don't always set port 4567

Replaced arrows to HTML code. Deleted tab spaces.

.gitignore

@@ -5,6 +5,10 @@ router.keys
 i2p
 libi2pd.so
 netDb
+/i2pd
+/libi2pd.a
+/libi2pdclient.a
+
 
 # Autotools
 autom4te.cache
@@ -233,3 +237,4 @@ pip-log.txt
 
 # Sphinx
 docs/_build
+/androidIdea/

.travis.yml

@@ -16,13 +16,17 @@ addons:
       - libboost-date-time-dev
       - libboost-filesystem-dev
       - libboost-program-options-dev
-      - libboost-regex-dev
       - libboost-system-dev
       - libboost-thread-dev
       - libminiupnpc-dev
       - libssl-dev
 compiler:
   - gcc
+  - clang
+before_install:
+  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi
+  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install openssl miniupnpc ; fi
+  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew unlink boost openssl && brew link boost openssl -f ; fi
 env:
   matrix:
     - BUILD_TYPE=Release UPNP=ON

AddressBook.h

@@ -10,20 +10,27 @@
 #include <memory>
 #include <boost/asio.hpp>
 #include "Base.h"
-#include "util.h"
 #include "Identity.h"
 #include "Log.h"
+#include "Destination.h"
 
 namespace i2p
 {
 namespace client
 {
-	const char DEFAULT_SUBSCRIPTION_ADDRESS[] = "http://udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p/hosts.txt";
+#ifdef MESHNET
+	const char DEFAULT_SUBSCRIPTION_ADDRESS[] = "http://i42ofzetmgicvui5sshinfckpijix2udewbam4sjo6x5fbukltia.b32.i2p/hosts.txt";
+#else
+	const char DEFAULT_SUBSCRIPTION_ADDRESS[] = "http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt";
+#endif
 	const int INITIAL_SUBSCRIPTION_UPDATE_TIMEOUT = 3; // in minutes	
 	const int INITIAL_SUBSCRIPTION_RETRY_TIMEOUT = 1; // in minutes			
 	const int CONTINIOUS_SUBSCRIPTION_UPDATE_TIMEOUT = 720; // in minutes (12 hours)			
 	const int CONTINIOUS_SUBSCRIPTION_RETRY_TIMEOUT = 5; // in minutes	
 	const int SUBSCRIPTION_REQUEST_TIMEOUT = 60; //in second
+
+	const uint16_t ADDRESS_RESOLVER_DATAGRAM_PORT = 53;	
+	const uint16_t ADDRESS_RESPONSE_DATAGRAM_PORT = 54;
 	
 	inline std::string GetB32Address(const i2p::data::IdentHash& ident) { return ident.ToBase32().append(".b32.i2p"); }
 
@@ -36,11 +43,17 @@ namespace client
 			virtual void AddAddress (std::shared_ptr<const i2p::data::IdentityEx> address) = 0;
 			virtual void RemoveAddress (const i2p::data::IdentHash& ident) = 0;
 		
+			virtual bool Init () = 0;
 			virtual int Load (std::map<std::string, i2p::data::IdentHash>& addresses) = 0;
+			virtual int LoadLocal (std::map<std::string, i2p::data::IdentHash>& addresses) = 0;
 			virtual int Save (const std::map<std::string, i2p::data::IdentHash>& addresses) = 0;
+
+			virtual void SaveEtag (const i2p::data::IdentHash& subscription, const std::string& etag, const std::string& lastModified) = 0;
+			virtual bool GetEtag (const i2p::data::IdentHash& subscription, std::string& etag, std::string& lastModified) = 0;
 	};			
 
 	class AddressBookSubscription;
+	class AddressResolver;
 	class AddressBook
 	{
 		public:
@@ -48,37 +61,49 @@ namespace client
 			AddressBook ();
 			~AddressBook ();
 			void Start ();
+			void StartResolvers ();
 			void Stop ();
 			bool GetIdentHash (const std::string& address, i2p::data::IdentHash& ident);
 			std::shared_ptr<const i2p::data::IdentityEx> GetAddress (const std::string& address);
 			const i2p::data::IdentHash * FindAddress (const std::string& address);
+			void LookupAddress (const std::string& address);
 			void InsertAddress (const std::string& address, const std::string& base64); // for jump service
 			void InsertAddress (std::shared_ptr<const i2p::data::IdentityEx> address);
 
-			void LoadHostsFromStream (std::istream& f);
-			void DownloadComplete (bool success);
+			bool LoadHostsFromStream (std::istream& f, bool is_update);
+			void DownloadComplete (bool success, const i2p::data::IdentHash& subscription, const std::string& etag, const std::string& lastModified);
 			//This method returns the ".b32.i2p" address
 			std::string ToAddress(const i2p::data::IdentHash& ident) { return GetB32Address(ident); }
 			std::string ToAddress(std::shared_ptr<const i2p::data::IdentityEx> ident) { return ToAddress(ident->GetIdentHash ()); }
+
+			bool GetEtag (const i2p::data::IdentHash& subscription, std::string& etag, std::string& lastModified);
+
 		private:
 
 			void StartSubscriptions ();
 			void StopSubscriptions ();
 			
-			AddressBookStorage * CreateStorage ();	
 			void LoadHosts ();
 			void LoadSubscriptions ();
+			void LoadLocal ();
 
 			void HandleSubscriptionsUpdateTimer (const boost::system::error_code& ecode);
 
+			void StartLookups ();
+			void StopLookups ();
+			void HandleLookupResponse (const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
+			
 		private:	
 
 			std::mutex m_AddressBookMutex;
 			std::map<std::string, i2p::data::IdentHash>  m_Addresses;
+			std::map<i2p::data::IdentHash, std::shared_ptr<AddressResolver> > m_Resolvers; // local destination->resolver
+			std::mutex m_LookupsMutex;
+			std::map<uint32_t, std::string> m_Lookups; // nonce -> address
 			AddressBookStorage * m_Storage;
 			volatile bool m_IsLoaded, m_IsDownloading;
-			std::vector<AddressBookSubscription *> m_Subscriptions;
-			AddressBookSubscription * m_DefaultSubscription; // in case if we don't know any addresses yet
+			std::vector<std::shared_ptr<AddressBookSubscription> > m_Subscriptions;
+			std::shared_ptr<AddressBookSubscription> m_DefaultSubscription; // in case if we don't know any addresses yet
 			boost::asio::deadline_timer * m_SubscriptionsUpdateTimer;
 	};
 
@@ -87,16 +112,36 @@ namespace client
 		public:
 
 			AddressBookSubscription (AddressBook& book, const std::string& link);
-			void CheckSubscription ();
+			void CheckUpdates ();
 
 		private:
 
-			void Request ();
+			bool MakeRequest ();
 		
 		private:
 
 			AddressBook& m_Book;
 			std::string m_Link, m_Etag, m_LastModified;
+			i2p::data::IdentHash m_Ident;
+			// m_Etag must be surrounded by ""
+	};
+
+	class AddressResolver
+	{
+		public:
+
+			AddressResolver (std::shared_ptr<ClientDestination> destination);
+			~AddressResolver ();
+			void AddAddress (const std::string& name, const i2p::data::IdentHash& ident);
+
+		private:
+
+			void HandleRequest (const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
+
+		private:
+
+			std::shared_ptr<ClientDestination> m_LocalDestination;
+			std::map<std::string, i2p::data::IdentHash>  m_LocalAddresses;
 	};
 }
 }

BOB.cpp

@@ -70,7 +70,7 @@ namespace client
 			if (eol)
 			{
 				*eol = 0;
-				
+				if (eol != receiver->buffer && eol[-1] == '\r') eol[-1] = 0; // workaround for Transmission, it sends '\r\n' terminated address 
 				receiver->data = (uint8_t *)eol + 1;
 				receiver->dataLen = receiver->bufferOffset - (eol - receiver->buffer + 1);
 				i2p::data::IdentHash ident;
@@ -202,9 +202,9 @@ namespace client
 	}	
 		
 	BOBCommandSession::BOBCommandSession (BOBCommandChannel& owner): 
-		m_Owner (owner), m_Socket (m_Owner.GetService ()), m_ReceiveBufferOffset (0),
-		m_IsOpen (true), m_IsQuiet (false), m_InPort (0), m_OutPort (0),
-		m_CurrentDestination (nullptr)
+		m_Owner (owner), m_Socket (m_Owner.GetService ()),
+		m_ReceiveBufferOffset (0), m_IsOpen (true), m_IsQuiet (false), m_IsActive (false), 
+		m_InPort (0), m_OutPort (0), m_CurrentDestination (nullptr)
 	{
 	}
 
@@ -354,6 +354,11 @@ namespace client
 	void BOBCommandSession::StartCommandHandler (const char * operand, size_t len)
 	{
 		LogPrint (eLogDebug, "BOB: start ", m_Nickname);
+		if (m_IsActive)
+		{
+			SendReplyError ("tunnel is active");
+			return; 
+		}
 		if (!m_CurrentDestination)
 		{	
 			m_CurrentDestination = new BOBDestination (i2p::client::context.CreateNewLocalDestination (m_Keys, true, &m_Options));
@@ -364,19 +369,27 @@ namespace client
 		if (m_OutPort && !m_Address.empty ())
 			m_CurrentDestination->CreateOutboundTunnel (m_Address, m_OutPort, m_IsQuiet);
 		m_CurrentDestination->Start ();	
-		SendReplyOK ("tunnel starting");	
+		SendReplyOK ("Tunnel starting");
+		m_IsActive = true;
 	}	
-	
+
 	void BOBCommandSession::StopCommandHandler (const char * operand, size_t len)
 	{
+		LogPrint (eLogDebug, "BOB: stop ", m_Nickname);
+		if (!m_IsActive)
+		{
+			SendReplyError ("tunnel is inactive");
+			return;
+		}
 		auto dest = m_Owner.FindDestination (m_Nickname);
 		if (dest)
 		{
 			dest->StopTunnels ();
-			SendReplyOK ("tunnel stopping");
+			SendReplyOK ("Tunnel stopping");
 		}
 		else
 			SendReplyError ("tunnel not found");
+		m_IsActive = false;
 	}	
 	
 	void BOBCommandSession::SetNickCommandHandler (const char * operand, size_t len)
@@ -384,7 +397,7 @@ namespace client
 		LogPrint (eLogDebug, "BOB: setnick ", operand);
 		m_Nickname = operand;
 		std::string msg ("Nickname set to ");
-		msg += operand;
+		msg += m_Nickname;
 		SendReplyOK (msg.c_str ());
 	}	
 
@@ -396,12 +409,15 @@ namespace client
 		{
 			m_Keys = m_CurrentDestination->GetKeys ();
 			m_Nickname = operand;
-			std::string msg ("Nickname set to ");
-			msg += operand;
-			SendReplyOK (msg.c_str ());
 		}
+		if (m_Nickname == operand)
+		{	
+			std::string msg ("Nickname set to ");
+			msg += m_Nickname;
+			SendReplyOK (msg.c_str ());
+		}	
 		else
-			SendReplyError ("tunnel not found");	
+			SendReplyError ("no nickname has been set");	
 	}	
 
 	void BOBCommandSession::NewkeysCommandHandler (const char * operand, size_t len)
@@ -441,7 +457,10 @@ namespace client
 	{
 		LogPrint (eLogDebug, "BOB: outport ", operand);
 		m_OutPort = boost::lexical_cast<int>(operand);
-		SendReplyOK ("outbound port set");
+		if (m_OutPort >= 0)
+			SendReplyOK ("outbound port set");
+		else
+			SendReplyError ("port out of range");
 	}	
 
 	void BOBCommandSession::InhostCommandHandler (const char * operand, size_t len)
@@ -455,14 +474,27 @@ namespace client
 	{
 		LogPrint (eLogDebug, "BOB: inport ", operand);
 		m_InPort = boost::lexical_cast<int>(operand);
-		SendReplyOK ("inbound port set");
+		if (m_InPort >= 0)
+			SendReplyOK ("inbound port set");
+		else
+			SendReplyError ("port out of range");
 	}		
 
 	void BOBCommandSession::QuietCommandHandler (const char * operand, size_t len)
 	{
 		LogPrint (eLogDebug, "BOB: quiet");
-		m_IsQuiet = true;
-		SendReplyOK ("quiet");
+		if (m_Nickname.length () > 0)
+		{
+			if (!m_IsActive)
+			{
+				m_IsQuiet = true;
+				SendReplyOK ("Quiet set");
+			}
+			else
+				SendReplyError ("tunnel is active");
+		}
+		else
+			SendReplyError ("no nickname has been set");
 	}	
 	
 	void BOBCommandSession::LookupCommandHandler (const char * operand, size_t len)
@@ -497,14 +529,15 @@ namespace client
 	{
 		LogPrint (eLogDebug, "BOB: clear");
 		m_Owner.DeleteDestination (m_Nickname);
+		m_Nickname = "";
 		SendReplyOK ("cleared");
 	}	
 
 	void BOBCommandSession::ListCommandHandler (const char * operand, size_t len)
 	{
 		LogPrint (eLogDebug, "BOB: list");
-		auto& destinations = m_Owner.GetDestinations ();
-		for (auto it: destinations)
+		const auto& destinations = m_Owner.GetDestinations ();
+		for (const auto& it: destinations)
 			SendData (it.first.c_str ());
 		SendReplyOK ("Listing done");
 	}	
@@ -515,14 +548,46 @@ namespace client
 		const char * value = strchr (operand, '=');
 		if (value)
 		{	
+			std::string msg ("option ");
 			*(const_cast<char *>(value)) = 0;
 			m_Options[operand] = value + 1; 
+			msg += operand;
 			*(const_cast<char *>(value)) = '=';
-			SendReplyOK ("option");
+			msg += " set to ";
+			msg += value;	
+			SendReplyOK (msg.c_str ());
 		}	
 		else
 			SendReplyError ("malformed");
 	}	
+
+	void BOBCommandSession::StatusCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: status ", operand);
+		if (m_Nickname == operand)
+		{
+			std::stringstream s;
+			s << "DATA"; s << " NICKNAME: "; s << m_Nickname;
+			if (m_CurrentDestination->GetLocalDestination ()->IsReady ())
+				s << " STARTING: false RUNNING: true STOPPING: false";
+			else
+				s << " STARTING: true RUNNING: false STOPPING: false";
+			s << " KEYS: true"; s << " QUIET: "; s << (m_IsQuiet ? "true":"false");
+			if (m_InPort)
+			{	
+				s << " INPORT: " << m_InPort;
+				s << " INHOST: " << (m_Address.length () > 0 ? m_Address : "127.0.0.1");
+			}	
+			if (m_OutPort)
+			{ 
+				s << " OUTPORT: " << m_OutPort;
+				s << " OUTHOST: " << (m_Address.length () > 0 ? m_Address : "127.0.0.1");
+			}	
+			SendReplyOK (s.str().c_str());
+		}
+		else
+			SendReplyError ("no nickname has been set");	
+	}	
 		
 	BOBCommandChannel::BOBCommandChannel (const std::string& address, int port):
 		m_IsRunning (false), m_Thread (nullptr),
@@ -548,12 +613,13 @@ namespace client
 		m_CommandHandlers[BOB_COMMAND_CLEAR] = &BOBCommandSession::ClearCommandHandler;
 		m_CommandHandlers[BOB_COMMAND_LIST] = &BOBCommandSession::ListCommandHandler;
 		m_CommandHandlers[BOB_COMMAND_OPTION] = &BOBCommandSession::OptionCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_STATUS] = &BOBCommandSession::StatusCommandHandler;
 	}
 
 	BOBCommandChannel::~BOBCommandChannel ()
 	{
 		Stop ();
-		for (auto it: m_Destinations)
+		for (const auto& it: m_Destinations)
 			delete it.second;
 	}
 
@@ -567,7 +633,7 @@ namespace client
 	void BOBCommandChannel::Stop ()
 	{
 		m_IsRunning = false;
-		for (auto it: m_Destinations)
+		for (auto& it: m_Destinations)
 			it.second->Stop ();
 		m_Acceptor.cancel ();	
 		m_Service.stop ();

BOB.h

@@ -36,6 +36,7 @@ namespace client
 	const char BOB_COMMAND_CLEAR[] = "clear";
 	const char BOB_COMMAND_LIST[] = "list";
 	const char BOB_COMMAND_OPTION[] = "option";
+	const char BOB_COMMAND_STATUS[] = "status";	
 	
 	const char BOB_VERSION[] = "BOB 00.00.10\nOK\n";	
 	const char BOB_REPLY_OK[] = "OK %s\n";
@@ -168,6 +169,7 @@ namespace client
 			void ClearCommandHandler (const char * operand, size_t len);
 			void ListCommandHandler (const char * operand, size_t len);
 			void OptionCommandHandler (const char * operand, size_t len);
+			void StatusCommandHandler (const char * operand, size_t len);
 			
 		private:
 
@@ -186,7 +188,7 @@ namespace client
 			boost::asio::ip::tcp::socket m_Socket;
 			char m_ReceiveBuffer[BOB_COMMAND_BUFFER_SIZE + 1], m_SendBuffer[BOB_COMMAND_BUFFER_SIZE + 1];
 			size_t m_ReceiveBufferOffset;
-			bool m_IsOpen, m_IsQuiet;
+			bool m_IsOpen, m_IsQuiet, m_IsActive;
 			std::string m_Nickname, m_Address;
 			int m_InPort, m_OutPort;
 			i2p::data::PrivateKeys m_Keys;

Base.cpp

@@ -1,11 +1,24 @@
 #include <stdlib.h>
-#include "Log.h"
+#include <string.h>
+
 #include "Base.h"
 
 namespace i2p
 {
 namespace data
 {
+	static const char T32[32] = {
+		'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
+		'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p',
+		'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
+		'y', 'z', '2', '3', '4', '5', '6', '7',
+	};
+
+	const char * GetBase32SubstitutionTable ()
+	{
+		return T32;
+	}
+
 	static void iT64Build(void);
 
 	/*
@@ -16,7 +29,7 @@ namespace data
 	* Direct Substitution Table
 	*/
 
-	static char T64[64] = { 
+	static const char T64[64] = {
 		       'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
 		       'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
 		       'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
@@ -190,6 +203,13 @@ namespace data
 		return outCount;
 	}
 
+	size_t Base64EncodingBufferSize (const size_t input_size) 
+	{
+		auto d = div (input_size, 3);
+		if (d.rem) d.quot++;
+		return 4*d.quot;
+	}
+	
 	/*
 	*
 	* iT64
@@ -265,69 +285,6 @@ namespace data
 		}
 		return ret;
 	}
-
-	GzipInflator::GzipInflator (): m_IsDirty (false)
-	{
-		memset (&m_Inflator, 0, sizeof (m_Inflator));
-		inflateInit2 (&m_Inflator, MAX_WBITS + 16); // gzip
-	}
-	
-	GzipInflator::~GzipInflator ()
-	{
-		inflateEnd (&m_Inflator);
-	}	
-
-	size_t GzipInflator::Inflate (const uint8_t * in, size_t inLen, uint8_t * out, size_t outLen)
-	{
-		if (m_IsDirty) inflateReset (&m_Inflator);
-		m_IsDirty = true;
-		m_Inflator.next_in = const_cast<uint8_t *>(in);
-		m_Inflator.avail_in = inLen;
-		m_Inflator.next_out = out;
-		m_Inflator.avail_out = outLen;
-		int err;
-		if ((err = inflate (&m_Inflator, Z_NO_FLUSH)) == Z_STREAM_END)
-			return outLen - m_Inflator.avail_out;	
-		else
-		{
-			LogPrint (eLogError, "Decompression error ", err);
-			return 0;
-		}	
-	}	
-
-	GzipDeflator::GzipDeflator (): m_IsDirty (false)
-	{
-		memset (&m_Deflator, 0, sizeof (m_Deflator));
-		deflateInit2 (&m_Deflator, Z_DEFAULT_COMPRESSION, Z_DEFLATED, 15 + 16, 8, Z_DEFAULT_STRATEGY); // 15 + 16 sets gzip
-	}
-	
-	GzipDeflator::~GzipDeflator ()
-	{
-		deflateEnd (&m_Deflator);
-	}	
-
-	void GzipDeflator::SetCompressionLevel (int level)
-	{
-		deflateParams (&m_Deflator, level, Z_DEFAULT_STRATEGY);
-	}	
-	
-	size_t GzipDeflator::Deflate (const uint8_t * in, size_t inLen, uint8_t * out, size_t outLen)
-	{
-		if (m_IsDirty) deflateReset (&m_Deflator);
-		m_IsDirty = true;
-		m_Deflator.next_in = const_cast<uint8_t *>(in);
-		m_Deflator.avail_in = inLen;
-		m_Deflator.next_out = out;
-		m_Deflator.avail_out = outLen;
-		int err;
-		if ((err = deflate (&m_Deflator, Z_FINISH)) == Z_STREAM_END) 
-			return outLen - m_Deflator.avail_out;	
-		else
-		{
-			LogPrint (eLogError, "Compression error ", err);
-			return 0;
-		}	
-	}	
 }
 }
 

Base.h

@@ -2,122 +2,24 @@
 #define BASE_H__
 
 #include <inttypes.h>
-#include <string.h>
 #include <string>
-#include <zlib.h>
+#include <iostream>
 
-namespace i2p
-{
-namespace data
-{
+namespace i2p {
+namespace data {
 	size_t ByteStreamToBase64 (const uint8_t * InBuffer, size_t InCount, char * OutBuffer, size_t len);
 	size_t Base64ToByteStream (const char * InBuffer, size_t InCount, uint8_t * OutBuffer, size_t len );
+	const char * GetBase32SubstitutionTable ();
 	const char * GetBase64SubstitutionTable ();	
 	
 	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen);
 	size_t ByteStreamToBase32 (const uint8_t * InBuf, size_t len, char * outBuf, size_t outLen);
 
-	template<int sz>
-	class Tag
-	{
-		public:
-
-			Tag (const uint8_t * buf) { memcpy (m_Buf, buf, sz); };
-			Tag (const Tag<sz>& ) = default;
-#ifndef _WIN32 // FIXME!!! msvs 2013 can't compile it
-			Tag (Tag<sz>&& ) = default;
-#endif
-			Tag () = default;
-			
-			Tag<sz>& operator= (const Tag<sz>& ) = default;
-#ifndef _WIN32
-			Tag<sz>& operator= (Tag<sz>&& ) = default;
-#endif
-			
-			uint8_t * operator()() { return m_Buf; };
-			const uint8_t * operator()() const { return m_Buf; };
-
-			operator uint8_t * () { return m_Buf; };
-			operator const uint8_t * () const { return m_Buf; };
-			
-			const uint64_t * GetLL () const { return ll; };
-
-			bool operator== (const Tag<sz>& other) const { return !memcmp (m_Buf, other.m_Buf, sz); };
-			bool operator< (const Tag<sz>& other) const { return memcmp (m_Buf, other.m_Buf, sz) < 0; };
-
-			bool IsZero () const
-			{
-				for (int i = 0; i < sz/8; i++)
-					if (ll[i]) return false;
-				return true;
-			}
-			
-			std::string ToBase64 () const
-			{
-				char str[sz*2];
-				int l = i2p::data::ByteStreamToBase64 (m_Buf, sz, str, sz*2);
-				str[l] = 0;
-				return std::string (str);
-			}
-
-			std::string ToBase32 () const
-			{
-				char str[sz*2];
-				int l = i2p::data::ByteStreamToBase32 (m_Buf, sz, str, sz*2);
-				str[l] = 0;
-				return std::string (str);
-			}	
-
-			void FromBase32 (const std::string& s)
-			{
-				i2p::data::Base32ToByteStream (s.c_str (), s.length (), m_Buf, sz);
-			}
-
-			void FromBase64 (const std::string& s)
-			{
-				i2p::data::Base64ToByteStream (s.c_str (), s.length (), m_Buf, sz);
-			}
-
-		private:
-
-			union // 8 bytes alignment
-			{	
-				uint8_t m_Buf[sz];
-				uint64_t ll[sz/8];
-			};		
-	};
-
-	class GzipInflator
-	{
-		public:
-
-			GzipInflator ();
-			~GzipInflator ();
-
-			size_t Inflate (const uint8_t * in, size_t inLen, uint8_t * out, size_t outLen);
-			
-		private:
-
-			z_stream m_Inflator;
-			bool m_IsDirty;
-	};
-
-	class GzipDeflator
-	{
-		public:
-
-			GzipDeflator ();
-			~GzipDeflator ();
-
-			void SetCompressionLevel (int level);
-			size_t Deflate (const uint8_t * in, size_t inLen, uint8_t * out, size_t outLen);
-			
-		private:
-
-			z_stream m_Deflator;
-			bool m_IsDirty;
-	};
-}
-}
+  /**
+     Compute the size for a buffer to contain encoded base64 given that the size of the input is input_size bytes
+   */
+  size_t Base64EncodingBufferSize(const size_t input_size);
+} // data
+} // i2p
 
 #endif

ChangeLog

@@ -0,0 +1,95 @@
+# for this file format description,
+# see https://github.com/olivierlacan/keep-a-changelog
+
+## [2.9.0] - UNRELEASED
+### Changed
+- Proxy refactoring & speedup
+
+## [2.8.0] - 2016-06-20
+### Added
+- Basic Android support
+- I2CP implementation
+- 'doxygen' target
+
+### Changed
+- I2PControl refactoring & fixes (proper jsonrpc responses on errors)
+- boost::regex no more needed
+
+### Fixed
+- initscripts: added openrc one, in sysv-ish make I2PD_PORT optional
+- properly close NTCP sessions (memleak)
+
+## [2.7.0] - 2016-05-18
+### Added
+- Precomputed El-Gamal/DH tables
+- Configurable limit of transit tunnels
+
+### Changed
+- Speed-up of assymetric crypto for non-x64 platforms
+- Refactoring of web-console
+
+## [2.6.0] - 2016-03-31
+### Added
+- Gracefull shutdown on SIGINT
+- Numeric bandwidth limits (was: by router class)
+- Jumpservices in web-console
+- Logging to syslog
+- Tray icon for windows application
+
+### Changed
+- Logs refactoring
+- Improved statistics in web-console
+
+### Deprecated:
+- Renamed main/tunnels config files (will use old, if found, but emits warning)
+
+## [2.5.1] - 2016-03-10
+### Fixed
+- Doesn't create ~/.i2pd dir if missing
+
+## [2.5.0] - 2016-03-04
+### Added
+- IRC server tunnels
+- SOCKS outproxy support
+- Support for gzipped addressbook updates
+- Support for router families
+
+### Changed
+- Shared RTT/RTO between streams
+- Filesystem work refactoring
+
+## [2.4.0] - 2016-02-03
+### Added
+- X-I2P-* headers for server http-tunnels
+- I2CP options for I2P tunnels
+- Show I2P tunnels in webconsole
+
+### Changed
+- Refactoring of cmdline/config parsing
+
+## [2.3.0] - 2016-01-12
+### Added
+- Support for new router bandwidth class codes (P and X)
+- I2PControl supports external webui
+- Added --pidfile and --notransit parameters
+- Ability to specify signature type for i2p tunnel
+
+### Changed
+- Fixed multiple floodfill-related bugs
+- New webconsole layout
+
+## [2.2.0] - 2015-12-22
+### Added
+- Ability to connect to router without ip via introducer
+
+### Changed
+- Persist temporary encryption keys for local destinations
+- Performance improvements for EdDSA
+- New addressbook structure
+
+## [2.1.0] - 2015-11-12
+### Added
+- Implementation of EdDSA
+
+### Changed
+- EdDSA is default signature type for new RouterInfos

ClientContext.cpp

@@ -3,9 +3,10 @@
 #include <boost/property_tree/ptree.hpp>
 #include <boost/property_tree/ini_parser.hpp>
 #include "Config.h"
-#include "util.h"
+#include "FS.h"
 #include "Log.h"
 #include "Identity.h"
+#include "util.h"
 #include "ClientContext.h"
 
 namespace i2p
@@ -16,7 +17,7 @@ namespace client
 
 	ClientContext::ClientContext (): m_SharedLocalDestination (nullptr),
 		m_HttpProxy (nullptr), m_SocksProxy (nullptr), m_SamBridge (nullptr), 
-		m_BOBCommandChannel (nullptr)
+		m_BOBCommandChannel (nullptr), m_I2CPServer (nullptr)
 	{
 	}
 	
@@ -26,6 +27,7 @@ namespace client
 		delete m_SocksProxy;
 		delete m_SamBridge;
 		delete m_BOBCommandChannel;
+		delete m_I2CPServer;
 	}
 	
 	void ClientContext::Start ()
@@ -37,6 +39,8 @@ namespace client
 			m_SharedLocalDestination->Start ();
 		}
 
+		m_AddressBook.Start ();	
+		
 		std::shared_ptr<ClientDestination> localDestination;	
 		bool httproxy; i2p::config::GetOption("httpproxy.enabled", httproxy);
 		if (httproxy) {
@@ -50,8 +54,12 @@ namespace client
 				LoadPrivateKeys (keys, httpProxyKeys);
 				localDestination = CreateNewLocalDestination (keys, false);
 			}
-			m_HttpProxy = new i2p::proxy::HTTPProxy(httpProxyAddr, httpProxyPort, localDestination);
-			m_HttpProxy->Start();
+			try {
+			  m_HttpProxy = new i2p::proxy::HTTPProxy(httpProxyAddr, httpProxyPort, localDestination);
+			  m_HttpProxy->Start();
+			} catch (std::exception& e) {
+			  LogPrint(eLogError, "Clients: Exception in HTTP Proxy: ", e.what());
+			}
 		}
 
 		bool socksproxy; i2p::config::GetOption("socksproxy.enabled", socksproxy);
@@ -68,8 +76,12 @@ namespace client
 				LoadPrivateKeys (keys, socksProxyKeys);
 				localDestination = CreateNewLocalDestination (keys, false);
 			}
-			m_SocksProxy = new i2p::proxy::SOCKSProxy(socksProxyAddr, socksProxyPort, socksOutProxyAddr, socksOutProxyPort, localDestination);
-			m_SocksProxy->Start();
+			try {
+			  m_SocksProxy = new i2p::proxy::SOCKSProxy(socksProxyAddr, socksProxyPort, socksOutProxyAddr, socksOutProxyPort, localDestination);
+			  m_SocksProxy->Start();
+			} catch (std::exception& e) {
+			  LogPrint(eLogError, "Clients: Exception in SOCKS Proxy: ", e.what());
+			}
 		}
 	
 		// I2P tunnels
@@ -81,8 +93,12 @@ namespace client
 			std::string samAddr; i2p::config::GetOption("sam.address", samAddr);
 			uint16_t    samPort; i2p::config::GetOption("sam.port",    samPort);
 			LogPrint(eLogInfo, "Clients: starting SAM bridge at ", samAddr, ":", samPort);
-			m_SamBridge = new SAMBridge (samAddr, samPort);
-			m_SamBridge->Start ();
+			try {
+			  m_SamBridge = new SAMBridge (samAddr, samPort);
+			  m_SamBridge->Start ();
+			} catch (std::exception& e) {
+			  LogPrint(eLogError, "Clients: Exception in SAM bridge: ", e.what());
+			}
 		} 
 
 		// BOB
@@ -91,23 +107,47 @@ namespace client
 			std::string bobAddr; i2p::config::GetOption("bob.address", bobAddr);
 			uint16_t    bobPort; i2p::config::GetOption("bob.port",    bobPort);
 			LogPrint(eLogInfo, "Clients: starting BOB command channel at ", bobAddr, ":", bobPort);
-			m_BOBCommandChannel = new BOBCommandChannel (bobAddr, bobPort);
-			m_BOBCommandChannel->Start ();
+			try {
+			  m_BOBCommandChannel = new BOBCommandChannel (bobAddr, bobPort);
+			  m_BOBCommandChannel->Start ();
+			} catch (std::exception& e) {
+			  LogPrint(eLogError, "Clients: Exception in BOB bridge: ", e.what());
+			}
 		} 
 
-		m_AddressBook.Start ();
+		// I2CP
+		bool i2cp; i2p::config::GetOption("i2cp.enabled", i2cp);
+		if (i2cp) 
+		{
+			std::string i2cpAddr; i2p::config::GetOption("i2cp.address", i2cpAddr);
+			uint16_t i2cpPort; i2p::config::GetOption("i2cp.port", i2cpPort);
+			LogPrint(eLogInfo, "Clients: starting I2CP at ", i2cpAddr, ":", i2cpPort);
+			try 
+			{
+				m_I2CPServer = new I2CPServer (i2cpAddr, i2cpPort);
+			  	m_I2CPServer->Start ();
+			} 
+			catch (std::exception& e) 
+			{
+				LogPrint(eLogError, "Clients: Exception in I2CP: ", e.what());
+			}
+		} 
+
+		m_AddressBook.StartResolvers ();	
 	}
 		
 	void ClientContext::Stop ()
 	{
-		if (m_HttpProxy) {
+		if (m_HttpProxy)
+		{
 			LogPrint(eLogInfo, "Clients: stopping HTTP Proxy");
 			m_HttpProxy->Stop();
 			delete m_HttpProxy;
 			m_HttpProxy = nullptr;
 		}
 
-		if (m_SocksProxy) {
+		if (m_SocksProxy)
+		{
 			LogPrint(eLogInfo, "Clients: stopping SOCKS Proxy");
 			m_SocksProxy->Stop();
 			delete m_SocksProxy;
@@ -144,18 +184,31 @@ namespace client
 			m_BOBCommandChannel = nullptr;
 		}
 
+		if (m_I2CPServer)
+		{
+			LogPrint(eLogInfo, "Clients: stopping I2CP");
+			m_I2CPServer->Stop ();
+			delete m_I2CPServer; 
+			m_I2CPServer = nullptr;
+		}
+
 		LogPrint(eLogInfo, "Clients: stopping AddressBook");
 		m_AddressBook.Stop ();		
-		for (auto it: m_Destinations)
+		for (auto& it: m_Destinations)
 			it.second->Stop ();
 		m_Destinations.clear ();
 		m_SharedLocalDestination = nullptr; 
 	}	
-	
-	void ClientContext::LoadPrivateKeys (i2p::data::PrivateKeys& keys, const std::string& filename,  i2p::data::SigningKeyType sigType)
+
+	void ClientContext::ReloadConfig ()
 	{
-		std::string fullPath = i2p::util::filesystem::GetFullPath (filename);
-		std::ifstream s(fullPath.c_str (), std::ifstream::binary);
+		ReadTunnels (); // TODO: it reads new tunnels only, should be implemented better
+	}
+	
+	void ClientContext::LoadPrivateKeys (i2p::data::PrivateKeys& keys, const std::string& filename, i2p::data::SigningKeyType sigType)
+	{
+		std::string fullPath = i2p::fs::DataDirPath (filename);
+		std::ifstream s(fullPath, std::ifstream::binary);
 		if (s.is_open ())	
 		{	
 			s.seekg (0, std::ios::end);
@@ -240,7 +293,7 @@ namespace client
 	template<typename Section, typename Type>
 	std::string ClientContext::GetI2CPOption (const Section& section, const std::string& name, const Type& value) const
 	{
-		return section.second.get (boost::property_tree::ptree::path_type (name, '/'), std::to_string (value));
+        return section.second.get (boost::property_tree::ptree::path_type (name, '/'), std::to_string (value));
 	}	
 
 	template<typename Section>
@@ -256,14 +309,24 @@ namespace client
 	void ClientContext::ReadTunnels ()
 	{
 		boost::property_tree::ptree pt;
-		std::string pathTunnelsConfigFile = i2p::util::filesystem::GetTunnelsConfigFile().string();
-		try
-		{
-			boost::property_tree::read_ini (pathTunnelsConfigFile, pt);
+		std::string tunConf; i2p::config::GetOption("tunconf", tunConf);
+		if (tunConf == "") {
+			// TODO: cleanup this in 2.8.0
+			tunConf = i2p::fs::DataDirPath ("tunnels.cfg");
+			if (i2p::fs::Exists(tunConf)) {
+				LogPrint(eLogWarning, "FS: please rename tunnels.cfg -> tunnels.conf here: ", tunConf);
+			} else {
+				tunConf = i2p::fs::DataDirPath ("tunnels.conf");
+			}
 		}
-		catch (std::exception& ex)
+		LogPrint(eLogDebug, "FS: tunnels config file: ", tunConf);
+		try 
 		{
-			LogPrint (eLogWarning, "Clients: Can't read ", pathTunnelsConfigFile, ": ", ex.what ());
+			boost::property_tree::read_ini (tunConf, pt);
+		} 
+		catch (std::exception& ex) 
+		{
+			LogPrint (eLogWarning, "Clients: Can't read ", tunConf, ": ", ex.what ());
 			return;
 		}
 			
@@ -298,13 +361,16 @@ namespace client
 							localDestination = CreateNewLocalDestination (k, false, &options);
 					}
 					auto clientTunnel = new I2PClientTunnel (name, dest, address, port, localDestination, destinationPort);
-					if (m_ClientTunnels.insert (std::make_pair (port, std::unique_ptr<I2PClientTunnel>(clientTunnel))).second)
+					if (m_ClientTunnels.insert (std::make_pair (clientTunnel->GetAcceptor ().local_endpoint (), 
+						std::unique_ptr<I2PClientTunnel>(clientTunnel))).second)
+					{
 						clientTunnel->Start ();
+						numClientTunnels++;
+					}
 					else
-						LogPrint (eLogError, "Clients: I2P client tunnel with port ", port, " already exists");
-					numClientTunnels++;
+						LogPrint (eLogError, "Clients: I2P client tunnel for endpoint ", clientTunnel->GetAcceptor ().local_endpoint (), " already exists");
 				}
-				else if (type == I2P_TUNNELS_SECTION_TYPE_SERVER || type == I2P_TUNNELS_SECTION_TYPE_HTTP)
+				else if (type == I2P_TUNNELS_SECTION_TYPE_SERVER || type == I2P_TUNNELS_SECTION_TYPE_HTTP || type == I2P_TUNNELS_SECTION_TYPE_IRC)
 				{	
 					// mandatory params
 					std::string host = section.second.get<std::string> (I2P_SERVER_TUNNEL_HOST);
@@ -312,7 +378,10 @@ namespace client
 					std::string keys = section.second.get<std::string> (I2P_SERVER_TUNNEL_KEYS);
 					// optional params
 					int inPort = section.second.get (I2P_SERVER_TUNNEL_INPORT, 0);
-					std::string accessList = section.second.get (I2P_SERVER_TUNNEL_ACCESS_LIST, "");					
+					std::string accessList = section.second.get (I2P_SERVER_TUNNEL_ACCESS_LIST, "");
+					std::string hostOverride = section.second.get (I2P_SERVER_TUNNEL_HOST_OVERRIDE, "");
+					std::string webircpass = section.second.get<std::string> (I2P_SERVER_TUNNEL_WEBIRC_PASSWORD, "");
+					bool gzip = section.second.get (I2P_SERVER_TUNNEL_GZIP, true);
 					i2p::data::SigningKeyType sigType = section.second.get (I2P_SERVER_TUNNEL_SIGNATURE_TYPE, i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
 					// I2CP
 					std::map<std::string, std::string> options;							 
@@ -324,9 +393,15 @@ namespace client
 					localDestination = FindLocalDestination (k.GetPublic ()->GetIdentHash ());
 					if (!localDestination)		
 						localDestination = CreateNewLocalDestination (k, true, &options);
-					I2PServerTunnel * serverTunnel = (type == I2P_TUNNELS_SECTION_TYPE_HTTP) ? 
-						new I2PServerTunnelHTTP (name, host, port, localDestination, inPort) : 
-						new I2PServerTunnel (name, host, port, localDestination, inPort);
+
+					I2PServerTunnel * serverTunnel;
+					if (type == I2P_TUNNELS_SECTION_TYPE_HTTP)
+                    	serverTunnel = new I2PServerTunnelHTTP (name, host, port, localDestination, hostOverride, inPort, gzip);
+               		else if (type == I2P_TUNNELS_SECTION_TYPE_IRC)
+                    	serverTunnel = new I2PServerTunnelIRC (name, host, port, localDestination, webircpass, inPort, gzip);
+					else // regular server tunnel by default
+                   		serverTunnel = new I2PServerTunnel (name, host, port, localDestination, inPort, gzip);
+
 					if (accessList.length () > 0)
 					{
 						std::set<i2p::data::IdentHash> idents;
@@ -343,15 +418,18 @@ namespace client
 						serverTunnel->SetAccessList (idents);
 					}
 					if (m_ServerTunnels.insert (std::make_pair (
-							std::make_tuple (localDestination->GetIdentHash (), inPort), 
+							std::make_pair (localDestination->GetIdentHash (), inPort), 
 					        std::unique_ptr<I2PServerTunnel>(serverTunnel))).second)
+					{
 						serverTunnel->Start ();
+						numServerTunnels++;
+					}
 					else
-						LogPrint (eLogError, "Clients: I2P server tunnel for destination ",   m_AddressBook.ToAddress(localDestination->GetIdentHash ()), " already exists");
-					numServerTunnels++;
+						LogPrint (eLogError, "Clients: I2P server tunnel for destination/port ",   m_AddressBook.ToAddress(localDestination->GetIdentHash ()), "/", inPort, " already exists");
+						
 				}
 				else
-					LogPrint (eLogWarning, "Clients: Unknown section type=", type, " of ", name, " in ", pathTunnelsConfigFile);
+					LogPrint (eLogWarning, "Clients: Unknown section type=", type, " of ", name, " in ", tunConf);
 				
 			}
 			catch (std::exception& ex)

ClientContext.h

@@ -2,15 +2,17 @@
 #define CLIENT_CONTEXT_H__
 
 #include <map>
-#include <tuple>
 #include <mutex>
 #include <memory>
+#include <boost/asio.hpp>
 #include "Destination.h"
+#include "I2PService.h"
 #include "HTTPProxy.h"
 #include "SOCKS.h"
 #include "I2PTunnel.h"
 #include "SAM.h"
 #include "BOB.h"
+#include "I2CP.h"
 #include "AddressBook.h"
 
 namespace i2p
@@ -21,6 +23,7 @@ namespace client
 	const char I2P_TUNNELS_SECTION_TYPE_CLIENT[] = "client";
 	const char I2P_TUNNELS_SECTION_TYPE_SERVER[] = "server";
 	const char I2P_TUNNELS_SECTION_TYPE_HTTP[] = "http";
+	const char I2P_TUNNELS_SECTION_TYPE_IRC[] = "irc";
 	const char I2P_CLIENT_TUNNEL_PORT[] = "port";
 	const char I2P_CLIENT_TUNNEL_ADDRESS[] = "address";
 	const char I2P_CLIENT_TUNNEL_DESTINATION[] = "destination";
@@ -28,11 +31,14 @@ namespace client
 	const char I2P_CLIENT_TUNNEL_SIGNATURE_TYPE[] = "signaturetype";
 	const char I2P_CLIENT_TUNNEL_DESTINATION_PORT[] = "destinationport";	
 	const char I2P_SERVER_TUNNEL_HOST[] = "host";	
+	const char I2P_SERVER_TUNNEL_HOST_OVERRIDE[] = "hostoverride";	
 	const char I2P_SERVER_TUNNEL_PORT[] = "port";
 	const char I2P_SERVER_TUNNEL_KEYS[] = "keys";
 	const char I2P_SERVER_TUNNEL_SIGNATURE_TYPE[] = "signaturetype";
 	const char I2P_SERVER_TUNNEL_INPORT[] = "inport";
 	const char I2P_SERVER_TUNNEL_ACCESS_LIST[] = "accesslist";		
+	const char I2P_SERVER_TUNNEL_GZIP[] = "gzip";
+	const char I2P_SERVER_TUNNEL_WEBIRC_PASSWORD[] = "webircpassword";
 
 	class ClientContext
 	{
@@ -44,6 +50,8 @@ namespace client
 			void Start ();
 			void Stop ();
 
+			void ReloadConfig ();
+
 			std::shared_ptr<ClientDestination> GetSharedLocalDestination () const { return m_SharedLocalDestination; };
 			std::shared_ptr<ClientDestination> CreateNewLocalDestination (bool isPublic = false, i2p::data::SigningKeyType sigType = i2p::data::SIGNING_KEY_TYPE_DSA_SHA1,
 			    const std::map<std::string, std::string> * params = nullptr); // transient
@@ -74,10 +82,11 @@ namespace client
 
 			i2p::proxy::HTTPProxy * m_HttpProxy;
 			i2p::proxy::SOCKSProxy * m_SocksProxy;
-			std::map<int, std::unique_ptr<I2PClientTunnel> > m_ClientTunnels; // port->tunnel
-			std::map<std::tuple<i2p::data::IdentHash, int>, std::unique_ptr<I2PServerTunnel> > m_ServerTunnels; // <destination,port>->tunnel
+			std::map<boost::asio::ip::tcp::endpoint, std::unique_ptr<I2PClientTunnel> > m_ClientTunnels; // local endpoint->tunnel
+			std::map<std::pair<i2p::data::IdentHash, int>, std::unique_ptr<I2PServerTunnel> > m_ServerTunnels; // <destination,port>->tunnel
 			SAMBridge * m_SamBridge;
 			BOBCommandChannel * m_BOBCommandChannel;
+			I2CPServer * m_I2CPServer;
 
 		public:
 			// for HTTP

Config.cpp

@@ -26,111 +26,56 @@ namespace config {
   options_description m_OptionsDesc;
   variables_map       m_Options;
 
-  /* list of renamed options */
-  std::map<std::string, std::string> remapped_options = {
-    { "tunnelscfg",          "tunconf" },
-    { "v6",                  "ipv6" },
-    { "httpaddress",         "http.address" },
-    { "httpport",            "http.port"    },
-    { "httpproxyaddress",    "httpproxy.address"  },
-    { "httpproxyport",       "httpproxy.port"     },
-    { "socksproxyaddress",   "socksproxy.address" },
-    { "socksproxyport",      "socksproxy.port"    },
-    { "samaddress",          "sam.address" },
-    { "samport",             "sam.port"    },
-    { "bobaddress",          "bob.address" },
-    { "bobport",             "bob.port"    },
-    { "i2pcontroladdress",   "i2pcontrol.address" },
-    { "i2pcontroladdress",   "i2pcontrol.port"    },
-    { "proxykeys",           "httpproxy.keys" },
-  };
-  /* list of options, that loose their argument and become simple switch */
-  std::set<std::string> boolean_options = {
-    "daemon", "floodfill", "notransit", "service", "ipv6"
-  };
-
-  /* this function is a solid piece of shit, remove it after 2.6.0 */
-  std::pair<std::string, std::string> old_syntax_parser(const std::string& s) {
-    std::string name  = "";
-    std::string value = "";
-    std::size_t pos = 0;
-    /* shortcuts -- -h */
-    if (s.length() == 2 && s.at(0) == '-' && s.at(1) != '-')
-      return make_pair(s.substr(1), "");
-    /* old-style -- -log, /log, etc */
-    if (s.at(0) == '/' || (s.at(0) == '-' && s.at(1) != '-')) {
-      if ((pos = s.find_first_of("= ")) != std::string::npos) {
-        name  = s.substr(1, pos - 1);
-        value = s.substr(pos + 1);
-      } else {
-        name  = s.substr(1, pos);
-        value = "";
-      }
-      if (boolean_options.count(name) > 0 && value != "")
-        std::cerr << "args: don't give an argument to switch option: " << s << std::endl;
-      if (m_OptionsDesc.find_nothrow(name, false)) {
-        std::cerr << "args: option " << s << " style is DEPRECATED, use --" << name << " instead" << std::endl;
-        return std::make_pair(name, value);
-      }
-      if (remapped_options.count(name) > 0) {
-        name = remapped_options[name];
-        std::cerr << "args: option " << s << " is DEPRECATED, use --" << name << " instead" << std::endl;
-        return std::make_pair(name, value);
-      } /* else */
-    }
-    /* long options -- --help */
-    if (s.substr(0, 2) == "--") {
-      if ((pos = s.find_first_of("= ")) != std::string::npos) {
-        name  = s.substr(2, pos - 2);
-        value = s.substr(pos + 1);
-      } else {
-        name  = s.substr(2, pos);
-        value = "";
-      }
-      if (boolean_options.count(name) > 0 && value != "") {
-        std::cerr << "args: don't give an argument to switch option: " << s << std::endl;
-        value = "";
-      }
-      if (m_OptionsDesc.find_nothrow(name, false))
-        return std::make_pair(name, value);
-      if (remapped_options.count(name) > 0) {
-        name = remapped_options[name];
-        std::cerr << "args: option " << s << " is DEPRECATED, use --" << name << " instead" << std::endl;
-        return std::make_pair(name, value);
-      } /* else */
-    }
-    std::cerr << "args: unknown option -- " << s << std::endl;
-    return std::make_pair("", "");
-  }
-
   void Init() {
+    bool nat = true;
+#ifdef MESHNET
+    nat = false;
+#endif
+
     options_description general("General options");
     general.add_options()
       ("help",     "Show this message")
-      ("conf",      value<std::string>()->default_value(""),     "Path to main i2pd config file (default: try ~/.i2pd/i2p.conf or /var/lib/i2pd/i2p.conf)")
-      ("tunconf",   value<std::string>()->default_value(""),     "Path to config with tunnels list and options (default: try ~/.i2pd/tunnels.cfg or /var/lib/i2pd/tunnels.cfg)")
+      ("conf",      value<std::string>()->default_value(""),     "Path to main i2pd config file (default: try ~/.i2pd/i2pd.conf or /var/lib/i2pd/i2pd.conf)")
+      ("tunconf",   value<std::string>()->default_value(""),     "Path to config with tunnels list and options (default: try ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf)")
       ("pidfile",   value<std::string>()->default_value(""),     "Path to pidfile (default: ~/i2pd/i2pd.pid or /var/lib/i2pd/i2pd.pid)")
-      ("log",       value<std::string>()->default_value(""),     "Logs destination: stdout, file (stdout if not set, file - otherwise, for compatibility)")
+      ("log",       value<std::string>()->default_value(""),     "Logs destination: stdout, file, syslog (stdout if not set)")
       ("logfile",   value<std::string>()->default_value(""),     "Path to logfile (stdout if not set, autodetect if daemon)")
       ("loglevel",  value<std::string>()->default_value("info"), "Set the minimal level of log messages (debug, info, warn, error)")
+	  ("family",    value<std::string>()->default_value(""),     "Specify a family, router belongs to")
+	  ("datadir",   value<std::string>()->default_value(""),     "Path to storage of i2pd data (RI, keys, peer profiles, ...)")
       ("host",      value<std::string>()->default_value("0.0.0.0"),     "External IP")
+      ("ifname",    value<std::string>()->default_value(""), "network interface to bind to")
+      ("nat",       value<bool>()->zero_tokens()->default_value(nat), "should we assume we are behind NAT?")
       ("port",      value<uint16_t>()->default_value(0),                "Port to listen for incoming connections (default: auto)")
+      ("ipv4",      value<bool>()->zero_tokens()->default_value(true),  "Enable communication through ipv4")
       ("ipv6",      value<bool>()->zero_tokens()->default_value(false), "Enable communication through ipv6")
       ("daemon",    value<bool>()->zero_tokens()->default_value(false), "Router will go to background after start")
       ("service",   value<bool>()->zero_tokens()->default_value(false), "Router will use system folders like '/var/lib/i2pd'")
       ("notransit", value<bool>()->zero_tokens()->default_value(false), "Router will not accept transit tunnels at startup")
       ("floodfill", value<bool>()->zero_tokens()->default_value(false), "Router will be floodfill")
-      ("bandwidth", value<char>()->default_value('-'), "Bandwidth limiting: L - 32kbps, O - 256Kbps, P - unlimited")
+      ("bandwidth", value<std::string>()->default_value(""), "Bandwidth limit: integer in kbps or letters: L (32), O (256), P (2048), X (>9000)")
+      ("ntcp", value<bool>()->zero_tokens()->default_value(true), "enable ntcp transport")
+      ("ssu", value<bool>()->zero_tokens()->default_value(true), "enable ssu transport")
 #ifdef _WIN32
       ("svcctl",    value<std::string>()->default_value(""),     "Windows service management ('install' or 'remove')")
+      ("insomnia", value<bool>()->zero_tokens()->default_value(false), "Prevent system from sleeping")
+      ("close", value<std::string>()->default_value("ask"), "Action on close: minimize, exit, ask") // TODO: add custom validator or something
 #endif
       ;
 
+    options_description limits("Limits options");
+    limits.add_options()
+      ("limits.transittunnels",   value<uint16_t>()->default_value(2500), "Maximum active transit sessions (default:2500)")
+      ;
+
     options_description httpserver("HTTP Server options");
     httpserver.add_options()
       ("http.enabled",        value<bool>()->default_value(true),               "Enable or disable webconsole")
       ("http.address",        value<std::string>()->default_value("127.0.0.1"), "Webconsole listen address")
       ("http.port",           value<uint16_t>()->default_value(7070),           "Webconsole listen port")
+      ("http.auth",           value<bool>()->default_value(false),              "Enable Basic HTTP auth for webconsole")
+      ("http.user",           value<std::string>()->default_value("i2pd"),      "Username for basic auth")
+      ("http.pass",           value<std::string>()->default_value(""),          "Password for basic auth (default: random, see logs)")
       ;
 
     options_description httpproxy("HTTP Proxy options");
@@ -138,7 +83,7 @@ namespace config {
       ("httpproxy.enabled",   value<bool>()->default_value(true),                         "Enable or disable HTTP Proxy")
       ("httpproxy.address",   value<std::string>()->default_value("127.0.0.1"),           "HTTP Proxy listen address")
       ("httpproxy.port",      value<uint16_t>()->default_value(4444),                     "HTTP Proxy listen port")
-      ("httpproxy.keys",      value<std::string>()->default_value("httpproxy-keys.dat"),  "HTTP Proxy encryption keys")
+      ("httpproxy.keys",      value<std::string>()->default_value(""),  "File to persist HTTP Proxy keys")
       ;
 
     options_description socksproxy("SOCKS Proxy options");
@@ -146,7 +91,9 @@ namespace config {
       ("socksproxy.enabled",  value<bool>()->default_value(true),                         "Enable or disable SOCKS Proxy")
       ("socksproxy.address",  value<std::string>()->default_value("127.0.0.1"),           "SOCKS Proxy listen address")
       ("socksproxy.port",     value<uint16_t>()->default_value(4447),                     "SOCKS Proxy listen port")
-      ("socksproxy.keys",     value<std::string>()->default_value("socksproxy-keys.dat"), "SOCKS Proxy encryption keys")
+      ("socksproxy.keys",     value<std::string>()->default_value(""), "File to persist SOCKS Proxy keys")
+      ("socksproxy.outproxy", value<std::string>()->default_value("127.0.0.1"), "Upstream outproxy address for SOCKS Proxy")
+      ("socksproxy.outproxyport", value<uint16_t>()->default_value(9050), "Upstream outproxy port for SOCKS Proxy")
       ;
 
     options_description sam("SAM bridge options");
@@ -163,6 +110,13 @@ namespace config {
       ("bob.port",            value<uint16_t>()->default_value(2827),                     "BOB listen port")
       ;
 
+	options_description i2cp("I2CP options");
+    i2cp.add_options()
+      ("i2cp.enabled",        value<bool>()->default_value(false),                        "Enable or disable I2CP")
+      ("i2cp.address",        value<std::string>()->default_value("127.0.0.1"),           "I2CP listen address")
+      ("i2cp.port",            value<uint16_t>()->default_value(7654),                     "I2CP listen port")
+      ;
+
     options_description i2pcontrol("I2PControl options");
     i2pcontrol.add_options()
       ("i2pcontrol.enabled",  value<bool>()->default_value(false),                        "Enable or disable I2P Control Protocol")
@@ -173,14 +127,52 @@ namespace config {
       ("i2pcontrol.key",      value<std::string>()->default_value("i2pcontrol.key.pem"),  "I2PCP connection cerificate key")
       ;
 
+	bool upnp_default = false;
+#if (defined(USE_UPNP) && (defined(WIN32_APP) || defined(ANDROID)))
+	upnp_default = true; // enable UPNP for windows GUI and android by default	
+#endif
+  	options_description upnp("UPnP options");
+  	upnp.add_options()
+    ("upnp.enabled",  value<bool>()->default_value(upnp_default),             "Enable or disable UPnP: automatic port forwarding")
+	("upnp.name", value<std::string>()->default_value("I2Pd"), "Name i2pd appears in UPnP forwardings list") 
+    ;
+
+	options_description precomputation("Precomputation options");
+	precomputation.add_options()  
+	  ("precomputation.elgamal",  
+#if defined(__x86_64__)	   
+	   value<bool>()->default_value(false),   
+#else
+	   value<bool>()->default_value(true),  
+#endif	   
+	   "Enable or disable elgamal precomputation table")
+	  ;
+	
+	options_description reseed("Reseed options");	
+	reseed.add_options()
+	  ("reseed.file", value<std::string>()->default_value(""),  "Path to .su3 file")
+	  ;	
+
+  	options_description trust("Trust options");
+  	trust.add_options()
+      ("trust.enabled", value<bool>()->default_value(false), "enable explicit trust options")
+      ("trust.family", value<std::string>()->default_value(""), "Router Familiy to trust for first hops")
+      ("trust.hidden", value<bool>()->default_value(false), "should we hide our router from other routers?");
+  
     m_OptionsDesc
       .add(general)
+	  .add(limits)	
       .add(httpserver)
       .add(httpproxy)
       .add(socksproxy)
       .add(sam)
       .add(bob)
+	  .add(i2cp)	
       .add(i2pcontrol)
+      .add(upnp)
+	  .add(precomputation)
+	  .add(reseed) 
+      .add(trust)	
       ;
   }
 
