 ifeq ($(USE_AESNI),1)
-  CXXFLAGS += -maes -DAESNI
+	CXXFLAGS += -maes -DAESNI
 else
-  CXXFLAGS += -msse
+	CXXFLAGS += -msse
 endif
 
 ifeq ($(USE_AVX),1)
-  CXXFLAGS += -mavx
+	CXXFLAGS += -mavx
 endif
 
 # Disabled, since it will be the default make rule. I think its better

README.md

@@ -3,27 +3,27 @@ i2pd
 
 [Русская версия](https://github.com/PurpleI2P/i2pd_docs_ru/blob/master/README.md)
 
-i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client.
+i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client.  
 
-I2P (Invisible Internet Protocol) is a universal anonymous network layer. 
+I2P (Invisible Internet Protocol) is a universal anonymous network layer.  
 All communications over I2P are anonymous and end-to-end encrypted, participants
-don't reveal their real IP addresses. 
+don't reveal their real IP addresses.  
 
-I2P client is a software used for building and using anonymous I2P 
-networks. Such networks are commonly used for anonymous peer-to-peer 
-applications (filesharing, cryptocurrencies) and anonymous client-server 
-applications (websites, instant messengers, chat-servers).
+I2P client is a software used for building and using anonymous I2P
+networks. Such networks are commonly used for anonymous peer-to-peer
+applications (filesharing, cryptocurrencies) and anonymous client-server
+applications (websites, instant messengers, chat-servers).  
 
 I2P allows people from all around the world to communicate and share information
-without restrictions.
+without restrictions.  
 
 Features
 --------
 
-* Distributed anonymous networking framework
-* End-to-end encrypted communications
-* Small footprint, simple dependencies, fast performance
-* Rich set of APIs for developers of secure applications
+* Distributed anonymous networking framework  
+* End-to-end encrypted communications  
+* Small footprint, simple dependencies, fast performance  
+* Rich set of APIs for developers of secure applications  
 
 Resources
 ---------
@@ -38,10 +38,10 @@ Resources
 Installing
 ----------
 
-The easiest way to install i2pd is by using 
-[precompiled binaries](https://github.com/PurpleI2P/i2pd/releases/latest). 
-See [documentation](https://i2pd.readthedocs.io/en/latest/) for how to build 
-i2pd from source on your OS.
+The easiest way to install i2pd is by using
+[precompiled binaries](https://github.com/PurpleI2P/i2pd/releases/latest).
+See [documentation](https://i2pd.readthedocs.io/en/latest/) for how to build
+i2pd from source on your OS.  
 
 
 Build instructions:
@@ -54,32 +54,33 @@ Build instructions:
 
 **Supported systems:**
 
-* GNU/Linux x86/x64  - [![Build Status](https://travis-ci.org/PurpleI2P/i2pd.svg?branch=openssl)](https://travis-ci.org/PurpleI2P/i2pd)  
-* Windows        - [![Build status](https://ci.appveyor.com/api/projects/status/1908qe4p48ff1x23?svg=true)](https://ci.appveyor.com/project/PurpleI2P/i2pd)  
-* Mac OS X
+* GNU/Linux x86/x64		- [![Build Status](https://travis-ci.org/PurpleI2P/i2pd.svg?branch=openssl)](https://travis-ci.org/PurpleI2P/i2pd)
+* Windows				- [![Build status](https://ci.appveyor.com/api/projects/status/1908qe4p48ff1x23?svg=true)](https://ci.appveyor.com/project/PurpleI2P/i2pd)
+* Mac OS X				- [![Build Status](https://travis-ci.org/PurpleI2P/i2pd.svg?branch=openssl)](https://travis-ci.org/PurpleI2P/i2pd)
+* CentOS / Fedora		- [![Build Status](https://copr.fedorainfracloud.org/coprs/supervillain/i2pd/package/i2pd-git/status_image/last_build.png)](https://copr.fedorainfracloud.org/coprs/supervillain/i2pd/package/i2pd-git/)
+* Docker image     - [![Build Status](https://dockerbuildbadges.quelltext.eu/status.svg?organization=meeh&repository=i2pd)](https://hub.docker.com/r/meeh/i2pd/builds/)
 * FreeBSD
-* Android 
+* Android
 * iOS
 
 Using i2pd
 ----------
 
-See [documentation](https://i2pd.readthedocs.io/en/latest/user-guide/run/) and 
+See [documentation](https://i2pd.readthedocs.io/en/latest/user-guide/run/) and
 [example config file](https://github.com/PurpleI2P/i2pd/blob/openssl/contrib/i2pd.conf).
 
 Donations
 ---------
 
-BTC: 1K7Ds6KUeR8ya287UC4rYTjvC96vXyZbDY   
-ZEC: t1cTckLuXsr1dwVrK4NDzfhehss4NvMadAJ  
-DASH: Xw8YUrQpYzP9tZBmbjqxS3M97Q7v3vJKUF   
+BTC: 3MDoGJW9TLMTCDGrR9bLgWXfm6sjmgy86f  
 LTC: LKQirrYrDeTuAPnpYq5y7LVKtywfkkHi59  
-DOGE: DNXLQKziRPAsD9H3DFNjk4fLQrdaSX893Y  
-ANC: AQJYweYYUqM1nVfLqfoSMpUMfzxvS4Xd7z   
+ETH: 0x9e5bac70d20d1079ceaa111127f4fb3bccce379d  
+DASH: Xw8YUrQpYzP9tZBmbjqxS3M97Q7v3vJKUF  
+ZEC: t1cTckLuXsr1dwVrK4NDzfhehss4NvMadAJ  
 GST: GbD2JSQHBHCKLa9WTHmigJRpyFgmBj4woG  
 
 License
 -------
 
 This project is licensed under the BSD 3-clause license, which can be found in the file
-LICENSE in the root of the project source code.
+LICENSE in the root of the project source code.  

Win32/DaemonWin32.cpp

@@ -6,7 +6,6 @@
 #include "Log.h"
 
 #ifdef _WIN32
-
 #include "Win32/Win32Service.h"
 #ifdef WIN32_APP
 #include "Win32/Win32App.h"
@@ -14,99 +13,101 @@
 
 namespace i2p
 {
-	namespace util
+namespace util
+{
+	bool DaemonWin32::init(int argc, char* argv[])
 	{
-		bool DaemonWin32::init(int argc, char* argv[])
+		setlocale(LC_CTYPE, "");
+		SetConsoleCP(1251);
+		SetConsoleOutputCP(1251);
+		setlocale(LC_ALL, "Russian");
+		setlocale(LC_TIME, "C");
+
+		if (!Daemon_Singleton::init(argc, argv))
+			return false;
+
+		std::string serviceControl; i2p::config::GetOption("svcctl", serviceControl);
+		if (serviceControl == "install")
 		{
-			setlocale(LC_CTYPE, "");
-			SetConsoleCP(1251);
-			SetConsoleOutputCP(1251);
-			setlocale(LC_ALL, "Russian");
-
-			if (!Daemon_Singleton::init(argc, argv))
-				return false;
-
-			std::string serviceControl; i2p::config::GetOption("svcctl", serviceControl);
-			if (serviceControl == "install")
-			{
-				LogPrint(eLogInfo, "WinSVC: installing ", SERVICE_NAME, " as service");
-				InstallService(
-					SERVICE_NAME,               // Name of service
-					SERVICE_DISPLAY_NAME,       // Name to display
-					SERVICE_START_TYPE,         // Service start type
-					SERVICE_DEPENDENCIES,       // Dependencies
-					SERVICE_ACCOUNT,            // Service running account
-					SERVICE_PASSWORD            // Password of the account
-					);
-				return false;
-			}
-			else if (serviceControl == "remove")
-			{
-				LogPrint(eLogInfo, "WinSVC: uninstalling ", SERVICE_NAME, " service");
-				UninstallService(SERVICE_NAME);
-				return false;
-			}
-
-			if (isDaemon)
-			{
-				LogPrint(eLogDebug, "Daemon: running as service");
-				I2PService service(SERVICE_NAME);
-				if (!I2PService::Run(service))
-				{
-					LogPrint(eLogError, "Daemon: Service failed to run w/err 0x%08lx\n", GetLastError());
-					return false;
-				}
-				return false;
-			}
-			else
-				LogPrint(eLogDebug, "Daemon: running as user");
-			return true;
+			LogPrint(eLogInfo, "WinSVC: installing ", SERVICE_NAME, " as service");
+			InstallService(
+				SERVICE_NAME,               // Name of service
+				SERVICE_DISPLAY_NAME,       // Name to display
+				SERVICE_START_TYPE,         // Service start type
+				SERVICE_DEPENDENCIES,       // Dependencies
+				SERVICE_ACCOUNT,            // Service running account
+				SERVICE_PASSWORD            // Password of the account
+				);
+			return false;
+		}
+		else if (serviceControl == "remove")
+		{
+			LogPrint(eLogInfo, "WinSVC: uninstalling ", SERVICE_NAME, " service");
+			UninstallService(SERVICE_NAME);
+			return false;
 		}
 
-		bool DaemonWin32::start()
+		if (isDaemon)
 		{
-			setlocale(LC_CTYPE, "");
-			SetConsoleCP(1251);
-			SetConsoleOutputCP(1251);
-			setlocale(LC_ALL, "Russian");
-#ifdef WIN32_APP
-			if (!i2p::win32::StartWin32App ()) return false;
+			LogPrint(eLogDebug, "Daemon: running as service");
+			I2PService service(SERVICE_NAME);
+			if (!I2PService::Run(service))
+			{
+				LogPrint(eLogError, "Daemon: Service failed to run w/err 0x%08lx\n", GetLastError());
+				return false;
+			}
+			return false;
+		}
+		else
+			LogPrint(eLogDebug, "Daemon: running as user");
+		return true;
+	}
 
-			// override log
-			i2p::config::SetOption("log", std::string ("file"));
+	bool DaemonWin32::start()
+	{
+		setlocale(LC_CTYPE, "");
+		SetConsoleCP(1251);
+		SetConsoleOutputCP(1251);
+		setlocale(LC_ALL, "Russian");
+		setlocale(LC_TIME, "C");
+#ifdef WIN32_APP
+		if (!i2p::win32::StartWin32App ()) return false;
+
+		// override log
+		i2p::config::SetOption("log", std::string ("file"));
 #endif
-			bool ret = Daemon_Singleton::start();
-			if (ret && i2p::log::Logger().GetLogType() == eLogFile)
-			{
-				// TODO: find out where this garbage to console comes from
-				SetStdHandle(STD_OUTPUT_HANDLE, INVALID_HANDLE_VALUE);
-				SetStdHandle(STD_ERROR_HANDLE, INVALID_HANDLE_VALUE);
-			}
-			bool insomnia; i2p::config::GetOption("insomnia", insomnia);
-			if (insomnia)
-				SetThreadExecutionState(ES_CONTINUOUS | ES_SYSTEM_REQUIRED);
-			return ret;
-		}
-
-		bool DaemonWin32::stop()
+		bool ret = Daemon_Singleton::start();
+		if (ret && i2p::log::Logger().GetLogType() == eLogFile)
 		{
+			// TODO: find out where this garbage to console comes from
+			SetStdHandle(STD_OUTPUT_HANDLE, INVALID_HANDLE_VALUE);
+			SetStdHandle(STD_ERROR_HANDLE, INVALID_HANDLE_VALUE);
+		}
+		bool insomnia; i2p::config::GetOption("insomnia", insomnia);
+		if (insomnia)
+			SetThreadExecutionState(ES_CONTINUOUS | ES_SYSTEM_REQUIRED);
+		return ret;
+	}
+
+	bool DaemonWin32::stop()
+	{
 #ifdef WIN32_APP
-			i2p::win32::StopWin32App ();
+		i2p::win32::StopWin32App ();
 #endif
-			return Daemon_Singleton::stop();
-		}
+		return Daemon_Singleton::stop();
+	}
 
-		void DaemonWin32::run ()
-		{
+	void DaemonWin32::run ()
+	{
 #ifdef WIN32_APP
-			i2p::win32::RunWin32App ();
+		i2p::win32::RunWin32App ();
 #else
-		 while (running)
+		while (running)
 		{
 			std::this_thread::sleep_for (std::chrono::seconds(1));
 		}
 #endif
-		}
 	}
 }
-#endif
+}
+#endif //_WIN32

Win32/Win32App.cpp

@@ -9,6 +9,7 @@
 #include "Tunnel.h"
 #include "version.h"
 #include "resource.h"
+#include "Daemon.h"
 #include "Win32App.h"
 #include <stdio.h>
 
@@ -21,6 +22,8 @@
 #define ID_CONSOLE 2002
 #define ID_APP 2003
 #define ID_GRACEFUL_SHUTDOWN 2004
+#define ID_STOP_GRACEFUL_SHUTDOWN 2005
+#define ID_RELOAD 2006
 
 #define ID_TRAY_ICON 2050
 #define WM_TRAYICON (WM_USER + 1)
@@ -39,7 +42,11 @@ namespace win32
 		InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_APP, "Show app");
 		InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_ABOUT, "&About...");
 		InsertMenu (hPopup, -1, MF_BYPOSITION | MF_SEPARATOR, 0, NULL);
-		InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_GRACEFUL_SHUTDOWN, "&Graceful shutdown");
+		InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_RELOAD, "&Reload configs");
+		if (!i2p::util::DaemonWin32::Instance ().isGraceful)
+			InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_GRACEFUL_SHUTDOWN, "&Graceful shutdown");
+		else
+			InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_STOP_GRACEFUL_SHUTDOWN, "&Stop graceful shutdown");
 		InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_EXIT, "E&xit");
 		SetMenuDefaultItem (hPopup, ID_CONSOLE, FALSE);
 		SendMessage (hWnd, WM_INITMENUPOPUP, (WPARAM)hPopup, 0);
@@ -68,7 +75,7 @@ namespace win32
 		nid.uCallbackMessage = WM_TRAYICON;
 		nid.hIcon = LoadIcon (GetModuleHandle(NULL), MAKEINTRESOURCE (MAINICON));
 		strcpy (nid.szTip, "i2pd");
-		strcpy (nid.szInfo, "i2pd is running");
+		strcpy (nid.szInfo, "i2pd is starting");
 		Shell_NotifyIcon(NIM_ADD, &nid );
 	}
 
@@ -120,6 +127,7 @@ namespace win32
 
 	static void PrintMainWindowText (std::stringstream& s)
 	{
+		s << "\n";
 		s << "Status: ";
 		switch (i2p::context.GetStatus())
 		{
@@ -153,6 +161,7 @@ namespace win32
 		s << "In: " << i2p::tunnel::tunnels.CountInboundTunnels() << "; ";
 		s << "Out: " << i2p::tunnel::tunnels.CountOutboundTunnels() << "; ";
 		s << "Transit: " << i2p::tunnel::tunnels.CountTransitTunnels() << "\n";
+		s << "\n";
 	}
 
 	static LRESULT CALLBACK WndProc (HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
@@ -192,6 +201,22 @@ namespace win32
 					{
 						i2p::context.SetAcceptsTunnels (false);
 						SetTimer (hWnd, IDT_GRACEFUL_SHUTDOWN_TIMER, 10*60*1000, nullptr); // 10 minutes
+						i2p::util::DaemonWin32::Instance ().isGraceful = true;
+						return 0;
+					}
+					case ID_STOP_GRACEFUL_SHUTDOWN:
+					{
+						i2p::context.SetAcceptsTunnels (true);
+						KillTimer (hWnd, IDT_GRACEFUL_SHUTDOWN_TIMER);
+						i2p::util::DaemonWin32::Instance ().isGraceful = false;
+						return 0;
+					}
+					case ID_RELOAD:
+					{
+						i2p::client::context.ReloadConfig();
+						std::stringstream text;
+						text << "I2Pd reloading configs...";
+						MessageBox( hWnd, TEXT(text.str ().c_str ()), TEXT("i2pd"), MB_ICONINFORMATION | MB_OK );
 						return 0;
 					}
 					case ID_CONSOLE:
@@ -322,7 +347,7 @@ namespace win32
 		wclx.lpszClassName = I2PD_WIN32_CLASSNAME;
 		RegisterClassEx (&wclx);
 		// create new window
-		if (!CreateWindow(I2PD_WIN32_CLASSNAME, TEXT("i2pd"), WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX, 100, 100, 350, 180, NULL, NULL, hInst, NULL))
+		if (!CreateWindow(I2PD_WIN32_CLASSNAME, TEXT("i2pd"), WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX, 100, 100, 350, 210, NULL, NULL, hInst, NULL))
 		{
 			MessageBox(NULL, "Failed to create main window", TEXT("Warning!"), MB_ICONERROR | MB_OK | MB_TOPMOST);
 			return false;
@@ -343,6 +368,9 @@ namespace win32
 
 	void StopWin32App ()
 	{
+		HWND hWnd = FindWindow (I2PD_WIN32_CLASSNAME, TEXT("i2pd"));
+		if (hWnd)
+			PostMessage (hWnd, WM_COMMAND, MAKEWPARAM(ID_EXIT, 0), 0);
 		UnregisterClass (I2PD_WIN32_CLASSNAME, GetModuleHandle(NULL));
 	}
 
@@ -350,8 +378,17 @@ namespace win32
 	{
 		HWND hWnd = FindWindow (I2PD_WIN32_CLASSNAME, TEXT("i2pd"));
 		if (hWnd)
-		PostMessage (hWnd, WM_COMMAND, MAKEWPARAM(ID_GRACEFUL_SHUTDOWN, 0), 0);
+			PostMessage (hWnd, WM_COMMAND, MAKEWPARAM(ID_GRACEFUL_SHUTDOWN, 0), 0);
 		return hWnd;
 	}
+
+	bool StopGracefulShutdown ()
+	{
+		HWND hWnd = FindWindow (I2PD_WIN32_CLASSNAME, TEXT("i2pd"));
+		if (hWnd)
+			PostMessage (hWnd, WM_COMMAND, MAKEWPARAM(ID_STOP_GRACEFUL_SHUTDOWN, 0), 0);
+		return hWnd;
+	}
+
 }
 }

Win32/Win32App.h

@@ -7,10 +7,11 @@ namespace i2p
 {
 namespace win32
 {
-    bool StartWin32App ();
-    void StopWin32App ();
-    int RunWin32App ();
-    bool GracefulShutdown ();
+	bool StartWin32App ();
+	void StopWin32App ();
+	int RunWin32App ();
+	bool GracefulShutdown ();
+	bool StopGracefulShutdown ();
 }
 }
 #endif // WIN32APP_H__

Win32/Win32Service.cpp

@@ -15,7 +15,6 @@ I2PService *I2PService::s_service = NULL;
 BOOL I2PService::isService()
 {
 	BOOL bIsService = FALSE;
-
 	HWINSTA hWinStation = GetProcessWindowStation();
 	if (hWinStation != NULL)
 	{
@@ -31,28 +30,23 @@ BOOL I2PService::isService()
 BOOL I2PService::Run(I2PService &service)
 {
 	s_service = &service;
-
 	SERVICE_TABLE_ENTRY serviceTable[] =
 	{
 		{ service.m_name, ServiceMain },
 		{ NULL, NULL }
 	};
-
 	return StartServiceCtrlDispatcher(serviceTable);
 }
 
-
 void WINAPI I2PService::ServiceMain(DWORD dwArgc, PSTR *pszArgv)
 {
 	assert(s_service != NULL);
-
 	s_service->m_statusHandle = RegisterServiceCtrlHandler(
 		s_service->m_name, ServiceCtrlHandler);
 	if (s_service->m_statusHandle == NULL)
 	{
 		throw GetLastError();
 	}
-
 	s_service->Start(dwArgc, pszArgv);
 }
 
@@ -61,12 +55,12 @@ void WINAPI I2PService::ServiceCtrlHandler(DWORD dwCtrl)
 {
 	switch (dwCtrl)
 	{
-	case SERVICE_CONTROL_STOP: s_service->Stop(); break;
-	case SERVICE_CONTROL_PAUSE: s_service->Pause(); break;
-	case SERVICE_CONTROL_CONTINUE: s_service->Continue(); break;
-	case SERVICE_CONTROL_SHUTDOWN: s_service->Shutdown(); break;
-	case SERVICE_CONTROL_INTERROGATE: break;
-	default: break;
+		case SERVICE_CONTROL_STOP: s_service->Stop(); break;
+		case SERVICE_CONTROL_PAUSE: s_service->Pause(); break;
+		case SERVICE_CONTROL_CONTINUE: s_service->Continue(); break;
+		case SERVICE_CONTROL_SHUTDOWN: s_service->Shutdown(); break;
+		case SERVICE_CONTROL_INTERROGATE: break;
+		default: break;
 	}
 }
 
@@ -76,11 +70,8 @@ I2PService::I2PService(PSTR pszServiceName,
 	BOOL fCanPauseContinue)
 {
 	m_name = (pszServiceName == NULL) ? (PSTR)"" : pszServiceName;
-
 	m_statusHandle = NULL;
-
 	m_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
-
 	m_status.dwCurrentState = SERVICE_START_PENDING;
 
 	DWORD dwControlsAccepted = 0;
@@ -90,15 +81,13 @@ I2PService::I2PService(PSTR pszServiceName,
 		dwControlsAccepted |= SERVICE_ACCEPT_SHUTDOWN;
 	if (fCanPauseContinue)
 		dwControlsAccepted |= SERVICE_ACCEPT_PAUSE_CONTINUE;
-	m_status.dwControlsAccepted = dwControlsAccepted;
 
+	m_status.dwControlsAccepted = dwControlsAccepted;
 	m_status.dwWin32ExitCode = NO_ERROR;
 	m_status.dwServiceSpecificExitCode = 0;
 	m_status.dwCheckPoint = 0;
 	m_status.dwWaitHint = 0;
-
 	m_fStopping = FALSE;
-
 	// Create a manual-reset event that is not signaled at first to indicate
 	// the stopped signal of the service.
 	m_hStoppedEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
@@ -108,7 +97,6 @@ I2PService::I2PService(PSTR pszServiceName,
 	}
 }
 
-
 I2PService::~I2PService(void)
 {
 	if (m_hStoppedEvent)
@@ -118,92 +106,73 @@ I2PService::~I2PService(void)
 	}
 }
 
-
 void I2PService::Start(DWORD dwArgc, PSTR *pszArgv)
 {
 	try
 	{
 		SetServiceStatus(SERVICE_START_PENDING);
-
 		OnStart(dwArgc, pszArgv);
-
 		SetServiceStatus(SERVICE_RUNNING);
 	}
 	catch (DWORD dwError)
 	{
 		LogPrint(eLogError, "Win32Service Start", dwError);
-
 		SetServiceStatus(SERVICE_STOPPED, dwError);
 	}
 	catch (...)
 	{
 		LogPrint(eLogError, "Win32Service failed to start.", EVENTLOG_ERROR_TYPE);
-
 		SetServiceStatus(SERVICE_STOPPED);
 	}
 }
 
-
 void I2PService::OnStart(DWORD dwArgc, PSTR *pszArgv)
 {
 	LogPrint(eLogInfo, "Win32Service in OnStart", EVENTLOG_INFORMATION_TYPE);
-
 	Daemon.start();
-
 	//i2p::util::config::OptionParser(dwArgc, pszArgv);
 	//i2p::util::filesystem::ReadConfigFile(i2p::util::config::mapArgs, i2p::util::config::mapMultiArgs);
 	//i2p::context.OverrideNTCPAddress(i2p::util::config::GetCharArg("-host", "127.0.0.1"),
 	//	i2p::util::config::GetArg("-port", 17070));
-
 	_worker = new std::thread(std::bind(&I2PService::WorkerThread, this));
 }
 
-
 void I2PService::WorkerThread()
 {
 	while (!m_fStopping)
 	{
 		::Sleep(1000); // Simulate some lengthy operations.
 	}
-
 	// Signal the stopped event.
 	SetEvent(m_hStoppedEvent);
 }
 
-
 void I2PService::Stop()
 {
 	DWORD dwOriginalState = m_status.dwCurrentState;
 	try
 	{
 		SetServiceStatus(SERVICE_STOP_PENDING);
-
 		OnStop();
-
 		SetServiceStatus(SERVICE_STOPPED);
 	}
 	catch (DWORD dwError)
 	{
 		LogPrint(eLogInfo, "Win32Service Stop", dwError);
-
 		SetServiceStatus(dwOriginalState);
 	}
 	catch (...)
 	{
 		LogPrint(eLogError, "Win32Service failed to stop.", EVENTLOG_ERROR_TYPE);
-
 		SetServiceStatus(dwOriginalState);
 	}
 }
 
-
 void I2PService::OnStop()
 {
 	// Log a service stop message to the Application log.
 	LogPrint(eLogInfo, "Win32Service in OnStop", EVENTLOG_INFORMATION_TYPE);
-
 	Daemon.stop();
-
 	m_fStopping = TRUE;
 	if (WaitForSingleObject(m_hStoppedEvent, INFINITE) != WAIT_OBJECT_0)
 	{
@@ -213,57 +182,46 @@ void I2PService::OnStop()
 	delete _worker;
 }
 
-
 void I2PService::Pause()
 {
 	try
 	{
 		SetServiceStatus(SERVICE_PAUSE_PENDING);
-
 		OnPause();
-
 		SetServiceStatus(SERVICE_PAUSED);
 	}
 	catch (DWORD dwError)
 	{
 		LogPrint(eLogError, "Win32Service Pause", dwError);
-
 		SetServiceStatus(SERVICE_RUNNING);
 	}
 	catch (...)
 	{
 		LogPrint(eLogError, "Win32Service failed to pause.", EVENTLOG_ERROR_TYPE);
-
 		SetServiceStatus(SERVICE_RUNNING);
 	}
 }
 
-
 void I2PService::OnPause()
 {
 }
 
-
 void I2PService::Continue()
 {
 	try
 	{
 		SetServiceStatus(SERVICE_CONTINUE_PENDING);
-
 		OnContinue();
-
 		SetServiceStatus(SERVICE_RUNNING);
 	}
 	catch (DWORD dwError)
 	{
 		LogPrint(eLogError, "Win32Service Continue", dwError);
-
 		SetServiceStatus(SERVICE_PAUSED);
 	}
 	catch (...)
 	{
 		LogPrint(eLogError, "Win32Service failed to resume.", EVENTLOG_ERROR_TYPE);
-
 		SetServiceStatus(SERVICE_PAUSED);
 	}
 }
@@ -277,7 +235,6 @@ void I2PService::Shutdown()
 	try
 	{
 		OnShutdown();
-
 		SetServiceStatus(SERVICE_STOPPED);
 	}
 	catch (DWORD dwError)
@@ -299,11 +256,9 @@ void I2PService::SetServiceStatus(DWORD dwCurrentState,
 	DWORD dwWaitHint)
 {
 	static DWORD dwCheckPoint = 1;
-
 	m_status.dwCurrentState = dwCurrentState;
 	m_status.dwWin32ExitCode = dwWin32ExitCode;
 	m_status.dwWaitHint = dwWaitHint;
-
 	m_status.dwCheckPoint =
 		((dwCurrentState == SERVICE_RUNNING) ||
 		(dwCurrentState == SERVICE_STOPPED)) ?
@@ -328,7 +283,7 @@ void FreeHandles(SC_HANDLE schSCManager, SC_HANDLE schService)
 	}
 }
 
-void InstallService(PSTR pszServiceName, PSTR pszDisplayName, DWORD dwStartType, PSTR pszDependencies, PSTR pszAccount, PSTR pszPassword)
+void InstallService(PCSTR pszServiceName, PCSTR pszDisplayName, DWORD dwStartType, PCSTR pszDependencies, PCSTR pszAccount, PCSTR pszPassword)
 {
 	printf("Try to install Win32Service (%s).\n", pszServiceName);
 
@@ -383,7 +338,7 @@ void InstallService(PSTR pszServiceName, PSTR pszDisplayName, DWORD dwStartType,
 	FreeHandles(schSCManager, schService);
 }
 
-void UninstallService(PSTR pszServiceName)
+void UninstallService(PCSTR pszServiceName)
 {
 	printf("Try to uninstall Win32Service (%s).\n", pszServiceName);
 

Win32/Win32Service.h

@@ -4,7 +4,6 @@
 #include <thread>
 #include <windows.h>
 
-
 #ifdef _WIN32
 // Internal name of the service
 #define SERVICE_NAME             "i2pdService"
@@ -25,7 +24,6 @@
 #define SERVICE_PASSWORD         NULL
 #endif
 
-
 class I2PService
 {
 public:
@@ -72,13 +70,15 @@ private:
 	std::thread* _worker;
 };
 
-void InstallService(PSTR pszServiceName,
-	PSTR pszDisplayName,
+void InstallService(
+	PCSTR pszServiceName,
+	PCSTR pszDisplayName,
 	DWORD dwStartType,
-	PSTR pszDependencies,
-	PSTR pszAccount,
-	PSTR pszPassword);
+	PCSTR pszDependencies,
+	PCSTR pszAccount,
+	PCSTR pszPassword
+	);
 
-void UninstallService(PSTR pszServiceName);
+void UninstallService(PCSTR pszServiceName);
 
 #endif // WIN_32_SERVICE_H__

Win32/installer.iss

@@ -1,5 +1,5 @@
 #define I2Pd_AppName "i2pd"
-#define I2Pd_ver "2.15.0"
+#define I2Pd_ver "2.19.0"
 #define I2Pd_Publisher "PurpleI2P"
 
 [Setup]

android/.gitignore

@@ -5,4 +5,11 @@ ant.properties
 local.properties
 build.sh
 bin
-log*
+log*
+.gradle
+android.iml
+build
+gradle
+gradlew
+gradlew.bat
+

android/AndroidManifest.xml

@@ -1,26 +1,56 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
-      package="org.purplei2p.i2pd"
-      android:versionCode="1"
-      android:versionName="2.15.0"
-	  android:installLocation="auto">
-    <uses-sdk android:minSdkVersion="14" android:targetSdkVersion="25"/>
-	<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
-    <uses-permission android:name="android.permission.INTERNET"/>
-    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
-	<application android:label="@string/app_name" android:allowBackup="true" android:icon="@drawable/icon">
-	    <receiver android:name=".NetworkStateChangeReceiver">
-	        <intent-filter>
-	            <action android:name="android.net.conn.CONNECTIVITY_CHANGE"/>
-	        </intent-filter>
-	    </receiver>
-	    <activity android:name=".I2PD"
-                  android:label="@string/app_name">
+    package="org.purplei2p.i2pd"
+    android:installLocation="auto"
+    android:versionCode="1"
+    android:versionName="2.19.0">
+
+    <uses-sdk
+        android:minSdkVersion="14"
+        android:targetSdkVersion="25" />
+
+    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
+    <uses-permission android:name="android.permission.INTERNET" /> <!-- normal perm, per https://developer.android.com/guide/topics/permissions/normal-permissions.html -->
+    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
+    <uses-permission android:name="android.permission.READ_PHONE_STATE" />
+    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" /> <!-- normal perm -->
+    <application
+        android:allowBackup="true"
+        android:icon="@drawable/icon"
+        android:label="@string/app_name"
+        android:theme="@android:style/Theme.Holo.Light.DarkActionBar"
+        >
+        <receiver android:name=".NetworkStateChangeReceiver">
+            <intent-filter>
+                <action android:name="android.net.conn.CONNECTIVITY_CHANGE" />
+            </intent-filter>
+        </receiver>
+
+        <activity
+            android:name=".I2PDPermsAskerActivity"
+            android:label="@string/app_name">
             <intent-filter>
                 <action android:name="android.intent.action.MAIN" />
+
                 <category android:name="android.intent.category.LAUNCHER" />
             </intent-filter>
         </activity>
-        <service android:enabled="true" android:name=".ForegroundService"/>
+        <activity
+            android:name=".I2PDActivity"
+            android:label="@string/app_name" />
+
+        <service
+            android:name=".ForegroundService"
+            android:enabled="true" />
+
+        <activity
+            android:name=".I2PDPermsExplanationActivity"
+            android:label="@string/title_activity_i2_pdperms_asker_prompt"
+            android:parentActivityName=".I2PDPermsAskerActivity">
+            <meta-data
+                android:name="android.support.PARENT_ACTIVITY"
+                android:value="org.purplei2p.i2pd.I2PDPermsAskerActivity" />
+        </activity>
     </application>
-</manifest> 
+
+</manifest>

android/build.gradle

@@ -0,0 +1,64 @@
+buildscript {
+    repositories {
+        mavenCentral()
+        jcenter()
+    }
+    dependencies {
+        classpath 'com.android.tools.build:gradle:2.3.3'
+    }
+}
+
+apply plugin: 'com.android.application'
+
+repositories {
+    jcenter()
+    maven {
+        url 'https://maven.google.com'
+    }
+}
+
+android {
+    compileSdkVersion 25
+    buildToolsVersion "25.0.3"
+    defaultConfig {
+        applicationId "org.purplei2p.i2pd"
+        targetSdkVersion 25
+        minSdkVersion 14
+        versionCode 1
+        versionName "2.19.0"
+        ndk {
+            abiFilters 'armeabi-v7a'
+            //abiFilters 'x86'
+        }
+    }
+    sourceSets {
+        main {
+            manifest.srcFile 'AndroidManifest.xml'
+            java.srcDirs = ['src']
+            res.srcDirs = ['res']
+            jniLibs.srcDirs = ['libs']
+        }
+    }
+    signingConfigs {
+        orignal {
+            storeFile file("i2pdapk.jks")
+            storePassword "android"
+            keyAlias "i2pdapk"
+            keyPassword "android"
+        }
+    }
+    buildTypes {
+        release {
+            minifyEnabled true
+            signingConfig signingConfigs.orignal
+            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-project.txt'
+        }
+    }
+    externalNativeBuild {
+        ndkBuild {
+            path './jni/Android.mk'
+        }
+    }
+}
+
+

android/jni/Application.mk

@@ -1,6 +1,7 @@
 #APP_ABI := all
 #APP_ABI := armeabi-v7a x86
 #APP_ABI := x86
+#APP_ABI := x86_64
 APP_ABI := armeabi-v7a
 #can be android-3 but will fail for x86 since arch-x86 is not present at ndkroot/platforms/android-3/ . libz is taken from there.
 APP_PLATFORM := android-14
@@ -10,7 +11,7 @@ NDK_TOOLCHAIN_VERSION := 4.9
 # APP_STL := stlport_shared  --> does not seem to contain C++11 features
 APP_STL := gnustl_shared
 
-# Enable c++11 extentions in source code
+# Enable c++11 extensions in source code
 APP_CPPFLAGS += -std=c++11
 
 APP_CPPFLAGS += -DANDROID -D__ANDROID__ -DUSE_UPNP
@@ -18,7 +19,8 @@ ifeq ($(TARGET_ARCH_ABI),armeabi-v7a)
 APP_CPPFLAGS += -DANDROID_ARM7A
 endif
 
-APP_OPTIM  := debug
+# Forcing debug optimization. Use `ndk-build NDK_DEBUG=1` instead.
+#APP_OPTIM  := debug
 