@@ -189,8 +181,8 @@ namespace config {
       auto style = boost::program_options::command_line_style::unix_style
                  | boost::program_options::command_line_style::allow_long_disguise;
       style &=   ~ boost::program_options::command_line_style::allow_guessing;
-      store(parse_command_line(argc, argv, m_OptionsDesc, style, old_syntax_parser), m_Options);
-    } catch (boost::program_options::error e) {
+      store(parse_command_line(argc, argv, m_OptionsDesc, style), m_Options);
+    } catch (boost::program_options::error& e) {
       std::cerr << "args: " << e.what() << std::endl;
       exit(EXIT_FAILURE);
     }
@@ -203,19 +195,22 @@ namespace config {
   }
 
   void ParseConfig(const std::string& path) {
-    if (path == "")
-      return;
+    if (path == "") return;
 
     std::ifstream config(path, std::ios::in);
 
-    if (!config.is_open()) {
+    if (!config.is_open()) 
+	{
       std::cerr << "missing/unreadable config file: " << path << std::endl;
       exit(EXIT_FAILURE);
     }
 
-    try {
-      store(boost::program_options::parse_config_file(config, m_OptionsDesc), m_Options);
-    } catch (boost::program_options::error e) {
+    try 
+	{
+		store(boost::program_options::parse_config_file(config, m_OptionsDesc), m_Options);
+    } 
+	catch (boost::program_options::error& e) 
+	{
       std::cerr << e.what() << std::endl;
       exit(EXIT_FAILURE);
     };
@@ -223,6 +218,15 @@ namespace config {
 
   void Finalize() {
     notify(m_Options);
-  };
+  }
+
+  bool IsDefault(const char *name) {
+    if (!m_Options.count(name))
+      throw "try to check non-existent option";
+
+    if (m_Options[name].defaulted())
+      return true;
+    return false;
+  }
 } // namespace config
 } // namespace i2p

Config.h

@@ -30,7 +30,7 @@ namespace config {
   /**
    * @brief  Parse cmdline parameters, and show help if requested
    * @param  argc  Cmdline arguments count, should be passed from main().
-   * @param  argv  Cmdline parameters array, should be passed from main() 
+   * @param  argv  Cmdline parameters array, should be passed from main()
    *
    * If --help is given in parameters, shows it's list with description
    * terminates the program with exitcode 0.
@@ -68,7 +68,7 @@ namespace config {
    * @param  value Variable where to store option
    * @return this function returns false if parameter not found
    *
-   * @example  uint16_t port; GetOption("sam.port", port);
+   * Example: uint16_t port; GetOption("sam.port", port);
    */
   template<typename T>
   bool GetOption(const char *name, T& value) {
@@ -84,16 +84,23 @@ namespace config {
    * @param  value New parameter value
    * @return true if value set up successful, false otherwise
    *
-   * @example uint16_t port = 2827; SetOption("bob.port", port);
+   * Example: uint16_t port = 2827; SetOption("bob.port", port);
    */
   template<typename T>
   bool SetOption(const char *name, const T& value) {
     if (!m_Options.count(name))
       return false;
-    m_Options[name] = value;
+    m_Options.at(name).value() = value;
     notify(m_Options);
     return true;
-  }
+  }
+
+  /**
+   * @brief  Check is value explicitly given or default
+   * @param  name  Name of checked parameter
+   * @return true if value set to default, false othervise
+   */
+  bool IsDefault(const char *name);
 }
 }
 

Crypto.cpp

@@ -3,10 +3,8 @@
 #include <vector>
 #include <mutex>
 #include <memory>
-#include <openssl/sha.h>
 #include <openssl/dh.h>
 #include <openssl/md5.h>
-#include <openssl/rand.h>
 #include <openssl/crypto.h>
 #include "TunnelBase.h"
 #include <openssl/ssl.h>
@@ -146,9 +144,87 @@ namespace crypto
 	}
 
 // DH/ElGamal	
+
+	const int ELGAMAL_SHORT_EXPONENT_NUM_BITS = 226;
+	const int ELGAMAL_SHORT_EXPONENT_NUM_BYTES = ELGAMAL_SHORT_EXPONENT_NUM_BITS/8+1;
+	const int ELGAMAL_FULL_EXPONENT_NUM_BITS = 2048;
+	const int ELGAMAL_FULL_EXPONENT_NUM_BYTES = ELGAMAL_FULL_EXPONENT_NUM_BITS/8;
+	
 	#define elgp GetCryptoConstants ().elgp
 	#define elgg GetCryptoConstants ().elgg
 
+	static BN_MONT_CTX * g_MontCtx = nullptr;
+	static void PrecalculateElggTable (BIGNUM * table[][255], int len) // table is len's array of array of 255 bignums
+	{
+		if (len <= 0) return;
+		BN_CTX * ctx = BN_CTX_new ();
+		g_MontCtx = BN_MONT_CTX_new ();
+		BN_MONT_CTX_set (g_MontCtx, elgp, ctx);		
+		auto montCtx = BN_MONT_CTX_new ();
+		BN_MONT_CTX_copy (montCtx, g_MontCtx);
+		for (int i = 0; i < len; i++)
+		{
+			table[i][0] = BN_new ();
+			if (!i) 	
+				BN_to_montgomery (table[0][0], elgg, montCtx, ctx); 	
+			else
+				BN_mod_mul_montgomery (table[i][0], table[i-1][254], table[i-1][0], montCtx, ctx);
+			for (int j = 1; j < 255; j++)
+			{
+				table[i][j] = BN_new ();
+				BN_mod_mul_montgomery (table[i][j], table[i][j-1], table[i][0], montCtx, ctx);
+			}
+		}
+		BN_MONT_CTX_free (montCtx);
+		BN_CTX_free (ctx);
+	}	 
+
+	static void DestroyElggTable (BIGNUM * table[][255], int len)
+	{
+		for (int i = 0; i < len; i++)
+			for (int j = 0; j < 255; j++)
+			{
+				BN_free (table[i][j]);
+				table[i][j] = nullptr;
+			}
+		BN_MONT_CTX_free (g_MontCtx);
+	}
+	
+	static BIGNUM * ElggPow (const uint8_t * exp, int len, BIGNUM * table[][255], BN_CTX * ctx)
+	// exp is in Big Endian	
+	{
+		if (len <= 0) return nullptr;
+		auto montCtx = BN_MONT_CTX_new ();
+		BN_MONT_CTX_copy (montCtx, g_MontCtx);
+		BIGNUM * res = nullptr;
+		for (int i = 0; i < len; i++)
+		{
+			if (res)
+			{
+				if (exp[i])
+					BN_mod_mul_montgomery (res, res, table[len-1-i][exp[i]-1], montCtx, ctx);
+			}	
+			else if (exp[i]) 
+				res = BN_dup (table[len-i-1][exp[i]-1]);
+		}	
+		if (res)
+			BN_from_montgomery (res, res, montCtx, ctx);
+		BN_MONT_CTX_free (montCtx);
+		return res;
+	}	
+
+	static BIGNUM * ElggPow (const BIGNUM * exp, BIGNUM * table[][255], BN_CTX * ctx)
+	{
+		auto len = BN_num_bytes (exp);
+		uint8_t * buf = new uint8_t[len];
+		BN_bn2bin (exp, buf);
+		auto ret = ElggPow (buf, len, table, ctx);
+		delete[] buf;
+		return ret;
+	}	
+
+	static BIGNUM * (* g_ElggTable)[255] = nullptr; 
+	
 // DH
 	
 	DHKeys::DHKeys (): m_IsUpdated (true)
@@ -169,7 +245,23 @@ namespace crypto
 	{
 		if (m_DH->priv_key)  { BN_free (m_DH->priv_key); m_DH->priv_key = NULL; };
 		if (m_DH->pub_key)  { BN_free (m_DH->pub_key); m_DH->pub_key = NULL; };
-		DH_generate_key (m_DH);
+#if !defined(__x86_64__) // use short exponent for non x64 
+		m_DH->priv_key = BN_new ();
+		BN_rand (m_DH->priv_key, ELGAMAL_SHORT_EXPONENT_NUM_BITS, 0, 1);
+#endif		
+		if (g_ElggTable)
+		{	
+#if defined(__x86_64__)
+			m_DH->priv_key = BN_new ();
+			BN_rand (m_DH->priv_key, ELGAMAL_FULL_EXPONENT_NUM_BITS, 0, 1);
+#endif			
+			auto ctx = BN_CTX_new ();
+			m_DH->pub_key = ElggPow (m_DH->priv_key, g_ElggTable, ctx);
+			BN_CTX_free (ctx);
+		}	
+		else
+			DH_generate_key (m_DH);
+
 		if (priv) bn2buf (m_DH->priv_key, priv, 256);
 		if (pub) bn2buf (m_DH->pub_key, pub, 256);
 		m_IsUpdated = true;
@@ -200,11 +292,20 @@ namespace crypto
 		ctx = BN_CTX_new ();
 		// select random k
 		BIGNUM * k = BN_new ();
-		BN_rand_range (k, elgp);
-		if (BN_is_zero (k)) BN_one (k);
-		// caulculate a
-		a = BN_new ();
-		BN_mod_exp (a, elgg, k, elgp, ctx);
+#if defined(__x86_64__)
+		BN_rand (k, ELGAMAL_FULL_EXPONENT_NUM_BITS, -1, 1); // full exponent for x64
+#else
+		BN_rand (k, ELGAMAL_SHORT_EXPONENT_NUM_BITS, -1, 1); // short exponent of 226 bits
+#endif		
+		// calculate a
+		if (g_ElggTable)
+			a = ElggPow (k, g_ElggTable, ctx);
+		else
+		{	
+			a = BN_new ();
+			BN_mod_exp (a, elgg, k, elgp, ctx);
+		}
+
 		BIGNUM * y = BN_new ();
 		BN_bin2bn (key, 256, y);
 		// calculate b1
@@ -279,6 +380,14 @@ namespace crypto
 	{
 #if defined(__x86_64__) || defined(__i386__) || defined(_MSC_VER)	
 		RAND_bytes (priv, 256);
+#else
+		// lower 226 bits (28 bytes and 2 bits) only. short exponent
+		auto numBytes = (ELGAMAL_SHORT_EXPONENT_NUM_BITS)/8 + 1; // 29
+		auto numZeroBytes = 256 - numBytes;
+		RAND_bytes (priv + numZeroBytes, numBytes);
+		memset (priv, 0, numZeroBytes);
+		priv[numZeroBytes] &= 0x03;
+#endif
 		BN_CTX * ctx = BN_CTX_new ();
 		BIGNUM * p = BN_new ();	
 		BN_bin2bn (priv, 256, p);
@@ -286,11 +395,6 @@ namespace crypto
 		bn2buf (p, pub, 256); 
 		BN_free (p);
 		BN_CTX_free (ctx);
-#else
-		DHKeys dh;
-		dh.GenerateKeys (priv, pub);
-		
-#endif		
 	}
 
 // HMAC
@@ -695,17 +799,38 @@ namespace crypto
 		}	
 	}*/
 	
-	void InitCrypto ()
+	void InitCrypto (bool precomputation)
 	{
 		SSL_library_init ();
 /*		auto numLocks = CRYPTO_num_locks();
 		for (int i = 0; i < numLocks; i++)
 		     m_OpenSSLMutexes.emplace_back (new std::mutex);
 		CRYPTO_set_locking_callback (OpensslLockingCallback);*/
+		if (precomputation)
+		{	
+#if defined(__x86_64__)
+			g_ElggTable = new BIGNUM * [ELGAMAL_FULL_EXPONENT_NUM_BYTES][255];
+			PrecalculateElggTable (g_ElggTable, ELGAMAL_FULL_EXPONENT_NUM_BYTES);
+#else			
+			g_ElggTable = new BIGNUM * [ELGAMAL_SHORT_EXPONENT_NUM_BYTES][255];
+			PrecalculateElggTable (g_ElggTable, ELGAMAL_SHORT_EXPONENT_NUM_BYTES);
+#endif		
+		}	
 	}
 	
 	void TerminateCrypto ()
 	{
+		if (g_ElggTable)
+		{		
+			DestroyElggTable (g_ElggTable,
+#if defined(__x86_64__)				                  
+				ELGAMAL_FULL_EXPONENT_NUM_BYTES
+#else
+				ELGAMAL_SHORT_EXPONENT_NUM_BYTES	
+#endif	
+			);   
+			delete[] g_ElggTable; g_ElggTable = nullptr;
+		}	
 /*		CRYPTO_set_locking_callback (nullptr);
 		m_OpenSSLMutexes.clear ();*/
 	}	

Crypto.h

@@ -7,7 +7,11 @@
 #include <openssl/dh.h>
 #include <openssl/aes.h>
 #include <openssl/dsa.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+
 #include "Base.h"
+#include "Tag.h"
 
 namespace i2p
 {
@@ -70,7 +74,7 @@ namespace crypto
 
 		void operator^=(const ChipherBlock& other) // XOR
 		{
-#if defined(__x86_64__) // for Intel x64 
+#if defined(__x86_64__) || defined(__SSE__) // for Intel x84 or with SSE
 			__asm__
 			(
 				"movups	(%[buf]), %%xmm0 \n"	
@@ -273,7 +277,7 @@ namespace crypto
 #endif
 	};	
 
-	void InitCrypto ();
+	void InitCrypto (bool precomputation);
 	void TerminateCrypto ();
 }		
 }	

CryptoConst.cpp

@@ -1,73 +0,0 @@
-#include <inttypes.h>
-#include "CryptoConst.h"
-
-namespace i2p
-{
-namespace crypto
-{
-	const uint8_t elgp_[256]=
-	{
-		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 
-		0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 
-		0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-		0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
-		0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 		0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-		0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
-		0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 
-		0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
-		0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
-		0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 
-		0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
-		0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
-		0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
-		0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
-		0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
-	};
-	
-	const uint8_t dsap_[128]=
-	{
-		0x9c, 0x05, 0xb2, 0xaa, 0x96, 0x0d, 0x9b, 0x97, 0xb8, 0x93, 0x19, 0x63, 0xc9, 0xcc, 0x9e, 0x8c,
-		0x30, 0x26, 0xe9, 0xb8, 0xed, 0x92, 0xfa, 0xd0, 0xa6, 0x9c, 0xc8, 0x86, 0xd5, 0xbf, 0x80, 0x15,
-		0xfc, 0xad, 0xae, 0x31, 0xa0, 0xad, 0x18, 0xfa, 0xb3, 0xf0, 0x1b, 0x00, 0xa3, 0x58, 0xde, 0x23,
-		0x76, 0x55, 0xc4, 0x96, 0x4a, 0xfa, 0xa2, 0xb3, 0x37, 0xe9, 0x6a, 0xd3, 0x16, 0xb9, 0xfb, 0x1c,
-		0xc5, 0x64, 0xb5, 0xae, 0xc5, 0xb6, 0x9a, 0x9f, 0xf6, 0xc3, 0xe4, 0x54, 0x87, 0x07, 0xfe, 0xf8,
-		0x50, 0x3d, 0x91, 0xdd, 0x86, 0x02, 0xe8, 0x67, 0xe6, 0xd3, 0x5d, 0x22, 0x35, 0xc1, 0x86, 0x9c,
-		0xe2, 0x47, 0x9c, 0x3b, 0x9d, 0x54, 0x01, 0xde, 0x04, 0xe0, 0x72, 0x7f, 0xb3, 0x3d, 0x65, 0x11, 
-		0x28, 0x5d, 0x4c, 0xf2, 0x95, 0x38, 0xd9, 0xe3, 0xb6, 0x05, 0x1f, 0x5b, 0x22, 0xcc, 0x1c, 0x93
-	};
-
-	const uint8_t dsaq_[20]=
-	{
-		0xa5, 0xdf, 0xc2, 0x8f, 0xef, 0x4c, 0xa1, 0xe2, 0x86, 0x74, 0x4c, 0xd8, 0xee, 0xd9, 0xd2, 0x9d,
-		0x68, 0x40, 0x46, 0xb7
-	};
-
-	const uint8_t dsag_[128]=
-	{
-		0x0c, 0x1f, 0x4d, 0x27, 0xd4, 0x00, 0x93, 0xb4, 0x29, 0xe9, 0x62, 0xd7, 0x22, 0x38, 0x24, 0xe0,
-		0xbb, 0xc4, 0x7e, 0x7c, 0x83, 0x2a, 0x39, 0x23, 0x6f, 0xc6, 0x83, 0xaf, 0x84, 0x88, 0x95, 0x81,
-		0x07, 0x5f, 0xf9, 0x08, 0x2e, 0xd3, 0x23, 0x53, 0xd4, 0x37, 0x4d, 0x73, 0x01, 0xcd, 0xa1, 0xd2,
-		0x3c, 0x43, 0x1f, 0x46, 0x98, 0x59, 0x9d, 0xda, 0x02, 0x45, 0x18, 0x24, 0xff, 0x36, 0x97, 0x52,
-		0x59, 0x36, 0x47, 0xcc, 0x3d, 0xdc, 0x19, 0x7d, 0xe9, 0x85, 0xe4, 0x3d, 0x13, 0x6c, 0xdc, 0xfc,
-		0x6b, 0xd5, 0x40, 0x9c, 0xd2, 0xf4, 0x50, 0x82, 0x11, 0x42, 0xa5, 0xe6, 0xf8, 0xeb, 0x1c, 0x3a,
-		0xb5, 0xd0, 0x48, 0x4b, 0x81, 0x29, 0xfc, 0xf1, 0x7b, 0xce, 0x4f, 0x7f, 0x33, 0x32, 0x1c, 0x3c, 
-		0xb3, 0xdb, 0xb1, 0x4a, 0x90, 0x5e, 0x7b, 0x2b, 0x3e, 0x93, 0xbe, 0x47, 0x08, 0xcb, 0xcc, 0x82  
-	};
-
-	const CryptoConstants& GetCryptoConstants ()
-	{
-		static CryptoConstants cryptoConstants = 
-		{
-			{elgp_, 256},	// elgp
-			{2},			// elgg	
-			{dsap_, 128},	// dsap
-			{dsaq_, 20},	// dsaq
-			{dsag_, 128}	// dsag
-		};	
-		return cryptoConstants;
-	}	
-	
-}
-}
-

CryptoConst.h

@@ -1,38 +0,0 @@
-#ifndef CRYPTO_CONST_H__
-#define CRYPTO_CONST_H__
-
-#include <cryptopp/integer.h>
-
-namespace i2p
-{
-namespace crypto
-{
-	struct CryptoConstants
-	{
-		// DH/ElGamal
-		const CryptoPP::Integer elgp;
-		const CryptoPP::Integer elgg; 
-
-		// DSA
-		const CryptoPP::Integer dsap;		
-		const CryptoPP::Integer dsaq;
-		const CryptoPP::Integer dsag;			
-	};	
-	
-	const CryptoConstants& GetCryptoConstants ();
-	
-	// DH/ElGamal	
-	#define elgp GetCryptoConstants ().elgp
-	#define elgg GetCryptoConstants ().elgg
-
-	// DSA
-	#define dsap GetCryptoConstants ().dsap	
-	#define dsaq GetCryptoConstants ().dsaq
-	#define dsag GetCryptoConstants ().dsag	
-
-	// RSA
-	const int rsae = 65537;	
-}		
-}	
-
-#endif

Daemon.cpp

@@ -5,6 +5,7 @@
 
 #include "Config.h"
 #include "Log.h"
+#include "FS.h"
 #include "Base.h"
 #include "version.h"
 #include "Transports.h"
@@ -12,19 +13,17 @@
 #include "RouterInfo.h"
 #include "RouterContext.h"
 #include "Tunnel.h"
+#include "HTTP.h"
 #include "NetDb.h"
 #include "Garlic.h"
-#include "util.h"
 #include "Streaming.h"
 #include "Destination.h"
 #include "HTTPServer.h"
 #include "I2PControl.h"
 #include "ClientContext.h"
 #include "Crypto.h"
-
-#ifdef USE_UPNP
 #include "UPnP.h"
-#endif
+#include "util.h"
 
 namespace i2p
 {
@@ -36,18 +35,15 @@ namespace i2p
 			Daemon_Singleton_Private() {};
 			~Daemon_Singleton_Private() {};
 
-			std::unique_ptr<i2p::util::HTTPServer> httpServer;
+			std::unique_ptr<i2p::http::HTTPServer> httpServer;
 			std::unique_ptr<i2p::client::I2PControlService> m_I2PControlService;
-
-#ifdef USE_UPNP
-			i2p::transport::UPnP m_UPnP;
-#endif	
+			std::unique_ptr<i2p::transport::UPnP> UPnP;
 		};
 
-		Daemon_Singleton::Daemon_Singleton() : running(1), d(*new Daemon_Singleton_Private()) {};
+		Daemon_Singleton::Daemon_Singleton() : isDaemon(false), running(true), d(*new Daemon_Singleton_Private()) {}
 		Daemon_Singleton::~Daemon_Singleton() {
 			delete &d;
-		};
+		}
 
 		bool Daemon_Singleton::IsService () const
 		{
@@ -63,120 +59,191 @@ namespace i2p
 			i2p::config::Init();
 			i2p::config::ParseCmdline(argc, argv);
 
-			std::string config  = i2p::util::filesystem::GetConfigFile().string();
-			std::string tunconf = i2p::util::filesystem::GetTunnelsConfigFile().string();
-			std::string datadir = i2p::util::filesystem::GetDataDir().string();
+			std::string config;  i2p::config::GetOption("conf",    config);
+			std::string datadir; i2p::config::GetOption("datadir", datadir);
+			i2p::fs::DetectDataDir(datadir, IsService());
+			i2p::fs::Init();
+
+			datadir = i2p::fs::GetDataDir();
+			// TODO: drop old name detection in v2.8.0
+			if (config == "")
+			{
+				config = i2p::fs::DataDirPath("i2p.conf");
+				if (i2p::fs::Exists (config)) {
+					LogPrint(eLogWarning, "Daemon: please rename i2p.conf to i2pd.conf here: ", config);
+				} else {
+					config = i2p::fs::DataDirPath("i2pd.conf");
+					if (!i2p::fs::Exists (config)) {
+						// use i2pd.conf only if exists
+						config = ""; /* reset */
+					}
+				}
+			}
 
 			i2p::config::ParseConfig(config);
 			i2p::config::Finalize();
 
-			i2p::crypto::InitCrypto ();
-			i2p::context.Init ();
-
 			i2p::config::GetOption("daemon", isDaemon);
 
-			// TODO: move log init here
-
-			LogPrint(eLogInfo,  "i2pd v", VERSION, " starting");
-			LogPrint(eLogDebug, "FS: main config file: ", config);
-			LogPrint(eLogDebug, "FS: tunnels config: ",   tunconf);
-			LogPrint(eLogDebug, "FS: data directory: ", datadir);
-
-			uint16_t port; i2p::config::GetOption("port", port);
-			if (port)
-			{	
-				LogPrint(eLogInfo, "Daemon: accepting incoming connections at port ", port);
-				i2p::context.UpdatePort (port);
-			}	
-
-			std::string host; i2p::config::GetOption("host", host);
-			if (host != "0.0.0.0")
-			{
-				LogPrint(eLogInfo, "Daemon: setting address for incoming connections to ", host);
-				i2p::context.UpdateAddress (boost::asio::ip::address::from_string (host));	
-			}
-
-			bool ipv6;    i2p::config::GetOption("ipv6", ipv6);
-			bool transit; i2p::config::GetOption("notransit", transit);
-			i2p::context.SetSupportsV6     (ipv6);
-			i2p::context.SetAcceptsTunnels (!transit);
-
-			bool isFloodfill; i2p::config::GetOption("floodfill", isFloodfill);
-			char bandwidth;   i2p::config::GetOption("bandwidth", bandwidth);
-
-			if (isFloodfill) 
-			{
-				LogPrint(eLogInfo, "Daemon: router will be floodfill");
-				i2p::context.SetFloodfill (true);
-			}	
-			if (bandwidth != '-')
-			{
-				LogPrint(eLogInfo, "Daemon: bandwidth set to ", bandwidth);
-				if (bandwidth > 'O') 
-					i2p::context.SetExtraBandwidth (); 
-				else if (bandwidth > 'L')
-					i2p::context.SetHighBandwidth (); 
-				else 
-					i2p::context.SetLowBandwidth ();
-			}	
-			else if (isFloodfill) 
-			{
-				LogPrint(eLogInfo, "Daemon: floodfill bandwidth set to 'extra'");
-				i2p::context.SetExtraBandwidth ();
-			} 
-			else
-				i2p::context.SetLowBandwidth ();
-
-			return true;
-		}
-			
-		bool Daemon_Singleton::start()
-		{
 			std::string logs     = ""; i2p::config::GetOption("log",      logs);
 			std::string logfile  = ""; i2p::config::GetOption("logfile",  logfile);
 			std::string loglevel = ""; i2p::config::GetOption("loglevel", loglevel);
 
+			/* setup logging */
 			if (isDaemon && (logs == "" || logs == "stdout"))
 				logs = "file";
 
-			if (logs == "file")
-			{
+			i2p::log::Logger().SetLogLevel(loglevel);
+			if (logs == "file") {
 				if (logfile == "")
-				{
-					// use autodetect of logfile
-					logfile = IsService () ? "/var/log" : i2p::util::filesystem::GetDataDir().string();
+					logfile = i2p::fs::DataDirPath("i2pd.log");
+				LogPrint(eLogInfo, "Log: will send messages to ", logfile);
+				i2p::log::Logger().SendTo (logfile);
 #ifndef _WIN32
-					logfile.append("/i2pd.log");
-#else
-					logfile.append("\\i2pd.log");
+			} else if (logs == "syslog") {
+				LogPrint(eLogInfo, "Log: will send messages to syslog");
+				i2p::log::Logger().SendTo("i2pd", LOG_DAEMON);
 #endif
-				}
-				StartLog (logfile);
 			} else {
-				// use stdout
-				StartLog ("");
+				// use stdout -- default
 			}
-			SetLogLevel(loglevel);
+			i2p::log::Logger().Ready();
+
+			LogPrint(eLogInfo,	"i2pd v", VERSION, " starting");
+			LogPrint(eLogDebug, "FS: main config file: ", config);
+			LogPrint(eLogDebug, "FS: data directory: ", datadir);
+
+			bool precomputation; i2p::config::GetOption("precomputation.elgamal", precomputation);
+			i2p::crypto::InitCrypto (precomputation);
+			i2p::context.Init ();
+
+			bool ipv6;		i2p::config::GetOption("ipv6", ipv6);
+			bool ipv4;		i2p::config::GetOption("ipv4", ipv4);
+#ifdef MESHNET
+			// manual override for meshnet
+			ipv4 = false;
+			ipv6 = true;
+#endif
+			uint16_t port; i2p::config::GetOption("port", port);
+			if (!i2p::config::IsDefault("port"))
+			{
+				LogPrint(eLogInfo, "Daemon: accepting incoming connections at port ", port);
+				i2p::context.UpdatePort (port);
+			}
+			i2p::context.SetSupportsV6		 (ipv6);
+			i2p::context.SetSupportsV4		 (ipv4);
 			
-			bool http; i2p::config::GetOption("http.enabled", http);
-			if (http) {
-				std::string httpAddr; i2p::config::GetOption("http.address", httpAddr);
-				uint16_t    httpPort; i2p::config::GetOption("http.port",    httpPort);
-				LogPrint(eLogInfo, "Daemon: starting HTTP Server at ", httpAddr, ":", httpPort);
-				d.httpServer = std::unique_ptr<i2p::util::HTTPServer>(new i2p::util::HTTPServer(httpAddr, httpPort));
-				d.httpServer->Start();
+			bool transit; i2p::config::GetOption("notransit", transit);
+			i2p::context.SetAcceptsTunnels (!transit);
+			uint16_t transitTunnels; i2p::config::GetOption("limits.transittunnels", transitTunnels);
+			SetMaxNumTransitTunnels (transitTunnels);
+
+			bool isFloodfill; i2p::config::GetOption("floodfill", isFloodfill);
+			if (isFloodfill) {
+				LogPrint(eLogInfo, "Daemon: router will be floodfill");
+				i2p::context.SetFloodfill (true);
+			}	else {
+				i2p::context.SetFloodfill (false);
 			}
 
+			/* this section also honors 'floodfill' flag, if set above */
+			std::string bandwidth; i2p::config::GetOption("bandwidth", bandwidth);
+			if (bandwidth.length () > 0)
+			{	
+				if (bandwidth[0] >= 'K' && bandwidth[0] <= 'X') 
+				{
+					i2p::context.SetBandwidth (bandwidth[0]);
+					LogPrint(eLogInfo, "Daemon: bandwidth set to ", i2p::context.GetBandwidthLimit (), "KBps");
+				} 
+				else 
+				{
+					auto value = std::atoi(bandwidth.c_str());
+					if (value > 0) 
+					{	
+						i2p::context.SetBandwidth (value);
+						LogPrint(eLogInfo, "Daemon: bandwidth set to ", i2p::context.GetBandwidthLimit (), " KBps");
+					}
+					else
+					{
+						LogPrint(eLogInfo, "Daemon: unexpected bandwidth ", bandwidth, ". Set to 'low'");
+						i2p::context.SetBandwidth (i2p::data::CAPS_FLAG_LOW_BANDWIDTH2);
+					}	
+				}	
+			}	
+			else if (isFloodfill) 
+			{
+				LogPrint(eLogInfo, "Daemon: floodfill bandwidth set to 'extra'");
+				i2p::context.SetBandwidth (i2p::data::CAPS_FLAG_EXTRA_BANDWIDTH1);
+			} 
+			else
+			{
+				LogPrint(eLogInfo, "Daemon: bandwidth set to 'low'");
+				i2p::context.SetBandwidth (i2p::data::CAPS_FLAG_LOW_BANDWIDTH2);
+			}	
+
+			std::string family; i2p::config::GetOption("family", family);
+			i2p::context.SetFamily (family);
+			if (family.length () > 0)
+				LogPrint(eLogInfo, "Daemon: family set to ", family);	
+
+      bool trust; i2p::config::GetOption("trust.enabled", trust);
+      if (trust)
+      {
+        LogPrint(eLogInfo, "Daemon: explicit trust enabled");
+        std::string fam; i2p::config::GetOption("trust.family", fam);
+        if (fam.length() > 0)
+        {
+          LogPrint(eLogInfo, "Daemon: setting restricted routes to use family ", fam);
+          i2p::transport::transports.RestrictRoutes({fam});
+        } else
+          LogPrint(eLogError, "Daemon: no family specified for restricted routes");
+      }
+      bool hidden; i2p::config::GetOption("trust.hidden", hidden);
+      if (hidden)
+      {
+        LogPrint(eLogInfo, "Daemon: using hidden mode");
+        i2p::data::netdb.SetHidden(true);
+      }
+      return true;
+		}
+			
+		bool Daemon_Singleton::start()
+		{
 			LogPrint(eLogInfo, "Daemon: starting NetDB");
 			i2p::data::netdb.Start();
 
-#ifdef USE_UPNP
-			LogPrint(eLogInfo, "Daemon: starting UPnP");
-			d.m_UPnP.Start ();
-#endif			
-			LogPrint(eLogInfo, "Daemon: starting Transports");
-			i2p::transport::transports.Start();
+			bool upnp; i2p::config::GetOption("upnp.enabled", upnp);
+			if (upnp) {
+				d.UPnP = std::unique_ptr<i2p::transport::UPnP>(new i2p::transport::UPnP);
+				d.UPnP->Start ();
+			}
 
+			bool ntcp; i2p::config::GetOption("ntcp", ntcp);
+			bool ssu; i2p::config::GetOption("ssu", ssu);
+			LogPrint(eLogInfo, "Daemon: starting Transports");
+			if(!ssu) LogPrint(eLogInfo, "Daemon: ssu disabled");
+			if(!ntcp) LogPrint(eLogInfo, "Daemon: ntcp disabled");
+			i2p::transport::transports.Start(ntcp, ssu);
+			if (i2p::transport::transports.IsBoundNTCP() || i2p::transport::transports.IsBoundSSU()) {
+				LogPrint(eLogInfo, "Daemon: Transports started");
+			} else {
+				LogPrint(eLogError, "Daemon: failed to start Transports");
+				/** shut down netdb right away */
+				i2p::transport::transports.Stop();
+				i2p::data::netdb.Stop();
+				return false;
+			}
+						
+			bool http; i2p::config::GetOption("http.enabled", http);
+			if (http) {
+				std::string httpAddr; i2p::config::GetOption("http.address", httpAddr);
+				uint16_t		httpPort; i2p::config::GetOption("http.port",		 httpPort);
+				LogPrint(eLogInfo, "Daemon: starting HTTP Server at ", httpAddr, ":", httpPort);
+				d.httpServer = std::unique_ptr<i2p::http::HTTPServer>(new i2p::http::HTTPServer(httpAddr, httpPort));
+				d.httpServer->Start();
+			}
+
+			
 			LogPrint(eLogInfo, "Daemon: starting Tunnels");
 			i2p::tunnel::tunnels.Start();
 
@@ -192,6 +259,7 @@ namespace i2p
 				d.m_I2PControlService = std::unique_ptr<i2p::client::I2PControlService>(new i2p::client::I2PControlService (i2pcpAddr, i2pcpPort));
 				d.m_I2PControlService->Start ();
 			}
+
 			return true;
 		}
 
@@ -202,10 +270,12 @@ namespace i2p
 			i2p::client::context.Stop();
 			LogPrint(eLogInfo, "Daemon: stopping Tunnels");
 			i2p::tunnel::tunnels.Stop();
-#ifdef USE_UPNP
-			LogPrint(eLogInfo, "Daemon: stopping UPnP");
-			d.m_UPnP.Stop ();
-#endif			
+
+			if (d.UPnP) {
+				d.UPnP->Stop ();
+				d.UPnP = nullptr;
+			}
+
 			LogPrint(eLogInfo, "Daemon: stopping Transports");
 			i2p::transport::transports.Stop();
 			LogPrint(eLogInfo, "Daemon: stopping NetDB");
@@ -222,9 +292,8 @@ namespace i2p
 				d.m_I2PControlService = nullptr;
 			}	
 			i2p::crypto::TerminateCrypto ();
-			StopLog ();
 
 			return true;
 		}
-	}
+    }
 }

Daemon.h

@@ -1,14 +1,9 @@
 #ifndef DAEMON_H__
 #define DAEMON_H__
 
+#include <memory>
 #include <string>
 
-#ifdef _WIN32
-#define Daemon i2p::util::DaemonWin32::Instance()
-#else
-#define Daemon i2p::util::DaemonLinux::Instance()
-#endif
-
 namespace i2p
 {
 	namespace util
@@ -20,24 +15,52 @@ namespace i2p
 			virtual bool init(int argc, char* argv[]);
 			virtual bool start();
 			virtual bool stop();
+			virtual void run () {};
 
-			bool isLogging;
 			bool isDaemon;
-			
 			bool running;
 
 		protected:
 			Daemon_Singleton();
 			virtual ~Daemon_Singleton();
 
-			bool IsService () const;				
+			bool IsService () const;
 
 			// d-pointer for httpServer, httpProxy, etc.
 			class Daemon_Singleton_Private;
 			Daemon_Singleton_Private &d;
 		};
 
-#ifdef _WIN32
+#if defined(QT_GUI_LIB) // check if QT
+#define Daemon i2p::util::DaemonQT::Instance()
+	// dummy, invoked from RunQT	
+    class DaemonQT: public i2p::util::Daemon_Singleton
+	{
+		public:
+
+			static DaemonQT& Instance()
+			{
+				static DaemonQT instance;
+				return instance;
+			}
+    };
+
+#elif defined(ANDROID)
+#define Daemon i2p::util::DaemonAndroid::Instance()
+	// dummy, invoked from android/jni/DaemonAndroid.*
+    class DaemonAndroid: public i2p::util::Daemon_Singleton
+	{
+		public:
+
+			static DaemonAndroid& Instance()
+			{
+				static DaemonAndroid instance;
+				return instance;
+			}
+    };
+
+#elif defined(_WIN32)
+#define Daemon i2p::util::DaemonWin32::Instance()
 		class DaemonWin32 : public Daemon_Singleton
 		{
 		public:
@@ -47,25 +70,34 @@ namespace i2p
 				return instance;
 			}
 
-			virtual bool init(int argc, char* argv[]);
-			virtual bool start();
-			virtual bool stop();
+			bool init(int argc, char* argv[]);
+			bool start();
+			bool stop();
+			void run ();
 		};
 #else
-		class DaemonLinux : public Daemon_Singleton
+#define Daemon i2p::util::DaemonLinux::Instance()
+        class DaemonLinux : public Daemon_Singleton
 		{
-		public:
-			static DaemonLinux& Instance()
-			{
-				static DaemonLinux instance;
-				return instance;
-			}
+			public:
+				static DaemonLinux& Instance()
+				{
+					static DaemonLinux instance;
+					return instance;
+				}
 
-			virtual bool start();
-			virtual bool stop();
-                private:
-                       std::string pidfile;
-                       int pidFH;
+				bool start();
+				bool stop();
+				void run ();
+
+			private:
+
+				std::string pidfile;
+                int pidFH;
+
+			public:
+
+				int gracefullShutdownInterval; // in seconds
 
 		};
 #endif

DaemonLinux.cpp

@@ -4,26 +4,39 @@
 
 #include <signal.h>
 #include <stdlib.h>
+#include <thread>
 #include <unistd.h>
 #include <fcntl.h>
 #include <sys/stat.h>
 
 #include "Config.h"
+#include "FS.h"
 #include "Log.h"
-#include "util.h"
+#include "RouterContext.h"
+#include "ClientContext.h"
 
 void handle_signal(int sig)
 {
 	switch (sig)
 	{
-	case SIGHUP:
-		LogPrint(eLogInfo, "Daemon: Got SIGHUP, doing nothing");
-		// TODO:
+		case SIGHUP:
+			LogPrint(eLogInfo, "Daemon: Got SIGHUP, reopening log...");
+			i2p::log::Logger().Reopen ();
+			i2p::client::context.ReloadConfig();
 		break;
-	case SIGABRT:
-	case SIGTERM:
-	case SIGINT:
-		Daemon.running = 0; // Exit loop
+		case SIGINT:
+			if (i2p::context.AcceptsTunnels () && !Daemon.gracefullShutdownInterval)
+			{	
+				i2p::context.SetAcceptsTunnels (false);
+				Daemon.gracefullShutdownInterval = 10*60; // 10 minutes
+				LogPrint(eLogInfo, "Graceful shutdown after ", Daemon.gracefullShutdownInterval, " seconds");
+			}	
+			else
+				Daemon.running = 0; 
+		break;	
+		case SIGABRT:
+		case SIGTERM:
+			Daemon.running = 0; // Exit loop
 		break;
 	}
 }
@@ -34,7 +47,7 @@ namespace i2p
 	{
 		bool DaemonLinux::start()
 		{
-			if (isDaemon == 1)
+			if (isDaemon)
 			{
 				pid_t pid;
 				pid = fork();
@@ -55,28 +68,24 @@ namespace i2p
 					LogPrint(eLogError, "Daemon: could not create process group.");
 					return false;
 				}
-				std::string d(i2p::util::filesystem::GetDataDir().string ()); // make a copy
+				std::string d = i2p::fs::GetDataDir();
 				if (chdir(d.c_str()) != 0)
 				{
 					LogPrint(eLogError, "Daemon: could not chdir: ", strerror(errno));
 					return false;
 				}
 
-				// close stdin/stdout/stderr descriptors
-				::close (0);
-				::open ("/dev/null", O_RDWR);
-				::close (1);
-				::open ("/dev/null", O_RDWR);	
-				::close (2);
-				::open ("/dev/null", O_RDWR);
+				// point std{in,out,err} descriptors to /dev/null
+                stdin  = freopen("/dev/null", "r", stdin);
+				stdout = freopen("/dev/null", "w", stdout);
+				stderr = freopen("/dev/null", "w", stderr);
 			}
 
 			// Pidfile
 			// this code is c-styled and a bit ugly, but we need fd for locking pidfile
 			std::string pidfile; i2p::config::GetOption("pidfile", pidfile);
 			if (pidfile == "") {
-				pidfile = IsService () ? "/var/run" : i2p::util::filesystem::GetDataDir().string();
-				pidfile.append("/i2pd.pid");
+				pidfile = i2p::fs::DataDirPath("i2pd.pid");
 			}
 			if (pidfile != "") {
 				pidFH = open(pidfile.c_str(), O_RDWR | O_CREAT, 0600);
@@ -99,6 +108,7 @@ namespace i2p
 					return false;
 				}
 			}
+			gracefullShutdownInterval = 0; // not specified
 
 			// Signal handler
 			struct sigaction sa;
@@ -115,10 +125,27 @@ namespace i2p
 
 		bool DaemonLinux::stop()
 		{
-			unlink(pidfile.c_str());
+			i2p::fs::Remove(pidfile);
 
 			return Daemon_Singleton::stop();			
 		}
+
+		void DaemonLinux::run ()
+		{
+			while (running)
+			{
+				std::this_thread::sleep_for (std::chrono::seconds(1));
+				if (gracefullShutdownInterval)
+				{
+					gracefullShutdownInterval--; // - 1 second
+					if (gracefullShutdownInterval <= 0) 
+					{	
+						LogPrint(eLogInfo, "Graceful shutdown");
+						return;
+					}
+				}	
+			}
+		}
 	}
 }
 

DaemonWin32.cpp

@@ -1,3 +1,5 @@
+#include <thread>
+#include <clocale>
 #include "Config.h"
 #include "Daemon.h"
 #include "util.h"
@@ -5,7 +7,10 @@
 
 #ifdef _WIN32
 
-#include "./Win32/Win32Service.h"
+#include "Win32/Win32Service.h"
+#ifdef WIN32_APP
+#include "Win32/Win32App.h"
+#endif
 
 namespace i2p
 {
@@ -18,11 +23,8 @@ namespace i2p
 			SetConsoleOutputCP(1251);
 			setlocale(LC_ALL, "Russian");
 
-			if (!Daemon_Singleton::init(argc, argv)) return false;
-			if (I2PService::isService())
-				isDaemon = 1;
-			else
-				isDaemon = 0;
+			if (!Daemon_Singleton::init(argc, argv))
+				return false;
 
 			std::string serviceControl; i2p::config::GetOption("svcctl", serviceControl);
 			if (serviceControl == "install")
@@ -36,45 +38,77 @@ namespace i2p
 					SERVICE_ACCOUNT,            // Service running account
 					SERVICE_PASSWORD            // Password of the account
 					);
-				exit(0);
+				return false;
 			}
 			else if (serviceControl == "remove")
 			{
 				LogPrint(eLogInfo, "WinSVC: uninstalling ", SERVICE_NAME, " service");
 				UninstallService(SERVICE_NAME);
-				exit(0);
+				return false;
 			}
-			
-			if (isDaemon == 1)
+
+			if (isDaemon)
 			{
 				LogPrint(eLogDebug, "Daemon: running as service");
 				I2PService service(SERVICE_NAME);
 				if (!I2PService::Run(service))
 				{
 					LogPrint(eLogError, "Daemon: Service failed to run w/err 0x%08lx\n", GetLastError());
-					exit(EXIT_FAILURE);
+					return false;
 				}
-				exit(EXIT_SUCCESS);
+				return false;
 			}
 			else
 				LogPrint(eLogDebug, "Daemon: running as user");
 
 			return true;
 		}
+
 		bool DaemonWin32::start()
 		{
 			setlocale(LC_CTYPE, "");
 			SetConsoleCP(1251);
 			SetConsoleOutputCP(1251);
 			setlocale(LC_ALL, "Russian");
+#ifdef WIN32_APP
+            if (!i2p::win32::StartWin32App ()) return false;
 
-			return Daemon_Singleton::start();
+            // override log
+            i2p::config::SetOption("log", std::string ("file"));
+#endif
+			bool ret = Daemon_Singleton::start();
+			if (ret && i2p::log::Logger().GetLogType() == eLogFile)
+			{
+				// TODO: find out where this garbage to console comes from
+				SetStdHandle(STD_OUTPUT_HANDLE, INVALID_HANDLE_VALUE);
+				SetStdHandle(STD_ERROR_HANDLE, INVALID_HANDLE_VALUE);
+			}
+			bool insomnia; i2p::config::GetOption("insomnia", insomnia);
+			if (insomnia)
+				SetThreadExecutionState(ES_CONTINUOUS | ES_SYSTEM_REQUIRED);
+			return ret;
 		}
 
 		bool DaemonWin32::stop()
 		{
+#ifdef WIN32_APP
+		    i2p::win32::StopWin32App ();
+#endif
 			return Daemon_Singleton::stop();
 		}
+
+		void DaemonWin32::run ()
+        {
+#ifdef WIN32_APP
+            i2p::win32::RunWin32App ();
+#else
+		 while (running)
+		{
+			std::this_thread::sleep_for (std::chrono::seconds(1));
+		}
+ 	
+#endif
+        }
 	}
 }
 

Datagram.cpp

@@ -1,7 +1,6 @@
 #include <string.h>
 #include <vector>
-#include <openssl/sha.h>
-#include <openssl/rand.h>
+#include "Crypto.h"
 #include "Log.h"
 #include "TunnelBase.h"
 #include "RouterContext.h"
@@ -66,7 +65,7 @@ namespace datagram
 			msgs.push_back (i2p::tunnel::TunnelMessageBlock 
 				{ 
 					i2p::tunnel::eDeliveryTypeTunnel,
-					leases[i].tunnelGateway, leases[i].tunnelID,
+					leases[i]->tunnelGateway, leases[i]->tunnelID,
 					garlic
 				});
 			outboundTunnel->SendTunnelDataMsg (msgs);

Destination.cpp

@@ -1,28 +1,23 @@
 #include <algorithm>
 #include <cassert>
 #include <boost/lexical_cast.hpp>
-#include <openssl/rand.h>
-#include "Log.h"
-#include "util.h"
 #include "Crypto.h"
+#include "Log.h"
+#include "FS.h"
 #include "Timestamp.h"
 #include "NetDb.h"
 #include "Destination.h"
+#include "util.h"
 
 namespace i2p
 {
 namespace client
 {
-	ClientDestination::ClientDestination (const i2p::data::PrivateKeys& keys, bool isPublic, 
-			const std::map<std::string, std::string> * params):
-		m_IsRunning (false), m_Thread (nullptr), m_Work (m_Service),	
-		m_Keys (keys), m_IsPublic (isPublic), m_PublishReplyToken (0),
-		m_DatagramDestination (nullptr), m_PublishConfirmationTimer (m_Service), m_CleanupTimer (m_Service)
+	LeaseSetDestination::LeaseSetDestination (bool isPublic, const std::map<std::string, std::string> * params):
+		m_IsRunning (false), m_Thread (nullptr), m_Work (m_Service), m_IsPublic (isPublic), 
+		m_PublishReplyToken (0), m_PublishConfirmationTimer (m_Service), 
+		m_PublishVerificationTimer (m_Service), m_CleanupTimer (m_Service)
 	{
-		if (m_IsPublic)	
-			PersistTemporaryKeys ();
-		else
-			i2p::crypto::GenerateElGamalKeyPair(m_EncryptionPrivateKey, m_EncryptionPublicKey);
 		int inboundTunnelLen = DEFAULT_INBOUND_TUNNEL_LENGTH;
 		int outboundTunnelLen = DEFAULT_OUTBOUND_TUNNEL_LENGTH;
 		int inboundTunnelsQuantity = DEFAULT_INBOUND_TUNNELS_QUANTITY;
@@ -33,28 +28,30 @@ namespace client
 		{
 			auto it = params->find (I2CP_PARAM_INBOUND_TUNNEL_LENGTH);
 			if (it != params->end ())
-			{	
-				int len = boost::lexical_cast<int>(it->second);
-				if (len > 0)
+			{
+
+				int len = i2p::util::lexical_cast<int>(it->second, inboundTunnelLen);
+				if (len >= 0)
 				{
-					inboundTunnelLen = len;
-					LogPrint (eLogInfo, "Destination: Inbound tunnel length set to ", len);
+						inboundTunnelLen = len;
 				}
+				LogPrint (eLogInfo, "Destination: Inbound tunnel length set to ", inboundTunnelLen);
 			}	
 			it = params->find (I2CP_PARAM_OUTBOUND_TUNNEL_LENGTH);
 			if (it != params->end ())
 			{
-				int len = boost::lexical_cast<int>(it->second);
-				if (len > 0)
+
+				int len = i2p::util::lexical_cast<int>(it->second, outboundTunnelLen);
+				if (len >= 0)
 				{
-					outboundTunnelLen = len;
-					LogPrint (eLogInfo, "Destination: Outbound tunnel length set to ", len);
+						outboundTunnelLen = len;
 				}
+				LogPrint (eLogInfo, "Destination: Outbound tunnel length set to ", outboundTunnelLen);
 			}	
 			it = params->find (I2CP_PARAM_INBOUND_TUNNELS_QUANTITY);
 			if (it != params->end ())
 			{
-				int quantity = boost::lexical_cast<int>(it->second);
+				int quantity = i2p::util::lexical_cast<int>(it->second, inboundTunnelsQuantity);
 				if (quantity > 0)
 				{
 					inboundTunnelsQuantity = quantity;
@@ -64,7 +61,7 @@ namespace client
 			it = params->find (I2CP_PARAM_OUTBOUND_TUNNELS_QUANTITY);
 			if (it != params->end ())
 			{
-				int quantity = boost::lexical_cast<int>(it->second);
+				int quantity = i2p::util::lexical_cast<int>(it->second, outboundTunnelsQuantity);
 				if (quantity > 0)
 				{
 					outboundTunnelsQuantity = quantity;
@@ -74,11 +71,11 @@ namespace client
 			it = params->find (I2CP_PARAM_TAGS_TO_SEND);
 			if (it != params->end ())
 			{
-				int tagsToSend = boost::lexical_cast<int>(it->second);
+				int tagsToSend = i2p::util::lexical_cast<int>(it->second, numTags);
 				if (tagsToSend > 0)
 				{
 					numTags = tagsToSend;
-					LogPrint (eLogInfo, "Destination: Tags to send set to  ", tagsToSend);
+					LogPrint (eLogInfo, "Destination: Tags to send set to	 ", tagsToSend);
 				}	
 			}	
 			it = params->find (I2CP_PARAM_EXPLICIT_PEERS);
@@ -100,24 +97,20 @@ namespace client
 		m_Pool = i2p::tunnel::tunnels.CreateTunnelPool (inboundTunnelLen, outboundTunnelLen, inboundTunnelsQuantity, outboundTunnelsQuantity);  
 		if (explicitPeers)
 			m_Pool->SetExplicitPeers (explicitPeers);
-		if (m_IsPublic)
-			LogPrint (eLogInfo, "Destination: Local address ", GetIdentHash().ToBase32 (), " created");
 	}
 
-	ClientDestination::~ClientDestination ()
+	LeaseSetDestination::~LeaseSetDestination ()
 	{
 		if (m_IsRunning)	
 			Stop ();
-		for (auto it: m_LeaseSetRequests)
+		for (auto& it: m_LeaseSetRequests)
 			if (it.second->requestComplete) it.second->requestComplete (nullptr);
 		m_LeaseSetRequests.clear ();
 		if (m_Pool)
 			i2p::tunnel::tunnels.DeleteTunnelPool (m_Pool);		
-		if (m_DatagramDestination)
-			delete m_DatagramDestination;
 	}	
 
-	void ClientDestination::Run ()
+	void LeaseSetDestination::Run ()
 	{
 		while (m_IsRunning)
 		{
@@ -132,41 +125,32 @@ namespace client
 		}	
 	}	
 
-	void ClientDestination::Start ()
+	bool LeaseSetDestination::Start ()
 	{	
 		if (!m_IsRunning)
 		{	
 			m_IsRunning = true;
 			m_Pool->SetLocalDestination (shared_from_this ());
 			m_Pool->SetActive (true);			
-			m_Thread = new std::thread (std::bind (&ClientDestination::Run, this));
-			m_StreamingDestination = std::make_shared<i2p::stream::StreamingDestination> (shared_from_this ()); // TODO:
-			m_StreamingDestination->Start ();	
-			for (auto it: m_StreamingDestinationsByPorts)
-				it.second->Start ();
+			m_Thread = new std::thread (std::bind (&LeaseSetDestination::Run, shared_from_this ()));
 			
 			m_CleanupTimer.expires_from_now (boost::posix_time::minutes (DESTINATION_CLEANUP_TIMEOUT));
-			m_CleanupTimer.async_wait (std::bind (&ClientDestination::HandleCleanupTimer,
-				this, std::placeholders::_1));
+			m_CleanupTimer.async_wait (std::bind (&LeaseSetDestination::HandleCleanupTimer,
+				shared_from_this (), std::placeholders::_1));
+			return true;
 		}	
+		else
+			return false;
 	}
 		
-	void ClientDestination::Stop ()
+	bool LeaseSetDestination::Stop ()
 	{	
 		if (m_IsRunning)
 		{	
 			m_CleanupTimer.cancel ();
+			m_PublishConfirmationTimer.cancel ();
+			m_PublishVerificationTimer.cancel ();
 			m_IsRunning = false;
-			m_StreamingDestination->Stop ();
-			m_StreamingDestination = nullptr;
-			for (auto it: m_StreamingDestinationsByPorts)
-				it.second->Stop ();
-			if (m_DatagramDestination)
-			{
-				auto d = m_DatagramDestination;
-				m_DatagramDestination = nullptr;
-				delete d;
-			}	
 			if (m_Pool)
 			{	
 				m_Pool->SetLocalDestination (nullptr);
@@ -179,24 +163,28 @@ namespace client
 				delete m_Thread;
 				m_Thread = 0;
 			}	
+			return true;
 		}	
+		else
+			return false;
 	}	
 
-	std::shared_ptr<const i2p::data::LeaseSet> ClientDestination::FindLeaseSet (const i2p::data::IdentHash& ident)
+	std::shared_ptr<const i2p::data::LeaseSet> LeaseSetDestination::FindLeaseSet (const i2p::data::IdentHash& ident)
 	{
 		auto it = m_RemoteLeaseSets.find (ident);
 		if (it != m_RemoteLeaseSets.end ())
 		{	
-			if (it->second->HasNonExpiredLeases ())
+			if (!it->second->IsExpired ())
 				return it->second;
 			else
-				LogPrint (eLogWarning, "Destination: All leases of remote LeaseSet expired");
+				LogPrint (eLogWarning, "Destination: remote LeaseSet expired");
 		}	
 		else
 		{	
 			auto ls = i2p::data::netdb.FindLeaseSet (ident);
-			if (ls)
+			if (ls && !ls->IsExpired ())
 			{
+				ls->PopulateLeases (); // since we don't store them in netdb
 				m_RemoteLeaseSets[ident] = ls;			
 				return ls;
 			}	
@@ -204,7 +192,7 @@ namespace client
 		return nullptr;
 	}	
 
-	std::shared_ptr<const i2p::data::LeaseSet> ClientDestination::GetLeaseSet ()
+	std::shared_ptr<const i2p::data::LocalLeaseSet> LeaseSetDestination::GetLeaseSet ()
 	{
 		if (!m_Pool) return nullptr;
 		if (!m_LeaseSet)
@@ -212,12 +200,24 @@ namespace client
 		return m_LeaseSet;
 	}	
 
-	void ClientDestination::UpdateLeaseSet ()
+	void LeaseSetDestination::SetLeaseSet (i2p::data::LocalLeaseSet * newLeaseSet)
 	{
-		m_LeaseSet.reset (new i2p::data::LeaseSet (m_Pool));
+		m_LeaseSet.reset (newLeaseSet);
+		if (m_IsPublic)
+		{
+			m_PublishVerificationTimer.cancel ();
+			Publish ();
+		}
+	}	
+		
+	void LeaseSetDestination::UpdateLeaseSet ()
+	{
+		int numTunnels = m_Pool->GetNumInboundTunnels () + 2; // 2 backup tunnels 
+		if (numTunnels > i2p::data::MAX_NUM_LEASES) numTunnels = i2p::data::MAX_NUM_LEASES; // 16 tunnels maximum 
+		CreateNewLeaseSet (m_Pool->GetInboundTunnels (numTunnels));
 	}	
 
-	bool ClientDestination::SubmitSessionKey (const uint8_t * key, const uint8_t * tag)
+	bool LeaseSetDestination::SubmitSessionKey (const uint8_t * key, const uint8_t * tag)
 	{
 		struct
 		{
@@ -225,24 +225,25 @@ namespace client
 		} data;	
 		memcpy (data.k, key, 32);
 		memcpy (data.t, tag, 32);
-		m_Service.post ([this,data](void)
+		auto s = shared_from_this ();
+		m_Service.post ([s,data](void)
 			{
-				this->AddSessionKey (data.k, data.t);
+				s->AddSessionKey (data.k, data.t);
 			});
 		return true;
 	}
 
-	void ClientDestination::ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg)
+	void LeaseSetDestination::ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg)
 	{
-		m_Service.post (std::bind (&ClientDestination::HandleGarlicMessage, this, msg)); 
+		m_Service.post (std::bind (&LeaseSetDestination::HandleGarlicMessage, shared_from_this (), msg)); 
 	}
 
-	void ClientDestination::ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg)
+	void LeaseSetDestination::ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg)
 	{
-		m_Service.post (std::bind (&ClientDestination::HandleDeliveryStatusMessage, this, msg)); 
+		m_Service.post (std::bind (&LeaseSetDestination::HandleDeliveryStatusMessage, shared_from_this (), msg)); 
 	}
 
-	void ClientDestination::HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from)
+	void LeaseSetDestination::HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
 		uint8_t typeID = buf[I2NP_HEADER_TYPEID_OFFSET];
 		switch (typeID)
@@ -265,7 +266,7 @@ namespace client
 		}		
 	}	
 
-	void ClientDestination::HandleDatabaseStoreMessage (const uint8_t * buf, size_t len)
+	void LeaseSetDestination::HandleDatabaseStoreMessage (const uint8_t * buf, size_t len)
 	{
 		uint32_t replyToken = bufbe32toh (buf + DATABASE_STORE_REPLY_TOKEN_OFFSET);
 		size_t offset = DATABASE_STORE_HEADER_SIZE;
@@ -282,27 +283,37 @@ namespace client
 			if (it != m_RemoteLeaseSets.end ())
 			{
 				leaseSet = it->second;
-				leaseSet->Update (buf + offset, len - offset); 
-				if (leaseSet->IsValid ())
-					LogPrint (eLogDebug, "Remote LeaseSet updated");
-				else
-				{
-					LogPrint (eLogDebug, "Remote LeaseSet update failed");
-					m_RemoteLeaseSets.erase (it);
-					leaseSet = nullptr;
+				if (leaseSet->IsNewer (buf + offset, len - offset))
+				{	
+					leaseSet->Update (buf + offset, len - offset); 
+					if (leaseSet->IsValid ())
+						LogPrint (eLogDebug, "Remote LeaseSet updated");
+					else
+					{
+						LogPrint (eLogDebug, "Remote LeaseSet update failed");
+						m_RemoteLeaseSets.erase (it);
+						leaseSet = nullptr;
+					}
 				}
+				else
+					LogPrint (eLogDebug, "Remote LeaseSet is older. Not updated");
 			}
 			else
 			{	
 				leaseSet = std::make_shared<i2p::data::LeaseSet> (buf + offset, len - offset);
 				if (leaseSet->IsValid ())
 				{
-					LogPrint (eLogDebug, "New remote LeaseSet added");
-					m_RemoteLeaseSets[buf + DATABASE_STORE_KEY_OFFSET] = leaseSet;
+					if (leaseSet->GetIdentHash () != GetIdentHash ())
+					{
+						LogPrint (eLogDebug, "New remote LeaseSet added");
+						m_RemoteLeaseSets[buf + DATABASE_STORE_KEY_OFFSET] = leaseSet;
+					}
+					else
+						LogPrint (eLogDebug, "Own remote LeaseSet dropped");
 				}
 				else
 				{
-					LogPrint (eLogError, "New remote LeaseSet verification failed");
+					LogPrint (eLogError, "New remote LeaseSet failed");
 					leaseSet = nullptr;
 				}
 			}	
@@ -319,7 +330,7 @@ namespace client
 		}	
 	}
 
-	void ClientDestination::HandleDatabaseSearchReplyMessage (const uint8_t * buf, size_t len)
+	void LeaseSetDestination::HandleDatabaseSearchReplyMessage (const uint8_t * buf, size_t len)
 	{
 		i2p::data::IdentHash key (buf);
 		int num = buf[32]; // num
@@ -362,28 +373,30 @@ namespace client
 			LogPrint (eLogWarning, "Destination: Request for ", key.ToBase64 (), " not found");
 	}	
 		
-	void ClientDestination::HandleDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg)
+	void LeaseSetDestination::HandleDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg)
 	{
 		uint32_t msgID = bufbe32toh (msg->GetPayload () + DELIVERY_STATUS_MSGID_OFFSET);
 		if (msgID == m_PublishReplyToken)
 		{
-			LogPrint (eLogDebug, "Destination: Publishing LeaseSet confirmed");
+			LogPrint (eLogDebug, "Destination: Publishing LeaseSet confirmed for ", GetIdentHash().ToBase32());
 			m_ExcludedFloodfills.clear ();
 			m_PublishReplyToken = 0;
+			// schedule verification
+			m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT));
+			m_PublishVerificationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishVerificationTimer,
+			shared_from_this (), std::placeholders::_1));	
 		}
 		else
 			i2p::garlic::GarlicDestination::HandleDeliveryStatusMessage (msg);
 	}	
 
-	void ClientDestination::SetLeaseSetUpdated ()
+	void LeaseSetDestination::SetLeaseSetUpdated ()
 	{
 		i2p::garlic::GarlicDestination::SetLeaseSetUpdated ();	
 		UpdateLeaseSet ();
-		if (m_IsPublic)
-			Publish ();
 	}
 		
-	void ClientDestination::Publish ()
+	void LeaseSetDestination::Publish ()
 	{	
 		if (!m_LeaseSet || !m_Pool) 
 		{
@@ -401,7 +414,12 @@ namespace client
 			LogPrint (eLogError, "Destination: Can't publish LeaseSet. No outbound tunnels");
 			return;
 		}
-		std::set<i2p::data::IdentHash> excluded; 
+		auto inbound = m_Pool->GetNextInboundTunnel ();
+		if (!inbound)
+		{
+			LogPrint (eLogError, "Destination: Can't publish LeaseSet. No inbound tunnels");
+			return;
+		}
 		auto floodfill = i2p::data::netdb.GetClosestFloodfill (m_LeaseSet->GetIdentHash (), m_ExcludedFloodfills);	
 		if (!floodfill)
 		{
@@ -412,14 +430,14 @@ namespace client
 		m_ExcludedFloodfills.insert (floodfill->GetIdentHash ());
 		LogPrint (eLogDebug, "Destination: Publish LeaseSet of ", GetIdentHash ().ToBase32 ());
 		RAND_bytes ((uint8_t *)&m_PublishReplyToken, 4);
-		auto msg = WrapMessage (floodfill, i2p::CreateDatabaseStoreMsg (m_LeaseSet, m_PublishReplyToken));			
+		auto msg = WrapMessage (floodfill, i2p::CreateDatabaseStoreMsg (m_LeaseSet, m_PublishReplyToken, inbound));			
 		m_PublishConfirmationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_CONFIRMATION_TIMEOUT));
-		m_PublishConfirmationTimer.async_wait (std::bind (&ClientDestination::HandlePublishConfirmationTimer,
-			this, std::placeholders::_1));	
+		m_PublishConfirmationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishConfirmationTimer,
+			shared_from_this (), std::placeholders::_1));	
 		outbound->SendTunnelDataMsg (floodfill->GetIdentHash (), 0, msg);	
 	}
 
-	void ClientDestination::HandlePublishConfirmationTimer (const boost::system::error_code& ecode)
+	void LeaseSetDestination::HandlePublishConfirmationTimer (const boost::system::error_code& ecode)
 	{
 		if (ecode != boost::asio::error::operation_aborted)
 		{	
@@ -432,6 +450,248 @@ namespace client
 		}
 	}
 
+	void LeaseSetDestination::HandlePublishVerificationTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{	
+			auto s = shared_from_this ();
+			RequestLeaseSet (GetIdentHash (), 
+				// "this" added due to bug in gcc 4.7-4.8
+				[s,this](std::shared_ptr<i2p::data::LeaseSet> leaseSet)
+				{
+					if (leaseSet && s->m_LeaseSet)
+					{
+						// we got latest LeasetSet
+						LogPrint (eLogDebug, "Destination: published LeaseSet verified for ", GetIdentHash().ToBase32());
+						s->m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_REGULAR_VERIFICATION_INTERNAL));
+						s->m_PublishVerificationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishVerificationTimer, s, std::placeholders::_1));	
+						return;
+					}	
+					else
+						LogPrint (eLogWarning, "Destination: couldn't find published LeaseSet for ", GetIdentHash().ToBase32());
+					// we have to publish again
+					s->Publish ();
+				});
+		}
+	}
+
+	bool LeaseSetDestination::RequestDestination (const i2p::data::IdentHash& dest, RequestComplete requestComplete)
+	{
+		if (!m_Pool || !IsReady ()) 
+		{	
+			if (requestComplete) 
+				m_Service.post ([requestComplete](void){requestComplete (nullptr);});
+			return false;
+		}	
+		m_Service.post (std::bind (&LeaseSetDestination::RequestLeaseSet, shared_from_this (), dest, requestComplete));
+		return true;
+	}
+
+	void LeaseSetDestination::CancelDestinationRequest (const i2p::data::IdentHash& dest, bool notify)
+	{
+		auto s = shared_from_this ();
+		m_Service.post ([dest, notify, s](void)
+			{
+				auto it = s->m_LeaseSetRequests.find (dest);
+				if (it != s->m_LeaseSetRequests.end ())
+				{	
+					auto requestComplete = it->second->requestComplete; 
+					s->m_LeaseSetRequests.erase (it);
+					if (notify && requestComplete) requestComplete (nullptr);
+				}	
+			});				
+	}
+		
+	void LeaseSetDestination::RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete)
+	{
+		std::set<i2p::data::IdentHash> excluded;
+		auto floodfill = i2p::data::netdb.GetClosestFloodfill (dest, excluded);
+		if (floodfill)
+		{
+			auto request = std::make_shared<LeaseSetRequest> (m_Service);
+			request->requestComplete = requestComplete;
+			auto ret = m_LeaseSetRequests.insert (std::pair<i2p::data::IdentHash, std::shared_ptr<LeaseSetRequest> >(dest,request));
+			if (ret.second) // inserted
+			{
+				if (!SendLeaseSetRequest (dest, floodfill, request))
+				{
+					// request failed
+					m_LeaseSetRequests.erase (dest);
+					if (request->requestComplete) request->requestComplete (nullptr);
+				}
+			}	
+			else // duplicate
+			{
+				LogPrint (eLogWarning, "Destination: Request of LeaseSet ", dest.ToBase64 (), " is pending already");
+				// TODO: queue up requests
+				if (request->requestComplete) request->requestComplete (nullptr);
+			}	
+		}	
+		else
+		{	
+			LogPrint (eLogError, "Destination: Can't request LeaseSet, no floodfills found");
+			if (requestComplete) requestComplete (nullptr);
+		}	
+	}	
+		
+	bool LeaseSetDestination::SendLeaseSetRequest (const i2p::data::IdentHash& dest, 
+		std::shared_ptr<const i2p::data::RouterInfo>  nextFloodfill, std::shared_ptr<LeaseSetRequest> request)
+	{
+		if (!request->replyTunnel || !request->replyTunnel->IsEstablished ())
+			request->replyTunnel = m_Pool->GetNextInboundTunnel ();
+		if (!request->replyTunnel) LogPrint (eLogError, "Destination: Can't send LeaseSet request, no inbound tunnels found");
+		if (!request->outboundTunnel || !request->outboundTunnel->IsEstablished ())
+			request->outboundTunnel = m_Pool->GetNextOutboundTunnel ();
+		if (!request->outboundTunnel) LogPrint (eLogError, "Destination: Can't send LeaseSet request, no outbound tunnels found");
+			
+		if (request->replyTunnel && request->outboundTunnel)
+		{	
+			request->excluded.insert (nextFloodfill->GetIdentHash ());
+			request->requestTime = i2p::util::GetSecondsSinceEpoch ();
+			request->requestTimeoutTimer.cancel ();
+
+			uint8_t replyKey[32], replyTag[32];
+			RAND_bytes (replyKey, 32); // random session key 
+			RAND_bytes (replyTag, 32); // random session tag
+			AddSessionKey (replyKey, replyTag);
+
+			auto msg = WrapMessage (nextFloodfill,
+				CreateLeaseSetDatabaseLookupMsg (dest, request->excluded, 
+					request->replyTunnel, replyKey, replyTag));
+			request->outboundTunnel->SendTunnelDataMsg (
+				{
+					i2p::tunnel::TunnelMessageBlock 
+					{ 
+						i2p::tunnel::eDeliveryTypeRouter,
+						nextFloodfill->GetIdentHash (), 0, msg
+					}
+				});	
+			request->requestTimeoutTimer.expires_from_now (boost::posix_time::seconds(LEASESET_REQUEST_TIMEOUT));
+			request->requestTimeoutTimer.async_wait (std::bind (&LeaseSetDestination::HandleRequestTimoutTimer,
+				shared_from_this (), std::placeholders::_1, dest));
+		}	
+		else
+			return false;
+		return true;
+	}	
+
+	void LeaseSetDestination::HandleRequestTimoutTimer (const boost::system::error_code& ecode, const i2p::data::IdentHash& dest)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			auto it = m_LeaseSetRequests.find (dest);
+			if (it != m_LeaseSetRequests.end ())
+			{
+				bool done = false;
+				uint64_t ts = i2p::util::GetSecondsSinceEpoch ();
+				if (ts < it->second->requestTime + MAX_LEASESET_REQUEST_TIMEOUT)
+				{
+					auto floodfill = i2p::data::netdb.GetClosestFloodfill (dest, it->second->excluded);
+					if (floodfill)
+					{
+						// reset tunnels, because one them might fail
+						it->second->outboundTunnel = nullptr;
+						it->second->replyTunnel = nullptr;		
+						done = !SendLeaseSetRequest (dest, floodfill, it->second);
+					}
+					else
+						done = true;
+				}
+				else
+				{	
+					LogPrint (eLogWarning, "Destination: ", dest.ToBase64 (), " was not found within ",  MAX_LEASESET_REQUEST_TIMEOUT, " seconds");
+					done = true;
+				}
+				
+				if (done)
+				{
+					auto requestComplete = it->second->requestComplete; 
+					m_LeaseSetRequests.erase (it);
+					if (requestComplete) requestComplete (nullptr);
+				}	
+			}	
+		}	
+	}
+
+	void LeaseSetDestination::HandleCleanupTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			CleanupExpiredTags ();
+			CleanupRemoteLeaseSets ();
+			m_CleanupTimer.expires_from_now (boost::posix_time::minutes (DESTINATION_CLEANUP_TIMEOUT));
+			m_CleanupTimer.async_wait (std::bind (&LeaseSetDestination::HandleCleanupTimer,
+				shared_from_this (), std::placeholders::_1));
+		}
+	}	
+
+	void LeaseSetDestination::CleanupRemoteLeaseSets ()
+	{
+		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+		for (auto it = m_RemoteLeaseSets.begin (); it != m_RemoteLeaseSets.end ();)
+		{
+			if (it->second->IsEmpty () || ts > it->second->GetExpirationTime ()) // leaseset expired
+			{
+				LogPrint (eLogWarning, "Destination: Remote LeaseSet ", it->second->GetIdentHash ().ToBase64 (), " expired");
+				it = m_RemoteLeaseSets.erase (it);
+			}	
+			else 
+				++it;
+		}
+	}	
+
+	ClientDestination::ClientDestination (const i2p::data::PrivateKeys& keys, bool isPublic, const std::map<std::string, std::string> * params):
+		LeaseSetDestination (isPublic, params),
+		m_Keys (keys), m_DatagramDestination (nullptr)
+	{
+		if (isPublic)	
+			PersistTemporaryKeys ();
+		else
+			i2p::crypto::GenerateElGamalKeyPair(m_EncryptionPrivateKey, m_EncryptionPublicKey);
+		if (isPublic)
+			LogPrint (eLogInfo, "Destination: Local address ", GetIdentHash().ToBase32 (), " created");
+	}	
+
+	ClientDestination::~ClientDestination ()	
+	{
+		if (m_DatagramDestination)
+			delete m_DatagramDestination;
+	}	
+		
+	bool ClientDestination::Start ()
+	{
+		if (LeaseSetDestination::Start ())
+		{	
+			m_StreamingDestination = std::make_shared<i2p::stream::StreamingDestination> (GetSharedFromThis ()); // TODO:
+			m_StreamingDestination->Start ();	
+			for (auto& it: m_StreamingDestinationsByPorts)
+				it.second->Start ();
+			return true;
+		}	
+		else
+			return false;
+	}	
+		
+	bool ClientDestination::Stop ()
+	{
+		if (LeaseSetDestination::Stop ())
+		{
+			m_StreamingDestination->Stop ();
+			m_StreamingDestination = nullptr;
+			for (auto& it: m_StreamingDestinationsByPorts)
+				it.second->Stop ();
+			if (m_DatagramDestination)
+			{
+				auto d = m_DatagramDestination;
+				m_DatagramDestination = nullptr;
+				delete d;
+			}	
+			return true;
+		}
+		else
+			return false;
+	}	
+
 	void ClientDestination::HandleDataMessage (const uint8_t * buf, size_t len)
 	{
 		uint32_t length = bufbe32toh (buf);
@@ -461,20 +721,26 @@ namespace client
 			default:
 				LogPrint (eLogError, "Destination: Data: unexpected protocol ", buf[9]);
 		}
-	}	
-
-	void ClientDestination::CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, int port) {
-		assert(streamRequestComplete);
+	}
+		
+	void ClientDestination::CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, int port) 
+	{
+		if (!streamRequestComplete) 
+		{
+			LogPrint (eLogError, "Destination: request callback is not specified in CreateStream");
+			return;
+		}	
 		auto leaseSet = FindLeaseSet (dest);
 		if (leaseSet)
 			streamRequestComplete(CreateStream (leaseSet, port));
 		else
 		{
+			auto s = GetSharedFromThis ();
 			RequestDestination (dest,
-				[this, streamRequestComplete, port](std::shared_ptr<i2p::data::LeaseSet> ls)
+				[s, streamRequestComplete, port](std::shared_ptr<i2p::data::LeaseSet> ls)
 				{
 					if (ls)
-						streamRequestComplete(CreateStream (ls, port));
+						streamRequestComplete(s->CreateStream (ls, port));
 					else
 						streamRequestComplete (nullptr);
 				});
@@ -520,9 +786,9 @@ namespace client
 		return false;
 	}	
 
-	std::shared_ptr<i2p::stream::StreamingDestination> ClientDestination::CreateStreamingDestination (int port)
+	std::shared_ptr<i2p::stream::StreamingDestination> ClientDestination::CreateStreamingDestination (int port, bool gzip)
 	{
-		auto dest = std::make_shared<i2p::stream::StreamingDestination> (shared_from_this (), port); 
+		auto dest = std::make_shared<i2p::stream::StreamingDestination> (GetSharedFromThis (), port, gzip); 
 		if (port)
 			m_StreamingDestinationsByPorts[port] = dest;
 		else // update default 
@@ -533,185 +799,54 @@ namespace client
 	i2p::datagram::DatagramDestination * ClientDestination::CreateDatagramDestination ()
 	{
 		if (!m_DatagramDestination)
-			m_DatagramDestination = new i2p::datagram::DatagramDestination (shared_from_this ());
+			m_DatagramDestination = new i2p::datagram::DatagramDestination (GetSharedFromThis ());
 		return m_DatagramDestination;	
 	}
 
-	bool ClientDestination::RequestDestination (const i2p::data::IdentHash& dest, RequestComplete requestComplete)
+	std::vector<std::shared_ptr<const i2p::stream::Stream> > ClientDestination::GetAllStreams () const
 	{
-		if (!m_Pool || !IsReady ()) 
-		{	
-			if (requestComplete) requestComplete (nullptr);
-			return false;
-		}	
-		m_Service.post (std::bind (&ClientDestination::RequestLeaseSet, shared_from_this (), dest, requestComplete));
-		return true;
-	}
-
-	void ClientDestination::CancelDestinationRequest (const i2p::data::IdentHash& dest)
-	{
-		auto s = shared_from_this ();
-		m_Service.post ([dest, s](void)
-			{
-				auto it = s->m_LeaseSetRequests.find (dest);
-				if (it != s->m_LeaseSetRequests.end ())
-					 s->m_LeaseSetRequests.erase (it);
-			});				
-	}
-		
-	void ClientDestination::RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete)
-	{
-		std::set<i2p::data::IdentHash> excluded;
-		auto floodfill = i2p::data::netdb.GetClosestFloodfill (dest, excluded);
-		if (floodfill)
+		std::vector<std::shared_ptr<const i2p::stream::Stream> > ret;
+		if (m_StreamingDestination)
 		{
-			auto request = std::make_shared<LeaseSetRequest> (m_Service);
-			request->requestComplete = requestComplete;
-			auto ret = m_LeaseSetRequests.insert (std::pair<i2p::data::IdentHash, std::shared_ptr<LeaseSetRequest> >(dest,request));
-			if (ret.second) // inserted
-			{
-				if (!SendLeaseSetRequest (dest, floodfill, request))
-				{
-					// request failed
-					if (request->requestComplete) request->requestComplete (nullptr);
-					m_LeaseSetRequests.erase (dest);
-				}
-			}	
-			else // duplicate
-			{
-				LogPrint (eLogWarning, "Destination: Request of LeaseSet ", dest.ToBase64 (), " is pending already");
-				// TODO: queue up requests
-				if (request->requestComplete) request->requestComplete (nullptr);
-			}	
+			for (auto& it: m_StreamingDestination->GetStreams ())
+				ret.push_back (it.second);
 		}	
-		else
-			LogPrint (eLogError, "Destination: Can't request LeaseSet, no floodfills found");
+		for (auto& it: m_StreamingDestinationsByPorts)
+			for (auto& it1: it.second->GetStreams ())
+				ret.push_back (it1.second);
+		return ret;
 	}	
-		
-	bool ClientDestination::SendLeaseSetRequest (const i2p::data::IdentHash& dest, 
-		std::shared_ptr<const i2p::data::RouterInfo>  nextFloodfill, std::shared_ptr<LeaseSetRequest> request)
-	{
-		auto replyTunnel = m_Pool->GetNextInboundTunnel ();
-		if (!replyTunnel) LogPrint (eLogError, "Destination: Can't send LeaseSet request, no inbound tunnels found");
-		
-		auto outboundTunnel = m_Pool->GetNextOutboundTunnel ();
-		if (!outboundTunnel) LogPrint (eLogError, "Destination: Can't send LeaseSet request, no outbound tunnels found");
-			
-		if (replyTunnel && outboundTunnel)
-		{	
-			request->excluded.insert (nextFloodfill->GetIdentHash ());
-			request->requestTime = i2p::util::GetSecondsSinceEpoch ();
-			request->requestTimeoutTimer.cancel ();
-
-			uint8_t replyKey[32], replyTag[32];
-			RAND_bytes (replyKey, 32); // random session key 
-			RAND_bytes (replyTag, 32); // random session tag
-			AddSessionKey (replyKey, replyTag);
-
-			auto msg = WrapMessage (nextFloodfill,
-				CreateLeaseSetDatabaseLookupMsg (dest, request->excluded, 
-					replyTunnel.get (), replyKey, replyTag));
-			outboundTunnel->SendTunnelDataMsg (
-				{
-					i2p::tunnel::TunnelMessageBlock 
-					{ 
-						i2p::tunnel::eDeliveryTypeRouter,
-						nextFloodfill->GetIdentHash (), 0, msg
-					}
-				});	
-			request->requestTimeoutTimer.expires_from_now (boost::posix_time::seconds(LEASESET_REQUEST_TIMEOUT));
-			request->requestTimeoutTimer.async_wait (std::bind (&ClientDestination::HandleRequestTimoutTimer,
-				this, std::placeholders::_1, dest));
-		}	
-		else
-			return false;
-		return true;
-	}	
-
-	void ClientDestination::HandleRequestTimoutTimer (const boost::system::error_code& ecode, const i2p::data::IdentHash& dest)
-	{
-		if (ecode != boost::asio::error::operation_aborted)
-		{
-			auto it = m_LeaseSetRequests.find (dest);
-			if (it != m_LeaseSetRequests.end ())
-			{
-				bool done = false;
-				uint64_t ts = i2p::util::GetSecondsSinceEpoch ();
-				if (ts < it->second->requestTime + MAX_LEASESET_REQUEST_TIMEOUT)
-				{
-					auto floodfill = i2p::data::netdb.GetClosestFloodfill (dest, it->second->excluded);
-					if (floodfill)
-						 done = !SendLeaseSetRequest (dest, floodfill, it->second);
-					else
-						done = true;
-				}
-				else
-				{	
-					LogPrint (eLogWarning, "Destination: ", dest.ToBase64 (), " was not found within ",  MAX_LEASESET_REQUEST_TIMEOUT, " seconds");
-					done = true;
-				}
-				
-				if (done)
-				{
-					if (it->second->requestComplete) it->second->requestComplete (nullptr);
-					m_LeaseSetRequests.erase (it);
-				}	
-			}	
-		}	
-	}
-
-	void ClientDestination::HandleCleanupTimer (const boost::system::error_code& ecode)
-	{
-		if (ecode != boost::asio::error::operation_aborted)
-		{
-			CleanupRoutingSessions ();
-			CleanupRemoteLeaseSets ();
-			m_CleanupTimer.expires_from_now (boost::posix_time::minutes (DESTINATION_CLEANUP_TIMEOUT));
-			m_CleanupTimer.async_wait (std::bind (&ClientDestination::HandleCleanupTimer,
-				shared_from_this (), std::placeholders::_1));
-		}
-	}	
-
-	void ClientDestination::CleanupRemoteLeaseSets ()
-	{
-		for (auto it = m_RemoteLeaseSets.begin (); it != m_RemoteLeaseSets.end ();)
-		{
-			if (!it->second->HasNonExpiredLeases ()) // all leases expired
-			{
-				LogPrint (eLogWarning, "Destination: Remote LeaseSet ", it->second->GetIdentHash ().ToBase64 (), " expired");
-				it = m_RemoteLeaseSets.erase (it);
-			}	
-			else 
-				it++;
-		}
-	}
 
 	void ClientDestination::PersistTemporaryKeys ()
 	{
-		auto path = i2p::util::filesystem::GetDefaultDataDir() / "destinations"; 
-		auto filename = path / (GetIdentHash ().ToBase32 () + ".dat");				
-		std::ifstream f(filename.string (), std::ifstream::binary);
-		if (f)	
-		{
-			f.read ((char *)m_EncryptionPublicKey, 256);
+		std::string ident = GetIdentHash().ToBase32();
+		std::string path  = i2p::fs::DataDirPath("destinations", (ident + ".dat"));
+		std::ifstream f(path, std::ifstream::binary);
+
+		if (f) {
+			f.read ((char *)m_EncryptionPublicKey,  256);
 			f.read ((char *)m_EncryptionPrivateKey, 256);
+			return;
 		}
-		if (!f)
-		{
-			LogPrint (eLogInfo, "Creating new temporary keys for address ", GetIdentHash ().ToBase32 ());
-			i2p::crypto::GenerateElGamalKeyPair(m_EncryptionPrivateKey, m_EncryptionPublicKey);
-			if (!boost::filesystem::exists (path))
-			{
-				if (!boost::filesystem::create_directory (path))
-					LogPrint (eLogError, "Failed to create destinations directory");
-			}
-			std::ofstream f1 (filename.string (), std::ofstream::binary | std::ofstream::out);
-			if (f1)
-			{
-				f1.write ((char *)m_EncryptionPublicKey, 256);
-				f1.write ((char *)m_EncryptionPrivateKey, 256);
-			}
-		}	
-	}
+
+		LogPrint (eLogInfo, "Destination: Creating new temporary keys for address ", ident, ".b32.i2p");
+		i2p::crypto::GenerateElGamalKeyPair(m_EncryptionPrivateKey, m_EncryptionPublicKey);
+
+		std::ofstream f1 (path, std::ofstream::binary | std::ofstream::out);
+		if (f1) {
+			f1.write ((char *)m_EncryptionPublicKey,  256);
+			f1.write ((char *)m_EncryptionPrivateKey, 256);
+			return;
+		}
+		LogPrint(eLogError, "Destinations: Can't save keys to ", path);
+	}	
+
+	void ClientDestination::CreateNewLeaseSet (std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels)
+	{
+		auto leaseSet = new i2p::data::LocalLeaseSet (GetIdentity (), m_EncryptionPublicKey, tunnels);
+		// sign
+		Sign (leaseSet->GetBuffer (), leaseSet->GetBufferLen () - leaseSet->GetSignatureLen (), leaseSet->GetSignature ()); // TODO
+		SetLeaseSet (leaseSet);
+	}	
 }
 }

Destination.h

@@ -26,6 +26,8 @@ namespace client
 	const uint8_t PROTOCOL_TYPE_DATAGRAM = 17;
 	const uint8_t PROTOCOL_TYPE_RAW = 18;	
 	const int PUBLISH_CONFIRMATION_TIMEOUT = 5; // in seconds
+	const int PUBLISH_VERIFICATION_TIMEOUT = 10; // in seconds after successfull publish
+	const int PUBLISH_REGULAR_VERIFICATION_INTERNAL = 100; // in seconds periodically	
 	const int LEASESET_REQUEST_TIMEOUT = 5; // in seconds
 	const int MAX_LEASESET_REQUEST_TIMEOUT = 40; // in seconds
 	const int DESTINATION_CLEANUP_TIMEOUT = 3; // in minutes 
@@ -44,11 +46,11 @@ namespace client
 	const int STREAM_REQUEST_TIMEOUT = 60; //in seconds
 	const char I2CP_PARAM_TAGS_TO_SEND[] = "crypto.tagsToSend";
 	const int DEFAULT_TAGS_TO_SEND = 40;
-	
+
 	typedef std::function<void (std::shared_ptr<i2p::stream::Stream> stream)> StreamRequestComplete;
 
-	class ClientDestination: public i2p::garlic::GarlicDestination,
-		public std::enable_shared_from_this<ClientDestination>
+	class LeaseSetDestination: public i2p::garlic::GarlicDestination,
+		public std::enable_shared_from_this<LeaseSetDestination>
 	{
 		typedef std::function<void (std::shared_ptr<i2p::data::LeaseSet> leaseSet)> RequestComplete;
 		// leaseSet = nullptr means not found
@@ -59,45 +61,28 @@ namespace client
 			uint64_t requestTime;
 			boost::asio::deadline_timer requestTimeoutTimer;
 			RequestComplete requestComplete;
+			std::shared_ptr<i2p::tunnel::OutboundTunnel> outboundTunnel;
+			std::shared_ptr<i2p::tunnel::InboundTunnel> replyTunnel;
 		};	
 		
 		
 		public:
 
-			ClientDestination (const i2p::data::PrivateKeys& keys, bool isPublic, const std::map<std::string, std::string> * params = nullptr);
-			~ClientDestination ();	
+			LeaseSetDestination (bool isPublic, const std::map<std::string, std::string> * params = nullptr);
+			~LeaseSetDestination ();	
 
-			virtual void Start ();
-			virtual void Stop ();
+			virtual bool Start ();
+			virtual bool Stop ();
 			bool IsRunning () const { return m_IsRunning; };
 			boost::asio::io_service& GetService () { return m_Service; };
 			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () { return m_Pool; }; 
-			bool IsReady () const { return m_LeaseSet && m_LeaseSet->HasNonExpiredLeases () && m_Pool->GetOutboundTunnels ().size () > 0; };
+			bool IsReady () const { return m_LeaseSet && !m_LeaseSet->IsExpired () && m_Pool->GetOutboundTunnels ().size () > 0; };
 			std::shared_ptr<const i2p::data::LeaseSet> FindLeaseSet (const i2p::data::IdentHash& ident);
 			bool RequestDestination (const i2p::data::IdentHash& dest, RequestComplete requestComplete = nullptr);
-			void CancelDestinationRequest (const i2p::data::IdentHash& dest);	
-			
-			// streaming
-			std::shared_ptr<i2p::stream::StreamingDestination> CreateStreamingDestination (int port); // additional
-			std::shared_ptr<i2p::stream::StreamingDestination> GetStreamingDestination (int port = 0) const;
-			// following methods operate with default streaming destination
-			void CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, int port = 0);
-			std::shared_ptr<i2p::stream::Stream> CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port = 0);
-			void AcceptStreams (const i2p::stream::StreamingDestination::Acceptor& acceptor);
-			void StopAcceptingStreams ();
-			bool IsAcceptingStreams () const;
-			
-			// datagram
-			i2p::datagram::DatagramDestination * GetDatagramDestination () const { return m_DatagramDestination; };
-			i2p::datagram::DatagramDestination * CreateDatagramDestination ();
+			void CancelDestinationRequest (const i2p::data::IdentHash& dest, bool notify = true);	
 
-			// implements LocalDestination
-			const i2p::data::PrivateKeys& GetPrivateKeys () const { return m_Keys; };
-			const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; };
-			const uint8_t * GetEncryptionPublicKey () const { return m_EncryptionPublicKey; };
-			
 			// implements GarlicDestination
-			std::shared_ptr<const i2p::data::LeaseSet> GetLeaseSet ();
+			std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSet ();
 			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () const { return m_Pool; }
 			void HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
 
@@ -107,15 +92,20 @@ namespace client
 			void ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);	
 			void SetLeaseSetUpdated ();
 
-			// I2CP
-			void HandleDataMessage (const uint8_t * buf, size_t len);
+		protected:
 
+			void SetLeaseSet (i2p::data::LocalLeaseSet * newLeaseSet);
+			// I2CP
+			virtual void HandleDataMessage (const uint8_t * buf, size_t len) = 0;
+			virtual void CreateNewLeaseSet (std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels) = 0;
+			
 		private:
 				
 			void Run ();			
 			void UpdateLeaseSet ();
 			void Publish ();
 			void HandlePublishConfirmationTimer (const boost::system::error_code& ecode);
+			void HandlePublishVerificationTimer (const boost::system::error_code& ecode);
 			void HandleDatabaseStoreMessage (const uint8_t * buf, size_t len);
 			void HandleDatabaseSearchReplyMessage (const uint8_t * buf, size_t len);
 			void HandleDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);		
@@ -124,37 +114,88 @@ namespace client
 			bool SendLeaseSetRequest (const i2p::data::IdentHash& dest, std::shared_ptr<const i2p::data::RouterInfo>  nextFloodfill, std::shared_ptr<LeaseSetRequest> request);	
 			void HandleRequestTimoutTimer (const boost::system::error_code& ecode, const i2p::data::IdentHash& dest);
 			void HandleCleanupTimer (const boost::system::error_code& ecode);
-			void CleanupRemoteLeaseSets ();
-			void PersistTemporaryKeys ();			
-
+			void CleanupRemoteLeaseSets ();			
+			
 		private:
 
 			volatile bool m_IsRunning;
 			std::thread * m_Thread;	
 			boost::asio::io_service m_Service;
 			boost::asio::io_service::work m_Work;
-			i2p::data::PrivateKeys m_Keys;
-			uint8_t m_EncryptionPublicKey[256], m_EncryptionPrivateKey[256];
 			std::map<i2p::data::IdentHash, std::shared_ptr<i2p::data::LeaseSet> > m_RemoteLeaseSets;
 			std::map<i2p::data::IdentHash, std::shared_ptr<LeaseSetRequest> > m_LeaseSetRequests;
 
 			std::shared_ptr<i2p::tunnel::TunnelPool> m_Pool;
-			std::shared_ptr<i2p::data::LeaseSet> m_LeaseSet;
+			std::shared_ptr<i2p::data::LocalLeaseSet> m_LeaseSet;
 			bool m_IsPublic;
 			uint32_t m_PublishReplyToken;
 			std::set<i2p::data::IdentHash> m_ExcludedFloodfills; // for publishing
-			
-			std::shared_ptr<i2p::stream::StreamingDestination> m_StreamingDestination; // default
-			std::map<uint16_t, std::shared_ptr<i2p::stream::StreamingDestination> > m_StreamingDestinationsByPorts;
-			i2p::datagram::DatagramDestination * m_DatagramDestination;
 	
-			boost::asio::deadline_timer m_PublishConfirmationTimer, m_CleanupTimer;
+			boost::asio::deadline_timer m_PublishConfirmationTimer, m_PublishVerificationTimer, m_CleanupTimer;
 
 		public:
 			
 			// for HTTP only
 			int GetNumRemoteLeaseSets () const { return m_RemoteLeaseSets.size (); };
 	};	
+
+	class ClientDestination: public LeaseSetDestination
+	{
+		public:
+
+			ClientDestination (const i2p::data::PrivateKeys& keys, bool isPublic, const std::map<std::string, std::string> * params = nullptr);
+			~ClientDestination ();
+			
+			bool Start ();
+			bool Stop ();
+
+			const i2p::data::PrivateKeys& GetPrivateKeys () const { return m_Keys; };
+			void Sign (const uint8_t * buf, int len, uint8_t * signature) const { m_Keys.Sign (buf, len, signature); };	
+			
+			// streaming
+			std::shared_ptr<i2p::stream::StreamingDestination> CreateStreamingDestination (int port, bool gzip = true); // additional
+			std::shared_ptr<i2p::stream::StreamingDestination> GetStreamingDestination (int port = 0) const;
+			// following methods operate with default streaming destination
+			void CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, int port = 0);
+			std::shared_ptr<i2p::stream::Stream> CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port = 0);
+			void AcceptStreams (const i2p::stream::StreamingDestination::Acceptor& acceptor);
+			void StopAcceptingStreams ();
+			bool IsAcceptingStreams () const;
+
+			// datagram
+			i2p::datagram::DatagramDestination * GetDatagramDestination () const { return m_DatagramDestination; };
+			i2p::datagram::DatagramDestination * CreateDatagramDestination ();
+			
+			// implements LocalDestination		
+			const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; };
+			std::shared_ptr<const i2p::data::IdentityEx> GetIdentity () const { return m_Keys.GetPublic (); };			
+
+		protected:
+			
+			// I2CP
+			void HandleDataMessage (const uint8_t * buf, size_t len);
+			void CreateNewLeaseSet (std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels);
+			
+		private:
+
+			std::shared_ptr<ClientDestination> GetSharedFromThis ()
+			{ return std::static_pointer_cast<ClientDestination>(shared_from_this ()); }   
+			void PersistTemporaryKeys ();
+
+		private:
+
+			i2p::data::PrivateKeys m_Keys;
+			uint8_t m_EncryptionPublicKey[256], m_EncryptionPrivateKey[256];
+
+			std::shared_ptr<i2p::stream::StreamingDestination> m_StreamingDestination; // default
+			std::map<uint16_t, std::shared_ptr<i2p::stream::StreamingDestination> > m_StreamingDestinationsByPorts;
+			i2p::datagram::DatagramDestination * m_DatagramDestination;
+
+		public:
+
+			// for HTTP only
+			std::vector<std::shared_ptr<const i2p::stream::Stream> > GetAllStreams () const;
+	};	
 }	
 }	
 

FS.cpp

@@ -0,0 +1,173 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <algorithm>
+#include <boost/filesystem.hpp>
+
+#ifdef _WIN32
+#include <shlobj.h>
+#endif
+
+#include "Base.h"
+#include "FS.h"
+#include "Log.h"
+
+namespace i2p {
+namespace fs {
+  std::string appName = "i2pd";
+  std::string dataDir = "";
+#ifdef _WIN32
+  std::string dirSep = "\\";
+#else
+  std::string dirSep = "/";
+#endif
+
+  const std::string & GetAppName () {
+    return appName;
+  }
+
+  void SetAppName (const std::string& name) {
+    appName = name;
+  }
+
+  const std::string & GetDataDir () {
+    return dataDir;
+  }
+
+  void DetectDataDir(const std::string & cmdline_param, bool isService) {
+    if (cmdline_param != "") {
+      dataDir = cmdline_param;
+      return;
+    }
+#if defined(WIN32) || defined(_WIN32)
+    char localAppData[MAX_PATH];
+    SHGetFolderPath(NULL, CSIDL_APPDATA, 0, NULL, localAppData);
+    dataDir = std::string(localAppData) + "\\" + appName;
+    return;
+#elif defined(MAC_OSX)
+    char *home = getenv("HOME");
+    dataDir = (home != NULL && strlen(home) > 0) ? home : "";
+    dataDir += "/Library/Application Support/" + appName;
+    return;
+#else /* other unix */
+#if defined(ANDROID)
+	if (boost::filesystem::exists("/sdcard"))
+	{	  
+		dataDir = "/sdcard/" + appName; 
+		return;
+	}	  
+	// otherwise use /data/files  
+#endif	  
+    char *home = getenv("HOME");
+    if (isService) {
+      dataDir = "/var/lib/" + appName;
+    } else if (home != NULL && strlen(home) > 0) {
+      dataDir = std::string(home) + "/." + appName;
+    } else {
+      dataDir = "/tmp/" + appName;
+    }
+    return;
+#endif
+  }
+
+  bool Init() {
+    if (!boost::filesystem::exists(dataDir))
+      boost::filesystem::create_directory(dataDir);
+    std::string destinations = DataDirPath("destinations");
+    if (!boost::filesystem::exists(destinations))
+      boost::filesystem::create_directory(destinations);
+
+    return true;
+  }
+
+  bool ReadDir(const std::string & path, std::vector<std::string> & files) {
+    if (!boost::filesystem::exists(path))
+      return false;
+    boost::filesystem::directory_iterator it(path);
+    boost::filesystem::directory_iterator end;
+
+    for ( ; it != end; it++) {
+      if (!boost::filesystem::is_regular_file(it->status()))
+        continue;
+      files.push_back(it->path().string());
+    }
+
+    return true;
+  }
+
+  bool Exists(const std::string & path) {
+    return boost::filesystem::exists(path);
+  }
+
+  bool Remove(const std::string & path) {
+    if (!boost::filesystem::exists(path))
+      return false;
+    return boost::filesystem::remove(path);
+  }
+
+  	bool CreateDirectory (const std::string& path)
+	{
+		if (boost::filesystem::exists(path) && 
+			boost::filesystem::is_directory (boost::filesystem::status (path))) return true;
+		return boost::filesystem::create_directory(path);
+	}			
+
+  void HashedStorage::SetPlace(const std::string &path) {
+    root = path + i2p::fs::dirSep + name;
+  }
+
+  bool HashedStorage::Init(const char * chars, size_t count) {
+    if (!boost::filesystem::exists(root)) {
+      boost::filesystem::create_directories(root);
+    }
+    
+    for (size_t i = 0; i < count; i++) {
+      auto p = root + i2p::fs::dirSep + prefix1 + chars[i];
+      if (boost::filesystem::exists(p))
+        continue;
+      if (boost::filesystem::create_directory(p))
+        continue; /* ^ throws exception on failure */
+      return false;
+    }
+    return true;
+  }
+
+  std::string HashedStorage::Path(const std::string & ident) const {
+    std::string safe_ident = ident;
+    std::replace(safe_ident.begin(), safe_ident.end(), '/',  '-');
+    std::replace(safe_ident.begin(), safe_ident.end(), '\\', '-');
+
+    std::stringstream t("");
+    t << this->root << i2p::fs::dirSep;
+    t << prefix1 << safe_ident[0] << i2p::fs::dirSep;
+    t << prefix2 << safe_ident    << "." << suffix;
+
+    return t.str();
+  }
+
+  void HashedStorage::Remove(const std::string & ident) {
+    std::string path = Path(ident);
+    if (!boost::filesystem::exists(path))
+      return;
+    boost::filesystem::remove(path);
+  }
+
+  void HashedStorage::Traverse(std::vector<std::string> & files) {
+    boost::filesystem::path p(root);
+    boost::filesystem::recursive_directory_iterator it(p);
+    boost::filesystem::recursive_directory_iterator end;
+
+    for ( ; it != end; it++) {
+      if (!boost::filesystem::is_regular_file( it->status() ))
+        continue;
+      const std::string & t = it->path().string();
+      files.push_back(t);
+    }
+  }
+} // fs
+} // i2p

FS.h

@@ -0,0 +1,155 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#ifndef FS_H__
+#define FS_H__
+
+#include <vector>
+#include <string>
+#include <iostream>
+#include <sstream>
+
+namespace i2p {
+namespace fs {
+  extern std::string dirSep;
+
+  /**
+   * @brief Class to work with NetDb & Router profiles
+   *
+   * Usage:
+   *
+   * const char alphabet[8] = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'};
+   * auto h = HashedStorage("name", "y", "z-", ".txt");
+   * h.SetPlace("/tmp/hs-test");
+   * h.GetName()          -> gives "name"
+   * h.GetRoot()          -> gives "/tmp/hs-test/name"
+   * h.Init(alphabet, 8); <- creates needed dirs, 8 is size of alphabet
+   * h.Path("abcd");      <- returns /tmp/hs-test/name/ya/z-abcd.txt
+   * h.Remove("abcd");    <- removes /tmp/hs-test/name/ya/z-abcd.txt, if it exists
+   * std::vector<std::string> files;
+   * h.Traverse(files);   <- finds all files in storage and saves in given vector
+   */
+  class HashedStorage {
+    protected:
+      std::string root;    /**< path to storage with it's name included */
+      std::string name;    /**< name of the storage */
+      std::string prefix1; /**< hashed directory prefix */
+      std::string prefix2; /**< prefix of file in storage */
+      std::string suffix;  /**< suffix of file in storage (extension) */
+
+    public:
+      HashedStorage(const char *n, const char *p1, const char *p2, const char *s):
+        name(n), prefix1(p1), prefix2(p2), suffix(s) {};
+
+      /** create subdirs in storage */
+      bool Init(const char* chars, size_t cnt);
+      const std::string & GetRoot() const { return root; }
+      const std::string & GetName() const { return name; }
+      /** set directory where to place storage directory */
+      void SetPlace(const std::string & path);
+      /** path to file with given ident */
+      std::string Path(const std::string & ident) const;
+      /** remove file by ident */
+      void Remove(const std::string & ident);
+      /** find all files in storage and store list in provided vector */
+      void Traverse(std::vector<std::string> & files);
+  };
+
+  /** @brief Returns current application name, default 'i2pd' */
+	const std::string & GetAppName ();
+  /** @brief Set applicaton name, affects autodetection of datadir */
+	void SetAppName (const std::string& name);
+
+  /** @brief Returns datadir path */
+  const std::string & GetDataDir();
+
+  /**
+   * @brief Set datadir either from cmdline option or using autodetection
+   * @param cmdline_param  Value of cmdline parameter --datadir=<something>
+   * @param isService      Value of cmdline parameter --service
+   *
+   * Examples of autodetected paths:
+   *
+   *   Windows < Vista: C:\Documents and Settings\Username\Application Data\i2pd\
+   *   Windows >= Vista: C:\Users\Username\AppData\Roaming\i2pd\
+   *   Mac: /Library/Application Support/i2pd/ or ~/Library/Application Support/i2pd/
+   *   Unix: /var/lib/i2pd/ (system=1) >> ~/.i2pd/ or /tmp/i2pd/
+   */
+  void DetectDataDir(const std::string & cmdline_datadir, bool isService = false);
+
+  /**
+   * @brief Create subdirectories inside datadir
+   */
+  bool Init();
+
+  /**
+   * @brief Get list of files in directory
+   * @param path  Path to directory
+   * @param files Vector to store found files
+   * @return true on success and false if directory not exists
+   */
+  bool ReadDir(const std::string & path, std::vector<std::string> & files);
+
+  /**
+   * @brief Remove file with given path
+   * @param path Absolute path to file
+   * @return true on success, false if file not exists, throws exception on error
+   */
+  bool Remove(const std::string & path);
+
+  /**
+   * @brief Check existence of file
+   * @param path Absolute path to file
+   * @return true if file exists, false otherwise
+   */
+  bool Exists(const std::string & path);
+ 
+  bool CreateDirectory (const std::string& path);	
+
+  template<typename T>
+  void _ExpandPath(std::stringstream & path, T c) {
+    path << i2p::fs::dirSep << c;
+  }
+
+  template<typename T, typename ... Other>
+  void _ExpandPath(std::stringstream & path, T c, Other ... other) {
+    _ExpandPath(path, c);
+    _ExpandPath(path, other ...);
+  }
+
+  /**
+   * @brief Get path relative to datadir
+   *
+   * Examples (with datadir = "/tmp/i2pd"):
+   *
+   * i2p::fs::Path("test")             -> '/tmp/i2pd/test'
+   * i2p::fs::Path("test", "file.txt") -> '/tmp/i2pd/test/file.txt'
+   */
+  template<typename ... Other>
+  std::string DataDirPath(Other ... components) {
+    std::stringstream s("");
+    s << i2p::fs::GetDataDir();
+    _ExpandPath(s, components ...);
+
+    return s.str();
+  }
+
+	template<typename Storage, typename... Filename>
+	std::string StorageRootPath (const Storage& storage, Filename... filenames)
+	{
+		std::stringstream s("");
+		s << storage.GetRoot ();
+		_ExpandPath(s, filenames...);
+
+		return s.str();
+	}	
+
+} // fs
+} // i2p
+
+#endif // /* FS_H__ */

Family.cpp

@@ -0,0 +1,175 @@
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+#include "Crypto.h"
+#include "FS.h"
+#include "Log.h"
+#include "Family.h"
+
+namespace i2p
+{
+namespace data
+{
+	Families::Families ()
+	{
+	}
+
+	Families::~Families ()
+	{
+	}
+
+	void Families::LoadCertificate (const std::string& filename)
+	{
+		SSL_CTX * ctx = SSL_CTX_new (TLSv1_method ());
+		int ret = SSL_CTX_use_certificate_file (ctx, filename.c_str (), SSL_FILETYPE_PEM); 
+		if (ret)
+		{	
+			SSL * ssl = SSL_new (ctx);
+			X509 * cert = SSL_get_certificate (ssl);
+			if (cert)
+			{	
+				std::shared_ptr<i2p::crypto::Verifier> verifier;
+				// extract issuer name
+				char name[100];
+				X509_NAME_oneline (X509_get_issuer_name(cert), name, 100);
+				char * cn = strstr (name, "CN=");
+				if (cn)
+				{	
+					cn += 3;
+					char * family = strstr (cn, ".family");
+					if (family) family[0] = 0;
+				}	
+				auto pkey = X509_get_pubkey (cert);
+				int keyType = EVP_PKEY_type(pkey->type);
+				switch (keyType)
+				{
+					case EVP_PKEY_DSA:
+						// TODO:
+					break;
+					case EVP_PKEY_EC:
+					{
+						EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);
+						if (ecKey)
+						{
+							auto group = EC_KEY_get0_group (ecKey);
+							if (group)
+							{
+								int curve = EC_GROUP_get_curve_name (group);
+								if (curve == NID_X9_62_prime256v1)
+								{
+									uint8_t signingKey[64];
+									BIGNUM * x = BN_new(), * y = BN_new();
+									EC_POINT_get_affine_coordinates_GFp (group,
+										EC_KEY_get0_public_key (ecKey), x, y, NULL);
+									i2p::crypto::bn2buf (x, signingKey, 32);
+									i2p::crypto::bn2buf (y, signingKey + 32, 32);
+									BN_free (x); BN_free (y);
+									verifier = std::make_shared<i2p::crypto::ECDSAP256Verifier>(signingKey);
+								}	
+								else
+									LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
+							}
+							EC_KEY_free (ecKey);
+						}
+						break;
+					}
+					default:
+						LogPrint (eLogWarning, "Family: Certificate key type ", keyType, " is not supported");
+				}
+				EVP_PKEY_free (pkey);
+				if (verifier && cn)
+					m_SigningKeys[cn] = verifier;
+			}	
+			SSL_free (ssl);			
+		}	
+		else
+			LogPrint (eLogError, "Family: Can't open certificate file ", filename);
+		SSL_CTX_free (ctx);		
+	}
+
+	void Families::LoadCertificates ()
+	{
+		std::string certDir = i2p::fs::DataDirPath("certificates", "family");
+		std::vector<std::string> files;
+		int numCertificates = 0;
+
+		if (!i2p::fs::ReadDir(certDir, files)) {
+			LogPrint(eLogWarning, "Family: Can't load family certificates from ", certDir);
+			return;
+		}
+
+		for (const std::string & file : files) {
+			if (file.compare(file.size() - 4, 4, ".crt") != 0) {
+				LogPrint(eLogWarning, "Family: ignoring file ", file);
+				continue;
+			}
+			LoadCertificate (file);
+			numCertificates++;
+		}	
+		LogPrint (eLogInfo, "Family: ", numCertificates, " certificates loaded");
+	}
+
+	bool Families::VerifyFamily (const std::string& family, const IdentHash& ident, 
+		const char * signature, const char * key)
+	{
+		uint8_t buf[50], signatureBuf[64];
+		size_t len = family.length (), signatureLen = strlen (signature);
+		memcpy (buf, family.c_str (), len);
+		memcpy (buf + len, (const uint8_t *)ident, 32);
+		len += 32;	
+		Base64ToByteStream (signature, signatureLen, signatureBuf, 64);	
+		auto it = m_SigningKeys.find (family);
+		if (it != m_SigningKeys.end ())
+			return it->second->Verify (buf, len, signatureBuf);
+		// TODO: process key
+		return true;
+	}
+
+	std::string CreateFamilySignature (const std::string& family, const IdentHash& ident)
+	{
+		auto filename = i2p::fs::DataDirPath("family", (family + ".key"));
+		std::string sig;
+		SSL_CTX * ctx = SSL_CTX_new (TLSv1_method ());
+		int ret = SSL_CTX_use_PrivateKey_file (ctx, filename.c_str (), SSL_FILETYPE_PEM); 
+		if (ret)
+		{
+			SSL * ssl = SSL_new (ctx);
+			EVP_PKEY * pkey = SSL_get_privatekey (ssl);
+			EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);
+			if (ecKey)
+			{
+				auto group = EC_KEY_get0_group (ecKey);
+				if (group)
+				{
+					int curve = EC_GROUP_get_curve_name (group);
+					if (curve == NID_X9_62_prime256v1)
+					{
+						uint8_t signingPrivateKey[32], buf[50], signature[64];
+						i2p::crypto::bn2buf (EC_KEY_get0_private_key (ecKey), signingPrivateKey, 32);
+						i2p::crypto::ECDSAP256Signer signer (signingPrivateKey);
+						size_t len = family.length ();
+						memcpy (buf, family.c_str (), len);
+						memcpy (buf + len, (const uint8_t *)ident, 32);
+						len += 32;
+						signer.Sign (buf, len, signature);
+						len = Base64EncodingBufferSize (64);
+						char * b64 = new char[len+1];
+						len = ByteStreamToBase64 (signature, 64, b64, len);
+						b64[len] = 0;
+						sig = b64;
+						delete[] b64;
+					}
+					else
+						LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
+				}	
+			}	
+			SSL_free (ssl);		
+		}	
+		else
+			LogPrint (eLogError, "Family: Can't open keys file: ", filename);
+		SSL_CTX_free (ctx);	
+		return sig;
+	}	
+}
+}
+

Family.h

@@ -0,0 +1,38 @@
+#ifndef FAMILY_H__
+#define FAMILY_H__
+
+#include <map>
+#include <string>
+#include <memory>
+#include "Signature.h"
+#include "Identity.h"
+
+namespace i2p
+{
+namespace data
+{
+	class Families
+	{
+		public:
+
+			Families ();
+			~Families ();
+			void LoadCertificates ();
+			bool VerifyFamily (const std::string& family, const IdentHash& ident, 
+				const char * signature, const char * key = nullptr);
+
+		private:
+
+			void LoadCertificate (const std::string& filename);
+
+		private:
+
+			std::map<std::string, std::shared_ptr<i2p::crypto::Verifier> > m_SigningKeys;
+	};		
+
+	std::string CreateFamilySignature (const std::string& family, const IdentHash& ident);
+	// return base64 signature of empty string in case of failure
+}
+}
+
+#endif

Garlic.cpp

@@ -2,12 +2,12 @@
 #include "I2PEndian.h"
 #include <map>
 #include <string>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include "Crypto.h"
 #include "RouterContext.h"
 #include "I2NPProtocol.h"
 #include "Tunnel.h"
 #include "TunnelPool.h"
+#include "Transports.h"
 #include "Timestamp.h"
 #include "Log.h"
 #include "Garlic.h"
@@ -38,11 +38,33 @@ namespace garlic
 
 	GarlicRoutingSession::~GarlicRoutingSession	()
 	{	
-		for (auto it: m_UnconfirmedTagsMsgs)	
-			delete it.second;
-		m_UnconfirmedTagsMsgs.clear ();
 	}
-	
+
+	std::shared_ptr<GarlicRoutingPath> GarlicRoutingSession::GetSharedRoutingPath ()
+	{
+		if (!m_SharedRoutingPath) return nullptr;
+		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
+		if (m_SharedRoutingPath->numTimesUsed >= ROUTING_PATH_MAX_NUM_TIMES_USED ||
+		    !m_SharedRoutingPath->outboundTunnel->IsEstablished () ||
+			ts*1000LL > m_SharedRoutingPath->remoteLease->endDate ||
+		    ts > m_SharedRoutingPath->updateTime + ROUTING_PATH_EXPIRATION_TIMEOUT)
+				m_SharedRoutingPath = nullptr;
+		if (m_SharedRoutingPath) m_SharedRoutingPath->numTimesUsed++;
+		return m_SharedRoutingPath;
+	}
+		
+	void GarlicRoutingSession::SetSharedRoutingPath (std::shared_ptr<GarlicRoutingPath> path)
+	{	
+		if (path && path->outboundTunnel && path->remoteLease) 
+		{	
+			path->updateTime = i2p::util::GetSecondsSinceEpoch ();
+			path->numTimesUsed = 0;
+		}	
+		else
+			path = nullptr;
+		m_SharedRoutingPath = path;
+	}
+		
 	GarlicRoutingSession::UnconfirmedTags * GarlicRoutingSession::GenerateSessionTags ()
 	{
 		auto tags = new UnconfirmedTags (m_NumTags);
@@ -69,18 +91,27 @@ namespace garlic
 		
 	void GarlicRoutingSession::TagsConfirmed (uint32_t msgID) 
 	{ 
-		auto it = m_UnconfirmedTagsMsgs.find (msgID);	
-		if (it != m_UnconfirmedTagsMsgs.end ())
+		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
+		for (auto it = m_UnconfirmedTagsMsgs.begin (); it != m_UnconfirmedTagsMsgs.end ();)
 		{
-			uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
-			UnconfirmedTags * tags = it->second;
-			if (ts < tags->tagsCreationTime + OUTGOING_TAGS_EXPIRATION_TIMEOUT)
-			{	
-				for (int i = 0; i < tags->numTags; i++)
-					m_SessionTags.push_back (tags->sessionTags[i]);
+			auto& tags = *it;
+			if (tags->msgID == msgID)
+			{
+				if (ts < tags->tagsCreationTime + OUTGOING_TAGS_EXPIRATION_TIMEOUT)
+				{	
+					for (int i = 0; i < tags->numTags; i++)
+						m_SessionTags.push_back (tags->sessionTags[i]);
+				}	
+				it = m_UnconfirmedTagsMsgs.erase (it);
 			}	
-			m_UnconfirmedTagsMsgs.erase (it);
-			delete tags;
+			else if (ts >= tags->tagsCreationTime + OUTGOING_TAGS_CONFIRMATION_TIMEOUT)
+			{
+				if (m_Owner)
+					m_Owner->RemoveDeliveryStatusSession (tags->msgID);
+				it = m_UnconfirmedTagsMsgs.erase (it);
+			}	
+			else 
+				++it;
 		}
 	}
 