 # git clone https://github.com/PurpleI2P/Boost-for-Android-Prebuilt.git
 # git clone https://github.com/PurpleI2P/OpenSSL-for-Android-Prebuilt.git

android/res/layout/activity_perms_asker.xml

@@ -0,0 +1,27 @@
+<LinearLayout android:id="@+id/main_layout"
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    android:orientation="vertical"
+    android:paddingBottom="@dimen/vertical_page_margin"
+    android:paddingLeft="@dimen/horizontal_page_margin"
+    android:paddingRight="@dimen/horizontal_page_margin"
+    android:paddingTop="@dimen/vertical_page_margin"
+    tools:context=".I2PDPermsAskerActivity">
+
+    <TextView
+        android:id="@+id/textview_retry"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:layout_marginBottom="@dimen/horizontal_page_margin"
+        android:visibility="gone"
+        />
+
+    <Button
+        android:id="@+id/button_request_write_ext_storage_perms"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:text="Retry requesting the SD card write permissions"
+        android:visibility="gone"/>
+</LinearLayout>

android/res/layout/activity_perms_explanation.xml

@@ -0,0 +1,27 @@
+<LinearLayout android:id="@+id/layout_prompt"
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    android:orientation="vertical"
+    android:paddingBottom="@dimen/vertical_page_margin"
+    android:paddingLeft="@dimen/horizontal_page_margin"
+    android:paddingRight="@dimen/horizontal_page_margin"
+    android:paddingTop="@dimen/vertical_page_margin"
+    tools:context=".I2PDPermsAskerActivity">
+
+    <TextView
+        android:id="@+id/textview_explanation"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:layout_marginBottom="@dimen/horizontal_page_margin"
+        android:text="SD card write access is required to write the keys and other files to the I2PD folder on SD card."
+        />
+
+    <Button
+        android:id="@+id/button_ok"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:text="OK"
+        />
+</LinearLayout>

android/res/menu/options_main.xml

@@ -1,16 +1,16 @@
-<menu 
+<menu
     xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:app="http://schemas.android.com/apk/res-auto"
-    xmlns:tools="http://schemas.android.com/tools" 
-    tools:context=".I2PD">
+    xmlns:tools="http://schemas.android.com/tools"
+    tools:context=".I2PDActivity">
     <item
-        android:id="@+id/action_graceful_quit"
-        android:title="@string/action_graceful_quit"
+        android:id="@+id/action_graceful_stop"
+        android:title="@string/action_graceful_stop"
         android:orderInCategory="98"
         />
     <item
-        android:id="@+id/action_quit"
-        android:title="@string/action_quit"
+        android:id="@+id/action_stop"
+        android:title="@string/action_stop"
         android:orderInCategory="99"
         />
 </menu>

android/res/values/strings.xml

@@ -1,11 +1,18 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources>
     <string name="app_name">i2pd</string>
-    <string name="i2pd_started">i2pd started</string>
-    <string name="i2pd_service_started">i2pd service started</string>
-    <string name="i2pd_service_stopped">i2pd service stopped</string>
-    <string name="action_quit">Quit</string>
-    <string name="action_graceful_quit">Graceful Quit</string>
-    <string name="graceful_quit_is_already_in_progress">Graceful quit is already in progress</string>
-    <string name="graceful_quit_is_in_progress">Graceful quit is in progress</string>
+    <string name="action_stop">Stop</string>
+    <string name="action_graceful_stop">Graceful Stop</string>
+    <string name="graceful_stop_is_already_in_progress">Graceful stop is already in progress</string>
+    <string name="graceful_stop_is_in_progress">Graceful stop is in progress</string>
+    <string name="already_stopped">Already stopped</string>
+    <string name="uninitialized">i2pd initializing</string>
+    <string name="starting">i2pd is starting</string>
+    <string name="jniLibraryLoaded">i2pd: loaded JNI libraries</string>
+    <string name="startedOkay">i2pd started</string>
+    <string name="startFailed">i2pd start failed</string>
+    <string name="gracefulShutdownInProgress">i2pd: graceful shutdown in progress</string>
+    <string name="stopped">i2pd has stopped</string>
+    <string name="remaining">remaining</string>
+    <string name="title_activity_i2_pdperms_asker_prompt">Prompt</string>
 </resources>

android/res/values/template-dimens.xml

@@ -0,0 +1,16 @@
+<resources>
+
+    <!-- Define standard dimensions to comply with Holo-style grids and rhythm. -->
+
+    <dimen name="margin_tiny">4dp</dimen>
+    <dimen name="margin_small">8dp</dimen>
+    <dimen name="margin_medium">16dp</dimen>
+    <dimen name="margin_large">32dp</dimen>
+    <dimen name="margin_huge">64dp</dimen>
+
+    <!-- Semantic definitions -->
+
+    <dimen name="horizontal_page_margin">@dimen/margin_medium</dimen>
+    <dimen name="vertical_page_margin">@dimen/margin_medium</dimen>
+
+</resources>

android/src/org/purplei2p/i2pd/DaemonSingleton.java

@@ -8,89 +8,98 @@ import android.util.Log;
 public class DaemonSingleton {
 	private static final String TAG="i2pd";
 	private static final DaemonSingleton instance = new DaemonSingleton();
-	public static interface StateUpdateListener { void daemonStateUpdate(); }
-	private final Set<StateUpdateListener> stateUpdateListeners = new HashSet<StateUpdateListener>();
+	public interface StateUpdateListener { void daemonStateUpdate(); }
+	private final Set<StateUpdateListener> stateUpdateListeners = new HashSet<>();
 
 	public static DaemonSingleton getInstance() {
 		return instance;
 	}
-	
+
 	public synchronized void addStateChangeListener(StateUpdateListener listener) { stateUpdateListeners.add(listener); }
 	public synchronized void removeStateChangeListener(StateUpdateListener listener) { stateUpdateListeners.remove(listener); }
-	
+
+	private synchronized void setState(State newState) {
+		if(newState==null)throw new NullPointerException();
+		State oldState = state;
+		if(oldState==null)throw new NullPointerException();
+		if(oldState.equals(newState))return;
+		state=newState;
+		fireStateUpdate1();
+	}
 	public synchronized void stopAcceptingTunnels() {
 		if(isStartedOkay()){
-			state=State.gracefulShutdownInProgress;
-			fireStateUpdate();
+			setState(State.gracefulShutdownInProgress);
 			I2PD_JNI.stopAcceptingTunnels();
 		}
 	}
-	
-	public void onNetworkStateChange(boolean isConnected) {
-		I2PD_JNI.onNetworkStateChanged(isConnected);
-	}
-	
-	private boolean startedOkay;
 
-	public static enum State {uninitialized,starting,jniLibraryLoaded,startedOkay,startFailed,gracefulShutdownInProgress};
-	
-	private State state = State.uninitialized;
-	
+	private volatile boolean startedOkay;
+
+	public enum State {
+        uninitialized(R.string.uninitialized),
+        starting(R.string.starting),
+        jniLibraryLoaded(R.string.jniLibraryLoaded),
+        startedOkay(R.string.startedOkay),
+        startFailed(R.string.startFailed),
+        gracefulShutdownInProgress(R.string.gracefulShutdownInProgress),
+        stopped(R.string.stopped);
+
+        State(int statusStringResourceId) {
+            this.statusStringResourceId = statusStringResourceId;
+        }
+
+        private final int statusStringResourceId;
+
+        public int getStatusStringResourceId() {
+            return statusStringResourceId;
+        }
+    };
+
+	private volatile State state = State.uninitialized;
+
 	public State getState() { return state; }
-	
-	public synchronized void start() {
-		if(state != State.uninitialized)return;
-		state = State.starting;
-		fireStateUpdate();
+
+	{
+		setState(State.starting);
 		new Thread(new Runnable(){
 
 			@Override
 			public void run() {
 				try {
 					I2PD_JNI.loadLibraries();
-					synchronized (DaemonSingleton.this) {
-						state = State.jniLibraryLoaded;
-						fireStateUpdate();
-					}
+					setState(State.jniLibraryLoaded);
 				} catch (Throwable tr) {
 					lastThrowable=tr;
-					synchronized (DaemonSingleton.this) {
-						state = State.startFailed;
-						fireStateUpdate();
-					}
+					setState(State.startFailed);
 					return;
 				}
 				try {
 					synchronized (DaemonSingleton.this) {
 						daemonStartResult = I2PD_JNI.startDaemon();
 						if("ok".equals(daemonStartResult)){
-							state=State.startedOkay;
+							setState(State.startedOkay);
 							setStartedOkay(true);
-						}else state=State.startFailed;
-						fireStateUpdate();
+						}else setState(State.startFailed);
 					}
 				} catch (Throwable tr) {
 					lastThrowable=tr;
-					synchronized (DaemonSingleton.this) {
-						state = State.startFailed;
-						fireStateUpdate();
-					}
+					setState(State.startFailed);
 					return;
-				}				
+				}
 			}
-			
+
 		}, "i2pdDaemonStart").start();
 	}
 	private Throwable lastThrowable;
 	private String daemonStartResult="N/A";
 
-	private synchronized void fireStateUpdate() {
+	private void fireStateUpdate1() {
 		Log.i(TAG, "daemon state change: "+state);
 		for(StateUpdateListener listener : stateUpdateListeners) {
-			try { 
-				listener.daemonStateUpdate(); 
-			} catch (Throwable tr) { 
-				Log.e(TAG, "exception in listener ignored", tr); 
+			try {
+				listener.daemonStateUpdate();
+			} catch (Throwable tr) {
+				Log.e(TAG, "exception in listener ignored", tr);
 			}
 		}
 	}
@@ -102,7 +111,7 @@ public class DaemonSingleton {
 	public String getDaemonStartResult() {
 		return daemonStartResult;
 	}
-	
+
 	private final Object startedOkayLock = new Object();
 
 	public boolean isStartedOkay() {
@@ -121,6 +130,7 @@ public class DaemonSingleton {
 		if(isStartedOkay()){
 			try {I2PD_JNI.stopDaemon();}catch(Throwable tr){Log.e(TAG, "", tr);}
 			setStartedOkay(false);
+			setState(State.stopped);
 		}
 	}
 }

android/src/org/purplei2p/i2pd/ForegroundService.java

@@ -11,11 +11,32 @@ import android.util.Log;
 import android.widget.Toast;
 
 public class ForegroundService extends Service {
+    private static final String TAG="FgService";
+
+    private volatile boolean shown;
+
+    private final DaemonSingleton.StateUpdateListener daemonStateUpdatedListener =
+            new DaemonSingleton.StateUpdateListener() {
+
+                @Override
+                public void daemonStateUpdate() {
+                    try {
+                        synchronized (ForegroundService.this) {
+                            if (shown) cancelNotification();
+                            showNotification();
+                        }
+                    } catch (Throwable tr) {
+                        Log.e(TAG,"error ignored",tr);
+                    }
+                }
+            };
+
+
     private NotificationManager notificationManager;
 
     // Unique Identification Number for the Notification.
     // We use it on Notification start, and to cancel it.
-    private int NOTIFICATION = R.string.i2pd_started;
+    private int NOTIFICATION = 1;
 
     /**
      * Class for clients to access.  Because we know this service always
@@ -32,29 +53,35 @@ public class ForegroundService extends Service {
     public void onCreate() {
         notificationManager = (NotificationManager)getSystemService(NOTIFICATION_SERVICE);
 
-        // Display a notification about us starting.  We put an icon in the status bar.
-        showNotification();
-        daemon.start();
+        synchronized (this) {
+            DaemonSingleton.getInstance().addStateChangeListener(daemonStateUpdatedListener);
+            if (!shown) daemonStateUpdatedListener.daemonStateUpdate();
+        }
         // Tell the user we started.
-        Toast.makeText(this, R.string.i2pd_service_started, Toast.LENGTH_SHORT).show();
+//        Toast.makeText(this, R.string.i2pd_service_started, Toast.LENGTH_SHORT).show();
     }
 
     @Override
     public int onStartCommand(Intent intent, int flags, int startId) {
         Log.i("ForegroundService", "Received start id " + startId + ": " + intent);
-        daemon.start();
         return START_STICKY;
     }
 
     @Override
     public void onDestroy() {
+        DaemonSingleton.getInstance().removeStateChangeListener(daemonStateUpdatedListener);
+        cancelNotification();
+    }
+
+    private synchronized void cancelNotification() {
         // Cancel the persistent notification.
         notificationManager.cancel(NOTIFICATION);
-        
+
         stopForeground(true);
 
         // Tell the user we stopped.
-        Toast.makeText(this, R.string.i2pd_service_stopped, Toast.LENGTH_SHORT).show();
+//        Toast.makeText(this, R.string.i2pd_service_stopped, Toast.LENGTH_SHORT).show();
+        shown=false;
     }
 
     @Override
@@ -69,13 +96,13 @@ public class ForegroundService extends Service {
     /**
      * Show a notification while this service is running.
      */
-    private void showNotification() {
+    private synchronized void showNotification() {
         // In this sample, we'll use the same text for the ticker and the expanded notification
-        CharSequence text = getText(R.string.i2pd_started);
+        CharSequence text = getText(DaemonSingleton.getInstance().getState().getStatusStringResourceId());
 
         // The PendingIntent to launch our activity if the user selects this notification
         PendingIntent contentIntent = PendingIntent.getActivity(this, 0,
-                new Intent(this, I2PD.class), 0);
+                new Intent(this, I2PDActivity.class), 0);
 
         // Set the info for the views that show in the notification panel.
         Notification notification = new Notification.Builder(this)
@@ -90,8 +117,9 @@ public class ForegroundService extends Service {
         // Send the notification.
         //mNM.notify(NOTIFICATION, notification);
         startForeground(NOTIFICATION, notification);
+        shown=true;
     }
-    
-	private final DaemonSingleton daemon = DaemonSingleton.getInstance();
+
+	private static final DaemonSingleton daemon = DaemonSingleton.getInstance();
 }
 

android/src/org/purplei2p/i2pd/I2PD.java

@@ -1,245 +0,0 @@
-package org.purplei2p.i2pd;
-
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.util.Timer;
-import java.util.TimerTask;
-
-import android.annotation.SuppressLint;
-import android.app.Activity;
-import android.content.ComponentName;
-import android.content.Context;
-import android.content.Intent;
-import android.content.ServiceConnection;
-import android.os.Build;
-import android.os.Bundle;
-import android.os.IBinder;
-import android.util.Log;
-import android.view.Menu;
-import android.view.MenuItem;
-import android.widget.TextView;
-import android.widget.Toast;
-
-public class I2PD extends Activity {
-	private static final String TAG = "i2pd";
-
-	private TextView textView;
-	
-	private final DaemonSingleton daemon = DaemonSingleton.getInstance();
-	
-	private DaemonSingleton.StateUpdateListener daemonStateUpdatedListener = 
-			new DaemonSingleton.StateUpdateListener() {
-		
-		@Override
-		public void daemonStateUpdate() {
-			runOnUiThread(new Runnable(){
-
-				@Override
-				public void run() {
-					try {
-						if(textView==null)return;
-						Throwable tr = daemon.getLastThrowable();
-						if(tr!=null) {
-							textView.setText(throwableToString(tr));
-							return;
-						}
-						DaemonSingleton.State state = daemon.getState();
-						textView.setText(String.valueOf(state)+
-								(DaemonSingleton.State.startFailed.equals(state)?": "+daemon.getDaemonStartResult():""));
-					} catch (Throwable tr) {
-						Log.e(TAG,"error ignored",tr);
-					}
-				}
-			});
-		}
-	};
-	
-    @Override
-    public void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-
-        textView = new TextView(this);
-        setContentView(textView);
-        DaemonSingleton.getInstance().addStateChangeListener(daemonStateUpdatedListener);
-        daemonStateUpdatedListener.daemonStateUpdate();
-
-        //set the app be foreground
-        doBindService();
-    }
-
-    @Override
-	protected void onDestroy() {
-		super.onDestroy();
-		localDestroy();
-	}
-
-	private void localDestroy() {
-		textView = null;
-		DaemonSingleton.getInstance().removeStateChangeListener(daemonStateUpdatedListener);
-		Timer gracefulQuitTimer = getGracefulQuitTimer();
-		if(gracefulQuitTimer!=null) {
-			gracefulQuitTimer.cancel();
-			setGracefulQuitTimer(null);
-		}
-		try{
-            doUnbindService();
-		}catch(Throwable tr){
-			Log.e(TAG, "", tr);
-		}
-	}
-
-	private CharSequence throwableToString(Throwable tr) {
-    	StringWriter sw = new StringWriter(8192);
-    	PrintWriter pw = new PrintWriter(sw);
-    	tr.printStackTrace(pw);
-    	pw.close();
-    	return sw.toString();
-	}
-
-//	private LocalService mBoundService;
-
-    private ServiceConnection mConnection = new ServiceConnection() {
-        public void onServiceConnected(ComponentName className, IBinder service) {
-            // This is called when the connection with the service has been
-            // established, giving us the service object we can use to
-            // interact with the service.  Because we have bound to a explicit
-            // service that we know is running in our own process, we can
-            // cast its IBinder to a concrete class and directly access it.
-//	        mBoundService = ((LocalService.LocalBinder)service).getService();
-
-            // Tell the user about this for our demo.
-//	        Toast.makeText(Binding.this, R.string.local_service_connected,
-//	                Toast.LENGTH_SHORT).show();
-        }
-
-        public void onServiceDisconnected(ComponentName className) {
-            // This is called when the connection with the service has been
-            // unexpectedly disconnected -- that is, its process crashed.
-            // Because it is running in our same process, we should never
-            // see this happen.
-//	        mBoundService = null;
-//	        Toast.makeText(Binding.this, R.string.local_service_disconnected,
-//	                Toast.LENGTH_SHORT).show();
-        }
-    };
-
-	
-    private boolean mIsBound;
-
-    private void doBindService() {
-        // Establish a connection with the service.  We use an explicit
-        // class name because we want a specific service implementation that
-        // we know will be running in our own process (and thus won't be
-        // supporting component replacement by other applications).
-        bindService(new Intent(this,
-                ForegroundService.class), mConnection, Context.BIND_AUTO_CREATE);
-        mIsBound = true;
-    }
-
-    private void doUnbindService() {
-        if (mIsBound) {
-            // Detach our existing connection.
-            unbindService(mConnection);
-            mIsBound = false;
-        }
-    }
-
-	@Override
-	public boolean onCreateOptionsMenu(Menu menu) {
-		// Inflate the menu; this adds items to the action bar if it is present.
-		getMenuInflater().inflate(R.menu.options_main, menu); 
-		return true;
-	}
-
-	@Override
-	public boolean onOptionsItemSelected(MenuItem item) {
-		// Handle action bar item clicks here. The action bar will
-		// automatically handle clicks on the Home/Up button, so long
-		// as you specify a parent activity in AndroidManifest.xml.
-		int id = item.getItemId();
-
-		switch(id){
-        case R.id.action_quit:
-            quit();
-            return true;
-        case R.id.action_graceful_quit:
-            gracefulQuit();
-            return true;
-        }
-
-		return super.onOptionsItemSelected(item);
-	}
-
-    @SuppressLint("NewApi")
-	private void quit() {
-        try {
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
-                finishAndRemoveTask();
-            } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
-                finishAffinity();
-            } else {
-                //moveTaskToBack(true);
-                finish();
-            }
-        }catch (Throwable tr) {
-            Log.e(TAG, "", tr);
-        }
-        try{
-            daemon.stopDaemon();
-	    }catch (Throwable tr) {
-	        Log.e(TAG, "", tr);
-	    }
-        System.exit(0);
-    }
-
-    private Timer gracefulQuitTimer;
-    private final Object gracefulQuitTimerLock = new Object();
-    private void gracefulQuit() {
-    	if(getGracefulQuitTimer()!=null){
-	        Toast.makeText(this, R.string.graceful_quit_is_already_in_progress,
-	        		Toast.LENGTH_SHORT).show();
-    		return;
-    	}
-        Toast.makeText(this, R.string.graceful_quit_is_in_progress,
-        		Toast.LENGTH_SHORT).show();
-        new Thread(new Runnable(){
-
-			@Override
-			public void run() {
-				try{
-					Log.d(TAG, "grac stopping");
-			        if(daemon.isStartedOkay()) {
-			        	daemon.stopAcceptingTunnels();
-			            Timer gracefulQuitTimer = new Timer(true);
-						setGracefulQuitTimer(gracefulQuitTimer);
-						gracefulQuitTimer.schedule(new TimerTask(){
-
-			    			@Override
-			    			public void run() {
-			    				quit();	
-			    			}
-			            	
-			            }, 10*60*1000/*milliseconds*/);
-			        }else{
-			        	quit();
-			        }
-				} catch(Throwable tr) {
-					Log.e(TAG,"",tr);
-				}
-			}
-        	
-        },"gracQuitInit").start();
-    }
-
-	private Timer getGracefulQuitTimer() {
-		synchronized (gracefulQuitTimerLock) {
-			return gracefulQuitTimer;
-		}
-	}
-
-	private void setGracefulQuitTimer(Timer gracefulQuitTimer) {
-    	synchronized (gracefulQuitTimerLock) {
-    		this.gracefulQuitTimer = gracefulQuitTimer;
-    	}
-	}
-}

android/src/org/purplei2p/i2pd/I2PDActivity.java

@@ -0,0 +1,285 @@
+package org.purplei2p.i2pd;
+
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.Timer;
+import java.util.TimerTask;
+
+import android.app.Activity;
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.Intent;
+import android.content.ServiceConnection;
+import android.os.Bundle;
+import android.os.IBinder;
+import android.util.Log;
+import android.view.Menu;
+import android.view.MenuItem;
+import android.widget.TextView;
+import android.widget.Toast;
+
+public class I2PDActivity extends Activity {
+    private static final String TAG = "i2pdActvt";
+    public static final int GRACEFUL_DELAY_MILLIS = 10 * 60 * 1000;
+
+    private TextView textView;
+
+	private static final DaemonSingleton daemon = DaemonSingleton.getInstance();
+
+	private final DaemonSingleton.StateUpdateListener daemonStateUpdatedListener =
+			new DaemonSingleton.StateUpdateListener() {
+
+		@Override
+		public void daemonStateUpdate() {
+			runOnUiThread(new Runnable(){
+
+				@Override
+				public void run() {
+					try {
+						if(textView==null)return;
+						Throwable tr = daemon.getLastThrowable();
+						if(tr!=null) {
+							textView.setText(throwableToString(tr));
+							return;
+						}
+						DaemonSingleton.State state = daemon.getState();
+						textView.setText(
+						        String.valueOf(state)+
+                                    (DaemonSingleton.State.startFailed.equals(state)?": "+daemon.getDaemonStartResult():"")+
+                                    (DaemonSingleton.State.gracefulShutdownInProgress.equals(state)?":  "+formatGraceTimeRemaining()+" "+getText(R.string.remaining):"")
+                        );
+					} catch (Throwable tr) {
+						Log.e(TAG,"error ignored",tr);
+					}
+				}
+			});
+		}
+	};
+    private static volatile long graceStartedMillis;
+    private static final Object graceStartedMillis_LOCK=new Object();
+
+    private static String formatGraceTimeRemaining() {
+        long remainingSeconds;
+        synchronized (graceStartedMillis_LOCK){
+            remainingSeconds=Math.round(Math.max(0,graceStartedMillis+GRACEFUL_DELAY_MILLIS-System.currentTimeMillis())/1000.0D);
+        }
+        long remainingMinutes=(long)Math.floor(remainingSeconds/60.0D);
+        long remSec=remainingSeconds-remainingMinutes*60;
+        return remainingMinutes+":"+(remSec/10)+remSec%10;
+    }
+
+    @Override
+    public void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        textView = new TextView(this);
+        setContentView(textView);
+        daemon.addStateChangeListener(daemonStateUpdatedListener);
+        daemonStateUpdatedListener.daemonStateUpdate();
+
+        //set the app be foreground
+        doBindService();
+
+        final Timer gracefulQuitTimer = getGracefulQuitTimer();
+        if(gracefulQuitTimer!=null){
+            long gracefulStopAtMillis;
+            synchronized (graceStartedMillis_LOCK) {
+                gracefulStopAtMillis = graceStartedMillis + GRACEFUL_DELAY_MILLIS;
+            }
+            rescheduleGraceStop(gracefulQuitTimer, gracefulStopAtMillis);
+        }
+    }
+
+    @Override
+	protected void onDestroy() {
+		super.onDestroy();
+        textView = null;
+        daemon.removeStateChangeListener(daemonStateUpdatedListener);
+        //cancelGracefulStop();
+		try{
+            doUnbindService();
+		}catch(Throwable tr){
+			Log.e(TAG, "", tr);
+		}
+	}
+
+    private static void cancelGracefulStop() {
+        Timer gracefulQuitTimer = getGracefulQuitTimer();
+        if(gracefulQuitTimer!=null) {
+            gracefulQuitTimer.cancel();
+            setGracefulQuitTimer(null);
+        }
+    }
+
+    private CharSequence throwableToString(Throwable tr) {
+    	StringWriter sw = new StringWriter(8192);
+    	PrintWriter pw = new PrintWriter(sw);
+    	tr.printStackTrace(pw);
+    	pw.close();
+    	return sw.toString();
+	}
+
+//	private LocalService mBoundService;
+
+    private ServiceConnection mConnection = new ServiceConnection() {
+        public void onServiceConnected(ComponentName className, IBinder service) {
+            // This is called when the connection with the service has been
+            // established, giving us the service object we can use to
+            // interact with the service.  Because we have bound to a explicit
+            // service that we know is running in our own process, we can
+            // cast its IBinder to a concrete class and directly access it.
+//	        mBoundService = ((LocalService.LocalBinder)service).getService();
+
+            // Tell the user about this for our demo.
+//	        Toast.makeText(Binding.this, R.string.local_service_connected,
+//	                Toast.LENGTH_SHORT).show();
+        }
+
+        public void onServiceDisconnected(ComponentName className) {
+            // This is called when the connection with the service has been
+            // unexpectedly disconnected -- that is, its process crashed.
+            // Because it is running in our same process, we should never
+            // see this happen.
+//	        mBoundService = null;
+//	        Toast.makeText(Binding.this, R.string.local_service_disconnected,
+//	                Toast.LENGTH_SHORT).show();
+        }
+    };
+
+
+    private static volatile boolean mIsBound;
+
+    private void doBindService() {
+        synchronized (I2PDActivity.class) {
+            if (mIsBound) return;
+            // Establish a connection with the service.  We use an explicit
+            // class name because we want a specific service implementation that
+            // we know will be running in our own process (and thus won't be
+            // supporting component replacement by other applications).
+            bindService(new Intent(this, ForegroundService.class), mConnection, Context.BIND_AUTO_CREATE);
+            mIsBound = true;
+        }
+    }
+
+    private void doUnbindService() {
+        synchronized (I2PDActivity.class) {
+            if (mIsBound) {
+                // Detach our existing connection.
+                unbindService(mConnection);
+                mIsBound = false;
+            }
+        }
+    }
+
+	@Override
+	public boolean onCreateOptionsMenu(Menu menu) {
+		// Inflate the menu; this adds items to the action bar if it is present.
+		getMenuInflater().inflate(R.menu.options_main, menu);
+		return true;
+	}
+
+	@Override
+	public boolean onOptionsItemSelected(MenuItem item) {
+		// Handle action bar item clicks here. The action bar will
+		// automatically handle clicks on the Home/Up button, so long
+		// as you specify a parent activity in AndroidManifest.xml.
+		int id = item.getItemId();
+
+		switch(id){
+        case R.id.action_stop:
+            i2pdStop();
+            return true;
+        case R.id.action_graceful_stop:
+            i2pdGracefulStop();
+            return true;
+        }
+
+		return super.onOptionsItemSelected(item);
+	}
+
+	private void i2pdStop() {
+        cancelGracefulStop();
+        new Thread(new Runnable(){
+
+            @Override
+            public void run() {
+                Log.d(TAG, "stopping");
+                try{
+                    daemon.stopDaemon();
+                }catch (Throwable tr) {
+                    Log.e(TAG, "", tr);
+                }
+            }
+
+        },"stop").start();
+    }
+
+    private static volatile Timer gracefulQuitTimer;
+
+    private void i2pdGracefulStop() {
+        if(daemon.getState()==DaemonSingleton.State.stopped){
+            Toast.makeText(this, R.string.already_stopped,
+                    Toast.LENGTH_SHORT).show();
+            return;
+        }
+    	if(getGracefulQuitTimer()!=null){
+	        Toast.makeText(this, R.string.graceful_stop_is_already_in_progress,
+	        		Toast.LENGTH_SHORT).show();
+    		return;
+    	}
+        Toast.makeText(this, R.string.graceful_stop_is_in_progress,
+        		Toast.LENGTH_SHORT).show();
+        new Thread(new Runnable(){
+
+			@Override
+			public void run() {
+				try{
+					Log.d(TAG, "grac stopping");
+			        if(daemon.isStartedOkay()) {
+			        	daemon.stopAcceptingTunnels();
+                        long gracefulStopAtMillis;
+                        synchronized (graceStartedMillis_LOCK) {
+                            graceStartedMillis = System.currentTimeMillis();
+                            gracefulStopAtMillis = graceStartedMillis + GRACEFUL_DELAY_MILLIS;
+                        }
+                        rescheduleGraceStop(null,gracefulStopAtMillis);
+			        }else{
+			        	i2pdStop();
+			        }
+				} catch(Throwable tr) {
+					Log.e(TAG,"",tr);
+				}
+			}
+
+        },"gracInit").start();
+    }
+
+    private void rescheduleGraceStop(Timer gracefulQuitTimerOld, long gracefulStopAtMillis) {
+        if(gracefulQuitTimerOld!=null)gracefulQuitTimerOld.cancel();
+        final Timer gracefulQuitTimer = new Timer(true);
+        setGracefulQuitTimer(gracefulQuitTimer);
+        gracefulQuitTimer.schedule(new TimerTask(){
+
+            @Override
+            public void run() {
+                i2pdStop();
+            }
+
+        }, Math.max(0,gracefulStopAtMillis-System.currentTimeMillis()));
+        final TimerTask tickerTask = new TimerTask() {
+            @Override
+            public void run() {
+                daemonStateUpdatedListener.daemonStateUpdate();
+            }
+        };
+        gracefulQuitTimer.scheduleAtFixedRate(tickerTask,0/*start delay*/,1000/*millis period*/);
+    }
+
+    private static Timer getGracefulQuitTimer() {
+        return gracefulQuitTimer;
+	}
+
+	private static void setGracefulQuitTimer(Timer gracefulQuitTimer) {
+   		I2PDActivity.gracefulQuitTimer = gracefulQuitTimer;
+	}
+}

android/src/org/purplei2p/i2pd/I2PDPermsAskerActivity.java

@@ -0,0 +1,171 @@
+package org.purplei2p.i2pd;
+
+import android.Manifest;
+import android.app.Activity;
+import android.content.Intent;
+import android.content.pm.PackageManager;
+import android.os.Bundle;
+import android.view.View;
+import android.widget.Button;
+import android.widget.TextView;
+
+import java.lang.reflect.Method;
+
+//dangerous perms, per https://developer.android.com/guide/topics/permissions/normal-permissions.html :
+//android.permission.WRITE_EXTERNAL_STORAGE
+public class I2PDPermsAskerActivity extends Activity {
+
+    private static final int PERMISSION_WRITE_EXTERNAL_STORAGE = 0;
+
+    private Button button_request_write_ext_storage_perms;
+    private TextView textview_retry;
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        //if less than Android 6, no runtime perms req system present
+        if (android.os.Build.VERSION.SDK_INT < 23) {
+            startMainActivity();
+            return;
+        }
+
+
+        setContentView(R.layout.activity_perms_asker);
+        button_request_write_ext_storage_perms = (Button) findViewById(R.id.button_request_write_ext_storage_perms);
+        textview_retry = (TextView) findViewById(R.id.textview_retry);
+
+        button_request_write_ext_storage_perms.setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View view) {
+                request_write_ext_storage_perms();
+            }
+        });
+        request_write_ext_storage_perms();
+    }
+
+    private void request_write_ext_storage_perms() {
+
+        textview_retry.setVisibility(TextView.GONE);
+        button_request_write_ext_storage_perms.setVisibility(Button.GONE);
+
+        Method methodCheckPermission;
+        Method method_shouldShowRequestPermissionRationale;
+        Method method_requestPermissions;
+        try {
+            methodCheckPermission = getClass().getMethod("checkSelfPermission", String.class);
+            method_shouldShowRequestPermissionRationale =
+                    getClass().getMethod("shouldShowRequestPermissionRationale", String.class);
+            method_requestPermissions =
+                    getClass().getMethod("requestPermissions", String[].class, int.class);
+        } catch (NoSuchMethodException e) {
+            throw new RuntimeException(e);
+        }
+        Integer resultObj;
+        try {
+            resultObj = (Integer) methodCheckPermission.invoke(
+                    this, Manifest.permission.WRITE_EXTERNAL_STORAGE);
+        } catch (Throwable e) {
+            throw new RuntimeException(e);
+        }
+
+        if (resultObj != PackageManager.PERMISSION_GRANTED) {
+
+            // Should we show an explanation?
+            Boolean aBoolean;
+            try {
+                aBoolean = (Boolean) method_shouldShowRequestPermissionRationale.invoke(this,
+                        Manifest.permission.WRITE_EXTERNAL_STORAGE);
+            } catch (Exception e) {
+                throw new RuntimeException(e);
+            }
+            if (aBoolean) {
+
+                // Show an explanation to the user *asynchronously* -- don't block
+                // this thread waiting for the user's response! After the user
+                // sees the explanation, try again to request the permission.
+
+                showExplanation();
+
+            } else {
+
+                // No explanation needed, we can request the permission.
+
+                try {
+                    method_requestPermissions.invoke(this,
+                            new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE},
+                            PERMISSION_WRITE_EXTERNAL_STORAGE);
+                } catch (Exception e) {
+                    throw new RuntimeException(e);
+                }
+            }
+        } else startMainActivity();
+    }
+
+    @Override
+    public void onRequestPermissionsResult(int requestCode,
+                                           String permissions[], int[] grantResults) {
+        switch (requestCode) {
+            case PERMISSION_WRITE_EXTERNAL_STORAGE: {
+                // If request is cancelled, the result arrays are empty.
+                if (grantResults.length > 0
+                        && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
+
+                    // permission was granted, yay! Do the
+                    // contacts-related task you need to do.
+
+                    startMainActivity();
+
+                } else {
+
+                    // permission denied, boo! Disable the
+                    // functionality that depends on this permission.
+                    textview_retry.setText("SD card write permission denied, you need to allow this to continue");
+                    textview_retry.setVisibility(TextView.VISIBLE);
+                    button_request_write_ext_storage_perms.setVisibility(Button.VISIBLE);
+                }
+                return;
+            }
+
+            // other 'case' lines to check for other
+            // permissions this app might request.
+        }
+    }
+
+    private void startMainActivity() {
+        startActivity(new Intent(this, I2PDActivity.class));
+        finish();
+    }
+
+    private static final int SHOW_EXPLANATION_REQUEST = 1;  // The request code
+    private void showExplanation() {
+        Intent intent = new Intent(this, I2PDPermsExplanationActivity.class);
+        startActivityForResult(intent, SHOW_EXPLANATION_REQUEST);
+    }
+
+    @Override
+    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+        // Check which request we're responding to
+        if (requestCode == SHOW_EXPLANATION_REQUEST) {
+            // Make sure the request was successful
+            if (resultCode == RESULT_OK) {
+                // Request the permission
+                Method method_requestPermissions;
+                try {
+                    method_requestPermissions =
+                            getClass().getMethod("requestPermissions", String[].class, int.class);
+                } catch (NoSuchMethodException e) {
+                    throw new RuntimeException(e);
+                }
+                try {
+                    method_requestPermissions.invoke(this,
+                            new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE},
+                            PERMISSION_WRITE_EXTERNAL_STORAGE);
+                } catch (Exception e) {
+                    throw new RuntimeException(e);
+                }
+            } else {
+                finish(); //close the app
+            }
+        }
+    }
+}

android/src/org/purplei2p/i2pd/I2PDPermsExplanationActivity.java

@@ -0,0 +1,38 @@
+package org.purplei2p.i2pd;
+
+import android.app.ActionBar;
+import android.content.Intent;
+import android.os.Bundle;
+import android.app.Activity;
+import android.view.View;
+import android.widget.Button;
+
+public class I2PDPermsExplanationActivity extends Activity {
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        setContentView(R.layout.activity_perms_explanation);
+        ActionBar actionBar = getActionBar();
+        if(actionBar!=null)actionBar.setHomeButtonEnabled(false);
+        Button button_ok = (Button) findViewById(R.id.button_ok);
+        button_ok.setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View view) {
+                returnFromActivity();
+            }
+        });
+    }
+
+    private void returnFromActivity() {
+        Intent data = new Intent();
+        Activity parent = getParent();
+        if (parent == null) {
+            setResult(Activity.RESULT_OK, data);
+        } else {
+            parent.setResult(Activity.RESULT_OK, data);
+        }
+        finish();
+    }
+
+}

android/src/org/purplei2p/i2pd/I2PD_JNI.java

@@ -9,9 +9,9 @@ public class I2PD_JNI {
     public static native String startDaemon();
     //should only be called after startDaemon() success
     public static native void stopDaemon();
-    
+
     public static native void stopAcceptingTunnels();
-    
+
 	public static native void onNetworkStateChanged(boolean isConnected);
 
 	public static void loadLibraries() {

android_binary_only/jni/Android.mk

@@ -0,0 +1,74 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := i2pd
+LOCAL_CPP_FEATURES := rtti exceptions
+LOCAL_C_INCLUDES += $(IFADDRS_PATH) $(LIB_SRC_PATH) $(LIB_CLIENT_SRC_PATH) $(DAEMON_SRC_PATH)
+LOCAL_STATIC_LIBRARIES := \
+	boost_system \
+	boost_date_time \
+	boost_filesystem \
+	boost_program_options \
+	crypto ssl \
+	miniupnpc
+LOCAL_LDLIBS := -lz
+
+LOCAL_SRC_FILES := $(IFADDRS_PATH)/ifaddrs.c \
+	$(wildcard $(LIB_SRC_PATH)/*.cpp)\
+	$(wildcard $(LIB_CLIENT_SRC_PATH)/*.cpp)\
+	$(DAEMON_SRC_PATH)/UnixDaemon.cpp \
+	$(DAEMON_SRC_PATH)/Daemon.cpp \
+	$(DAEMON_SRC_PATH)/UPnP.cpp \
+	$(DAEMON_SRC_PATH)/HTTPServer.cpp \
+	$(DAEMON_SRC_PATH)/I2PControl.cpp \
+	$(DAEMON_SRC_PATH)/i2pd.cpp
+include $(BUILD_EXECUTABLE)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := boost_system
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_62_0/$(TARGET_ARCH_ABI)/lib/libboost_system.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_62_0/include
+include $(PREBUILT_STATIC_LIBRARY)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := boost_date_time
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_62_0/$(TARGET_ARCH_ABI)/lib/libboost_date_time.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_62_0/include
+include $(PREBUILT_STATIC_LIBRARY)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := boost_filesystem
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_62_0/$(TARGET_ARCH_ABI)/lib/libboost_filesystem.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_62_0/include
+include $(PREBUILT_STATIC_LIBRARY)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := boost_program_options
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_62_0/$(TARGET_ARCH_ABI)/lib/libboost_program_options.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_62_0/include
+include $(PREBUILT_STATIC_LIBRARY)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := crypto
+LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.0e/$(TARGET_ARCH_ABI)/lib/libcrypto.a
+LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.0e/include
+include $(PREBUILT_STATIC_LIBRARY)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := ssl
+LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.0e/$(TARGET_ARCH_ABI)/lib/libssl.a
+LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.0e/include
+LOCAL_STATIC_LIBRARIES := crypto
+include $(PREBUILT_STATIC_LIBRARY)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := miniupnpc
+LOCAL_SRC_FILES := $(MINIUPNP_PATH)/miniupnp-2.0/$(TARGET_ARCH_ABI)/lib/libminiupnpc.a
+LOCAL_EXPORT_C_INCLUDES := $(MINIUPNP_PATH)/miniupnp-2.0/include
+include $(PREBUILT_STATIC_LIBRARY)

android_binary_only/jni/Application.mk

@@ -0,0 +1,43 @@
+#APP_ABI := all
+#APP_ABI := armeabi-v7a x86
+#APP_ABI := x86
+#APP_ABI := x86_64
+APP_ABI := armeabi-v7a
+#can be android-3 but will fail for x86 since arch-x86 is not present at ndkroot/platforms/android-3/ . libz is taken from there.
+APP_PLATFORM := android-14
+
+# http://stackoverflow.com/a/21386866/529442 http://stackoverflow.com/a/15616255/529442 to enable c++11 support in Eclipse
+NDK_TOOLCHAIN_VERSION := 4.9
+# APP_STL := stlport_shared  --> does not seem to contain C++11 features
+#APP_STL := gnustl_shared
+APP_STL := gnustl_static
+
+# Enable c++11 extensions in source code
+APP_CPPFLAGS += -std=c++11 -fvisibility=default -fPIE
+
+APP_CPPFLAGS += -DANDROID_BINARY -DANDROID -D__ANDROID__ -DUSE_UPNP
+APP_LDFLAGS += -rdynamic -fPIE -pie
+ifeq ($(TARGET_ARCH_ABI),armeabi-v7a)
+APP_CPPFLAGS += -DANDROID_ARM7A
+endif
+
+# Forcing debug optimization. Use `ndk-build NDK_DEBUG=1` instead.
+#APP_OPTIM  := debug
+
+# git clone https://github.com/PurpleI2P/Boost-for-Android-Prebuilt.git
+# git clone https://github.com/PurpleI2P/OpenSSL-for-Android-Prebuilt.git
+# git clone https://github.com/PurpleI2P/MiniUPnP-for-Android-Prebuilt.git
+# git clone https://github.com/PurpleI2P/android-ifaddrs.git
+# change to your own
+I2PD_LIBS_PATH = /path/to/libraries
+BOOST_PATH = $(I2PD_LIBS_PATH)/Boost-for-Android-Prebuilt
+OPENSSL_PATH = $(I2PD_LIBS_PATH)/OpenSSL-for-Android-Prebuilt
+MINIUPNP_PATH = $(I2PD_LIBS_PATH)/MiniUPnP-for-Android-Prebuilt
+IFADDRS_PATH = $(I2PD_LIBS_PATH)/android-ifaddrs
+
+# don't change me
+I2PD_SRC_PATH = $(PWD)/..
+
+LIB_SRC_PATH = $(I2PD_SRC_PATH)/libi2pd
+LIB_CLIENT_SRC_PATH = $(I2PD_SRC_PATH)/libi2pd_client
+DAEMON_SRC_PATH = $(I2PD_SRC_PATH)/daemon

appveyor.yml

@@ -1,4 +1,4 @@
-version: 2.15.{build}
+version: 2.19.{build}
 pull_requests:
   do_not_increment_build_number: true
 branches:
@@ -18,7 +18,7 @@ environment:
 
 install:
 - c:\msys64\usr\bin\bash -lc "pacman --noconfirm -Rns gcc-fortran gcc"
-- c:\msys64\usr\bin\bash -lc "pacman --noconfirm -Syuu"
+- c:\msys64\usr\bin\bash -lc "pacman --noconfirm -Syuu "
 
 - c:\msys64\usr\bin\bash -lc "pacman --noconfirm -Syuu"
 

build/.gitignore

@@ -8,6 +8,7 @@
 /CPackConfig.cmake
 /CPackSourceConfig.cmake
 /install_manifest.txt
+/arch.c
 # windows build script
 i2pd*.zip
-build*.log
+build*.log

build/CMakeLists.txt

@@ -26,6 +26,10 @@ option(WITH_WEBSOCKETS "Build with websocket ui" OFF)
 set ( CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake_modules" )
 set ( CMAKE_SOURCE_DIR ".." )
 
+# architecture
+include(TargetArch)
+target_architecture(ARCHITECTURE)
+
 set(LIBI2PD_SRC_DIR ../libi2pd)
 set(LIBI2PD_CLIENT_SRC_DIR ../libi2pd_client)
 
@@ -35,7 +39,9 @@ include_directories(${LIBI2PD_CLIENT_SRC_DIR})
 set (LIBI2PD_SRC
   "${LIBI2PD_SRC_DIR}/BloomFilter.cpp"
   "${LIBI2PD_SRC_DIR}/Config.cpp"
+  "${LIBI2PD_SRC_DIR}/CPU.cpp"  
   "${LIBI2PD_SRC_DIR}/Crypto.cpp"
+  "${LIBI2PD_SRC_DIR}/CryptoKey.cpp"
   "${LIBI2PD_SRC_DIR}/Garlic.cpp"
   "${LIBI2PD_SRC_DIR}/Gzip.cpp"
   "${LIBI2PD_SRC_DIR}/HTTP.cpp"
@@ -71,6 +77,10 @@ set (LIBI2PD_SRC
   "${LIBI2PD_SRC_DIR}/api.cpp"
   "${LIBI2PD_SRC_DIR}/Event.cpp"
   "${LIBI2PD_SRC_DIR}/Gost.cpp"
+  "${LIBI2PD_SRC_DIR}/ChaCha20.cpp"	
+  "${LIBI2PD_SRC_DIR}/Poly1305.cpp"
+  "${LIBI2PD_SRC_DIR}/Ed25519.cpp"
+  "${LIBI2PD_SRC_DIR}/NTCP2.cpp"		
 )
 
 if (WITH_WEBSOCKETS)
@@ -78,7 +88,7 @@ if (WITH_WEBSOCKETS)
   find_package(websocketpp REQUIRED)
 endif ()
 
-if (CMAKE_SYSTEM_NAME STREQUAL "Windows" OR MSYS)
+if (WIN32 OR MSYS)
   list (APPEND LIBI2PD_SRC "${CMAKE_SOURCE_DIR}/I2PEndian.cpp")
 endif ()
 
@@ -88,13 +98,17 @@ endif()
 
 add_library(libi2pd ${LIBI2PD_SRC})
 set_target_properties(libi2pd PROPERTIES PREFIX "")
-install(TARGETS libi2pd
-  EXPORT libi2pd
-  ARCHIVE DESTINATION lib
-  COMPONENT Libraries)
+
+if (WITH_LIBRARY)
+  install(TARGETS libi2pd
+    EXPORT libi2pd
+    ARCHIVE DESTINATION lib
+    LIBRARY DESTINATION lib
+    COMPONENT Libraries)
 # TODO Make libi2pd available to 3rd party projects via CMake as imported target
 # FIXME This pulls stdafx
 # install(EXPORT libi2pd DESTINATION ${CMAKE_INSTALL_LIBDIR})
+endif()
 
 set (CLIENT_SRC
   "${LIBI2PD_CLIENT_SRC_DIR}/AddressBook.cpp"
@@ -113,7 +127,17 @@ set (CLIENT_SRC
 if(WITH_WEBSOCKETS)
   list (APPEND CLIENT_SRC "${LIBI2PD_CLIENT_SRC_DIR}/Websocket.cpp")
 endif ()
-add_library(i2pdclient ${CLIENT_SRC})
+
+add_library(libi2pdclient ${CLIENT_SRC})
+set_target_properties(libi2pdclient PROPERTIES PREFIX "")
+
+if (WITH_LIBRARY)
+  install(TARGETS libi2pdclient
+    EXPORT libi2pdclient
+    ARCHIVE DESTINATION lib
+    LIBRARY DESTINATION lib
+    COMPONENT Libraries)
+endif()
 
 set(DAEMON_SRC_DIR ../daemon)
 
@@ -149,7 +173,7 @@ else()
   if (MSYS OR MINGW)
     add_definitions( -DWIN32_LEAN_AND_MEAN )
   endif ()
-  set( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wextra -Winvalid-pch" )
+  set( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wextra -Winvalid-pch -Wno-unused-parameter" )
   set( CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} -pedantic" )
   # TODO: The following is incompatible with static build and enabled hardening for OpenWRT.
   # Multiple definitions of __stack_chk_fail (libssp & libc)
@@ -178,6 +202,11 @@ if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
   endif ()
 elseif (CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
   # more tweaks
+  if (NOT (MSVC OR MSYS OR APPLE))
+    set (CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS} -stdlib=libstdc++" ) # required for <atomic>
+    list(APPEND CMAKE_REQUIRED_LIBRARIES "stdc++") # required to link with -stdlib=libstdc++
+    set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-unused-const-variable -Wno-overloaded-virtual -Wno-c99-extensions" )
+  endif()
 endif ()
 
 if (WITH_HARDENING AND MSVC)
@@ -186,20 +215,14 @@ if (WITH_HARDENING AND MSVC)
 endif ()
 
 # compiler flags customization (by system)
-if (CMAKE_SYSTEM_NAME STREQUAL "Linux")
+if (UNIX)
   list (APPEND DAEMON_SRC "${DAEMON_SRC_DIR}/UnixDaemon.cpp")
-  # "'sleep_for' is not a member of 'std::this_thread'" in gcc 4.7/4.8
-  add_definitions( "-D_GLIBCXX_USE_NANOSLEEP=1" )
-elseif (CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
-  list (APPEND DAEMON_SRC "${DAEMON_SRC_DIR}/UnixDaemon.cpp")
-  # "'sleep_for' is not a member of 'std::this_thread'" in gcc 4.7/4.8
-  add_definitions( "-D_GLIBCXX_USE_NANOSLEEP=1" )
-elseif (CMAKE_SYSTEM_NAME STREQUAL "Darwin")
-    list (APPEND DAEMON_SRC "${DAEMON_SRC_DIR}/UnixDaemon.cpp")
-  elseif (CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
-      list (APPEND DAEMON_SRC "${DAEMON_SRC_DIR}/UnixDaemon.cpp")
-    elseif (CMAKE_SYSTEM_NAME STREQUAL "Windows" OR MSYS)
-        list (APPEND DAEMON_SRC "${CMAKE_SOURCE_DIR}/Win32/DaemonWin32.cpp")
+  if (NOT (CMAKE_SYSTEM_NAME STREQUAL "OpenBSD" OR APPLE))
+    # "'sleep_for' is not a member of 'std::this_thread'" in gcc 4.7/4.8
+    add_definitions( "-D_GLIBCXX_USE_NANOSLEEP=1" )
+  endif ()
+elseif (WIN32 OR MSYS)
+  list (APPEND DAEMON_SRC "${CMAKE_SOURCE_DIR}/Win32/DaemonWin32.cpp")
   if (WITH_GUI)
     list (APPEND DAEMON_SRC "${CMAKE_SOURCE_DIR}/Win32/Win32App.cpp")
     set_source_files_properties("${CMAKE_SOURCE_DIR}/Win32/DaemonWin32.cpp"
@@ -298,7 +321,7 @@ if (WITH_PCH)
       WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
       )
     target_compile_options(libi2pd PRIVATE /FIstdafx.h /Yustdafx.h /Zm155 "/Fp${CMAKE_BINARY_DIR}/stdafx.dir/$<CONFIG>/stdafx.pch")
-    target_compile_options(i2pdclient PRIVATE /FIstdafx.h /Yustdafx.h /Zm155 "/Fp${CMAKE_BINARY_DIR}/stdafx.dir/$<CONFIG>/stdafx.pch")
+    target_compile_options(libi2pdclient PRIVATE /FIstdafx.h /Yustdafx.h /Zm155 "/Fp${CMAKE_BINARY_DIR}/stdafx.dir/$<CONFIG>/stdafx.pch")
   else()
     string(TOUPPER ${CMAKE_BUILD_TYPE} BTU)
     get_directory_property(DEFS DEFINITIONS)
@@ -307,12 +330,12 @@ if (WITH_PCH)
       COMMAND ${CMAKE_CXX_COMPILER} ${FLAGS} -c ${CMAKE_CURRENT_SOURCE_DIR}/../libi2pd/stdafx.h -o ${CMAKE_BINARY_DIR}/stdafx.h.gch
     )
     target_compile_options(libi2pd PRIVATE -include libi2pd/stdafx.h)
-    target_compile_options(i2pdclient PRIVATE -include libi2pd/stdafx.h)
+    target_compile_options(libi2pdclient PRIVATE -include libi2pd/stdafx.h)
   endif()
   target_link_libraries(libi2pd stdafx)
 endif()
 
-target_link_libraries(i2pdclient libi2pd)
+target_link_libraries(libi2pdclient libi2pd)
 
 find_package ( Boost COMPONENTS system filesystem program_options date_time REQUIRED )
 if(NOT DEFINED Boost_INCLUDE_DIRS)
@@ -358,11 +381,13 @@ if (NOT ZLIB_FOUND )
   if (NOT WITH_STATIC)
     set ( ZLIB_LIBRARY debug zlibd optimized zlib CACHE STRING "zlib libraries" FORCE)
   endif ()
+  link_directories(${CMAKE_CURRENT_BINARY_DIR}/zlib/lib)
+else()
+  link_directories(${ZLIB_ROOT}/lib)
 endif ()
 if (WITH_STATIC AND (MSVC OR MSYS))
   set ( ZLIB_LIBRARY debug zlibstaticd optimized zlibstatic CACHE STRING "zlib libraries" FORCE)
 endif ()
-link_directories(${CMAKE_CURRENT_BINARY_DIR}/zlib/lib ${ZLIB_ROOT}/lib)
 
 # load includes
 include_directories( SYSTEM ${Boost_INCLUDE_DIRS} ${OPENSSL_INCLUDE_DIR} ${ZLIB_INCLUDE_DIR} )
@@ -374,6 +399,8 @@ if (WITH_MESHNET)
   message(WARNING "This build will NOT work on mainline i2p")
 endif()
 
+include(CheckAtomic)
+
 
 # show summary
 message(STATUS "---------------------------------------")
@@ -381,6 +408,7 @@ message(STATUS "Build type         : ${CMAKE_BUILD_TYPE}")
 message(STATUS "Compiler vendor    : ${CMAKE_CXX_COMPILER_ID}")
 message(STATUS "Compiler version   : ${CMAKE_CXX_COMPILER_VERSION}")
 message(STATUS "Compiler path      : ${CMAKE_CXX_COMPILER}")
+message(STATUS "Architecture       : ${ARCHITECTURE}")
 message(STATUS "Install prefix:    : ${CMAKE_INSTALL_PREFIX}")
 message(STATUS "Options:")
 message(STATUS "  AESNI            : ${WITH_AESNI}")
@@ -393,7 +421,7 @@ message(STATUS "  UPnP             : ${WITH_UPNP}")
 message(STATUS "  PCH              : ${WITH_PCH}")
 message(STATUS "  MESHNET          : ${WITH_MESHNET}")
 message(STATUS "  ADDRSANITIZER    : ${WITH_ADDRSANITIZER}")
-message(STATUS "  THEADSANITIZER   : ${WITH_THREADSANITIZER}")
+message(STATUS "  THREADSANITIZER  : ${WITH_THREADSANITIZER}")
 message(STATUS "  I2LUA            : ${WITH_I2LUA}")
 message(STATUS "  WEBSOCKETS       : ${WITH_WEBSOCKETS}")
 message(STATUS "---------------------------------------")
@@ -440,7 +468,7 @@ if (WITH_BINARY)
   if (WITH_STATIC)
     set(DL_LIB ${CMAKE_DL_LIBS})
   endif()
-  target_link_libraries( "${PROJECT_NAME}" libi2pd i2pdclient ${DL_LIB} ${Boost_LIBRARIES} ${OPENSSL_LIBRARIES} ${ZLIB_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${MINGW_EXTRA} ${DL_LIB})
+  target_link_libraries( "${PROJECT_NAME}" libi2pd libi2pdclient ${DL_LIB} ${Boost_LIBRARIES} ${OPENSSL_LIBRARIES} ${ZLIB_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${MINGW_EXTRA} ${DL_LIB} ${CMAKE_REQUIRED_LIBRARIES})
 
   install(TARGETS "${PROJECT_NAME}" RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} COMPONENT Runtime)
   set (APPS "\${CMAKE_INSTALL_PREFIX}/bin/${PROJECT_NAME}${CMAKE_EXECUTABLE_SUFFIX}")

build/build_mingw.cmd

@@ -6,7 +6,7 @@ REM Copyright (c) 2013-2017, The PurpleI2P Project
 REM This file is part of Purple i2pd project and licensed under BSD3
 REM See full license text in LICENSE file at top of project tree
 
-REM To use that script, you must have installed in your MSYS installation theese packages:
+REM To use that script, you must have installed in your MSYS installation these packages:
 REM Base: git make zip
 REM x86_64: mingw-w64-x86_64-boost mingw-w64-x86_64-openssl mingw-w64-x86_64-gcc
 REM i686: mingw-w64-i686-boost mingw-w64-i686-openssl mingw-w64-i686-gcc
@@ -16,7 +16,10 @@ REM Note: if you installed MSYS64 to different path, edit WD variable (only C:\m
 set "WD=C:\msys64\usr\bin\"
 set MSYS2_PATH_TYPE=inherit
 set CHERE_INVOKING=enabled_from_arguments
-set MSYSTEM=MSYS
+REM set MSYSTEM=MSYS
+set MSYSTEM=MINGW32
+
+set "xSH=%WD%bash -lc"
 
 REM detecting number of processors and subtract 1.
 set /a threads=%NUMBER_OF_PROCESSORS%-1
@@ -24,16 +27,19 @@ set /a threads=%NUMBER_OF_PROCESSORS%-1
 REM we must work in root of repo
 cd ..
 
+REM deleting old log files
+del /S build_*.log >> nul
+
 echo Receiving latest commit and cleaning up...
-"%WD%bash" -lc "git pull && make clean" > build/build_git.log 2>&1
+%xSH% "git pull && make clean" > build/build_git.log 2>&1
 echo.
 
 REM set to variable current commit hash
-FOR /F "usebackq" %%a IN (`%WD%bash -lc 'git describe --tags'`) DO (
+FOR /F "usebackq" %%a IN (`%xSH% 'git describe --tags'`) DO (
  set tag=%%a
 )
 
-"%WD%bash" -lc "echo To use configs and certificates, move all files and certificates folder from contrib directory here. > README.txt" >> nul
+%xSH% "echo To use configs and certificates, move all files and certificates folder from contrib directory here. > README.txt" >> nul
 
 REM starting building
 set MSYSTEM=MINGW32
@@ -53,14 +59,15 @@ pause
 exit /b 0
 
 :BUILDING
+%xSH% "make clean" >> nul
 echo Building i2pd %tag% for win%bitness%:
 echo Build AVX+AESNI...
-"%WD%bash" -lc "make USE_UPNP=yes USE_AVX=1 USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx_aesni.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_avx_aesni.log 2>&1
+%xSH% "make USE_UPNP=yes USE_AVX=1 USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx_aesni.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_avx_aesni.log 2>&1
 echo Build AVX...
-"%WD%bash" -lc "make USE_UPNP=yes USE_AVX=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_avx.log 2>&1
+%xSH% "make USE_UPNP=yes USE_AVX=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_avx.log 2>&1
 echo Build AESNI...
-"%WD%bash" -lc "make USE_UPNP=yes USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_aesni.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_aesni.log 2>&1
+%xSH% "make USE_UPNP=yes USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_aesni.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_aesni.log 2>&1
 echo Build without extensions...
-"%WD%bash" -lc "make USE_UPNP=yes -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%.log 2>&1
+%xSH% "make USE_UPNP=yes -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%.log 2>&1
 
 :EOF

build/cmake_modules/CheckAtomic.cmake

@@ -0,0 +1,106 @@
+# atomic builtins are required for threading support.
+
+INCLUDE(CheckCXXSourceCompiles)
+
+# Sometimes linking against libatomic is required for atomic ops, if
+# the platform doesn't support lock-free atomics.
+
+function(check_working_cxx_atomics varname)
+  set(OLD_CMAKE_REQUIRED_FLAGS ${CMAKE_REQUIRED_FLAGS})
+  set(CMAKE_REQUIRED_FLAGS "-std=c++11")
+  CHECK_CXX_SOURCE_COMPILES("
+#include <atomic>
+std::atomic<int> x;
+int main() {
+  return x;
+}
+" ${varname})
+  set(CMAKE_REQUIRED_FLAGS ${OLD_CMAKE_REQUIRED_FLAGS})
+endfunction(check_working_cxx_atomics)
+
+function(check_working_cxx_atomics64 varname)
+  set(OLD_CMAKE_REQUIRED_FLAGS ${CMAKE_REQUIRED_FLAGS})
+  set(CMAKE_REQUIRED_FLAGS "-std=c++11 ${CMAKE_REQUIRED_FLAGS}")
+  CHECK_CXX_SOURCE_COMPILES("
+#include <atomic>
+#include <cstdint>
+std::atomic<uint64_t> x (0);
+int main() {
+  uint64_t i = x.load(std::memory_order_relaxed);
+  return 0;
+}
+" ${varname})
+  set(CMAKE_REQUIRED_FLAGS ${OLD_CMAKE_REQUIRED_FLAGS})
+endfunction(check_working_cxx_atomics64)
+
+
+# This isn't necessary on MSVC, so avoid command-line switch annoyance
+# by only running on GCC-like hosts.
+if (LLVM_COMPILER_IS_GCC_COMPATIBLE)
+  # First check if atomics work without the library.
+  check_working_cxx_atomics(HAVE_CXX_ATOMICS_WITHOUT_LIB)
+  # If not, check if the library exists, and atomics work with it.
+  if(NOT HAVE_CXX_ATOMICS_WITHOUT_LIB)
+    check_library_exists(atomic __atomic_fetch_add_4 "" HAVE_LIBATOMIC)
+    if( HAVE_LIBATOMIC )
+      list(APPEND CMAKE_REQUIRED_LIBRARIES "atomic")
+      check_working_cxx_atomics(HAVE_CXX_ATOMICS_WITH_LIB)
+      if (NOT HAVE_CXX_ATOMICS_WITH_LIB)
+        message(FATAL_ERROR "Host compiler must support std::atomic!")
+      endif()
+    else()
+      message(FATAL_ERROR "Host compiler appears to require libatomic, but cannot find it.")
+    endif()
+  endif()
+endif()
+
+# Check for 64 bit atomic operations.
+if(MSVC)
+  set(HAVE_CXX_ATOMICS64_WITHOUT_LIB True)
+else()
+  check_working_cxx_atomics64(HAVE_CXX_ATOMICS64_WITHOUT_LIB)
+endif()
+
+# If not, check if the library exists, and atomics work with it.
+if(NOT HAVE_CXX_ATOMICS64_WITHOUT_LIB)
+  check_library_exists(atomic __atomic_load_8 "" HAVE_CXX_LIBATOMICS64)
+  if(HAVE_CXX_LIBATOMICS64)
+    list(APPEND CMAKE_REQUIRED_LIBRARIES "atomic")
+    check_working_cxx_atomics64(HAVE_CXX_ATOMICS64_WITH_LIB)
+    if (NOT HAVE_CXX_ATOMICS64_WITH_LIB)
+      message(FATAL_ERROR "Host compiler must support std::atomic!")
+    endif()
+  else()
+    message(FATAL_ERROR "Host compiler appears to require libatomic, but cannot find it.")
+  endif()
+endif()
+
+## TODO: This define is only used for the legacy atomic operations in
+## llvm's Atomic.h, which should be replaced.  Other code simply
+## assumes C++11 <atomic> works.
+CHECK_CXX_SOURCE_COMPILES("
+#ifdef _MSC_VER
+#include <Intrin.h> /* Workaround for PR19898. */
+#include <windows.h>
+#endif
+int main() {
+#ifdef _MSC_VER
+        volatile LONG val = 1;
+        MemoryBarrier();
+        InterlockedCompareExchange(&val, 0, 1);
+        InterlockedIncrement(&val);
+        InterlockedDecrement(&val);
+#else
+        volatile unsigned long val = 1;
+        __sync_synchronize();
+        __sync_val_compare_and_swap(&val, 1, 0);
+        __sync_add_and_fetch(&val, 1);
+        __sync_sub_and_fetch(&val, 1);
+#endif
+        return 0;
+      }
+" LLVM_HAS_ATOMICS)
+
+if( NOT LLVM_HAS_ATOMICS )
+  message(STATUS "Warning: LLVM will be built thread-unsafe because atomic builtins are missing")
+endif()

build/cmake_modules/FindMiniUPnPc.cmake

@@ -24,5 +24,5 @@ else()
   endif()
 
   mark_as_advanced(MINIUPNPC_INCLUDE_DIR MINIUPNPC_LIBRARY)
-  
+
 endif()

build/cmake_modules/TargetArch.cmake

@@ -0,0 +1,134 @@
+# Based on the Qt 5 processor detection code, so should be very accurate
+# https://qt.gitorious.org/qt/qtbase/blobs/master/src/corelib/global/qprocessordetection.h
+# Currently handles arm (v5, v6, v7), x86 (32/64), ia64, and ppc (32/64)
+
+# Regarding POWER/PowerPC, just as is noted in the Qt source,
+# "There are many more known variants/revisions that we do not handle/detect."
+
+set(archdetect_c_code "
+#if defined(__arm__) || defined(__TARGET_ARCH_ARM)
+    #if defined(__ARM_ARCH_7__) \\
+        || defined(__ARM_ARCH_7A__) \\
+        || defined(__ARM_ARCH_7R__) \\
+        || defined(__ARM_ARCH_7M__) \\
+        || (defined(__TARGET_ARCH_ARM) && __TARGET_ARCH_ARM-0 >= 7)
+        #error cmake_ARCH armv7
+    #elif defined(__ARM_ARCH_6__) \\
+        || defined(__ARM_ARCH_6J__) \\
+        || defined(__ARM_ARCH_6T2__) \\
+        || defined(__ARM_ARCH_6Z__) \\
+        || defined(__ARM_ARCH_6K__) \\
+        || defined(__ARM_ARCH_6ZK__) \\
+        || defined(__ARM_ARCH_6M__) \\
+        || (defined(__TARGET_ARCH_ARM) && __TARGET_ARCH_ARM-0 >= 6)
+        #error cmake_ARCH armv6
+    #elif defined(__ARM_ARCH_5TEJ__) \\
+        || (defined(__TARGET_ARCH_ARM) && __TARGET_ARCH_ARM-0 >= 5)
+        #error cmake_ARCH armv5
+    #else
+        #error cmake_ARCH arm
+    #endif
+#elif defined(__i386) || defined(__i386__) || defined(_M_IX86)
+    #error cmake_ARCH i386
+#elif defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(_M_X64)
+    #error cmake_ARCH x86_64
+#elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+    #error cmake_ARCH ia64
+#elif defined(__ppc__) || defined(__ppc) || defined(__powerpc__) \\
+      || defined(_ARCH_COM) || defined(_ARCH_PWR) || defined(_ARCH_PPC)  \\
+      || defined(_M_MPPC) || defined(_M_PPC)
+    #if defined(__ppc64__) || defined(__powerpc64__) || defined(__64BIT__)
+        #error cmake_ARCH ppc64
+    #else
+        #error cmake_ARCH ppc
+    #endif
+#endif
+
+#error cmake_ARCH unknown
+")
+
+# Set ppc_support to TRUE before including this file or ppc and ppc64
+# will be treated as invalid architectures since they are no longer supported by Apple
+
+function(target_architecture output_var)
+    if(APPLE AND CMAKE_OSX_ARCHITECTURES)
+        # On OS X we use CMAKE_OSX_ARCHITECTURES *if* it was set
+        # First let's normalize the order of the values
+
+        # Note that it's not possible to compile PowerPC applications if you are using
+        # the OS X SDK version 10.6 or later - you'll need 10.4/10.5 for that, so we
+        # disable it by default
+        # See this page for more information:
+        # http://stackoverflow.com/questions/5333490/how-can-we-restore-ppc-ppc64-as-well-as-full-10-4-10-5-sdk-support-to-xcode-4
+
+        # Architecture defaults to i386 or ppc on OS X 10.5 and earlier, depending on the CPU type detected at runtime.
+        # On OS X 10.6+ the default is x86_64 if the CPU supports it, i386 otherwise.
+
+        foreach(osx_arch ${CMAKE_OSX_ARCHITECTURES})
+            if("${osx_arch}" STREQUAL "ppc" AND ppc_support)
+                set(osx_arch_ppc TRUE)
+            elseif("${osx_arch}" STREQUAL "i386")
+                set(osx_arch_i386 TRUE)
+            elseif("${osx_arch}" STREQUAL "x86_64")
+                set(osx_arch_x86_64 TRUE)
+            elseif("${osx_arch}" STREQUAL "ppc64" AND ppc_support)
+                set(osx_arch_ppc64 TRUE)
+            else()
+                message(FATAL_ERROR "Invalid OS X arch name: ${osx_arch}")
+            endif()
+        endforeach()
+
+        # Now add all the architectures in our normalized order
+        if(osx_arch_ppc)
+            list(APPEND ARCH ppc)
+        endif()
+
+        if(osx_arch_i386)
+            list(APPEND ARCH i386)
+        endif()
+
+        if(osx_arch_x86_64)
+            list(APPEND ARCH x86_64)
+        endif()
+
+        if(osx_arch_ppc64)
+            list(APPEND ARCH ppc64)
+        endif()
+    else()
+        file(WRITE "${CMAKE_BINARY_DIR}/arch.c" "${archdetect_c_code}")
+
+        enable_language(C)
+
+        # Detect the architecture in a rather creative way...
+        # This compiles a small C program which is a series of ifdefs that selects a
+        # particular #error preprocessor directive whose message string contains the
+        # target architecture. The program will always fail to compile (both because
+        # file is not a valid C program, and obviously because of the presence of the
+        # #error preprocessor directives... but by exploiting the preprocessor in this
+        # way, we can detect the correct target architecture even when cross-compiling,
+        # since the program itself never needs to be run (only the compiler/preprocessor)
+        try_run(
+            run_result_unused
+            compile_result_unused
+            "${CMAKE_BINARY_DIR}"
+            "${CMAKE_BINARY_DIR}/arch.c"
+            COMPILE_OUTPUT_VARIABLE ARCH
+            CMAKE_FLAGS CMAKE_OSX_ARCHITECTURES=${CMAKE_OSX_ARCHITECTURES}
+        )
+
+        # Parse the architecture name from the compiler output
+        string(REGEX MATCH "cmake_ARCH ([a-zA-Z0-9_]+)" ARCH "${ARCH}")
+
+        # Get rid of the value marker leaving just the architecture name
+        string(REPLACE "cmake_ARCH " "" ARCH "${ARCH}")
+
+        # If we are compiling with an unknown architecture this variable should
+        # already be set to "unknown" but in the case that it's empty (i.e. due
+        # to a typo in the code), then set it to unknown
+        if (NOT ARCH)
+            set(ARCH unknown)
+        endif()
+    endif()
+
+    set(${output_var} "${ARCH}" PARENT_SCOPE)
+endfunction()

build/docker/README.md

@@ -28,7 +28,7 @@ Options are set via docker environment variables. This can be set at run with -e
 
 **Logging**
 
-Logging happens to STDOUT as the best practise with docker containers, since infrastructure systems like kubernetes with ELK integration can automaticly forward the log to say, kibana or greylog without manual setup. :)
+Logging happens to STDOUT as the best practise with docker containers, since infrastructure systems like kubernetes with ELK integration can automatically forward the log to say, kibana or greylog without manual setup. :)
 
 
 

build/docker/old-ubuntu-based/Dockerfile

@@ -5,7 +5,7 @@ RUN apt-get update && apt-get install -y libboost-dev libboost-filesystem-dev \
        libssl-dev git build-essential
 
 RUN git clone https://github.com/PurpleI2P/i2pd.git
-WORKDIR /i2pd 
+WORKDIR /i2pd
 RUN make
 
 CMD ./i2pd

contrib/apparmor/usr.sbin.i2pd

@@ -1,4 +1,4 @@
-# Basic profile for i2pd 
+# Basic profile for i2pd
 # Should work without modifications with Ubuntu/Debian packages
 # Author: Darknet Villain <supervillain@riseup.net>
 #
@@ -17,14 +17,20 @@
   /etc/host.conf r,
   /etc/hosts r,
   /etc/nsswitch.conf r,
+  /etc/resolv.conf r,
   /run/resolvconf/resolv.conf r,
+  /run/systemd/resolve/stub-resolv.conf r,
 
   # path specific (feel free to modify if you have another paths)
   /etc/i2pd/** r,
+  /run/i2pd/i2pd.pid rwk,
   /var/lib/i2pd/** rw,
-  /var/log/i2pd.log w,
-  /var/run/i2pd/i2pd.pid rw,
+  /var/log/i2pd/i2pd.log w,
+  /var/run/i2pd/i2pd.pid rwk,
   /usr/sbin/i2pd mr,
+  /usr/share/i2pd/** r,
 