@@ -92,23 +123,31 @@ namespace garlic
 			if (ts >= it->creationTime + OUTGOING_TAGS_EXPIRATION_TIMEOUT)
 				it = m_SessionTags.erase (it);
 			else 
-				it++;
+				++it;
 		}
+		CleanupUnconfirmedTags ();
+		return !m_SessionTags.empty () || !m_UnconfirmedTagsMsgs.empty ();
+ 	}
+
+	bool GarlicRoutingSession::CleanupUnconfirmedTags ()
+	{
+		bool ret = false;
+		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
 		// delete expired unconfirmed tags
 		for (auto it = m_UnconfirmedTagsMsgs.begin (); it != m_UnconfirmedTagsMsgs.end ();)
 		{
-			if (ts >= it->second->tagsCreationTime + OUTGOING_TAGS_CONFIRMATION_TIMEOUT)
+			if (ts >= (*it)->tagsCreationTime + OUTGOING_TAGS_CONFIRMATION_TIMEOUT)
 			{
 				if (m_Owner)
-					m_Owner->RemoveDeliveryStatusSession (it->first);
-				delete it->second;
+					m_Owner->RemoveDeliveryStatusSession ((*it)->msgID);
 				it = m_UnconfirmedTagsMsgs.erase (it);
+				ret = true;
 			}	
 			else
-				it++;
+				++it;
 		}	
-		return !m_SessionTags.empty () || !m_UnconfirmedTagsMsgs.empty ();
- 	}
+		return ret;
+	}
 
 	std::shared_ptr<I2NPMessage> GarlicRoutingSession::WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg)
 	{
@@ -139,7 +178,7 @@ namespace garlic
 		// create message
 		if (!tagFound) // new session
 		{
-			LogPrint (eLogWarning, "Garlic: No tags available. Use ElGamal");
+			LogPrint (eLogWarning, "Garlic: No tags available, will use ElGamal");
 			if (!m_Destination)
 			{
 				LogPrint (eLogError, "Garlic: Can't use ElGamal for unknown destination");
@@ -233,7 +272,10 @@ namespace garlic
 					size += cloveSize;
 					(*numCloves)++;
 					if (newTags) // new tags created
-						m_UnconfirmedTagsMsgs[msgID] = newTags;
+					{
+						newTags->msgID = msgID;
+						m_UnconfirmedTagsMsgs.emplace_back (newTags);
+					}	
 					m_Owner->DeliveryStatusSent (shared_from_this (), msgID);
 				}
 				else
@@ -409,28 +451,6 @@ namespace garlic
 			else
 				LogPrint (eLogError, "Garlic: Failed to decrypt message");
 		}
-
-		// cleanup expired tags
-		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
-		if (ts > m_LastTagsCleanupTime + INCOMING_TAGS_EXPIRATION_TIMEOUT)
-		{
-			if (m_LastTagsCleanupTime)
-			{
-				int numExpiredTags = 0;
-				for (auto it = m_Tags.begin (); it != m_Tags.end ();)
-				{
-					if (ts > it->first.creationTime + INCOMING_TAGS_EXPIRATION_TIMEOUT)
-					{
-						numExpiredTags++;
-						it = m_Tags.erase (it);
-					}	
-					else
-						it++;
-				}
-				LogPrint (eLogDebug, "Garlic: ", numExpiredTags, " tags expired for ", GetIdentHash().ToBase64 ());
-			}	
-			m_LastTagsCleanupTime = ts;
-		}	
 	}	
 
 	void GarlicDestination::HandleAESBlock (uint8_t * buf, size_t len, std::shared_ptr<i2p::crypto::CBCDecryption> decryption,
@@ -512,22 +532,34 @@ namespace garlic
 					buf += 32;
 					uint32_t gwTunnel = bufbe32toh (buf);
 					buf += 4;
-					std::shared_ptr<i2p::tunnel::OutboundTunnel> tunnel;
-					if (from && from->GetTunnelPool ())
-						tunnel = from->GetTunnelPool ()->GetNextOutboundTunnel ();
-					if (tunnel) // we have send it through an outbound tunnel
-					{	
-						auto msg = CreateI2NPMessage (buf, GetI2NPMessageLength (buf), from);
-						tunnel->SendTunnelDataMsg (gwHash, gwTunnel, msg);
-					}	
-					else
-						LogPrint (eLogWarning, "Garlic: No outbound tunnels available for garlic clove");
+					auto msg = CreateI2NPMessage (buf, GetI2NPMessageLength (buf), from);
+					if (from) // received through an inbound tunnel
+					{
+						std::shared_ptr<i2p::tunnel::OutboundTunnel> tunnel;
+						if (from->GetTunnelPool ())
+							tunnel = from->GetTunnelPool ()->GetNextOutboundTunnel ();
+						else
+							LogPrint (eLogError, "Garlic: Tunnel pool is not set for inbound tunnel");
+						if (tunnel) // we have send it through an outbound tunnel
+							tunnel->SendTunnelDataMsg (gwHash, gwTunnel, msg);
+						else
+							LogPrint (eLogWarning, "Garlic: No outbound tunnels available for garlic clove");
+					}
+					else // received directly
+						i2p::transport::transports.SendMessage (gwHash, i2p::CreateTunnelGatewayMsg (gwTunnel, msg)); // send directly
 					break;
 				}
 				case eGarlicDeliveryTypeRouter:
-					LogPrint (eLogWarning, "Garlic: type router not supported");
+				{
+					uint8_t * ident = buf;
 					buf += 32;
-				break;	
+					if (!from) // received directly
+						i2p::transport::transports.SendMessage (ident,
+							CreateI2NPMessage (buf, GetI2NPMessageLength (buf)));
+					else
+						LogPrint (eLogWarning, "Garlic: type router for inbound tunnels not supported");
+					break;	
+				}
 				default:
 					LogPrint (eLogWarning, "Garlic: unknown delivery type ", (int)deliveryType);
 			}
@@ -570,21 +602,39 @@ namespace garlic
 		return session;
 	}	
 	
-	void GarlicDestination::CleanupRoutingSessions ()
+	void GarlicDestination::CleanupExpiredTags ()
 	{
+		// incoming
+		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
+		int numExpiredTags = 0;
+		for (auto it = m_Tags.begin (); it != m_Tags.end ();)
+		{
+			if (ts > it->first.creationTime + INCOMING_TAGS_EXPIRATION_TIMEOUT)
+			{
+				numExpiredTags++;
+				it = m_Tags.erase (it);
+			}	
+			else
+				++it;
+		}
+		if (numExpiredTags > 0)
+			LogPrint (eLogDebug, "Garlic: ", numExpiredTags, " tags expired for ", GetIdentHash().ToBase64 ());
+
+		// outgoing
 		std::unique_lock<std::mutex> l(m_SessionsMutex);
 		for (auto it = m_Sessions.begin (); it != m_Sessions.end ();)
 		{
+			it->second->GetSharedRoutingPath (); // delete shared path if necessary
 			if (!it->second->CleanupExpiredTags ())
 			{
 				LogPrint (eLogInfo, "Routing session to ", it->first.ToBase32 (), " deleted");
 				it = m_Sessions.erase (it);
 			}
 			else
-				it++;
+				++it;
 		}
 	}
-	
+
 	void GarlicDestination::RemoveDeliveryStatusSession (uint32_t msgID)
 	{
 		m_DeliveryStatusSessions.erase (msgID);
@@ -593,26 +643,26 @@ namespace garlic
 	void GarlicDestination::DeliveryStatusSent (GarlicRoutingSessionPtr session, uint32_t msgID)
 	{
 		m_DeliveryStatusSessions[msgID] = session;
-	}		
+	}
 
 	void GarlicDestination::HandleDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg)
 	{
 		uint32_t msgID = bufbe32toh (msg->GetPayload ());
 		{
 			auto it = m_DeliveryStatusSessions.find (msgID);
-			if (it != m_DeliveryStatusSessions.end ())			
+			if (it != m_DeliveryStatusSessions.end ())
 			{
 				it->second->MessageConfirmed (msgID);
 				m_DeliveryStatusSessions.erase (it);
 				LogPrint (eLogDebug, "Garlic: message ", msgID, " acknowledged");
-			}	
+			}
 		}
 	}
 
 	void GarlicDestination::SetLeaseSetUpdated ()
 	{
-		std::unique_lock<std::mutex> l(m_SessionsMutex);	
-		for (auto it: m_Sessions)
+		std::unique_lock<std::mutex> l(m_SessionsMutex);
+		for (auto& it: m_Sessions)
 			it.second->SetLeaseSetUpdated ();
 	}
 

Garlic.h

@@ -15,7 +15,12 @@
 #include "Identity.h"
 
 namespace i2p
-{	
+{
+namespace tunnel
+{		
+	class OutboundTunnel;
+}
+	
 namespace garlic
 {
 	
@@ -27,19 +32,19 @@ namespace garlic
 		eGarlicDeliveryTypeTunnel = 3
 	};	
 
-#pragma pack(1)
 	struct ElGamalBlock
 	{
 		uint8_t sessionKey[32];
 		uint8_t preIV[32];
 		uint8_t padding[158];
 	};		
-#pragma pack()	
 
 	const int INCOMING_TAGS_EXPIRATION_TIMEOUT = 960; // 16 minutes			
 	const int OUTGOING_TAGS_EXPIRATION_TIMEOUT = 720; // 12 minutes
 	const int OUTGOING_TAGS_CONFIRMATION_TIMEOUT = 10; // 10 seconds 
 	const int LEASET_CONFIRMATION_TIMEOUT = 4000; // in milliseconds
+	const int ROUTING_PATH_EXPIRATION_TIMEOUT = 30; // 30 seconds 
+	const int ROUTING_PATH_MAX_NUM_TIMES_USED = 100; // how many times might be used 
 	
 	struct SessionTag: public i2p::data::Tag<32> 
 	{
@@ -53,7 +58,16 @@ namespace garlic
 #endif
 		uint32_t creationTime; // seconds since epoch	
 	};
-		
+
+	struct GarlicRoutingPath
+	{
+		std::shared_ptr<i2p::tunnel::OutboundTunnel> outboundTunnel;
+		std::shared_ptr<const i2p::data::Lease> remoteLease;
+		int rtt; // RTT
+		uint32_t updateTime; // seconds since epoch
+		int numTimesUsed; 
+	};	
+	
 	class GarlicDestination;
 	class GarlicRoutingSession: public std::enable_shared_from_this<GarlicRoutingSession>
 	{
@@ -69,6 +83,7 @@ namespace garlic
 			{
 				UnconfirmedTags (int n): numTags (n), tagsCreationTime (0) { sessionTags = new SessionTag[numTags]; };
 				~UnconfirmedTags () { delete[] sessionTags; };
+				uint32_t msgID;
 				int numTags;
 				SessionTag * sessionTags;
 				uint32_t tagsCreationTime;
@@ -83,11 +98,15 @@ namespace garlic
 			std::shared_ptr<I2NPMessage> WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg);
 			void MessageConfirmed (uint32_t msgID);
 			bool CleanupExpiredTags (); // returns true if something left 
+			bool CleanupUnconfirmedTags (); // returns true if something has been deleted
 
 			void SetLeaseSetUpdated () 
 			{ 
 				if (m_LeaseSetUpdateStatus != eLeaseSetDoNotSend) m_LeaseSetUpdateStatus = eLeaseSetUpdated; 
 			};
+
+			std::shared_ptr<GarlicRoutingPath> GetSharedRoutingPath ();
+			void SetSharedRoutingPath (std::shared_ptr<GarlicRoutingPath> path);
 			
 		private:
 
@@ -106,7 +125,7 @@ namespace garlic
 			i2p::crypto::AESKey m_SessionKey;
 			std::list<SessionTag> m_SessionTags;
 			int m_NumTags;
-			std::map<uint32_t, UnconfirmedTags *> m_UnconfirmedTagsMsgs;	
+			std::list<std::unique_ptr<UnconfirmedTags> > m_UnconfirmedTagsMsgs;	
 			
 			LeaseSetUpdateStatus m_LeaseSetUpdateStatus;
 			uint32_t m_LeaseSetUpdateMsgID;
@@ -115,22 +134,25 @@ namespace garlic
 			i2p::crypto::CBCEncryption m_Encryption;
 			std::unique_ptr<const i2p::crypto::ElGamalEncryption> m_ElGamalEncryption; 
 
+			std::shared_ptr<GarlicRoutingPath> m_SharedRoutingPath;
+			
 		public:
 			// for HTTP only
 			size_t GetNumOutgoingTags () const { return m_SessionTags.size (); };
 	};	
-	using GarlicRoutingSessionPtr = std::shared_ptr<GarlicRoutingSession>;
+	//using GarlicRoutingSessionPtr = std::shared_ptr<GarlicRoutingSession>;
+	typedef std::shared_ptr<GarlicRoutingSession> GarlicRoutingSessionPtr; // TODO: replace to using after switch to 4.8	
 
 	class GarlicDestination: public i2p::data::LocalDestination
 	{
 		public:
 
-			GarlicDestination (): m_NumTags (32), m_LastTagsCleanupTime (0) {}; // 32 tags by default
+			GarlicDestination (): m_NumTags (32) {}; // 32 tags by default
 			~GarlicDestination ();
 
 			void SetNumTags (int numTags) { m_NumTags = numTags; };		
 			std::shared_ptr<GarlicRoutingSession> GetRoutingSession (std::shared_ptr<const i2p::data::RoutingDestination> destination, bool attachLeaseSet);	
-			void CleanupRoutingSessions ();
+			void CleanupExpiredTags ();
 			void RemoveDeliveryStatusSession (uint32_t msgID);
 			std::shared_ptr<I2NPMessage> WrapMessage (std::shared_ptr<const i2p::data::RoutingDestination> destination, 
 			    std::shared_ptr<I2NPMessage> msg, bool attachLeaseSet = false);
@@ -143,7 +165,7 @@ namespace garlic
 			virtual void ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);			
 			virtual void SetLeaseSetUpdated ();
 			
-			virtual std::shared_ptr<const i2p::data::LeaseSet> GetLeaseSet () = 0; // TODO
+			virtual std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSet () = 0; // TODO
 			virtual std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () const = 0;
 			virtual void HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from) = 0;
 			
@@ -166,7 +188,6 @@ namespace garlic
 			std::map<i2p::data::IdentHash, GarlicRoutingSessionPtr> m_Sessions;
 			// incoming
 			std::map<SessionTag, std::shared_ptr<i2p::crypto::CBCDecryption>> m_Tags;
-			uint32_t m_LastTagsCleanupTime;
 			// DeliveryStatus
 			std::map<uint32_t, GarlicRoutingSessionPtr> m_DeliveryStatusSessions; // msgID -> session
 			

Gzip.cpp

@@ -0,0 +1,108 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <inttypes.h>
+#include <string.h> /* memset */
+#include <iostream>
+
+#include "Gzip.h"
+
+namespace i2p {
+namespace data {
+	const size_t GZIP_CHUNK_SIZE = 16384;
+
+	GzipInflator::GzipInflator (): m_IsDirty (false)
+	{
+		memset (&m_Inflator, 0, sizeof (m_Inflator));
+		inflateInit2 (&m_Inflator, MAX_WBITS + 16); // gzip
+	}
+
+	GzipInflator::~GzipInflator ()
+	{
+		inflateEnd (&m_Inflator);
+	}
+
+	size_t GzipInflator::Inflate (const uint8_t * in, size_t inLen, uint8_t * out, size_t outLen)
+	{
+		if (m_IsDirty) inflateReset (&m_Inflator);
+		m_IsDirty = true;
+		m_Inflator.next_in = const_cast<uint8_t *>(in);
+		m_Inflator.avail_in = inLen;
+		m_Inflator.next_out = out;
+		m_Inflator.avail_out = outLen;
+		int err;
+		if ((err = inflate (&m_Inflator, Z_NO_FLUSH)) == Z_STREAM_END) {
+			return outLen - m_Inflator.avail_out;
+		}
+		return 0;
+	}
+
+	void GzipInflator::Inflate (const uint8_t * in, size_t inLen, std::ostream& os)
+	{
+		m_IsDirty = true;
+		uint8_t * out = new uint8_t[GZIP_CHUNK_SIZE];
+		m_Inflator.next_in = const_cast<uint8_t *>(in);
+		m_Inflator.avail_in = inLen;
+		int ret;
+		do {
+			m_Inflator.next_out = out;
+			m_Inflator.avail_out = GZIP_CHUNK_SIZE;
+			ret = inflate (&m_Inflator, Z_NO_FLUSH);
+			if (ret < 0) {
+				inflateEnd (&m_Inflator);
+				os.setstate(std::ios_base::failbit);
+				break;
+			}
+			os.write ((char *)out, GZIP_CHUNK_SIZE - m_Inflator.avail_out);
+		} while (!m_Inflator.avail_out); // more data to read
+		delete[] out;
+	}
+
+	void GzipInflator::Inflate (std::istream& in, std::ostream& out)
+	{
+		uint8_t * buf = new uint8_t[GZIP_CHUNK_SIZE];
+		while (!in.eof ())
+		{
+			in.read ((char *) buf, GZIP_CHUNK_SIZE);
+			Inflate (buf, in.gcount (), out);
+		}
+		delete[] buf;
+	}
+
+	GzipDeflator::GzipDeflator (): m_IsDirty (false)
+	{
+		memset (&m_Deflator, 0, sizeof (m_Deflator));
+		deflateInit2 (&m_Deflator, Z_DEFAULT_COMPRESSION, Z_DEFLATED, 15 + 16, 8, Z_DEFAULT_STRATEGY); // 15 + 16 sets gzip
+	}
+
+	GzipDeflator::~GzipDeflator ()
+	{
+		deflateEnd (&m_Deflator);
+	}
+
+	void GzipDeflator::SetCompressionLevel (int level)
+	{
+		deflateParams (&m_Deflator, level, Z_DEFAULT_STRATEGY);
+	}
+
+	size_t GzipDeflator::Deflate (const uint8_t * in, size_t inLen, uint8_t * out, size_t outLen)
+	{
+		if (m_IsDirty) deflateReset (&m_Deflator);
+		m_IsDirty = true;
+		m_Deflator.next_in = const_cast<uint8_t *>(in);
+		m_Deflator.avail_in = inLen;
+		m_Deflator.next_out = out;
+		m_Deflator.avail_out = outLen;
+		int err;
+		if ((err = deflate (&m_Deflator, Z_FINISH)) == Z_STREAM_END) {
+			return outLen - m_Deflator.avail_out;
+		} /* else */
+		return 0;
+	}
+} // data
+} // i2p

Gzip.h

@@ -0,0 +1,44 @@
+#ifndef GZIP_H__
+#define GZIP_H__
+
+#include <zlib.h>
+
+namespace i2p {
+namespace data {
+	class GzipInflator
+	{
+		public:
+
+			GzipInflator ();
+			~GzipInflator ();
+
+			size_t Inflate (const uint8_t * in, size_t inLen, uint8_t * out, size_t outLen);
+			/** @note @a os failbit will be set in case of error */
+			void Inflate (const uint8_t * in, size_t inLen, std::ostream& os);
+			void Inflate (std::istream& in, std::ostream& out);
+
+		private:
+
+			z_stream m_Inflator;
+			bool m_IsDirty;
+	};
+
+	class GzipDeflator
+	{
+		public:
+
+			GzipDeflator ();
+			~GzipDeflator ();
+
+			void SetCompressionLevel (int level);
+			size_t Deflate (const uint8_t * in, size_t inLen, uint8_t * out, size_t outLen);
+
+		private:
+
+			z_stream m_Deflator;
+			bool m_IsDirty;
+	};
+} // data
+} // i2p
+
+#endif /* GZIP_H__ */

HTTP.cpp

@@ -0,0 +1,431 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include "util.h"
+#include "HTTP.h"
+#include <algorithm>
+#include <ctime>
+
+namespace i2p {
+namespace http {
+  const std::vector<std::string> HTTP_METHODS = {
+    "GET", "HEAD", "POST", "PUT", "PATCH",
+    "DELETE", "OPTIONS", "CONNECT"
+  };
+  const std::vector<std::string> HTTP_VERSIONS = {
+    "HTTP/1.0", "HTTP/1.1"
+  };
+
+  inline bool is_http_version(const std::string & str) {
+    return std::find(HTTP_VERSIONS.begin(), HTTP_VERSIONS.end(), str) != std::end(HTTP_VERSIONS);
+  }
+
+  inline bool is_http_method(const std::string & str) {
+    return std::find(HTTP_METHODS.begin(), HTTP_METHODS.end(), str) != std::end(HTTP_METHODS);
+  }
+  
+  void strsplit(const std::string & line, std::vector<std::string> &tokens, char delim, std::size_t limit = 0) {
+    std::size_t count = 0;
+    std::stringstream ss(line);
+    std::string token;
+    while (1) {
+      count++;
+      if (limit > 0 && count >= limit)
+        delim = '\n'; /* reset delimiter */
+      if (!std::getline(ss, token, delim))
+        break;
+      tokens.push_back(token);
+    }
+  }
+
+  bool parse_header_line(const std::string & line, std::map<std::string, std::string> & headers) {
+    std::size_t pos = 0;
+    std::size_t len = 2; /* strlen(": ") */
+    std::size_t max = line.length();
+    if ((pos = line.find(": ", pos)) == std::string::npos)
+      return false;
+    while ((pos + len) < max && isspace(line.at(pos + len)))
+      len++;
+    std::string name  = line.substr(0, pos);
+    std::string value = line.substr(pos + len);
+    headers[name] = value;
+    return true;
+  }
+
+  void gen_rfc1123_date(std::string & out) {
+    std::time_t now = std::time(nullptr);
+    char buf[128];
+    std::strftime(buf, sizeof(buf), "%a, %d %b %Y %H:%M:%S GMT", std::gmtime(&now));
+    out = buf;
+  }
+
+  bool URL::parse(const char *str, std::size_t len) {
+    std::string url(str, len ? len : strlen(str));
+    return parse(url);
+  }
+
+  bool URL::parse(const std::string& url) {
+    std::size_t pos_p = 0; /* < current parse position */
+    std::size_t pos_c = 0; /* < work position */
+    if(url.at(0) != '/' || pos_p > 0) {
+      std::size_t pos_s = 0;
+      /* schema */
+      pos_c = url.find("://");
+      if (pos_c != std::string::npos) {
+        schema = url.substr(0, pos_c);
+        pos_p = pos_c + 3;
+      }
+      /* user[:pass] */
+      pos_s = url.find('/', pos_p); /* find first slash */
+      pos_c = url.find('@', pos_p); /* find end of 'user' or 'user:pass' part */
+      if (pos_c != std::string::npos && (pos_s == std::string::npos || pos_s > pos_c)) {
+        std::size_t delim = url.find(':', pos_p);
+        if (delim != std::string::npos && delim < pos_c) {
+          user = url.substr(pos_p, delim - pos_p);
+          delim += 1;
+          pass = url.substr(delim, pos_c - delim);
+        } else {
+          user = url.substr(pos_p, pos_c - pos_p);
+        }
+        pos_p = pos_c + 1;
+      }
+      /* hostname[:port][/path] */
+      pos_c = url.find_first_of(":/", pos_p);
+      if (pos_c == std::string::npos) {
+        /* only hostname, without post and path */
+        host = url.substr(pos_p, std::string::npos);
+        return true;
+      } else if (url.at(pos_c) == ':') {
+        host = url.substr(pos_p, pos_c - pos_p);
+        /* port[/path] */
+        pos_p = pos_c + 1;
+        pos_c = url.find('/', pos_p);
+        std::string port_str = (pos_c == std::string::npos)
+          ? url.substr(pos_p, std::string::npos)
+          : url.substr(pos_p, pos_c - pos_p);
+        /* stoi throws exception on failure, we don't need it */
+        for (char c : port_str) {
+          if (c < '0' || c > '9')
+            return false;
+          port *= 10;
+          port += c - '0';
+        }
+        if (pos_c == std::string::npos)
+          return true; /* no path part */
+        pos_p = pos_c;
+      } else {
+        /* start of path part found */
+        host = url.substr(pos_p, pos_c - pos_p);
+        pos_p = pos_c;
+      }
+    }
+
+    /* pos_p now at start of path part */
+    pos_c = url.find_first_of("?#", pos_p);
+    if (pos_c == std::string::npos) {
+      /* only path, without fragment and query */
+      path = url.substr(pos_p, std::string::npos);
+      return true;
+    } else if (url.at(pos_c) == '?') {
+      /* found query part */
+      path = url.substr(pos_p, pos_c - pos_p);
+      pos_p = pos_c + 1;
+      pos_c = url.find('#', pos_p);
+      if (pos_c == std::string::npos) {
+        /* no fragment */
+        query = url.substr(pos_p, std::string::npos);
+        return true;
+      } else {
+        query = url.substr(pos_p, pos_c - pos_p);
+        pos_p = pos_c + 1;
+      }
+    } else {
+      /* found fragment part */
+      path = url.substr(pos_p, pos_c - pos_p);
+      pos_p = pos_c + 1;
+    }
+
+    /* pos_p now at start of fragment part */
+    frag = url.substr(pos_p, std::string::npos);
+    return true;
+  }
+
+  bool URL::parse_query(std::map<std::string, std::string> & params) {
+    std::vector<std::string> tokens;
+    strsplit(query, tokens, '&');
+
+    params.clear();
+    for (const auto& it : tokens) {
+      std::size_t eq = it.find ('=');
+      if (eq != std::string::npos) {
+        auto e = std::pair<std::string, std::string>(it.substr(0, eq), it.substr(eq + 1));
+        params.insert(e);
+      } else {
+        auto e = std::pair<std::string, std::string>(it, "");
+        params.insert(e);
+      }
+    }
+    return true;
+  }
+
+  std::string URL::to_string() {
+    std::string out = "";
+    if (schema != "") {
+      out = schema + "://";
+      if (user != "" && pass != "") {
+        out += user + ":" + pass + "@";
+      } else if (user != "") {
+        out += user + "@";
+      }
+      if (port) {
+        out += host + ":" + std::to_string(port);
+      } else {
+        out += host;
+      }
+    }
+    out += path;
+    if (query != "")
+      out += "?" + query;
+    if (frag != "")
+      out += "#" + frag;
+    return out;
+  }
+
+  void HTTPMsg::add_header(const char *name, std::string & value, bool replace) {
+    add_header(name, value.c_str(), replace);
+  }
+
+  void HTTPMsg::add_header(const char *name, const char *value, bool replace) {
+    std::size_t count = headers.count(name);
+    if (count && !replace)
+      return;
+    if (count) {
+      headers[name] = value;
+      return;
+    }
+    headers.insert(std::pair<std::string, std::string>(name, value));
+  }
+
+  void HTTPMsg::del_header(const char *name) {
+    headers.erase(name);
+  }
+
+  int HTTPReq::parse(const char *buf, size_t len) {
+    std::string str(buf, len);
+    return parse(str);
+  }
+
+  int HTTPReq::parse(const std::string& str) {
+    enum { REQ_LINE, HEADER_LINE } expect = REQ_LINE;
+    std::size_t eoh = str.find(HTTP_EOH); /* request head size */
+    std::size_t eol = 0, pos = 0;
+    URL url;
+
+    if (eoh == std::string::npos)
+      return 0; /* str not contains complete request */
+
+    while ((eol = str.find(CRLF, pos)) != std::string::npos) {
+      if (expect == REQ_LINE) {
+        std::string line = str.substr(pos, eol - pos);
+        std::vector<std::string> tokens;
+        strsplit(line, tokens, ' ');
+        if (tokens.size() != 3)
+          return -1;
+        if (!is_http_method(tokens[0]))
+          return -1;
+        if (!is_http_version(tokens[2]))
+          return -1;
+        if (!url.parse(tokens[1]))
+          return -1;
+        /* all ok */
+        method  = tokens[0];
+        uri     = tokens[1];
+        version = tokens[2];
+        expect = HEADER_LINE;
+      } else {
+        std::string line = str.substr(pos, eol - pos);
+        if (!parse_header_line(line, headers))
+          return -1;
+      }
+      pos = eol + strlen(CRLF);
+      if (pos >= eoh)
+        break;
+    }
+    return eoh + strlen(HTTP_EOH);
+  }
+
+  std::string HTTPReq::to_string() {
+    std::stringstream ss;
+    ss << method << " " << uri << " " << version << CRLF;
+    for (auto & h : headers) {
+      ss << h.first << ": " << h.second << CRLF;
+    }
+    ss << CRLF;
+    return ss.str();
+  }
+
+  bool HTTPRes::is_chunked() {
+    auto it = headers.find("Transfer-Encoding");
+    if (it == headers.end())
+      return false;
+    if (it->second.find("chunked") == std::string::npos)
+      return true;
+    return false;
+  }
+
+  bool HTTPRes::is_gzipped() {
+    auto it = headers.find("Content-Encoding");
+    if (it == headers.end())
+      return false; /* no header */
+    if (it->second.find("gzip") != std::string::npos)
+      return true; /* gotcha! */
+    return false;
+  }
+
+  long int HTTPMsg::content_length() {
+    unsigned long int length = 0;
+    auto it = headers.find("Content-Length");
+    if (it == headers.end())
+      return -1;
+    errno = 0;
+    length = std::strtoul(it->second.c_str(), (char **) NULL, 10);
+    if (errno != 0)
+      return -1;
+    return length;
+  }
+
+  int HTTPRes::parse(const char *buf, size_t len) {
+    std::string str(buf, len);
+    return parse(str);
+  }
+
+  int HTTPRes::parse(const std::string& str) {
+    enum { RES_LINE, HEADER_LINE } expect = RES_LINE;
+    std::size_t eoh = str.find(HTTP_EOH); /* request head size */
+    std::size_t eol = 0, pos = 0;
+
+    if (eoh == std::string::npos)
+      return 0; /* str not contains complete request */
+
+    while ((eol = str.find(CRLF, pos)) != std::string::npos) {
+      if (expect == RES_LINE) {
+        std::string line = str.substr(pos, eol - pos);
+        std::vector<std::string> tokens;
+        strsplit(line, tokens, ' ', 3);
+        if (tokens.size() != 3)
+          return -1;
+        if (!is_http_version(tokens[0]))
+          return -1;
+        code = atoi(tokens[1].c_str());
+        if (code < 100 || code >= 600)
+          return -1;
+        /* all ok */
+        version = tokens[0];
+        status  = tokens[2];
+        expect = HEADER_LINE;
+      } else {
+        std::string line = str.substr(pos, eol - pos);
+        if (!parse_header_line(line, headers))
+          return -1;
+      }
+      pos = eol + strlen(CRLF);
+      if (pos >= eoh)
+        break;
+    }
+
+    return eoh + strlen(HTTP_EOH);
+  }
+
+  std::string HTTPRes::to_string() {
+    if (version == "HTTP/1.1" && headers.count("Date") == 0) {
+      std::string date;
+      gen_rfc1123_date(date);
+      add_header("Date", date.c_str());
+    }
+    if (status == "OK" && code != 200)
+      status = HTTPCodeToStatus(code); // update
+    if (body.length() > 0 && headers.count("Content-Length") == 0)
+        add_header("Content-Length", std::to_string(body.length()).c_str());
+    /* build response */
+    std::stringstream ss;
+    ss << version << " " << code << " " << status << CRLF;
+    for (auto & h : headers) {
+      ss << h.first << ": " << h.second << CRLF;
+    }
+    ss << CRLF;
+    if (body.length() > 0)
+      ss << body;
+    return ss.str();
+  }
+
+  const char * HTTPCodeToStatus(int code) {
+    const char *ptr;
+    switch (code) {
+      case 105: ptr = "Name Not Resolved"; break;
+      /* success */
+      case 200: ptr = "OK"; break;
+      case 206: ptr = "Partial Content"; break;
+      /* redirect */
+      case 301: ptr = "Moved Permanently"; break;
+      case 302: ptr = "Found"; break;
+      case 304: ptr = "Not Modified"; break;
+      case 307: ptr = "Temporary Redirect"; break;
+      /* client error */
+      case 400: ptr = "Bad Request";  break;
+      case 401: ptr = "Unauthorized"; break;
+      case 403: ptr = "Forbidden"; break;
+      case 404: ptr = "Not Found"; break;
+      case 407: ptr = "Proxy Authentication Required"; break;
+      case 408: ptr = "Request Timeout"; break;
+      /* server error */
+      case 500: ptr = "Internal Server Error"; break;
+      case 502: ptr = "Bad Gateway"; break;
+      case 503: ptr = "Not Implemented"; break;
+      case 504: ptr = "Gateway Timeout"; break;
+      default:  ptr = "Unknown Status";  break;
+    }
+    return ptr;
+  }
+
+  std::string UrlDecode(const std::string& data, bool allow_null) {
+		std::string decoded(data);
+    size_t pos = 0;
+    while ((pos = decoded.find('%', pos)) != std::string::npos) {
+      char c = strtol(decoded.substr(pos + 1, 2).c_str(), NULL, 16);
+      if (c == '\0' && !allow_null) {
+        pos += 3;
+        continue;
+      }
+      decoded.replace(pos, 3, 1, c);
+      pos++;
+    }
+    return decoded;
+  }
+
+  bool MergeChunkedResponse (std::istream& in, std::ostream& out) {
+    std::string hexLen;
+    while (!in.eof ()) {
+      std::getline (in, hexLen);
+      errno = 0;
+      long int len = strtoul(hexLen.c_str(), (char **) NULL, 16);
+      if (errno != 0)
+        return false; /* conversion error */
+      if (len == 0)
+        return true; /* end of stream */
+      if (len < 0 || len > 10 * 1024 * 1024) /* < 10Mb */
+        return false; /* too large chunk */
+      char * buf = new char[len];
+      in.read (buf, len);
+      out.write (buf, len);
+      delete[] buf;
+      std::getline (in, hexLen); // read \r\n after chunk
+    }
+    return true;
+  }
+} // http
+} // i2p

HTTP.h

@@ -0,0 +1,151 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#ifndef HTTP_H__
+#define HTTP_H__
+
+#include <cstring>
+#include <map>
+#include <sstream>
+#include <string>
+#include <vector>
+
+namespace i2p {
+namespace http {
+  const char CRLF[] = "\r\n";         /**< HTTP line terminator */
+  const char HTTP_EOH[] = "\r\n\r\n"; /**< HTTP end-of-headers mark */
+  extern const std::vector<std::string> HTTP_METHODS;  /**< list of valid HTTP methods */
+  extern const std::vector<std::string> HTTP_VERSIONS; /**< list of valid HTTP versions */
+
+  struct URL {
+    std::string schema;
+    std::string user;
+    std::string pass;
+    std::string host;
+    unsigned short int port;
+    std::string path;
+    std::string query;
+    std::string frag;
+
+    URL(): schema(""), user(""), pass(""), host(""), port(0), path(""), query(""), frag("") {};
+
+    /**
+     * @brief Tries to parse url from string
+     * @return true on success, false on invalid url
+     */
+    bool parse (const char *str, std::size_t len = 0);
+    bool parse (const std::string& url);
+
+    /**
+     * @brief Parse query part of url to key/value map
+     * @note Honestly, this should be implemented with std::multimap
+     */
+    bool parse_query(std::map<std::string, std::string> & params);
+
+    /**
+     * @brief Serialize URL structure to url
+     * @note Returns relative url if schema if empty, absolute url otherwise
+     */
+    std::string to_string ();
+  };
+
+  struct HTTPMsg {
+    std::map<std::string, std::string> headers;
+
+    void add_header(const char *name, std::string & value, bool replace = false);
+    void add_header(const char *name, const char *value, bool replace = false);
+    void del_header(const char *name);
+
+    /** @brief Returns declared message length or -1 if unknown */
+    long int content_length();
+  };
+
+  struct HTTPReq : HTTPMsg {
+    std::string version;
+    std::string method;
+    std::string uri;
+
+    HTTPReq (): version("HTTP/1.0"), method("GET"), uri("/") {};
+
+    /**
+     * @brief Tries to parse HTTP request from string
+     * @return -1 on error, 0 on incomplete query, >0 on success
+     * @note Positive return value is a size of header
+     */
+    int parse(const char *buf, size_t len);
+    int parse(const std::string& buf);
+
+    /** @brief Serialize HTTP request to string */
+    std::string to_string();
+  };
+
+  struct HTTPRes : HTTPMsg {
+    std::string version;
+    std::string status;
+    unsigned short int code;
+    /**
+     * @brief Simplifies response generation
+     *
+     * If this variable is set, on @a to_string() call:
+     *   * Content-Length header will be added if missing,
+     *   * contents of @a body will be included in generated response
+     */
+    std::string body;
+
+    HTTPRes (): version("HTTP/1.1"), status("OK"), code(200) {}
+
+    /**
+     * @brief Tries to parse HTTP response from string
+     * @return -1 on error, 0 on incomplete query, >0 on success
+     * @note Positive return value is a size of header
+     */
+    int parse(const char *buf, size_t len);
+    int parse(const std::string& buf);
+
+    /**
+     * @brief Serialize HTTP response to string
+     * @note If @a version is set to HTTP/1.1, and Date header is missing,
+     *   it will be generated based on current time and added to headers
+     * @note If @a body is set and Content-Length header is missing,
+     *   this header will be added, based on body's length
+     */
+    std::string to_string();
+
+    /** @brief Checks that response declared as chunked data */
+    bool is_chunked();
+
+    /** @brief Checks that response contains compressed data */
+    bool is_gzipped();
+  };
+
+  /**
+   * @brief returns HTTP status string by integer code
+   * @param code HTTP code [100, 599]
+   * @return Immutable string with status
+   */
+  const char * HTTPCodeToStatus(int code);
+
+  /**
+   * @brief Replaces %-encoded characters in string with their values
+   * @param data Source string
+   * @param null If set to true - decode also %00 sequence, otherwise - skip
+   * @return Decoded string
+   */
+  std::string UrlDecode(const std::string& data, bool null = false);
+
+  /**
+   * @brief Merge HTTP response content with Transfer-Encoding: chunked
+   * @param in  Input stream
+   * @param out Output stream
+   * @return true on success, false otherwise
+   */
+  bool MergeChunkedResponse (std::istream& in, std::ostream& out);
+} // http
+} // i2p
+
+#endif /* HTTP_H__ */

HTTPProxy.cpp

@@ -1,9 +1,14 @@
 #include <cstring>
 #include <cassert>
-#include <boost/lexical_cast.hpp>
-#include <boost/regex.hpp>
 #include <string>
 #include <atomic>
+#include <memory>
+#include <set>
+#include <boost/asio.hpp>
+#include <mutex>
+
+#include "I2PService.h"
+#include "Destination.h"
 #include "HTTPProxy.h"
 #include "util.h"
 #include "Identity.h"
@@ -12,303 +17,320 @@
 #include "ClientContext.h"
 #include "I2PEndian.h"
 #include "I2PTunnel.h"
+#include "Config.h"
+#include "HTTP.h"
 
-namespace i2p
-{
-namespace proxy
-{
-	static const size_t http_buffer_size = 8192;
-	class HTTPProxyHandler: public i2p::client::I2PServiceHandler, public std::enable_shared_from_this<HTTPProxyHandler> 
+namespace i2p {
+namespace proxy {
+	std::map<std::string, std::string> jumpservices = {
+		{ "inr.i2p",    "http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/search/?q=" },
+		{ "stats.i2p",  "http://7tbay5p4kzeekxvyvbf6v7eauazemsnnl2aoyqhg5jzpr5eke7tq.b32.i2p/cgi-bin/jump.cgi?a=" },
+	};
+
+	static const char *pageHead =
+		"<head>\r\n"
+		"  <title>I2P HTTP proxy: error</title>\r\n"
+		"  <style type=\"text/css\">\r\n"
+		"    body { font: 100%/1.5em sans-serif; margin: 0; padding: 1.5em; background: #FAFAFA; color: #103456; }\r\n"
+		"    .header { font-size: 2.5em; text-align: center; margin: 1.5em 0; color: #894C84; }\r\n"
+		"  </style>\r\n"
+		"</head>\r\n"
+	;
+
+	bool str_rmatch(std::string & str, const char *suffix) {
+		auto pos = str.rfind (suffix);
+		if (pos == std::string::npos)
+			return false; /* not found */
+		if (str.length() == (pos + std::strlen(suffix)))
+			return true; /* match */
+		return false;
+	}
+
+	class HTTPReqHandler: public i2p::client::I2PServiceHandler, public std::enable_shared_from_this<HTTPReqHandler>
 	{
 		private:
-			enum state 
-			{
-				GET_METHOD,
-				GET_HOSTNAME,
-				GET_HTTPV,
-				GET_HTTPVNL, //TODO: fallback to finding HOst: header if needed
-				DONE
-			};
 
-			void EnterState(state nstate);
-			bool HandleData(uint8_t *http_buff, std::size_t len);
+			bool HandleRequest();
 			void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered);
 			void Terminate();
 			void AsyncSockRead();
-			void HTTPRequestFailed(/*std::string message*/);
-			void ExtractRequest();
-			bool ValidateHTTPRequest();
-			void HandleJumpServices();
-			bool CreateHTTPRequest(uint8_t *http_buff, std::size_t len);
+			bool ExtractAddressHelper(i2p::http::URL & url, std::string & b64);
+			void SanitizeHTTPRequest(i2p::http::HTTPReq & req);
 			void SentHTTPFailed(const boost::system::error_code & ecode);
 			void HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream);
+			/* error helpers */
+			void GenericProxyError(const char *title, const char *description);
+			void HostNotFound(std::string & host);
+			void SendProxyError(std::string & content);
 
-			uint8_t m_http_buff[http_buffer_size];
+			uint8_t m_recv_chunk[8192];
+			std::string m_recv_buf; // from client
+			std::string m_send_buf; // to upstream
 			std::shared_ptr<boost::asio::ip::tcp::socket> m_sock;
-			std::string m_request; //Data left to be sent
-			std::string m_url; //URL
-			std::string m_method; //Method
-			std::string m_version; //HTTP version
-			std::string m_address; //Address
-			std::string m_path; //Path
-			int m_port; //Port
-			state m_state;//Parsing state
 
 		public:
 
-			HTTPProxyHandler(HTTPProxyServer * parent, std::shared_ptr<boost::asio::ip::tcp::socket> sock) : 
-				I2PServiceHandler(parent), m_sock(sock)
-				{ EnterState(GET_METHOD); }
-			~HTTPProxyHandler() { Terminate(); }
-			void Handle () { AsyncSockRead(); }
+			HTTPReqHandler(HTTPProxy * parent, std::shared_ptr<boost::asio::ip::tcp::socket> sock) :
+				I2PServiceHandler(parent), m_sock(sock) {}
+			~HTTPReqHandler() { Terminate(); }
+			void Handle () { AsyncSockRead(); } /* overload */
 	};
 
-	void HTTPProxyHandler::AsyncSockRead()
+	void HTTPReqHandler::AsyncSockRead()
 	{
-		LogPrint(eLogDebug,"--- HTTP Proxy async sock read");
-		if(m_sock) {
-			m_sock->async_receive(boost::asio::buffer(m_http_buff, http_buffer_size),
-						std::bind(&HTTPProxyHandler::HandleSockRecv, shared_from_this(),
-								std::placeholders::_1, std::placeholders::_2));
-		} else {
-			LogPrint(eLogError,"--- HTTP Proxy no socket for read");
+		LogPrint(eLogDebug, "HTTPProxy: async sock read");
+		if (!m_sock) {
+			LogPrint(eLogError, "HTTPProxy: no socket for read");
+			return;
 		}
+		m_sock->async_read_some(boost::asio::buffer(m_recv_chunk, sizeof(m_recv_chunk)),
+					std::bind(&HTTPReqHandler::HandleSockRecv, shared_from_this(),
+							std::placeholders::_1, std::placeholders::_2));
 	}
 
-	void HTTPProxyHandler::Terminate() {
+	void HTTPReqHandler::Terminate() {
 		if (Kill()) return;
 		if (m_sock) 
 		{
-			LogPrint(eLogDebug,"--- HTTP Proxy close sock");
+			LogPrint(eLogDebug, "HTTPProxy: close sock");
 			m_sock->close();
 			m_sock = nullptr;
 		}
 		Done(shared_from_this());
 	}
 
-	/* All hope is lost beyond this point */
-	//TODO: handle this apropriately
-	void HTTPProxyHandler::HTTPRequestFailed(/*HTTPProxyHandler::errTypes error*/)
-	{
-		static std::string response = "HTTP/1.0 500 Internal Server Error\r\nContent-type: text/html\r\nContent-length: 0\r\n";
-		boost::asio::async_write(*m_sock, boost::asio::buffer(response,response.size()),
-					 std::bind(&HTTPProxyHandler::SentHTTPFailed, shared_from_this(), std::placeholders::_1));
+	void HTTPReqHandler::GenericProxyError(const char *title, const char *description) {
+		std::stringstream ss;
+		ss << "<h1>Proxy error: " << title << "</h1>\r\n";
+		ss << "<p>" << description << "</p>\r\n";
+		std::string content = ss.str();
+		SendProxyError(content);
 	}
 
-	void HTTPProxyHandler::EnterState(HTTPProxyHandler::state nstate) 
-	{
-		m_state = nstate;
-	}
-
-	void HTTPProxyHandler::ExtractRequest()
-	{
-		LogPrint(eLogDebug,"--- HTTP Proxy method is: ", m_method, "\nRequest is: ", m_url);
-		std::string server="";
-		std::string port="80";
-		boost::regex rHTTP("http://(.*?)(:(\\d+))?(/.*)");
-		boost::smatch m;
-		std::string path;
-		if(boost::regex_search(m_url, m, rHTTP, boost::match_extra)) 
-		{
-			server=m[1].str();
-			if (m[2].str() != "")  port=m[3].str();
-			path=m[4].str();
+	void HTTPReqHandler::HostNotFound(std::string & host) {
+		std::stringstream ss;
+		ss << "<h1>Proxy error: Host not found</h1>\r\n"
+		   << "<p>Remote host not found in router's addressbook</p>\r\n"
+		   << "<p>You may try to find this host on jumpservices below:</p>\r\n"
+		   << "<ul>\r\n";
+		for (const auto& js : jumpservices) {
+			ss << "  <li><a href=\"" << js.second << host << "\">" << js.first << "</a></li>\r\n";
 		}
-		LogPrint(eLogDebug,"--- HTTP Proxy server is: ",server, " port is: ", port, "\n path is: ",path);
-		m_address = server;
-		m_port = boost::lexical_cast<int>(port);
-		m_path = path;
+		ss << "</ul>\r\n";
+		std::string content = ss.str();
+		SendProxyError(content);
 	}
 
-	bool HTTPProxyHandler::ValidateHTTPRequest() 
+	void HTTPReqHandler::SendProxyError(std::string & content)
 	{
-		if ( m_version != "HTTP/1.0" && m_version != "HTTP/1.1" ) 
-		{
-			LogPrint(eLogError,"--- HTTP Proxy unsupported version: ", m_version);
-			HTTPRequestFailed(); //TODO: send right stuff
+		i2p::http::HTTPRes res;
+		res.code = 500;
+		res.add_header("Content-Type", "text/html; charset=UTF-8");
+		res.add_header("Connection", "close");
+		std::stringstream ss;
+		ss << "<html>\r\n" << pageHead
+		   << "<body>" << content << "</body>\r\n"
+		   << "</html>\r\n";
+		res.body = ss.str();
+		std::string response = res.to_string();
+		boost::asio::async_write(*m_sock, boost::asio::buffer(response),
+					 std::bind(&HTTPReqHandler::SentHTTPFailed, shared_from_this(), std::placeholders::_1));
+	}
+
+	bool HTTPReqHandler::ExtractAddressHelper(i2p::http::URL & url, std::string & b64)
+	{
+		const char *param = "i2paddresshelper=";
+		std::size_t pos = url.query.find(param);
+		std::size_t len = std::strlen(param);
+		std::map<std::string, std::string> params;
+
+		if (pos == std::string::npos)
+			return false; /* not found */
+		if (!url.parse_query(params))
 			return false;
-		}
+
+		std::string value = params["i2paddresshelper"];
+		len += value.length();
+		b64 = i2p::http::UrlDecode(value);
+		url.query.replace(pos, len, "");
 		return true;
 	}
 
-	void HTTPProxyHandler::HandleJumpServices() 
+	void HTTPReqHandler::SanitizeHTTPRequest(i2p::http::HTTPReq & req)
 	{
-		static const char * helpermark1 = "?i2paddresshelper=";
-		static const char * helpermark2 = "&i2paddresshelper=";
-		size_t addressHelperPos1 = m_path.rfind (helpermark1);
-		size_t addressHelperPos2 = m_path.rfind (helpermark2);
-		size_t addressHelperPos;
-		if (addressHelperPos1 == std::string::npos)
-		{
-			if (addressHelperPos2 == std::string::npos)
-				return; //Not a jump service
-			else
-				addressHelperPos = addressHelperPos2;
-		}
-		else
-		{
-			if (addressHelperPos2 == std::string::npos)
-				addressHelperPos = addressHelperPos1;
-			else if ( addressHelperPos1 > addressHelperPos2 )
-				addressHelperPos = addressHelperPos1;
-			else
-				addressHelperPos = addressHelperPos2;
-		}
-		auto base64 = m_path.substr (addressHelperPos + strlen(helpermark1));
-		base64 = i2p::util::http::urlDecode(base64); //Some of the symbols may be urlencoded
-		LogPrint (eLogDebug,"Jump service for ", m_address, " found at ", base64, ". Inserting to address book");
-		//TODO: this is very dangerous and broken. We should ask the user before doing anything see http://pastethis.i2p/raw/pn5fL4YNJL7OSWj3Sc6N/
-		//TODO: we could redirect the user again to avoid dirtiness in the browser
-		i2p::client::context.GetAddressBook ().InsertAddress (m_address, base64);
-		m_path.erase(addressHelperPos);
-	}
-
-	bool HTTPProxyHandler::CreateHTTPRequest(uint8_t *http_buff, std::size_t len) 
-	{
-		ExtractRequest(); //TODO: parse earlier
-		if (!ValidateHTTPRequest()) return false;
-		HandleJumpServices();
-		m_request = m_method;
-		m_request.push_back(' ');
-		m_request += m_path;
-		m_request.push_back(' ');
-		m_request += m_version;
-		m_request.push_back('\r');
-		m_request.push_back('\n');
-		m_request.append("Connection: close\r\n");
-		m_request.append(reinterpret_cast<const char *>(http_buff),len);
-		return true;
-	}
-
-	bool HTTPProxyHandler::HandleData(uint8_t *http_buff, std::size_t len)
-	{
-		// TODO: we should srtrip 'Referer' better, because it might be inside message body
-		/*assert(len); // This should always be called with a least a byte left to parse
-
-		// remove "Referer" from http requst
-		http_buff[len] = 0;
-		auto start = strstr((char *)http_buff, "\nReferer:");
-		if (start) 
-		{
-			auto end = strchr (start + 1, '\n');
-			if (end)
-			{
-				strncpy(start, end, (char *)(http_buff + len) - end);
-				len -= (end - start);
+		/* drop common headers */
+		req.del_header("Referer");
+		req.del_header("Via");
+		req.del_header("Forwarded");
+		/* drop proxy-disclosing headers */
+		std::vector<std::string> toErase;
+		for (const auto& it : req.headers) {
+			if (it.first.compare(0, 12, "X-Forwarded-") == 0) {
+				toErase.push_back(it.first);
+			} else if (it.first.compare(0, 6, "Proxy-") == 0) {
+				toErase.push_back(it.first);
+			} else {
+				/* allow */
 			}
-		}*/
-	
-		while (len > 0) 
-		{
-			//TODO: fallback to finding HOst: header if needed
-			switch (m_state) 
-			{
-				case GET_METHOD:
-					switch (*http_buff) 
-					{
-						case ' ': EnterState(GET_HOSTNAME); break;
-						default: m_method.push_back(*http_buff); break;
-					}
-				break;
-				case GET_HOSTNAME:
-					switch (*http_buff) 
-					{
-						case ' ': EnterState(GET_HTTPV); break;
-						default: m_url.push_back(*http_buff); break;
-					}
-				break;
-				case GET_HTTPV:
-					switch (*http_buff) 
-					{
-						case '\r': EnterState(GET_HTTPVNL); break;
-						default: m_version.push_back(*http_buff); break;
-					}
-				break;
-				case GET_HTTPVNL:
-					switch (*http_buff) 
-					{
-						case '\n': EnterState(DONE); break;
-						default:
-							LogPrint(eLogError,"--- HTTP Proxy rejected invalid request ending with: ", ((int)*http_buff));
-							HTTPRequestFailed(); //TODO: add correct code
-							return false;
-					}
-				break;
-				default:
-					LogPrint(eLogError,"--- HTTP Proxy invalid state: ", m_state);
-					HTTPRequestFailed(); //TODO: add correct code 500
-					return false;
-			}
-			http_buff++;
-			len--;
-			if (m_state == DONE)
-				return CreateHTTPRequest(http_buff,len);
 		}
+		for (const auto& header : toErase) {
+			req.headers.erase(header);
+		}
+		/* replace headers */
+		req.add_header("Connection", "close", true); /* keep-alive conns not supported yet */
+		req.add_header("User-Agent", "MYOB/6.66 (AN/ON)", true); /* privacy */
+	}
+
+	/**
+	 * @brief Try to parse request from @a m_recv_buf
+	 *   If parsing success, rebuild request and store to @a m_send_buf
+	 * with remaining data tail
+	 * @return true on processed request or false if more data needed
+	 */
+	bool HTTPReqHandler::HandleRequest()
+	{
+		i2p::http::HTTPReq req;
+		i2p::http::URL url;
+		std::string b64;
+		int req_len = 0;
+
+		req_len = req.parse(m_recv_buf);
+
+		if (req_len == 0)
+			return false; /* need more data */
+
+		if (req_len < 0) {
+			LogPrint(eLogError, "HTTPProxy: unable to parse request");
+			GenericProxyError("Invalid request", "Proxy unable to parse your request");
+			return true; /* parse error */
+		}
+
+		/* parsing success, now let's look inside request */
+		LogPrint(eLogDebug, "HTTPProxy: requested: ", req.uri);
+		url.parse(req.uri);
+
+		if (ExtractAddressHelper(url, b64)) {
+			i2p::client::context.GetAddressBook ().InsertAddress (url.host, b64);
+			LogPrint (eLogInfo, "HTTPProxy: added b64 from addresshelper for ", url.host);
+			std::string full_url = url.to_string();
+			std::stringstream ss;
+			ss << "Host " << url.host << " added to router's addressbook from helper. "
+			   << "Click <a href=\"" << full_url << "\">here</a> to proceed.";
+			GenericProxyError("Addresshelper found", ss.str().c_str());
+			return true; /* request processed */
+		}
+
+		SanitizeHTTPRequest(req);
+
+		std::string dest_host = url.host;
+		uint16_t    dest_port = url.port;
+		/* always set port, even if missing in request */
+		if (!dest_port) {
+			dest_port = (url.schema == "https") ? 443 : 80;
+		}
+		/* detect dest_host, set proper 'Host' header in upstream request */
+		auto h = req.headers.find("Host");
+		if (dest_host != "") {
+			/* absolute url, replace 'Host' header */
+			std::string h = dest_host;
+			if (dest_port != 0 && dest_port != 80)
+				h += ":" + std::to_string(dest_port);
+			req.add_header("Host", h, true);
+		} else if (h != req.headers.end()) {
+			/* relative url and 'Host' header provided. transparent proxy mode? */
+			i2p::http::URL u;
+			std::string t = "http://" + h->second;
+			u.parse(t);
+			dest_host = u.host;
+			dest_port = u.port;
+		} else {
+			/* relative url and missing 'Host' header */
+			GenericProxyError("Invalid request", "Can't detect destination host from request");
+			return true;
+		}
+
+		/* check dest_host really exists and inside I2P network */
+		i2p::data::IdentHash identHash;
+		if (str_rmatch(dest_host, ".i2p")) {
+			if (!i2p::client::context.GetAddressBook ().GetIdentHash (dest_host, identHash)) {
+				HostNotFound(dest_host);
+				return true; /* request processed */
+			}
+			/* TODO: outproxy handler here */
+		} else {
+			LogPrint (eLogWarning, "HTTPProxy: outproxy failure for ", dest_host, ": not implemented yet");
+			std::string message = "Host" + dest_host + "not inside I2P network, but outproxy support not implemented yet";
+			GenericProxyError("Outproxy failure", message.c_str());
+			return true;
+		}
+
+		/* make relative url */
+		url.schema = "";
+		url.host   = "";
+		req.uri = url.to_string();
+
+		/* drop original request from recv buffer */
+		m_recv_buf.erase(0, req_len);
+		/* build new buffer from modified request and data from original request */
+		m_send_buf = req.to_string();
+		m_send_buf.append(m_recv_buf);
+		/* connect to destination */
+		LogPrint(eLogDebug, "HTTPProxy: connecting to host ", dest_host, ":", dest_port);
+		GetOwner()->CreateStream (std::bind (&HTTPReqHandler::HandleStreamRequestComplete,
+			shared_from_this(), std::placeholders::_1), dest_host, dest_port);
 		return true;
 	}
 
-	void HTTPProxyHandler::HandleSockRecv(const boost::system::error_code & ecode, std::size_t len)
+	/* will be called after some data received from client */
+	void HTTPReqHandler::HandleSockRecv(const boost::system::error_code & ecode, std::size_t len)
 	{
-		LogPrint(eLogDebug,"--- HTTP Proxy sock recv: ", len);
+		LogPrint(eLogDebug, "HTTPProxy: sock recv: ", len, " bytes, recv buf: ", m_recv_buf.length(), ", send buf: ", m_send_buf.length());
 		if(ecode) 
 		{
-			LogPrint(eLogWarning," --- HTTP Proxy sock recv got error: ", ecode);
-                        Terminate();
+			LogPrint(eLogWarning, "HTTPProxy: sock recv got error: ", ecode);
+			Terminate();
 			return;
 		}
 
-		if (HandleData(m_http_buff, len)) 
-		{
-			if (m_state == DONE) 
-			{
-				LogPrint(eLogInfo,"--- HTTP Proxy requested: ", m_url);
-				GetOwner()->CreateStream (std::bind (&HTTPProxyHandler::HandleStreamRequestComplete,
-						shared_from_this(), std::placeholders::_1), m_address, m_port);
-			} 
-			else 
-				AsyncSockRead();
+		m_recv_buf.append(reinterpret_cast<const char *>(m_recv_chunk), len);
+		if (HandleRequest()) {
+			m_recv_buf.clear();
+			return;
 		}
-
+		AsyncSockRead();
 	}
 
-	void HTTPProxyHandler::SentHTTPFailed(const boost::system::error_code & ecode)
+	void HTTPReqHandler::SentHTTPFailed(const boost::system::error_code & ecode)
 	{
-		if (!ecode)
-			Terminate();
-		else 
-		{
-			LogPrint (eLogError,"--- HTTP Proxy Closing socket after sending failure because: ", ecode.message ());
-			Terminate();
-		}
+		if (ecode)
+			LogPrint (eLogError, "HTTPProxy: Closing socket after sending failure because: ", ecode.message ());
+		Terminate();
 	}
 
-	void HTTPProxyHandler::HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream)
+	void HTTPReqHandler::HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream)
 	{
-		if (stream) 
-		{
-			if (Kill()) return;
-			LogPrint (eLogInfo,"--- HTTP Proxy New I2PTunnel connection");
-			auto connection = std::make_shared<i2p::client::I2PTunnelConnection>(GetOwner(), m_sock, stream);
-			GetOwner()->AddHandler (connection);
-			connection->I2PConnect (reinterpret_cast<const uint8_t*>(m_request.data()), m_request.size());
-			Done(shared_from_this());
-		} 
-		else 
-		{
-			LogPrint (eLogError,"--- HTTP Proxy Issue when creating the stream, check the previous warnings for more info.");
-			HTTPRequestFailed(); // TODO: Send correct error message host unreachable
+		if (!stream) {
+			LogPrint (eLogError, "HTTPProxy: error when creating the stream, check the previous warnings for more info");
+			GenericProxyError("Host is down", "Can't create connection to requested host, it may be down");
+			return;
 		}
+		if (Kill())
+			return;
+		LogPrint (eLogDebug, "HTTPProxy: Created new I2PTunnel stream, sSID=", stream->GetSendStreamID(), ", rSID=", stream->GetRecvStreamID());
+		auto connection = std::make_shared<i2p::client::I2PTunnelConnection>(GetOwner(), m_sock, stream);
+		GetOwner()->AddHandler (connection);
+		connection->I2PConnect (reinterpret_cast<const uint8_t*>(m_send_buf.data()), m_send_buf.length());
+		Done (shared_from_this());
 	}
 
-	HTTPProxyServer::HTTPProxyServer(const std::string& address, int port, std::shared_ptr<i2p::client::ClientDestination> localDestination): 
+	HTTPProxy::HTTPProxy(const std::string& address, int port, std::shared_ptr<i2p::client::ClientDestination> localDestination):
 		TCPIPAcceptor(address, port, localDestination ? localDestination : i2p::client::context.GetSharedLocalDestination ()) 
 	{
 	}
 	
-	std::shared_ptr<i2p::client::I2PServiceHandler> HTTPProxyServer::CreateHandler(std::shared_ptr<boost::asio::ip::tcp::socket> socket)
+	std::shared_ptr<i2p::client::I2PServiceHandler> HTTPProxy::CreateHandler(std::shared_ptr<boost::asio::ip::tcp::socket> socket)
 	{
-		return std::make_shared<HTTPProxyHandler> (this, socket);
+		return std::make_shared<HTTPReqHandler> (this, socket);
 	}
-
-}
-}
+} // http
+} // i2p

HTTPProxy.h

@@ -1,32 +1,21 @@
 #ifndef HTTP_PROXY_H__
 #define HTTP_PROXY_H__
 
-#include <memory>
-#include <set>
-#include <boost/asio.hpp>
-#include <mutex>
-#include "I2PService.h"
-#include "Destination.h"
-
-namespace i2p
-{
-namespace proxy
-{
-	class HTTPProxyServer: public i2p::client::TCPIPAcceptor
+namespace i2p {
+namespace proxy {
+	class HTTPProxy: public i2p::client::TCPIPAcceptor
 	{
 		public:
 
-			HTTPProxyServer(const std::string& address, int port, std::shared_ptr<i2p::client::ClientDestination> localDestination = nullptr);
-			~HTTPProxyServer() {};
+			HTTPProxy(const std::string& address, int port, std::shared_ptr<i2p::client::ClientDestination> localDestination = nullptr);
+			~HTTPProxy() {};
 
 		protected:
 			// Implements TCPIPAcceptor
 			std::shared_ptr<i2p::client::I2PServiceHandler> CreateHandler(std::shared_ptr<boost::asio::ip::tcp::socket> socket);
 			const char* GetName() { return "HTTP Proxy"; }
 	};
-
-	typedef HTTPProxyServer HTTPProxy;
-}
-}
+} // http
+} // i2p
 
 #endif

HTTPServer.h

@@ -1,106 +1,39 @@
 #ifndef HTTP_SERVER_H__
 #define HTTP_SERVER_H__
 
-#include <sstream>
-#include <thread>
-#include <memory>
-#include <boost/asio.hpp>
-#include <boost/array.hpp>
-#include "LeaseSet.h"
-#include "Streaming.h"
-
-namespace i2p
-{
-namespace util
-{
+namespace i2p {
+namespace http {
+	extern const char *itoopieFavicon;
 	const size_t HTTP_CONNECTION_BUFFER_SIZE = 8192;	
-	const int HTTP_DESTINATION_REQUEST_TIMEOUT = 10; // in seconds
+
 	class HTTPConnection: public std::enable_shared_from_this<HTTPConnection>
 	{
-		protected:
-
-			struct header
-			{
-			  std::string name;
-			  std::string value;
-			};
-
-			struct request
-			{
-			  std::string method;
-			  std::string uri;
-			  std::string host;
-		      int port;	
-			  int http_version_major;
-			  int http_version_minor;
-			  std::vector<header> headers;
-			};
-
-			struct reply
-			{
-				std::vector<header> headers;
-				std::string status_string, content;
-				std::vector<boost::asio::const_buffer> to_buffers (int status);
-			};
-
 		public:
 
-			HTTPConnection (std::shared_ptr<boost::asio::ip::tcp::socket> socket): 
-				m_Socket (socket), m_Timer (socket->get_io_service ()), 
-				m_Stream (nullptr), m_BufferLen (0) {};
+			HTTPConnection (std::shared_ptr<boost::asio::ip::tcp::socket> socket);
 			void Receive ();
 			
 		private:
 
-			void Terminate ();
 			void HandleReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
-			void AsyncStreamReceive ();
-			void HandleStreamReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
-			void HandleWriteReply(const boost::system::error_code& ecode);
-			void HandleWrite (const boost::system::error_code& ecode);
-			void SendReply (const std::string& content, int status = 200);
+			void Terminate     (const boost::system::error_code& ecode);
 
-			void HandleRequest (const std::string& address);
-			void HandleCommand (const std::string& command, std::stringstream& s);
-			void ShowTransports (std::stringstream& s);
-			void ShowTunnels (std::stringstream& s);
-			void ShowTransitTunnels (std::stringstream& s);
-			void ShowLocalDestinations (std::stringstream& s);
-			void ShowLocalDestination (const std::string& b32, std::stringstream& s);
-			void ShowSAMSessions (std::stringstream& s);
-			void ShowSAMSession (const std::string& id, std::stringstream& s);
-			void ShowI2PTunnels (std::stringstream& s);
-			void StartAcceptingTunnels (std::stringstream& s);
-			void StopAcceptingTunnels (std::stringstream& s);
-			void RunPeerTest (std::stringstream& s);
-			void FillContent (std::stringstream& s);
-			std::string ExtractAddress ();
-			void ExtractParams (const std::string& str, std::map<std::string, std::string>& params);
-			
-			
-		protected:
+			void RunRequest ();
+			bool CheckAuth     (const HTTPReq & req);
+			void HandleRequest (const HTTPReq & req);
+			void HandlePage    (const HTTPReq & req, HTTPRes & res, std::stringstream& data);
+			void HandleCommand (const HTTPReq & req, HTTPRes & res, std::stringstream& data);
+			void SendReply     (HTTPRes & res, std::string & content);
+
+		private:
 
 			std::shared_ptr<boost::asio::ip::tcp::socket> m_Socket;
 			boost::asio::deadline_timer m_Timer;
-			std::shared_ptr<i2p::stream::Stream> m_Stream;
-			char m_Buffer[HTTP_CONNECTION_BUFFER_SIZE + 1], m_StreamBuffer[HTTP_CONNECTION_BUFFER_SIZE + 1];
+			char m_Buffer[HTTP_CONNECTION_BUFFER_SIZE + 1];
 			size_t m_BufferLen;
-			request m_Request;
-			reply m_Reply;
-
-		protected:
-	
-			virtual void RunRequest ();
-			void HandleDestinationRequest(const std::string& address, const std::string& uri);
-			void SendToAddress (const std::string& address, int port, const char * buf, size_t len);
-			void HandleDestinationRequestTimeout (const boost::system::error_code& ecode, 
-				i2p::data::IdentHash destination, int port, const char * buf, size_t len);
-			void SendToDestination (std::shared_ptr<const i2p::data::LeaseSet> remote, int port, const char * buf, size_t len);
-
-		public:
-
-			static const std::string itoopieImage;
-			static const std::string itoopieFavicon;
+			bool needAuth;
+			std::string user;
+			std::string pass;
 	};
 
 	class HTTPServer
@@ -108,7 +41,7 @@ namespace util
 		public:
 
 			HTTPServer (const std::string& address, int port);
-			virtual ~HTTPServer ();
+			~HTTPServer ();
 
 			void Start ();
 			void Stop ();
@@ -119,6 +52,7 @@ namespace util
  			void Accept ();
 			void HandleAccept(const boost::system::error_code& ecode,
 				std::shared_ptr<boost::asio::ip::tcp::socket> newSocket);
+			void CreateConnection(std::shared_ptr<boost::asio::ip::tcp::socket> newSocket);
 			
 		private:
 
@@ -126,13 +60,8 @@ namespace util
 			boost::asio::io_service m_Service;
 			boost::asio::io_service::work m_Work;
 			boost::asio::ip::tcp::acceptor m_Acceptor;
-
-		protected:
-			virtual void CreateConnection(std::shared_ptr<boost::asio::ip::tcp::socket> newSocket);
 	};
-}
-}
-
-#endif
-
+} // http
+} // i2p
 
+#endif /* HTTP_SERVER_H__ */

I2CP.cpp

@@ -0,0 +1,726 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/rand.h>
+#include "I2PEndian.h"
+#include "Log.h"
+#include "Timestamp.h"
+#include "LeaseSet.h"
+#include "ClientContext.h"
+#include "Transports.h"
+#include "Signature.h"
+#include "I2CP.h"
+
+namespace i2p
+{
+namespace client
+{
+
+	I2CPDestination::I2CPDestination (std::shared_ptr<I2CPSession> owner, std::shared_ptr<const i2p::data::IdentityEx> identity, bool isPublic, const std::map<std::string, std::string>& params): 
+		LeaseSetDestination (isPublic, &params), m_Owner (owner), m_Identity (identity) 
+	{
+	}
+
+	void I2CPDestination::SetEncryptionPrivateKey (const uint8_t * key)
+	{
+		memcpy (m_EncryptionPrivateKey, key, 256);
+	}
+
+	void I2CPDestination::HandleDataMessage (const uint8_t * buf, size_t len)
+	{
+		uint32_t length = bufbe32toh (buf);
+		if (length > len - 4) length = len - 4;
+		m_Owner->SendMessagePayloadMessage (buf + 4, length);
+	}
+
+	void I2CPDestination::CreateNewLeaseSet (std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels) 
+	{
+		i2p::data::LocalLeaseSet ls (m_Identity, m_EncryptionPrivateKey, tunnels); // we don't care about encryption key
+		m_LeaseSetExpirationTime = ls.GetExpirationTime ();
+		uint8_t * leases = ls.GetLeases ();
+		leases[-1] = tunnels.size ();
+		htobe16buf (leases - 3, m_Owner->GetSessionID ());
+		size_t l = 2/*sessionID*/ + 1/*num leases*/ + i2p::data::LEASE_SIZE*tunnels.size ();
+		m_Owner->SendI2CPMessage (I2CP_REQUEST_VARIABLE_LEASESET_MESSAGE, leases - 3, l); 
+	}
+	
+	void I2CPDestination::LeaseSetCreated (const uint8_t * buf, size_t len)
+	{
+		auto ls = new i2p::data::LocalLeaseSet (m_Identity, buf, len);
+		ls->SetExpirationTime (m_LeaseSetExpirationTime);
+		SetLeaseSet (ls);
+	}
+	
+	void I2CPDestination::SendMsgTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash& ident, uint32_t nonce)
+	{
+		auto msg = NewI2NPMessage ();
+		uint8_t * buf = msg->GetPayload ();
+		htobe32buf (buf, len);
+		memcpy (buf + 4, payload, len);
+		msg->len += len + 4; 
+		msg->FillI2NPMessageHeader (eI2NPData);
+		auto remote = FindLeaseSet (ident);
+		if (remote)
+			GetService ().post (std::bind (&I2CPDestination::SendMsg, GetSharedFromThis (), msg, remote));
+		else
+		{
+			auto s = GetSharedFromThis ();
+			RequestDestination (ident,
+				[s, msg, nonce](std::shared_ptr<i2p::data::LeaseSet> ls)
+				{
+					if (ls)
+					{ 
+						bool sent = s->SendMsg (msg, ls);
+						s->m_Owner->SendMessageStatusMessage (nonce, sent ? eI2CPMessageStatusGuaranteedSuccess : eI2CPMessageStatusGuaranteedFailure);
+					}
+					else
+						s->m_Owner->SendMessageStatusMessage (nonce, eI2CPMessageStatusNoLeaseSet);
+				});
+		}
+	}
+
+	bool I2CPDestination::SendMsg (std::shared_ptr<I2NPMessage> msg, std::shared_ptr<const i2p::data::LeaseSet> remote)
+	{	
+		auto remoteSession = GetRoutingSession (remote, true); 	
+		if (!remoteSession)
+		{
+			LogPrint (eLogError, "I2CP: Failed to create remote session");
+			return false;
+		}
+		auto path = remoteSession->GetSharedRoutingPath ();
+		std::shared_ptr<i2p::tunnel::OutboundTunnel> outboundTunnel;
+		std::shared_ptr<const i2p::data::Lease> remoteLease;	
+		if (path)
+		{
+			if (!remoteSession->CleanupUnconfirmedTags ()) // no stuck tags
+			{
+				outboundTunnel = path->outboundTunnel;
+				remoteLease = path->remoteLease;
+			}
+			else
+				remoteSession->SetSharedRoutingPath (nullptr);
+		}
+		else
+		{
+			auto outboundTunnel = GetTunnelPool ()->GetNextOutboundTunnel ();
+			auto leases = remote->GetNonExpiredLeases ();
+			if (!leases.empty ())		
+				remoteLease = leases[rand () % leases.size ()];
+			if (remoteLease && outboundTunnel)
+				remoteSession->SetSharedRoutingPath (std::make_shared<i2p::garlic::GarlicRoutingPath> (
+					i2p::garlic::GarlicRoutingPath{outboundTunnel, remoteLease, 10000, 0, 0})); // 10 secs RTT
+			else
+				remoteSession->SetSharedRoutingPath (nullptr);
+		}	
+		if (remoteLease && outboundTunnel)
+		{
+			std::vector<i2p::tunnel::TunnelMessageBlock> msgs;			
+			auto garlic = remoteSession->WrapSingleMessage (msg);
+			msgs.push_back (i2p::tunnel::TunnelMessageBlock 
+				{ 
+					i2p::tunnel::eDeliveryTypeTunnel,
+					remoteLease->tunnelGateway, remoteLease->tunnelID,
+					garlic
+				});
+			outboundTunnel->SendTunnelDataMsg (msgs);
+			return true;
+		}		
+		else
+		{
+			if (outboundTunnel)
+				LogPrint (eLogWarning, "I2CP: Failed to send message. All leases expired");
+			else
+				LogPrint (eLogWarning, "I2CP: Failed to send message. No outbound tunnels");
+			return false;
+		}	
+	}
+
+	I2CPSession::I2CPSession (I2CPServer& owner, std::shared_ptr<proto::socket> socket):
+		m_Owner (owner), m_Socket (socket), m_Payload (nullptr),
+		m_SessionID (0xFFFF), m_MessageID (0), m_IsSendAccepted (true)
+	{
+	}
+		
+	I2CPSession::~I2CPSession ()
+	{
+		delete[] m_Payload;
+	}
+
+	void I2CPSession::Start ()
+	{
+		ReadProtocolByte ();
+	}
+
+	void I2CPSession::Stop ()
+	{
+		Terminate ();
+	}
+
+	void I2CPSession::ReadProtocolByte ()
+	{
+		if (m_Socket)
+		{
+			auto s = shared_from_this ();	
+			m_Socket->async_read_some (boost::asio::buffer (m_Header, 1), 
+				[s](const boost::system::error_code& ecode, std::size_t bytes_transferred)
+				    {
+						if (!ecode && bytes_transferred > 0 && s->m_Header[0] == I2CP_PROTOCOL_BYTE)
+							s->ReceiveHeader ();
+						else
+							s->Terminate ();
+					});
+		}
+	}
+
+	void I2CPSession::ReceiveHeader ()
+	{
+		boost::asio::async_read (*m_Socket, boost::asio::buffer (m_Header, I2CP_HEADER_SIZE),
+			boost::asio::transfer_all (),
+			std::bind (&I2CPSession::HandleReceivedHeader, shared_from_this (), std::placeholders::_1, std::placeholders::_2));
+	}
+
+	void I2CPSession::HandleReceivedHeader (const boost::system::error_code& ecode, std::size_t bytes_transferred)
+	{
+		if (ecode)
+			Terminate ();
+		else
+		{
+			m_PayloadLen = bufbe32toh (m_Header + I2CP_HEADER_LENGTH_OFFSET);
+			if (m_PayloadLen > 0)
+			{
+				m_Payload = new uint8_t[m_PayloadLen];
+				ReceivePayload ();
+			}
+			else // no following payload
+			{
+				HandleMessage ();
+				ReceiveHeader (); // next message
+			}
+		}
+	}
+
+	void I2CPSession::ReceivePayload ()
+	{
+		boost::asio::async_read (*m_Socket, boost::asio::buffer (m_Payload, m_PayloadLen),
+			boost::asio::transfer_all (),
+			std::bind (&I2CPSession::HandleReceivedPayload, shared_from_this (), std::placeholders::_1, std::placeholders::_2));
+	}
+
+	void I2CPSession::HandleReceivedPayload (const boost::system::error_code& ecode, std::size_t bytes_transferred)
+	{
+		if (ecode)
+			Terminate ();
+		else
+		{
+			HandleMessage ();
+			delete[] m_Payload;
+			m_Payload = nullptr;
+			m_PayloadLen = 0;	
+			ReceiveHeader (); // next message
+		}
+	}
+
+	void I2CPSession::HandleMessage ()
+	{
+		auto handler = m_Owner.GetMessagesHandlers ()[m_Header[I2CP_HEADER_TYPE_OFFSET]];
+		if (handler)
+			(this->*handler)(m_Payload, m_PayloadLen);
+		else
+			LogPrint (eLogError, "I2CP: Unknown I2CP messsage ", (int)m_Header[I2CP_HEADER_TYPE_OFFSET]);
+	}
+
+	void I2CPSession::Terminate ()
+	{
+		if (m_Destination)
+		{
+			m_Destination->Stop ();
+			m_Destination = nullptr;
+		}
+		if (m_Socket)
+		{
+			m_Socket->close ();
+			m_Socket = nullptr;
+		}
+		m_Owner.RemoveSession (GetSessionID ());
+		LogPrint (eLogDebug, "I2CP: session ", m_SessionID, " terminated");
+	}
+
+	void I2CPSession::SendI2CPMessage (uint8_t type, const uint8_t * payload, size_t len)
+	{
+		auto socket = m_Socket;
+		if (socket)
+		{	
+			auto l = len + I2CP_HEADER_SIZE;
+			uint8_t * buf = new uint8_t[l];
+			htobe32buf (buf + I2CP_HEADER_LENGTH_OFFSET, len);
+			buf[I2CP_HEADER_TYPE_OFFSET] = type;
+			memcpy (buf + I2CP_HEADER_SIZE, payload, len);
+			boost::asio::async_write (*socket, boost::asio::buffer (buf, l), boost::asio::transfer_all (),
+		    	std::bind(&I2CPSession::HandleI2CPMessageSent, shared_from_this (), 
+							std::placeholders::_1, std::placeholders::_2, buf));	
+		}	
+		else
+			LogPrint (eLogError, "I2CP: Can't write to the socket");
+	}
+
+	void I2CPSession::HandleI2CPMessageSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, const uint8_t * buf)
+	{
+		delete[] buf;
+		if (ecode && ecode != boost::asio::error::operation_aborted)
+			Terminate ();
+	}
+
+	std::string I2CPSession::ExtractString (const uint8_t * buf, size_t len)
+	{
+		uint8_t l = buf[0];
+		if (l > len) l = len;
+		return std::string ((const char *)(buf + 1), l);
+	}
+
+	size_t I2CPSession::PutString (uint8_t * buf, size_t len, const std::string& str)
+	{
+		auto l = str.length ();
+		if (l + 1 >= len) l = len - 1;
+		if (l > 255) l = 255; // 1 byte max
+		buf[0] = l;
+		memcpy (buf + 1, str.c_str (), l);	
+		return l + 1;
+	}
+
+	void I2CPSession::ExtractMapping (const uint8_t * buf, size_t len, std::map<std::string, std::string>& mapping)
+	// TODO: move to Base.cpp
+	{
+		size_t offset = 0;
+		while (offset < len)
+		{
+			std::string param = ExtractString (buf + offset, len - offset);
+			offset += param.length () + 1;
+			if (buf[offset] != '=') 
+			{
+				LogPrint (eLogWarning, "I2CP: Unexpected character ", buf[offset], " instead '=' after ", param);
+				break;	
+			}				
+			offset++;
+
+			std::string value = ExtractString (buf + offset, len - offset);
+			offset += value.length () + 1;
+			if (buf[offset] != ';') 
+			{
+				LogPrint (eLogWarning, "I2CP: Unexpected character ", buf[offset], " instead ';' after ", value);
+				break;	
+			}				
+			offset++;
+			mapping.insert (std::make_pair (param, value));
+		}
+	}
+
+	void I2CPSession::GetDateMessageHandler (const uint8_t * buf, size_t len)
+	{
+		// get version
+		auto version = ExtractString (buf, len);
+		auto l = version.length () + 1 + 8;
+		uint8_t * payload = new uint8_t[l];
+		// set date
+		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+		htobe64buf (payload, ts);
+		// echo vesrion back
+		PutString (payload + 8, l - 8, version);
+		SendI2CPMessage (I2CP_SET_DATE_MESSAGE, payload, l); 
+		delete[] payload;
+	}
+
+	void I2CPSession::CreateSessionMessageHandler (const uint8_t * buf, size_t len)
+	{
+		RAND_bytes ((uint8_t *)&m_SessionID, 2);
+		auto identity = std::make_shared<i2p::data::IdentityEx>();
+		size_t offset = identity->FromBuffer (buf, len);
+		if (!offset)
+		{
+			LogPrint (eLogError, "I2CP: create session maformed identity");	
+			SendSessionStatusMessage (3); // invalid
+			return;
+		}	
+		uint16_t optionsSize = bufbe16toh (buf + offset);
+		offset += 2;
+		if (optionsSize > len - offset)
+		{
+			LogPrint (eLogError, "I2CP: options size ", optionsSize, "exceeds message size");	
+			SendSessionStatusMessage (3); // invalid
+			return;
+		}
+		std::map<std::string, std::string> params;
+		ExtractMapping (buf + offset, optionsSize, params);		
+		offset += optionsSize; // options
+		if (params[I2CP_PARAM_MESSAGE_RELIABILITY] == "none") m_IsSendAccepted = false;
+
+		offset += 8; // date
+		if (identity->Verify (buf, offset, buf + offset)) // signature
+		{	
+			bool isPublic = true;
+			if (params[I2CP_PARAM_DONT_PUBLISH_LEASESET] == "true") isPublic = false;
+			if (!m_Destination)
+			{
+				m_Destination = std::make_shared<I2CPDestination>(shared_from_this (), identity, isPublic, params);
+				SendSessionStatusMessage (1); // created
+				LogPrint (eLogDebug, "I2CP: session ", m_SessionID, " created");
+				m_Destination->Start ();	
+			}
+			else
+			{
+				LogPrint (eLogError, "I2CP: session already exists");	
+				SendSessionStatusMessage (4); // refused
+			}
+		}
+		else
+		{
+			LogPrint (eLogError, "I2CP: create session signature verification falied");	
+			SendSessionStatusMessage (3); // invalid
+		}
+	}
+
+	void I2CPSession::DestroySessionMessageHandler (const uint8_t * buf, size_t len)
+	{
+		SendSessionStatusMessage (0); // destroy
+		LogPrint (eLogDebug, "I2CP: session ", m_SessionID, " destroyed");
+		if (m_Destination)
+		{
+			m_Destination->Stop ();
+			m_Destination = 0;
+		}
+	}
+
+	void I2CPSession::ReconfigureSessionMessageHandler (const uint8_t * buf, size_t len)
+	{
+		// TODO: implement actual reconfiguration
+		SendSessionStatusMessage (2); // updated
+	}	
+
+	void I2CPSession::SendSessionStatusMessage (uint8_t status)
+	{
+		uint8_t buf[3];
+		htobe16buf (buf, m_SessionID);
+		buf[2] = status;
+		SendI2CPMessage (I2CP_SESSION_STATUS_MESSAGE, buf, 3); 
+	}
+
+	void I2CPSession::SendMessageStatusMessage (uint32_t nonce, I2CPMessageStatus status)
+	{
+		if (!nonce) return; // don't send status with zero nonce
+		uint8_t buf[15];
+		htobe16buf (buf, m_SessionID);
+		htobe32buf (buf + 2, m_MessageID++);
+		buf[6] = (uint8_t)status;
+		memset (buf + 7, 0, 4); // size
+		htobe32buf (buf + 11, nonce);	
+		SendI2CPMessage (I2CP_MESSAGE_STATUS_MESSAGE, buf, 15); 	
+	}
+
+	void I2CPSession::CreateLeaseSetMessageHandler (const uint8_t * buf, size_t len)
+	{
+		uint16_t sessionID = bufbe16toh (buf);
+		if (sessionID == m_SessionID)
+		{
+			size_t offset = 2;
+			if (m_Destination)
+			{
+				offset += i2p::crypto::DSA_PRIVATE_KEY_LENGTH; // skip signing private key
+				// we always assume this field as 20 bytes (DSA) regardless actual size
+				// instead of 	
+				//offset += m_Destination->GetIdentity ()->GetSigningPrivateKeyLen (); 
+				m_Destination->SetEncryptionPrivateKey (buf + offset);
+				offset += 256;
+				m_Destination->LeaseSetCreated (buf + offset, len - offset);
+			}
+		}	
+		else
+			LogPrint (eLogError, "I2CP: unexpected sessionID ", sessionID);
+	}
+
+	void I2CPSession::SendMessageMessageHandler (const uint8_t * buf, size_t len)
+	{
+		uint16_t sessionID = bufbe16toh (buf);
+		if (sessionID == m_SessionID)
+		{
+			size_t offset = 2;
+			if (m_Destination)
+			{
+				i2p::data::IdentityEx identity;
+				size_t identsize = identity.FromBuffer (buf + offset, len - offset);
+        if (identsize)
+        {
+          offset += identsize;
+          uint32_t payloadLen = bufbe32toh (buf + offset);
+          if (payloadLen + offset <= len)
+          {            
+            offset += 4;
+            uint32_t nonce = bufbe32toh (buf + offset + payloadLen);
+            if (m_IsSendAccepted) 
+              SendMessageStatusMessage (nonce, eI2CPMessageStatusAccepted); // accepted
+            m_Destination->SendMsgTo (buf + offset, payloadLen, identity.GetIdentHash (), nonce);
+          }
+          else
+            LogPrint(eLogError, "I2CP: cannot send message, too big");
+        }
+        else
+          LogPrint(eLogError, "I2CP: invalid identity");
+			} 
+		}	
+		else
+			LogPrint (eLogError, "I2CP: unexpected sessionID ", sessionID);
+	}
+
+	void I2CPSession::SendMessageExpiresMessageHandler (const uint8_t * buf, size_t len)
+	{
+		SendMessageMessageHandler (buf, len - 8); // ignore flags(2) and expiration(6) 
+	}	
+
+	void I2CPSession::HostLookupMessageHandler (const uint8_t * buf, size_t len)
+	{
+		uint16_t sessionID = bufbe16toh (buf);
+		if (sessionID == m_SessionID || sessionID == 0xFFFF) // -1 means without session
+		{
+			uint32_t requestID = bufbe32toh (buf + 2);
+			//uint32_t timeout = bufbe32toh (buf + 6);
+			i2p::data::IdentHash ident;
+			switch (buf[10]) 
+			{
+				case 0: // hash
+					ident = i2p::data::IdentHash (buf + 11);
+				break;
+				case 1: // address
+				{
+					auto name = ExtractString (buf + 11, len - 11);
+					if (!i2p::client::context.GetAddressBook ().GetIdentHash (name, ident))
+					{
+						LogPrint (eLogError, "I2CP: address ", name, " not found");
+						SendHostReplyMessage (requestID, nullptr);
+						return;
+					}
+					break;	
+				}
+				default:
+					LogPrint (eLogError, "I2CP: request type ", (int)buf[10], " is not supported");
+					SendHostReplyMessage (requestID, nullptr);
+					return;
+			}
+
+			std::shared_ptr<LeaseSetDestination> destination = m_Destination;
+			if(!destination) destination = i2p::client::context.GetSharedLocalDestination ();	
+			if (destination)
+			{
+				auto ls = destination->FindLeaseSet (ident);
+				if (ls)
+					SendHostReplyMessage (requestID, ls->GetIdentity ());
+				else
+				{
+					auto s = shared_from_this ();
+					destination->RequestDestination (ident,
+						[s, requestID](std::shared_ptr<i2p::data::LeaseSet> leaseSet)
+						{
+							s->SendHostReplyMessage (requestID, leaseSet ? leaseSet->GetIdentity () : nullptr);
+						});
+				}		
+			}
+			else
+				SendHostReplyMessage (requestID, nullptr);
+		}	
+		else
+			LogPrint (eLogError, "I2CP: unexpected sessionID ", sessionID);
+	}
+
+	void I2CPSession::SendHostReplyMessage (uint32_t requestID, std::shared_ptr<const i2p::data::IdentityEx> identity)
+	{
+		if (identity)
+		{
+			size_t l = identity->GetFullLen () + 7;
+			uint8_t * buf = new uint8_t[l];
+			htobe16buf (buf, m_SessionID);
+			htobe32buf (buf + 2, requestID);
+			buf[6] = 0; // result code
+			identity->ToBuffer (buf + 7, l - 7);
+			SendI2CPMessage (I2CP_HOST_REPLY_MESSAGE, buf, l); 
+			delete[] buf;
+		}
+		else
+		{
+			uint8_t buf[7];
+			htobe16buf (buf, m_SessionID);
+			htobe32buf (buf + 2, requestID);
+			buf[6] = 1; // result code
+			SendI2CPMessage (I2CP_HOST_REPLY_MESSAGE, buf, 7); 
+		}	
+	}
+
+	void I2CPSession::DestLookupMessageHandler (const uint8_t * buf, size_t len)
+	{
+		if (m_Destination)
+		{
+			auto ls = m_Destination->FindLeaseSet (buf);
+			if (ls)
+			{	
+				auto l = ls->GetIdentity ()->GetFullLen ();
+				uint8_t * identBuf = new uint8_t[l];
+				ls->GetIdentity ()->ToBuffer (identBuf, l);
+				SendI2CPMessage (I2CP_DEST_REPLY_MESSAGE, identBuf, l);
+				delete[] identBuf;
+			}
+			else
+			{
+				auto s = shared_from_this ();
+				i2p::data::IdentHash ident (buf);
+				m_Destination->RequestDestination (ident,
+					[s, ident](std::shared_ptr<i2p::data::LeaseSet> leaseSet)
+					{
+						if (leaseSet) // found
+						{
+							auto l = leaseSet->GetIdentity ()->GetFullLen ();
+							uint8_t * identBuf = new uint8_t[l];
+							leaseSet->GetIdentity ()->ToBuffer (identBuf, l);
+							s->SendI2CPMessage (I2CP_DEST_REPLY_MESSAGE, identBuf, l);
+							delete[] identBuf;
+						}
+						else
+							s->SendI2CPMessage (I2CP_DEST_REPLY_MESSAGE, ident, 32); // not found
+					});
+			}
+		}
+		else
+			SendI2CPMessage (I2CP_DEST_REPLY_MESSAGE, buf, 32); 
+	}	
+
+	void I2CPSession::GetBandwidthLimitsMessageHandler (const uint8_t * buf, size_t len)
+	{
+		uint8_t limits[64];
+		memset (limits, 0, 64);
+		htobe32buf (limits, i2p::transport::transports.GetInBandwidth ()); // inbound
+		htobe32buf (limits + 4, i2p::transport::transports.GetOutBandwidth ()); // outbound
+		SendI2CPMessage (I2CP_BANDWIDTH_LIMITS_MESSAGE, limits, 64);
+	}
+
+	void I2CPSession::SendMessagePayloadMessage (const uint8_t * payload, size_t len)
+	{
+		// we don't use SendI2CPMessage to eliminate additional copy
+		auto l = len + 10 + I2CP_HEADER_SIZE;
+		uint8_t * buf = new uint8_t[l];
+		htobe32buf (buf + I2CP_HEADER_LENGTH_OFFSET, len + 10);
+		buf[I2CP_HEADER_TYPE_OFFSET] = I2CP_MESSAGE_PAYLOAD_MESSAGE;
+		htobe16buf (buf + I2CP_HEADER_SIZE, m_SessionID);
+		htobe32buf (buf + I2CP_HEADER_SIZE + 2, m_MessageID++);
+		htobe32buf (buf + I2CP_HEADER_SIZE + 6, len);		
+		memcpy (buf + I2CP_HEADER_SIZE + 10, payload, len);
+		boost::asio::async_write (*m_Socket, boost::asio::buffer (buf, l), boost::asio::transfer_all (),
+        	std::bind(&I2CPSession::HandleI2CPMessageSent, shared_from_this (), 
+						std::placeholders::_1, std::placeholders::_2, buf));	
+	}
+
+	I2CPServer::I2CPServer (const std::string& interface, int port):
+		m_IsRunning (false), m_Thread (nullptr),
+		m_Acceptor (m_Service, 
+#ifdef ANDROID
+            I2CPSession::proto::endpoint(std::string (1, '\0') + interface)) // leading 0 for abstract address
+#else
+			I2CPSession::proto::endpoint(boost::asio::ip::address::from_string(interface), port))
+#endif
+	{
+		memset (m_MessagesHandlers, 0, sizeof (m_MessagesHandlers));
+		m_MessagesHandlers[I2CP_GET_DATE_MESSAGE] = &I2CPSession::GetDateMessageHandler;
+		m_MessagesHandlers[I2CP_CREATE_SESSION_MESSAGE] = &I2CPSession::CreateSessionMessageHandler;
+		m_MessagesHandlers[I2CP_DESTROY_SESSION_MESSAGE] = &I2CPSession::DestroySessionMessageHandler;
+		m_MessagesHandlers[I2CP_RECONFIGURE_SESSION_MESSAGE] = &I2CPSession::ReconfigureSessionMessageHandler;
+		m_MessagesHandlers[I2CP_CREATE_LEASESET_MESSAGE] = &I2CPSession::CreateLeaseSetMessageHandler;
+		m_MessagesHandlers[I2CP_SEND_MESSAGE_MESSAGE] = &I2CPSession::SendMessageMessageHandler;
+		m_MessagesHandlers[I2CP_SEND_MESSAGE_EXPIRES_MESSAGE] = &I2CPSession::SendMessageExpiresMessageHandler;	
+		m_MessagesHandlers[I2CP_HOST_LOOKUP_MESSAGE] = &I2CPSession::HostLookupMessageHandler;
+		m_MessagesHandlers[I2CP_DEST_LOOKUP_MESSAGE] = &I2CPSession::DestLookupMessageHandler;	
+		m_MessagesHandlers[I2CP_GET_BANDWIDTH_LIMITS_MESSAGE] = &I2CPSession::GetBandwidthLimitsMessageHandler;	
+	}
+
+	I2CPServer::~I2CPServer ()
+	{
+		if (m_IsRunning)
+			Stop ();
+	}
+
+	void I2CPServer::Start ()
+	{
+		Accept ();
+		m_IsRunning = true;
+		m_Thread = new std::thread (std::bind (&I2CPServer::Run, this));
+	}
+
+	void I2CPServer::Stop ()
+	{
+		m_IsRunning = false;
+		m_Acceptor.cancel ();
+		for (auto& it: m_Sessions)
+			it.second->Stop ();
+		m_Sessions.clear ();
+		m_Service.stop ();
+		if (m_Thread)
+		{	
+			m_Thread->join (); 
+			delete m_Thread;
+			m_Thread = nullptr;
+		}	
+	}
+
+	void I2CPServer::Run () 
+	{ 
+		while (m_IsRunning)
+		{
+			try
+			{	
+				m_Service.run ();
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "I2CP: runtime exception: ", ex.what ());
+			}	
+		}	
+	}
+
+	void I2CPServer::Accept ()
+	{
+		auto newSocket = std::make_shared<I2CPSession::proto::socket> (m_Service);
+		m_Acceptor.async_accept (*newSocket, std::bind (&I2CPServer::HandleAccept, this,
+			std::placeholders::_1, newSocket));
+	}
+
+	void I2CPServer::HandleAccept(const boost::system::error_code& ecode,
+		std::shared_ptr<I2CPSession::proto::socket> socket)
+	{
+		if (!ecode && socket)
+		{
+			boost::system::error_code ec;
+			auto ep = socket->remote_endpoint (ec);
+			if (!ec)
+			{	
+				LogPrint (eLogDebug, "I2CP: new connection from ", ep);
+				auto session = std::make_shared<I2CPSession>(*this, socket);
+				m_Sessions[session->GetSessionID ()] = session;
+				session->Start ();
+			}
+			else
+				LogPrint (eLogError, "I2CP: incoming connection error ", ec.message ());
+		}
+		else
+			LogPrint (eLogError, "I2CP: accept error: ", ecode.message ());
+
+		if (ecode != boost::asio::error::operation_aborted)
+			Accept ();
+	}
+
+	void I2CPServer::RemoveSession (uint16_t sessionID)
+	{
+		m_Sessions.erase (sessionID);
+	}	
+}
+}
+

I2CP.h

@@ -0,0 +1,204 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#ifndef I2CP_H__
+#define I2CP_H__
+
+#include <inttypes.h>
+#include <string>
+#include <memory>
+#include <thread>
+#include <map>
+#include <boost/asio.hpp>
+#include "Destination.h"
+
+namespace i2p
+{
+namespace client
+{
+	const uint8_t I2CP_PROTOCOL_BYTE = 0x2A;
+	const size_t I2CP_SESSION_BUFFER_SIZE = 4096;
+
+	const size_t I2CP_HEADER_LENGTH_OFFSET = 0;
+	const size_t I2CP_HEADER_TYPE_OFFSET = I2CP_HEADER_LENGTH_OFFSET + 4;
+	const size_t I2CP_HEADER_SIZE = I2CP_HEADER_TYPE_OFFSET + 1;	
+
+	const uint8_t I2CP_GET_DATE_MESSAGE = 32;
+	const uint8_t I2CP_SET_DATE_MESSAGE = 33;
+	const uint8_t I2CP_CREATE_SESSION_MESSAGE = 1;
+	const uint8_t I2CP_RECONFIGURE_SESSION_MESSAGE = 2;	
+	const uint8_t I2CP_SESSION_STATUS_MESSAGE = 20;	
+	const uint8_t I2CP_DESTROY_SESSION_MESSAGE = 3;
+	const uint8_t I2CP_REQUEST_VARIABLE_LEASESET_MESSAGE = 37;
+	const uint8_t I2CP_CREATE_LEASESET_MESSAGE = 4;	
+	const uint8_t I2CP_SEND_MESSAGE_MESSAGE = 5;
+	const uint8_t I2CP_SEND_MESSAGE_EXPIRES_MESSAGE = 36;	
+	const uint8_t I2CP_MESSAGE_PAYLOAD_MESSAGE = 31;
+	const uint8_t I2CP_MESSAGE_STATUS_MESSAGE = 22;	
+	const uint8_t I2CP_HOST_LOOKUP_MESSAGE = 38;
+	const uint8_t I2CP_HOST_REPLY_MESSAGE = 39;		
+	const uint8_t I2CP_DEST_LOOKUP_MESSAGE = 34;
+	const uint8_t I2CP_DEST_REPLY_MESSAGE = 35;	
+	const uint8_t I2CP_GET_BANDWIDTH_LIMITS_MESSAGE = 8;	
+	const uint8_t I2CP_BANDWIDTH_LIMITS_MESSAGE = 23;
+
+	enum I2CPMessageStatus
+	{
+		eI2CPMessageStatusAccepted = 1,
+		eI2CPMessageStatusGuaranteedSuccess = 4,
+		eI2CPMessageStatusGuaranteedFailure = 5,
+		eI2CPMessageStatusNoLeaseSet = 21
+	};
+
+	// params
+	const char I2CP_PARAM_DONT_PUBLISH_LEASESET[] = "i2cp.dontPublishLeaseSet";	
+	const char I2CP_PARAM_MESSAGE_RELIABILITY[] = "i2cp.messageReliability";	
+
+	class I2CPSession;
+	class I2CPDestination: public LeaseSetDestination
+	{
+		public:
+
+			I2CPDestination (std::shared_ptr<I2CPSession> owner, std::shared_ptr<const i2p::data::IdentityEx> identity, bool isPublic, const std::map<std::string, std::string>& params);
+
+			void SetEncryptionPrivateKey (const uint8_t * key);
+			void LeaseSetCreated (const uint8_t * buf, size_t len); // called from I2CPSession
+			void SendMsgTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash& ident, uint32_t nonce); // called from I2CPSession
+
+			// implements LocalDestination
+			const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; };
+			std::shared_ptr<const i2p::data::IdentityEx> GetIdentity () const { return m_Identity; };
+
+		protected:
+
+			// I2CP
+			void HandleDataMessage (const uint8_t * buf, size_t len);
+			void CreateNewLeaseSet (std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels);
+
+		private:
+
+			std::shared_ptr<I2CPDestination> GetSharedFromThis ()
+			{ return std::static_pointer_cast<I2CPDestination>(shared_from_this ()); }  
+			bool SendMsg (std::shared_ptr<I2NPMessage> msg, std::shared_ptr<const i2p::data::LeaseSet> remote);
+
+		private:
+
+			std::shared_ptr<I2CPSession> m_Owner;
+			std::shared_ptr<const i2p::data::IdentityEx> m_Identity;
+			uint8_t m_EncryptionPrivateKey[256];
+			uint64_t m_LeaseSetExpirationTime;
+	};
+
+	class I2CPServer;
+	class I2CPSession: public std::enable_shared_from_this<I2CPSession>
+	{
+		public:
+
+#ifdef ANDROID 
+			typedef boost::asio::local::stream_protocol proto;
+#else
+			typedef boost::asio::ip::tcp proto;
+#endif		
+
+			I2CPSession (I2CPServer& owner, std::shared_ptr<proto::socket> socket);
+
+			~I2CPSession ();
+
+			void Start ();
+			void Stop ();
+			uint16_t GetSessionID () const { return m_SessionID; };
+
+			// called from I2CPDestination	
+			void SendI2CPMessage (uint8_t type, const uint8_t * payload, size_t len);
+			void SendMessagePayloadMessage (const uint8_t * payload, size_t len); 		
+			void SendMessageStatusMessage (uint32_t nonce, I2CPMessageStatus status);
+
+			// message handlers
+			void GetDateMessageHandler (const uint8_t * buf, size_t len);
+			void CreateSessionMessageHandler (const uint8_t * buf, size_t len);
+			void DestroySessionMessageHandler (const uint8_t * buf, size_t len);
+			void ReconfigureSessionMessageHandler (const uint8_t * buf, size_t len);
+			void CreateLeaseSetMessageHandler (const uint8_t * buf, size_t len);
+			void SendMessageMessageHandler (const uint8_t * buf, size_t len);
+			void SendMessageExpiresMessageHandler (const uint8_t * buf, size_t len);
+			void HostLookupMessageHandler (const uint8_t * buf, size_t len);
+			void DestLookupMessageHandler (const uint8_t * buf, size_t len);
+			void GetBandwidthLimitsMessageHandler (const uint8_t * buf, size_t len);
+
+		private:
+			
+			void ReadProtocolByte ();
+			void ReceiveHeader ();
+			void HandleReceivedHeader (const boost::system::error_code& ecode, std::size_t bytes_transferred);
+			void ReceivePayload ();
+			void HandleReceivedPayload (const boost::system::error_code& ecode, std::size_t bytes_transferred);
+			void HandleMessage ();
+			void Terminate ();
+			
+			void HandleI2CPMessageSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, const uint8_t * buf);
+			std::string ExtractString (const uint8_t * buf, size_t len);
+			size_t PutString (uint8_t * buf, size_t len, const std::string& str);
+			void ExtractMapping (const uint8_t * buf, size_t len, std::map<std::string, std::string>& mapping);
+
+			void SendSessionStatusMessage (uint8_t status);
+			void SendHostReplyMessage (uint32_t requestID, std::shared_ptr<const i2p::data::IdentityEx> identity);
+
+		private:
+
+			I2CPServer& m_Owner;
+			std::shared_ptr<proto::socket> m_Socket;
+			uint8_t m_Header[I2CP_HEADER_SIZE], * m_Payload;
+			size_t m_PayloadLen;
+
+			std::shared_ptr<I2CPDestination> m_Destination;
+			uint16_t m_SessionID;
+			uint32_t m_MessageID;
+			bool m_IsSendAccepted;
+	};
+	typedef void (I2CPSession::*I2CPMessageHandler)(const uint8_t * buf, size_t len);
+	
+	class I2CPServer
+	{
+		public:
+
+			I2CPServer (const std::string& interface, int port);
+			~I2CPServer ();
+			
+			void Start ();
+			void Stop ();
+			boost::asio::io_service& GetService () { return m_Service; };
+
+			void RemoveSession (uint16_t sessionID);
+
+		private:
+
+			void Run ();
+
+			void Accept ();
+
+			void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<I2CPSession::proto::socket> socket);
+
+		private:
+			
+			I2CPMessageHandler m_MessagesHandlers[256];
+			std::map<uint16_t, std::shared_ptr<I2CPSession> > m_Sessions;
+
+			bool m_IsRunning;
+			std::thread * m_Thread;	
+			boost::asio::io_service m_Service;
+			I2CPSession::proto::acceptor m_Acceptor;
+
+		public:
+
+			const decltype(m_MessagesHandlers)& GetMessagesHandlers () const { return m_MessagesHandlers; };
+	};	
+}
+}
+
+#endif
+

I2NPProtocol.cpp

@@ -1,7 +1,5 @@
 #include <string.h>
 #include <atomic>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
 #include "Base.h"
 #include "Log.h"
 #include "Crypto.h"
@@ -13,6 +11,7 @@
 #include "Transports.h"
 #include "Garlic.h"
 #include "I2NPProtocol.h"
+#include "version.h"
 
 using namespace i2p::transport;
 
@@ -103,7 +102,7 @@ namespace i2p
 		{
 			RAND_bytes ((uint8_t *)&msgID, 4);
 			htobe32buf (buf + DELIVERY_STATUS_MSGID_OFFSET, msgID);
-			htobe64buf (buf + DELIVERY_STATUS_TIMESTAMP_OFFSET, 2); // netID = 2
+			htobe64buf (buf + DELIVERY_STATUS_TIMESTAMP_OFFSET, I2PD_NET_ID); 
 		}	
 		m->len += DELIVERY_STATUS_SIZE;
 		m->FillI2NPMessageHeader (eI2NPDeliveryStatus);
@@ -157,7 +156,7 @@ namespace i2p
 
 	std::shared_ptr<I2NPMessage> CreateLeaseSetDatabaseLookupMsg (const i2p::data::IdentHash& dest, 
 		const std::set<i2p::data::IdentHash>& excludedFloodfills,
-		const i2p::tunnel::InboundTunnel * replyTunnel, const uint8_t * replyKey, const uint8_t * replyTag)
+		std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel, const uint8_t * replyKey, const uint8_t * replyTag)
 	{
 		int cnt = excludedFloodfills.size ();
 		auto m = cnt > 0 ? NewI2NPMessage () : NewI2NPShortMessage ();
@@ -166,9 +165,10 @@ namespace i2p
 		buf += 32;
 		memcpy (buf, replyTunnel->GetNextIdentHash (), 32); // reply tunnel GW
 		buf += 32;
-		*buf = DATABASE_LOOKUP_DELIVERY_FLAG | DATABASE_LOOKUP_ENCYPTION_FLAG | DATABASE_LOOKUP_TYPE_LEASESET_LOOKUP; // flags 
-		htobe32buf (buf + 1, replyTunnel->GetNextTunnelID ()); // reply tunnel ID
-		buf += 5;
+		*buf = DATABASE_LOOKUP_DELIVERY_FLAG | DATABASE_LOOKUP_ENCRYPTION_FLAG | DATABASE_LOOKUP_TYPE_LEASESET_LOOKUP; // flags
+		buf ++;
+		htobe32buf (buf, replyTunnel->GetNextTunnelID ()); // reply tunnel ID
+		buf += 4;
 		
 		// excluded
 		htobe16buf (buf, cnt);
@@ -183,7 +183,7 @@ namespace i2p
 		}	
 		// encryption
 		memcpy (buf, replyKey, 32);
-		buf[32] = 1; // 1 tag
+		buf[32] = uint8_t( 1 ); // 1 tag
 		memcpy (buf + 33, replyTag, 32);
 		buf += 65;
 
@@ -202,7 +202,7 @@ namespace i2p
 		len += 32;
 		buf[len] = routers.size (); 
 		len++;
-		for (auto it: routers)
+		for (const auto& it: routers)
 		{
 			memcpy (buf + len, it, 32);
 			len += 32;
@@ -251,7 +251,23 @@ namespace i2p
 		return m;
 	}	
 
-	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::LeaseSet> leaseSet,  uint32_t replyToken)
+	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::LeaseSet> leaseSet)
+	{
+		if (!leaseSet) return nullptr;
+		auto m = NewI2NPShortMessage ();
+		uint8_t * payload = m->GetPayload ();	
+		memcpy (payload + DATABASE_STORE_KEY_OFFSET, leaseSet->GetIdentHash (), 32);
+		payload[DATABASE_STORE_TYPE_OFFSET] = 1; // LeaseSet
+		htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, 0);
+		size_t size = DATABASE_STORE_HEADER_SIZE;
+		memcpy (payload + size, leaseSet->GetBuffer (), leaseSet->GetBufferLen ());
+		size += leaseSet->GetBufferLen ();
+		m->len += size;
+		m->FillI2NPMessageHeader (eI2NPDatabaseStore);
+		return m;
+	}
+
+	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::LocalLeaseSet> leaseSet,  uint32_t replyToken, std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel)
 	{
 		if (!leaseSet) return nullptr;
 		auto m = NewI2NPShortMessage ();
@@ -260,14 +276,13 @@ namespace i2p
 		payload[DATABASE_STORE_TYPE_OFFSET] = 1; // LeaseSet
 		htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, replyToken);
 		size_t size = DATABASE_STORE_HEADER_SIZE;
-		if (replyToken)
+		if (replyToken && replyTunnel)
 		{
-			auto leases = leaseSet->GetNonExpiredLeases ();
-			if (leases.size () > 0)
+			if (replyTunnel)
 			{
-				htobe32buf (payload + size, leases[0].tunnelID);
+				htobe32buf (payload + size, replyTunnel->GetNextTunnelID ());
 				size += 4; // reply tunnelID
-				memcpy (payload + size, leases[0].tunnelGateway, 32);
+				memcpy (payload + size, replyTunnel->GetNextIdentHash (), 32);
 				size += 32; // reply tunnel gateway
 			}
 			else
@@ -286,6 +301,16 @@ namespace i2p
 		return !msg->GetPayload ()[DATABASE_STORE_TYPE_OFFSET]; // 0- RouterInfo
 	}	
 	
+	static uint16_t g_MaxNumTransitTunnels = DEFAULT_MAX_NUM_TRANSIT_TUNNELS; // TODO:
+	void SetMaxNumTransitTunnels (uint16_t maxNumTransitTunnels)
+	{
+		if (maxNumTransitTunnels > 0 && maxNumTransitTunnels <= 10000 && g_MaxNumTransitTunnels != maxNumTransitTunnels)
+		{
+			LogPrint (eLogDebug, "I2NP: Max number of  transit tunnels set to ", maxNumTransitTunnels);
+			g_MaxNumTransitTunnels = maxNumTransitTunnels;
+		}
+	}
+
 	bool HandleBuildRequestRecords (int num, uint8_t * records, uint8_t * clearText)
 	{
 		for (int i = 0; i < num; i++)
@@ -298,11 +323,10 @@ namespace i2p
 				i2p::crypto::ElGamalDecrypt (i2p::context.GetEncryptionPrivateKey (), record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET, clearText);
 				// replace record to reply			
 				if (i2p::context.AcceptsTunnels () && 
-					i2p::tunnel::tunnels.GetTransitTunnels ().size () <= MAX_NUM_TRANSIT_TUNNELS &&
+					i2p::tunnel::tunnels.GetTransitTunnels ().size () <= g_MaxNumTransitTunnels &&
 					!i2p::transport::transports.IsBandwidthExceeded ())
 				{	
-					i2p::tunnel::TransitTunnel * transitTunnel = 
-						i2p::tunnel::CreateTransitTunnel (
+					auto transitTunnel = i2p::tunnel::CreateTransitTunnel (
 							bufbe32toh (clearText + BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET), 
 							clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, 
 						    bufbe32toh (clearText + BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),

I2NPProtocol.h

@@ -5,7 +5,7 @@
 #include <string.h>
 #include <set>
 #include <memory>
-#include <openssl/sha.h>
+#include "Crypto.h"
 #include "I2PEndian.h"
 #include "Identity.h"
 #include "RouterInfo.h"
@@ -90,15 +90,13 @@ namespace i2p
 
 	// DatabaseLookup flags
 	const uint8_t DATABASE_LOOKUP_DELIVERY_FLAG = 0x01;
-	const uint8_t DATABASE_LOOKUP_ENCYPTION_FLAG = 0x02;	
+	const uint8_t DATABASE_LOOKUP_ENCRYPTION_FLAG = 0x02;	
 	const uint8_t DATABASE_LOOKUP_TYPE_FLAGS_MASK = 0x0C;
 	const uint8_t DATABASE_LOOKUP_TYPE_NORMAL_LOOKUP = 0;
 	const uint8_t DATABASE_LOOKUP_TYPE_LEASESET_LOOKUP = 0x04; // 0100
 	const uint8_t DATABASE_LOOKUP_TYPE_ROUTERINFO_LOOKUP = 0x08; // 1000			
 	const uint8_t DATABASE_LOOKUP_TYPE_EXPLORATORY_LOOKUP = 0x0C; // 1100
 
-	const unsigned int MAX_NUM_TRANSIT_TUNNELS = 2500;
-
 namespace tunnel
 {		
 	class InboundTunnel;
@@ -222,11 +220,12 @@ namespace tunnel
 		uint32_t replyTunnelID, bool exploratory = false, std::set<i2p::data::IdentHash> * excludedPeers = nullptr);
 	std::shared_ptr<I2NPMessage> CreateLeaseSetDatabaseLookupMsg (const i2p::data::IdentHash& dest, 
 		const std::set<i2p::data::IdentHash>& excludedFloodfills,
-		const i2p::tunnel::InboundTunnel * replyTunnel, const uint8_t * replyKey, const uint8_t * replyTag);
+		std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel, const uint8_t * replyKey, const uint8_t * replyTag);
 	std::shared_ptr<I2NPMessage> CreateDatabaseSearchReply (const i2p::data::IdentHash& ident, std::vector<i2p::data::IdentHash> routers);
 	
 	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::RouterInfo> router = nullptr, uint32_t replyToken = 0);
-	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::LeaseSet> leaseSet, uint32_t replyToken = 0);		
+	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::LeaseSet> leaseSet); // for floodfill only
+	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::LocalLeaseSet> leaseSet, uint32_t replyToken = 0, std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel = nullptr);		
 	bool IsRouterInfoMsg (std::shared_ptr<I2NPMessage> msg); 	
 
 	bool HandleBuildRequestRecords (int num, uint8_t * records, uint8_t * clearText);
@@ -259,6 +258,9 @@ namespace tunnel
 
 			std::vector<std::shared_ptr<I2NPMessage> > m_TunnelMsgs, m_TunnelGatewayMsgs;
 	};
+
+	const uint16_t DEFAULT_MAX_NUM_TRANSIT_TUNNELS = 2500;
+	void SetMaxNumTransitTunnels (uint16_t maxNumTransitTunnels);
 }	
 
 #endif

I2PControl.cpp

@@ -2,8 +2,6 @@
 #include <sstream>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <boost/lexical_cast.hpp>
-#include <boost/date_time/local_time/local_time.hpp>
 #include <boost/date_time/posix_time/posix_time.hpp>
 #include <boost/property_tree/ini_parser.hpp>
 