-
+  # user homedir (if started not by init.d or systemd)
+  owner @{HOME}/.i2pd/   rw,
+  owner @{HOME}/.i2pd/** rwk,
 }

contrib/certificates/reseed/igor_at_novg.net.crt

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFvjCCA6agAwIBAgIQIDtv8tGMh0FyB2w5XjfZxTANBgkqhkiG9w0BAQsFADBt
+MQswCQYDVQQGEwJYWDELMAkGA1UEBxMCWFgxCzAJBgNVBAkTAlhYMR4wHAYDVQQK
+ExVJMlAgQW5vbnltb3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEWMBQGA1UEAwwN
+aWdvckBub3ZnLm5ldDAeFw0xNzA3MjQxODI4NThaFw0yNzA3MjQxODI4NThaMG0x
+CzAJBgNVBAYTAlhYMQswCQYDVQQHEwJYWDELMAkGA1UECRMCWFgxHjAcBgNVBAoT
+FUkyUCBBbm9ueW1vdXMgTmV0d29yazEMMAoGA1UECxMDSTJQMRYwFAYDVQQDDA1p
+Z29yQG5vdmcubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxst4
+cam3YibBtQHGPCPX13uRQti56U3XZytSZntaKrUFmJxjt41Q/mOy3KYo+lBvhfDF
+x3tWKjgP9LJOJ28zvddFhZVNxqZRjcnAoPuSOVCw88g01D9OAasKF11hCfdxZP6h
+vGm8WCnjD8KPcYFxJC4HJUiFeProAwuTzEAESTRk4CAQe3Ie91JspuqoLUc5Qxlm
+w5QpjnjfZY4kaVHmZDKGIZDgNIt5v85bu4pWwZ6O+o90xQqjxvjyz/xccIec3sHw
+MHJ8h8ZKMokCKEJTaRWBvdeNXki7nf3gUy/3GjYQlzo0Nxk/Hw4svPcA+eL0AYiy
+Jn83bIB5VToW2zYUdV4u3qHeAhEg8Y7HI0kKcSUGm9AQXzbzP8YCHxi0sbb0GAJy
+f1Xf3XzoPfT64giD8ReUHhwKpyMB6uvG/NfWSZAzeAO/NT7DAwXpKIVQdkVdqy8b
+mvHvjf9/kWKOirA2Nygf3r79Vbg2mqbYC/b63XI9hheU689+O7qyhTEhNz+11X0d
+Zax7UPrLrwOeB9TNfEnztsmrHNdv2n+KcOO2o11Wvz2nHP9g+dgwoZSD1ZEpFzWP
+0sD5knKLwAL/64qLlAQ1feqW7hMr80IADcKjLSODkIDIIGm0ksXqEzTjz1JzbRDq
+jUjq7EAlkw3G69rv1gHxIntllJRQidAqecyWHOMCAwEAAaNaMFgwDgYDVR0PAQH/
+BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8E
+BTADAQH/MBYGA1UdDgQPBA1pZ29yQG5vdmcubmV0MA0GCSqGSIb3DQEBCwUAA4IC
+AQADyPaec28qc1HQtAV5dscJr47k92RTfvan+GEgIwyQDHZQm38eyTb05xipQCdk
+5ruUDFXLB5qXXFJKUbQM6IpaktmWDJqk4Zn+1nGbtFEbKgrF55pd63+NQer5QW9o
+3+dGj0eZJa3HX5EBkd2r7j2LFuB6uxv3r/xiTeHaaflCnsmyDLfb7axvYhyEzHQS
+AUi1bR+ln+dXewdtuojqc1+YmVGDgzWZK2T0oOz2E21CpZUDiP3wv9QfMaotLEal
+zECnbhS++q889inN3GB4kIoN6WpPpeYtTV+/r7FLv9+KUOV1s2z6mxIqC5wBFhZs
+0Sr1kVo8hB/EW/YYhDp99LoAOjIO6nn1h+qttfzBYr6C16j+8lGK2A12REJ4LiUQ
+cQI/0zTjt2C8Ns6ueNzMLQN1Mvmlg1Z8wIB7Az7jsIbY2zFJ0M5qR5VJveTj33K4
+4WSbC/zMWOBYHTVBvGmc6JGhu5ZUTZ+mWP7QfimGu+tdhvtrybFjE9ROIE/4yFr6
+GkxEyt0UY87TeKXJ/3KygvkMwdvqGWiZhItb807iy99+cySujtbGfF2ZXYGjBXVW
+dJOVRbyGQkHh6lrWHQM4ntBv4x+5QA+OAan5PBF3tcDx1vefPx+asYslbOXpzII5
+qhvoQxuRs6j5jsVFG6RdsKNeQAt87Mb2u2zK2ZakMdyD1w==
+-----END CERTIFICATE-----

contrib/certificates/reseed/r4sas_at_mail.i2p.crt

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFezCCA2OgAwIBAgIEb8xTzzANBgkqhkiG9w0BAQ0FADBuMQswCQYDVQQGEwJY
-WDELMAkGA1UECBMCWFgxHjAcBgNVBAcTFUkyUCBBbm9ueW1vdXMgTmV0d29yazEL
-MAkGA1UEChMCWFgxDDAKBgNVBAsTA0kyUDEXMBUGA1UEAwwOcjRzYXNAbWFpbC5p
-MnAwHhcNMTYwODExMjIyNDM2WhcNMjYwODExMjIyNDM2WjBuMQswCQYDVQQGEwJY
-WDELMAkGA1UECBMCWFgxHjAcBgNVBAcTFUkyUCBBbm9ueW1vdXMgTmV0d29yazEL
-MAkGA1UEChMCWFgxDDAKBgNVBAsTA0kyUDEXMBUGA1UEAwwOcjRzYXNAbWFpbC5p
-MnAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDjUMy/aYd0i6Oc3rdc
-24V/fM2vhviH+cNhAOXsMSrwDSVbFQkuDPIfq4fo1A25rsyULR57vy7XKA51OstX
-GvREPDhth4cMZjthq0f8AVzPq2vIk8Po65uvKR190yupPQ4FhvGeRkHkqp+SqoIJ
-lClD8xZEHrUHSYZotm5TLWIgSwa4DuO1q3bMRI8oIWzqhv99FtlmHlC8fjVUN4mR
-2czhABr0u6RMPOtJwTVxWgT1PKXiLWfmeHb63TcPYGgpJ39iMDOjtgY9jYueoO8J
-uGJJtkGRIRjOuhDFE9NUlNnljUxUDWvMU7zCO4ozaKMZgoxr1WoIO6ubI/003I53
-sZ0Q5h8yfz+QreEw3wzjxnQSkejG5c3NIvJSiu0ylOqDWmnj0v1Jv/P0qAMU4bt/
-ZWj0GOrYfPn9STg0VxMOQwQ2o15GAcbr6PFI56U2IJhZAeER3hIe2kOl6591jQ67
-zvOjPRRh2q05Ss8yo7nEpYUiB/FrE6RssJ5tVwX6e6Tq4Z1frINanIkUkToTkypP
-Fn2T/KV2lak9rLuxzvhiDobu5iGCR323zFcFEpGq4Wsopx1uRT9+71G/ejw8pKTf
-kQ7XiGaaxFyZuMuOz3bFkTuoTmAkUQTlRjGw2DmKZi/apcN+VQgpq9tQpS10pEUy
-DCVdtw1AdlOnwb+Hf3X0Uz6OjwIDAQABoyEwHzAdBgNVHQ4EFgQUqLBlSlnqCo25
-sIduMPm4iROMqkAwDQYJKoZIhvcNAQENBQADggIBAGWv8rDTzqhHkjqDOT+Ba2bs
-gVddpCNa94RQoOn2DUSu4c+yuWJLSctjpX7gswB6qvWk5Ojfafop8jJW8zuozJrO
-76b9345S/VnnbHVSoVfIpF9Fve1Xc8nvU4ylRcAMwhf8N3Md5Yc1kb+P7NtTTwMZ
-TBR3xY3fVxv3qTpKApWQKkUiqM7yJKOfS8xcK/pjO/3oRUwfA9DHugCUpgSidlN+
-JkZmgwAcA3/WMlDdNKmKnWLGB2Ea+W6kIx5TDFfjf11rbjuwXhDLyaOK88qlN0W2
-hYa31UDSEYYQd3gMG1gjVc+9vZA/Vr0+SF5ULN9QLjB18CVIdPv92mBjJQRmJSVW
-b1qwZI0jf/V+1fu9H9r7sE4CId3+WGOek3UNRNZLOVZCSiFq/b9cswcQZGjw6aE+
-1FNjw1HW9CLoNcg74Kr98QouOoeRSofQYZiYqaM9Sz/MsinYMIRGRGw3Uq1uNRo0
-WgoOngmZSKGaW5PFR19uuuNIVB4fCShqBVyrguW4xIskta1JVFoggFeOeTwk6/kH
-S5roMzyB/kzv83A2IB0VxqbiDj8khgdm1Us6HCCmU+iTRVyG28gFklCJ8dQfxgGH
-W2gpIwvxYLyNP14/7E1oF7/NfHmyjAVzYnR5Xw2wE4tvSHuIrHhj6Q26VB3vze6j
-E/w1AJEepnw/KfHqS3bw
------END CERTIFICATE-----

contrib/certificates/router/killyourtv_at_mail.i2p.crt

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFhTCCA22gAwIBAgIELuRWgDANBgkqhkiG9w0BAQ0FADBzMQswCQYDVQQGEwJY
-WDELMAkGA1UECBMCWFgxCzAJBgNVBAcTAlhYMR4wHAYDVQQKExVJMlAgQW5vbnlt
-b3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEcMBoGA1UEAwwTa2lsbHlvdXJ0dkBt
-YWlsLmkycDAeFw0xMzEwMDYyMTM5MzFaFw0yMzEwMDYyMTM5MzFaMHMxCzAJBgNV
-BAYTAlhYMQswCQYDVQQIEwJYWDELMAkGA1UEBxMCWFgxHjAcBgNVBAoTFUkyUCBB
-bm9ueW1vdXMgTmV0d29yazEMMAoGA1UECxMDSTJQMRwwGgYDVQQDDBNraWxseW91
-cnR2QG1haWwuaTJwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAig3u
-niLWm0y/TFJtciHgmWUt20FOdQrxkiSZ87G8xjuGfq7TbGIiVDn7pQZcHidpq+Dk
-47sm+Swqhb4psSijj0AXUEVKlV39jF5IZE+VUgmEtMqQbnBkWudaTJPWcEe9T/Kd
-8Oz2jgsnrD/EGVTMKBBjt/gk8VqTWvpCdCF1GhqcCeUTFHzjhN9jtoRCaJ2DClpO
-Px+86+d3s9PqUFo8gcD/dbbyJCMqUCMBLtIy/Ooouxb9cfWtXfyOlphU+enmdvuA
-0BDewb9pOJg2/kVd9/9moDWcBGChLOlfSlxpDwyUtcclcpvwnG7c6o4or6gqLeOf
-AbCpse623utV7fWlFWG7M4AQ/2emhhe4YoMJQnflydzV8bPRJxRTeW1j/9UfpvLT
-nO5LHp0oBXE0GqAPjxuAr+r5IDXFbkKYNjK5oWQB/Ul3LkexulYdCzHWbGd1Ja5b
-sbiOy6t/hH6G8DD75HYb+PQZaNZWBv90EyOq1JDSUPw6nxVbhiBldi3ipc8/1X51
-FbzBqJ+QO1XKrKqxWxBKoTekuy38KRzsmkSCpY+WJ9f0gLOKtxzVO2HNNqqVFGQf
-RGIbrNA0JSRQ1fgelccfrcRIXIZ3B8Tk/wxCIzCY6Yvg2jezz2xJkVdqOUsznS2v
-+xJe67PYIAeMVtcfO4kmuCvyIYhsUEpob2n/5lkCAwEAAaMhMB8wHQYDVR0OBBYE
-FCLneov6QMtvra5FSoSLhdymi++rMA0GCSqGSIb3DQEBDQUAA4ICAQAIcqbiwjdQ
-M9VlGBiHe5eVsL6OM9zfRqR1wnRg4Q6ce65XDfEOYleBWaaNJA4BdykcA4fkUN1h
-M2D9FDQScsyPTOuzJ6o75TYh0JOtF51yCi9iuemcosxAwsm90ZXGuMDfDYeyND5c
-PAkWfyCP+jwLYbNo/hkNqyv+XWHXPQmT2adRnPXINVUQuBxVPC//C9wv2uDYWhgS
-f8M425VPp4/R/uks9mlzTx08DwacvouD0YOC+HZE4sWq+2smgeBInMiyr/THYzl+
-baMtYgVs8IKUD2gtjfXZoaQNg3eq5SedSf/5F0S/LCdu9/ccQ8CzSEoVTiQFtO78
-SaU37xai8+QTSVpPuINigxCoXmkubBd+voEmWRcBd/XB5L+u+MFU/jXyyBj2BXVj
-6agqVzY53KVYt23/63QliAUWyxT+ns9gRxVN1jrMhHdiDwsdT4NbzHxg1Su4eiHv
-C/wjD3Dga0BRTEGylpHZGzb1U1rZRHM3ho3f1QkmRPPLcBUMTyUTxJm+GEeuhPvp
-+TBf3Kg/YkdpnEMlagqcyHuIrf3m8Z/pTmpOIbekJWbbA7tluvWbMWw2ARB7dUOE
-fHYVISh0DTw2oVXxM82/q8XXHnhEXv2nW3K40x1VabxUN+sF4M/7YA8nJqwsPJei
-749STYJRfZXdIe69M9zpM5unxENAsiPJgQ==
------END CERTIFICATE-----

contrib/certificates/router/str4d_at_mail.i2p.crt

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFezCCA2OgAwIBAgIEHLJfZzANBgkqhkiG9w0BAQ0FADBuMQswCQYDVQQGEwJY
-WDELMAkGA1UECBMCWFgxCzAJBgNVBAcTAlhYMR4wHAYDVQQKExVJMlAgQW5vbnlt
-b3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEXMBUGA1UEAwwOc3RyNGRAbWFpbC5p
-MnAwHhcNMTMxMDI2MTExODQxWhcNMjMxMDI2MTExODQxWjBuMQswCQYDVQQGEwJY
-WDELMAkGA1UECBMCWFgxCzAJBgNVBAcTAlhYMR4wHAYDVQQKExVJMlAgQW5vbnlt
-b3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEXMBUGA1UEAwwOc3RyNGRAbWFpbC5p
-MnAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvw0vTay1IPOgxvwe8
-yt5jGakha20kw9qDb6zbEL87EWEkeOzdu7iUC69lkxVP9Ws8EbLtkeMf/CXg6CC1
-e+w8WpOHj5prOsiOlrIO+2I1tKMaMUuJDX2wK4I5ZSw/Kieimh9xqOBZknDmtwjw
-2HPW8rpxMqrScaGAP6sQD8Gh4XKKkLogfxYPzF8NnC6O8vBkFKVU2WSVZ0jPAQfv
-6luPdA+5lES+5UPWr9Yhv/CX4siGKUTxchqJRf2VU4o5BzzXae4asVA/NY7lKgEw
-eDDufbm0mRFWP4mbmXRlODuJ8GMnJbMQkNcAvZUnUcvpSTnGnIvxyxtXP5P6ic8V
-3b9HV2eIsbfO1xrgyr6/9qgGpXcdDJejhvNg6fZgQeO40bOGQYwV8bNvsNQHqnZl
-KsVhsMQkOubMxcHTBadcifi8PmdeJ5hxyyqJmyrwkmg2ijnN521M6YkoBzl+8VAi
-zLmqKZfvN5t+pb9PZ3U3jHfkeIEwDRYRAOsvVqch5+ZfSv8x/Te6o15zDKPJQtWK
-ty42GV1vERw30oSZQdrRRy/+4+HSRs3/Zb368OdAbcr+f/xPvwceYGWPeNNIoZ/x
-xkIQE3xgEK+eJyPM9McjlCAezZZclT7fWfiEYNJAiS3fGALi+a+cGYWWULxCXpz+
-y397OHhZBhnh7D9K8aPePB8tCwIDAQABoyEwHzAdBgNVHQ4EFgQUezvGHq3h1gbC
-Hs2LLVoll5fIUWMwDQYJKoZIhvcNAQENBQADggIBAF7SG1WBcE1r5eyTp/BLFZfG
-iPtvqu+B1L2HutPum/Xf8A5fxR4kcKAKpVdu6vnDzCRAsAC9YvyETgAzI2nfVgLk
-l9YZ31tSi6qxnMsQsV5o9lt/q2Rvsf2Zi/Ir8AlWtvnP8YG0Aj/8AG8MyhMLaIdj
-M2FuakPs8RqEjoJL9dTOC9VTQpNTwBH9guP9UalWYwlkaXDzMoyO4nswT/GpCpg8
-4m4RO6grzdsEIamD/PCBM5f/vq+y08GaqfXpX9+8CbaX3tdzd3x48wPphmdpkptk
-aRELIpLJZiK+Mos7W+0ZS8SHxGDIosjqVsgbZPmk12+VBcVgLOr8W1D7osS4OY59
-2GMUVV/GhoDh8wR/Td5wpZlcPE0NWmljjVg9+1E8ePAyMZy+U1KCiMlRVdRy518O
-dOzzUUQGqGQHosRrH0ypS3MGbMLmbuWFRiz7q/3mUmW2xikH9I1t/6ZMNUvh+IWL
-kGAaEf2JIv/D8+QsC0Un1W09DgvYz7qmKSeHhBixlLe68vgXtz/Fa+rRMsmPrueo
-4wk/u/VyILo0BJP860APJMZbm+DPfGhV9DF9L5Gx9+d/BlduBVGHc+AQSWbU70dS
-eH4/rgUYRikWlgwUxjY8/QQTlfx5xl28tG0xdO9libN22z7UwTGfm48BQIdrTyER
-hqQ7usTy3oaWD85MbJ0q
------END CERTIFICATE-----

contrib/certificates/router/zzz_at_mail.i2p.crt

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFdzCCA1+gAwIBAgIEcwrwsjANBgkqhkiG9w0BAQ0FADBsMQswCQYDVQQGEwJY
-WDELMAkGA1UECBMCWFgxCzAJBgNVBAcTAlhYMR4wHAYDVQQKExVJMlAgQW5vbnlt
-b3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEVMBMGA1UEAwwMenp6QG1haWwuaTJw
-MB4XDTEzMDkzMDE3NDEyNVoXDTIzMDkzMDE3NDEyNVowbDELMAkGA1UEBhMCWFgx
-CzAJBgNVBAgTAlhYMQswCQYDVQQHEwJYWDEeMBwGA1UEChMVSTJQIEFub255bW91
-cyBOZXR3b3JrMQwwCgYDVQQLEwNJMlAxFTATBgNVBAMMDHp6ekBtYWlsLmkycDCC
-AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJV4ptvhlfrcize9/ARz4lUy
-iLtLMSvSST1BdZjLJTwus05EUs0oiqnv9qXYIWGRB97aKlAmqSxsn4ZgBttCgmev
-IkuiZ8kbdqI5YaT98yKW5P2Prt9p9cPbnz5/qjwZ5L9W+k/Itx7bv2pkNEP0NLYo
-NrgHHTb1hsyRxc0lfPYk2BwsIi8hIWBHNrRpR41EWFXfqPcdsxS8cQhxVj4zLG/R
-aMm4H8T+V1R1Khl4R4qqRgXBP305xqqRoawHmZ/S9/RkF0Ji6IYwBq9iWthWol6W
-sMDn1xhZk9765fk+ohAC2XWuGSFCr02JOILRV3x/8OUxT1GYgYjc7FfyWIekg/pZ
-yotlhL2I3SMWOH3PdG58iDY121hq/LsSKM9aP20rwtvssnw+8Aex01YDkI3bM6yO
-HNi+tRojaJcJciBWv6cuiFKvQdxj/mOhOr0u0lHLlJ4jqES8uvVJkS7X/C4BB7ra
-bJYQgumZMYvVQJFIjo8vZxMXue53o65FRidvAUT29ay54UTiL7jRV9w1wHnzLapU
-xT1v7kWpWJcZ1zzC8coJjW+6ijkk38cVLb80u1Q4kEbmP2rDxw6jRvmqg6DcCKjK
-oqDt+XQ6P5grxAxLT+VMfB404WHHwNs6BB841//4ZnXvy3msMONY/5y0fsblURgh
-IS2UG1TAjR+x7+XikGx9AgMBAAGjITAfMB0GA1UdDgQWBBSvx/fCCP8UeHwjN65p
-EoHjgRfiIzANBgkqhkiG9w0BAQ0FAAOCAgEAYgVE1Aa/Ok5k+Jvujbx72bktRWXo
-Y4UfbWH/426VdgqXt3n9XtJUNM2oI4ODwITM4O15SyXQTLJhnvJz5ELcJV8nqviZ
-RjK2HNX1BW7IEta3tacCvVnjzZ265kCT59uW+qmd+5PiaAYI5lYUn8P6pe+6neSa
-HW6ecXCrdxJetSYfUUuKeV6YHpdzfjtZClLmwl91sJUBKcjK+Q9G/cE6HnwcDH1s
-uXr7SgkBt/qc/OlNuu4fnTqUA58TAumdq9cD+eLBilDFrux1HsUZMuBUp64x5oPi
-gme+3VewsczfFEtrxaG6+l6UA40Lerdx9XECZcDCcFsK6MS1uQ2HYjsyZcWnNT3l
-6eDNUbjrllwxDdRAk0cbWiMuc21CFq/1v2QMXk88EiBjEajqzyXUPmKzwFhit6pr
-5kfjfXNq+pxQSCoaqjpzVKjb3CqMhSlC8cLgrPw6HEgGnjCy4cTLFHlVmD64M778
-tj6rE7CntcmUi8GKmZKyaMyUo3QQUcrjO5IQ4+3iGUgMkZuujyjrZiOJbvircPmK
-4IQEXzJ/G00upqtqKstRybaWSbJ/k6iuturtA2n8MJiCBjhLy8dtTgDbFaDaNF7F
-NHeqQjIJDLhYDy6mi4gya3A0ort777Inl/rWYLo067pYM+EWDw66GdpbEIB0Bp71
-pwvcQcjIzbUzEK0=
------END CERTIFICATE-----

contrib/debian/i2pd.service

@@ -1,27 +0,0 @@
-[Unit]
-Description=I2P Router written in C++
-After=network.target
-
-[Service]
-User=i2pd
-Group=i2pd
-RuntimeDirectory=i2pd
-RuntimeDirectoryMode=0700
-Type=simple
-ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --pidfile=/var/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
-ExecReload=/bin/kill -HUP $MAINPID
-PIDFile=/var/run/i2pd/i2pd.pid
-### Uncomment, if auto restart needed
-#Restart=on-failure
-
-### Use SIGINT for gracefull stop daemon.
-# i2pd stops accepting new tunnels and waits ~10 min while old ones do not die.
-KillSignal=SIGINT
-TimeoutStopSec=10m
-
-# If you have problems with hunging i2pd, you can try enable this
-#LimitNOFILE=4096
-PrivateDevices=yes
-
-[Install]
-WantedBy=multi-user.target

contrib/debian/i2pd.service

@@ -0,0 +1 @@
+../i2pd.service

contrib/docker/Dockerfile

@@ -17,13 +17,13 @@ RUN mkdir -p "$I2PD_HOME" "$DATA_DIR" \
     && chown -R i2pd:nobody "$I2PD_HOME"
 
 #
-# Each RUN is a layer, adding the dependencies and building i2pd in one layer takes around 8-900Mb, so to keep the 
+# Each RUN is a layer, adding the dependencies and building i2pd in one layer takes around 8-900Mb, so to keep the
 # image under 20mb we need to remove all the build dependencies in the same "RUN" / layer.
 #
 
-# 1. install deps, clone and build. 
-# 2. strip binaries. 
-# 3. Purge all dependencies and other unrelated packages, including build directory. 
+# 1. install deps, clone and build.
+# 2. strip binaries.
+# 3. Purge all dependencies and other unrelated packages, including build directory.
 RUN apk --no-cache --virtual build-dependendencies add make gcc g++ libtool boost-dev build-base openssl-dev openssl git \
     && mkdir -p /tmp/build \
     && cd /tmp/build && git clone -b ${GIT_BRANCH} ${REPO_URL} \
@@ -35,7 +35,7 @@ RUN apk --no-cache --virtual build-dependendencies add make gcc g++ libtool boos
     && mv i2pd /usr/local/bin \
     && cd /usr/local/bin \
     && strip i2pd \
-    && rm -fr /tmp/build && apk --purge del build-dependendencies build-base fortify-headers boost-dev zlib-dev openssl-dev \
+    && rm -fr /tmp/build && apk --no-cache --purge del build-dependendencies build-base fortify-headers boost-dev zlib-dev openssl-dev \
     boost-python3 python3 gdbm boost-unit_test_framework boost-python linux-headers boost-prg_exec_monitor \
     boost-serialization boost-signals boost-wave boost-wserialization boost-math boost-graph boost-regex git pcre \
     libtool g++ gcc pkgconfig

contrib/i2pd.conf

@@ -23,17 +23,14 @@
 # log = file
 ## Path to logfile (default - autodetect)
 # logfile = /var/log/i2pd.log
-## Log messages above this level (debug, *info, warn, error)
+## Log messages above this level (debug, *info, warn, error, none)
+## If you set it to none, logging will be disabled
 # loglevel = info
-
-## Path to storage of i2pd data (RI, keys, peer profiles, ...)
-## Default: ~/.i2pd or /var/lib/i2pd
-# datadir = /var/lib/i2pd
+## Write full CLF-formatted date and time to log (default: write only time)
+# logclftime = true
 
 ## Daemon mode. Router will go to background after start
 # daemon = true
-## Run as a service. Router will use system folders like ‘/var/lib/i2pd’
-# service = true
 
 ## Specify a family, router belongs to (default - none)
 # family =
@@ -53,10 +50,16 @@ ipv4 = true
 ipv6 = false
 
 ## Network interface to bind to
-# ifname = 
+# ifname =
+## You can specify different interfaces for IPv4 and IPv6
+# ifname4 = 
+# ifname6 = 
 
 ## Enable NTCP transport (default = true)
 # ntcp = true
+## If you run i2pd behind a proxy server, you can only use NTCP transport with ntcpproxy option 
+## Should be http://address:port or socks://address:port
+# ntcpproxy = http://127.0.0.1:8118
 ## Enable SSU transport (default = true)
 # ssu = true
 
@@ -68,6 +71,8 @@ ipv6 = false
 ## X - unlimited
 ## Default is X for floodfill, L for regular node
 # bandwidth = L
+## Max % of bandwidth limit for transit. 0-100. 100 by default
+# share = 100
 
 ## Router will not accept transit tunnels, disabling transit traffic completely
 ## (default = false)
@@ -76,46 +81,17 @@ ipv6 = false
 ## Router will be floodfill
 # floodfill = true
 
-[limits]
-## Maximum active transit sessions (default:2500)
-# transittunnels = 2500
-
-[precomputation]
-## Enable or disable elgamal precomputation table
-## By default, enabled on i386 hosts
-# elgamal = true
-
-[upnp]
-## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
-# enabled = false 
-
-## Name i2pd appears in UPnP forwardings list (default = I2Pd)
-# name = I2Pd
-
-[reseed]
-## Enable or disable reseed data verification. 
-verify = true
-## URLs to request reseed data from, separated by comma
-## Default: "mainline" I2P Network reseeds
-# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
-## Path to local reseed data file (.su3) for manual reseeding 
-# file = /path/to/i2pseeds.su3
-## or HTTPS URL to reseed from
-# file = https://legit-website.com/i2pseeds.su3
-
-[addressbook]
-## AddressBook subscription URL for initial setup
-## Default: inr.i2p at "mainline" I2P Network
-# defaulturl = http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt
-## Optional subscriptions URLs, separated by comma
-# subscriptions = http://inr.i2p/export/alive-hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
-
 [http]
+## Web Console settings
 ## Uncomment and set to 'false' to disable Web Console
 # enabled = true
 ## Address and port service will listen on
 address = 127.0.0.1
 port = 7070
+## Uncomment following lines to enable Web Console authentication 
+# auth = true
+# user = i2pd
+# pass = changeme
 
 [httpproxy]
 ## Uncomment and set to 'false' to disable HTTP Proxy
@@ -125,6 +101,11 @@ address = 127.0.0.1
 port = 4444
 ## Optional keys file for proxy local destination
 # keys = http-proxy-keys.dat
+## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
+# addresshelper = true
+## Address of a proxy server inside I2P, which is used to visit regular Internet
+# outproxy = http://false.i2p
+## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
 
 [socksproxy]
 ## Uncomment and set to 'false' to disable SOCKS Proxy
@@ -134,13 +115,13 @@ address = 127.0.0.1
 port = 4447
 ## Optional keys file for proxy local destination
 # keys = socks-proxy-keys.dat
-
 ## Socks outproxy. Example below is set to use Tor for all connections except i2p
 ## Uncomment and set to 'true' to enable using of SOCKS outproxy
 # outproxy.enabled = false
 ## Address and port of outproxy
 # outproxy = 127.0.0.1
 # outproxyport = 9050
+## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
 
 [sam]
 ## Uncomment and set to 'true' to enable SAM Bridge
@@ -169,3 +150,71 @@ enabled = true
 ## Address and port service will listen on
 # address = 127.0.0.1
 # port = 7650
+## Authentication password. "itoopie" by default
+# password = itoopie
+
+[precomputation]
+## Enable or disable elgamal precomputation table
+## By default, enabled on i386 hosts
+# elgamal = true
+
+[upnp]
+## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
+# enabled = false
+## Name i2pd appears in UPnP forwardings list (default = I2Pd)
+# name = I2Pd
+
+[reseed]
+## Options for bootstrapping into I2P network, aka reseeding
+## Enable or disable reseed data verification.
+verify = true
+## URLs to request reseed data from, separated by comma
+## Default: "mainline" I2P Network reseeds
+# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
+## Path to local reseed data file (.su3) for manual reseeding
+# file = /path/to/i2pseeds.su3
+## or HTTPS URL to reseed from
+# file = https://legit-website.com/i2pseeds.su3
+## Path to local ZIP file or HTTPS URL to reseed from
+# zipfile = /path/to/netDb.zip
+## If you run i2pd behind a proxy server, set proxy server for reseeding here
+## Should be http://address:port or socks://address:port
+# proxy = http://127.0.0.1:8118
+## Minimum number of known routers, below which i2pd triggers reseeding. 25 by default
+# threshold = 25
+
+[addressbook]
+## AddressBook subscription URL for initial setup
+## Default: inr.i2p at "mainline" I2P Network
+# defaulturl = http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt
+## Optional subscriptions URLs, separated by comma
+# subscriptions = http://inr.i2p/export/alive-hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
+
+[limits]
+## Maximum active transit sessions (default:2500)
+# transittunnels = 2500
+## Limit number of open file descriptors (0 - use system limit)  
+# openfiles = 0
+## Maximum size of corefile in Kb (0 - use system limit) 
+# coresize = 0
+## Threshold to start probabalistic backoff with ntcp sessions (0 - use system limit) 
+# ntcpsoft = 0
+## Maximum number of ntcp sessions (0 - use system limit) 
+# ntcphard = 0
+
+[trust]
+## Enable explicit trust options. false by default
+# enabled = true
+## Make direct I2P connections only to routers in specified Family.
+# family = MyFamily
+## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
+# routers = 
+## Should we hide our router from other routers? false by default
+# hidden = true
+
+[exploratory]
+## Exploratory tunnels settings with default values
+# inbound.length = 2 
+# inbound.quantity = 3
+# outbound.length = 2
+# outbound.quantity = 3

contrib/i2pd.service

@@ -0,0 +1,31 @@
+[Unit]
+Description=I2P Router written in C++
+Documentation=man:i2pd(1) https://i2pd.readthedocs.io/en/latest/
+After=network.target
+
+[Service]
+User=i2pd
+Group=i2pd
+RuntimeDirectory=i2pd
+RuntimeDirectoryMode=0700
+LogsDirectory=i2pd
+LogsDirectoryMode=0700
+Type=forking
+ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --pidfile=/var/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
+ExecReload=/bin/kill -HUP $MAINPID
+PIDFile=/var/run/i2pd/i2pd.pid
+### Uncomment, if auto restart needed
+#Restart=on-failure
+
+KillSignal=SIGQUIT
+# If you have the patience waiting 10 min on restarting/stopping it, uncomment this.
+# i2pd stops accepting new tunnels and waits ~10 min while old ones do not die.
+#KillSignal=SIGINT
+#TimeoutStopSec=10m
+
+# If you have problems with hanging i2pd, you can try enable this
+LimitNOFILE=4096
+PrivateDevices=yes
+
+[Install]
+WantedBy=multi-user.target

contrib/rpm/i2pd-git.spec

@@ -0,0 +1,102 @@
+%define git_hash %(git rev-parse HEAD | cut -c -7)
+
+Name:           i2pd-git
+Version:        2.19.0
+Release:        git%{git_hash}%{?dist}
+Summary:        I2P router written in C++
+Conflicts:      i2pd
+
+License:        BSD
+URL:            https://github.com/PurpleI2P/i2pd
+Source0:        https://github.com/PurpleI2P/i2pd/archive/openssl/i2pd-openssl.tar.gz
+
+%if 0%{?rhel}  == 7
+BuildRequires:  cmake3
+%else
+BuildRequires:  cmake
+%endif
+
+BuildRequires:  chrpath
+BuildRequires:  gcc-c++
+BuildRequires:  zlib-devel
+BuildRequires:  boost-devel
+BuildRequires:  openssl-devel
+BuildRequires:  miniupnpc-devel
+BuildRequires:  systemd-units
+
+Requires:	systemd
+Requires(pre):  %{_sbindir}/useradd %{_sbindir}/groupadd
+
+%description
+C++ implementation of I2P.
+
+%prep
+%setup -q
+
+
+%build
+cd build
+%if 0%{?rhel} == 7
+%cmake3 \
+    -DWITH_LIBRARY=OFF \
+    -DWITH_UPNP=ON \
+    -DWITH_HARDENING=ON \
+    -DBUILD_SHARED_LIBS:BOOL=OFF
+%else
+%cmake \
+    -DWITH_LIBRARY=OFF \
+    -DWITH_UPNP=ON \
+    -DWITH_HARDENING=ON \
+    -DBUILD_SHARED_LIBS:BOOL=OFF
+%endif
+
+make %{?_smp_mflags}
+
+
+%install
+cd build
+chrpath -d i2pd
+install -D -m 755 i2pd %{buildroot}%{_sbindir}/i2pd
+install -D -m 755 %{_builddir}/%{name}-%{version}/contrib/i2pd.conf %{buildroot}%{_sysconfdir}/i2pd/i2pd.conf
+install -D -m 755 %{_builddir}/%{name}-%{version}/contrib/tunnels.conf %{buildroot}%{_sysconfdir}/i2pd/tunnels.conf
+install -d -m 755 %{buildroot}%{_datadir}/i2pd
+%{__cp} -r %{_builddir}/%{name}-%{version}/contrib/certificates/ %{buildroot}%{_datadir}/i2pd/certificates
+install -D -m 644 %{_builddir}/%{name}-%{version}/contrib/rpm/i2pd.service %{buildroot}%{_unitdir}/i2pd.service
+install -d -m 700 %{buildroot}%{_sharedstatedir}/i2pd
+install -d -m 700 %{buildroot}%{_localstatedir}/log/i2pd
+ln -s %{_datadir}/%{name}/certificates %{buildroot}%{_sharedstatedir}/i2pd/certificates
+
+
+%pre
+getent group i2pd >/dev/null || %{_sbindir}/groupadd -r i2pd
+getent passwd i2pd >/dev/null || \
+  %{_sbindir}/useradd -r -g i2pd -s %{_sbindir}/nologin \
+                      -d %{_sharedstatedir}/i2pd -c 'I2P Service' i2pd
+
+
+%post
+%systemd_post i2pd.service
+
+
+%preun
+%systemd_preun i2pd.service
+
+
+%postun
+%systemd_postun_with_restart i2pd.service
+
+
+%files
+%doc LICENSE README.md
+%{_sbindir}/i2pd
+%{_datadir}/i2pd/certificates
+%config(noreplace) %{_sysconfdir}/i2pd/*
+/%{_unitdir}/i2pd.service
+%dir %attr(0700,i2pd,i2pd) %{_localstatedir}/log/i2pd
+%dir %attr(0700,i2pd,i2pd) %{_sharedstatedir}/i2pd
+%{_sharedstatedir}/i2pd/certificates
+
+
+%changelog
+* Thu Feb 01 2018 r4sas <r4sas@i2pmail.org> - 2.18.0
+- Initial i2pd-git based on i2pd 2.18.0-1 spec

contrib/rpm/i2pd.service

@@ -1,16 +0,0 @@
-[Unit]
-Description=I2P router
-After=network.target
-
-[Service]
-User=i2pd
-Group=i2pd
-Type=simple
-ExecStart=/usr/bin/i2pd --service
-PIDFile=/var/lib/i2pd/i2pd.pid
-Restart=always
-PrivateTmp=true
-
-[Install]
-WantedBy=multi-user.target
-

contrib/rpm/i2pd.service

@@ -0,0 +1 @@
+../i2pd.service

contrib/rpm/i2pd.spec

@@ -1,9 +1,8 @@
-%define build_timestamp %(date +"%Y%m%d")
-
 Name:           i2pd
-Version:        2.15.0
-Release:        %{build_timestamp}git%{?dist}
+Version:        2.19.0
+Release:        1%{?dist}
 Summary:        I2P router written in C++
+Conflicts:      i2pd-git
 
 License:        BSD
 URL:            https://github.com/PurpleI2P/i2pd
@@ -23,32 +22,19 @@ BuildRequires:  openssl-devel
 BuildRequires:  miniupnpc-devel
 BuildRequires:  systemd-units
 
-%description
-C++ implementation of I2P.
-
-
-%package systemd
-Summary:        Files to run I2P router under systemd
-Requires:	i2pd
 Requires:	systemd
 Requires(pre):  %{_sbindir}/useradd %{_sbindir}/groupadd
-Obsoletes:      %{name}-daemon
 
-
-%description systemd
+%description
 C++ implementation of I2P.
 