@@ -13,7 +11,10 @@
 #include <boost/property_tree/json_parser.hpp>
 #endif
 
+#include "Crypto.h"
+#include "FS.h"
 #include "Log.h"
+#include "HTTP.h"
 #include "Config.h"
 #include "NetDb.h"
 #include "RouterContext.h"
@@ -22,6 +23,7 @@
 #include "Timestamp.h"
 #include "Transports.h"
 #include "version.h"
+#include "util.h"
 #include "I2PControl.h"
 
 namespace i2p
@@ -39,15 +41,12 @@ namespace client
 		// certificate / keys
 		std::string i2pcp_crt; i2p::config::GetOption("i2pcontrol.cert", i2pcp_crt);
 		std::string i2pcp_key; i2p::config::GetOption("i2pcontrol.key",  i2pcp_key);
-		auto path = GetPath ();
-		// TODO: move this to i2p::fs::expand
+
 		if (i2pcp_crt.at(0) != '/')
-			i2pcp_crt.insert(0, (path / "/").string());
+			i2pcp_crt = i2p::fs::DataDirPath(i2pcp_crt);
 		if (i2pcp_key.at(0) != '/')
-			i2pcp_key.insert(0, (path / "/").string());
-		if (!boost::filesystem::exists (i2pcp_crt) ||
-		    !boost::filesystem::exists (i2pcp_key))
-		{
+			i2pcp_key = i2p::fs::DataDirPath(i2pcp_key);
+		if (!i2p::fs::Exists (i2pcp_crt) || !i2p::fs::Exists (i2pcp_key)) {
 			LogPrint (eLogInfo, "I2PControl: creating new certificate for control connection");
 			CreateCertificate (i2pcp_crt.c_str(), i2pcp_key.c_str());
 		} else {
@@ -85,6 +84,10 @@ namespace client
 		m_RouterManagerHandlers["Reseed"]           = &I2PControlService::ReseedHandler;
 		m_RouterManagerHandlers["Shutdown"]         = &I2PControlService::ShutdownHandler; 
 		m_RouterManagerHandlers["ShutdownGraceful"] = &I2PControlService::ShutdownGracefulHandler;
+
+		// NetworkSetting
+		m_NetworkSettingHandlers["i2p.router.net.bw.in"]  = &I2PControlService::InboundBandwidthLimit;
+		m_NetworkSettingHandlers["i2p.router.net.bw.out"] = &I2PControlService::OutboundBandwidthLimit;
 	}
 
 	I2PControlService::~I2PControlService ()
@@ -186,65 +189,64 @@ namespace client
 		if (ecode) {
 			LogPrint (eLogError, "I2PControl: read error: ", ecode.message ());
 			return;
-		} else {
-			try
-			{
-				bool isHtml = !memcmp (buf->data (), "POST", 4);
-				std::stringstream ss;
-				ss.write (buf->data (), bytes_transferred);
-				if (isHtml)
-				{
-					std::string header;
-					size_t contentLength = 0;
-					while (!ss.eof () && header != "\r")
-					{
-						std::getline(ss, header);
-						auto colon = header.find (':');
-						if (colon != std::string::npos && header.substr (0, colon) == "Content-Length")
-							contentLength = std::stoi (header.substr (colon + 1));
-					}
-					if (ss.eof ())
-					{
-						LogPrint (eLogError, "Malformed I2PControl request. HTTP header expected");
-						return; // TODO:
-					}
-					std::streamoff rem = contentLength + ss.tellg () - bytes_transferred; // more bytes to read
-					if (rem > 0)
-					{
-						bytes_transferred = boost::asio::read (*socket, boost::asio::buffer (buf->data (), rem));
-						ss.write (buf->data (), bytes_transferred);
-					}
-				}
-#if GCC47_BOOST149
-				LogPrint (eLogError, "json_read is not supported due bug in boost 1.49 with gcc 4.7");
-#else
-				boost::property_tree::ptree pt;
-				boost::property_tree::read_json (ss, pt);
-
-				std::string id     = pt.get<std::string>("id");
-				std::string method = pt.get<std::string>("method");
-				auto it = m_MethodHandlers.find (method);
-				if (it != m_MethodHandlers.end ())
-				{
-					std::ostringstream response;
-					response << "{\"id\":" << id << ",\"result\":{";
-					(this->*(it->second))(pt.get_child ("params"), response);
-					response << "},\"jsonrpc\":\"2.0\"}";
-					SendResponse (socket, buf, response, isHtml);
-				}
-				else
-					LogPrint (eLogWarning, "Unknown I2PControl method ", method);
-#endif
-			}
-			catch (std::exception& ex)
-			{
-				LogPrint (eLogError, "I2PControl handle request: ", ex.what ());
-			}
-			catch (...)
-			{
-				LogPrint (eLogError, "I2PControl handle request unknown exception");
-			}
 		}
+		/* try to parse received data */
+		std::stringstream json;
+		std::string response;
+		bool isHTTP = false;
+		if (memcmp (buf->data (), "POST", 4) == 0) {
+			long int remains = 0;
+			isHTTP = true;
+			i2p::http::HTTPReq req;
+			std::size_t len = req.parse(buf->data(), bytes_transferred);
+			if (len <= 0) {
+				LogPrint(eLogError, "I2PControl: incomplete/malformed POST request");
+				return;
+			}
+			/* append to json chunk of data from 1st request */
+			json.write(buf->data() + len, bytes_transferred - len);
+			remains = req.content_length() - len;
+			/* if request has Content-Length header, fetch rest of data and store to json buffer */
+			while (remains > 0) {
+				len = ((long int) buf->size() < remains) ? buf->size() : remains;
+				bytes_transferred = boost::asio::read (*socket, boost::asio::buffer (buf->data (), len));
+				json.write(buf->data(), bytes_transferred);
+				remains -= bytes_transferred;
+			}
+		} else {
+			json.write(buf->data(), bytes_transferred);
+		}
+		LogPrint(eLogDebug, "I2PControl: json from request: ", json.str());
+#if GCC47_BOOST149
+		LogPrint (eLogError, "I2PControl: json_read is not supported due bug in boost 1.49 with gcc 4.7");
+		BuildErrorResponse(response, 32603, "JSON requests is not supported with this version of boost");
+#else
+		/* now try to parse json itself */
+		try {
+			boost::property_tree::ptree pt;
+			boost::property_tree::read_json (json, pt);
+
+			std::string id     = pt.get<std::string>("id");
+			std::string method = pt.get<std::string>("method");
+			auto it = m_MethodHandlers.find (method);
+			if (it != m_MethodHandlers.end ()) {
+				std::ostringstream ss;
+				ss << "{\"id\":" << id << ",\"result\":{";
+				(this->*(it->second))(pt.get_child ("params"), ss);
+				ss << "},\"jsonrpc\":\"2.0\"}";
+				response = ss.str();
+			} else {
+				LogPrint (eLogWarning, "I2PControl: unknown method ", method);
+				BuildErrorResponse(response, 32601, "Method not found");
+			}
+		} catch (std::exception& ex) {
+			LogPrint (eLogError, "I2PControl: exception when handle request: ", ex.what ());
+			BuildErrorResponse(response, 32603, ex.what());
+		} catch (...) {
+			LogPrint (eLogError, "I2PControl: handle request unknown exception");
+		}
+#endif
+		SendResponse (socket, buf, response, isHTTP);
 	}
 
 	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, int value) const
@@ -266,27 +268,28 @@ namespace client
 		ss << "\"" << name << "\":" << std::fixed << std::setprecision(2) << value;
 	}
 
+	void I2PControlService::BuildErrorResponse (std::string & content, int code, const char *message) {
+		std::stringstream ss;
+		ss << "{\"id\":null,\"error\":";
+		ss << "{\"code\":" << -code << ",\"message\":\"" << message << "\"},";
+		ss << "\"jsonrpc\":\"2.0\"}";
+		content = ss.str();
+	}
+
 	void I2PControlService::SendResponse (std::shared_ptr<ssl_socket> socket,
-		std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml)
+		std::shared_ptr<I2PControlBuffer> buf, std::string& content, bool isHTTP)
 	{
-		size_t len = response.str ().length (), offset = 0;
-		if (isHtml)
-		{
-			std::ostringstream header;
-			header << "HTTP/1.1 200 OK\r\n";
-			header << "Connection: close\r\n";
-			header << "Content-Length: " << boost::lexical_cast<std::string>(len) << "\r\n";
-			header << "Content-Type: application/json\r\n";
-			header << "Date: ";
-			auto facet = new boost::local_time::local_time_facet ("%a, %d %b %Y %H:%M:%S GMT");
-			header.imbue(std::locale (header.getloc(), facet));
-			header << boost::posix_time::second_clock::local_time() << "\r\n";
-			header << "\r\n";
-			offset = header.str ().size ();
-			memcpy (buf->data (), header.str ().c_str (), offset);
+		if (isHTTP) {
+			i2p::http::HTTPRes res;
+			res.code = 200;
+			res.add_header("Content-Type", "application/json");
+			res.add_header("Connection", "close");
+			res.body = content;
+			std::string tmp = res.to_string();
+			content = tmp;
 		}
-		memcpy (buf->data () + offset, response.str ().c_str (), len);
-		boost::asio::async_write (*socket, boost::asio::buffer (buf->data (), offset + len),
+		std::copy(content.begin(), content.end(), buf->begin());
+		boost::asio::async_write (*socket, boost::asio::buffer (buf->data (), content.length()),
 			boost::asio::transfer_all (),
 			std::bind(&I2PControlService::HandleResponseSent, this,
 				std::placeholders::_1, std::placeholders::_2, socket, buf));
@@ -313,7 +316,7 @@ namespace client
 		}
 		InsertParam (results, "API", api);
 		results << ",";
-		std::string token = boost::lexical_cast<std::string>(i2p::util::GetSecondsSinceEpoch ());
+        std::string token = std::to_string(i2p::util::GetSecondsSinceEpoch ());
 		m_Tokens.insert (token);	
 		InsertParam (results, "Token", token);
 	}	
@@ -355,7 +358,7 @@ namespace client
 
 	void I2PControlService::RouterInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
 	{
-		for (auto it = params.begin (); it != params.end (); it++)
+		for (auto it = params.begin (); it != params.end (); ++it)
 		{
 			LogPrint (eLogDebug, "I2PControl: RouterInfo request: ", it->first);
 			auto it1 = m_RouterInfoHandlers.find (it->first);
@@ -431,7 +434,7 @@ namespace client
 
 	void I2PControlService::RouterManagerHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
 	{
-		for (auto it = params.begin (); it != params.end (); it++)
+		for (auto it = params.begin (); it != params.end (); ++it)
 		{
 			if (it != params.begin ()) results << ",";	
 			LogPrint (eLogDebug, "I2PControl: RouterManager request: ", it->first);
@@ -480,7 +483,7 @@ namespace client
 // network setting
 	void I2PControlService::NetworkSettingHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
 	{
-		for (auto it = params.begin (); it != params.end (); it++)
+		for (auto it = params.begin (); it != params.end (); ++it)
 		{
 			if (it != params.begin ()) results << ",";	
 			LogPrint (eLogDebug, "I2PControl: NetworkSetting request: ", it->first);
@@ -492,6 +495,22 @@ namespace client
 		}
 	}
 
+	void I2PControlService::InboundBandwidthLimit (const std::string& value, std::ostringstream& results)
+	{
+		if (value != "null")
+			i2p::context.SetBandwidth (std::atoi(value.c_str()));
+		int bw = i2p::context.GetBandwidthLimit();
+		InsertParam (results, "i2p.router.net.bw.in", bw);
+	}
+
+	void I2PControlService::OutboundBandwidthLimit (const std::string& value, std::ostringstream& results)
+	{
+		if (value != "null")
+			i2p::context.SetBandwidth (std::atoi(value.c_str()));
+		int bw = i2p::context.GetBandwidthLimit();
+		InsertParam (results, "i2p.router.net.bw.out", bw);
+	}
+
 	// certificate	
 	void I2PControlService::CreateCertificate (const char *crt_path, const char *key_path)
 	{
@@ -527,7 +546,7 @@ namespace client
 
 			// save key
 			if ((f = fopen (key_path, "wb")) != NULL) {
-				LogPrint (eLogInfo, "I2PControl: saving cert key to : ", key_path);
+				LogPrint (eLogInfo, "I2PControl: saving cert key to ", key_path);
 				PEM_write_PrivateKey (f, pkey, NULL, NULL, 0, NULL, NULL);
 				fclose (f);
 			} else {

I2PControl.h

@@ -10,10 +10,8 @@
 #include <map>
 #include <set>
 #include <boost/asio.hpp>
-#include <boost/asio/ssl.hpp>
+#include <boost/asio/ssl.hpp> 
 #include <boost/property_tree/ptree.hpp>
-#include <boost/filesystem.hpp>
-#include "util.h"
 
 namespace i2p
 {
@@ -47,12 +45,12 @@ namespace client
 			void ReadRequest (std::shared_ptr<ssl_socket> socket);
 			void HandleRequestReceived (const boost::system::error_code& ecode, size_t bytes_transferred,
 				std::shared_ptr<ssl_socket> socket, std::shared_ptr<I2PControlBuffer> buf);
+			void BuildErrorResponse (std::string & content, int code, const char *message);
 			void SendResponse (std::shared_ptr<ssl_socket> socket,
-				std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml);
+				std::shared_ptr<I2PControlBuffer> buf, std::string& response, bool isHtml);
 			void HandleResponseSent (const boost::system::error_code& ecode, std::size_t bytes_transferred,
 				std::shared_ptr<ssl_socket> socket, std::shared_ptr<I2PControlBuffer> buf);
 
-			boost::filesystem::path GetPath () const { return i2p::util::filesystem::GetDefaultDataDir(); };
 			void CreateCertificate (const char *crt_path, const char *key_path);
 
 		private:
@@ -97,6 +95,8 @@ namespace client
 
 			// NetworkSetting
 			typedef void (I2PControlService::*NetworkSettingRequestHandler)(const std::string& value, std::ostringstream& results);
+			void InboundBandwidthLimit  (const std::string& value, std::ostringstream& results);
+			void OutboundBandwidthLimit (const std::string& value, std::ostringstream& results);
 
 		private:
 

I2PService.cpp

@@ -3,7 +3,6 @@
 #include "ClientContext.h"
 #include "I2PService.h"
 
-
 namespace i2p
 {
 namespace client
@@ -28,11 +27,143 @@ namespace client
 			m_LocalDestination->CreateStream (streamRequestComplete, identHash, port);
 		else
 		{
-			LogPrint (eLogWarning, "Remote destination ", dest, " not found");
+			LogPrint (eLogWarning, "I2PService: Remote destination not found: ", dest);
 			streamRequestComplete (nullptr);
 		}
 	}
 
+	TCPIPPipe::TCPIPPipe(I2PService * owner, std::shared_ptr<boost::asio::ip::tcp::socket> upstream, std::shared_ptr<boost::asio::ip::tcp::socket> downstream) : I2PServiceHandler(owner), m_up(upstream), m_down(downstream) {}
+
+	TCPIPPipe::~TCPIPPipe()
+	{
+		Terminate();
+	}
+	
+	void TCPIPPipe::Start()
+	{
+		AsyncReceiveUpstream();
+		AsyncReceiveDownstream();
+	}
+
+	void TCPIPPipe::Terminate()
+	{
+		if(Kill()) return;
+		Done(shared_from_this());
+		if (m_up) {
+			if (m_up->is_open()) {
+				m_up->close();
+			}
+			m_up = nullptr;
+		}
+		if (m_down) {
+			if (m_down->is_open()) {
+				m_down->close();
+			}
+			m_down = nullptr;
+		}
+	}
+	
+	void TCPIPPipe::AsyncReceiveUpstream()
+	{
+		if (m_up) {
+			m_up->async_read_some(boost::asio::buffer(m_upstream_to_down_buf, TCP_IP_PIPE_BUFFER_SIZE),
+															std::bind(&TCPIPPipe::HandleUpstreamReceived, shared_from_this(),
+																				std::placeholders::_1, std::placeholders::_2));
+		} else {
+			LogPrint(eLogError, "TCPIPPipe: upstream receive: no socket");
+		}
+	}
+
+	void TCPIPPipe::AsyncReceiveDownstream()
+	{
+		if (m_down) {
+			m_down->async_read_some(boost::asio::buffer(m_downstream_to_up_buf, TCP_IP_PIPE_BUFFER_SIZE),
+															std::bind(&TCPIPPipe::HandleDownstreamReceived, shared_from_this(),
+																				std::placeholders::_1, std::placeholders::_2));
+		} else {
+			LogPrint(eLogError, "TCPIPPipe: downstream receive: no socket");
+		}
+	}
+
+	void TCPIPPipe::UpstreamWrite(const uint8_t * buf, size_t len)
+	{
+		if (m_up) {
+			LogPrint(eLogDebug, "TCPIPPipe: upstream: ", (int) len, " bytes written");
+			boost::asio::async_write(*m_up, boost::asio::buffer(buf, len),
+															 boost::asio::transfer_all(),
+															 std::bind(&TCPIPPipe::HandleUpstreamWrite,
+																				 shared_from_this(),
+																				 std::placeholders::_1)
+															 );
+		} else {
+			LogPrint(eLogError, "TCPIPPipe: upstream write: no socket");
+		}
+	}
+
+	void TCPIPPipe::DownstreamWrite(const uint8_t * buf, size_t len)
+	{
+		if (m_down) {
+			LogPrint(eLogDebug, "TCPIPPipe: downstream: ", (int) len, " bytes written");
+			boost::asio::async_write(*m_down, boost::asio::buffer(buf, len),
+															 boost::asio::transfer_all(),
+															 std::bind(&TCPIPPipe::HandleDownstreamWrite,
+																				 shared_from_this(),
+																				 std::placeholders::_1)
+															 );
+		} else { 
+			LogPrint(eLogError, "TCPIPPipe: downstream write: no socket");
+		}
+	}
+	
+	
+	void TCPIPPipe::HandleDownstreamReceived(const boost::system::error_code & ecode, std::size_t bytes_transfered)
+	{
+		LogPrint(eLogDebug, "TCPIPPipe: downstream: ", (int) bytes_transfered, " bytes received");
+		if (ecode) {
+			LogPrint(eLogError, "TCPIPPipe: downstream read error:" , ecode.message());
+			if (ecode != boost::asio::error::operation_aborted)
+				Terminate();
+		} else {
+			if (bytes_transfered > 0 ) {
+				memcpy(m_upstream_buf, m_downstream_to_up_buf, bytes_transfered);
+				UpstreamWrite(m_upstream_buf, bytes_transfered);
+			}
+			AsyncReceiveDownstream();
+		}
+	}
+
+	void TCPIPPipe::HandleDownstreamWrite(const boost::system::error_code & ecode) {
+		if (ecode) {
+			LogPrint(eLogError, "TCPIPPipe: downstream write error:" , ecode.message());
+			if (ecode != boost::asio::error::operation_aborted)
+				Terminate();
+		}
+	}
+	
+	void TCPIPPipe::HandleUpstreamWrite(const boost::system::error_code & ecode) {
+		if (ecode) {
+			LogPrint(eLogError, "TCPIPPipe: upstream write error:" , ecode.message());
+			if (ecode != boost::asio::error::operation_aborted)
+				Terminate();
+		}
+	}
+	
+	void TCPIPPipe::HandleUpstreamReceived(const boost::system::error_code & ecode, std::size_t bytes_transfered)
+	{
+		LogPrint(eLogDebug, "TCPIPPipe: upstream ", (int)bytes_transfered, " bytes received");
+		if (ecode) {
+			LogPrint(eLogError, "TCPIPPipe: upstream read error:" , ecode.message());
+			if (ecode != boost::asio::error::operation_aborted)
+				Terminate();
+		} else {
+			if (bytes_transfered > 0 ) {
+				memcpy(m_upstream_buf, m_upstream_to_down_buf, bytes_transfered);
+				DownstreamWrite(m_upstream_buf, bytes_transfered);
+			}
+			AsyncReceiveUpstream();
+		}
+	}
+	
 	void TCPIPAcceptor::Start ()
 	{
 		m_Acceptor.listen ();
@@ -57,7 +188,7 @@ namespace client
 	{
 		if (!ecode)
 		{
-			LogPrint(eLogDebug,"--- ",GetName()," accepted");
+			LogPrint(eLogDebug, "I2PService: ", GetName(), " accepted");
 			auto handler = CreateHandler(socket);
 			if (handler) 
 			{
@@ -71,9 +202,8 @@ namespace client
 		else
 		{
 			if (ecode != boost::asio::error::operation_aborted)
-				LogPrint (eLogError,"--- ",GetName()," Closing socket on accept because: ", ecode.message ());
+				LogPrint (eLogError, "I2PService: ", GetName(), " closing socket on accept because: ", ecode.message ());
 		}
 	}
-
 }
 }

I2PService.h

@@ -76,6 +76,30 @@ namespace client
 			std::atomic<bool> m_Dead; //To avoid cleaning up multiple times
 	};
 
+	const size_t TCP_IP_PIPE_BUFFER_SIZE = 8192;
+
+	// bidirectional pipe for 2 tcp/ip sockets
+	class TCPIPPipe: public I2PServiceHandler, public std::enable_shared_from_this<TCPIPPipe> {
+	public:
+		TCPIPPipe(I2PService * owner, std::shared_ptr<boost::asio::ip::tcp::socket> upstream, std::shared_ptr<boost::asio::ip::tcp::socket> downstream);
+		~TCPIPPipe();
+		void Start();
+	protected:
+		void Terminate();
+		void AsyncReceiveUpstream();
+		void AsyncReceiveDownstream();
+		void HandleUpstreamReceived(const boost::system::error_code & ecode, std::size_t bytes_transferred);
+		void HandleDownstreamReceived(const boost::system::error_code & ecode, std::size_t bytes_transferred);
+		void HandleUpstreamWrite(const boost::system::error_code & ecode);
+		void HandleDownstreamWrite(const boost::system::error_code & ecode);
+		void UpstreamWrite(const uint8_t * buf, size_t len);
+		void DownstreamWrite(const uint8_t * buf, size_t len);
+	private:
+		uint8_t m_upstream_to_down_buf[TCP_IP_PIPE_BUFFER_SIZE], m_downstream_to_up_buf[TCP_IP_PIPE_BUFFER_SIZE];
+		uint8_t m_upstream_buf[TCP_IP_PIPE_BUFFER_SIZE], m_downstream_buf[TCP_IP_PIPE_BUFFER_SIZE];
+		std::shared_ptr<boost::asio::ip::tcp::socket> m_up, m_down;
+	};
+	
 	/* TODO: support IPv6 too */
 	//This is a service that listens for connections on the IP network and interacts with I2P
 	class TCPIPAcceptor: public I2PService
@@ -94,6 +118,9 @@ namespace client
 			void Start ();
 			//If you override this make sure you call it from the children
 			void Stop ();
+
+			const boost::asio::ip::tcp::acceptor& GetAcceptor () const { return m_Acceptor; };
+			
 		protected:
 			virtual std::shared_ptr<I2PServiceHandler> CreateHandler(std::shared_ptr<boost::asio::ip::tcp::socket> socket) = 0;
 			virtual const char* GetName() { return "Generic TCP/IP accepting daemon"; }

I2PTunnel.cpp

@@ -114,10 +114,25 @@ namespace client
 	void I2PTunnelConnection::StreamReceive ()
 	{
 		if (m_Stream)
-			m_Stream->AsyncReceive (boost::asio::buffer (m_StreamBuffer, I2P_TUNNEL_CONNECTION_BUFFER_SIZE),
-				std::bind (&I2PTunnelConnection::HandleStreamReceive, shared_from_this (),
-					std::placeholders::_1, std::placeholders::_2),
-				I2P_TUNNEL_CONNECTION_MAX_IDLE);
+		{
+			if (m_Stream->GetStatus () == i2p::stream::eStreamStatusNew ||
+			    m_Stream->GetStatus () == i2p::stream::eStreamStatusOpen) // regular
+			{	
+				m_Stream->AsyncReceive (boost::asio::buffer (m_StreamBuffer, I2P_TUNNEL_CONNECTION_BUFFER_SIZE),
+					std::bind (&I2PTunnelConnection::HandleStreamReceive, shared_from_this (),
+						std::placeholders::_1, std::placeholders::_2),
+					I2P_TUNNEL_CONNECTION_MAX_IDLE);
+			}	
+			else // closed by peer
+			{
+				// get remaning data
+				auto len = m_Stream->ReadSome (m_StreamBuffer, I2P_TUNNEL_CONNECTION_BUFFER_SIZE);
+				if (len > 0) // still some data
+					Write (m_StreamBuffer, len);
+				else // no more data
+					Terminate (); 
+			}		
+		}	
 	}	
 
 	void I2PTunnelConnection::HandleStreamReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred)
@@ -126,7 +141,12 @@ namespace client
 		{
 			LogPrint (eLogError, "I2PTunnel: stream read error: ", ecode.message ());
 			if (ecode != boost::asio::error::operation_aborted)
-				Terminate ();
+			{
+				if (bytes_transferred > 0)
+					Write (m_StreamBuffer, bytes_transferred); // postpone termination
+				else	
+					Terminate ();
+			}	
 		}
 		else
 			Write (m_StreamBuffer, bytes_transferred);
@@ -214,6 +234,53 @@ namespace client
 		}	
 	}
 
+	I2PTunnelConnectionIRC::I2PTunnelConnectionIRC (I2PService * owner, std::shared_ptr<i2p::stream::Stream> stream,
+        std::shared_ptr<boost::asio::ip::tcp::socket> socket, 
+       	const boost::asio::ip::tcp::endpoint& target, const std::string& webircpass):
+        I2PTunnelConnection (owner, stream, socket, target), m_From (stream->GetRemoteIdentity ()), 
+        m_NeedsWebIrc (webircpass.length() ? true : false), m_WebircPass (webircpass)
+    {
+    }
+
+    void I2PTunnelConnectionIRC::Write (const uint8_t * buf, size_t len)
+    {
+    	if (m_NeedsWebIrc) {
+        	m_NeedsWebIrc = false;
+        	m_OutPacket.str ("");
+            m_OutPacket << "WEBIRC " << this->m_WebircPass << " cgiirc " << context.GetAddressBook ().ToAddress (m_From->GetIdentHash ()) << " 127.0.0.1\n";
+            I2PTunnelConnection::Write ((uint8_t *)m_OutPacket.str ().c_str (), m_OutPacket.str ().length ());
+        }
+
+    	std::string line;
+        m_OutPacket.str ("");
+        m_InPacket.clear ();
+        m_InPacket.write ((const char *)buf, len);
+        
+        while (!m_InPacket.eof () && !m_InPacket.fail ())
+        {
+            std::getline (m_InPacket, line);
+            if (line.length () == 0 && m_InPacket.eof ()) {
+            	m_InPacket.str ("");
+            }
+            auto pos = line.find ("USER");
+            if (pos != std::string::npos && pos == 0)
+            {
+                pos = line.find (" ");
+                pos++;
+                pos = line.find (" ", pos);
+                pos++;
+                auto nextpos = line.find (" ", pos);
+                m_OutPacket << line.substr (0, pos);
+                m_OutPacket << context.GetAddressBook ().ToAddress (m_From->GetIdentHash ());
+                m_OutPacket << line.substr (nextpos) << '\n';
+            } else {
+                m_OutPacket << line << '\n';
+            }
+        }
+        I2PTunnelConnection::Write ((uint8_t *)m_OutPacket.str ().c_str (), m_OutPacket.str ().length ());
+    }
+
+
 	/* This handler tries to stablish a connection with the desired server and dies if it fails to do so */
 	class I2PClientTunnelHandler: public I2PServiceHandler, public std::enable_shared_from_this<I2PClientTunnelHandler>
 	{
@@ -312,10 +379,10 @@ namespace client
 	}
 
 	I2PServerTunnel::I2PServerTunnel (const std::string& name, const std::string& address, 
-	    int port, std::shared_ptr<ClientDestination> localDestination, int inport): 
+	    int port, std::shared_ptr<ClientDestination> localDestination, int inport, bool gzip): 
 		I2PService (localDestination), m_Name (name), m_Address (address), m_Port (port), m_IsAccessList (false)
 	{
-		m_PortDestination = localDestination->CreateStreamingDestination (inport > 0 ? inport : port);
+		m_PortDestination = localDestination->CreateStreamingDestination (inport > 0 ? inport : port, gzip);
 	}
 	
 	void I2PServerTunnel::Start ()
@@ -402,16 +469,35 @@ namespace client
 	}
 
 	I2PServerTunnelHTTP::I2PServerTunnelHTTP (const std::string& name, const std::string& address, 
-	    int port, std::shared_ptr<ClientDestination> localDestination, int inport):
-		I2PServerTunnel (name, address, port, localDestination, inport)
+	    int port, std::shared_ptr<ClientDestination> localDestination, 
+	    const std::string& host, int inport, bool gzip):
+		I2PServerTunnel (name, address, port, localDestination, inport, gzip), 
+		m_Host (host.length () > 0 ? host : address)
 	{
 	}
 
 	void I2PServerTunnelHTTP::CreateI2PConnection (std::shared_ptr<i2p::stream::Stream> stream)
 	{
-		auto conn = std::make_shared<I2PTunnelConnectionHTTP> (this, stream, std::make_shared<boost::asio::ip::tcp::socket> (GetService ()), GetEndpoint (), GetAddress ());
+		auto conn = std::make_shared<I2PTunnelConnectionHTTP> (this, stream, 
+			std::make_shared<boost::asio::ip::tcp::socket> (GetService ()), GetEndpoint (), m_Host);
 		AddHandler (conn);
 		conn->Connect ();
 	}
+
+    I2PServerTunnelIRC::I2PServerTunnelIRC (const std::string& name, const std::string& address, 
+        int port, std::shared_ptr<ClientDestination> localDestination, 
+        const std::string& webircpass, int inport, bool gzip):
+        I2PServerTunnel (name, address, port, localDestination, inport, gzip),
+        m_WebircPass (webircpass)
+    {
+    }
+
+    void I2PServerTunnelIRC::CreateI2PConnection (std::shared_ptr<i2p::stream::Stream> stream)
+    {
+	    auto conn = std::make_shared<I2PTunnelConnectionIRC> (this, stream, std::make_shared<boost::asio::ip::tcp::socket> (GetService ()), GetEndpoint (), this->m_WebircPass);
+	    AddHandler (conn);
+        conn->Connect ();
+    }
+
 }		
 }	

I2PTunnel.h

@@ -80,6 +80,27 @@ namespace client
 			std::shared_ptr<const i2p::data::IdentityEx> m_From;
 	};
 
+	class I2PTunnelConnectionIRC: public I2PTunnelConnection
+    {
+        public:
+                
+            I2PTunnelConnectionIRC (I2PService * owner, std::shared_ptr<i2p::stream::Stream> stream,
+                std::shared_ptr<boost::asio::ip::tcp::socket> socket, 
+                const boost::asio::ip::tcp::endpoint& target, const std::string& m_WebircPass); 
+
+        protected:
+
+            void Write (const uint8_t * buf, size_t len);
+
+        private:
+   
+            std::shared_ptr<const i2p::data::IdentityEx> m_From;
+            std::stringstream m_OutPacket, m_InPacket;
+			bool m_NeedsWebIrc;
+            std::string m_WebircPass; 
+    };
+
+
 	class I2PClientTunnel: public TCPIPAcceptor
 	{
 		protected:
@@ -114,7 +135,7 @@ namespace client
 		public:
 
 			I2PServerTunnel (const std::string& name, const std::string& address, int port, 
-				std::shared_ptr<ClientDestination> localDestination, int inport = 0);	
+				std::shared_ptr<ClientDestination> localDestination, int inport = 0, bool gzip = true);	
 
 			void Start ();
 			void Stop ();
@@ -152,12 +173,35 @@ namespace client
 		public:
 
 			I2PServerTunnelHTTP (const std::string& name, const std::string& address, int port, 
-				std::shared_ptr<ClientDestination> localDestination, int inport = 0);	
+				std::shared_ptr<ClientDestination> localDestination, const std::string& host,
+			    int inport = 0, bool gzip = true);	
 
 		private:
 
-			void CreateI2PConnection (std::shared_ptr<i2p::stream::Stream> stream);	
+			void CreateI2PConnection (std::shared_ptr<i2p::stream::Stream> stream);
+
+		private:
+
+			std::string m_Host;
 	};
+	
+    class I2PServerTunnelIRC: public I2PServerTunnel
+    {
+        public:
+
+            I2PServerTunnelIRC (const std::string& name, const std::string& address, int port, 
+                std::shared_ptr<ClientDestination> localDestination, const std::string& webircpass,
+                int inport = 0, bool gzip = true);   
+
+        private:
+
+            void CreateI2PConnection (std::shared_ptr<i2p::stream::Stream> stream);
+
+        private:
+
+        	std::string m_WebircPass;
+    };
+
 }
 }	
 

Identity.cpp

@@ -1,8 +1,5 @@
 #include <time.h>
 #include <stdio.h>
-#include <openssl/sha.h>
-#include <openssl/dh.h>
-#include <openssl/rand.h>
 #include "Crypto.h"
 #include "I2PEndian.h"
 #include "Log.h"
@@ -22,6 +19,10 @@ namespace data
 
 	size_t Identity::FromBuffer (const uint8_t * buf, size_t len)
 	{
+		if ( len < DEFAULT_IDENTITY_SIZE ) {
+			// buffer too small, don't overflow
+			return 0;
+		}
 		memcpy (publicKey, buf, DEFAULT_IDENTITY_SIZE);
 		return DEFAULT_IDENTITY_SIZE;
 	}
@@ -228,28 +229,32 @@ namespace data
 	}	
 
 	size_t IdentityEx::ToBuffer (uint8_t * buf, size_t len) const
-	{		
+	{
+		const size_t fullLen = GetFullLen();
+		if (fullLen > len) return 0; // buffer is too small and may overflow somewhere else
 		memcpy (buf, &m_StandardIdentity, DEFAULT_IDENTITY_SIZE);
 		if (m_ExtendedLen > 0 && m_ExtendedBuffer)
 			memcpy (buf + DEFAULT_IDENTITY_SIZE, m_ExtendedBuffer, m_ExtendedLen);
-		return GetFullLen ();
+		return fullLen;
 	}
 
 	size_t IdentityEx::FromBase64(const std::string& s)
 	{
-		uint8_t buf[1024];
-		auto len = Base64ToByteStream (s.c_str(), s.length(), buf, 1024);
-		return FromBuffer (buf, len);
+		const size_t slen = s.length();
+		std::vector<uint8_t> buf(slen); // binary data can't exceed base64
+		const size_t len = Base64ToByteStream (s.c_str(), slen, buf.data(), slen);
+		return FromBuffer (buf.data(), len);
 	}	
 	
 	std::string IdentityEx::ToBase64 () const
 	{
-		uint8_t buf[1024];
-		char str[1536];
-		size_t l = ToBuffer (buf, 1024);
-		size_t l1 = i2p::data::ByteStreamToBase64 (buf, l, str, 1536);
-		str[l1] = 0;
-		return std::string (str);
+		const size_t bufLen = GetFullLen();
+		const size_t strLen = Base64EncodingBufferSize(bufLen);
+		std::vector<uint8_t> buf(bufLen);
+		std::vector<char> str(strLen);
+		size_t l = ToBuffer (buf.data(), bufLen);
+		size_t l1 = i2p::data::ByteStreamToBase64 (buf.data(), l, str.data(), strLen);
+		return std::string (str.data(), l1);
 	}
 	
 	size_t IdentityEx::GetSigningPublicKeyLen () const
@@ -303,18 +308,18 @@ namespace data
 		switch (keyType)
 		{
 			case SIGNING_KEY_TYPE_DSA_SHA1:
-				m_Verifier.reset (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey));
+				UpdateVerifier (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey));
 			break;
 			case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
 			{	
 				size_t padding =  128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
-				m_Verifier.reset (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding));
+				UpdateVerifier (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
 			{	
 				size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96
-				m_Verifier.reset (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding));
+				UpdateVerifier (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
@@ -323,7 +328,7 @@ namespace data
 				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
 				size_t excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132- 128
 				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				m_Verifier.reset (new i2p::crypto::ECDSAP521Verifier (signingKey));
+				UpdateVerifier (new i2p::crypto::ECDSAP521Verifier (signingKey));
 				break;
 			}		
 			case SIGNING_KEY_TYPE_RSA_SHA256_2048:
@@ -332,7 +337,7 @@ namespace data
 				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
 				size_t excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256- 128
 				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				m_Verifier.reset (new i2p::crypto:: RSASHA2562048Verifier (signingKey));
+				UpdateVerifier (new i2p::crypto:: RSASHA2562048Verifier (signingKey));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_RSA_SHA384_3072:
@@ -341,7 +346,7 @@ namespace data
 				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
 				size_t excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384- 128
 				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				m_Verifier.reset (new i2p::crypto:: RSASHA3843072Verifier (signingKey));
+				UpdateVerifier (new i2p::crypto:: RSASHA3843072Verifier (signingKey));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_RSA_SHA512_4096:
@@ -350,20 +355,28 @@ namespace data
 				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
 				size_t excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512- 128
 				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				m_Verifier.reset (new i2p::crypto:: RSASHA5124096Verifier (signingKey));
+				UpdateVerifier (new i2p::crypto:: RSASHA5124096Verifier (signingKey));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
 			{
 				size_t padding =  128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
-				m_Verifier.reset (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
+				UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
 				break;
 			}	
 			default:
 				LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported");
 		}			
 	}	
-	
+
+	void IdentityEx::UpdateVerifier (i2p::crypto::Verifier * verifier) const
+	{
+		if (!m_Verifier || !verifier)
+			m_Verifier.reset (verifier);
+		else
+			delete verifier;
+	}	
+		
 	void IdentityEx::DropVerifier () const
 	{
 		// TODO: potential race condition with Verify

Identity.h

@@ -95,6 +95,7 @@ namespace data
 		private:
 
 			void CreateVerifier () const;
+			void UpdateVerifier (i2p::crypto::Verifier * verifier) const;
 			
 		private:
 
@@ -177,16 +178,10 @@ namespace data
 		public:
 
 			virtual ~LocalDestination() {};
-			virtual const PrivateKeys& GetPrivateKeys () const = 0;
 			virtual const uint8_t * GetEncryptionPrivateKey () const = 0; 
-			virtual const uint8_t * GetEncryptionPublicKey () const = 0; 
+			virtual std::shared_ptr<const IdentityEx> GetIdentity () const = 0;
 
-			std::shared_ptr<const IdentityEx> GetIdentity () const { return GetPrivateKeys ().GetPublic (); };
 			const IdentHash& GetIdentHash () const { return GetIdentity ()->GetIdentHash (); };  
-			void Sign (const uint8_t * buf, int len, uint8_t * signature) const 
-			{ 
-				GetPrivateKeys ().Sign (buf, len, signature); 
-			};
 	};	
 }
 }

LeaseSet.cpp

@@ -4,7 +4,7 @@
 #include "Log.h"
 #include "Timestamp.h"
 #include "NetDb.h"
-#include "TunnelPool.h"
+#include "Tunnel.h"
 #include "LeaseSet.h"
 
 namespace i2p
@@ -12,8 +12,8 @@ namespace i2p
 namespace data
 {
 	
-	LeaseSet::LeaseSet (const uint8_t * buf, size_t len):
-		m_IsValid (true)
+	LeaseSet::LeaseSet (const uint8_t * buf, size_t len, bool storeLeases):
+		m_IsValid (true), m_StoreLeases (storeLeases), m_ExpirationTime (0)
 	{
 		m_Buffer = new uint8_t[len];
 		memcpy (m_Buffer, buf, len);
@@ -21,54 +21,8 @@ namespace data
 		ReadFromBuffer ();
 	}
 
-	LeaseSet::LeaseSet (std::shared_ptr<const i2p::tunnel::TunnelPool> pool):
-		m_IsValid (true)
-	{	
-		if (!pool) return;
-		// header
-		auto localDestination = pool->GetLocalDestination ();
-		if (!localDestination)
-		{
-			m_Buffer = nullptr;
-			m_BufferLen = 0;
-			m_IsValid = false;
-			LogPrint (eLogError, "LeaseSet: Destination for local LeaseSet doesn't exist");
-			return;
-		}	
-		m_Buffer = new uint8_t[MAX_LS_BUFFER_SIZE];
-		m_BufferLen = localDestination->GetIdentity ()->ToBuffer (m_Buffer, MAX_LS_BUFFER_SIZE);
-		memcpy (m_Buffer + m_BufferLen, localDestination->GetEncryptionPublicKey (), 256);
-		m_BufferLen += 256;
-		auto signingKeyLen = localDestination->GetIdentity ()->GetSigningPublicKeyLen ();
-		memset (m_Buffer + m_BufferLen, 0, signingKeyLen);
-		m_BufferLen += signingKeyLen;
-		auto tunnels = pool->GetInboundTunnels (5); // 5 tunnels maximum
-		m_Buffer[m_BufferLen] = tunnels.size (); // num leases
-		m_BufferLen++;
-		// leases
-		for (auto it: tunnels)
-		{	
-			memcpy (m_Buffer + m_BufferLen, it->GetNextIdentHash (), 32);
-			m_BufferLen += 32; // gateway id
-			htobe32buf (m_Buffer + m_BufferLen, it->GetNextTunnelID ());
-			m_BufferLen += 4; // tunnel id
-			uint64_t ts = it->GetCreationTime () + i2p::tunnel::TUNNEL_EXPIRATION_TIMEOUT - i2p::tunnel::TUNNEL_EXPIRATION_THRESHOLD; // 1 minute before expiration
-			ts *= 1000; // in milliseconds
-			ts += rand () % 6; // + random milliseconds 0-5
-			htobe64buf (m_Buffer + m_BufferLen, ts);
-			m_BufferLen += 8; // end date
-		}
-		// signature
-		localDestination->Sign (m_Buffer, m_BufferLen, m_Buffer + m_BufferLen);
-		m_BufferLen += localDestination->GetIdentity ()->GetSignatureLen (); 
-		LogPrint (eLogDebug, "LeaseSet: Local LeaseSet of ", tunnels.size (), " leases created");
-
-		ReadFromBuffer ();
-	}
-
 	void LeaseSet::Update (const uint8_t * buf, size_t len)
 	{	
-		m_Leases.clear ();
 		if (len > m_BufferLen)
 		{
 			auto oldBuffer = m_Buffer;
@@ -79,7 +33,13 @@ namespace data
 		m_BufferLen = len;
 		ReadFromBuffer (false);
 	}
-	
+
+	void LeaseSet::PopulateLeases ()
+	{
+		m_StoreLeases = true;
+		ReadFromBuffer (false);
+	}	
+		
 	void LeaseSet::ReadFromBuffer (bool readIdentity)	
 	{	
 		if (readIdentity || !m_Identity)
@@ -104,7 +64,16 @@ namespace data
 			return;
 		}	
 
+		// reset existing leases
+		if (m_StoreLeases)
+			for (auto& it: m_Leases)
+				it->isUpdated = false;
+		else	
+			m_Leases.clear ();
+
 		// process leases
+		m_ExpirationTime = 0;
+		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 		const uint8_t * leases = m_Buffer + size;
 		for (int i = 0; i < num; i++)
 		{
@@ -113,19 +82,51 @@ namespace data
 			leases += 32; // gateway
 			lease.tunnelID = bufbe32toh (leases);
 			leases += 4; // tunnel ID
-			lease.endDate = bufbe64toh (leases);
+			lease.endDate = bufbe64toh (leases); 
 			leases += 8; // end date
-			m_Leases.push_back (lease);
-
-			// check if lease's gateway is in our netDb
-			if (!netdb.FindRouter (lease.tunnelGateway))
-			{
-				// if not found request it
-				LogPrint (eLogInfo, "LeaseSet: Lease's tunnel gateway not found, requesting");
-				netdb.RequestDestination (lease.tunnelGateway);
-			}	
+			if (ts < lease.endDate + LEASE_ENDDATE_THRESHOLD)
+			{	
+				if (lease.endDate > m_ExpirationTime)
+					m_ExpirationTime = lease.endDate;
+				if (m_StoreLeases)
+				{	
+					auto ret = m_Leases.insert (std::make_shared<Lease>(lease));
+					if (!ret.second) *(*ret.first) = lease; // update existing
+					(*ret.first)->isUpdated = true;
+					// check if lease's gateway is in our netDb
+					if (!netdb.FindRouter (lease.tunnelGateway))
+					{
+						// if not found request it
+						LogPrint (eLogInfo, "LeaseSet: Lease's tunnel gateway not found, requesting");
+						netdb.RequestDestination (lease.tunnelGateway);
+					}
+				}	
+			}
+			else
+				LogPrint (eLogWarning, "LeaseSet: Lease is expired already ");
 		}	
-		
+		if (!m_ExpirationTime)
+		{
+			LogPrint (eLogWarning, "LeaseSet: all leases are expired. Dropped");
+			m_IsValid = false;
+			return;
+		}	
+		m_ExpirationTime += LEASE_ENDDATE_THRESHOLD;
+		// delete old leases	
+		if (m_StoreLeases)
+		{	
+			for (auto it = m_Leases.begin (); it != m_Leases.end ();)
+			{	
+				if (!(*it)->isUpdated)
+				{
+					(*it)->endDate = 0; // somebody might still hold it
+					m_Leases.erase (it++);
+				}	
+				else
+					++it;
+			}
+		}
+
 		// verify
 		if (!m_Identity->Verify (m_Buffer, leases - m_Buffer, leases))
 		{
@@ -133,16 +134,46 @@ namespace data
 			m_IsValid = false;
 		}
 	}				
-	
-	const std::vector<Lease> LeaseSet::GetNonExpiredLeases (bool withThreshold) const
+
+	uint64_t LeaseSet::ExtractTimestamp (const uint8_t * buf, size_t len) const 
+	{
+		if (!m_Identity) return 0;
+		size_t size = m_Identity->GetFullLen ();
+		if (size > len) return 0;
+		size += 256; // encryption key
+		size += m_Identity->GetSigningPublicKeyLen (); // unused signing key
+		if (size > len) return 0;
+		uint8_t num = buf[size];
+		size++; // num
+		if (size + num*LEASE_SIZE > len) return 0;
+		uint64_t timestamp= 0 ;
+		for (int i = 0; i < num; i++)
+		{
+			size += 36; // gateway (32) + tunnelId(4)
+			auto endDate = bufbe64toh (buf + size); 
+			size += 8; // end date
+			if (!timestamp || endDate < timestamp)
+				timestamp = endDate;
+		}	
+		return timestamp;
+	}	
+
+	bool LeaseSet::IsNewer (const uint8_t * buf, size_t len) const
+	{
+		return ExtractTimestamp (buf, len) > ExtractTimestamp (m_Buffer, m_BufferLen);
+	}	
+		
+	const std::vector<std::shared_ptr<const Lease> > LeaseSet::GetNonExpiredLeases (bool withThreshold) const
 	{
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
-		std::vector<Lease> leases;
-		for (auto& it: m_Leases)
+		std::vector<std::shared_ptr<const Lease> > leases;
+		for (const auto& it: m_Leases)
 		{
-			auto endDate = it.endDate;
-			if (!withThreshold)
-				endDate -= i2p::tunnel::TUNNEL_EXPIRATION_THRESHOLD*1000;
+			auto endDate = it->endDate;
+			if (withThreshold)
+				endDate += LEASE_ENDDATE_THRESHOLD;
+			else
+				endDate -= LEASE_ENDDATE_THRESHOLD;
 			if (ts < endDate)
 				leases.push_back (it);
 		}	
@@ -150,19 +181,69 @@ namespace data
 	}	
 
 	bool LeaseSet::HasExpiredLeases () const
-	{
+ 	{
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
-		for (auto& it: m_Leases)
-			if (ts >= it.endDate) return true;
+		for (const auto& it: m_Leases)
+			if (ts >= it->endDate) return true;
 		return false;
-	}	
+ 	}	
 
-	bool LeaseSet::HasNonExpiredLeases () const
+	bool LeaseSet::IsExpired () const
+	{
+		if (m_StoreLeases && IsEmpty ()) return true;
+		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+		return ts > m_ExpirationTime;
+	}
+
+	LocalLeaseSet::LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * encryptionPublicKey, std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels):
+		m_ExpirationTime (0), m_Identity (identity)
+	{
+		int num = tunnels.size ();
+		if (num > MAX_NUM_LEASES) num = MAX_NUM_LEASES;
+		// identity
+		auto signingKeyLen = m_Identity->GetSigningPublicKeyLen ();
+		m_BufferLen = m_Identity->GetFullLen () + 256 + signingKeyLen + 1 + num*LEASE_SIZE + m_Identity->GetSignatureLen ();	
+		m_Buffer = new uint8_t[m_BufferLen];	
+		auto offset = m_Identity->ToBuffer (m_Buffer, m_BufferLen);
+		memcpy (m_Buffer + offset, encryptionPublicKey, 256);
+		offset += 256;
+		memset (m_Buffer + offset, 0, signingKeyLen);
+		offset += signingKeyLen;
+		// num leases
+		m_Buffer[offset] = num; 
+		offset++;
+		// leases
+		m_Leases = m_Buffer + offset;
+		auto currentTime = i2p::util::GetMillisecondsSinceEpoch ();
+		for (int i = 0; i < num; i++)
+		{
+			memcpy (m_Buffer + offset, tunnels[i]->GetNextIdentHash (), 32);
+			offset += 32; // gateway id
+			htobe32buf (m_Buffer + offset, tunnels[i]->GetNextTunnelID ());
+			offset += 4; // tunnel id
+			uint64_t ts = tunnels[i]->GetCreationTime () + i2p::tunnel::TUNNEL_EXPIRATION_TIMEOUT - i2p::tunnel::TUNNEL_EXPIRATION_THRESHOLD; // 1 minute before expiration
+			ts *= 1000; // in milliseconds
+			if (ts > m_ExpirationTime) m_ExpirationTime = ts;
+			// make sure leaseset is newer than previous, but adding some time to expiration date
+			ts += (currentTime - tunnels[i]->GetCreationTime ()*1000LL)*2/i2p::tunnel::TUNNEL_EXPIRATION_TIMEOUT; // up to 2 secs
+			htobe64buf (m_Buffer + offset, ts);
+			offset += 8; // end date
+		}
+		//  we don't sign it yet. must be signed later on
+	}
+
+	LocalLeaseSet::LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * buf, size_t len):
+		m_ExpirationTime (0), m_Identity (identity)
+	{
+		m_BufferLen = len;
+		m_Buffer = new uint8_t[m_BufferLen];
+		memcpy (m_Buffer, buf, len);		
+	}
+
+	bool LocalLeaseSet::IsExpired () const
 	{
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
-		for (auto& it: m_Leases)
-			if (ts < it.endDate) return true;
-		return false;
+		return ts > m_ExpirationTime;
 	}	
 }		
 }	

LeaseSet.h

@@ -4,6 +4,8 @@
 #include <inttypes.h>
 #include <string.h>
 #include <vector>
+#include <set>
+#include <memory>
 #include "Identity.h"
 
 namespace i2p
@@ -11,64 +13,106 @@ namespace i2p
 
 namespace tunnel
 {
-	class TunnelPool;
+	class InboundTunnel;	
 }
 
 namespace data
 {	
+	const int LEASE_ENDDATE_THRESHOLD = 51000; // in milliseconds
 	struct Lease
 	{
 		IdentHash tunnelGateway;
 		uint32_t tunnelID;
-		uint64_t endDate;
-
-		bool operator< (const Lease& other) const 
-		{
-			if (endDate != other.endDate)
-				return endDate > other.endDate;
-			else
-				return tunnelID < other.tunnelID; 
-		}	
+		uint64_t endDate; // 0 means invalid
+		bool isUpdated; // trasient 
 	};	
 
-	const int MAX_LS_BUFFER_SIZE = 3072;
+	struct LeaseCmp
+	{
+		bool operator() (std::shared_ptr<const Lease> l1, std::shared_ptr<const Lease> l2) const
+  		{	
+			if (l1->tunnelID != l2->tunnelID)
+				return l1->tunnelID < l2->tunnelID; 
+			else
+				return l1->tunnelGateway < l2->tunnelGateway; 
+		};
+	};	
+
+	const size_t MAX_LS_BUFFER_SIZE = 3072;
+	const size_t LEASE_SIZE = 44; // 32 + 4 + 8
 	const uint8_t MAX_NUM_LEASES = 16;		
 	class LeaseSet: public RoutingDestination
 	{
 		public:
 
-			LeaseSet (const uint8_t * buf, size_t len);
-			LeaseSet (std::shared_ptr<const i2p::tunnel::TunnelPool> pool);
+			LeaseSet (const uint8_t * buf, size_t len, bool storeLeases = true);
 			~LeaseSet () { delete[] m_Buffer; };
 			void Update (const uint8_t * buf, size_t len);
+			bool IsNewer (const uint8_t * buf, size_t len) const;
+			void PopulateLeases (); // from buffer
 			std::shared_ptr<const IdentityEx> GetIdentity () const { return m_Identity; };			
 
 			const uint8_t * GetBuffer () const { return m_Buffer; };
 			size_t GetBufferLen () const { return m_BufferLen; };	
 			bool IsValid () const { return m_IsValid; };
+			const std::vector<std::shared_ptr<const Lease> > GetNonExpiredLeases (bool withThreshold = true) const;
+			bool HasExpiredLeases () const;
+			bool IsExpired () const;
+			bool IsEmpty () const { return m_Leases.empty (); };
+			uint64_t GetExpirationTime () const { return m_ExpirationTime; };
+			bool operator== (const LeaseSet& other) const 
+			{ return m_BufferLen == other.m_BufferLen && !memcmp (m_Buffer, other.m_Buffer, m_BufferLen); }; 
 
 			// implements RoutingDestination
 			const IdentHash& GetIdentHash () const { return m_Identity->GetIdentHash (); };
-			const std::vector<Lease>& GetLeases () const { return m_Leases; };
-			const std::vector<Lease> GetNonExpiredLeases (bool withThreshold = true) const;
-			bool HasExpiredLeases () const;
-			bool HasNonExpiredLeases () const;
 			const uint8_t * GetEncryptionPublicKey () const { return m_EncryptionKey; };
 			bool IsDestination () const { return true; };
 
 		private:
 
 			void ReadFromBuffer (bool readIdentity = true);
+			uint64_t ExtractTimestamp (const uint8_t * buf, size_t len) const; // min expiration time
 			
 		private:
 
-			bool m_IsValid;
-			std::vector<Lease> m_Leases;
+			bool m_IsValid, m_StoreLeases; // we don't need to store leases for floodfill
+			std::set<std::shared_ptr<Lease>, LeaseCmp> m_Leases;
+			uint64_t m_ExpirationTime; // in milliseconds
 			std::shared_ptr<const IdentityEx> m_Identity;
 			uint8_t m_EncryptionKey[256];
 			uint8_t * m_Buffer;
 			size_t m_BufferLen;
 	};	
+
+	class LocalLeaseSet
+	{
+		public:
+
+			LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * encryptionPublicKey, std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels);
+			LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * buf, size_t len);
+			~LocalLeaseSet () { delete[] m_Buffer; };
+
+			const uint8_t * GetBuffer () const { return m_Buffer; };
+			uint8_t * GetSignature () { return m_Buffer + m_BufferLen - GetSignatureLen (); }; 
+			size_t GetBufferLen () const { return m_BufferLen; };	
+			size_t GetSignatureLen () const { return m_Identity->GetSignatureLen (); };
+			uint8_t * GetLeases () { return m_Leases; }; 
+			
+			const IdentHash& GetIdentHash () const { return m_Identity->GetIdentHash (); };
+			bool IsExpired () const;
+			uint64_t GetExpirationTime () const { return m_ExpirationTime; };
+			void SetExpirationTime (uint64_t expirationTime) { m_ExpirationTime = expirationTime; };
+			bool operator== (const LeaseSet& other) const 
+			{ return m_BufferLen == other.GetBufferLen ()  && !memcmp (other.GetBuffer (), other.GetBuffer (), m_BufferLen); }; 
+
+
+		private:
+			
+			uint64_t m_ExpirationTime; // in milliseconds
+			std::shared_ptr<const IdentityEx> m_Identity;
+			uint8_t * m_Buffer, * m_Leases;
+			size_t m_BufferLen;
+	}; 
 }		
 }	
 

Log.cpp

@@ -1,75 +1,171 @@
-#include <boost/date_time/posix_time/posix_time.hpp>
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
 #include "Log.h"
 
-Log * g_Log = nullptr;
-
-static const char * g_LogLevelStr[eNumLogLevels] =
-{
-	"error", // eLogError
-	"warn",  // eLogWarning
-	"info",  // eLogInfo
-	"debug"	 // eLogDebug 
-};
-
-void LogMsg::Process()
-{
-	auto& output = (log && log->GetLogStream ()) ? *log->GetLogStream () : std::cerr;	
-	if (log)	
-		output << log->GetTimestamp ();
-	else
-		output << boost::posix_time::second_clock::local_time().time_of_day ();
-	output << "/" << g_LogLevelStr[level] << " - ";
-	output << s.str();
-}
-
-const std::string& Log::GetTimestamp ()
-{
-#if (__GNUC__ == 4) && (__GNUC_MINOR__ <= 6) && !defined(__clang__)	
-	auto ts = std::chrono::monotonic_clock::now ();	
-#else	
-	auto ts = std::chrono::steady_clock::now ();	
-#endif	
-	if (ts > m_LastTimestampUpdate + std::chrono::milliseconds (500)) // 0.5 second
+namespace i2p {
+namespace log {
+	Log logger;
+	/**
+	 * @brief Maps our loglevel to their symbolic name
+	 */
+	static const char * g_LogLevelStr[eNumLogLevels] =
 	{
-		m_LastTimestampUpdate = ts;
-		m_Timestamp = boost::posix_time::to_simple_string (boost::posix_time::second_clock::local_time().time_of_day ());
-	}		
-	return m_Timestamp;
-}
+		"error", // eLogError
+		"warn",  // eLogWarn
+		"info",  // eLogInfo
+		"debug"	 // eLogDebug
+	};
 
-void Log::Flush ()
-{
-	if (m_LogStream)
-		m_LogStream->flush();
-}
+#ifndef _WIN32
+	/**
+	 * @brief  Maps our log levels to syslog one
+	 * @return syslog priority LOG_*, as defined in syslog.h
+	 */
+	static inline int GetSyslogPrio (enum LogLevel l) {
+		int priority = LOG_DEBUG;
+		switch (l) {
+			case eLogError   : priority = LOG_ERR;     break;
+			case eLogWarning : priority = LOG_WARNING; break;
+			case eLogInfo    : priority = LOG_INFO;    break;
+			case eLogDebug   : priority = LOG_DEBUG;   break;
+			default          : priority = LOG_DEBUG;   break;
+		}
+		return priority;
+	}
+#endif
 