-This package contains systemd unit file to run i2pd as a system service
-using dedicated user's permissions.
-
-
 %prep
 %setup -q
 
 
 %build
 cd build
-%if 0%{?rhel} == 7 
+%if 0%{?rhel} == 7
 %cmake3 \
     -DWITH_LIBRARY=OFF \
     -DWITH_UPNP=ON \
@@ -68,85 +54,87 @@ make %{?_smp_mflags}
 %install
 cd build
 chrpath -d i2pd
-install -D -m 755 i2pd %{buildroot}%{_bindir}/i2pd
-install -D -m 644 %{_builddir}/%{name}-%{version}/contrib/rpm/i2pd.service %{buildroot}/%{_unitdir}/i2pd.service
-install -d -m 700 %{buildroot}/%{_sharedstatedir}/i2pd
+install -D -m 755 i2pd %{buildroot}%{_sbindir}/i2pd
+install -D -m 755 %{_builddir}/%{name}-%{version}/contrib/i2pd.conf %{buildroot}%{_sysconfdir}/i2pd/i2pd.conf
+install -D -m 755 %{_builddir}/%{name}-%{version}/contrib/tunnels.conf %{buildroot}%{_sysconfdir}/i2pd/tunnels.conf
+install -d -m 755 %{buildroot}%{_datadir}/i2pd
+%{__cp} -r %{_builddir}/%{name}-%{version}/contrib/certificates/ %{buildroot}%{_datadir}/i2pd/certificates
+install -D -m 644 %{_builddir}/%{name}-%{version}/contrib/rpm/i2pd.service %{buildroot}%{_unitdir}/i2pd.service
+install -d -m 700 %{buildroot}%{_sharedstatedir}/i2pd
+install -d -m 700 %{buildroot}%{_localstatedir}/log/i2pd
+ln -s %{_datadir}/%{name}/certificates %{buildroot}%{_sharedstatedir}/i2pd/certificates
 
 
-%pre systemd
+%pre
 getent group i2pd >/dev/null || %{_sbindir}/groupadd -r i2pd
 getent passwd i2pd >/dev/null || \
   %{_sbindir}/useradd -r -g i2pd -s %{_sbindir}/nologin \
                       -d %{_sharedstatedir}/i2pd -c 'I2P Service' i2pd
 
 
-%post systemd
+%post
 %systemd_post i2pd.service
 
 
-%preun systemd
+%preun
 %systemd_preun i2pd.service
 
 
-%postun systemd
+%postun
 %systemd_postun_with_restart i2pd.service
 
 
 %files
 %doc LICENSE README.md
-%_bindir/i2pd
-
-
-%files systemd
-/%_unitdir/i2pd.service
-%dir %attr(0700,i2pd,i2pd) %_sharedstatedir/i2pd
+%{_sbindir}/i2pd
+%{_datadir}/i2pd/certificates
+%config(noreplace) %{_sysconfdir}/i2pd/*
+/%{_unitdir}/i2pd.service
+%dir %attr(0700,i2pd,i2pd) %{_localstatedir}/log/i2pd
+%dir %attr(0700,i2pd,i2pd) %{_sharedstatedir}/i2pd
+%{_sharedstatedir}/i2pd/certificates
 
 
 %changelog
+* Tue Jun 26 2018 orignal <i2porignal@yandex.ru> - 2.19.0
+- update to 2.19.0
+
+* Mon Feb 05 2018 r4sas <r4sas@i2pmail.org> - 2.18.0-2
+- Fixed blocking system shutdown for 10 minutes (#1089)
+
+* Thu Feb 01 2018 r4sas <r4sas@i2pmail.org> - 2.18.0-1
+- Added to conflicts i2pd-git package
+- Fixed release versioning
+- Fixed paths with double slashes
+
+* Tue Jan 30 2018 orignal <i2porignal@yandex.ru> - 2.18.0
+- update to 2.18.0
+
+* Sat Jan 27 2018 l-n-s <supervillain@riseup.net> - 2.17.0-1
+- Added certificates and default configuration files
+- Merge i2pd with i2pd-systemd package
+- Fixed package changelogs to comply with guidelines
+
+* Mon Dec 04 2017 orignal <i2porignal@yandex.ru> - 2.17.0
+- update to 2.17.0
+
+* Mon Nov 13 2017 orignal <i2porignal@yandex.ru> - 2.16.0
+- update to 2.16.0
+
 * Thu Aug 17 2017 orignal <i2porignal@yandex.ru> - 2.15.0
-- Added QT GUI 
-- Added ability add and remove I2P tunnels without restart
-- Added ability to disable SOCKS outproxy option
-- Changed strip-out Accept-* hedaers in HTTP proxy
-- Changed peer test if nat=false
-- Changed separate output of NTCP and SSU sessions in Transports tab
-- Fixed handle lines with comments in hosts.txt file for address book
-- Fixed run router with empty netdb for testnet
-- Fixed skip expired introducers by iexp
+- update to 2.15.0
 
 * Thu Jun 01 2017 orignal <i2porignal@yandex.ru> - 2.14.0
-- Added transit traffic bandwidth limitation
-- Added NTCP connections through HTTP and SOCKS proxies
-- Added ability to disable address helper for HTTP proxy
-- Changed reseed servers list
+- update to 2.14.0
 
 * Thu Apr 06 2017 orignal <i2porignal@yandex.ru> - 2.13.0
-- Added persist local destination's tags
-- Added GOST signature types 9 and 10
-- Added exploratory tunnels configuration
-- Changed reseed servers list
-- Changed inactive NTCP sockets get closed faster
-- Changed some EdDSA speed up
-- Fixed multiple acceptors for SAM
-- Fixed follow on data after STREAM CREATE for SAM
-- Fixed memory leaks
+- update to 2.13.0
 
 * Tue Feb 14 2017 orignal <i2porignal@yandex.ru> - 2.12.0
-- Additional HTTP and SOCKS proxy tunnels
-- Reseed from ZIP archive
-- 'X' bandwidth code
-- Reduced memory and file descriptors usage
+- update to 2.12.0
 
 * Mon Dec 19 2016 orignal <i2porignal@yandex.ru> - 2.11.0
-- Full support of zero-hops tunnels
-- Tunnel configuration for HTTP and SOCKS proxy
-- Websockets support
-- Multiple acceptors for SAM destination
-- Routing path for UDP tunnels
-- Reseed through a floodfill
-- Use AVX instructions for DHT and HMAC if applicable
-- Fixed UPnP discovery bug, producing excessive CPU usage
-- Handle multiple lookups of the same LeaseSet correctly
+- update to 2.11.0
 
 * Thu Oct 20 2016 Anatolii Vorona <vorona.tolik@gmail.com> - 2.10.0-3
 - add support C7

contrib/tunnels.conf

@@ -30,4 +30,4 @@ keys = irc-keys.dat
 #destinationport = 110
 #keys = pop3-keys.dat
 
-# see more examples in /usr/share/doc/i2pd/configuration.md.gz
+# see more examples at https://i2pd.readthedocs.io/en/latest/user-guide/tunnels/

daemon/Daemon.cpp

@@ -60,8 +60,12 @@ namespace i2p
 			return service;
 		}
 
-		bool Daemon_Singleton::init(int argc, char* argv[])
-		{
+        bool Daemon_Singleton::init(int argc, char* argv[]) {
+            return init(argc, argv, nullptr);
+        }
+
+        bool Daemon_Singleton::init(int argc, char* argv[], std::shared_ptr<std::ostream> logstream)
+        {
 			i2p::config::Init();
 			i2p::config::ParseCmdline(argc, argv);
 
@@ -94,13 +98,20 @@ namespace i2p
 			std::string logs     = ""; i2p::config::GetOption("log",      logs);
 			std::string logfile  = ""; i2p::config::GetOption("logfile",  logfile);
 			std::string loglevel = ""; i2p::config::GetOption("loglevel", loglevel);
+			bool logclftime;           i2p::config::GetOption("logclftime", logclftime);
 
 			/* setup logging */
+			if (logclftime)
+				i2p::log::Logger().SetTimeFormat ("[%d/%b/%Y:%H:%M:%S %z]");
+
 			if (isDaemon && (logs == "" || logs == "stdout"))
 				logs = "file";
 
 			i2p::log::Logger().SetLogLevel(loglevel);
-			if (logs == "file") {
+            if (logstream) {
+                LogPrint(eLogInfo, "Log: will send messages to std::ostream");
+                i2p::log::Logger().SendTo (logstream);
+            } else if (logs == "file") {
 				if (logfile == "")
 					logfile = i2p::fs::DataDirPath("i2pd.log");
 				LogPrint(eLogInfo, "Log: will send messages to ", logfile);
@@ -115,12 +126,6 @@ namespace i2p
 			}
 
 			LogPrint(eLogInfo,	"i2pd v", VERSION, " starting");
-#ifdef AESNI
-			LogPrint(eLogInfo,	"AESNI enabled");
-#endif
-#if defined(__AVX__)
-			LogPrint(eLogInfo,	"AVX enabled"); 
-#endif
 			LogPrint(eLogDebug, "FS: main config file: ", config);
 			LogPrint(eLogDebug, "FS: data directory: ", datadir);
 

daemon/Daemon.h

@@ -3,17 +3,19 @@
 
 #include <memory>
 #include <string>
+#include <ostream>
 
 namespace i2p
 {
-	namespace util
+namespace util
+{
+	class Daemon_Singleton_Private;
+	class Daemon_Singleton
 	{
-		class Daemon_Singleton_Private;
-		class Daemon_Singleton
-		{
 		public:
-			virtual bool init(int argc, char* argv[]);
-			virtual bool start();
+            virtual bool init(int argc, char* argv[], std::shared_ptr<std::ostream> logstream);
+            virtual bool init(int argc, char* argv[]);
+            virtual bool start();
 			virtual bool stop();
 			virtual void run () {};
 
@@ -29,40 +31,25 @@ namespace i2p
 			// d-pointer for httpServer, httpProxy, etc.
 			class Daemon_Singleton_Private;
 			Daemon_Singleton_Private &d;
-		};
+	};
 
 #if defined(QT_GUI_LIB) // check if QT
 #define Daemon i2p::util::DaemonQT::Instance()
-	// dummy, invoked from RunQT	
-    class DaemonQT: public i2p::util::Daemon_Singleton
+	// dummy, invoked from RunQT
+	class DaemonQT: public i2p::util::Daemon_Singleton
 	{
 		public:
-
 			static DaemonQT& Instance()
 			{
 				static DaemonQT instance;
 				return instance;
 			}
-    };
-
-#elif defined(ANDROID)
-#define Daemon i2p::util::DaemonAndroid::Instance()
-	// dummy, invoked from android/jni/DaemonAndroid.*
-    class DaemonAndroid: public i2p::util::Daemon_Singleton
-	{
-		public:
-
-			static DaemonAndroid& Instance()
-			{
-				static DaemonAndroid instance;
-				return instance;
-			}
-    };
+	};
 
 #elif defined(_WIN32)
 #define Daemon i2p::util::DaemonWin32::Instance()
-		class DaemonWin32 : public Daemon_Singleton
-		{
+	class DaemonWin32 : public Daemon_Singleton
+	{
 		public:
 			static DaemonWin32& Instance()
 			{
@@ -74,34 +61,47 @@ namespace i2p
 			bool start();
 			bool stop();
 			void run ();
-		};
+
+			bool isGraceful;
+
+			DaemonWin32 ():isGraceful(false) {}
+	};
+#elif (defined(ANDROID) && !defined(ANDROID_BINARY))
+#define Daemon i2p::util::DaemonAndroid::Instance()
+	// dummy, invoked from android/jni/DaemonAndroid.*
+	class DaemonAndroid: public i2p::util::Daemon_Singleton
+	{
+		public:
+			static DaemonAndroid& Instance()
+			{
+				static DaemonAndroid instance;
+				return instance;
+			}
+	};
 #else
 #define Daemon i2p::util::DaemonLinux::Instance()
-        class DaemonLinux : public Daemon_Singleton
-		{
-			public:
-				static DaemonLinux& Instance()
-				{
-					static DaemonLinux instance;
-					return instance;
-				}
+	class DaemonLinux : public Daemon_Singleton
+	{
+		public:
+			static DaemonLinux& Instance()
+			{
+				static DaemonLinux instance;
+				return instance;
+			}
 
-				bool start();
-				bool stop();
-				void run ();
+			bool start();
+			bool stop();
+			void run ();
 
-			private:
+		private:
+			std::string pidfile;
+			int pidFH;
 
-				std::string pidfile;
-                int pidFH;
-
-			public:
-
-				int gracefulShutdownInterval; // in seconds
-
-		};
+		public:
+			int gracefulShutdownInterval; // in seconds
+	};
 #endif
-	}
+}
 }
 
 #endif // DAEMON_H__

daemon/HTTPServer.cpp

@@ -51,8 +51,8 @@ namespace http {
 	const char *cssStyles =
 		"<style>\r\n"
 		"  body { font: 100%/1.5em sans-serif; margin: 0; padding: 1.5em; background: #FAFAFA; color: #103456; }\r\n"
-		"  a { text-decoration: none; color: #894C84; }\r\n"
-		"  a:hover { color: #FAFAFA; background: #894C84; }\r\n"
+		"  a, .slide label { text-decoration: none; color: #894C84; }\r\n"
+		"  a:hover, .slide label:hover { color: #FAFAFA; background: #894C84; }\r\n"
 		"  .header { font-size: 2.5em; text-align: center; margin: 1.5em 0; color: #894C84; }\r\n"
 		"  .wrapper { margin: 0 auto; padding: 1em; max-width: 60em; }\r\n"
 		"  .left  { float: left; position: absolute; }\r\n"
@@ -60,12 +60,13 @@ namespace http {
 		"  .tunnel.established { color: #56B734; }\r\n"
 		"  .tunnel.expiring    { color: #D3AE3F; }\r\n"
 		"  .tunnel.failed      { color: #D33F3F; }\r\n"
-		"  .tunnel.another     { color: #434343; }\r\n"
+		"  .tunnel.building    { color: #434343; }\r\n"
 		"  caption { font-size: 1.5em; text-align: center; color: #894C84; }\r\n"
 		"  table { width: 100%; border-collapse: collapse; text-align: center; }\r\n"
-		"  .private { background: black; color: black; } .private:hover { background: black; color: white } \r\n"
-		"  .slide p, .slide [type='checkbox']{ display:none; } \r\n"
-		"  .slide [type='checkbox']:checked ~ p { display:block; } \r\n"
+		"  .slide p, .slide [type='checkbox']{ display:none; }\r\n"
+		"  .slide [type='checkbox']:checked ~ p { display:block; margin-top: 0; padding: 0; }\r\n"
+		"  .disabled:after { color: #D33F3F; content: \"Disabled\" }\r\n"
+		"  .enabled:after  { color: #56B734; content: \"Enabled\"  }\r\n"
 		"</style>\r\n";
 
 	const char HTTP_PAGE_TUNNELS[] = "tunnels";
@@ -83,13 +84,14 @@ namespace http {
 	const char HTTP_COMMAND_DISABLE_TRANSIT[] = "disable_transit";
 	const char HTTP_COMMAND_SHUTDOWN_START[] = "shutdown_start";
 	const char HTTP_COMMAND_SHUTDOWN_CANCEL[] = "shutdown_cancel";
-	const char HTTP_COMMAND_SHUTDOWN_NOW[]   = "terminate";
+	const char HTTP_COMMAND_SHUTDOWN_NOW[] = "terminate";
 	const char HTTP_COMMAND_RUN_PEER_TEST[] = "run_peer_test";
 	const char HTTP_COMMAND_RELOAD_CONFIG[] = "reload_config";
+	const char HTTP_COMMAND_LOGLEVEL[] = "set_loglevel";
 	const char HTTP_PARAM_SAM_SESSION_ID[] = "id";
 	const char HTTP_PARAM_ADDRESS[] = "address";
 
-	static void ShowUptime (std::stringstream& s, int seconds) 
+	static void ShowUptime (std::stringstream& s, int seconds)
 	{
 		int num;
 
@@ -120,7 +122,7 @@ namespace http {
 			s << numKBytes / 1024 / 1024 << " GiB";
 	}
 
-	static void ShowTunnelDetails (std::stringstream& s, enum i2p::tunnel::TunnelState eState, int bytes)
+	static void ShowTunnelDetails (std::stringstream& s, enum i2p::tunnel::TunnelState eState, bool explr, int bytes)
 	{
 		std::string state;
 		switch (eState) {
@@ -133,10 +135,21 @@ namespace http {
 			case i2p::tunnel::eTunnelStateEstablished : state = "established"; break;
 			default: state = "unknown"; break;
 		}
-		s << "<span class=\"tunnel " << state << "\"> " << state << "</span>, ";
+		s << "<span class=\"tunnel " << state << "\"> " << state << ((explr) ? " (exploratory)" : "") << "</span>, ";
 		s << " " << (int) (bytes / 1024) << "&nbsp;KiB<br>\r\n";
 	}
 
+	static void SetLogLevel (const std::string& level)
+	{
+		if (level == "none" || level == "error" || level == "warn" || level == "info" || level == "debug")
+			i2p::log::Logger().SetLogLevel(level);
+		else {
+			LogPrint(eLogError, "HTTPServer: unknown loglevel set attempted");
+			return;
+		}
+		i2p::log::Logger().Reopen ();
+	}
+
 	static void ShowPageHead (std::stringstream& s)
 	{
 		s <<
@@ -185,7 +198,10 @@ namespace http {
 		s << "<b>ERROR:</b>&nbsp;" << string << "<br>\r\n";
 	}
 
-	static void ShowStatus (std::stringstream& s)
+    void ShowStatus (
+            std::stringstream& s,
+            bool includeHiddenContent,
+            i2p::http::OutputFormatEnum outputFormat)
 	{
 		s << "<b>Uptime:</b> ";
 		ShowUptime(s, i2p::context.GetUptime ());
@@ -195,23 +211,23 @@ namespace http {
 		{
 			case eRouterStatusOK: s << "OK"; break;
 			case eRouterStatusTesting: s << "Testing"; break;
-			case eRouterStatusFirewalled: s << "Firewalled"; break; 
-			case eRouterStatusError: 
-			{	
-				s << "Error"; 
+			case eRouterStatusFirewalled: s << "Firewalled"; break;
+			case eRouterStatusError:
+			{
+				s << "Error";
 				switch (i2p::context.GetError ())
 				{
 					case eRouterErrorClockSkew:
-						s << "<br>Clock skew"; 
+						s << "<br>Clock skew";
 					break;
-					default: ;	
-				}	
+					default: ;
+				}
 				break;
-			}	
+			}
 			default: s << "Unknown";
-		} 
+		}
 		s << "<br>\r\n";
-#if (!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID))
+#if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID)) || defined(ANDROID_BINARY))
 		if (auto remains = Daemon.gracefulShutdownInterval) {
 			s << "<b>Stopping in:</b> ";
 			s << remains << " seconds";
@@ -230,36 +246,44 @@ namespace http {
 		s << " (" << (double) i2p::transport::transports.GetOutBandwidth () / 1024 << " KiB/s)<br>\r\n";
 		s << "<b>Transit:</b> ";
 		ShowTraffic (s, i2p::transport::transports.GetTotalTransitTransmittedBytes ());
-		s << " (" << (double) i2p::transport::transports.GetTransitBandwidth () / 1024 << " KiB/s)<br>\r\n";		
+		s << " (" << (double) i2p::transport::transports.GetTransitBandwidth () / 1024 << " KiB/s)<br>\r\n";
 		s << "<b>Data path:</b> " << i2p::fs::GetDataDir() << "<br>\r\n";
-		s << "<div class='slide'\r\n><label for='slide1'>Hidden content. Press on text to see.</label>\r\n<input type='checkbox' id='slide1'/>\r\n<p class='content'>\r\n";
-		s << "<b>Router Ident:</b> " << i2p::context.GetRouterInfo().GetIdentHashBase64() << "<br>\r\n";
-		s << "<b>Router Family:</b> " << i2p::context.GetRouterInfo().GetProperty("family") << "<br>\r\n";
-		s << "<b>Router Caps:</b> " << i2p::context.GetRouterInfo().GetProperty("caps") << "<br>\r\n";
-		s << "<b>Our external address:</b>" << "<br>\r\n" ;
-		for (const auto& address : i2p::context.GetRouterInfo().GetAddresses())
-		{
-			switch (address->transportStyle)
+        s << "<div class='slide'>";
+        if((outputFormat==OutputFormatEnum::forWebConsole)||!includeHiddenContent) {
+            s << "<label for='slide-info'>Hidden content. Press on text to see.</label>\r\n<input type='checkbox' id='slide-info'/>\r\n<p class='content'>\r\n";
+        }
+        if(includeHiddenContent) {
+            s << "<b>Router Ident:</b> " << i2p::context.GetRouterInfo().GetIdentHashBase64() << "<br>\r\n";
+			s << "<b>Router Family:</b> " << i2p::context.GetRouterInfo().GetProperty("family") << "<br>\r\n";
+			s << "<b>Router Caps:</b> " << i2p::context.GetRouterInfo().GetProperty("caps") << "<br>\r\n";
+			s << "<b>Our external address:</b>" << "<br>\r\n" ;
+			for (const auto& address : i2p::context.GetRouterInfo().GetAddresses())
 			{
-				case i2p::data::RouterInfo::eTransportNTCP:
-					if (address->host.is_v6 ())
-						s << "NTCP6&nbsp;&nbsp;";
-					else
-						s << "NTCP&nbsp;&nbsp;";
-				break;
-				case i2p::data::RouterInfo::eTransportSSU:
-					if (address->host.is_v6 ())
-						s << "SSU6&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
-					else
-						s << "SSU&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
-				break;
-				default:
-					s << "Unknown&nbsp;&nbsp;";
+				switch (address->transportStyle)
+				{
+					case i2p::data::RouterInfo::eTransportNTCP:
+						if (address->host.is_v6 ())
+							s << "NTCP6&nbsp;&nbsp;";
+						else
+							s << "NTCP&nbsp;&nbsp;";
+					break;
+					case i2p::data::RouterInfo::eTransportSSU:
+						if (address->host.is_v6 ())
+							s << "SSU6&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+						else
+							s << "SSU&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
+					break;
+					default:
+						s << "Unknown&nbsp;&nbsp;";
+				}
+				s << address->host.to_string() << ":" << address->port << "<br>\r\n";
 			}
-			s << address->host.to_string() << ":" << address->port << "<br>\r\n";
-		}
+        }
 		s << "</p>\r\n</div>\r\n";
-		s << "<b>Routers:</b> " << i2p::data::netdb.GetNumRouters () << " ";
+        if(outputFormat==OutputFormatEnum::forQtUi) {
+            s << "<br>";
+        }
+        s << "<b>Routers:</b> " << i2p::data::netdb.GetNumRouters () << " ";
 		s << "<b>Floodfills:</b> " << i2p::data::netdb.GetNumFloodfills () << " ";
 		s << "<b>LeaseSets:</b> " << i2p::data::netdb.GetNumLeaseSets () << "<br>\r\n";
 
@@ -268,32 +292,45 @@ namespace http {
 		size_t transitTunnelCount = i2p::tunnel::tunnels.CountTransitTunnels();
 
 		s << "<b>Client Tunnels:</b> " << std::to_string(clientTunnelCount) << " ";
-		s << "<b>Transit Tunnels:</b> " << std::to_string(transitTunnelCount) << "<br>\r\n";
+		s << "<b>Transit Tunnels:</b> " << std::to_string(transitTunnelCount) << "<br>\r\n<br>\r\n";
+
+        if(outputFormat==OutputFormatEnum::forWebConsole) {
+            s << "<table><caption>Services</caption><tr><th>Service</th><th>State</th></tr>\r\n";
+            s << "<tr><td>" << "HTTP Proxy"		<< "</td><td><div class='" << ((i2p::client::context.GetHttpProxy ())			? "enabled" : "disabled") << "'></div></td></tr>\r\n";
+            s << "<tr><td>" << "SOCKS Proxy"	<< "</td><td><div class='" << ((i2p::client::context.GetSocksProxy ())			? "enabled" : "disabled") << "'></div></td></tr>\r\n";
+            s << "<tr><td>" << "BOB"			<< "</td><td><div class='" << ((i2p::client::context.GetBOBCommandChannel ())	? "enabled" : "disabled") << "'></div></td></tr>\r\n";
+            s << "<tr><td>" << "SAM"			<< "</td><td><div class='" << ((i2p::client::context.GetSAMBridge ())			? "enabled" : "disabled") << "'></div></td></tr>\r\n";
+            s << "<tr><td>" << "I2CP"			<< "</td><td><div class='" << ((i2p::client::context.GetI2CPServer ())			? "enabled" : "disabled") << "'></div></td></tr>\r\n";
+            bool i2pcontrol; i2p::config::GetOption("i2pcontrol.enabled", i2pcontrol);
+            s << "<tr><td>" << "I2PControl"		<< "</td><td><div class='" << ((i2pcontrol) 									? "enabled" : "disabled") << "'></div></td></tr>\r\n";
+            s << "</table>\r\n";
+        }
 	}
 
-	static void ShowLocalDestinations (std::stringstream& s)
+	void ShowLocalDestinations (std::stringstream& s)
 	{
 		s << "<b>Local Destinations:</b><br>\r\n<br>\r\n";
 		for (auto& it: i2p::client::context.GetDestinations ())
 		{
-			auto ident = it.second->GetIdentHash (); 
-			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">"; 
+			auto ident = it.second->GetIdentHash ();
+			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 			s << i2p::client::context.GetAddressBook ().ToAddress(ident) << "</a><br>\r\n" << std::endl;
 		}
 
 		auto i2cpServer = i2p::client::context.GetI2CPServer ();
-		if (i2cpServer)
+		if (i2cpServer && !(i2cpServer->GetSessions ().empty ()))
 		{
 			s << "<br><b>I2CP Local Destinations:</b><br>\r\n<br>\r\n";
 			for (auto& it: i2cpServer->GetSessions ())
 			{
 				auto dest = it.second->GetDestination ();
 				if (dest)
-				{	
-					auto ident = dest->GetIdentHash (); 
-					s << "<a href=\"/?page=" << HTTP_PAGE_I2CP_LOCAL_DESTINATION << "&i2cp_id=" << it.first << "\">"; 
-					s << i2p::client::context.GetAddressBook ().ToAddress(ident) << "</a><br>\r\n" << std::endl;
-				}	
+				{
+					auto ident = dest->GetIdentHash ();
+					auto& name = dest->GetNickname ();
+					s << "<a href=\"/?page=" << HTTP_PAGE_I2CP_LOCAL_DESTINATION << "&i2cp_id=" << it.first << "\">[ ";
+					s << name << " ]</a> &#8660; " << i2p::client::context.GetAddressBook ().ToAddress(ident) <<"<br>\r\n" << std::endl;
+				}
 			}
 		}
 	}
@@ -302,14 +339,14 @@ namespace http {
 	{
 		s << "<b>Base64:</b><br>\r\n<textarea readonly=\"readonly\" cols=\"64\" rows=\"11\" wrap=\"on\">";
 		s << dest->GetIdentity ()->ToBase64 () << "</textarea><br>\r\n<br>\r\n";
-		s << "<b>LeaseSets:</b> <i>" << dest->GetNumRemoteLeaseSets () << "</i><br>\r\n";
 		if(dest->GetNumRemoteLeaseSets())
 		{
-			s << "<div class='slide'\r\n><label for='slide1'>Hidden content. Press on text to see.</label>\r\n<input type='checkbox' id='slide1'/>\r\n<p class='content'>\r\n";
+			s << "<div class='slide'><label for='slide-lease'><b>LeaseSets:</b> <i>" << dest->GetNumRemoteLeaseSets () << "</i></label>\r\n<input type='checkbox' id='slide-lease'/>\r\n<p class='content'>\r\n";
 			for(auto& it: dest->GetLeaseSets ())
 				s << it.second->GetIdentHash ().ToBase32 () << "<br>\r\n";
 			s << "</p>\r\n</div>\r\n";
-		}
+		} else
+			s << "<b>LeaseSets:</b> <i>0</i><br>\r\n";
 		auto pool = dest->GetTunnelPool ();
 		if (pool)
 		{
@@ -318,7 +355,7 @@ namespace http {
 				it->Print(s);
 				if(it->LatencyIsKnown())
 					s << " ( " << it->GetMeanLatency() << "ms )";
-				ShowTunnelDetails(s, it->GetState (), it->GetNumReceivedBytes ());
+				ShowTunnelDetails(s, it->GetState (), false, it->GetNumReceivedBytes ());
 			}
 			s << "<br>\r\n";
 			s << "<b>Outbound tunnels:</b><br>\r\n";
@@ -326,20 +363,22 @@ namespace http {
 				it->Print(s);
 				if(it->LatencyIsKnown())
 					s << " ( " << it->GetMeanLatency() << "ms )";
-				ShowTunnelDetails(s, it->GetState (), it->GetNumSentBytes ());
+				ShowTunnelDetails(s, it->GetState (), false, it->GetNumSentBytes ());
 			}
 		}
 		s << "<br>\r\n";
-		s << "<b>Tags</b><br>Incoming: " << dest->GetNumIncomingTags () << "<br>Outgoing:<br>" << std::endl;
-		for (const auto& it: dest->GetSessions ())
-		{
-			s << i2p::client::context.GetAddressBook ().ToAddress(it.first) << " ";
-			s << it.second->GetNumOutgoingTags () << "<br>" << std::endl;
-		}
-		s << "<br>" << std::endl;
+		s << "<b>Tags</b><br>Incoming: <i>" << dest->GetNumIncomingTags () << "</i><br>";
+		if (!dest->GetSessions ().empty ()) {
+			s << "<div class='slide'><label for='slide-tags'>Outgoing:</label>\r\n<input type='checkbox' id='slide-tags'/>\r\n<p class='content'>\r\n";
+			for (const auto& it: dest->GetSessions ())
+				s << i2p::client::context.GetAddressBook ().ToAddress(it.first) << " " << it.second->GetNumOutgoingTags () << "<br>\r\n";
+			s << "</p>\r\n</div>\r\n";
+		} else
+			s << "Outgoing: <i>0</i><br>\r\n";
+		s << "<br>\r\n";
 	}
 
-	static void  ShowLocalDestination (std::stringstream& s, const std::string& b32)
+	void ShowLocalDestination (std::stringstream& s, const std::string& b32)
 	{
 		s << "<b>Local Destination:</b><br>\r\n<br>\r\n";
 		i2p::data::IdentHash ident;
@@ -347,9 +386,9 @@ namespace http {
 		auto dest = i2p::client::context.FindLocalDestination (ident);
 		if (dest)
 		{
-			ShowLeaseSetDestination (s, dest);	
+			ShowLeaseSetDestination (s, dest);
 			// show streams
-			s << "<br>\r\n<table><caption>Streams</caption><tr>";
+			s << "<table><caption>Streams</caption>\r\n<tr>";
 			s << "<th>StreamID</th>";
 			s << "<th>Destination</th>";
 			s << "<th>Sent</th>";
@@ -360,7 +399,7 @@ namespace http {
 			s << "<th>RTT</th>";
 			s << "<th>Window</th>";
 			s << "<th>Status</th>";
-			s << "</tr>";
+			s << "</tr>\r\n";
 
 			for (const auto& it: dest->GetAllStreams ())
 			{
@@ -375,35 +414,35 @@ namespace http {
 				s << "<td>" << it->GetRTT () << "</td>";
 				s << "<td>" << it->GetWindowSize () << "</td>";
 				s << "<td>" << (int)it->GetStatus () << "</td>";
-				s << "</tr><br>\r\n" << std::endl; 
-   		}
+				s << "</tr>\r\n";
+			}
 			s << "</table>";
 		}
 	}
 
-	static void  ShowI2CPLocalDestination (std::stringstream& s, const std::string& id)
+	static void ShowI2CPLocalDestination (std::stringstream& s, const std::string& id)
 	{
 		auto i2cpServer = i2p::client::context.GetI2CPServer ();
 		if (i2cpServer)
 		{
 			s << "<b>I2CP Local Destination:</b><br>\r\n<br>\r\n";
-			auto it = i2cpServer->GetSessions ().find (std::stoi (id)); 
+			auto it = i2cpServer->GetSessions ().find (std::stoi (id));
 			if (it != i2cpServer->GetSessions ().end ())
 				ShowLeaseSetDestination (s, it->second->GetDestination ());
 			else
-				ShowError(s, "I2CP session not found");	
+				ShowError(s, "I2CP session not found");
 		}
 		else
 			ShowError(s, "I2CP is not enabled");
 	}
 
-	static void ShowLeasesSets(std::stringstream& s)
+	void ShowLeasesSets(std::stringstream& s)
 	{
-		s << "<div id='leasesets'><b>LeaseSets (click on to show info):</b></div><br>\r\n";
+		s << "<b>LeaseSets:</b><br>\r\n<br>\r\n";
 		int counter = 1;
 		// for each lease set
 		i2p::data::netdb.VisitLeaseSets(
-			[&s, &counter](const i2p::data::IdentHash dest, std::shared_ptr<i2p::data::LeaseSet> leaseSet) 
+			[&s, &counter](const i2p::data::IdentHash dest, std::shared_ptr<i2p::data::LeaseSet> leaseSet)
 			{
 				// create copy of lease set so we extract leases
 				i2p::data::LeaseSet ls(leaseSet->GetBuffer(), leaseSet->GetBufferLen());
@@ -430,16 +469,19 @@ namespace http {
 		// end for each lease set
 	}
 
-	static void ShowTunnels (std::stringstream& s)
+	void ShowTunnels (std::stringstream& s)
 	{
+		s << "<b>Tunnels:</b><br>\r\n<br>\r\n";
 		s << "<b>Queue size:</b> " << i2p::tunnel::tunnels.GetQueueSize () << "<br>\r\n";
 
+		auto ExplPool = i2p::tunnel::tunnels.GetExploratoryPool ();
+
 		s << "<b>Inbound tunnels:</b><br>\r\n";
 		for (auto & it : i2p::tunnel::tunnels.GetInboundTunnels ()) {
 			it->Print(s);
 			if(it->LatencyIsKnown())
 				s << " ( " << it->GetMeanLatency() << "ms )";
-			ShowTunnelDetails(s, it->GetState (), it->GetNumReceivedBytes ());
+			ShowTunnelDetails(s, it->GetState (), (it->GetTunnelPool () == ExplPool), it->GetNumReceivedBytes ());
 		}
 		s << "<br>\r\n";
 		s << "<b>Outbound tunnels:</b><br>\r\n";
@@ -447,7 +489,7 @@ namespace http {
 			it->Print(s);
 			if(it->LatencyIsKnown())
 				s << " ( " << it->GetMeanLatency() << "ms )";
-			ShowTunnelDetails(s, it->GetState (), it->GetNumSentBytes ());
+			ShowTunnelDetails(s, it->GetState (), (it->GetTunnelPool () == ExplPool), it->GetNumSentBytes ());
 		}
 		s << "<br>\r\n";
 	}
@@ -455,26 +497,35 @@ namespace http {
 	static void ShowCommands (std::stringstream& s, uint32_t token)
 	{
 		/* commands */
-		s << "<b>Router Commands</b><br>\r\n";
+		s << "<b>Router Commands</b><br>\r\n<br>\r\n";
 		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_RUN_PEER_TEST << "&token=" << token << "\">Run peer test</a><br>\r\n";
 		//s << "  <a href=\"/?cmd=" << HTTP_COMMAND_RELOAD_CONFIG << "\">Reload config</a><br>\r\n";
 		if (i2p::context.AcceptsTunnels ())
 			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_DISABLE_TRANSIT << "&token=" << token << "\">Decline transit tunnels</a><br>\r\n";
 		else
 			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_ENABLE_TRANSIT << "&token=" << token << "\">Accept transit tunnels</a><br>\r\n";
-#if (!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID))
-		if (Daemon.gracefulShutdownInterval) 
+#if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID)) || defined(ANDROID_BINARY))
+		if (Daemon.gracefulShutdownInterval)
 			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_CANCEL << "&token=" << token << "\">Cancel graceful shutdown</a><br>";
-		else 
+		else
 			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_START << "&token=" << token << "\">Start graceful shutdown</a><br>\r\n";
-#endif
-#ifdef WIN32_APP
-		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_START << "&token=" << token << "\">Graceful shutdown</a><br>\r\n";
+#elif defined(WIN32_APP)
+		if (i2p::util::DaemonWin32::Instance().isGraceful)
+			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_CANCEL << "&token=" << token << "\">Cancel graceful shutdown</a><br>";
+		else
+			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_START << "&token=" << token << "\">Graceful shutdown</a><br>\r\n";
 #endif
 		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_NOW << "&token=" << token << "\">Force shutdown</a><br>\r\n";
+
+		s << "<br>\r\n<b>Logging level</b><br>\r\n";
+		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=none&token=" << token << "\">[none]</a> ";
+		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=error&token=" << token << "\">[error]</a> ";
+		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=warn&token=" << token << "\">[warn]</a> ";
+		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=info&token=" << token << "\">[info]</a> ";
+		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=debug&token=" << token << "\">[debug]</a><br>\r\n";
 	}
 
-	static void ShowTransitTunnels (std::stringstream& s)
+	void ShowTransitTunnels (std::stringstream& s)
 	{
 		s << "<b>Transit tunnels:</b><br>\r\n<br>\r\n";
 		for (const auto& it: i2p::tunnel::tunnels.GetTransitTunnels ())
@@ -489,10 +540,10 @@ namespace http {
 		}
 	}
 
-	static void ShowTransports (std::stringstream& s)
+	void ShowTransports (std::stringstream& s)
 	{
 		s << "<b>Transports:</b><br>\r\n<br>\r\n";
-		auto ntcpServer = i2p::transport::transports.GetNTCPServer (); 
+		auto ntcpServer = i2p::transport::transports.GetNTCPServer ();
 		if (ntcpServer)
 		{
 			auto sessions = ntcpServer->GetNTCPSessions ();
@@ -525,13 +576,13 @@ namespace http {
 				}
 				if (!tmp_s.str ().empty ())
 				{
-					s << "<b>NTCP</b> ( " << cnt << " )<br>\r\n";
-					s << tmp_s.str () << "<br>\r\n";
+					s << "<div class='slide'><label for='slide_ntcp'><b>NTCP</b> ( " << cnt << " )</label>\r\n<input type='checkbox' id='slide_ntcp'/>\r\n<p class='content'>";
+					s << tmp_s.str () << "</p>\r\n</div>\r\n";
 				}
 				if (!tmp_s6.str ().empty ())
 				{
-					s << "<b>NTCP6</b> ( " << cnt6 << " )<br>\r\n";
-					s << tmp_s6.str () << "<br>\r\n";
+					s << "<div class='slide'><label for='slide_ntcp6'><b>NTCP6</b> ( " << cnt6 << " )</label>\r\n<input type='checkbox' id='slide_ntcp6'/>\r\n<p class='content'>";
+					s << tmp_s6.str () << "</p>\r\n</div>\r\n";
 				}
 			}
 		}
@@ -541,7 +592,7 @@ namespace http {
 			auto sessions = ssuServer->GetSessions ();
 			if (!sessions.empty ())
 			{
-				s << "<b>SSU</b> ( " << (int) sessions.size() << " )<br>\r\n";
+				s << "<div class='slide'><label for='slide_ssu'><b>SSU</b> ( " << (int) sessions.size() << " )</label>\r\n<input type='checkbox' id='slide_ssu'/>\r\n<p class='content'>";
 				for (const auto& it: sessions)
 				{
 					auto endpoint = it.second->GetRemoteEndpoint ();
@@ -553,12 +604,12 @@ namespace http {
 						s << " [itag:" << it.second->GetRelayTag () << "]";
 					s << "<br>\r\n" << std::endl;
 				}
-				s << "<br>\r\n";
+				s << "</p>\r\n</div>\r\n";
 			}
 			auto sessions6 = ssuServer->GetSessionsV6 ();
 			if (!sessions6.empty ())
 			{
-				s << "<b>SSU6</b> ( " << (int) sessions6.size() << " )<br>\r\n";
+				s << "<div class='slide'><label for='slide_ssu6'><b>SSU6</b> ( " << (int) sessions6.size() << " )</label>\r\n<input type='checkbox' id='slide_ssu6'/>\r\n<p class='content'>";
 				for (const auto& it: sessions6)
 				{
 					auto endpoint = it.second->GetRemoteEndpoint ();
@@ -570,12 +621,12 @@ namespace http {
 						s << " [itag:" << it.second->GetRelayTag () << "]";
 					s << "<br>\r\n" << std::endl;
 				}
-				s << "<br>\r\n";
+				s << "</p>\r\n</div>\r\n";
 			}
 		}
 	}
 
-	static void ShowSAMSessions (std::stringstream& s)
+	void ShowSAMSessions (std::stringstream& s)
 	{
 		auto sam = i2p::client::context.GetSAMBridge ();
 		if (!sam) {
@@ -585,8 +636,9 @@ namespace http {
 		s << "<b>SAM Sessions:</b><br>\r\n<br>\r\n";
 		for (auto& it: sam->GetSessions ())
 		{
+			auto& name = it.second->localDestination->GetNickname ();
 			s << "<a href=\"/?page=" << HTTP_PAGE_SAM_SESSION << "&sam_id=" << it.first << "\">";
-			s << it.first << "</a><br>\r\n" << std::endl;
+			s << name << " (" << it.first << ")</a><br>\r\n" << std::endl;
 		}
 	}
 
@@ -608,7 +660,7 @@ namespace http {
 		s << i2p::client::context.GetAddressBook ().ToAddress(ident) << "</a><br>\r\n";
 		s << "<br>\r\n";
 		s << "<b>Streams:</b><br>\r\n";
-		for (const auto& it: session->ListSockets())
+		for (const auto& it: sam->ListSockets(id))
 		{
 			switch (it->GetSocketType ())
 			{
@@ -622,13 +674,13 @@ namespace http {
 		}
 	}
 
-	static void ShowI2PTunnels (std::stringstream& s)
+	void ShowI2PTunnels (std::stringstream& s)
 	{
 		s << "<b>Client Tunnels:</b><br>\r\n<br>\r\n";
 		for (auto& it: i2p::client::context.GetClientTunnels ())
 		{
 			auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">"; 
+			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 			s << it.second->GetName () << "</a> &#8656; ";
 			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 			s << "<br>\r\n"<< std::endl;
@@ -637,29 +689,32 @@ namespace http {
 		if (httpProxy)
 		{
 			auto& ident = httpProxy->GetLocalDestination ()->GetIdentHash();
-			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">"; 
+			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 			s << "HTTP Proxy" << "</a> &#8656; ";
 			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 			s << "<br>\r\n"<< std::endl;
-		}	
+		}
 		auto socksProxy = i2p::client::context.GetSocksProxy ();
 		if (socksProxy)
 		{
 			auto& ident = socksProxy->GetLocalDestination ()->GetIdentHash();
-			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">"; 
+			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 			s << "SOCKS Proxy" << "</a> &#8656; ";
 			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 			s << "<br>\r\n"<< std::endl;
-		}	
-		s << "<br>\r\n<b>Server Tunnels:</b><br>\r\n<br>\r\n";
-		for (auto& it: i2p::client::context.GetServerTunnels ())
-		{
-			auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">"; 
-			s << it.second->GetName () << "</a> &#8658; ";
-			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
-			s << ":" << it.second->GetLocalPort ();
-			s << "</a><br>\r\n"<< std::endl;
+		}
+		auto& serverTunnels = i2p::client::context.GetServerTunnels ();
+		if (!serverTunnels.empty ()) {
+			s << "<br>\r\n<b>Server Tunnels:</b><br>\r\n<br>\r\n";
+			for (auto& it: serverTunnels)
+			{
+				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+				s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
+				s << it.second->GetName () << "</a> &#8658; ";
+				s << i2p::client::context.GetAddressBook ().ToAddress(ident);
+				s << ":" << it.second->GetLocalPort ();
+				s << "</a><br>\r\n"<< std::endl;
+			}
 		}
 		auto& clientForwards = i2p::client::context.GetClientForwards ();
 		if (!clientForwards.empty ())
@@ -668,7 +723,7 @@ namespace http {
 			for (auto& it: clientForwards)
 			{
 				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-				s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">"; 
+				s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 				s << it.second->GetName () << "</a> &#8656; ";
 				s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 				s << "<br>\r\n"<< std::endl;
@@ -681,7 +736,7 @@ namespace http {
 			for (auto& it: serverForwards)
 			{
 				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-				s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">"; 
+				s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 				s << it.second->GetName () << "</a> &#8656; ";
 				s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 				s << "<br>\r\n"<< std::endl;
@@ -689,8 +744,9 @@ namespace http {
 		}
 	}
 
-	HTTPConnection::HTTPConnection (std::shared_ptr<boost::asio::ip::tcp::socket> socket):
-				m_Socket (socket), m_Timer (socket->get_io_service ()), m_BufferLen (0)
+	HTTPConnection::HTTPConnection (std::string hostname, std::shared_ptr<boost::asio::ip::tcp::socket> socket):
+		m_Socket (socket), m_Timer (socket->get_io_service ()), m_BufferLen (0),
+		expected_host(hostname)
 	{
 		/* cache options */
 		i2p::config::GetOption("http.auth", needAuth);
@@ -751,10 +807,10 @@ namespace http {
 		}
 		/* method #2: 'Authorization' header sent */
 		auto provided = req.GetHeader ("Authorization");
-		 if (provided.length () > 0) 
-		 {
+		if (provided.length () > 0)
+		{
 			bool result = false;
-			
+
 			std::string expected = user + ":" + pass;
 			size_t b64_sz = i2p::data::Base64EncodingBufferSize(expected.length()) + 1;
 			char * b64_creds = new char[b64_sz];
@@ -789,7 +845,28 @@ namespace http {
 			SendReply(res, content);
 			return;
 		}
-
+		bool strictheaders;
+		i2p::config::GetOption("http.strictheaders", strictheaders);
+		if (strictheaders)
+		{
+			std::string http_hostname;
+			i2p::config::GetOption("http.hostname", http_hostname);
+			std::string host = req.GetHeader("Host");
+			auto idx = host.find(':');
+			/* strip out port so it's just host */
+			if (idx != std::string::npos && idx > 0)
+			{
+				host = host.substr(0, idx);
+			}
+			if (!(host == expected_host || host == http_hostname))
+			{
+				/* deny request as it's from a non whitelisted hostname */
+				res.code = 403;
+				content = "host missmatch";
+				SendReply(res, content);
+				return;
+			}
+		}
 		// Html5 head start
 		ShowPageHead (s);
 		if (req.uri.find("page=") != std::string::npos) {
@@ -797,7 +874,7 @@ namespace http {
 		} else if (req.uri.find("cmd=") != std::string::npos) {
 			HandleCommand (req, res, s);
 		} else {
-			ShowStatus (s);
+            ShowStatus (s, true, i2p::http::OutputFormatEnum::forWebConsole);
 			res.add_header("Refresh", "10");
 		}
 		ShowPageTail (s);
@@ -809,7 +886,7 @@ namespace http {
 
 	std::map<uint32_t, uint32_t> HTTPConnection::m_Tokens;
 	void HTTPConnection::HandlePage (const HTTPReq& req, HTTPRes& res, std::stringstream& s)
-  {
+	{
 		std::map<std::string, std::string> params;
 		std::string page("");
 		URL url;
@@ -835,13 +912,13 @@ namespace http {
 				else
 					++it;
 			}
-			m_Tokens[token] = ts; 
+			m_Tokens[token] = ts;
 			ShowCommands (s, token);
 		}
 		else if (page == HTTP_PAGE_TRANSIT_TUNNELS)
 			ShowTransitTunnels (s);
 		else if (page == HTTP_PAGE_LOCAL_DESTINATIONS)
-			ShowLocalDestinations (s);	
+			ShowLocalDestinations (s);
 		else if (page == HTTP_PAGE_LOCAL_DESTINATION)
 			ShowLocalDestination (s, params["b32"]);
 		else if (page == HTTP_PAGE_I2CP_LOCAL_DESTINATION)
@@ -859,7 +936,7 @@ namespace http {
 			ShowError(s, "Unknown page: " + page);
 			return;
 		}
-  }
+	}
 
 	void HTTPConnection::HandleCommand (const HTTPReq& req, HTTPRes& res, std::stringstream& s)
 	{
@@ -876,7 +953,7 @@ namespace http {
 			return;
 		}
 
-		std::string cmd = params["cmd"];	
+		std::string cmd = params["cmd"];
 		if (cmd == HTTP_COMMAND_RUN_PEER_TEST)
 			i2p::transport::transports.PeerTest ();
 		else if (cmd == HTTP_COMMAND_RELOAD_CONFIG)
@@ -887,19 +964,27 @@ namespace http {
 			i2p::context.SetAcceptsTunnels (false);
 		else if (cmd == HTTP_COMMAND_SHUTDOWN_START) {
 			i2p::context.SetAcceptsTunnels (false);
-#if (!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID))
+#if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID)) || defined(ANDROID_BINARY))
 			Daemon.gracefulShutdownInterval = 10*60;
-#endif
-#ifdef WIN32_APP
+#elif defined(WIN32_APP)
 			i2p::win32::GracefulShutdown ();
 #endif
 		} else if (cmd == HTTP_COMMAND_SHUTDOWN_CANCEL) {
 			i2p::context.SetAcceptsTunnels (true);
-#if (!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID))
+#if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID))  || defined(ANDROID_BINARY))
 			Daemon.gracefulShutdownInterval = 0;
+#elif defined(WIN32_APP)
+			i2p::win32::StopGracefulShutdown ();
 #endif
 		} else if (cmd == HTTP_COMMAND_SHUTDOWN_NOW) {
+#ifndef WIN32_APP
 			Daemon.running = false;
+#else
+			i2p::win32::StopWin32App ();
+#endif
+		} else if (cmd == HTTP_COMMAND_LOGLEVEL){
+			std::string level = params["level"];
+			SetLogLevel (level);
 		} else {
 			res.code = 400;
 			ShowError(s, "Unknown command: " + cmd);
@@ -924,7 +1009,8 @@ namespace http {
 
 	HTTPServer::HTTPServer (const std::string& address, int port):
 		m_IsRunning (false), m_Thread (nullptr), m_Work (m_Service),
-		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint (boost::asio::ip::address::from_string(address), port))
+		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint (boost::asio::ip::address::from_string(address), port)),
+		m_Hostname(address)
 	{
 	}
 
@@ -942,8 +1028,8 @@ namespace http {
 		if (needAuth && pass == "") {
 			uint8_t random[16];
 			char alnum[] = "0123456789"
-			  "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-			  "abcdefghijklmnopqrstuvwxyz";
+				"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+				"abcdefghijklmnopqrstuvwxyz";
 			pass.resize(sizeof(random));
 			RAND_bytes(random, sizeof(random));
 			for (size_t i = 0; i < sizeof(random); i++) {
@@ -963,7 +1049,7 @@ namespace http {
 		m_IsRunning = false;
 		m_Acceptor.close();
 		m_Service.stop ();
-		if (m_Thread) 
+		if (m_Thread)
 		{
 			m_Thread->join ();
 			m_Thread = nullptr;
@@ -981,7 +1067,7 @@ namespace http {
 			catch (std::exception& ex)
 			{
 				LogPrint (eLogError, "HTTPServer: runtime exception: ", ex.what ());
-			}	
+			}
 		}
 	}
 
@@ -992,7 +1078,7 @@ namespace http {
 			boost::asio::placeholders::error, newSocket));
 	}
 
-	void HTTPServer::HandleAccept(const boost::system::error_code& ecode, 
+	void HTTPServer::HandleAccept(const boost::system::error_code& ecode,
 		std::shared_ptr<boost::asio::ip::tcp::socket> newSocket)
 	{
 		if (ecode)
@@ -1000,7 +1086,7 @@ namespace http {
 			if(newSocket) newSocket->close();
 			LogPrint(eLogError, "HTTP Server: error handling accept ", ecode.message());
 			if(ecode != boost::asio::error::operation_aborted)
-				Accept();			
+				Accept();
 			return;
 		}
 		CreateConnection(newSocket);
@@ -1009,7 +1095,7 @@ namespace http {
 
 	void HTTPServer::CreateConnection(std::shared_ptr<boost::asio::ip::tcp::socket> newSocket)
 	{
-		auto conn = std::make_shared<HTTPConnection> (newSocket);
+		auto conn = std::make_shared<HTTPConnection> (m_Hostname, newSocket);
 		conn->Receive ();
 	}
 } // http

daemon/HTTPServer.h

@@ -7,22 +7,23 @@
 #include <map>
 #include <thread>
 #include <boost/asio.hpp>
+#include <sstream>
 #include "HTTP.h"
 
-namespace i2p 
+namespace i2p
 {
-namespace http 
+namespace http
 {
-	const size_t HTTP_CONNECTION_BUFFER_SIZE = 8192;		
-	const int TOKEN_EXPIRATION_TIMEOUT = 30; // in seconds	
+	const size_t HTTP_CONNECTION_BUFFER_SIZE = 8192;
+	const int TOKEN_EXPIRATION_TIMEOUT = 30; // in seconds
 
 	class HTTPConnection: public std::enable_shared_from_this<HTTPConnection>
 	{
 		public:
 
-			HTTPConnection (std::shared_ptr<boost::asio::ip::tcp::socket> socket);
+			HTTPConnection (std::string serverhost, std::shared_ptr<boost::asio::ip::tcp::socket> socket);
 			void Receive ();
-			
+
 		private:
 
 			void HandleReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
@@ -45,6 +46,7 @@ namespace http
 			bool needAuth;
 			std::string user;
 			std::string pass;
+			std::string expected_host;
 
 			static std::map<uint32_t, uint32_t> m_Tokens; // token->timestamp in seconds
 	};
@@ -62,11 +64,11 @@ namespace http
 		private:
 
 			void Run ();
- 			void Accept ();
+			void Accept ();
 			void HandleAccept(const boost::system::error_code& ecode,
 				std::shared_ptr<boost::asio::ip::tcp::socket> newSocket);
 			void CreateConnection(std::shared_ptr<boost::asio::ip::tcp::socket> newSocket);
-			
+
 		private:
 
 			bool m_IsRunning;
@@ -74,7 +76,20 @@ namespace http
 			boost::asio::io_service m_Service;
 			boost::asio::io_service::work m_Work;
 			boost::asio::ip::tcp::acceptor m_Acceptor;
+			std::string m_Hostname;
 	};
+
+    //all the below functions are also used by Qt GUI, see mainwindow.cpp -> getStatusPageHtml
+    enum OutputFormatEnum { forWebConsole, forQtUi };
+    void ShowStatus (std::stringstream& s, bool includeHiddenContent, OutputFormatEnum outputFormat);
+    void ShowLocalDestinations (std::stringstream& s);
+    void ShowLeasesSets(std::stringstream& s);
+    void ShowTunnels (std::stringstream& s);
+    void ShowTransitTunnels (std::stringstream& s);
+    void ShowTransports (std::stringstream& s);
+    void ShowSAMSessions (std::stringstream& s);
+    void ShowI2PTunnels (std::stringstream& s);
+    void ShowLocalDestination (std::stringstream& s, const std::string& b32);
 } // http
 } // i2p
 

daemon/I2PControl.cpp

@@ -35,7 +35,7 @@ namespace client
 	I2PControlService::I2PControlService (const std::string& address, int port):
 		m_IsRunning (false), m_Thread (nullptr),
 		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint(boost::asio::ip::address::from_string(address), port)),
-		m_SSLContext (m_Service, boost::asio::ssl::context::sslv23),
+		m_SSLContext (boost::asio::ssl::context::sslv23),
 		m_ShutdownTimer (m_Service)
 	{
 		i2p::config::GetOption("i2pcontrol.password", m_Password);
@@ -65,9 +65,10 @@ namespace client
 		m_MethodHandlers["RouterInfo"]     = &I2PControlService::RouterInfoHandler;
 		m_MethodHandlers["RouterManager"]  = &I2PControlService::RouterManagerHandler;
 		m_MethodHandlers["NetworkSetting"] = &I2PControlService::NetworkSettingHandler;
+		m_MethodHandlers["ClientServicesInfo"]     = &I2PControlService::ClientServicesInfoHandler;
 
 		// I2PControl
-		m_I2PControlHandlers["i2pcontrol.password"] = &I2PControlService::PasswordHandler; 
+		m_I2PControlHandlers["i2pcontrol.password"] = &I2PControlService::PasswordHandler;
 
 		// RouterInfo
 		m_RouterInfoHandlers["i2p.router.uptime"]  = &I2PControlService::UptimeHandler;
@@ -80,18 +81,26 @@ namespace client
 		m_RouterInfoHandlers["i2p.router.net.status"]         = &I2PControlService::NetStatusHandler;
 		m_RouterInfoHandlers["i2p.router.net.tunnels.participating"] = &I2PControlService::TunnelsParticipatingHandler;
 		m_RouterInfoHandlers["i2p.router.net.tunnels.successrate"] =
-&I2PControlService::TunnelsSuccessRateHandler;	
+&I2PControlService::TunnelsSuccessRateHandler;
 		m_RouterInfoHandlers["i2p.router.net.total.received.bytes"]  = &I2PControlService::NetTotalReceivedBytes;
 		m_RouterInfoHandlers["i2p.router.net.total.sent.bytes"]      = &I2PControlService::NetTotalSentBytes;
 
-		// RouterManager	
+		// RouterManager
 		m_RouterManagerHandlers["Reseed"]           = &I2PControlService::ReseedHandler;
-		m_RouterManagerHandlers["Shutdown"]         = &I2PControlService::ShutdownHandler; 
+		m_RouterManagerHandlers["Shutdown"]         = &I2PControlService::ShutdownHandler;
 		m_RouterManagerHandlers["ShutdownGraceful"] = &I2PControlService::ShutdownGracefulHandler;
 
 		// NetworkSetting
 		m_NetworkSettingHandlers["i2p.router.net.bw.in"]  = &I2PControlService::InboundBandwidthLimit;
 		m_NetworkSettingHandlers["i2p.router.net.bw.out"] = &I2PControlService::OutboundBandwidthLimit;
+
+		// ClientServicesInfo
+		m_ClientServicesInfoHandlers["I2PTunnel"] = &I2PControlService::I2PTunnelInfoHandler;
+		m_ClientServicesInfoHandlers["HTTPProxy"] = &I2PControlService::HTTPProxyInfoHandler;
+		m_ClientServicesInfoHandlers["SOCKS"] = &I2PControlService::SOCKSInfoHandler;
+		m_ClientServicesInfoHandlers["SAM"] = &I2PControlService::SAMInfoHandler;
+		m_ClientServicesInfoHandlers["BOB"] = &I2PControlService::BOBInfoHandler;
+		m_ClientServicesInfoHandlers["I2CP"] = &I2PControlService::I2CPInfoHandler;
 	}
 
 	I2PControlService::~I2PControlService ()
@@ -133,8 +142,8 @@ namespace client
 				m_Service.run ();
 			} catch (std::exception& ex) {
 				LogPrint (eLogError, "I2PControl: runtime exception: ", ex.what ());
-			}	
-		}	
+			}
+		}
 	}
 
 	void I2PControlService::Accept ()
@@ -160,7 +169,7 @@ namespace client
 	void I2PControlService::Handshake (std::shared_ptr<ssl_socket> socket)
 	{
 		socket->async_handshake(boost::asio::ssl::stream_base::server,
-        	std::bind( &I2PControlService::HandleHandshake, this, std::placeholders::_1, socket));
+		std::bind( &I2PControlService::HandleHandshake, this, std::placeholders::_1, socket));
 	}
 
 	void I2PControlService::HandleHandshake (const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket)
@@ -168,7 +177,7 @@ namespace client
 		if (ecode) {
 			LogPrint (eLogError, "I2PControl: handshake error: ", ecode.message ());
 			return;
-		}	
+		}
 		//std::this_thread::sleep_for (std::chrono::milliseconds(5));
 		ReadRequest (socket);
 	}
@@ -187,15 +196,15 @@ namespace client
 	}
 
 	void I2PControlService::HandleRequestReceived (const boost::system::error_code& ecode,
- 		size_t bytes_transferred, std::shared_ptr<ssl_socket> socket,
+		size_t bytes_transferred, std::shared_ptr<ssl_socket> socket,
 		std::shared_ptr<I2PControlBuffer> buf)
 	{
-		if (ecode) 
+		if (ecode)
 		{
 			LogPrint (eLogError, "I2PControl: read error: ", ecode.message ());
 			return;
-		} 
-		else 
+		}
+		else
 		{
 			bool isHtml = !memcmp (buf->data (), "POST", 4);
 			try
@@ -243,8 +252,8 @@ namespace client
 					response << "{\"id\":" << id << ",\"result\":{";
 					(this->*(it->second))(pt.get_child ("params"), response);
 					response << "},\"jsonrpc\":\"2.0\"}";
-				} 
-				else 
+				}
+				else
 				{
 					LogPrint (eLogWarning, "I2PControl: unknown method ", method);
 					response << "{\"id\":null,\"error\":";
@@ -289,6 +298,13 @@ namespace client
 		ss << "\"" << name << "\":" << std::fixed << std::setprecision(2) << value;
 	}
 
+	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, const boost::property_tree::ptree& value) const
+	{
+		std::ostringstream buf;
+		boost::property_tree::write_json (buf, value, false);
+		ss << "\"" << name << "\":" << buf.str();
+	}
+
 	void I2PControlService::SendResponse (std::shared_ptr<ssl_socket> socket,
 		std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml)
 	{
@@ -337,9 +353,9 @@ namespace client
 		InsertParam (results, "API", api);
 		results << ",";
 		std::string token = boost::lexical_cast<std::string>(i2p::util::GetSecondsSinceEpoch ());
-		m_Tokens.insert (token);	
+		m_Tokens.insert (token);
 		InsertParam (results, "Token", token);
-	}	
+	}
 
 	void I2PControlService::EchoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
 	{
@@ -364,7 +380,7 @@ namespace client
 			}
 			else
 				LogPrint (eLogError, "I2PControl: I2PControl unknown request: ", it.first);
-		}	
+		}
 	}
 
 	void I2PControlService::PasswordHandler (const std::string& value)
@@ -394,28 +410,28 @@ namespace client
 
 	void I2PControlService::UptimeHandler (std::ostringstream& results)
 	{
-		InsertParam (results, "i2p.router.uptime", (int)i2p::context.GetUptime ()*1000);	
+		InsertParam (results, "i2p.router.uptime", (int)i2p::context.GetUptime ()*1000);
 	}
 
 	void I2PControlService::VersionHandler (std::ostringstream& results)
 	{
 		InsertParam (results, "i2p.router.version", VERSION);
-	}	
+	}
 
 	void I2PControlService::StatusHandler (std::ostringstream& results)
 	{
 		auto dest = i2p::client::context.GetSharedLocalDestination ();
-		InsertParam (results, "i2p.router.status", (dest && dest->IsReady ()) ? "1" : "0"); 
+		InsertParam (results, "i2p.router.status", (dest && dest->IsReady ()) ? "1" : "0");
 	}
 
 	void I2PControlService::NetDbKnownPeersHandler (std::ostringstream& results)
 	{
-		InsertParam (results, "i2p.router.netdb.knownpeers", i2p::data::netdb.GetNumRouters ());	
+		InsertParam (results, "i2p.router.netdb.knownpeers", i2p::data::netdb.GetNumRouters ());
 	}
 
 	void I2PControlService::NetDbActivePeersHandler (std::ostringstream& results)
 	{
-		InsertParam (results, "i2p.router.netdb.activepeers", (int)i2p::transport::transports.GetPeers ().size ());	
+		InsertParam (results, "i2p.router.netdb.activepeers", (int)i2p::transport::transports.GetPeers ().size ());
 	}
 
 	void I2PControlService::NetStatusHandler (std::ostringstream& results)
@@ -457,17 +473,18 @@ namespace client
 		InsertParam (results, "i2p.router.net.total.sent.bytes",     (double)i2p::transport::transports.GetTotalSentBytes ());
 	}
 
+
 // RouterManager
 
 	void I2PControlService::RouterManagerHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
 	{
 		for (auto it = params.begin (); it != params.end (); it++)
 		{
-			if (it != params.begin ()) results << ",";	
+			if (it != params.begin ()) results << ",";
 			LogPrint (eLogDebug, "I2PControl: RouterManager request: ", it->first);
 			auto it1 = m_RouterManagerHandlers.find (it->first);
 			if (it1 != m_RouterManagerHandlers.end ()) {
-				(this->*(it1->second))(results);	
+				(this->*(it1->second))(results);
 			} else
 				LogPrint (eLogError, "I2PControl: RouterManager unknown request: ", it->first);
 		}
@@ -512,11 +529,11 @@ namespace client
 	{
 		for (auto it = params.begin (); it != params.end (); it++)
 		{
-			if (it != params.begin ()) results << ",";	
 			LogPrint (eLogDebug, "I2PControl: NetworkSetting request: ", it->first);
 			auto it1 = m_NetworkSettingHandlers.find (it->first);
 			if (it1 != m_NetworkSettingHandlers.end ()) {
-				(this->*(it1->second))(it->second.data (), results);	
+				if (it != params.begin ()) results << ",";
+				(this->*(it1->second))(it->second.data (), results);
 			} else
 				LogPrint (eLogError, "I2PControl: NetworkSetting unknown request: ", it->first);
 		}
@@ -538,7 +555,7 @@ namespace client
 		InsertParam (results, "i2p.router.net.bw.out", bw);
 	}
 
-	// certificate	
+	// certificate
 	void I2PControlService::CreateCertificate (const char *crt_path, const char *key_path)
 	{
 		FILE *f = NULL;
@@ -586,5 +603,178 @@ namespace client
 		}
 		EVP_PKEY_free (pkey);
 	}
+
+// ClientServicesInfo
+
+	void I2PControlService::ClientServicesInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		for (auto it = params.begin (); it != params.end (); it++)
+		{
+			LogPrint (eLogDebug, "I2PControl: ClientServicesInfo request: ", it->first);
+			auto it1 = m_ClientServicesInfoHandlers.find (it->first);
+			if (it1 != m_ClientServicesInfoHandlers.end ())
+			{
+				if (it != params.begin ()) results << ",";
+				(this->*(it1->second))(results);
+			}
+			else
+				LogPrint (eLogError, "I2PControl: ClientServicesInfo unknown request ", it->first);
+		}
+	}
+
+	void I2PControlService::I2PTunnelInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+		boost::property_tree::ptree client_tunnels, server_tunnels;
+
+		for (auto& it: i2p::client::context.GetClientTunnels ())
+		{
+			auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+			boost::property_tree::ptree ct;
+			ct.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+			client_tunnels.add_child(it.second->GetName (), ct);
+		}
+
+		auto& serverTunnels = i2p::client::context.GetServerTunnels ();
+		if (!serverTunnels.empty ()) {
+			for (auto& it: serverTunnels)
+			{
+				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+				boost::property_tree::ptree st;
+				st.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+				st.put("port", it.second->GetLocalPort ());
+				server_tunnels.add_child(it.second->GetName (), st);
+			}
+		}
+
+		auto& clientForwards = i2p::client::context.GetClientForwards ();
+		if (!clientForwards.empty ())
+		{
+			for (auto& it: clientForwards)
+			{
+				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+				boost::property_tree::ptree ct;
+				ct.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+				client_tunnels.add_child(it.second->GetName (), ct);
+			}
+		}
+
+		auto& serverForwards = i2p::client::context.GetServerForwards ();
+		if (!serverForwards.empty ())
+		{
+			for (auto& it: serverForwards)
+			{
+				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+				boost::property_tree::ptree st;
+				st.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+				server_tunnels.add_child(it.second->GetName (), st);
+			}
+		}
+
+		pt.add_child("client", client_tunnels);
+		pt.add_child("server", server_tunnels);
+
+		InsertParam (results, "I2PTunnel", pt);
+	}
+
+	void I2PControlService::HTTPProxyInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+
+		auto httpProxy = i2p::client::context.GetHttpProxy ();
+		if (httpProxy)
+		{
+			auto& ident = httpProxy->GetLocalDestination ()->GetIdentHash();
+			pt.put("enabled", true);
+			pt.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "HTTPProxy", pt);
+	}
+
+	void I2PControlService::SOCKSInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+
+		auto socksProxy = i2p::client::context.GetSocksProxy ();
+		if (socksProxy)
+		{
+			auto& ident = socksProxy->GetLocalDestination ()->GetIdentHash();
+			pt.put("enabled", true);
+			pt.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "SOCKS", pt);
+	}
+
+	void I2PControlService::SAMInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+		auto sam = i2p::client::context.GetSAMBridge ();
+		if (sam)
+		{
+			pt.put("enabled", true);
+			boost::property_tree::ptree sam_sessions;
+			for (auto& it: sam->GetSessions ())
+			{
+				boost::property_tree::ptree sam_session, sam_session_sockets;
+				auto& name = it.second->localDestination->GetNickname ();
+				auto& ident = it.second->localDestination->GetIdentHash();
+				sam_session.put("name", name);
+				sam_session.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+
+				for (const auto& socket: sam->ListSockets(it.first))
+				{
+					boost::property_tree::ptree stream;
+					stream.put("type", socket->GetSocketType ());
+					stream.put("peer", socket->GetSocket ().remote_endpoint());
+
+					sam_session_sockets.push_back(std::make_pair("", stream));
+				}
+				sam_session.add_child("sockets", sam_session_sockets);
+				sam_sessions.add_child(it.first, sam_session);
+			}
+
+			pt.add_child("sessions", sam_sessions);
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "SAM", pt);
+	}
+
+	void I2PControlService::BOBInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+		auto bob = i2p::client::context.GetBOBCommandChannel ();
+		if (bob)
+		{
+			/* TODO more info */
+			pt.put("enabled", true);
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "BOB", pt);
+	}
+
+	void I2PControlService::I2CPInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+		auto i2cp = i2p::client::context.GetI2CPServer ();
+		if (i2cp)
+		{
+			/* TODO more info */
+			pt.put("enabled", true);
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "I2CP", pt);
+	}
 }
 }

daemon/I2PControl.h

@@ -10,7 +10,7 @@
 #include <map>
 #include <set>
 #include <boost/asio.hpp>
-#include <boost/asio/ssl.hpp> 
+#include <boost/asio/ssl.hpp>
 #include <boost/property_tree/ptree.hpp>
 
 namespace i2p
@@ -57,6 +57,7 @@ namespace client
 			void InsertParam (std::ostringstream& ss, const std::string& name, int value) const;
 			void InsertParam (std::ostringstream& ss, const std::string& name, double value) const;
 			void InsertParam (std::ostringstream& ss, const std::string& name, const std::string& value) const;
+			void InsertParam (std::ostringstream& ss, const std::string& name, const boost::property_tree::ptree& value) const;
 
 			// methods
 			typedef void (I2PControlService::*MethodHandler)(const boost::property_tree::ptree& params, std::ostringstream& results);
@@ -67,6 +68,7 @@ namespace client
 			void RouterInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
 			void RouterManagerHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
 			void NetworkSettingHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void ClientServicesInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
 
 			// I2PControl
 			typedef void (I2PControlService::*I2PControlRequestHandler)(const std::string& value);
@@ -98,6 +100,15 @@ namespace client
 			void InboundBandwidthLimit  (const std::string& value, std::ostringstream& results);
 			void OutboundBandwidthLimit (const std::string& value, std::ostringstream& results);
 
+			// ClientServicesInfo
+			typedef void (I2PControlService::*ClientServicesInfoRequestHandler)(std::ostringstream& results);
+			void I2PTunnelInfoHandler (std::ostringstream& results);
+			void HTTPProxyInfoHandler (std::ostringstream& results);
+			void SOCKSInfoHandler (std::ostringstream& results);
+			void SAMInfoHandler (std::ostringstream& results);
+			void BOBInfoHandler (std::ostringstream& results);
+			void I2CPInfoHandler (std::ostringstream& results);
+
 		private:
 
 			std::string m_Password;
@@ -115,6 +126,7 @@ namespace client
 			std::map<std::string, RouterInfoRequestHandler> m_RouterInfoHandlers;
 			std::map<std::string, RouterManagerRequestHandler> m_RouterManagerHandlers;
 			std::map<std::string, NetworkSettingRequestHandler> m_NetworkSettingHandlers;
+			std::map<std::string, ClientServicesInfoRequestHandler> m_ClientServicesInfoHandlers;
 	};
 }
 }

daemon/UPnP.cpp

@@ -79,11 +79,14 @@ namespace transport
 
 	void UPnP::Discover ()
 	{
-		int nerror = 0;
 #if MINIUPNPC_API_VERSION >= 14
+		int nerror = 0;
 		m_Devlist = upnpDiscover (2000, m_MulticastIf, m_Minissdpdpath, 0, 0, 2, &nerror);
-#else
+#elif ( MINIUPNPC_API_VERSION >= 8 || defined(UPNPDISCOVER_SUCCESS) )
+		int nerror = 0;
 		m_Devlist = upnpDiscover (2000, m_MulticastIf, m_Minissdpdpath, 0, 0, &nerror);
+#else
+		m_Devlist = upnpDiscover (2000, m_MulticastIf, m_Minissdpdpath, 0);
 #endif
 		{
 			// notify satrting thread
@@ -155,7 +158,11 @@ namespace transport
 		std::string strType (GetProto (address)), strPort (std::to_string (address->port));
 		int r;
 		std::string strDesc; i2p::config::GetOption("upnp.name", strDesc);
+#ifdef UPNPDISCOVER_SUCCESS
 		r = UPNP_AddPortMapping (m_upnpUrls.controlURL, m_upnpData.first.servicetype, strPort.c_str (), strPort.c_str (), m_NetworkAddr, strDesc.c_str (), strType.c_str (), 0, "0");
+#else
+		r = UPNP_AddPortMapping (m_upnpUrls.controlURL, m_upnpData.first.servicetype, strPort.c_str (), strPort.c_str (), m_NetworkAddr, strDesc.c_str (), strType.c_str (), 0);
+#endif
 		if (r!=UPNPCOMMAND_SUCCESS)
 		{
 			LogPrint (eLogError, "UPnP: AddPortMapping (", m_NetworkAddr, ":", strPort, ") failed with code ", r);

daemon/UPnP.h

@@ -42,13 +42,13 @@ namespace transport
 		std::string GetProto (std::shared_ptr<i2p::data::RouterInfo::Address> address);
 
 	private:
-	
+
 		bool m_IsRunning;
         std::unique_ptr<std::thread> m_Thread;
-		std::condition_variable m_Started;	
-		std::mutex m_StartedMutex;	
+		std::condition_variable m_Started;
+		std::mutex m_StartedMutex;
 		boost::asio::io_service m_Service;
-		boost::asio::deadline_timer m_Timer;	
+		boost::asio::deadline_timer m_Timer;
         struct UPNPUrls m_upnpUrls;
         struct IGDdatas m_upnpData;
 

daemon/UnixDaemon.cpp

@@ -13,6 +13,7 @@
 #include "Config.h"
 #include "FS.h"
 #include "Log.h"
+#include "Tunnel.h"
 #include "RouterContext.h"
 #include "ClientContext.h"
 