-void Log::SetLogFile (const std::string& fullFilePath)
-{
-	auto logFile = new std::ofstream (fullFilePath, std::ofstream::out | std::ofstream::binary | std::ofstream::trunc);
-	if (logFile->is_open ())
+	Log::Log():
+	m_Destination(eLogStdout), m_MinLevel(eLogInfo),
+	m_LogStream (nullptr), m_Logfile(""), m_IsReady(false)
 	{
-		SetLogStream (logFile);
-		LogPrint(eLogInfo, "Log: will send messages to ",  fullFilePath);
-	}	
-	else
-		delete logFile;
-}
+	}
 
-void Log::SetLogLevel (const std::string& level)
-{
-  if      (level == "error") { m_MinLevel = eLogError; }
-  else if (level == "warn")  { m_MinLevel = eLogWarning;  }
-  else if (level == "info")  { m_MinLevel = eLogInfo;  }
-  else if (level == "debug") { m_MinLevel = eLogDebug; }
-  else {
-		LogPrint(eLogError, "Log: Unknown loglevel: ", level);
-		return;
-  }
-  LogPrint(eLogInfo, "Log: min messages level set to ", level);
-}
+	Log::~Log ()
+	{
+		switch (m_Destination) {
+#ifndef _WIN32
+			case eLogSyslog :
+				closelog();
+				break;
+#endif
+			case eLogFile:
+			case eLogStream:
+					if (m_LogStream) m_LogStream->flush();
+				break;
+			default:
+				/* do nothing */
+				break;
+		}
+		Process();
+	}
 
-void Log::SetLogStream (std::ostream * logStream)
-{
-	if (m_LogStream) delete m_LogStream;	
-	m_LogStream = logStream;
-}
+	void Log::SetLogLevel (const std::string& level) {
+		if      (level == "error") { m_MinLevel = eLogError; }
+		else if (level == "warn")  { m_MinLevel = eLogWarning; }
+		else if (level == "info")  { m_MinLevel = eLogInfo;  }
+		else if (level == "debug") { m_MinLevel = eLogDebug; }
+		else {
+			LogPrint(eLogError, "Log: unknown loglevel: ", level);
+			return;
+		}
+		LogPrint(eLogInfo, "Log: min messages level set to ", level);
+	}
+	
+	const char * Log::TimeAsString(std::time_t t) {
+		if (t != m_LastTimestamp) {
+			strftime(m_LastDateTime, sizeof(m_LastDateTime), "%H:%M:%S", localtime(&t));
+			m_LastTimestamp = t;
+		}
+		return m_LastDateTime;
+	}
+
+	/**
+	 * @note This function better to be run in separate thread due to disk i/o.
+	 * Unfortunately, with current startup process with late fork() this
+	 * will give us nothing but pain. Maybe later. See in NetDb as example.
+	 */
+	void Log::Process() {
+		std::unique_lock<std::mutex> l(m_OutputLock);
+		std::hash<std::thread::id> hasher;
+		unsigned short short_tid;
+		while (1) {
+			auto msg = m_Queue.GetNextWithTimeout (1);
+			if (!msg)
+				break;
+			short_tid = (short) (hasher(msg->tid) % 1000);
+			switch (m_Destination) {
+#ifndef _WIN32
+				case eLogSyslog:
+					syslog(GetSyslogPrio(msg->level), "[%03u] %s", short_tid, msg->text.c_str());
+					break;
+#endif
+				case eLogFile:
+				case eLogStream:
+					if (m_LogStream)
+						*m_LogStream << TimeAsString(msg->timestamp)
+							<< "@" << short_tid
+							<< "/" << g_LogLevelStr[msg->level]
+							<< " - " << msg->text << std::endl;
+					break;
+				case eLogStdout:
+				default:
+					std::cout    << TimeAsString(msg->timestamp)
+						<< "@" << short_tid
+						<< "/" << g_LogLevelStr[msg->level]
+						<< " - " << msg->text << std::endl;
+					break;
+			} // switch
+		} // while
+	}
+
+	void Log::Append(std::shared_ptr<i2p::log::LogMsg> & msg) {
+		m_Queue.Put(msg);
+		if (!m_IsReady)
+			return;
+		Process();
+	}
+
+	void Log::SendTo (const std::string& path) 
+	{
+		if (m_LogStream) m_LogStream = nullptr; // close previous	
+		auto flags = std::ofstream::out | std::ofstream::app;
+		auto os = std::make_shared<std::ofstream> (path, flags);
+		if (os->is_open ()) 
+		{
+			m_Logfile = path;
+			m_Destination = eLogFile;
+			m_LogStream = os;
+			return;
+		}
+		LogPrint(eLogError, "Log: can't open file ", path);
+	}
+
+	void Log::SendTo (std::shared_ptr<std::ostream> os) {
+		m_Destination = eLogStream;
+		m_LogStream = os;
+	}
+
+#ifndef _WIN32
+	void Log::SendTo(const char *name, int facility) {
+		m_Destination = eLogSyslog;
+		m_LogStream = nullptr;
+		openlog(name, LOG_CONS | LOG_PID, facility);
+	}
+#endif
+
+	void Log::Reopen() {
+		if (m_Destination == eLogFile)
+			SendTo(m_Logfile);
+	}
+
+	Log & Logger() {
+		return logger;
+	}
+} // log
+} // i2p

Log.h

@@ -1,14 +1,27 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
 #ifndef LOG_H__
 #define LOG_H__
 
+#include <ctime>
 #include <string>
 #include <iostream>
-#include <sstream>
 #include <fstream>
-#include <functional>
+#include <sstream>
 #include <chrono>
+#include <memory>
 #include "Queue.h"
 
+#ifndef _WIN32
+#include <syslog.h>
+#endif
+
 enum LogLevel
 {
 	eLogError = 0,
@@ -18,116 +31,157 @@ enum LogLevel
 	eNumLogLevels
 };
 
-class Log;
-struct LogMsg
-{
-	std::stringstream s;
-	Log * log;	
-	LogLevel level;
-
-	LogMsg (Log * l = nullptr, LogLevel lv = eLogInfo): log (l), level (lv) {};
-	
-	void Process();
+enum LogType {
+	eLogStdout = 0,
+	eLogStream,
+	eLogFile,
+#ifndef _WIN32
+	eLogSyslog,
+#endif
 };
 
-class Log: public i2p::util::MsgQueue<LogMsg>
-{
-	public:
+namespace i2p {
+namespace log {
+	struct LogMsg; /* forward declaration */
 
-		Log (): m_LogStream (nullptr) { SetOnEmpty (std::bind (&Log::Flush, this)); };
-		~Log () { delete m_LogStream; };
-
-		void SetLogFile (const std::string& fullFilePath);
-		void SetLogLevel (const std::string& level);
-		void SetLogStream (std::ostream * logStream);
-		std::ostream * GetLogStream () const { return m_LogStream; };	
-		const std::string& GetTimestamp ();
-		LogLevel GetLogLevel () { return m_MinLevel; };
-
-	private:
-
-		void Flush ();
-
-	private:
-		
-		std::ostream * m_LogStream;
-		enum LogLevel m_MinLevel;
-		std::string m_Timestamp;
-#if (__GNUC__ == 4) && (__GNUC_MINOR__ <= 6) && !defined(__clang__) // gcc 4.6
-		std::chrono::monotonic_clock::time_point m_LastTimestampUpdate;
-#else		
-		std::chrono::steady_clock::time_point m_LastTimestampUpdate;	
-#endif		
-};
-
-extern Log * g_Log;
-
-inline void StartLog (const std::string& fullFilePath)
-{
-	if (!g_Log)
-	{	
-		auto log = new Log ();
-		if (fullFilePath.length () > 0)
-			log->SetLogFile (fullFilePath);
-		g_Log = log;
-	}	
-}
-
-inline void StartLog (std::ostream * s)
-{
-	if (!g_Log)
-	{	
-		auto log = new Log ();
-		if (s)
-			log->SetLogStream (s);
-		g_Log = log;
-	}	
-}
-
-inline void StopLog ()
-{
-	if (g_Log)
+	class Log
 	{
-		auto log = g_Log;
-		g_Log = nullptr;
-		log->Stop ();
-		delete log;
-	}		
-}
+		private:
 
-inline void SetLogLevel (const std::string& level)
-{
-	if (g_Log)	
-		g_Log->SetLogLevel(level);
-}
+			enum LogType  m_Destination;
+			enum LogLevel m_MinLevel;
+			std::shared_ptr<std::ostream> m_LogStream;
+			std::string m_Logfile;
+			std::time_t m_LastTimestamp;
+			char m_LastDateTime[64];
+			i2p::util::Queue<std::shared_ptr<LogMsg> > m_Queue;
+			volatile bool m_IsReady;
+			mutable std::mutex m_OutputLock;
 
+		private:
+
+			/** prevent making copies */
+			Log (const Log &);
+			const Log& operator=(const Log&);
+
+			/**
+			 * @brief process stored messages in queue
+			 */
+			void Process ();
+
+			/**
+			 * @brief Makes formatted string from unix timestamp
+			 * @param ts  Second since epoch
+			 *
+			 * This function internally caches the result for last provided value
+			 */
+			const char * TimeAsString(std::time_t ts);
+
+		public:
+
+			Log ();
+			~Log ();
+
+			LogType  GetLogType  () { return m_Destination; };
+			LogLevel GetLogLevel () { return m_MinLevel; };
+
+			/**
+			 * @brief  Sets minimal allowed level for log messages
+			 * @param  level  String with wanted minimal msg level
+			 */
+			void     SetLogLevel (const std::string& level);
+
+			/**
+			 * @brief Sets log destination to logfile
+			 * @param path  Path to logfile
+			 */
+			void SendTo (const std::string &path);
+
+			/**
+			 * @brief Sets log destination to given output stream
+			 * @param os  Output stream
+			 */
+			void SendTo (std::shared_ptr<std::ostream> os);
+
+	#ifndef _WIN32
+			/**
+			 * @brief Sets log destination to syslog
+			 * @param name     Wanted program name
+			 * @param facility Wanted log category
+			 */
+			void SendTo (const char *name, int facility);
+	#endif
+
+			/**
+			 * @brief  Format log message and write to output stream/syslog
+			 * @param  msg  Pointer to processed message
+			 */
+			void Append(std::shared_ptr<i2p::log::LogMsg> &);
+
+			/** @brief  Allow log output */
+			void Ready() { m_IsReady = true; }
+
+			/** @brief  Flushes the output log stream */
+			void Flush();
+
+			/** @brief  Reopen log file */
+			void Reopen();
+	};
+
+	/**
+	 * @struct LogMsg
+	 * @brief Log message container
+	 *
+	 * We creating it somewhere with LogPrint(),
+	 * then put in MsgQueue for later processing.
+	 */
+	struct LogMsg {
+		std::time_t timestamp;
+		std::string text; /**< message text as single string */
+		LogLevel level;   /**< message level */
+		std::thread::id tid; /**< id of thread that generated message */
+
+		LogMsg (LogLevel lvl, std::time_t ts, const std::string & txt): timestamp(ts), text(txt), level(lvl) {};
+	};
+
+	Log & Logger();
+} // log
+} // i2p
+
+/** internal usage only -- folding args array to single string */
 template<typename TValue>
-void LogPrint (std::stringstream& s, TValue arg) 
+void LogPrint (std::stringstream& s, TValue arg)
 {
 	s << arg;
 }
- 
+
+/** internal usage only -- folding args array to single string */
 template<typename TValue, typename... TArgs>
-void LogPrint (std::stringstream& s, TValue arg, TArgs... args) 
+void LogPrint (std::stringstream& s, TValue arg, TArgs... args)
 {
 	LogPrint (s, arg);
 	LogPrint (s, args...);
 }
 
+/**
+ * @brief Create log message and send it to queue
+ * @param level Message level (eLogError, eLogInfo, ...)
+ * @param args Array of message parts
+ */
 template<typename... TArgs>
-void LogPrint (LogLevel level, TArgs... args) 
+void LogPrint (LogLevel level, TArgs... args)
 {
-	if (g_Log && level > g_Log->GetLogLevel ())
+	i2p::log::Log &log = i2p::log::Logger();
+	if (level > log.GetLogLevel ())
 		return;
-	LogMsg * msg = new LogMsg (g_Log, level);
-	LogPrint (msg->s, args...);
-	msg->s << std::endl;
-	if (g_Log) {
-		g_Log->Put (msg);
-	} else {
-		msg->Process ();
-		delete msg;
-	}
+
+	// fold message to single string
+	std::stringstream ss("");
+	LogPrint (ss, args ...);
+
+	auto msg = std::make_shared<i2p::log::LogMsg>(level, std::time(nullptr), ss.str());
+	msg->tid = std::this_thread::get_id();
+	log.Append(msg);
 }
 
-#endif
+#endif // LOG_H__

Makefile

@@ -11,10 +11,16 @@ include filelist.mk
 
 USE_AESNI  := yes
 USE_STATIC := no
+USE_MESHNET := no
+USE_UPNP   := no
 
 ifeq ($(UNAME),Darwin)
 	DAEMON_SRC += DaemonLinux.cpp
-	include Makefile.osx
+	ifeq ($(HOMEBREW),1)
+		include Makefile.homebrew
+	else
+		include Makefile.osx
+	endif
 else ifeq ($(shell echo $(UNAME) | $(GREP) -c FreeBSD),1)
 	DAEMON_SRC += DaemonLinux.cpp
 	include Makefile.bsd
@@ -22,21 +28,22 @@ else ifeq ($(UNAME),Linux)
 	DAEMON_SRC += DaemonLinux.cpp
 	include Makefile.linux
 else # win32 mingw
-	DAEMON_SRC += DaemonWin32.cpp Win32/Win32Service.cpp
-	WINDIR := True
+	DAEMON_SRC += DaemonWin32.cpp Win32/Win32Service.cpp Win32/Win32App.cpp
 	include Makefile.mingw
 endif
 
-all: mk_build_dir $(ARLIB) $(ARLIB_CLIENT) $(I2PD)
+ifeq ($(USE_MESHNET),yes)
+	NEEDED_CXXFLAGS += -DMESHNET
+endif
 
-mk_build_dir:
-	mkdir -p obj
-     ifeq ($(WINDIR),True)
-	mkdir -p obj/Win32
-     endif
+all: mk_obj_dir $(ARLIB) $(ARLIB_CLIENT) $(I2PD)
 
-api: mk_build_dir $(SHLIB) $(ARLIB)
-api_client: mk_build_dir $(SHLIB) $(ARLIB) $(SHLIB_CLIENT) $(ARLIB_CLIENT)
+mk_obj_dir:
+	@mkdir -p obj
+	@mkdir -p obj/Win32
+
+api: mk_obj_dir $(SHLIB) $(ARLIB)
+api_client: mk_obj_dir $(SHLIB) $(ARLIB) $(SHLIB_CLIENT) $(ARLIB_CLIENT)
 
 ## NOTE: The NEEDED_CXXFLAGS are here so that CXXFLAGS can be specified at build time
 ## **without** overwriting the CXXFLAGS which we need in order to build.
@@ -45,19 +52,18 @@ api_client: mk_build_dir $(SHLIB) $(ARLIB) $(SHLIB_CLIENT) $(ARLIB_CLIENT)
 ## -std=c++11. If you want to remove this variable please do so in a way that allows setting
 ## custom FLAGS to work at build-time.
 
-deps:
-	@mkdir -p obj
+deps: mk_obj_dir
 	$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) -MM *.cpp > $(DEPS)
 	@sed -i -e '/\.o:/ s/^/obj\//' $(DEPS)
 
-obj/%.o : %.cpp
-	@mkdir -p obj
+obj/%.o: %.cpp
 	$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) $(CPU_FLAGS) -c -o $@ $<
 
 # '-' is 'ignore if missing' on first run
 -include $(DEPS)
 
-$(I2PD):  $(patsubst %.cpp,obj/%.o,$(DAEMON_SRC)) $(ARLIB) $(ARLIB_CLIENT)
+DAEMON_OBJS += $(patsubst %.cpp,obj/%.o,$(DAEMON_SRC))
+$(I2PD): $(DAEMON_OBJS) $(ARLIB) $(ARLIB_CLIENT)
 	$(CXX) -o $@ $^ $(LDLIBS) $(LDFLAGS)
 
 $(SHLIB): $(patsubst %.cpp,obj/%.o,$(LIB_SRC))
@@ -76,17 +82,25 @@ $(ARLIB_CLIENT): $(patsubst %.cpp,obj/%.o,$(LIB_CLIENT_SRC))
 
 clean:
 	rm -rf obj
+	rm -rf docs/generated
 	$(RM) $(I2PD) $(SHLIB) $(ARLIB) $(SHLIB_CLIENT) $(ARLIB_CLIENT)
 
-LATEST_TAG=$(shell git describe --tags --abbrev=0 master)
+strip: $(I2PD) $(SHLIB_CLIENT) $(SHLIB)
+	strip $^
+
+LATEST_TAG=$(shell git describe --tags --abbrev=0 openssl)
 dist:
 	git archive --format=tar.gz -9 --worktree-attributes \
 	    --prefix=i2pd_$(LATEST_TAG)/ $(LATEST_TAG) -o i2pd_$(LATEST_TAG).tar.gz
 
+doxygen:
+	doxygen -s docs/Doxyfile
+
 .PHONY: all
 .PHONY: clean
 .PHONY: deps
+.PHONY: doxygen
 .PHONY: dist
 .PHONY: api
 .PHONY: api_client
-.PHONY: mk_build_dir
+.PHONY: mk_obj_dir

Makefile.bsd

@@ -9,4 +9,4 @@ CXXFLAGS = -O2
 NEEDED_CXXFLAGS = -std=c++11 -D_GLIBCXX_USE_NANOSLEEP=1
 INCFLAGS = -I/usr/include/ -I/usr/local/include/
 LDFLAGS = -Wl,-rpath,/usr/local/lib -L/usr/local/lib
-LDLIBS = -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_regex -lboost_program_options -lpthread
+LDLIBS = -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread

Makefile.homebrew

@@ -0,0 +1,29 @@
+# root directory holding homebrew
+BREWROOT = /usr/local/
+BOOSTROOT = ${BREWROOT}/opt/boost
+SSLROOT = ${BREWROOT}/opt/libressl
+CXX = clang++
+CXXFLAGS = -g -Wall -std=c++11 -DMAC_OSX
+INCFLAGS = -I${SSLROOT}/include -I${BOOSTROOT}/include
+LDFLAGS = -L${SSLROOT}/lib -L${BOOSTROOT}/lib
+LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
+
+ifeq ($(USE_UPNP),yes)
+  LDFLAGS += -ldl
+  CXXFLAGS += -DUSE_UPNP
+endif
+
+# OSX Notes
+# http://www.hutsby.net/2011/08/macs-with-aes-ni.html
+# Seems like all recent Mac's have AES-NI, after firmware upgrade 2.2
+# Found no good way to detect it from command line. TODO: Might be some osx sysinfo magic
+# note from psi: 2009 macbook does not have aesni
+#ifeq ($(USE_AESNI),yes)
+#  CXXFLAGS += -maes -DAESNI
+#endif
+
+# Disabled, since it will be the default make rule. I think its better
+# to define the default rule in Makefile and not Makefile.<ostype> - torkel
+#install: all
+#	test -d ${PREFIX} || mkdir -p ${PREFIX}/
+#	cp -r i2p ${PREFIX}/

Makefile.linux

@@ -1,5 +1,5 @@
 # set defaults instead redefine
-CXXFLAGS ?= -g -Wall
+CXXFLAGS ?= -g -Wall -Wextra -Wno-unused-parameter -pedantic
 INCFLAGS ?=
 
 ## NOTE: The NEEDED_CXXFLAGS are here so that custom CXXFLAGS can be specified at build time
@@ -19,7 +19,7 @@ else ifeq ($(shell expr match ${CXXVER} "4\.[7-9]"),3) # >= 4.7
 	NEEDED_CXXFLAGS += -std=c++11 -D_GLIBCXX_USE_NANOSLEEP=1
 else ifeq ($(shell expr match ${CXXVER} "4\.6"),3) # = 4.6
 	NEEDED_CXXFLAGS += -std=c++0x
-else ifeq ($(shell expr match ${CXXVER} "5\.[0-9]"),3) # gcc >= 5.0
+else ifeq ($(shell expr match ${CXXVER} "[5-6]\.[0-9]"),3) # gcc >= 5.0
 	NEEDED_CXXFLAGS += -std=c++11
 else # not supported
 	$(error Compiler too old)
@@ -32,20 +32,19 @@ ifeq ($(USE_STATIC),yes)
   LDLIBS  = $(LIBDIR)/libboost_system.a
   LDLIBS += $(LIBDIR)/libboost_date_time.a
   LDLIBS += $(LIBDIR)/libboost_filesystem.a
-  LDLIBS += $(LIBDIR)/libboost_regex.a
   LDLIBS += $(LIBDIR)/libboost_program_options.a
-  LDLIBS += $(LIBDIR)/libcrypto.a
   LDLIBS += $(LIBDIR)/libssl.a
+  LDLIBS += $(LIBDIR)/libcrypto.a
   LDLIBS += $(LIBDIR)/libz.a
-  LDLIBS += -lpthread -static-libstdc++ -static-libgcc
+  LDLIBS += -lpthread -static-libstdc++ -static-libgcc -lrt
   USE_AESNI := no
 else
-  LDLIBS = -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_regex -lboost_program_options -lpthread
+  LDLIBS = -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
 endif
 
 # UPNP Support (miniupnpc 1.5 or 1.6)
-ifeq ($(USE_UPNP),1)
-  LDFLAGS += -ldl
+ifeq ($(USE_UPNP),yes)
+  LDFLAGS += -lminiupnpc
   CXXFLAGS += -DUSE_UPNP
 endif
 

Makefile.mingw

@@ -1,7 +1,47 @@
+USE_WIN32_APP=yes
 CXX = g++
-CXXFLAGS = -O2 -D_MT -DWIN32 -D_WINDOWS -DWIN32_LEAN_AND_MEAN
+WINDRES = windres
+CXXFLAGS = -Os -D_MT -DWIN32 -D_WINDOWS -DWIN32_LEAN_AND_MEAN
 NEEDED_CXXFLAGS = -std=c++11
 BOOST_SUFFIX = -mt
-INCFLAGS = -I/usr/include/ -I/usr/local/include/ -I/c/dev/openssl/include -I/c/dev/boost/include/boost-1_59 
-LDFLAGS = -Wl,-rpath,/usr/local/lib -L/usr/local/lib -L/c/dev/openssl -L/c/dev/boost/lib
-LDLIBS = -Wl,-Bstatic -lboost_system$(BOOST_SUFFIX) -Wl,-Bstatic -lboost_date_time$(BOOST_SUFFIX) -Wl,-Bstatic -lboost_filesystem$(BOOST_SUFFIX) -Wl,-Bstatic -lboost_regex$(BOOST_SUFFIX) -Wl,-Bstatic -lboost_program_options$(BOOST_SUFFIX) -Wl,-Bstatic -lssl -Wl,-Bstatic -lcrypto -Wl,-Bstatic -lz -Wl,-Bstatic -lwsock32 -Wl,-Bstatic -lws2_32 -Wl,-Bstatic -lgdi32 -Wl,-Bstatic -liphlpapi -static-libgcc -static-libstdc++ -Wl,-Bstatic -lstdc++ -Wl,-Bstatic -lpthread
+INCFLAGS = -I/usr/include/ -I/usr/local/include/
+LDFLAGS = -Wl,-rpath,/usr/local/lib \
+  -L/usr/local/lib 
+
+# UPNP Support 
+ifeq ($(USE_UPNP),yes)
+  CXXFLAGS += -DUSE_UPNP -DMINIUPNP_STATICLIB
+  LDLIBS = -Wl,-Bstatic -lminiupnpc	
+endif
+
+LDLIBS += \
+  -Wl,-Bstatic -lboost_system$(BOOST_SUFFIX) \
+  -Wl,-Bstatic -lboost_date_time$(BOOST_SUFFIX) \
+  -Wl,-Bstatic -lboost_filesystem$(BOOST_SUFFIX) \
+  -Wl,-Bstatic -lboost_program_options$(BOOST_SUFFIX) \
+  -Wl,-Bstatic -lssl \
+  -Wl,-Bstatic -lcrypto \
+  -Wl,-Bstatic -lz \
+  -Wl,-Bstatic -lwsock32 \
+  -Wl,-Bstatic -lws2_32 \
+  -Wl,-Bstatic -lgdi32 \
+  -Wl,-Bstatic -liphlpapi \
+  -static-libgcc -static-libstdc++ \
+  -Wl,-Bstatic -lstdc++ \
+  -Wl,-Bstatic -lpthread
+
+ifeq ($(USE_WIN32_APP), yes)
+	CXXFLAGS += -DWIN32_APP
+	LDFLAGS += -mwindows -s
+	DAEMON_RC += Win32/Resource.rc
+	DAEMON_OBJS += $(patsubst %.rc,obj/%.o,$(DAEMON_RC))
+endif
+
+ifeq ($(USE_AESNI),1)
+	CPU_FLAGS = -maes -DAESNI
+else
+	CPU_FLAGS = -msse
+endif
+
+obj/%.o : %.rc
+	$(WINDRES) -i $< -o $@

Makefile.osx

@@ -3,9 +3,9 @@ CXXFLAGS = -g -Wall -std=c++11 -DMAC_OSX
 #CXXFLAGS = -g -O2 -Wall -std=c++11
 INCFLAGS = -I/usr/local/include -I/usr/local/ssl/include
 LDFLAGS = -Wl,-rpath,/usr/local/lib -L/usr/local/lib -L/usr/local/ssl/lib
-LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_regex -lboost_program_options -lpthread
+LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
 
-ifeq ($(USE_UPNP),1)
+ifeq ($(USE_UPNP),yes)
   LDFLAGS += -ldl
   CXXFLAGS += -DUSE_UPNP
 endif

NTCPSession.cpp

@@ -1,13 +1,11 @@
 #include <string.h>
 #include <stdlib.h>
-#include <openssl/dh.h>
-#include <openssl/sha.h>
-#include <zlib.h>
+
 #include "I2PEndian.h"
 #include "Base.h"
+#include "Crypto.h"
 #include "Log.h"
 #include "Timestamp.h"
-#include "Crypto.h"
 #include "I2NPProtocol.h"
 #include "RouterContext.h"
 #include "Transports.h"
@@ -21,11 +19,11 @@ namespace i2p
 namespace transport
 {
 	NTCPSession::NTCPSession (NTCPServer& server, std::shared_ptr<const i2p::data::RouterInfo> in_RemoteRouter): 
-		TransportSession (in_RemoteRouter),	m_Server (server), m_Socket (m_Server.GetService ()), 
+		TransportSession (in_RemoteRouter, NTCP_TERMINATION_TIMEOUT),	
+		m_Server (server), m_Socket (m_Server.GetService ()), 
 		m_TerminationTimer (m_Server.GetService ()), m_IsEstablished (false), m_IsTerminated (false),
 		m_ReceiveBufferOffset (0), m_NextMessage (nullptr), m_IsSending (false)
 	{		
-		m_DHKeysPair = transports.GetNextDHKeysPair ();
 		m_Establisher = new Establisher;
 	}
 	
@@ -94,9 +92,7 @@ namespace transport
 		
 		m_DHKeysPair = nullptr;	
 
-		SendTimeSyncMessage ();
-		m_SendQueue.push_back (CreateDatabaseStoreMsg ()); // we tell immediately who we are		
-
+		SendTimeSyncMessage ();		
 		transports.PeerConnected (shared_from_this ());
 	}	
 		
@@ -134,6 +130,7 @@ namespace transport
 		
 	void NTCPSession::HandlePhase1Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred)
 	{
+		(void) bytes_transferred;
 		if (ecode)
         {
 			LogPrint (eLogInfo, "NTCP: couldn't send Phase 1 message: ", ecode.message ());
@@ -150,6 +147,7 @@ namespace transport
 
 	void NTCPSession::HandlePhase1Received (const boost::system::error_code& ecode, std::size_t bytes_transferred)
 	{
+		(void) bytes_transferred;
 		if (ecode)
         {
 			LogPrint (eLogInfo, "NTCP: phase 1 read error: ", ecode.message ());
@@ -205,6 +203,7 @@ namespace transport
 		
 	void NTCPSession::HandlePhase2Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB)
 	{
+		(void) bytes_transferred;
 		if (ecode)
         {
 			LogPrint (eLogInfo, "NTCP: Couldn't send Phase 2 message: ", ecode.message ());
@@ -221,6 +220,7 @@ namespace transport
 		
 	void NTCPSession::HandlePhase2Received (const boost::system::error_code& ecode, std::size_t bytes_transferred)
 	{
+		(void) bytes_transferred;
 		if (ecode)
         {
 			LogPrint (eLogInfo, "NTCP: Phase 2 read error: ", ecode.message (), ". Wrong ident assumed");
@@ -277,7 +277,8 @@ namespace transport
 		if (paddingSize > 0) 
 		{
 			paddingSize = 16 - paddingSize;
-			// TODO: fill padding with random data
+			// fill padding with random data
+			RAND_bytes(buf, paddingSize);
 			buf += paddingSize;
 			len += paddingSize;
 		}
@@ -297,6 +298,7 @@ namespace transport
 		
 	void NTCPSession::HandlePhase3Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsA)
 	{
+		(void) bytes_transferred; 
 		if (ecode)
         {
 			LogPrint (eLogInfo, "NTCP: Couldn't send Phase 3 message: ", ecode.message ());
@@ -420,6 +422,7 @@ namespace transport
 
 	void NTCPSession::HandlePhase4Sent (const boost::system::error_code& ecode,  std::size_t bytes_transferred)
 	{
+		(void) bytes_transferred;
 		if (ecode)
         {
 			LogPrint (eLogWarning, "NTCP: Couldn't send Phase 4 message: ", ecode.message ());
@@ -428,7 +431,7 @@ namespace transport
 		}
 		else
 		{	
-			LogPrint (eLogInfo, "NTCP: Server session from ", m_Socket.remote_endpoint (), " connected");
+			LogPrint (eLogDebug, "NTCP: Server session from ", m_Socket.remote_endpoint (), " connected");
 			m_Server.AddNTCPSession (shared_from_this ());
 
 			Connected ();
@@ -496,12 +499,13 @@ namespace transport
 		
 	void NTCPSession::HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred)
 	{
-		if (ecode)
-        {
-			LogPrint (eLogInfo, "NTCP: Read error: ", ecode.message ());
-			if (!m_NumReceivedBytes) m_Server.Ban (m_ConnectedFrom);
+		if (ecode) {
+			if (ecode != boost::asio::error::operation_aborted)
+				LogPrint (eLogDebug, "NTCP: Read error: ", ecode.message ());
+			if (!m_NumReceivedBytes)
+				m_Server.Ban (m_ConnectedFrom);
 			//if (ecode != boost::asio::error::operation_aborted)
-				Terminate ();
+			Terminate ();
 		}
 		else
 		{
@@ -645,8 +649,11 @@ namespace transport
 		}	
 		int rem = (len + 6) & 0x0F; // %16
 		int padding = 0;
-		if (rem > 0) padding = 16 - rem;
-		// TODO: fill padding 
+		if (rem > 0) {
+			padding = 16 - rem;
+			// fill with random padding
+			RAND_bytes(sendBuffer + len + 2, padding);
+		}
 		htobe32buf (sendBuffer + len + 2 + padding, adler32 (adler32 (0, Z_NULL, 0), sendBuffer, len + 2+ padding));
 
 		int l = len + padding + 6;
@@ -659,7 +666,7 @@ namespace transport
 	{
 		m_IsSending = true;
 		std::vector<boost::asio::const_buffer> bufs;
-		for (auto it: msgs)
+		for (const auto& it: msgs)
 			bufs.push_back (CreateMsgBuffer (it));
 		boost::asio::async_write (m_Socket, bufs, boost::asio::transfer_all (),                      
         	std::bind(&NTCPSession::HandleSent, shared_from_this (), std::placeholders::_1, std::placeholders::_2, msgs));
@@ -667,6 +674,7 @@ namespace transport
 		
 	void NTCPSession::HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, std::vector<std::shared_ptr<I2NPMessage> > msgs)
 	{
+		(void) msgs;
 		m_IsSending = false;
 		if (ecode)
         {
@@ -706,8 +714,16 @@ namespace transport
 		if (m_IsTerminated) return;
 		if (m_IsSending)
 		{
-			for (auto it: msgs)
-				m_SendQueue.push_back (it);
+			if (m_SendQueue.size () < NTCP_MAX_OUTGOING_QUEUE_SIZE)	
+			{
+				for (const auto& it: msgs)
+					m_SendQueue.push_back (it);
+			}
+			else
+			{
+				LogPrint (eLogWarning, "NTCP: outgoing messages queue size exceeds ", NTCP_MAX_OUTGOING_QUEUE_SIZE);
+				Terminate ();
+			}	
 		}	
 		else	
 			Send (msgs);
@@ -716,7 +732,7 @@ namespace transport
 	void NTCPSession::ScheduleTermination ()
 	{
 		m_TerminationTimer.cancel ();
-		m_TerminationTimer.expires_from_now (boost::posix_time::seconds(NTCP_TERMINATION_TIMEOUT));
+		m_TerminationTimer.expires_from_now (boost::posix_time::seconds(GetTerminationTimeout ()));
 		m_TerminationTimer.async_wait (std::bind (&NTCPSession::HandleTerminationTimer,
 			shared_from_this (), std::placeholders::_1));
 	}
@@ -725,7 +741,7 @@ namespace transport
 	{
 		if (ecode != boost::asio::error::operation_aborted)
 		{	
-			LogPrint (eLogWarning, "NTCP: No activity fo ", NTCP_TERMINATION_TIMEOUT, " seconds");
+			LogPrint (eLogDebug, "NTCP: No activity for ", GetTerminationTimeout (), " seconds");
 			//Terminate ();
 			m_Socket.close ();// invoke Terminate () from HandleReceive 
 		}	
@@ -750,33 +766,49 @@ namespace transport
 			m_IsRunning = true;
 			m_Thread = new std::thread (std::bind (&NTCPServer::Run, this));
 			// create acceptors
-			auto addresses = context.GetRouterInfo ().GetAddresses ();
-			for (auto& address : addresses)
+			auto& addresses = context.GetRouterInfo ().GetAddresses ();
+			for (const auto& address: addresses)
 			{
-				if (address.transportStyle == i2p::data::RouterInfo::eTransportNTCP && address.host.is_v4 ())
-				{	
-					m_NTCPAcceptor = new boost::asio::ip::tcp::acceptor (m_Service,
-						boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v4(), address.port));
-
-					LogPrint (eLogInfo, "NTCP: Start listening TCP port ", address.port);
-					auto conn = std::make_shared<NTCPSession>(*this);
-					m_NTCPAcceptor->async_accept(conn->GetSocket (), std::bind (&NTCPServer::HandleAccept, this, 
-						conn, std::placeholders::_1));	
-				
-					if (context.SupportsV6 ())
+				if (address->transportStyle == i2p::data::RouterInfo::eTransportNTCP)
+				{
+					if (address->host.is_v4())
 					{
-						m_NTCPV6Acceptor = new boost::asio::ip::tcp::acceptor (m_Service);
-						m_NTCPV6Acceptor->open (boost::asio::ip::tcp::v6());
-						m_NTCPV6Acceptor->set_option (boost::asio::ip::v6_only (true));
-						m_NTCPV6Acceptor->bind (boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v6(), address.port));
-						m_NTCPV6Acceptor->listen ();
-
-						LogPrint (eLogInfo, "NTCP: Start listening V6 TCP port ", address.port);
-						auto conn = std::make_shared<NTCPSession> (*this);
-						m_NTCPV6Acceptor->async_accept(conn->GetSocket (), std::bind (&NTCPServer::HandleAcceptV6,
-							this, conn, std::placeholders::_1));
+						try
+						{
+							m_NTCPAcceptor = new boost::asio::ip::tcp::acceptor (m_Service,
+								boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v4(), address->port));
+						} catch ( std::exception & ex ) {
+							/** fail to bind ip4 */
+							LogPrint(eLogError, "NTCP: Failed to bind to ip4 port ",address->port, ex.what());
+							continue;
+						}
+						
+						LogPrint (eLogInfo, "NTCP: Start listening TCP port ", address->port);
+						auto conn = std::make_shared<NTCPSession>(*this);
+						m_NTCPAcceptor->async_accept(conn->GetSocket (), std::bind (&NTCPServer::HandleAccept, this, 
+							conn, std::placeholders::_1));	
+					}
+					else if (address->host.is_v6() && context.SupportsV6 ())
+					{
+						m_NTCPV6Acceptor = new boost::asio::ip::tcp::acceptor (m_Service);							
+						try
+						{
+							m_NTCPV6Acceptor->open (boost::asio::ip::tcp::v6());
+							m_NTCPV6Acceptor->set_option (boost::asio::ip::v6_only (true));
+							
+							m_NTCPV6Acceptor->bind (boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v6(), address->port));
+							m_NTCPV6Acceptor->listen ();
+							
+							LogPrint (eLogInfo, "NTCP: Start listening V6 TCP port ", address->port);
+							auto conn = std::make_shared<NTCPSession> (*this);
+							m_NTCPV6Acceptor->async_accept(conn->GetSocket (), std::bind (&NTCPServer::HandleAcceptV6,
+								this, conn, std::placeholders::_1));
+						} catch ( std::exception & ex ) {
+							LogPrint(eLogError, "NTCP: failed to bind to ip6 port ", address->port);
+							continue;
+						}
 					}	
-				}	
+				}
 			}	
 		}	
 	}
@@ -788,9 +820,11 @@ namespace transport
 		if (m_IsRunning)
 		{	
 			m_IsRunning = false;
-			delete m_NTCPAcceptor;
+      if (m_NTCPAcceptor)
+        delete m_NTCPAcceptor;
 			m_NTCPAcceptor = nullptr;
-			delete m_NTCPV6Acceptor;
+      if (m_NTCPV6Acceptor)
+        delete m_NTCPV6Acceptor;
 			m_NTCPV6Acceptor = nullptr;
 
 			m_Service.stop ();
@@ -935,7 +969,7 @@ namespace transport
 	{
 		if (ecode)
         {
-			LogPrint (eLogError, "NTCP: Connect error: ", ecode.message ());
+			LogPrint (eLogError, "NTCP: Can't connect to ", conn->GetSocket ().remote_endpoint (), ": ", ecode.message ());
 			if (ecode != boost::asio::error::operation_aborted)
 				i2p::data::netdb.SetUnreachable (conn->GetRemoteIdentity ()->GetIdentHash (), true);
 			conn->Terminate ();

NTCPSession.h

@@ -40,6 +40,7 @@ namespace transport
 	const size_t NTCP_DEFAULT_PHASE3_SIZE = 2/*size*/ + i2p::data::DEFAULT_IDENTITY_SIZE/*387*/ + 4/*ts*/ + 15/*padding*/ + 40/*signature*/; // 448 	
 	const int NTCP_BAN_EXPIRATION_TIMEOUT = 70; // in second
 	const int NTCP_CLOCK_SKEW = 60; // in seconds 
+	const int NTCP_MAX_OUTGOING_QUEUE_SIZE = 200; // how many messages we can queue up
 
 	class NTCPServer;
 	class NTCPSession: public TransportSession, public std::enable_shared_from_this<NTCPSession>
@@ -144,7 +145,10 @@ namespace transport
 			void RemoveNTCPSession (std::shared_ptr<NTCPSession> session);
 			std::shared_ptr<NTCPSession> FindNTCPSession (const i2p::data::IdentHash& ident);
 			void Connect (const boost::asio::ip::address& address, int port, std::shared_ptr<NTCPSession> conn);
-			
+
+      bool IsBoundV4() const { return m_NTCPAcceptor != nullptr; };
+      bool IsBoundV6() const { return m_NTCPV6Acceptor != nullptr; };
+      
 			boost::asio::io_service& GetService () { return m_Service; };
 			void Ban (const boost::asio::ip::address& addr);			
 

NetDb.cpp

@@ -1,11 +1,11 @@
 #include <string.h>
-#include "I2PEndian.h"
 #include <fstream>
 #include <vector>
 #include <boost/asio.hpp>
-#include <openssl/rand.h>
-#include <zlib.h>
+
+#include "I2PEndian.h"
 #include "Base.h"
+#include "Crypto.h"
 #include "Log.h"
 #include "Timestamp.h"
 #include "I2NPProtocol.h"
@@ -14,7 +14,6 @@
 #include "RouterContext.h"
 #include "Garlic.h"
 #include "NetDb.h"
-#include "util.h"
 
 using namespace i2p::transport;
 
@@ -22,10 +21,9 @@ namespace i2p
 {
 namespace data
 {		
-	const char NetDb::m_NetDbPath[] = "netDb";
 	NetDb netdb;
 
-	NetDb::NetDb (): m_IsRunning (false), m_Thread (nullptr), m_Reseeder (nullptr)
+	NetDb::NetDb (): m_IsRunning (false), m_Thread (nullptr), m_Reseeder (nullptr), m_Storage("netDb", "r", "routerInfo-", "dat"), m_HiddenMode(false)
 	{
 	}
 	
@@ -37,6 +35,10 @@ namespace data
 
 	void NetDb::Start ()
 	{	
+		m_Storage.SetPlace(i2p::fs::GetDataDir());
+		m_Storage.Init(i2p::data::GetBase64SubstitutionTable(), 64);
+		InitProfilesStorage ();
+		m_Families.LoadCertificates ();	
 		Load ();
 		if (m_RouterInfos.size () < 25) // reseed if # of router less than 50
 			Reseed ();
@@ -49,7 +51,7 @@ namespace data
 	{
 		if (m_IsRunning)
 		{	
-			for (auto it: m_RouterInfos)
+			for (auto& it: m_RouterInfos)
 				it.second->SaveProfile ();
 			DeleteObsoleteProfiles ();
 			m_RouterInfos.clear ();
@@ -64,12 +66,12 @@ namespace data
 			}
 			m_LeaseSets.clear();
 			m_Requests.Stop ();
-		}	
+		}
 	}	
 	
 	void NetDb::Run ()
 	{
-		uint32_t lastSave = 0, lastPublish = 0, lastExploratory = 0, lastManageRequest = 0;
+		uint32_t lastSave = 0, lastPublish = 0, lastExploratory = 0, lastManageRequest = 0, lastDestinationCleanup = 0;
 		while (m_IsRunning)
 		{	
 			try
@@ -115,10 +117,19 @@ namespace data
 					{
 						SaveUpdated ();
 						ManageLeaseSets ();
+						ManageLookupResponses ();
 					}	
 					lastSave = ts;
-				}	
-				if (ts - lastPublish >= 2400) // publish every 40 minutes
+				}
+				if (ts - lastDestinationCleanup >= i2p::garlic::INCOMING_TAGS_EXPIRATION_TIMEOUT) 
+				{
+					i2p::context.CleanupDestination ();
+					lastDestinationCleanup = ts;
+				}
+        // if we're in hidden mode don't publish or explore
+				// if (m_HiddenMode) continue;
+				
+				if (ts - lastPublish >= NETDB_PUBLISH_INTERVAL) // publish 
 				{
 					Publish ();
 					lastPublish = ts;
@@ -149,22 +160,34 @@ namespace data
 		}	
 	}	
 	
-	void NetDb::AddRouterInfo (const uint8_t * buf, int len)
+	bool NetDb::AddRouterInfo (const uint8_t * buf, int len)
 	{
 		IdentityEx identity;
 		if (identity.FromBuffer (buf, len))
-			AddRouterInfo (identity.GetIdentHash (), buf, len);	
+			return AddRouterInfo (identity.GetIdentHash (), buf, len);	
+		return false;
 	}
 
-	void NetDb::AddRouterInfo (const IdentHash& ident, const uint8_t * buf, int len)
+  void NetDb::SetHidden(bool hide) {
+    // TODO: remove reachable addresses from router info
+    m_HiddenMode = hide;
+  }
+  
+	bool NetDb::AddRouterInfo (const IdentHash& ident, const uint8_t * buf, int len)
 	{	
+		bool updated = true;	
 		auto r = FindRouter (ident);
 		if (r)
 		{
-			auto ts = r->GetTimestamp ();
-			r->Update (buf, len);
-			if (r->GetTimestamp () > ts)
+			if (r->IsNewer (buf, len))
+			{
+				r->Update (buf, len);
 				LogPrint (eLogInfo, "NetDb: RouterInfo updated: ", ident.ToBase64());
+				// TODO: check if floodfill has been changed
+			}
+			else
+				LogPrint (eLogDebug, "NetDb: RouterInfo is older: ", ident.ToBase64());
+			
 		}	
 		else	
 		{	
@@ -176,46 +199,61 @@ namespace data
 					std::unique_lock<std::mutex> l(m_RouterInfosMutex);
 					m_RouterInfos[r->GetIdentHash ()] = r;
 				}
-				if (r->IsFloodfill ())
+				if (r->IsFloodfill () && r->IsReachable ()) // floodfill must be reachable
 				{
 					std::unique_lock<std::mutex> l(m_FloodfillsMutex);
 					m_Floodfills.push_back (r);
 				}
 			}	
+			else
+				updated = false;
 		}	
 		// take care about requested destination
 		m_Requests.RequestComplete (ident, r);
+		return updated;
 	}	
 
-	void NetDb::AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len,
+	bool NetDb::AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len,
 		std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
+		std::unique_lock<std::mutex> lock(m_LeaseSetsMutex);
+		bool updated = false;
 		if (!from) // unsolicited LS must be received directly
 		{	
 			auto it = m_LeaseSets.find(ident);
 			if (it != m_LeaseSets.end ())
 			{
-				it->second->Update (buf, len); 
-				if (it->second->IsValid ())
-					LogPrint (eLogInfo, "NetDb: LeaseSet updated: ", ident.ToBase64());
-				else
+				if (it->second->IsNewer (buf, len))
 				{
-					LogPrint (eLogWarning, "NetDb: LeaseSet update failed: ", ident.ToBase64());
-					m_LeaseSets.erase (it);
-				}	
+					it->second->Update (buf, len); 
+					if (it->second->IsValid ())
+					{
+						LogPrint (eLogInfo, "NetDb: LeaseSet updated: ", ident.ToBase32());
+						updated = true;	
+					}
+					else
+					{
+						LogPrint (eLogWarning, "NetDb: LeaseSet update failed: ", ident.ToBase32());
+						m_LeaseSets.erase (it);
+					}	
+				}
+				else
+					LogPrint (eLogDebug, "NetDb: LeaseSet is older: ", ident.ToBase32());
 			}
 			else
 			{	
-				auto leaseSet = std::make_shared<LeaseSet> (buf, len);
+				auto leaseSet = std::make_shared<LeaseSet> (buf, len, false); // we don't need leases in netdb 
 				if (leaseSet->IsValid ())
 				{
-					LogPrint (eLogInfo, "NetDb: LeaseSet added: ", ident.ToBase64());
+					LogPrint (eLogInfo, "NetDb: LeaseSet added: ", ident.ToBase32());
 					m_LeaseSets[ident] = leaseSet;
+					updated = true;
 				}
 				else
-					LogPrint (eLogError, "NetDb: new LeaseSet validation failed: ", ident.ToBase64());
+					LogPrint (eLogError, "NetDb: new LeaseSet validation failed: ", ident.ToBase32());
 			}	
 		}	
+		return updated;
 	}	
 
 	std::shared_ptr<RouterInfo> NetDb::FindRouter (const IdentHash& ident) const
@@ -230,6 +268,7 @@ namespace data
 
 	std::shared_ptr<LeaseSet> NetDb::FindLeaseSet (const IdentHash& destination) const
 	{
+		std::unique_lock<std::mutex> lock(m_LeaseSetsMutex);
 		auto it = m_LeaseSets.find (destination);
 		if (it != m_LeaseSets.end ())
 			return it->second;
@@ -250,30 +289,6 @@ namespace data
 			return it->second->SetUnreachable (unreachable);
 	}
 
-	// TODO: Move to reseed and/or scheduled tasks. (In java version, scheduler fix this as well as sort RIs.)
-	bool NetDb::CreateNetDb(boost::filesystem::path directory)
-	{
-		LogPrint (eLogInfo, "NetDb: storage directory doesn't exist, trying to create it.");
-		if (!boost::filesystem::create_directory (directory))
-		{
-			LogPrint (eLogError, "NetDb: failed to create directory ", directory);
-			return false;
-		}
-
-		// list of chars might appear in base64 string
-		const char * chars = GetBase64SubstitutionTable (); // 64 bytes
-		for (int i = 0; i < 64; i++)
-		{
-			auto p = directory / (std::string ("r") + chars[i]);
-			if (!boost::filesystem::exists (p) && !boost::filesystem::create_directory (p)) 
-			{
-				LogPrint (eLogError, "NetDb: failed to create directory ", p);
-				return false;
-			}
-		}
-		return true;
-	}
-
 	void NetDb::Reseed ()
 	{
 		if (!m_Reseeder)
@@ -288,145 +303,120 @@ namespace data
 			LogPrint (eLogWarning, "NetDb: failed to reseed after 10 attempts");
 	}
 
+	bool NetDb::LoadRouterInfo (const std::string & path)
+	{
+		auto r = std::make_shared<RouterInfo>(path);
+		if (r->GetRouterIdentity () && !r->IsUnreachable () &&
+				(!r->UsesIntroducer () || m_LastLoad < r->GetTimestamp () + NETDB_INTRODUCEE_EXPIRATION_TIMEOUT*1000LL)) // 1 hour
+		{
+			r->DeleteBuffer ();
+			r->ClearProperties (); // properties are not used for regular routers
+			m_RouterInfos[r->GetIdentHash ()] = r;
+			if (r->IsFloodfill () && r->IsReachable ()) // floodfill must be reachable
+				m_Floodfills.push_back (r);
+		}	
+		else 
+		{
+			LogPrint(eLogWarning, "NetDb: RI from ", path, " is invalid. Delete");
+			i2p::fs::Remove(path);
+		}
+		return true;
+	}
+
+	void NetDb::VisitLeaseSets(LeaseSetVisitor v)
+	{
+		std::unique_lock<std::mutex> lock(m_LeaseSetsMutex);
+		for ( auto & entry : m_LeaseSets)
+			v(entry.first, entry.second);
+	}
+	
 	void NetDb::Load ()
 	{
-		boost::filesystem::path p(i2p::util::filesystem::GetDataDir() / m_NetDbPath);
-		if (!boost::filesystem::exists (p))
-		{
-			// seems netDb doesn't exist yet
-			if (!CreateNetDb(p)) return;
-		}
 		// make sure we cleanup netDb from previous attempts
 		m_RouterInfos.clear ();	
 		m_Floodfills.clear ();	
 
-		// load routers now
-		uint64_t ts = i2p::util::GetMillisecondsSinceEpoch ();	
-		int numRouters = 0;
-		boost::filesystem::directory_iterator end;
-		for (boost::filesystem::directory_iterator it (p); it != end; ++it)
-		{
-			if (boost::filesystem::is_directory (it->status()))
-			{
-				for (boost::filesystem::directory_iterator it1 (it->path ()); it1 != end; ++it1)
-				{
-#if BOOST_VERSION > 10500
-					const std::string& fullPath = it1->path().string();
-#else
-					const std::string& fullPath = it1->path();
-#endif
-					auto r = std::make_shared<RouterInfo>(fullPath);
-					if (!r->IsUnreachable () && (!r->UsesIntroducer () || ts < r->GetTimestamp () + 3600*1000LL)) // 1 hour
-					{	
-						r->DeleteBuffer ();
-						r->ClearProperties (); // properties are not used for regular routers
-						m_RouterInfos[r->GetIdentHash ()] = r;
-						if (r->IsFloodfill ())
-							m_Floodfills.push_back (r);
-						numRouters++;
-					}	
-					else
-					{	
-						if (boost::filesystem::exists (fullPath))  
-							boost::filesystem::remove (fullPath);
-					}	
-				}	
-			}	
-		}
-		LogPrint (eLogInfo, "NetDb: ", numRouters, " routers loaded (", m_Floodfills.size (), " floodfils)");
+		m_LastLoad = i2p::util::GetSecondsSinceEpoch();
+		std::vector<std::string> files;
+		m_Storage.Traverse(files);
+		for (const auto& path : files)
+			LoadRouterInfo(path);
+
+		LogPrint (eLogInfo, "NetDb: ", m_RouterInfos.size(), " routers loaded (", m_Floodfills.size (), " floodfils)");
 	}	
 
 	void NetDb::SaveUpdated ()
 	{	
-		auto GetFilePath = [](const boost::filesystem::path& directory, const RouterInfo * routerInfo)
-		{
-			std::string s(routerInfo->GetIdentHashBase64());
-			return directory / (std::string("r") + s[0]) / ("routerInfo-" + s + ".dat");
-		};	
-
-		boost::filesystem::path fullDirectory (i2p::util::filesystem::GetDataDir() / m_NetDbPath);
-		int count = 0, deletedCount = 0;
+		int updatedCount = 0, deletedCount = 0;
 		auto total = m_RouterInfos.size ();
-		uint64_t ts = i2p::util::GetMillisecondsSinceEpoch ();
-		for (auto it: m_RouterInfos)
+		uint64_t expirationTimeout = NETDB_MAX_EXPIRATION_TIMEOUT*1000LL; 
+		uint64_t ts = i2p::util::GetMillisecondsSinceEpoch();
+		// routers don't expire if less than 90 or uptime is less than 1 hour	
+		bool checkForExpiration = total > NETDB_MIN_ROUTERS && ts > (i2p::context.GetStartupTime () + 600)*1000LL; // 10 minutes	
+		if (checkForExpiration && ts > (i2p::context.GetStartupTime () + 3600)*1000LL) // 1 hour			
+			expirationTimeout = i2p::context.IsFloodfill () ? NETDB_FLOODFILL_EXPIRATION_TIMEOUT*1000LL :
+					NETDB_MIN_EXPIRATION_TIMEOUT*1000LL + (NETDB_MAX_EXPIRATION_TIMEOUT - NETDB_MIN_EXPIRATION_TIMEOUT)*1000LL*NETDB_MIN_ROUTERS/total;	
+
+		for (auto& it: m_RouterInfos)
 		{	
-			if (it.second->IsUpdated ())
+			std::string ident = it.second->GetIdentHashBase64();
+			std::string path  = m_Storage.Path(ident);
+			if (it.second->IsUpdated ()) 
 			{
-				std::string f = GetFilePath(fullDirectory, it.second.get()).string();
-				it.second->SaveToFile (f);
+				it.second->SaveToFile (path);
 				it.second->SetUpdated (false);
 				it.second->SetUnreachable (false);
 				it.second->DeleteBuffer ();
-				count++;
+				updatedCount++;
+				continue;
 			}
-			else 
+			// find & mark expired routers
+			if (it.second->UsesIntroducer ())
 			{
+				 if (ts > it.second->GetTimestamp () + NETDB_INTRODUCEE_EXPIRATION_TIMEOUT*1000LL) 
 				// RouterInfo expires after 1 hour if uses introducer
-				if (it.second->UsesIntroducer () && ts > it.second->GetTimestamp () + 3600*1000LL) // 1 hour
 					it.second->SetUnreachable (true);
-				else if (total > 75 && ts > (i2p::context.GetStartupTime () + 600)*1000LL) // routers don't expire if less than 25 or uptime is less than 10 minutes
-				{
-					if (i2p::context.IsFloodfill ())
-					{
-						if (ts > it.second->GetTimestamp () + 3600*1000LL) // 1 hours
-						{	
-							it.second->SetUnreachable (true);
-							total--;
-						}	
-					}
-					else if (total > 300)
-					{
-						if (ts > it.second->GetTimestamp () + 30*3600*1000LL) // 30 hours
-						{	
-							it.second->SetUnreachable (true);
-							total--;
-						}	
-					}
-					else if (total > 120)
-					{
-						if (ts > it.second->GetTimestamp () + 72*3600*1000LL) // 72 hours
-						{	
-							it.second->SetUnreachable (true);
-							total--;
-						}	
-					}
-				}
-				
-				if (it.second->IsUnreachable ())
-				{	
-					total--;
-					// delete RI file
-					if (boost::filesystem::exists (GetFilePath (fullDirectory, it.second.get ())))
-					{    
-						boost::filesystem::remove (GetFilePath (fullDirectory, it.second.get ()));
-						deletedCount++;
-					}	
-					// delete from floodfills list
-					if (it.second->IsFloodfill ())
-					{
-						std::unique_lock<std::mutex> l(m_FloodfillsMutex);
-						m_Floodfills.remove (it.second);
-					}
-				}
-			}	
-		}	
-		if (count > 0)
-			LogPrint (eLogInfo, "NetDb: ", count, " new/updated routers saved");
+			}
+			else if (checkForExpiration && ts > it.second->GetTimestamp () + expirationTimeout) 
+					it.second->SetUnreachable (true);
+
+			if (it.second->IsUnreachable ()) 
+			{
+				// delete RI file
+				m_Storage.Remove(ident);
+				deletedCount++;
+				if (total - deletedCount < NETDB_MIN_ROUTERS) checkForExpiration = false;
+			}
+		} // m_RouterInfos iteration
+		
+		if (updatedCount > 0)
+			LogPrint (eLogInfo, "NetDb: saved ", updatedCount, " new/updated routers");
 		if (deletedCount > 0)
 		{
-			LogPrint (eLogDebug, "NetDb: ", deletedCount, " routers deleted");
+			LogPrint (eLogInfo, "NetDb: deleting ", deletedCount, " unreachable routers");
 			// clean up RouterInfos table
-			std::unique_lock<std::mutex> l(m_RouterInfosMutex);
-			for (auto it = m_RouterInfos.begin (); it != m_RouterInfos.end ();)
 			{
-				if (it->second->IsUnreachable ())
-				{	
-					it->second->SaveProfile ();
-					it = m_RouterInfos.erase (it);
-				}	
-				else
-					it++;
-			}
+				std::unique_lock<std::mutex> l(m_RouterInfosMutex);
+				for (auto it = m_RouterInfos.begin (); it != m_RouterInfos.end ();)
+				{
+					if (it->second->IsUnreachable ()) 
+					{
+						it->second->SaveProfile ();
+						it = m_RouterInfos.erase (it);
+						continue;
+					}	
+					++it;
+				}
+			}	
+			// clean up expired floodfiils
+			{
+				std::unique_lock<std::mutex> l(m_FloodfillsMutex);
+				for (auto it = m_Floodfills.begin (); it != m_Floodfills.end ();)
+					if ((*it)->IsUnreachable ())
+						it = m_Floodfills.erase (it);
+					else
+						++it;
+			}	
 		}
 	}
 