@@ -137,11 +138,14 @@ namespace i2p
 					LogPrint(eLogError, "Daemon: could not create pid file ", pidfile, ": ", strerror(errno));
 					return false;
 				}
+
+#ifndef ANDROID
 				if (lockf(pidFH, F_TLOCK, 0) != 0)
 				{
 					LogPrint(eLogError, "Daemon: could not lock pid file ", pidfile, ": ", strerror(errno));
 					return false;
 				}
+#endif
 				char pid[10];
 				sprintf(pid, "%d\n", getpid());
 				ftruncate(pidFH, 0);
@@ -183,7 +187,7 @@ namespace i2p
 				if (gracefulShutdownInterval)
 				{
 					gracefulShutdownInterval--; // - 1 second
-					if (gracefulShutdownInterval <= 0)
+					if (gracefulShutdownInterval <= 0 || i2p::tunnel::tunnels.CountTransitTunnels() <= 0)
 					{
 						LogPrint(eLogInfo, "Graceful shutdown");
 						return;

daemon/i2pd.cpp

@@ -22,6 +22,8 @@ int main( int argc, char* argv[] )
 	{
 		if (Daemon.start())
 			Daemon.run ();
+		else
+			return EXIT_FAILURE;
 		Daemon.stop();
 	}
 	return EXIT_SUCCESS;

debian/changelog

@@ -1,3 +1,32 @@
+i2pd (2.19.0-1) unstable; urgency=medium
+
+  * updated to version 2.19.0/0.9.35
+  * update manpage (1)
+  * update docfiles
+  * update build rules
+  * fixes in systemd unit (#1089, #1142, #1154, #1155)
+  * package now building with systemd support
+
+ -- R4SAS <r4sas@i2pmail.org>  Tue, 26 Jun 2018 16:27:45 +0000
+
+i2pd (2.18.0-1) unstable; urgency=low
+
+  * updated to version 2.18.0/0.9.33
+
+ -- orignal <orignal@i2pmail.org>  Tue, 30 Jan 2018 16:00:00 +0000
+
+i2pd (2.17.0-1) unstable; urgency=low
+
+  * updated to version 2.17.0/0.9.32
+
+ -- orignal <orignal@i2pmail.org>  Mon, 4 Dec 2017 18:00:00 +0000
+
+i2pd (2.16.0-1) unstable; urgency=low
+
+  * updated to version 2.16.0/0.9.32
+
+ -- orignal <orignal@i2pmail.org>  Mon, 13 Nov 2017 18:00:00 +0000
+
 i2pd (2.15.0-1) unstable; urgency=low
 
   * updated to version 2.15.0/0.9.31
@@ -50,7 +79,7 @@ i2pd (2.10.0-1) unstable; urgency=low
 
   * updated to version 2.10.0/0.9.27
   * reseed.verify set to true by default
-  
+
  -- orignal <orignal@i2pmail.org>  Sun, 16 Oct 2016 13:55:40 +0000
 
 i2pd (2.9.0-1) unstable; urgency=low
@@ -61,7 +90,7 @@ i2pd (2.9.0-1) unstable; urgency=low
   * removed all port assigments in services files
   * fixed logrotate
   * subscriptions.txt and tunnels.conf taken from docs folder
-  
+
  -- orignal <orignal@i2pmail.org>  Fri, 12 Aug 2016 14:25:40 +0000
 
 i2pd (2.7.0-1) unstable; urgency=low

debian/compat

@@ -1 +1 @@
-9
+9

debian/control

@@ -2,18 +2,17 @@ Source: i2pd
 Section: net
 Priority: optional
 Maintainer: R4SAS <r4sas@i2pmail.org>
-Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.1~), gcc (>= 4.7) | clang (>= 3.3), libboost-system-dev (>= 1.46), libboost-date-time-dev, libboost-filesystem-dev, libboost-program-options-dev, libminiupnpc-dev, libssl-dev, zlib1g-dev
+Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.17.2~), gcc (>= 4.7) | clang (>= 3.3), libboost-system-dev (>= 1.46), libboost-date-time-dev (>= 1.46), libboost-filesystem-dev (>= 1.46), libboost-program-options-dev (>= 1.46), libminiupnpc-dev, libssl-dev, zlib1g-dev
 Standards-Version: 3.9.6
 Homepage: http://i2pd.website/
 Vcs-Git: git://github.com/PurpleI2P/i2pd.git
-Vcs-Browser: https://github.com/PurpleI2P/i2pd.git
+Vcs-Browser: https://github.com/PurpleI2P/i2pd
 
 Package: i2pd
 Architecture: any
 Pre-Depends: adduser
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Suggests: tor, privoxy
-Description: A full-featured C++ implementation of I2P client.
+Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base,
+Description: Full-featured C++ implementation of I2P client.
  I2P (Invisible Internet Protocol) is a universal anonymous network layer. All
  communications over I2P are anonymous and end-to-end encrypted, participants
  don't reveal their real IP addresses.
@@ -25,7 +24,6 @@ Architecture: any
 Priority: extra
 Section: debug
 Depends: i2pd (= ${binary:Version}), ${misc:Depends}
-Suggests: gdb
 Description: i2pd debugging symbols
  I2P (Invisible Internet Protocol) is a universal anonymous network layer. All
  communications over I2P are anonymous and end-to-end encrypted, participants

debian/copyright

@@ -4,6 +4,22 @@ Source: https://github.com/PurpleI2P
 
 Files: *
 Copyright: 2013-2017 PurpleI2P
+License: BSD-3-clause
+
+Files: qt/i2pd_qt/android/src/org/kde/necessitas/ministro/IMinistro.aidl
+       qt/i2pd_qt/android/src/org/kde/necessitas/ministro/IMinistroCallback.aidl
+       qt/i2pd_qt/android/src/org/qtproject/qt5/android/bindings/QtActivity.java
+       qt/i2pd_qt/android/src/org/qtproject/qt5/android/bindings/QtApplication.java
+Copyright: 2011-2013 BogDan Vatra <bogdan@kde.org>
+License: BSD-2-Clause
+
+Files: debian/*
+Copyright: 2013-2015 Kill Your TV <killyourtv@i2pmail.org>
+           2014-2016 hagen <hagen@i2pmail.org>
+           2016-2017 R4SAS <r4sas@i2pmail.org>
+           2017-2018 Yangfl <mmyangfl@gmail.com>
+License: GPL-2+
+
 License: BSD-3-clause
  Copyright (c) 2013-2017, The PurpleI2P Project
  .
@@ -33,11 +49,29 @@ License: BSD-3-clause
  TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-Files: debian/*
-Copyright: 2016-2017 R4SAS <r4sas@i2pmail.org>
-           2014-2016 hagen <hagen@i2pmail.org>
-           2013-2015 Kill Your TV <killyourtv@i2pmail.org>
-License: GPL-2.0+
+License: BSD-2-Clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE HOLDERS OR
+ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: GPL-2+
  This package is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or

debian/docs

@@ -1 +1,4 @@
 README.md
+contrib/i2pd.conf
+contrib/subscriptions.txt
+contrib/tunnels.conf

debian/i2pd.1

@@ -1,22 +1,19 @@
-.TH I2PD "1" "March 31, 2015"
+.TH "I2PD" "1" "June 20, 2018"
 
-.SH NAME
-i2pd \- Load-balanced unspoofable packet switching network
-
-.SH SYNOPSIS
+.SH "NAME"
+i2pd \- Full-featured C++ implementation of I2P client.
+.SH "SYNOPSIS"
 .B i2pd
 [\fIOPTION1\fR] [\fIOPTION2\fR]...
-
-.SH DESCRIPTION
+.SH "DESCRIPTION"
 i2pd
 is a C++ implementation of the router for the I2P anonymizing network, offering
 a simple layer that identity-sensitive applications can use to securely
 communicate. All data is wrapped with several layers of encryption, and the
 network is both distributed and dynamic, with no trusted parties.
-
 .PP
 Any of the configuration options below can be used in the \fBDAEMON_ARGS\fR variable in \fI/etc/default/i2pd\fR.
-.BR
+.SH "OPTIONS"
 .TP
 \fB\-\-help\fR
 Show available options.
@@ -36,11 +33,14 @@ Where to write pidfile (don\'t write by default)
 \fB\-\-log=\fR
 Logs destination: \fIstdout\fR, \fIfile\fR, \fIsyslog\fR (\fIstdout\fR if not set, \fIfile\fR - otherwise, for compatibility)
 .TP
-\fB\-\-logfile\fR
+\fB\-\-logfile=\fR
 Path to logfile (default - autodetect)
 .TP
 \fB\-\-loglevel=\fR
-Log messages above this level (\fIdebug\fR, \fBinfo\fR, \fIwarn\fR, \fIerror\fR)
+Log messages above this level (\fIdebug\fR, \fBinfo\fR, \fIwarn\fR, \fIerror\fR, \fInone\fR)
+.TP
+\fB\-\-logclftime\fR
+Log messages with full CLF-formatted date and time (\fIdisabled\fR by default)
 .TP
 \fB\-\-datadir=\fR
 Path to storage of i2pd data (RI, keys, peer profiles, ...)
@@ -51,35 +51,58 @@ The external IP address
 \fB\-\-port=\fR
 The port to listen on for incoming connections
 .TP
-\fB\-\-daemon\fR
-Router will go to background after start
+\fB\-\-ifname=\fR
+The network interface to bind to
 .TP
-\fB\-\-service\fR
-Router will use system folders like \fI/var/lib/i2pd\fR
+\fB\-\-ifname4=\fR
+The network interface to bind to for IPv4 connections
+.TP
+\fB\-\-ifname6=\fR
+The network interface to bind to for IPv6 connections
+.TP
+\fB\-\-ipv4=\fR
+Enable communication through ipv6 (\fIenabled\fR by default)
 .TP
 \fB\-\-ipv6\fR
-Enable communication through ipv6. false by default
+Enable communication through ipv6 (\fIdisabled\fR by default)
+.TP
+\fB\-\-ntcp=\fR
+Enable usage of NTCP transport (\fIenabled\fR by default)
+.TP
+\fB\-\-ntcpproxy=\fR
+Set proxy URL for NTCP transport
+.TP
+\fB\-\-ssu=\fR
+Enable usage of SSU transport (\fIenabled\fR by default)
 .TP
 \fB\-\-notransit\fR
-Router will not accept transit tunnels at startup
+Router will not accept transit tunnels at startup (\fIdisabled\fR by default)
 .TP
 \fB\-\-floodfill\fR
-Router will be floodfill
+Router will be floodfill (\fIdisabled\fR by default)
 .TP
 \fB\-\-bandwidth=\fR
-Bandwidth limit: integer in KBps or letter aliases: \fIL (32KBps)\fR, O (256), P (2048), X (>9000)
+Bandwidth limit: integer in KBps or letter aliases: \fBL (32KBps)\fR, \fIO (256)\fR, \fIP (2048)\fR, \fIX (>9000)\fR
+.TP
+\fB\-\-share=\fR
+Limit of transit traffic from max bandwidth in percents. (default: 100)
+.TP
+\fB\-\-daemon\fR
+Router will go to background after start (\fIdisabled\fR by default)
+.TP
+\fB\-\-service\fR
+Router will use system folders like \fI/var/lib/i2pd\fR (\fIdisabled\fR by default)
 .TP
 \fB\-\-family=\fR
 Name of a family, router belongs to.
 .PP
-See service-specific parameters in example config file \fIcontrib/i2pd.conf\fR
-
-.SH FILES
-.PP
+Switchs, which enabled by default (like \fB\-\-ssu\fR, \fB\-\-ntcp\fR, etc.), can be disabled in config file.
+.RE
+See service-specific parameters in example config file \fI/usr/share/doc/i2pd/i2pd.conf.gz\fR
+.SH "FILES"
 /etc/i2pd/i2pd.conf, /etc/i2pd/tunnels.conf, /etc/default/i2pd
 .RS 4
 i2pd configuration files (when running as a system service)
-
 .RE
 .PP
 /var/lib/i2pd/
@@ -90,16 +113,15 @@ i2pd profile directory (when running as a system service, see \fB\-\-service\fR
 $HOME/.i2pd/
 .RS 4
 i2pd profile directory (when running as a normal user)
+.SH "SEE ALSO"
+Documentation at Read the Docs: \m[blue]\fBhttps://i2pd\&.readthedocs\&.io/en/latest/\fR\m[]
+.SH "AUTHOR"
+This manual page was written by kytv <\m[blue]\fBkillyourtv@i2pmail\&.org\fR\m[]> for the Debian system (but may be used by others).
 .RE
+Updated by hagen <\m[blue]\fBhagen@i2pmail\&.org\fR\m[]> in 2016.
+.RE
+Updated by R4SAS <\m[blue]\fBr4sas@i2pmail\&.org\fR\m[]> in 2018.
 .PP
-/usr/share/doc/i2pd/examples/hosts.txt.gz
-.RS 4
-default I2P hosts file
-.SH AUTHOR
-This manual page was written by kytv <killyourtv@i2pmail.org> for the Debian system (but may be used by others).
-.PP
-Updated by hagen <hagen@i2pmail.org> in 2016.
-.PP
-Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation
-.BR
+Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation.
+.RE
 On Debian systems, the complete text of the GNU General Public License can be found in \fI/usr/share/common-licenses/GPL\fR

debian/i2pd.default

@@ -7,5 +7,5 @@ I2PD_ENABLED="yes"
 # see possible switches in /usr/share/doc/i2pd/configuration.md.gz
 DAEMON_OPTS=""
 
-# If you have problems with hunging i2pd, you can try enable this 
+# If you have problems with hunging i2pd, you can try enable this
 ulimit -n 4096

debian/i2pd.install

@@ -3,3 +3,4 @@ contrib/i2pd.conf      etc/i2pd/
 contrib/tunnels.conf etc/i2pd/
 contrib/subscriptions.txt etc/i2pd/
 contrib/certificates/ usr/share/i2pd/
+contrib/apparmor/usr.sbin.i2pd etc/apparmor.d

debian/i2pd.service

@@ -0,0 +1 @@
+../contrib/debian/i2pd.service

debian/i2pd.tmpfile

@@ -0,0 +1 @@
+../contrib/debian/i2pd.tmpfile

debian/lintian-overrides

@@ -0,0 +1,2 @@
+# GPL come from debian/
+i2pd: possible-gpl-code-linked-with-openssl

debian/patches/01-tune-build-opts.patch

@@ -1,12 +1,11 @@
 diff --git a/Makefile b/Makefile
 index bdadfe0..2f71eec 100644
-
 --- a/Makefile
 +++ b/Makefile
 @@ -9,10 +9,10 @@ DEPS := obj/make.dep
- 
+
  include filelist.mk
- 
+
 -USE_AESNI	:= yes
 +USE_AESNI	:= no
 -USE_AVX		:= yes

debian/rules

@@ -5,16 +5,18 @@
 #export DH_VERBOSE=1
 
 DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow
-DPKG_EXPORT_BUILDFLAGS = 1
-include /usr/share/dpkg/buildflags.mk
-CXXFLAGS+=$(CPPFLAGS)
-PREFIX=/usr
+#DPKG_EXPORT_BUILDFLAGS = 1
+#include /usr/share/dpkg/buildflags.mk
+#CXXFLAGS+=$(CPPFLAGS)
+#PREFIX=/usr
 
 %:
 	dh $@ --parallel
+#	dh_apparmor --profile-name=usr.sbin.i2pd -pi2pd
 
 override_dh_strip:
 	dh_strip --dbg-package=i2pd-dbg
 
-override_dh_shlibdeps:
-	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
+## uncoment this if you have "missing info" problem when building package
+#override_dh_shlibdeps:
+#	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info

docs/Doxyfile

@@ -1638,7 +1638,7 @@ EXTRA_PACKAGES         =
 # following commands have a special meaning inside the header: $title,
 # $datetime, $date, $doxygenversion, $projectname, $projectnumber,
 # $projectbrief, $projectlogo. Doxygen will replace $title with the empy string,
-# for the replacement values of the other commands the user is refered to
+# for the replacement values of the other commands the user is referred to
 # HTML_HEADER.
 # This tag requires that the tag GENERATE_LATEX is set to YES.
 

entrypoint.sh

@@ -1,24 +0,0 @@
-#!/bin/sh
-
-ARGS=""
-if [ "${ENABLE_IPV6}" != "" ]; then
-  ARGS="${ARGS} –ipv6"
-fi
-
-if [ "${LOGLEVEL}" != "" ]; then
-  ARGS="${ARGS} –loglevel=${LOGLEVEL}"
-fi
-
-if [ "${ENABLE_AUTH}" != "" ]; then
-  ARGS="${ARGS} –http.auth"
-fi
-
-
-# To make ports exposeable
-DEFAULT_ARGS=" –http.address=0.0.0.0 –httpproxy.address=0.0.0.0 -socksproxy.address=0.0.0.0 –sam.address=0.0.0.0 –bob.address=0.0.0.0 –i2cp.address=0.0.0.0 –i2pcontrol.port=0.0.0.0 –upnp.enabled=false -service "
-
-mkdir -p /var/lib/i2pd && chown -R i2pd:nobody /var/lib/i2pd && chmod u+rw /var/lib/i2pd
-
-gosu i2pd i2pd $DEFAULT_ARGS $ARGS
-
-

libi2pd/Base.cpp

@@ -43,8 +43,8 @@ namespace data
 	const char * GetBase64SubstitutionTable ()
 	{
 		return T64;
-	}	
-	
+	}
+
 	/*
 	* Reverse Substitution Table (built in run time)
 	*/
@@ -53,10 +53,10 @@ namespace data
 	static int isFirstTime = 1;
 
 	/*
-	* Padding 
+	* Padding
 	*/
 
-	static char P64 = '='; 
+	static char P64 = '=';
 
 	/*
 	*
@@ -68,11 +68,11 @@ namespace data
 	*/
 
 	size_t                                /* Number of bytes in the encoded buffer */
-	ByteStreamToBase64 ( 
+	ByteStreamToBase64 (
 		    const uint8_t * InBuffer,           /* Input buffer, binary data */
-		    size_t    InCount,              /* Number of bytes in the input buffer */ 
+		    size_t    InCount,              /* Number of bytes in the input buffer */
 		    char  * OutBuffer,          /* output buffer */
-		size_t len			   /* length of output buffer */	             
+		size_t len			   /* length of output buffer */
 	)
 
 	{
@@ -80,9 +80,9 @@ namespace data
 		unsigned char * pd;
 		unsigned char   acc_1;
 		unsigned char   acc_2;
-		int             i; 
-		int             n; 
-		int             m; 
+		int             i;
+		int             n;
+		int             m;
 		size_t outCount;
 
 		ps = (unsigned char *)InBuffer;
@@ -96,7 +96,7 @@ namespace data
 		pd = (unsigned char *)OutBuffer;
 		for ( i = 0; i<n; i++ ){
 		     acc_1 = *ps++;
-		     acc_2 = (acc_1<<4)&0x30; 
+		     acc_2 = (acc_1<<4)&0x30;
 		     acc_1 >>= 2;              /* base64 digit #1 */
 		     *pd++ = T64[acc_1];
 		     acc_1 = *ps++;
@@ -109,7 +109,7 @@ namespace data
 		     *pd++ = T64[acc_1];
 		     acc_2 &= 0x3f;            /* base64 digit #4 */
 		     *pd++ = T64[acc_2];
-		} 
+		}
 		if ( m == 1 ){
 		     acc_1 = *ps++;
 		     acc_2 = (acc_1<<4)&0x3f;  /* base64 digit #2 */
@@ -122,7 +122,7 @@ namespace data
 		}
 		else if ( m == 2 ){
 		     acc_1 = *ps++;
-		     acc_2 = (acc_1<<4)&0x3f; 
+		     acc_2 = (acc_1<<4)&0x3f;
 		     acc_1 >>= 2;              /* base64 digit #1 */
 		     *pd++ = T64[acc_1];
 		     acc_1 = *ps++;
@@ -133,7 +133,7 @@ namespace data
 		     *pd++ = T64[acc_1];
 		     *pd++ = P64;
 		}
-		
+
 		return outCount;
 	}
 
@@ -148,10 +148,10 @@ namespace data
 	*/
 
 	size_t                              /* Number of output bytes */
-	Base64ToByteStream ( 
+	Base64ToByteStream (
 		      const char * InBuffer,           /* BASE64 encoded buffer */
 		      size_t    InCount,          /* Number of input bytes */
-		      uint8_t  * OutBuffer,	/* output buffer length */ 	
+		      uint8_t  * OutBuffer,	/* output buffer length */
 		  size_t len         	/* length of output buffer */
 	)
 	{
@@ -159,28 +159,28 @@ namespace data
 		unsigned char * pd;
 		unsigned char   acc_1;
 		unsigned char   acc_2;
-		int             i; 
-		int             n; 
-		int             m; 
+		int             i;
+		int             n;
+		int             m;
 		size_t outCount;
 
 		if (isFirstTime) iT64Build();
 		n = InCount/4;
 		m = InCount%4;
-		if (InCount && !m) 
+		if (InCount && !m)
 		     outCount = 3*n;
 		else {
 		     outCount = 0;
 		     return 0;
 		}
-		
+
 		ps = (unsigned char *)(InBuffer + InCount - 1);
 		while ( *ps-- == P64 ) outCount--;
 		ps = (unsigned char *)InBuffer;
-		
+
 		if (outCount > len) return -1;
 		pd = OutBuffer;
-		auto endOfOutBuffer = OutBuffer + outCount;		
+		auto endOfOutBuffer = OutBuffer + outCount;
 		for ( i = 0; i < n; i++ ){
 		     acc_1 = iT64[*ps++];
 		     acc_2 = iT64[*ps++];
@@ -193,7 +193,7 @@ namespace data
 		     acc_1 = iT64[*ps++];
 		     acc_2 |= acc_1 >> 2;
 		     *pd++ = acc_2;
-			  if (pd >= endOfOutBuffer) break;	
+			  if (pd >= endOfOutBuffer) break;
 
 		     acc_2 = iT64[*ps++];
 		     acc_2 |= acc_1 << 6;
@@ -203,13 +203,28 @@ namespace data
 		return outCount;
 	}
 
-	size_t Base64EncodingBufferSize (const size_t input_size) 
+	size_t Base64EncodingBufferSize (const size_t input_size)
 	{
 		auto d = div (input_size, 3);
 		if (d.rem) d.quot++;
 		return 4*d.quot;
 	}
-	
+
+	std::string ToBase64Standard (const std::string& in)
+	{
+		auto len = Base64EncodingBufferSize (in.length ());	
+		char * str = new char[len+1];
+		auto l = ByteStreamToBase64 ((const uint8_t *)in.c_str (), in.length (), str, len);
+		str[l] = 0;
+		// replace '-' by '+' and '~' by '/'
+		for (size_t i = 0; i < l; i++)
+			if (str[i] == '-') str[i] = '+';
+			else if (str[i] == '~') str[i] = '/';
+		std::string s(str);
+		delete[] str;
+		return s;
+	}
+
 	/*
 	*
 	* iT64
@@ -228,20 +243,20 @@ namespace data
 		iT64[(int)P64] = 0;
 	}
 
-	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen) 
+	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen)
 	{
 		int tmp = 0, bits = 0;
 		size_t ret = 0;
 		for (size_t i = 0; i < len; i++)
 		{
-			char ch = inBuf[i];	
+			char ch = inBuf[i];
 			if (ch >= '2' && ch <= '7') // digit
 				ch = (ch - '2') + 26; // 26 means a-z
 			else if (ch >= 'a' && ch <= 'z')
 				ch = ch - 'a'; // a = 0
 			else
 				return 0; // unexpected character
-			
+
 			tmp |= ch;
 			bits += 5;
 			if (bits >= 8)
@@ -261,23 +276,23 @@ namespace data
 		size_t ret = 0, pos = 1;
 		int bits = 8, tmp = inBuf[0];
 		while (ret < outLen && (bits > 0 || pos < len))
-		{ 	
+		{
 			if (bits < 5)
 			{
 				if (pos < len)
 				{
 					tmp <<= 8;
-		      		tmp |= inBuf[pos] & 0xFF;
+					tmp |= inBuf[pos] & 0xFF;
 					pos++;
-		      		bits += 8;
+					bits += 8;
 				}
 				else // last byte
 				{
 					tmp <<= (5 - bits);
-				  	bits = 5;
+					bits = 5;
 				}
-			}	
-		
+			}
+
 			bits -= 5;
 			int ind = (tmp >> bits) & 0x1F;
 			outBuf[ret] = (ind < 26) ? (ind + 'a') : ((ind - 26) + '2');

libi2pd/Base.h

@@ -10,15 +10,18 @@ namespace data {
 	size_t ByteStreamToBase64 (const uint8_t * InBuffer, size_t InCount, char * OutBuffer, size_t len);
 	size_t Base64ToByteStream (const char * InBuffer, size_t InCount, uint8_t * OutBuffer, size_t len );
 	const char * GetBase32SubstitutionTable ();
-	const char * GetBase64SubstitutionTable ();	
-	
+	const char * GetBase64SubstitutionTable ();
+
 	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen);
 	size_t ByteStreamToBase32 (const uint8_t * InBuf, size_t len, char * outBuf, size_t outLen);
 
-  /**
+ 	/**
      Compute the size for a buffer to contain encoded base64 given that the size of the input is input_size bytes
-   */
-  size_t Base64EncodingBufferSize(const size_t input_size);
+   	*/
+	size_t Base64EncodingBufferSize(const size_t input_size);
+	
+	std::string ToBase64Standard (const std::string& in); // using standard table, for Proxy-Authorization	
+	
 } // data
 } // i2p
 

libi2pd/CPU.cpp

@@ -0,0 +1,43 @@
+#include "CPU.h"
+#if defined(__x86_64__) || defined(__i386__)
+#include <cpuid.h>
+#endif
+#include "Log.h"
+
+#ifndef bit_AES
+#define bit_AES (1 << 25)
+#endif
+#ifndef bit_AVX
+#define bit_AVX (1 << 28)
+#endif
+
+
+namespace i2p
+{
+namespace cpu
+{
+	bool aesni = false;
+	bool avx = false;
+
+	void Detect()
+	{
+#if defined(__x86_64__) || defined(__i386__)
+		int info[4];
+		__cpuid(0, info[0], info[1], info[2], info[3]);
+		if (info[0] >= 0x00000001) {
+			__cpuid(0x00000001, info[0], info[1], info[2], info[3]);
+			aesni = info[2] & bit_AES;  // AESNI
+			avx = info[2] & bit_AVX;  // AVX
+		}
+#endif
+		if(aesni)
+		{
+			LogPrint(eLogInfo, "AESNI enabled");
+		}
+		if(avx)
+		{
+			LogPrint(eLogInfo, "AVX enabled");
+		}
+	}
+}
+}

libi2pd/CPU.h

@@ -0,0 +1,15 @@
+#ifndef LIBI2PD_CPU_H
+#define LIBI2PD_CPU_H
+
+namespace i2p
+{
+namespace cpu
+{
+  extern bool aesni;
+  extern bool avx;
+
+  void Detect();
+}
+}
+
+#endif

libi2pd/ChaCha20.cpp

@@ -0,0 +1,147 @@
+#include "ChaCha20.h"
+
+/**
+   This code is licensed under the MCGSI Public License
+   Copyright 2018 Jeff Becker
+
+   Kovri go write your own code
+
+ */
+namespace i2p
+{
+namespace crypto
+{
+namespace chacha
+{
+constexpr int rounds = 20;
+constexpr std::size_t blocksize = 64;
+
+void u32t8le(uint32_t v, uint8_t * p) 
+{
+    p[0] = v & 0xff;
+    p[1] = (v >> 8) & 0xff;
+    p[2] = (v >> 16) & 0xff;
+    p[3] = (v >> 24) & 0xff;
+}
+
+uint32_t u8t32le(const uint8_t * p) 
+{
+    uint32_t value = p[3];
+
+    value = (value << 8) | p[2];
+    value = (value << 8) | p[1];
+    value = (value << 8) | p[0];
+
+    return value;
+}
+
+uint32_t rotl32(uint32_t x, int n) 
+{
+    return x << n | (x >> (-n & 31));
+}
+
+void quarterround(uint32_t *x, int a, int b, int c, int d) 
+{
+    x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a], 16);
+    x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c], 12);
+    x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a],  8);
+    x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c],  7);
+}
+
+    struct State_t
+    {
+      State_t() {};
+      State_t(State_t &&) = delete;
+      
+      State_t & operator += (const State_t & other)
+      {
+        for(int i = 0; i < 16; i++)
+            data[i] += other.data[i];
+        return *this;
+      }
+
+      void Copy(const State_t & other)
+      {
+           memcpy(data, other.data, sizeof(uint32_t) * 16);
+      }
+      uint32_t data[16];
+    };
+
+    struct Block_t
+    {
+      Block_t() {};
+      Block_t(Block_t &&) = delete;
+
+      uint8_t data[blocksize];
+
+      void operator << (const State_t & st)
+      {
+        int i;
+        for (i = 0; i < 16; i++) 
+            u32t8le(st.data[i], data + (i << 2));
+      }
+    };
+
+void block(const State_t &input, Block_t & block, int rounds)
+{
+    int i;
+    State_t x;
+    x.Copy(input);
+
+    for (i = rounds; i > 0; i -= 2) 
+    {
+        quarterround(x.data, 0, 4,  8, 12);
+        quarterround(x.data, 1, 5,  9, 13);
+        quarterround(x.data, 2, 6, 10, 14);
+        quarterround(x.data, 3, 7, 11, 15);
+        quarterround(x.data, 0, 5, 10, 15);
+        quarterround(x.data, 1, 6, 11, 12);
+        quarterround(x.data, 2, 7,  8, 13);
+        quarterround(x.data, 3, 4,  9, 14);
+    }
+    x += input;
+    block << x;
+
+}
+} // namespace chacha
+
+
+
+
+
+void chacha20(uint8_t * buf, size_t sz, const uint8_t * nonce, const uint8_t * key, uint32_t counter)
+{
+    chacha::State_t state;
+    chacha::Block_t block;
+    size_t i, j;
+
+    state.data[0] = 0x61707865;
+    state.data[1] = 0x3320646e;
+    state.data[2] = 0x79622d32;
+    state.data[3] = 0x6b206574;
+
+    for (i = 0; i < 8; i++) 
+        state.data[4 + i] = chacha::u8t32le(key + i * 4);
+    
+
+    state.data[12] = counter;
+
+    for (i = 0; i < 3; i++) 
+        state.data[13 + i] = chacha::u8t32le(nonce + i * 4);
+
+    
+    for (i = 0; i < sz; i += chacha::blocksize) 
+    {
+        chacha::block(state, block, chacha::rounds);
+        state.data[12]++;
+        for (j = i; j < i + chacha::blocksize; j++) 
+        {
+            if (j >= sz) break;
+            buf[j] ^= block.data[j - i];
+        }
+    }
+
+}
+
+}
+}

libi2pd/ChaCha20.h

@@ -0,0 +1,26 @@
+/**
+   This code is licensed under the MCGSI Public License
+   Copyright 2018 Jeff Becker
+
+   Kovri go write your own code
+
+ */
+#ifndef LIBI2PD_CHACHA20_H
+#define LIBI2PD_CHACHA20_H
+#include <cstdint>
+#include <cstring>
+
+namespace i2p
+{
+namespace crypto
+{
+  const std::size_t CHACHA20_KEY_BYTES = 32;
+  const std::size_t CHACHA20_NOUNCE_BYTES = 12;
+
+  /** encrypt buf in place with chacha20 */
+  void chacha20(uint8_t * buf, size_t sz, const uint8_t * nonce, const uint8_t * key, uint32_t counter=1);
+
+}
+}
+
+#endif

libi2pd/Config.cpp

@@ -37,31 +37,33 @@ namespace config {
 			("pidfile", value<std::string>()->default_value(""),              "Path to pidfile (default: ~/i2pd/i2pd.pid or /var/lib/i2pd/i2pd.pid)")
 			("log", value<std::string>()->default_value(""),                  "Logs destination: stdout, file, syslog (stdout if not set)")
 			("logfile", value<std::string>()->default_value(""),              "Path to logfile (stdout if not set, autodetect if daemon)")
-			("loglevel", value<std::string>()->default_value("info"),         "Set the minimal level of log messages (debug, info, warn, error)")
+			("loglevel", value<std::string>()->default_value("info"),         "Set the minimal level of log messages (debug, info, warn, error, none)")
+			("logclftime", bool_switch()->default_value(false),               "Write full CLF-formatted date and time to log (default: disabled, write only time)")
 			("family", value<std::string>()->default_value(""),               "Specify a family, router belongs to")
 			("datadir", value<std::string>()->default_value(""),              "Path to storage of i2pd data (RI, keys, peer profiles, ...)")
 			("host", value<std::string>()->default_value("0.0.0.0"),          "External IP")
 			("ifname", value<std::string>()->default_value(""),               "Network interface to bind to")
 			("ifname4", value<std::string>()->default_value(""),              "Network interface to bind to for ipv4")
 			("ifname6", value<std::string>()->default_value(""),              "Network interface to bind to for ipv6")
-			("nat", value<bool>()->default_value(true),                       "Should we assume we are behind NAT?")
+			("nat", value<bool>()->default_value(true),                       "Should we assume we are behind NAT? (default: enabled)")
 			("port", value<uint16_t>()->default_value(0),                     "Port to listen for incoming connections (default: auto)")
-			("ipv4", value<bool>()->default_value(true),                      "Enable communication through ipv4")
-			("ipv6", value<bool>()->zero_tokens()->default_value(false),      "Enable communication through ipv6")
+			("ipv4", value<bool>()->default_value(true),                      "Enable communication through ipv4 (default: enabled)")
+			("ipv6", bool_switch()->default_value(false),                     "Enable communication through ipv6 (default: disabled)")
 			("netid", value<int>()->default_value(I2PD_NET_ID),               "Specify NetID. Main I2P is 2")
-			("daemon", value<bool>()->zero_tokens()->default_value(false),    "Router will go to background after start")
-			("service", value<bool>()->zero_tokens()->default_value(false),   "Router will use system folders like '/var/lib/i2pd'")
-			("notransit", value<bool>()->zero_tokens()->default_value(false), "Router will not accept transit tunnels at startup")
-			("floodfill", value<bool>()->zero_tokens()->default_value(false), "Router will be floodfill")
+			("daemon", bool_switch()->default_value(false),                   "Router will go to background after start (default: disabled)")
+			("service", bool_switch()->default_value(false),                  "Router will use system folders like '/var/lib/i2pd' (default: disabled)")
+			("notransit", bool_switch()->default_value(false),                "Router will not accept transit tunnels at startup (default: disabled)")
+			("floodfill", bool_switch()->default_value(false),                "Router will be floodfill (default: disabled)")
 			("bandwidth", value<std::string>()->default_value(""),            "Bandwidth limit: integer in KBps or letters: L (32), O (256), P (2048), X (>9000)")
-			("share", value<int>()->default_value(100),                       "Limit of transit traffic from max bandwidth in percents. (default: 100")
-			("ntcp", value<bool>()->default_value(true),                      "Enable NTCP transport")
-			("ssu", value<bool>()->default_value(true),                       "Enable SSU transport")
+			("share", value<int>()->default_value(100),                       "Limit of transit traffic from max bandwidth in percents. (default: 100)")
+			("ntcp", value<bool>()->default_value(true),                      "Enable NTCP transport (default: enabled)")
+			("ssu", value<bool>()->default_value(true),                       "Enable SSU transport (default: enabled)")
 			("ntcpproxy", value<std::string>()->default_value(""),            "Proxy URL for NTCP transport")
+			("ntcp2", value<bool>()->default_value(false),                    "Enable NTCP2 (experimental, default: disabled)")
 #ifdef _WIN32
 			("svcctl", value<std::string>()->default_value(""),               "Windows service management ('install' or 'remove')")
-			("insomnia", value<bool>()->zero_tokens()->default_value(false),  "Prevent system from sleeping")
-			("close", value<std::string>()->default_value("ask"),             "Action on close: minimize, exit, ask") // TODO: add custom validator or something
+			("insomnia", bool_switch()->default_value(false),                 "Prevent system from sleeping (default: disabled)")
+			("close", value<std::string>()->default_value("ask"),             "Action on close: minimize, exit, ask")
 #endif
 		;
 
@@ -70,16 +72,21 @@ namespace config {
 			("limits.coresize", value<uint32_t>()->default_value(0),          "Maximum size of corefile in Kb (0 - use system limit)")
 			("limits.openfiles", value<uint16_t>()->default_value(0),         "Maximum number of open files (0 - use system default)")
 			("limits.transittunnels", value<uint16_t>()->default_value(2500), "Maximum active transit sessions (default:2500)")
+			("limits.ntcpsoft", value<uint16_t>()->default_value(0),          "Threshold to start probabalistic backoff with ntcp sessions (default: use system limit)")
+			("limits.ntcphard", value<uint16_t>()->default_value(0),          "Maximum number of ntcp sessions (default: use system limit)")
+			("limits.ntcpthreads", value<uint16_t>()->default_value(1),       "Maximum number of threads used by NTCP DH worker (default: 1)")
 		;
 
 		options_description httpserver("HTTP Server options");
 		httpserver.add_options()
-			("http.enabled", value<bool>()->default_value(true),               "Enable or disable webconsole")
-			("http.address", value<std::string>()->default_value("127.0.0.1"), "Webconsole listen address")
-			("http.port", value<uint16_t>()->default_value(7070),              "Webconsole listen port")
-			("http.auth", value<bool>()->default_value(false),                 "Enable Basic HTTP auth for webconsole")
-			("http.user", value<std::string>()->default_value("i2pd"),         "Username for basic auth")
-			("http.pass", value<std::string>()->default_value(""),             "Password for basic auth (default: random, see logs)")
+			("http.enabled", value<bool>()->default_value(true),                "Enable or disable webconsole")
+			("http.address", value<std::string>()->default_value("127.0.0.1"),  "Webconsole listen address")
+			("http.port", value<uint16_t>()->default_value(7070),               "Webconsole listen port")
+			("http.auth", value<bool>()->default_value(false),                  "Enable Basic HTTP auth for webconsole")
+			("http.user", value<std::string>()->default_value("i2pd"),          "Username for basic auth")
+			("http.pass", value<std::string>()->default_value(""),              "Password for basic auth (default: random, see logs)")
+			("http.strictheaders", value<bool>()->default_value(true),          "Enable strict host checking on WebUI")
+			("http.hostname", value<std::string>()->default_value("localhost"), "Expected hostname for WebUI")
 		;
 
 		options_description httpproxy("HTTP Proxy options");
@@ -176,6 +183,7 @@ namespace config {
 			("reseed.floodfill", value<std::string>()->default_value(""), "Path to router info of floodfill to reseed from")
 			("reseed.file", value<std::string>()->default_value(""),      "Path to local .su3 file or HTTPS URL to reseed from")
 			("reseed.zipfile", value<std::string>()->default_value(""),   "Path to local .zip file to reseed from")
+			("reseed.proxy", value<std::string>()->default_value(""),     "url for reseed proxy, supports http/socks")
 			("reseed.urls", value<std::string>()->default_value(
 				"https://reseed.i2p-projekt.de/,"
 				"https://i2p.mooo.com/netDb/,"
@@ -184,12 +192,13 @@ namespace config {
 				// "https://uk.reseed.i2p2.no:444/," // mamoth's shit
 				"https://i2p-0.manas.ca:8443/,"
 				"https://download.xxlspeed.com/,"
-				"https://reseed-ru.lngserv.ru/,"
+				"https://reseed-fr.i2pd.xyz/,"
 				"https://reseed.atomike.ninja/,"
 				"https://reseed.memcpy.io/,"
 				"https://reseed.onion.im/,"
 				"https://itoopie.atomike.ninja/,"
-				"https://i2pseed.creativecowpat.net:8443/"
+				"https://i2pseed.creativecowpat.net:8443/,"
+                "https://i2p.novg.net/"
 			),                                                            "Reseed URLs, separated by comma")
 		;
 
@@ -322,4 +331,3 @@ namespace config {
 
 } // namespace config
 } // namespace i2p
-

libi2pd/Config.h

@@ -47,7 +47,7 @@ namespace config {
    * @brief  Load and parse given config file
    * @param  path  Path to config file
    *
-   * If error occured when opening file path is points to,
+   * If error occurred when opening file path is points to,
    * we show the error message and terminate program.
    *
    * In case of parameter misuse boost throws an exception.
@@ -79,10 +79,10 @@ namespace config {
   }
 
   template<typename T>
-  bool GetOption(const std::string& name, T& value) 
+  bool GetOption(const std::string& name, T& value)
   {
     return GetOption (name.c_str (), value);
-  }	
+  }
 
   bool GetOptionAsAny(const char *name, boost::any& value);
   bool GetOptionAsAny(const std::string& name, boost::any& value);

libi2pd/Crypto.h

@@ -16,6 +16,7 @@
 
 #include "Base.h"
 #include "Tag.h"
+#include "CPU.h"
 
 namespace i2p
 {
@@ -24,7 +25,7 @@ namespace crypto
 	bool bn2buf (const BIGNUM * bn, uint8_t * buf, size_t len);
 
 	// DSA
-	DSA * CreateDSA ();	
+	DSA * CreateDSA ();
 
 	// RSA
 	const BIGNUM * GetRSAE ();
@@ -33,73 +34,75 @@ namespace crypto
 	class DHKeys
 	{
 		public:
-			
+
 			DHKeys ();
 			~DHKeys ();
 
 			void GenerateKeys ();
 			const uint8_t * GetPublicKey () const { return m_PublicKey; };
 			void Agree (const uint8_t * pub, uint8_t * shared);
-			
+
 		private:
 
 			DH * m_DH;
 			uint8_t m_PublicKey[256];
-	};	
-	
+	};
+
 	// ElGamal
 	void ElGamalEncrypt (const uint8_t * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding = false);
 	bool ElGamalDecrypt (const uint8_t * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding = false);
 	void GenerateElGamalKeyPair (uint8_t * priv, uint8_t * pub);
 
+	// ECIES
+	void ECIESEncrypt (const EC_GROUP * curve, const EC_POINT * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding = false); // 222 bytes data, 514 bytes encrypted with zeropadding, 512 without
+	bool ECIESDecrypt (const EC_GROUP * curve, const BIGNUM * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding = false);
+	void GenerateECIESKeyPair (const EC_GROUP * curve, BIGNUM *& priv, EC_POINT *& pub);
+
 	// HMAC
-	typedef i2p::data::Tag<32> MACKey;		
+	typedef i2p::data::Tag<32> MACKey;
 	void HMACMD5Digest (uint8_t * msg, size_t len, const MACKey& key, uint8_t * digest);
 
 	// AES
-	struct ChipherBlock	
+	struct ChipherBlock
 	{
 		uint8_t buf[16];
 
 		void operator^=(const ChipherBlock& other) // XOR
 		{
-#if defined(__AVX__) // AVX
-			__asm__
-			(
-				"vmovups (%[buf]), %%xmm0 \n"	
-				"vmovups (%[other]), %%xmm1 \n"	
-				"vxorps %%xmm0, %%xmm1, %%xmm0 \n"
-				"vmovups %%xmm0, (%[buf]) \n"	
-				: 
-				: [buf]"r"(buf), [other]"r"(other.buf) 
-				: "%xmm0", "%xmm1", "memory"
-			);		
-#elif defined(__SSE__) // SSE
-			__asm__
-			(
-				"movups	(%[buf]), %%xmm0 \n"	
-				"movups	(%[other]), %%xmm1 \n"	
-				"pxor %%xmm1, %%xmm0 \n"
-				"movups	%%xmm0, (%[buf]) \n"
-				: 
-				: [buf]"r"(buf), [other]"r"(other.buf) 
-				: "%xmm0", "%xmm1", "memory"
-			);			
+			if (i2p::cpu::avx)
+			{
+#ifdef AVX
+				__asm__
+					(
+						"vmovups (%[buf]), %%xmm0 \n"
+						"vmovups (%[other]), %%xmm1 \n"
+						"vxorps %%xmm0, %%xmm1, %%xmm0 \n"
+						"vmovups %%xmm0, (%[buf]) \n"
+						:
+						: [buf]"r"(buf), [other]"r"(other.buf)
+						: "%xmm0", "%xmm1", "memory"
+						);
 #else
-			// TODO: implement it better
-			for (int i = 0; i < 16; i++)
-				buf[i] ^= other.buf[i];
+				for (int i = 0; i < 16; i++)
+					buf[i] ^= other.buf[i];
 #endif
-		}	 
+			}
+			else
+			{
+				// TODO: implement it better
+				for (int i = 0; i < 16; i++)
+					buf[i] ^= other.buf[i];
+			}
+		}
 	};
 
 	typedef i2p::data::Tag<32> AESKey;
-	
+
 	template<size_t sz>
 	class AESAlignedBuffer // 16 bytes alignment
 	{
 		public:
-		
+
 			AESAlignedBuffer ()
 			{
 				m_Buf = m_UnalignedBuffer;
@@ -107,22 +110,25 @@ namespace crypto
 				if (rem)
 					m_Buf += (16 - rem);
 			}
-		
+
 			operator uint8_t * () { return m_Buf; };
 			operator const uint8_t * () const { return m_Buf; };
 			ChipherBlock * GetChipherBlock () { return (ChipherBlock *)m_Buf; };
 			const ChipherBlock * GetChipherBlock () const { return (const ChipherBlock *)m_Buf; };
-			
+
 		private:
 
 			uint8_t m_UnalignedBuffer[sz + 15]; // up to 15 bytes alignment
 			uint8_t * m_Buf;
-	};			
+	};
 
 
 #ifdef AESNI
+	#ifdef ARM64AES
+		void init_aesenc(void) __attribute__((constructor));
+	#endif
 	class ECBCryptoAESNI
-	{	
+	{
 		public:
 
 			uint8_t * GetKeySchedule () { return m_KeySchedule; };
@@ -130,110 +136,87 @@ namespace crypto
 		protected:
 
 			void ExpandKey (const AESKey& key);
-		
+
 		private:
 
-			AESAlignedBuffer<240> m_KeySchedule;  // 14 rounds for AES-256, 240 bytes
-	};	
-
-	class ECBEncryptionAESNI: public ECBCryptoAESNI
-	{
-		public:
-		
-			void SetKey (const AESKey& key) { ExpandKey (key); };
-			void Encrypt (const ChipherBlock * in, ChipherBlock * out);	
-	};	
-
-	class ECBDecryptionAESNI: public ECBCryptoAESNI
-	{
-		public:
-		
-			void SetKey (const AESKey& key);
-			void Decrypt (const ChipherBlock * in, ChipherBlock * out);		
-	};	
-
-	typedef ECBEncryptionAESNI ECBEncryption;
-	typedef ECBDecryptionAESNI ECBDecryption;
-
-#else // use openssl
+			AESAlignedBuffer<240> m_KeySchedule;	// 14 rounds for AES-256, 240 bytes
+	};
+#endif
 
+#ifdef AESNI
+	class ECBEncryption: public ECBCryptoAESNI
+#else
 	class ECBEncryption
+#endif
 	{
 		public:
+
+		void SetKey (const AESKey& key);
 		
-			void SetKey (const AESKey& key) 
-			{ 
-				AES_set_encrypt_key (key, 256, &m_Key);
-			}
-			void Encrypt (const ChipherBlock * in, ChipherBlock * out)
-			{
-				AES_encrypt (in->buf, out->buf, &m_Key);
-			}	
+		void Encrypt(const ChipherBlock * in, ChipherBlock * out);
 
-		private:
-
-			AES_KEY m_Key;
-	};	
+	private:
+		AES_KEY m_Key;
+	};
 
+#ifdef AESNI
+	class ECBDecryption: public ECBCryptoAESNI
+#else
 	class ECBDecryption
+#endif
 	{
 		public:
-		
-			void SetKey (const AESKey& key) 
-			{ 
-				AES_set_decrypt_key (key, 256, &m_Key); 
-			}
-			void Decrypt (const ChipherBlock * in, ChipherBlock * out)
-			{
-				AES_decrypt (in->buf, out->buf, &m_Key);
-			}	
 
+			void SetKey (const AESKey& key);
+			void Decrypt (const ChipherBlock * in, ChipherBlock * out);
 		private:
-
 			AES_KEY m_Key;
-	};		
-
-
-#endif			
+	};
 
 	class CBCEncryption
 	{
 		public:
-	
+
 			CBCEncryption () { memset ((uint8_t *)m_LastBlock, 0, 16); };
 
 			void SetKey (const AESKey& key) { m_ECBEncryption.SetKey (key); }; // 32 bytes
 			void SetIV (const uint8_t * iv) { memcpy ((uint8_t *)m_LastBlock, iv, 16); }; // 16 bytes
+			void GetIV (uint8_t * iv) const { memcpy (iv, (const uint8_t *)m_LastBlock, 16); };
 
 			void Encrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
 			void Encrypt (const uint8_t * in, std::size_t len, uint8_t * out);
 			void Encrypt (const uint8_t * in, uint8_t * out); // one block
 
+			ECBEncryption & ECB() { return m_ECBEncryption; }
+		
 		private:
 
 			AESAlignedBuffer<16> m_LastBlock;
-			
+
 			ECBEncryption m_ECBEncryption;
 	};
 
 	class CBCDecryption
 	{
 		public:
-	
+
 			CBCDecryption () { memset ((uint8_t *)m_IV, 0, 16); };
 
 			void SetKey (const AESKey& key) { m_ECBDecryption.SetKey (key); }; // 32 bytes
 			void SetIV (const uint8_t * iv) { memcpy ((uint8_t *)m_IV, iv, 16); }; // 16 bytes
+			void GetIV (uint8_t * iv) const { memcpy (iv, (const uint8_t *)m_IV, 16); };
 
 			void Decrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
 			void Decrypt (const uint8_t * in, std::size_t len, uint8_t * out);
 			void Decrypt (const uint8_t * in, uint8_t * out); // one block
 
+			ECBDecryption & ECB() { return m_ECBDecryption; }
+		
 		private:
 
 			AESAlignedBuffer<16> m_IV;
 			ECBDecryption m_ECBDecryption;
-	};	
+	};
 
 	class TunnelEncryption // with double IV encryption
 	{
@@ -243,18 +226,14 @@ namespace crypto
 			{
 				m_LayerEncryption.SetKey (layerKey);
 				m_IVEncryption.SetKey (ivKey);
-			}	
+			}
 
-			void Encrypt (const uint8_t * in, uint8_t * out); // 1024 bytes (16 IV + 1008 data)		
+			void Encrypt (const uint8_t * in, uint8_t * out); // 1024 bytes (16 IV + 1008 data)
 
 		private:
 
 			ECBEncryption m_IVEncryption;
-#ifdef AESNI
-			ECBEncryption m_LayerEncryption;
-#else
 			CBCEncryption m_LayerEncryption;
-#endif
 	};
 
 	class TunnelDecryption // with double IV encryption
@@ -265,84 +244,85 @@ namespace crypto
 			{
 				m_LayerDecryption.SetKey (layerKey);
 				m_IVDecryption.SetKey (ivKey);
-			}			
+			}
 
-			void Decrypt (const uint8_t * in, uint8_t * out); // 1024 bytes (16 IV + 1008 data)	
+			void Decrypt (const uint8_t * in, uint8_t * out); // 1024 bytes (16 IV + 1008 data)
 
 		private:
 
 			ECBDecryption m_IVDecryption;
-#ifdef AESNI
-			ECBDecryption m_LayerDecryption;
-#else
 			CBCDecryption m_LayerDecryption;
-#endif
-	};	
-	
+	};
+
+// AEAD/ChaCha20/Poly1305
+	bool AEADChaCha20Poly1305 (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen, const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len, bool encrypt); // msgLen is len without tag 
+   	
+// init and terminate
 	void InitCrypto (bool precomputation);
 	void TerminateCrypto ();
-}		
-}	
+}
+}
 
 // take care about openssl version
 #include <openssl/opensslv.h>
-#if (OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER) // 1.1.0 or LibreSSL
+#define LEGACY_OPENSSL ((OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER)) // 1.0.2 and below or LibreSSL
+#if LEGACY_OPENSSL
 // define getters and setters introduced in 1.1.0
-inline int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) 
-	{ 
+inline int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+	{
 		if (d->p) BN_free (d->p);
 		if (d->q) BN_free (d->q);
 		if (d->g) BN_free (d->g);
-		d->p = p; d->q = q; d->g = g; return 1; 
+		d->p = p; d->q = q; d->g = g; return 1;
 	}
-inline int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) 
-	{ 
+inline int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+	{
 		if (d->pub_key) BN_free (d->pub_key);
 		if (d->priv_key) BN_free (d->priv_key);
-		d->pub_key = pub_key; d->priv_key = priv_key; return 1; 
-	} 
-inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) 
+		d->pub_key = pub_key; d->priv_key = priv_key; return 1;
+	}
+inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
 	{ *pub_key = d->pub_key; *priv_key = d->priv_key; }
-inline int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) 
-	{ 
+inline int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+	{
 		if (sig->r) BN_free (sig->r);
 		if (sig->s) BN_free (sig->s);
-		sig->r = r; sig->s = s; return 1; 
+		sig->r = r; sig->s = s; return 1;
 	}
-inline void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) 
+inline void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
 	{ *pr = sig->r; *ps = sig->s; }
 
 inline int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-	{ 
+	{
 		if (sig->r) BN_free (sig->r);
 		if (sig->s) BN_free (sig->s);
-		sig->r = r; sig->s = s; return 1; 
+		sig->r = r; sig->s = s; return 1;
 	}
 inline void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
 	{ *pr = sig->r; *ps = sig->s; }
 
-inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) 
+inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
 	{
 		if (r->n) BN_free (r->n);
 		if (r->e) BN_free (r->e);
 		if (r->d) BN_free (r->d);
-		r->n = n; r->e = e; r->d = d; return 1; 
+		r->n = n; r->e = e; r->d = d; return 1;
 	}
 inline void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
 	{ *n = r->n; *e = r->e; *d = r->d; }
 
 inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-	{ 
+	{
 		if (dh->p) BN_free (dh->p);
 		if (dh->q) BN_free (dh->q);
 		if (dh->g) BN_free (dh->g);
-		dh->p = p; dh->q = q; dh->g = g;  return 1; 
+		dh->p = p; dh->q = q; dh->g = g;  return 1;
 	}
 inline int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
-	{ 
-		if (dh->pub_key) BN_free (dh->pub_key); 
+	{
+		if (dh->pub_key) BN_free (dh->pub_key);
 		if (dh->priv_key) BN_free (dh->priv_key);
-		dh->pub_key = pub_key; dh->priv_key = priv_key; return 1; 
+		dh->pub_key = pub_key; dh->priv_key = priv_key; return 1;
 	}
 inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
 	{ *pub_key = dh->pub_key; *priv_key = dh->priv_key; }

libi2pd/CryptoKey.cpp

@@ -0,0 +1,151 @@
+#include <string.h>
+#include "Log.h"
+#include "Gost.h"
+#include "CryptoKey.h"
+
+namespace i2p
+{
+namespace crypto
+{
+	ElGamalEncryptor::ElGamalEncryptor (const uint8_t * pub)
+	{
+		memcpy (m_PublicKey, pub, 256);
+	}
+
+	void ElGamalEncryptor::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding)
+	{
+		ElGamalEncrypt (m_PublicKey, data, encrypted, ctx, zeroPadding);
+	}
+
+	ElGamalDecryptor::ElGamalDecryptor (const uint8_t * priv)
+	{
+		memcpy (m_PrivateKey, priv, 256);
+	}
+
+	bool ElGamalDecryptor::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding)
+	{
+		return ElGamalDecrypt (m_PrivateKey, encrypted, data, ctx, zeroPadding);
+	}
+
+	ECIESP256Encryptor::ECIESP256Encryptor (const uint8_t * pub)
+	{
+		m_Curve = EC_GROUP_new_by_curve_name (NID_X9_62_prime256v1);
+		m_PublicKey = EC_POINT_new (m_Curve);
+		BIGNUM * x = BN_bin2bn (pub, 32, nullptr);
+		BIGNUM * y = BN_bin2bn (pub + 32, 32, nullptr);
+		if (!EC_POINT_set_affine_coordinates_GFp (m_Curve, m_PublicKey, x, y, nullptr))
+			LogPrint (eLogError, "ECICS P256 invalid public key");
+		BN_free (x); BN_free (y);
+	}
+
+	ECIESP256Encryptor::~ECIESP256Encryptor ()
+	{
+		if (m_Curve) EC_GROUP_free (m_Curve);
+		if (m_PublicKey) EC_POINT_free (m_PublicKey);
+	}
+
+	void ECIESP256Encryptor::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding)
+	{
+		if (m_Curve && m_PublicKey)
+			ECIESEncrypt (m_Curve, m_PublicKey, data, encrypted, ctx, zeroPadding);
+	}
+
+	ECIESP256Decryptor::ECIESP256Decryptor (const uint8_t * priv)
+	{
+		m_Curve = EC_GROUP_new_by_curve_name (NID_X9_62_prime256v1);
+		m_PrivateKey = BN_bin2bn (priv, 32, nullptr);
+	}
+
+	ECIESP256Decryptor::~ECIESP256Decryptor ()
+	{
+		if (m_Curve) EC_GROUP_free (m_Curve);
+		if (m_PrivateKey) BN_free (m_PrivateKey);
+	}
+
+	bool ECIESP256Decryptor::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding)
+	{
+		if (m_Curve && m_PrivateKey)
+			return ECIESDecrypt (m_Curve, m_PrivateKey, encrypted, data, ctx, zeroPadding);
+		return false;
+	}
+
+	void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub)
+	{
+		EC_GROUP * curve = EC_GROUP_new_by_curve_name (NID_X9_62_prime256v1);
+		EC_POINT * p = nullptr;
+		BIGNUM * key = nullptr;
+		GenerateECIESKeyPair (curve, key, p);
+		bn2buf (key, priv, 32);
+		RAND_bytes (priv + 32, 224);
+		BN_free (key);
+		BIGNUM * x = BN_new (), * y = BN_new ();
+		EC_POINT_get_affine_coordinates_GFp (curve, p, x, y, NULL);
+		bn2buf (x, pub, 32);
+		bn2buf (y, pub + 32, 32);
+		RAND_bytes (pub + 64, 192);
+		EC_POINT_free (p);
+		BN_free (x); BN_free (y);
+		EC_GROUP_free (curve);
+	}
+
+	ECIESGOSTR3410Encryptor::ECIESGOSTR3410Encryptor (const uint8_t * pub)
+	{
+		auto& curve = GetGOSTR3410Curve (eGOSTR3410CryptoProA);
+		m_PublicKey = EC_POINT_new (curve->GetGroup ());
+		BIGNUM * x = BN_bin2bn (pub, 32, nullptr);
+		BIGNUM * y = BN_bin2bn (pub + 32, 32, nullptr);
+		if (!EC_POINT_set_affine_coordinates_GFp (curve->GetGroup (), m_PublicKey, x, y, nullptr))
+			LogPrint (eLogError, "ECICS GOST R 34.10 invalid public key");
+		BN_free (x); BN_free (y);
+	}
+
+	ECIESGOSTR3410Encryptor::~ECIESGOSTR3410Encryptor ()
+	{
+		if (m_PublicKey) EC_POINT_free (m_PublicKey);
+	}
+
+	void ECIESGOSTR3410Encryptor::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding)
+	{
+		if (m_PublicKey)
+			ECIESEncrypt (GetGOSTR3410Curve (eGOSTR3410CryptoProA)->GetGroup (), m_PublicKey, data, encrypted, ctx, zeroPadding);
+	}
+
+	ECIESGOSTR3410Decryptor::ECIESGOSTR3410Decryptor (const uint8_t * priv)
+	{
+		m_PrivateKey = BN_bin2bn (priv, 32, nullptr);
+	}
+
+	ECIESGOSTR3410Decryptor::~ECIESGOSTR3410Decryptor ()
+	{
+		if (m_PrivateKey) BN_free (m_PrivateKey);
+	}
+
+	bool ECIESGOSTR3410Decryptor::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding)
+	{
+		if (m_PrivateKey)
+			return ECIESDecrypt (GetGOSTR3410Curve (eGOSTR3410CryptoProA)->GetGroup (), m_PrivateKey, encrypted, data, ctx, zeroPadding);
+		return false;
+	}
+
+
+	void CreateECIESGOSTR3410RandomKeys (uint8_t * priv, uint8_t * pub)
+	{
+		auto& curve = GetGOSTR3410Curve (eGOSTR3410CryptoProA);
+		EC_POINT * p = nullptr;
+		BIGNUM * key = nullptr;
+		GenerateECIESKeyPair (curve->GetGroup (), key, p);
+		bn2buf (key, priv, 32);
+		RAND_bytes (priv + 32, 224);
+		BN_free (key);
+		BIGNUM * x = BN_new (), * y = BN_new ();
+		EC_POINT_get_affine_coordinates_GFp (curve->GetGroup (), p, x, y, NULL);
+		bn2buf (x, pub, 32);
+		bn2buf (y, pub + 32, 32);
+		RAND_bytes (pub + 64, 192);
+		EC_POINT_free (p);
+		BN_free (x); BN_free (y);
+	}
+
+}
+}
+

libi2pd/CryptoKey.h

@@ -0,0 +1,119 @@
+#ifndef CRYPTO_KEY_H__
+#define CRYPTO_KEY_H__
+
+#include <inttypes.h>
+#include "Crypto.h"
+
+namespace i2p
+{
+namespace crypto
+{
+	class CryptoKeyEncryptor
+	{
+		public:
+
+			virtual ~CryptoKeyEncryptor () {};
+			virtual void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding) = 0; // 222 bytes data, 512/514 bytes encrypted
+	};
+
+	class CryptoKeyDecryptor
+	{
+		public:
+
+			virtual ~CryptoKeyDecryptor () {};
+			virtual bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding) = 0; // 512/514 bytes encrypted, 222 bytes data
+	};
+
+// ElGamal
+	class ElGamalEncryptor: public CryptoKeyEncryptor // for destination
+	{
+		public:
+
+			ElGamalEncryptor (const uint8_t * pub);
+			void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding);
+
+		private:
+
+			uint8_t m_PublicKey[256];
+	};
+
+	class ElGamalDecryptor: public CryptoKeyDecryptor // for destination
+	{
+		public:
+
+			ElGamalDecryptor (const uint8_t * priv);
+			bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding);
+
+		private:
+
+			uint8_t m_PrivateKey[256];
+	};
+
+// ECIES P256
+
+	class ECIESP256Encryptor: public CryptoKeyEncryptor
+	{
+		public:
+
+			ECIESP256Encryptor (const uint8_t * pub);
+			~ECIESP256Encryptor ();
+			void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding);
+
+		private:
+
+			EC_GROUP * m_Curve;
+			EC_POINT * m_PublicKey;
+	};
+
+
+	class ECIESP256Decryptor: public CryptoKeyDecryptor
+	{
+		public:
+
+			ECIESP256Decryptor (const uint8_t * priv);
+			~ECIESP256Decryptor ();
+			bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding);
+
+		private:
+
+			EC_GROUP * m_Curve;
+			BIGNUM * m_PrivateKey;
+	};
+
+	void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub);
+
+// ECIES GOST R 34.10
+
+	class ECIESGOSTR3410Encryptor: public CryptoKeyEncryptor
+	{
+		public:
+
+			ECIESGOSTR3410Encryptor (const uint8_t * pub);
+			~ECIESGOSTR3410Encryptor ();
+			void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding);
+
+		private:
+
+			EC_POINT * m_PublicKey;
+	};
+
+
+	class ECIESGOSTR3410Decryptor: public CryptoKeyDecryptor
+	{
+		public:
+
+			ECIESGOSTR3410Decryptor (const uint8_t * priv);
+			~ECIESGOSTR3410Decryptor ();
+			bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding);
+
+		private:
+
+			BIGNUM * m_PrivateKey;
+	};
+
+	void CreateECIESGOSTR3410RandomKeys (uint8_t * priv, uint8_t * pub);
+}
+}
+
+#endif
+

libi2pd/CryptoWorker.h

@@ -0,0 +1,81 @@
+#ifndef CRYPTO_WORKER_H_
+#define CRYPTO_WORKER_H_
+
+#include <condition_variable>
+#include <mutex>
+#include <deque>
+#include <thread>
+#include <vector>
+#include <memory>
+
+namespace i2p
+{
+namespace worker
+{
+	template<typename Caller>
+	struct ThreadPool
+	{
+		typedef std::function<void(void)> ResultFunc;
+		typedef std::function<ResultFunc(void)> WorkFunc;
+		typedef std::pair<std::shared_ptr<Caller>, WorkFunc> Job;
+		typedef std::mutex mtx_t;
+		typedef std::unique_lock<mtx_t> lock_t;
+		typedef std::condition_variable cond_t;
+		ThreadPool(int workers)
+		{
+			stop = false;
+			if(workers > 0)
+			{
+				while(workers--)
+				{
+					threads.emplace_back([this] {
+							for (;;)
+							{
+								Job job;
+								{
+									lock_t lock(this->queue_mutex);
+									this->condition.wait(
+										lock, [this] { return this->stop || !this->jobs.empty(); });
+									if (this->stop && this->jobs.empty()) return;
+									job = std::move(this->jobs.front());
+									this->jobs.pop_front();
+								}
+								ResultFunc result = job.second();
+								job.first->GetService().post(result);
+							}
+					});
+				}
+			}
+		};
+
+		void Offer(const Job & job)
+		{
+			{
+				lock_t lock(queue_mutex);
+				if (stop) return;
+				jobs.emplace_back(job);
+			}
+			condition.notify_one();
+		}
+
+		~ThreadPool()
+		{
+			{
+				lock_t lock(queue_mutex);
+				stop = true;
+			}
+			condition.notify_all();
+			for(auto &t: threads) t.join();
+		}
+
+		std::vector<std::thread> threads;
+		std::deque<Job> jobs;
+		mtx_t queue_mutex;
+		cond_t condition;
+		bool stop;
+	};
+}
+}
+
+
+#endif

libi2pd/Datagram.cpp

@@ -11,20 +11,20 @@ namespace i2p
 {
 namespace datagram
 {
-	DatagramDestination::DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner): 
+	DatagramDestination::DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner):
 		m_Owner (owner.get()),
 		m_Receiver (nullptr)
 	{
 		m_Identity.FromBase64 (owner->GetIdentity()->ToBase64());
 	}
-	
+
 	DatagramDestination::~DatagramDestination ()
 	{
 		m_Sessions.clear();
 	}
 
 	void DatagramDestination::SendDatagramTo(const uint8_t * payload, size_t len, const i2p::data::IdentHash & identity, uint16_t fromPort, uint16_t toPort)
-	{	
+	{
 		auto owner = m_Owner;
 		std::vector<uint8_t> v(MAX_DATAGRAM_SIZE);
 		uint8_t * buf = v.data();
@@ -33,11 +33,11 @@ namespace datagram
 		auto signatureLen = m_Identity.GetSignatureLen ();
 		uint8_t * buf1 = signature + signatureLen;
 		size_t headerLen = identityLen + signatureLen;
-		
-		memcpy (buf1, payload, len);	
+
+		memcpy (buf1, payload, len);
 		if (m_Identity.GetSigningKeyType () == i2p::data::SIGNING_KEY_TYPE_DSA_SHA1)
 		{
-			uint8_t hash[32];	
+			uint8_t hash[32];
 			SHA256(buf1, len, hash);
 			owner->Sign (hash, 32, signature);
 		}
@@ -63,10 +63,10 @@ namespace datagram
 			uint8_t hash[32];
 			SHA256(buf + headerLen, len - headerLen, hash);
 			verified = identity.Verify (hash, 32, signature);
-		}	
-		else	
+		}
+		else
 			verified = identity.Verify (buf + headerLen, len - headerLen, signature);
-				
+
 		if (verified)
 		{
 			auto h = identity.GetIdentHash();
@@ -79,7 +79,7 @@ namespace datagram
 				LogPrint (eLogWarning, "DatagramDestination: no receiver for port ", toPort);
 		}
 		else
-			LogPrint (eLogWarning, "Datagram signature verification failed");	
+			LogPrint (eLogWarning, "Datagram signature verification failed");
 	}
 
 	DatagramDestination::Receiver DatagramDestination::FindReceiver(uint16_t port)
@@ -113,24 +113,24 @@ namespace datagram
 		{
 			htobe32buf (msg->GetPayload (), size); // length
 			htobe16buf (buf + 4, fromPort); // source port
-			htobe16buf (buf + 6, toPort); // destination port 
+			htobe16buf (buf + 6, toPort); // destination port
 			buf[9] = i2p::client::PROTOCOL_TYPE_DATAGRAM; // datagram protocol
-			msg->len += size + 4; 
+			msg->len += size + 4;
 			msg->FillI2NPMessageHeader (eI2NPData);
-		}	
+		}
 		else
 			msg = nullptr;
 		return msg;
 	}
 
 	void DatagramDestination::CleanUp ()
-	{			
+	{
 		if (m_Sessions.empty ()) return;
 		auto now = i2p::util::GetMillisecondsSinceEpoch();
 		LogPrint(eLogDebug, "DatagramDestination: clean up sessions");
 		std::unique_lock<std::mutex> lock(m_SessionsMutex);
 		// for each session ...
-		for (auto it = m_Sessions.begin (); it != m_Sessions.end (); ) 
+		for (auto it = m_Sessions.begin (); it != m_Sessions.end (); )
 		{
 			// check if expired
 			if (now - it->second->LastActivity() >= DATAGRAM_SESSION_MAX_IDLE)
@@ -143,7 +143,7 @@ namespace datagram
 				it++;
 		}
 	}
-	
+
 	std::shared_ptr<DatagramSession> DatagramDestination::ObtainSession(const i2p::data::IdentHash & identity)
 	{
 		std::shared_ptr<DatagramSession> session = nullptr;
@@ -169,7 +169,7 @@ namespace datagram
 		}
 		return nullptr;
 	}
-	
+
 	DatagramSession::DatagramSession(i2p::client::ClientDestination * localDestination,
 																	 const i2p::data::IdentHash & remoteIdent) :
 		m_LocalDestination(localDestination),
@@ -203,7 +203,7 @@ namespace datagram
 	{
 		if(!m_RoutingSession)
 			return DatagramSession::Info(nullptr, nullptr, m_LastUse);
-		
+
 		auto routingPath = m_RoutingSession->GetSharedRoutingPath();
 		if (!routingPath)
 			return DatagramSession::Info(nullptr, nullptr, m_LastUse);
@@ -318,7 +318,7 @@ namespace datagram
 			m_RoutingSession->SetSharedRoutingPath(path);
 		}
 		return path;
-	
+
 	}
 
 	void DatagramSession::HandleLeaseSetUpdated(std::shared_ptr<i2p::data::LeaseSet> ls)

libi2pd/Datagram.h

@@ -106,7 +106,7 @@ namespace datagram
     DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner);
 			~DatagramDestination ();
 
-    	void SendDatagramTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash & ident, uint16_t fromPort = 0, uint16_t toPort = 0);
+	void SendDatagramTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash & ident, uint16_t fromPort = 0, uint16_t toPort = 0);
 			void HandleDataMessagePayload (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
 
 			void SetReceiver (const Receiver& receiver) { m_Receiver = receiver; };