@@ -478,37 +468,20 @@ namespace data
 					LogPrint (eLogError, "NetDb: no outbound tunnels for DatabaseStore reply found");
 			}		
 			offset += 32;
-
-			if (context.IsFloodfill ())
-			{
-				// flood it
-				auto floodMsg = NewI2NPShortMessage ();
-				uint8_t * payload = floodMsg->GetPayload ();		
-				memcpy (payload, buf, 33); // key + type
-				htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, 0); // zero reply token
-				auto msgLen = len - offset;
-				floodMsg->len += DATABASE_STORE_HEADER_SIZE + msgLen;
-				if (floodMsg->len < floodMsg->maxLen)
-				{	
-					memcpy (payload + DATABASE_STORE_HEADER_SIZE, buf + offset, msgLen);
-					floodMsg->FillI2NPMessageHeader (eI2NPDatabaseStore); 
-					std::set<IdentHash> excluded;
-					for (int i = 0; i < 3; i++)
-					{
-						auto floodfill = GetClosestFloodfill (ident, excluded);
-						if (floodfill)
-							transports.SendMessage (floodfill->GetIdentHash (), floodMsg);
-					}	
-				}	
-				else
-					LogPrint (eLogError, "Database store message is too long ", floodMsg->len);
-			}	
 		}
-		
+		// we must send reply back before this check	
+		if (ident == i2p::context.GetIdentHash ())
+		{
+			LogPrint (eLogError, "NetDb: database store with own RouterInfo received, dropped");
+			return;
+		}
+		size_t payloadOffset = offset;		
+
+		bool updated = false;
 		if (buf[DATABASE_STORE_TYPE_OFFSET]) // type
 		{
-			LogPrint (eLogDebug, "NetDb: store request: LeaseSet");
-			AddLeaseSet (ident, buf + offset, len - offset, m->from);
+			LogPrint (eLogDebug, "NetDb: store request: LeaseSet for ", ident.ToBase32());
+			updated = AddLeaseSet (ident, buf + offset, len - offset, m->from);
 		}	
 		else
 		{
@@ -523,8 +496,42 @@ namespace data
 			uint8_t uncompressed[2048];
 			size_t uncompressedSize = m_Inflator.Inflate (buf + offset, size, uncompressed, 2048);
 			if (uncompressedSize)
-				AddRouterInfo (ident, uncompressed, uncompressedSize);
+				updated = AddRouterInfo (ident, uncompressed, uncompressedSize);
 		}	
+
+		if (replyToken && context.IsFloodfill () && updated)
+		{
+			// flood updated
+			auto floodMsg = NewI2NPShortMessage ();
+			uint8_t * payload = floodMsg->GetPayload ();		
+			memcpy (payload, buf, 33); // key + type
+			htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, 0); // zero reply token
+			size_t msgLen = len - payloadOffset;
+			floodMsg->len += DATABASE_STORE_HEADER_SIZE + msgLen;
+			if (floodMsg->len < floodMsg->maxLen)
+			{	
+				memcpy (payload + DATABASE_STORE_HEADER_SIZE, buf + payloadOffset, msgLen);
+				floodMsg->FillI2NPMessageHeader (eI2NPDatabaseStore); 
+				std::set<IdentHash> excluded;
+				excluded.insert (i2p::context.GetIdentHash ()); // don't flood to itself
+				excluded.insert (ident); // don't flood back
+ 				for (int i = 0; i < 3; i++)
+				{
+					auto floodfill = GetClosestFloodfill (ident, excluded);
+					if (floodfill)
+					{
+						auto h = floodfill->GetIdentHash();
+						LogPrint(eLogDebug, "NetDb: Flood lease set for ", ident.ToBase32(), " to ", h.ToBase64());
+						transports.SendMessage (h, CopyI2NPMessage(floodMsg));
+						excluded.insert (h);
+					}
+					else
+						break;
+				}	
+			}	
+			else
+				LogPrint (eLogError, "NetDb: Database store message is too long ", floodMsg->len);
+		}	 
 	}	
 
 	void NetDb::HandleDatabaseSearchReplyMsg (std::shared_ptr<const I2NPMessage> msg)
@@ -628,14 +635,18 @@ namespace data
 		char key[48];
 		int l = i2p::data::ByteStreamToBase64 (buf, 32, key, 48);
 		key[l] = 0;
+
+		IdentHash replyIdent(buf + 32);
 		uint8_t flag = buf[64];
+
+				
 		LogPrint (eLogDebug, "NetDb: DatabaseLookup for ", key, " recieved flags=", (int)flag);
 		uint8_t lookupType = flag & DATABASE_LOOKUP_TYPE_FLAGS_MASK;
 		const uint8_t * excluded = buf + 65;		
 		uint32_t replyTunnelID = 0;
 		if (flag & DATABASE_LOOKUP_DELIVERY_FLAG) //reply to tunnel
 		{
-			replyTunnelID = bufbe32toh (buf + 64);
+			replyTunnelID = bufbe32toh (excluded);
 			excluded += 4;
 		}
 		uint16_t numExcluded = bufbe16toh (excluded);	
@@ -643,7 +654,7 @@ namespace data
 		if (numExcluded > 512)
 		{
 			LogPrint (eLogWarning, "NetDb: number of excluded peers", numExcluded, " exceeds 512");
-			numExcluded = 0; // TODO:
+			return;
 		} 
 		
 		std::shared_ptr<I2NPMessage> replyMsg;
@@ -687,7 +698,12 @@ namespace data
 			    lookupType == DATABASE_LOOKUP_TYPE_NORMAL_LOOKUP))
 			{
 				auto leaseSet = FindLeaseSet (ident);
-				if (leaseSet) // we don't send back our LeaseSets
+				if (!leaseSet)
+				{
+					// no lease set found
+					LogPrint(eLogDebug, "NetDb: requested LeaseSet not found for ", ident.ToBase32());
+				}
+				else if (!leaseSet->IsExpired ()) // we don't send back our LeaseSets
 				{
 					LogPrint (eLogDebug, "NetDb: requested LeaseSet ", key, " found");
 					replyMsg = CreateDatabaseStoreMsg (leaseSet);
@@ -696,42 +712,64 @@ namespace data
 			
 			if (!replyMsg)
 			{
-				LogPrint (eLogWarning, "NetDb: Requested ", key, " not found. ", numExcluded, " excluded");
-				std::set<IdentHash> excludedRouters;	
-				for (int i = 0; i < numExcluded; i++)
-				{
-					excludedRouters.insert (excluded);
-					excluded += 32;
+				LogPrint (eLogWarning, "NetDb: Requested ", key, " not found, ", numExcluded, " peers excluded");
+				// find or cleate response
+				std::vector<IdentHash> closestFloodfills;
+				bool found = false;
+				if (!numExcluded)
+				{	
+					auto it = m_LookupResponses.find (ident);
+					if (it != m_LookupResponses.end ())
+					{
+						closestFloodfills = it->second.first;
+						found = true;
+					}
+				}	
+				if (!found)
+				{				
+					std::set<IdentHash> excludedRouters;
+					const uint8_t * exclude_ident = excluded;
+					for (int i = 0; i < numExcluded; i++)
+					{
+						excludedRouters.insert (exclude_ident);
+						exclude_ident += 32;
+					}
+					closestFloodfills = GetClosestFloodfills (ident, 3, excludedRouters, true);
+					if (!numExcluded) // save if no excluded
+						m_LookupResponses[ident] = std::make_pair(closestFloodfills, i2p::util::GetSecondsSinceEpoch ());
 				}
-				replyMsg = CreateDatabaseSearchReply (ident, GetClosestFloodfills (ident, 3, excludedRouters));
-			}
+				replyMsg = CreateDatabaseSearchReply (ident, closestFloodfills);
+    		}
 		}
-		
+		excluded += numExcluded * 32;	
 		if (replyMsg)
 		{	
 			if (replyTunnelID)
 			{
 				// encryption might be used though tunnel only
-				if (flag & DATABASE_LOOKUP_ENCYPTION_FLAG) // encrypted reply requested
+				if (flag & DATABASE_LOOKUP_ENCRYPTION_FLAG) // encrypted reply requested
 				{
 					const uint8_t * sessionKey = excluded;
-					uint8_t numTags = sessionKey[32];
-					if (numTags > 0) 
+					const uint8_t numTags = excluded[32];
+					if (numTags)
 					{
-						const uint8_t * sessionTag = sessionKey + 33; // take first tag
+						const i2p::garlic::SessionTag sessionTag(excluded + 33); // take first tag
 						i2p::garlic::GarlicRoutingSession garlic (sessionKey, sessionTag);
 						replyMsg = garlic.WrapSingleMessage (replyMsg);
+						if(replyMsg == nullptr) LogPrint(eLogError, "NetDb: failed to wrap message");
 					}
+					else
+						LogPrint(eLogWarning, "NetDb: encrypted reply requested but no tags provided");
 				}	
 				auto exploratoryPool = i2p::tunnel::tunnels.GetExploratoryPool ();
 				auto outbound = exploratoryPool ? exploratoryPool->GetNextOutboundTunnel () : nullptr;
 				if (outbound)
-					outbound->SendTunnelDataMsg (buf+32, replyTunnelID, replyMsg);
+					outbound->SendTunnelDataMsg (replyIdent, replyTunnelID, replyMsg);
 				else
-					transports.SendMessage (buf+32, i2p::CreateTunnelGatewayMsg (replyTunnelID, replyMsg));
+					transports.SendMessage (replyIdent, i2p::CreateTunnelGatewayMsg (replyTunnelID, replyMsg));
 			}
 			else
-				transports.SendMessage (buf+32, replyMsg);
+				transports.SendMessage (replyIdent, replyMsg);
 		}
 	}	
 
@@ -856,13 +894,14 @@ namespace data
 	template<typename Filter>
 	std::shared_ptr<const RouterInfo> NetDb::GetRandomRouter (Filter filter) const
 	{
-		if (!m_RouterInfos.size ()) return 0;
-		uint32_t ind = rand () % m_RouterInfos.size ();	
+		if (m_RouterInfos.empty())
+			return 0;
+		uint32_t ind = rand () % m_RouterInfos.size ();
 		for (int j = 0; j < 2; j++)
 		{	
 			uint32_t i = 0;
 			std::unique_lock<std::mutex> l(m_RouterInfosMutex);
-			for (auto it: m_RouterInfos)
+			for (const auto& it: m_RouterInfos)
 			{	
 				if (i >= ind)
 				{	
@@ -884,14 +923,17 @@ namespace data
 	}	
 
 	std::shared_ptr<const RouterInfo> NetDb::GetClosestFloodfill (const IdentHash& destination, 
-		const std::set<IdentHash>& excluded) const
+		const std::set<IdentHash>& excluded, bool closeThanUsOnly) const
 	{
 		std::shared_ptr<const RouterInfo> r;
 		XORMetric minMetric;
 		IdentHash destKey = CreateRoutingKey (destination);
-		minMetric.SetMax ();
+		if (closeThanUsOnly)
+			minMetric = destKey ^ i2p::context.GetIdentHash ();
+		else	
+			minMetric.SetMax ();
 		std::unique_lock<std::mutex> l(m_FloodfillsMutex);
-		for (auto it: m_Floodfills)
+		for (const auto& it: m_Floodfills)
 		{	
 			if (!it->IsUnreachable ())
 			{	
@@ -907,7 +949,7 @@ namespace data
 	}	
 
 	std::vector<IdentHash> NetDb::GetClosestFloodfills (const IdentHash& destination, size_t num,
-		std::set<IdentHash>& excluded) const
+		std::set<IdentHash>& excluded, bool closeThanUsOnly) const
 	{
 		struct Sorted
 		{
@@ -918,13 +960,16 @@ namespace data
 
 		std::set<Sorted> sorted;
 		IdentHash destKey = CreateRoutingKey (destination);
+		XORMetric ourMetric;
+		if (closeThanUsOnly) ourMetric = destKey ^ i2p::context.GetIdentHash ();
 		{
 			std::unique_lock<std::mutex> l(m_FloodfillsMutex);
-			for (auto it: m_Floodfills)
+			for (const auto& it: m_Floodfills)
 			{
 				if (!it->IsUnreachable ())
 				{	
 					XORMetric m = destKey ^ it->GetIdentHash ();
+					if (closeThanUsOnly && ourMetric < m) continue;
 					if (sorted.size () < num)
 						sorted.insert ({it, m});
 					else if (m < sorted.rbegin ()->metric)
@@ -938,11 +983,11 @@ namespace data
 
 		std::vector<IdentHash> res;	
 		size_t i = 0;			
-		for (auto it: sorted)
+		for (const auto& it: sorted)
 		{
 			if (i < num)
 			{
-				auto& ident = it.r->GetIdentHash ();
+				const auto& ident = it.r->GetIdentHash ();
 				if (!excluded.count (ident))
 				{	
 					res.push_back (ident);
@@ -955,6 +1000,14 @@ namespace data
 		return res;
 	}
 
+  std::shared_ptr<const RouterInfo> NetDb::GetRandomRouterInFamily(const std::string & fam) const {
+    return GetRandomRouter(
+      [fam](std::shared_ptr<const RouterInfo> router)->bool
+      {
+        return router->IsFamily(fam);
+      });
+  }
+  
 	std::shared_ptr<const RouterInfo> NetDb::GetClosestNonFloodfill (const IdentHash& destination, 
 		const std::set<IdentHash>& excluded) const
 	{
@@ -963,7 +1016,7 @@ namespace data
 		IdentHash destKey = CreateRoutingKey (destination);
 		minMetric.SetMax ();
 		// must be called from NetDb thread only
-		for (auto it: m_RouterInfos)
+		for (const auto& it: m_RouterInfos)
 		{	
 			if (!it.second->IsFloodfill ())
 			{	
@@ -980,15 +1033,28 @@ namespace data
 	
 	void NetDb::ManageLeaseSets ()
 	{
+		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 		for (auto it = m_LeaseSets.begin (); it != m_LeaseSets.end ();)
 		{
-			if (!it->second->HasNonExpiredLeases ()) // all leases expired
+			if (ts > it->second->GetExpirationTime () - LEASE_ENDDATE_THRESHOLD) 
 			{
-				LogPrint (eLogWarning, "NetDb: LeaseSet ", it->second->GetIdentHash ().ToBase64 (), " expired");
+				LogPrint (eLogInfo, "NetDb: LeaseSet ", it->second->GetIdentHash ().ToBase64 (), " expired");
 				it = m_LeaseSets.erase (it);
 			}	
 			else 
-				it++;
+				++it;
+		}
+	}
+
+	void NetDb::ManageLookupResponses ()
+	{
+		auto ts = i2p::util::GetSecondsSinceEpoch ();
+		for (auto it = m_LookupResponses.begin (); it != m_LookupResponses.end ();)
+		{
+			if (ts > it->second.second + 180) // 3 minutes
+				it = m_LookupResponses.erase (it);
+			else
+				++it;
 		}
 	}
 }

NetDb.h

@@ -8,8 +8,10 @@
 #include <string>
 #include <thread>
 #include <mutex>
-#include <boost/filesystem.hpp>
+
 #include "Base.h"
+#include "Gzip.h"
+#include "FS.h"
 #include "Queue.h"
 #include "I2NPProtocol.h"
 #include "RouterInfo.h"
@@ -18,11 +20,21 @@
 #include "TunnelPool.h"
 #include "Reseed.h"
 #include "NetDbRequests.h"
+#include "Family.h"
 
 namespace i2p
 {
 namespace data
 {		
+	const int NETDB_MIN_ROUTERS = 90;
+	const int NETDB_FLOODFILL_EXPIRATION_TIMEOUT = 60*60; // 1 hour, in seconds
+	const int NETDB_INTRODUCEE_EXPIRATION_TIMEOUT = 65*60;
+	const int NETDB_MIN_EXPIRATION_TIMEOUT = 90*60; // 1.5 hours
+	const int NETDB_MAX_EXPIRATION_TIMEOUT = 27*60*60; // 27 hours
+	const int NETDB_PUBLISH_INTERVAL = 60*40;
+
+	/** function for visiting a leaseset stored in a floodfill */
+	typedef std::function<void(const IdentHash, std::shared_ptr<LeaseSet>)> LeaseSetVisitor;
 	
 	class NetDb
 	{
@@ -34,9 +46,9 @@ namespace data
 			void Start ();
 			void Stop ();
 			
-			void AddRouterInfo (const uint8_t * buf, int len);
-			void AddRouterInfo (const IdentHash& ident, const uint8_t * buf, int len);
-			void AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
+			bool AddRouterInfo (const uint8_t * buf, int len);
+			bool AddRouterInfo (const IdentHash& ident, const uint8_t * buf, int len);
+			bool AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
 			std::shared_ptr<RouterInfo> FindRouter (const IdentHash& ident) const;
 			std::shared_ptr<LeaseSet> FindLeaseSet (const IdentHash& destination) const;
 			std::shared_ptr<RouterProfile> FindRouterProfile (const IdentHash& ident) const;
@@ -52,37 +64,47 @@ namespace data
 			std::shared_ptr<const RouterInfo> GetHighBandwidthRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith) const;
 			std::shared_ptr<const RouterInfo> GetRandomPeerTestRouter () const;
 			std::shared_ptr<const RouterInfo> GetRandomIntroducer () const;
-			std::shared_ptr<const RouterInfo> GetClosestFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded) const;
+			std::shared_ptr<const RouterInfo> GetClosestFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded, bool closeThanUsOnly = false) const;
 			std::vector<IdentHash> GetClosestFloodfills (const IdentHash& destination, size_t num,
-				std::set<IdentHash>& excluded) const;
+				std::set<IdentHash>& excluded, bool closeThanUsOnly = false) const;
 			std::shared_ptr<const RouterInfo> GetClosestNonFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded) const;
+      std::shared_ptr<const RouterInfo> GetRandomRouterInFamily(const std::string & fam) const;
 			void SetUnreachable (const IdentHash& ident, bool unreachable);			
 
 			void PostI2NPMsg (std::shared_ptr<const I2NPMessage> msg);
 
+      /** set hidden mode, aka don't publish our RI to netdb and don't explore */
+      void SetHidden(bool hide); 
+      
 			void Reseed ();
+			Families& GetFamilies () { return m_Families; };
 
 			// for web interface
 			int GetNumRouters () const { return m_RouterInfos.size (); };
 			int GetNumFloodfills () const { return m_Floodfills.size (); };
 			int GetNumLeaseSets () const { return m_LeaseSets.size (); };
-			
+
+			/** visit all lease sets we currently store */
+			void VisitLeaseSets(LeaseSetVisitor v);
+		
 		private:
 
-			bool CreateNetDb(boost::filesystem::path directory);
 			void Load ();
+			bool LoadRouterInfo (const std::string & path);
 			void SaveUpdated ();
 			void Run (); // exploratory thread
 			void Explore (int numDestinations);	
 			void Publish ();
 			void ManageLeaseSets ();
 			void ManageRequests ();
+			void ManageLookupResponses ();
 
-			template<typename Filter>
-			std::shared_ptr<const RouterInfo> GetRandomRouter (Filter filter) const;	
+    	template<typename Filter>
+        std::shared_ptr<const RouterInfo> GetRandomRouter (Filter filter) const;	
 		
 		private:
 
+			mutable std::mutex m_LeaseSetsMutex;
 			std::map<IdentHash, std::shared_ptr<LeaseSet> > m_LeaseSets;
 			mutable std::mutex m_RouterInfosMutex;
 			std::map<IdentHash, std::shared_ptr<RouterInfo> > m_RouterInfos;
@@ -90,16 +112,22 @@ namespace data
 			std::list<std::shared_ptr<RouterInfo> > m_Floodfills;
 			
 			bool m_IsRunning;
+			uint64_t m_LastLoad;
 			std::thread * m_Thread;	
 			i2p::util::Queue<std::shared_ptr<const I2NPMessage> > m_Queue; // of I2NPDatabaseStoreMsg
 
 			GzipInflator m_Inflator;
 			Reseeder * m_Reseeder;
+			Families m_Families;
+			i2p::fs::HashedStorage m_Storage;
 
 			friend class NetDbRequests; 
 			NetDbRequests m_Requests;
 
-			static const char m_NetDbPath[];
+			std::map<IdentHash, std::pair<std::vector<IdentHash>, uint64_t> > m_LookupResponses; // ident->(closest FFs, timestamp)
+
+      /** true if in hidden mode */
+      bool m_HiddenMode;
 	};
 
 	extern NetDb netdb;

NetDbRequests.cpp

@@ -141,7 +141,7 @@ namespace data
 			if (done)
 				it = m_RequestedDestinations.erase (it);
 			else
-				it++;
+				++it;
 		}	
 	}
 }

Profiling.cpp

@@ -1,8 +1,8 @@
-#include <boost/filesystem.hpp>
+#include <sys/stat.h>
 #include <boost/property_tree/ptree.hpp>
 #include <boost/property_tree/ini_parser.hpp>
 #include "Base.h"
-#include "util.h"
+#include "FS.h"
 #include "Log.h"
 #include "Profiling.h"
 
@@ -10,6 +10,8 @@ namespace i2p
 {
 namespace data
 {
+	i2p::fs::HashedStorage m_ProfilesStorage("peerProfiles", "p", "profile-", "txt");
+
 	RouterProfile::RouterProfile (const IdentHash& identHash):
 		m_IdentHash (identHash), m_LastUpdateTime (boost::posix_time::second_clock::local_time()),
 		m_NumTunnelsAgreed (0), m_NumTunnelsDeclined (0), m_NumTunnelsNonReplied (0),
@@ -41,101 +43,69 @@ namespace data
 		boost::property_tree::ptree pt;
 		pt.put (PEER_PROFILE_LAST_UPDATE_TIME, boost::posix_time::to_simple_string (m_LastUpdateTime));
 		pt.put_child (PEER_PROFILE_SECTION_PARTICIPATION, participation);
-		pt.put_child (PEER_PROFILE_SECTION_USAGE, usage);		
+		pt.put_child (PEER_PROFILE_SECTION_USAGE, usage);
 
 		// save to file
-		auto path = i2p::util::filesystem::GetDefaultDataDir() / PEER_PROFILES_DIRECTORY;
-		if (!boost::filesystem::exists (path))
-		{
-			// Create directory is necessary
-			if (!boost::filesystem::create_directory (path))
-			{	
-				LogPrint (eLogError, "Failed to create directory ", path);
-				return;
-			}			
-			const char * chars = GetBase64SubstitutionTable (); // 64 bytes
-			for (int i = 0; i < 64; i++)
-			{
-				auto path1 = path / (std::string ("p") + chars[i]);
-				if (!boost::filesystem::exists (path1) && !boost::filesystem::create_directory (path1)) 
-				{
-					LogPrint (eLogError, "Failed to create directory ", path1);
-					return;
-				}			
-			}				
+		std::string ident = m_IdentHash.ToBase64 ();
+		std::string path = m_ProfilesStorage.Path(ident);
+
+		try {
+			boost::property_tree::write_ini (path, pt);
+		} catch (std::exception& ex) {
+			/* boost exception verbose enough */
+			LogPrint (eLogError, "Profiling: ", ex.what ());
 		}
-		std::string base64 = m_IdentHash.ToBase64 ();
-		path = path / (std::string ("p") + base64[0]);
-		auto filename = path / (std::string (PEER_PROFILE_PREFIX) + base64 + ".txt");
-		try
-		{
-			boost::property_tree::write_ini (filename.string (), pt);
-		}
-		catch (std::exception& ex)
-		{
-			LogPrint (eLogError, "Can't write ", filename, ": ", ex.what ());
-		}
-	}	
+	}
 
 	void RouterProfile::Load ()
 	{
-		std::string base64 = m_IdentHash.ToBase64 ();
-		auto path = i2p::util::filesystem::GetDefaultDataDir() / PEER_PROFILES_DIRECTORY;
-		path /= std::string ("p") + base64[0];
-		auto filename = path / (std::string (PEER_PROFILE_PREFIX) + base64 + ".txt");
-		if (boost::filesystem::exists (filename))
-		{	
-			boost::property_tree::ptree pt;
-			try
-			{
-				boost::property_tree::read_ini (filename.string (), pt);
-			}
-			catch (std::exception& ex)
-			{
-				LogPrint (eLogError, "Can't read ", filename, ": ", ex.what ());
-				return;
-			}
-			try
-			{	
-				auto t = pt.get (PEER_PROFILE_LAST_UPDATE_TIME, "");
-				if (t.length () > 0)
-					m_LastUpdateTime = boost::posix_time::time_from_string (t);
-				if ((GetTime () - m_LastUpdateTime).hours () < PEER_PROFILE_EXPIRATION_TIMEOUT) 
-				{	
-					try
-					{	
-						// read participations
-						auto participations = pt.get_child (PEER_PROFILE_SECTION_PARTICIPATION);
-						m_NumTunnelsAgreed = participations.get (PEER_PROFILE_PARTICIPATION_AGREED, 0);
-						m_NumTunnelsDeclined = participations.get (PEER_PROFILE_PARTICIPATION_DECLINED, 0);
-						m_NumTunnelsNonReplied = participations.get (PEER_PROFILE_PARTICIPATION_NON_REPLIED, 0);
-					}	
-					catch (boost::property_tree::ptree_bad_path& ex)
-					{
-						LogPrint (eLogWarning, "Missing section ", PEER_PROFILE_SECTION_PARTICIPATION);
-					}	
-					try
-					{	
-						// read usage
-						auto usage = pt.get_child (PEER_PROFILE_SECTION_USAGE);
-						m_NumTimesTaken = usage.get (PEER_PROFILE_USAGE_TAKEN, 0);
-						m_NumTimesRejected = usage.get (PEER_PROFILE_USAGE_REJECTED, 0);
-					}	
-					catch (boost::property_tree::ptree_bad_path& ex)
-					{
-						LogPrint (eLogWarning, "Missing section ", PEER_PROFILE_SECTION_USAGE);
-					}	
+		std::string ident = m_IdentHash.ToBase64 ();
+		std::string path = m_ProfilesStorage.Path(ident);
+		boost::property_tree::ptree pt;
+
+		if (!i2p::fs::Exists(path)) {
+			LogPrint(eLogWarning, "Profiling: no profile yet for ", ident);
+			return;
+		}
+
+		try {
+			boost::property_tree::read_ini (path, pt);
+		} catch (std::exception& ex) {
+			/* boost exception verbose enough */
+			LogPrint (eLogError, "Profiling: ", ex.what ());
+			return;
+		}
+
+		try {
+			auto t = pt.get (PEER_PROFILE_LAST_UPDATE_TIME, "");
+			if (t.length () > 0)
+				m_LastUpdateTime = boost::posix_time::time_from_string (t);
+			if ((GetTime () - m_LastUpdateTime).hours () < PEER_PROFILE_EXPIRATION_TIMEOUT) {
+				try {
+					// read participations
+					auto participations = pt.get_child (PEER_PROFILE_SECTION_PARTICIPATION);
+					m_NumTunnelsAgreed = participations.get (PEER_PROFILE_PARTICIPATION_AGREED, 0);
+					m_NumTunnelsDeclined = participations.get (PEER_PROFILE_PARTICIPATION_DECLINED, 0);
+					m_NumTunnelsNonReplied = participations.get (PEER_PROFILE_PARTICIPATION_NON_REPLIED, 0);
+				}	catch (boost::property_tree::ptree_bad_path& ex) {
+					LogPrint (eLogWarning, "Profiling: Missing section ", PEER_PROFILE_SECTION_PARTICIPATION, " in profile for ", ident);
 				}	
-				else
-					*this = RouterProfile (m_IdentHash);
-			}	
-			catch (std::exception& ex)
-			{
-				LogPrint (eLogError, "Can't read profile ", base64, " :", ex.what ());
-			}	
-		}	
-	}	
-		
+				try {
+					// read usage
+					auto usage = pt.get_child (PEER_PROFILE_SECTION_USAGE);
+					m_NumTimesTaken = usage.get (PEER_PROFILE_USAGE_TAKEN, 0);
+					m_NumTimesRejected = usage.get (PEER_PROFILE_USAGE_REJECTED, 0);
+				}	catch (boost::property_tree::ptree_bad_path& ex) {
+					LogPrint (eLogWarning, "Missing section ", PEER_PROFILE_SECTION_USAGE, " in profile for ", ident);
+				}
+			} else {
+				*this = RouterProfile (m_IdentHash);
+			}
+		} catch (std::exception& ex) {
+			LogPrint (eLogError, "Profiling: Can't read profile ", ident, " :", ex.what ());
+		}
+	}
+
 	void RouterProfile::TunnelBuildResponse (uint8_t ret)
 	{
 		UpdateTime ();
@@ -184,31 +154,29 @@ namespace data
 		return profile;
 	}		
 
+	void InitProfilesStorage ()
+	{
+		m_ProfilesStorage.SetPlace(i2p::fs::GetDataDir());
+		m_ProfilesStorage.Init(i2p::data::GetBase64SubstitutionTable(), 64);
+	}
+
 	void DeleteObsoleteProfiles ()
 	{
-		int num = 0;
-		auto ts = boost::posix_time::second_clock::local_time();
-		boost::filesystem::path p (i2p::util::filesystem::GetDataDir()/PEER_PROFILES_DIRECTORY);
-		if (boost::filesystem::exists (p))
-		{
-			boost::filesystem::directory_iterator end;
-			for (boost::filesystem::directory_iterator it (p); it != end; ++it)
-			{
-				if (boost::filesystem::is_directory (it->status()))
-				{
-					for (boost::filesystem::directory_iterator it1 (it->path ()); it1 != end; ++it1)
-					{
-						auto lastModified = boost::posix_time::from_time_t (boost::filesystem::last_write_time (it1->path ()));
-						if ((ts - lastModified).hours () >= PEER_PROFILE_EXPIRATION_TIMEOUT)
-						{	
-							boost::filesystem::remove (it1->path ());
-							num++;
-						}	
-					}	
-				}
-			}	
+		struct stat st;
+		std::time_t now = std::time(nullptr);
+
+		std::vector<std::string> files;
+		m_ProfilesStorage.Traverse(files);
+		for (const auto& path: files) {
+			if (stat(path.c_str(), &st) != 0) {
+				LogPrint(eLogWarning, "Profiling: Can't stat(): ", path);
+				continue;
+			}
+			if (((now - st.st_mtime) / 3600) >= PEER_PROFILE_EXPIRATION_TIMEOUT) {
+				LogPrint(eLogDebug, "Profiling: removing expired peer profile: ", path);
+				i2p::fs::Remove(path);
+			}
 		}
-		LogPrint (eLogInfo, num, " obsolete profiles deleted");
-	}	
+	}
 }		
 }	

Profiling.h

@@ -9,8 +9,6 @@ namespace i2p
 {
 namespace data
 {	
-	const char PEER_PROFILES_DIRECTORY[] = "peerProfiles";
-	const char PEER_PROFILE_PREFIX[] = "profile-";
 	// sections
 	const char PEER_PROFILE_SECTION_PARTICIPATION[] = "participation";
 	const char PEER_PROFILE_SECTION_USAGE[] = "usage";
@@ -62,6 +60,7 @@ namespace data
 	};	
 
 	std::shared_ptr<RouterProfile> GetRouterProfile (const IdentHash& identHash); 
+	void InitProfilesStorage ();
 	void DeleteObsoleteProfiles ();
 }		
 }	

Queue.h

@@ -7,6 +7,7 @@
 #include <thread>
 #include <condition_variable>
 #include <functional>
+#include <utility>
 
 namespace i2p
 {
@@ -20,7 +21,7 @@ namespace util
 			void Put (Element e)
 			{
 				std::unique_lock<std::mutex>  l(m_QueueMutex);
-				m_Queue.push (e);	
+				m_Queue.push (std::move(e));
 				m_NonEmpty.notify_one ();
 			}
 
@@ -29,7 +30,7 @@ namespace util
 				if (!vec.empty ())
 				{	
 					std::unique_lock<std::mutex>  l(m_QueueMutex);
-					for (auto it: vec)
+					for (const auto& it: vec)
 						m_Queue.push (it);	
 					m_NonEmpty.notify_one ();
 				}	
@@ -117,52 +118,6 @@ namespace util
 			std::mutex m_QueueMutex;
 			std::condition_variable m_NonEmpty;
 	};	
-
-	template<class Msg>
-	class MsgQueue: public Queue<Msg *>
-	{
-		public:
-
-			typedef std::function<void()> OnEmpty;
-
-			MsgQueue (): m_IsRunning (true), m_Thread (std::bind (&MsgQueue<Msg>::Run, this))  {};
-			~MsgQueue () { Stop (); };
-			void Stop()
-			{
-				if (m_IsRunning)
-				{
-					m_IsRunning = false;
-					Queue<Msg *>::WakeUp ();					
-					m_Thread.join();
-				}
-			}
-
-			void SetOnEmpty (OnEmpty const & e) { m_OnEmpty = e; };
-
-		private:
-
-			void Run ()
-			{
-				while (m_IsRunning)
-				{
-					while (auto msg = Queue<Msg *>::Get ())
-					{
-						msg->Process ();
-						delete msg;
-					}
-					if (m_OnEmpty != nullptr)
-						m_OnEmpty ();
-					if (m_IsRunning)
-						Queue<Msg *>::Wait ();
-				}	
-			}	
-			
-		private:
-			
-			volatile bool m_IsRunning;
-			OnEmpty m_OnEmpty;
-			std::thread m_Thread;	
-	};	
 }		
 }	
 

README.md

@@ -1,41 +1,55 @@
 i2pd
 ====
 
-Independent C++ implementation of I2P router
+i2pd is a full-featured C++ implementation of 
+[I2P](https://geti2p.net/en/about/intro) client.
+
+I2P (Invisible Internet Project) is anonymous network which works on top of 
+public Internet. Privacy and anonymity are achieved by strong encryption and 
+bouncing your traffic through thousands of I2P nodes all around the world.
+
+We are building network which helps people to communicate and share information 
+without restrictions.
+
+* [Website](http://i2pd.website)
+* [Documentation](https://i2pd.readthedocs.io/en/latest/)
+* [Wiki](https://github.com/PurpleI2P/i2pd/wiki)
+* [Tickets/Issues](https://github.com/PurpleI2P/i2pd/issues)
+* [Twitter](https://twitter.com/i2porignal)
+
+Installing
+----------
+
+The easiest way to install i2pd is by using 
+[precompiled binaries](https://github.com/PurpleI2P/i2pd/releases/latest). 
+See [documentation](https://i2pd.readthedocs.io/en/latest/) for how to build 
+i2pd from source on your OS.
+
+**Supported systems:**
+
+* Linux x86/x64  - [![Build Status](https://travis-ci.org/PurpleI2P/i2pd.svg?branch=openssl)](https://travis-ci.org/PurpleI2P/i2pd)  
+* Windows        - [![Build status](https://ci.appveyor.com/api/projects/status/1908qe4p48ff1x23?svg=true)](https://ci.appveyor.com/project/PurpleI2P/i2pd)  
+* Mac OS X
+* FreeBSD
+* Android 
+
+Using i2pd
+----------
+
+See [documentation](https://i2pd.readthedocs.io/en/latest/) and 
+[example config file](https://github.com/PurpleI2P/i2pd/blob/openssl/docs/i2pd.conf).
+
+Donations
+---------
+
+BTC: 1K7Ds6KUeR8ya287UC4rYTjvC96vXyZbDY  
+DASH: Xw8YUrQpYzP9tZBmbjqxS3M97Q7v3vJKUF  
+LTC: LKQirrYrDeTuAPnpYq5y7LVKtywfkkHi59  
+ANC: AQJYweYYUqM1nVfLqfoSMpUMfzxvS4Xd7z  
+DOGE: DNXLQKziRPAsD9H3DFNjk4fLQrdaSX893Y 
 
 License
 -------
 
 This project is licensed under the BSD 3-clause license, which can be found in the file
 LICENSE in the root of the project source code.
-
-Donations
----------
-
-BTC: 1K7Ds6KUeR8ya287UC4rYTjvC96vXyZbDY  
-LTC: LKQirrYrDeTuAPnpYq5y7LVKtywfkkHi59  
-ANC: AQJYweYYUqM1nVfLqfoSMpUMfzxvS4Xd7z  
-
-Downloads
-------------
-
-Official binary releases could be found at:  
-http://i2pd.website/releases/  
-older releases  
-http://download.i2p.io/purplei2p/i2pd/releases/  
-
-Supported OS
-------------
-
-* Linux x86/x64  - [![Build Status](https://travis-ci.org/PurpleI2P/i2pd.svg?branch=openssl)](https://travis-ci.org/PurpleI2P/i2pd)  
-* Windows        - [![Build status](https://ci.appveyor.com/api/projects/status/1908qe4p48ff1x23?svg=true)](https://ci.appveyor.com/project/PurpleI2P/i2pd)  
-* Mac OS X
-* FreeBSD
-
-More documentation
-------------------
-
-* [Building from source / unix](docs/build_notes_unix.md)  
-* [Building from source / windows](docs/build_notes_windows.md)  
-* [Configuring your i2pd](docs/configuration.md)  
-* [Github wiki](https://github.com/PurpleI2P/i2pd/wiki/)  

Reseed.cpp

@@ -1,41 +1,47 @@
 #include <string.h>
 #include <fstream>
 #include <sstream>
-#include <boost/regex.hpp>
-#include <boost/filesystem.hpp>
 #include <boost/asio.hpp>
-#include <boost/asio/ssl.hpp>
-#include <openssl/bn.h>
+#include <boost/asio/ssl.hpp> 
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <zlib.h>
+
+#include "Crypto.h"
 #include "I2PEndian.h"
 #include "Reseed.h"
+#include "FS.h"
 #include "Log.h"
 #include "Identity.h"
-#include "Crypto.h"
 #include "NetDb.h"
+#include "HTTP.h"
 #include "util.h"
-
+#include "Config.h"
 
 namespace i2p
 {
 namespace data
 {
-	static std::vector<std::string> httpsReseedHostList = 
+	static std::vector<std::string> httpsReseedHostList =
 	{
+#ifdef MESHNET
+		// meshnet i2p reseeds
+		"https://reseed.i2p.rocks:8443/"
+#else
+		// mainline i2p reseeds
 		"https://reseed.i2p-projekt.de/", // Only HTTPS
-        "https://i2pseed.zarrenspry.info/", // Only HTTPS and SU3 (v3) support
-        "https://i2p.mooo.com/netDb/",
-        "https://netdb.i2p2.no/", // Only SU3 (v3) support, SNI required
+				"https://i2p.mooo.com/netDb/",
+				"https://netdb.i2p2.no/", // Only SU3 (v3) support, SNI required
 		"https://us.reseed.i2p2.no:444/",	
-        "https://uk.reseed.i2p2.no:444/",
-		"https://www.torontocrypto.org:8443/"
-        "https://reseed.i2p.vzaws.com:8443/", // Only SU3 (v3) support
-        "https://user.mx24.eu/", // Only HTTPS and SU3 (v3) support
-        "https://ieb9oopo.mooo.com/" // Only HTTPS and SU3 (v3) support
+				"https://uk.reseed.i2p2.no:444/",
+		"https://i2p.manas.ca:8443/",
+		"https://i2p-0.manas.ca:8443/",
+				"https://reseed.i2p.vzaws.com:8443/", // Only SU3 (v3) support
+				"https://user.mx24.eu/", // Only HTTPS and SU3 (v3) support
+				"https://download.xxlspeed.com/" // Only HTTPS and SU3 (v3) support
+#endif
 	};
-	
+ 
 	Reseeder::Reseeder()
 	{
 	}
@@ -46,6 +52,13 @@ namespace data
 
 	int Reseeder::ReseedNowSU3 ()
 	{
+		std::string filename; i2p::config::GetOption("reseed.file", filename);
+		if (filename.length() > 0) // reseed file is specified
+		{
+			auto num = ProcessSU3File (filename.c_str ());
+			if (num > 0) return num; // success
+			LogPrint (eLogWarning, "Can't reseed from ", filename, " . Trying from hosts"); 
+		}	
 		auto ind = rand () % httpsReseedHostList.size ();
 		std::string& reseedHost = httpsReseedHostList[ind];
 		return ReseedFromSU3 (reseedHost);
@@ -208,6 +221,11 @@ namespace data
 				uint16_t fileNameLength, extraFieldLength; 
 				s.read ((char *)&fileNameLength, 2);	
 				fileNameLength = le16toh (fileNameLength);
+				if ( fileNameLength > 255 ) {
+					// too big
+					LogPrint(eLogError, "Reseed: SU3 fileNameLength too large: ", fileNameLength);
+					return numFiles;
+				}
 				s.read ((char *)&extraFieldLength, 2);
 				extraFieldLength = le16toh (extraFieldLength);
 				char localFileName[255];
@@ -341,36 +359,41 @@ namespace data
 
 	void Reseeder::LoadCertificates ()
 	{
-		boost::filesystem::path reseedDir = i2p::util::filesystem::GetCertificatesDir() / "reseed";
-		
-		if (!boost::filesystem::exists (reseedDir))
-		{
-			LogPrint (eLogWarning, "Reseed: certificates not loaded, ", reseedDir, " doesn't exist");
+		std::string certDir = i2p::fs::DataDirPath("certificates", "reseed");
+		std::vector<std::string> files;
+		int numCertificates = 0;
+
+		if (!i2p::fs::ReadDir(certDir, files)) {
+			LogPrint(eLogWarning, "Reseed: Can't load reseed certificates from ", certDir);
 			return;
 		}
 
-		int numCertificates = 0;
-		boost::filesystem::directory_iterator end; // empty
-		for (boost::filesystem::directory_iterator it (reseedDir); it != end; ++it)
-		{
-			if (boost::filesystem::is_regular_file (it->status()) && it->path ().extension () == ".crt")
-			{	
-				LoadCertificate (it->path ().string ());
-				numCertificates++;
-			}	
+		for (const std::string & file : files) {
+			if (file.compare(file.size() - 4, 4, ".crt") != 0) {
+				LogPrint(eLogWarning, "Reseed: ignoring file ", file);
+				continue;
+			}
+			LoadCertificate (file);
+			numCertificates++;
 		}	
 		LogPrint (eLogInfo, "Reseed: ", numCertificates, " certificates loaded");
 	}	
 
 	std::string Reseeder::HttpsRequest (const std::string& address)
 	{
-		i2p::util::http::url u(address);
-		if (u.port_ == 80) u.port_ = 443; 
+		i2p::http::URL url;
+		if (!url.parse(address)) {
+			LogPrint(eLogError, "Reseed: failed to parse url: ", address);
+			return "";
+		}
+		url.schema = "https";
+		if (!url.port)
+			url.port = 443;
 
 		boost::asio::io_service service;
 		boost::system::error_code ecode;
-    	auto it = boost::asio::ip::tcp::resolver(service).resolve (
-			 boost::asio::ip::tcp::resolver::query (u.host_, std::to_string (u.port_)), ecode);
+		auto it = boost::asio::ip::tcp::resolver(service).resolve (
+			boost::asio::ip::tcp::resolver::query (url.host, std::to_string(url.port)), ecode);
 		if (!ecode)
 		{
 			boost::asio::ssl::context ctx(service, boost::asio::ssl::context::sslv23);
@@ -382,32 +405,52 @@ namespace data
 				s.handshake (boost::asio::ssl::stream_base::client, ecode);
 				if (!ecode)
 				{
-					LogPrint (eLogInfo, "Reseed: Connected to ", u.host_, ":", u.port_);
-					// send request		
-					std::stringstream ss;
-					ss << "GET " << u.path_ << " HTTP/1.1\r\nHost: " << u.host_
-					<< "\r\nAccept: */*\r\n" << "User-Agent: Wget/1.11.4\r\n" << "Connection: close\r\n\r\n";	
-					s.write_some (boost::asio::buffer (ss.str ()));
+					LogPrint (eLogDebug, "Reseed: Connected to ", url.host, ":", url.port);
+					i2p::http::HTTPReq req;
+					req.uri = url.to_string();
+					req.add_header("User-Agent", "Wget/1.11.4");
+					req.add_header("Connection", "close");
+					s.write_some (boost::asio::buffer (req.to_string()));
 					// read response
 					std::stringstream rs;
-					char response[1024]; size_t l = 0;
-					do
-					{
-						l = s.read_some (boost::asio::buffer (response, 1024), ecode);
-						if (l) rs.write (response, l);
-					}
-					while (!ecode && l);
+					char recv_buf[1024]; size_t l = 0;
+					do {
+						l = s.read_some (boost::asio::buffer (recv_buf, sizeof(recv_buf)), ecode);
+						if (l) rs.write (recv_buf, l);
+					} while (!ecode && l);
 					// process response
-					return i2p::util::http::GetHttpContent (rs);
+					std::string data = rs.str();
+					i2p::http::HTTPRes res;
+					int len = res.parse(data);
+					if (len <= 0) {
+						LogPrint(eLogWarning, "Reseed: incomplete/broken response from ", url.host);
+						return "";
+					}
+					if (res.code != 200) {
+						LogPrint(eLogError, "Reseed: failed to reseed from ", url.host, ", http code ", res.code);
+						return "";
+					}
+					data.erase(0, len); /* drop http headers from response */
+					LogPrint(eLogDebug, "Reseed: got ", data.length(), " bytes of data from ", url.host);
+					if (res.is_chunked()) {
+						std::stringstream in(data), out;
+						if (!i2p::http::MergeChunkedResponse(in, out)) {
+							LogPrint(eLogWarning, "Reseed: failed to merge chunked response from ", url.host);
+							return "";
+						}
+						LogPrint(eLogDebug, "Reseed: got ", data.length(), "(", out.tellg(), ") bytes of data from ", url.host);
+						data = out.str();
+					}
+					return data;
 				}
 				else
 					LogPrint (eLogError, "Reseed: SSL handshake failed: ", ecode.message ());
 			}
 			else
-				LogPrint (eLogError, "Reseed: Couldn't connect to ", u.host_, ": ", ecode.message ());
+				LogPrint (eLogError, "Reseed: Couldn't connect to ", url.host, ": ", ecode.message ());
 		}
 		else
-			LogPrint (eLogError, "Reseed: Couldn't resolve address ", u.host_, ": ", ecode.message ());
+			LogPrint (eLogError, "Reseed: Couldn't resolve address ", url.host, ": ", ecode.message ());
 		return "";
 	}	
 }

RouterContext.cpp

@@ -5,9 +5,11 @@
 #include "Timestamp.h"
 #include "I2NPProtocol.h"
 #include "NetDb.h"
+#include "FS.h"
 #include "util.h"
 #include "version.h"
 #include "Log.h"
+#include "Family.h"
 #include "RouterContext.h"
 
 namespace i2p
@@ -47,14 +49,34 @@ namespace i2p
 		uint16_t port; i2p::config::GetOption("port", port);
 		if (!port)
 			port = rand () % (30777 - 9111) + 9111; // I2P network ports range
-		std::string host; i2p::config::GetOption("host", host);
-		if (host == "0.0.0.0")
-			host = "127.0.0.1"; // replace default address with safe value
-		routerInfo.AddSSUAddress  (host.c_str(), port, routerInfo.GetIdentHash ());
-		routerInfo.AddNTCPAddress (host.c_str(), port);
+		bool ipv4; i2p::config::GetOption("ipv4", ipv4);
+		bool ipv6; i2p::config::GetOption("ipv6", ipv6);
+		bool nat;  i2p::config::GetOption("nat", nat);
+		std::string ifname; i2p::config::GetOption("ifname", ifname);
+		if (ipv4)
+		{
+			std::string host = "127.0.0.1";
+			if (!i2p::config::IsDefault("host"))
+				i2p::config::GetOption("host", host);
+			else if (!nat && !ifname.empty())
+				/* bind to interface, we have no NAT so set external address too */
+				host = i2p::util::net::GetInterfaceAddress(ifname, false).to_string(); // v4
+			routerInfo.AddSSUAddress (host.c_str(), port, routerInfo.GetIdentHash ());
+			routerInfo.AddNTCPAddress (host.c_str(), port);
+		}
+		if (ipv6)
+		{
+			std::string host = "::";
+			if (!i2p::config::IsDefault("host") && !ipv4) // override if v6 only
+				i2p::config::GetOption("host", host);
+			else if (!ifname.empty()) 
+				host = i2p::util::net::GetInterfaceAddress(ifname, true).to_string(); // v6
+			routerInfo.AddSSUAddress (host.c_str(), port, routerInfo.GetIdentHash ());
+			routerInfo.AddNTCPAddress (host.c_str(), port);
+		}
 		routerInfo.SetCaps (i2p::data::RouterInfo::eReachable | 
 			i2p::data::RouterInfo::eSSUTesting | i2p::data::RouterInfo::eSSUIntroducer); // LR, BC
-		routerInfo.SetProperty ("netId", std::to_string (I2PD_NET_ID));
+        routerInfo.SetProperty ("netId", std::to_string (I2PD_NET_ID));
 		routerInfo.SetProperty ("router.version", I2P_VERSION);
 		routerInfo.CreateBuffer (m_Keys);
 		m_RouterInfo.SetRouterIdentity (GetIdentity ());
@@ -64,7 +86,7 @@ namespace i2p
 	void RouterContext::UpdateRouterInfo ()
 	{
 		m_RouterInfo.CreateBuffer (m_Keys);
-		m_RouterInfo.SaveToFile (i2p::util::filesystem::GetFullPath (ROUTER_INFO));
+		m_RouterInfo.SaveToFile (i2p::fs::DataDirPath (ROUTER_INFO));
 		m_LastUpdateTime = i2p::util::GetSecondsSinceEpoch ();
 	}	
 
@@ -92,9 +114,9 @@ namespace i2p
 		bool updated = false;
 		for (auto& address : m_RouterInfo.GetAddresses ())
 		{
-			if (address.port != port)
+			if (address->port != port)
 			{	
-				address.port = port;
+				address->port = port;
 				updated = true;
 			}	
 		}	
@@ -107,9 +129,9 @@ namespace i2p
 		bool updated = false;
 		for (auto& address : m_RouterInfo.GetAddresses ())
 		{
-			if (address.host != host && address.IsCompatible (host))
+			if (address->host != host && address->IsCompatible (host))
 			{	
-				address.host = host;
+				address->host = host;
 				updated = true;
 			}	
 		}	
@@ -141,39 +163,76 @@ namespace i2p
 		{
 			m_RouterInfo.SetCaps (m_RouterInfo.GetCaps () & ~i2p::data::RouterInfo::eFloodfill);
 			// we don't publish number of routers and leaseset for non-floodfill
-			m_RouterInfo.DeleteProperty (ROUTER_INFO_PROPERTY_LEASESETS);
-			m_RouterInfo.DeleteProperty (ROUTER_INFO_PROPERTY_ROUTERS);
+			m_RouterInfo.DeleteProperty (i2p::data::ROUTER_INFO_PROPERTY_LEASESETS);
+			m_RouterInfo.DeleteProperty (i2p::data::ROUTER_INFO_PROPERTY_ROUTERS);
 		}
 		UpdateRouterInfo ();
 	}
 
-	void RouterContext::SetHighBandwidth ()
+	std::string RouterContext::GetFamily () const
 	{
-		if (!m_RouterInfo.IsHighBandwidth () || m_RouterInfo.IsExtraBandwidth ())
-		{
-			m_RouterInfo.SetCaps ((m_RouterInfo.GetCaps () | i2p::data::RouterInfo::eHighBandwidth) & ~i2p::data::RouterInfo::eExtraBandwidth);
-			UpdateRouterInfo ();
-		}
+		return m_RouterInfo.GetProperty (i2p::data::ROUTER_INFO_PROPERTY_FAMILY);
 	}
 
-	void RouterContext::SetLowBandwidth ()
+	void RouterContext::SetFamily (const std::string& family)
 	{
-		if (m_RouterInfo.IsHighBandwidth () || m_RouterInfo.IsExtraBandwidth ())
+		std::string signature;
+		if (family.length () > 0)
+			signature = i2p::data::CreateFamilySignature (family, GetIdentHash ());
+		if (signature.length () > 0)
 		{
-			m_RouterInfo.SetCaps (m_RouterInfo.GetCaps () & ~i2p::data::RouterInfo::eHighBandwidth & ~i2p::data::RouterInfo::eExtraBandwidth);
-			UpdateRouterInfo ();
+			m_RouterInfo.SetProperty (i2p::data::ROUTER_INFO_PROPERTY_FAMILY, family);
+			m_RouterInfo.SetProperty (i2p::data::ROUTER_INFO_PROPERTY_FAMILY_SIG, signature);
+		}	
+		else
+		{
+			m_RouterInfo.DeleteProperty (i2p::data::ROUTER_INFO_PROPERTY_FAMILY);
+			m_RouterInfo.DeleteProperty (i2p::data::ROUTER_INFO_PROPERTY_FAMILY_SIG);
+		}	
+	}	
+
+	void RouterContext::SetBandwidth (char L) {
+		uint16_t limit = 0;
+		enum { low, high, extra } type = high;
+		/* detect parameters */
+		switch (L) 
+		{
+			case i2p::data::CAPS_FLAG_LOW_BANDWIDTH1   : limit =   12; type = low;   break;
+			case i2p::data::CAPS_FLAG_LOW_BANDWIDTH2   : limit =   48; type = low;   break;
+			case i2p::data::CAPS_FLAG_HIGH_BANDWIDTH1  : limit =   64; type = high;  break;
+			case i2p::data::CAPS_FLAG_HIGH_BANDWIDTH2  : limit =  128; type = high;  break;
+			case i2p::data::CAPS_FLAG_HIGH_BANDWIDTH3  : limit =  256; type = high;  break;
+			case i2p::data::CAPS_FLAG_EXTRA_BANDWIDTH1 : limit = 2048; type = extra; break;
+			case i2p::data::CAPS_FLAG_EXTRA_BANDWIDTH2 : limit = 9999; type = extra; break;
+			default:
+				 limit =  48; type = low;
 		}
+		/* update caps & flags in RI */
+		auto caps = m_RouterInfo.GetCaps ();
+		caps &= ~i2p::data::RouterInfo::eHighBandwidth;
+		caps &= ~i2p::data::RouterInfo::eExtraBandwidth;
+		switch (type) 
+		{
+			case low   : /* not set */; break;
+			case high  : caps |= i2p::data::RouterInfo::eHighBandwidth;  break;
+			case extra : caps |= i2p::data::RouterInfo::eExtraBandwidth; break;
+		}
+		m_RouterInfo.SetCaps (caps);
+		UpdateRouterInfo ();
+		m_BandwidthLimit = limit;
 	}
 
-	void RouterContext::SetExtraBandwidth ()
-	{	
-		if (!m_RouterInfo.IsExtraBandwidth () || !m_RouterInfo.IsHighBandwidth ())
-		{
-			m_RouterInfo.SetCaps (m_RouterInfo.GetCaps () | i2p::data::RouterInfo::eExtraBandwidth | i2p::data::RouterInfo::eHighBandwidth);
-			UpdateRouterInfo ();
-		}
+	void RouterContext::SetBandwidth (int limit) 
+	{
+		if      (limit > 2000) { SetBandwidth('X'); }
+		else if (limit >  256) { SetBandwidth('P'); }
+		else if (limit >  128) { SetBandwidth('O'); }
+		else if (limit >   64) { SetBandwidth('N'); }
+		else if (limit >   48) { SetBandwidth('M'); }
+		else if (limit >   12) { SetBandwidth('L'); }
+		else                   { SetBandwidth('K'); }
 	}
-		
+
 	bool RouterContext::IsUnreachable () const
 	{
 		return m_RouterInfo.GetCaps () & i2p::data::RouterInfo::eUnreachable;
@@ -185,17 +244,18 @@ namespace i2p
 		m_RouterInfo.SetCaps (i2p::data::RouterInfo::eUnreachable | i2p::data::RouterInfo::eSSUTesting); // LU, B
 		// remove NTCP address
 		auto& addresses = m_RouterInfo.GetAddresses ();
-		for (size_t i = 0; i < addresses.size (); i++)
+		for (auto it = addresses.begin (); it != addresses.end (); ++it)
 		{
-			if (addresses[i].transportStyle == i2p::data::RouterInfo::eTransportNTCP)
+			if ((*it)->transportStyle == i2p::data::RouterInfo::eTransportNTCP &&
+				(*it)->host.is_v4 ())
 			{
-				addresses.erase (addresses.begin () + i);
+				addresses.erase (it);
 				break;
 			}
 		}	
 		// delete previous introducers
 		for (auto& addr : addresses)
-			addr.introducers.clear ();
+			addr->introducers.clear ();
 	
 		// update
 		UpdateRouterInfo ();
@@ -214,18 +274,19 @@ namespace i2p
 		
 		// insert NTCP back
 		auto& addresses = m_RouterInfo.GetAddresses ();
-		for (size_t i = 0; i < addresses.size (); i++)
+		for (const auto& addr : addresses)
 		{
-			if (addresses[i].transportStyle == i2p::data::RouterInfo::eTransportSSU)
+			if (addr->transportStyle == i2p::data::RouterInfo::eTransportSSU &&
+				addr->host.is_v4 ())
 			{
 				// insert NTCP address with host/port from SSU
-				m_RouterInfo.AddNTCPAddress (addresses[i].host.to_string ().c_str (), addresses[i].port);
+				m_RouterInfo.AddNTCPAddress (addr->host.to_string ().c_str (), addr->port);
 				break;
 			}
 		}		
 		// delete previous introducers
 		for (auto& addr : addresses)
-			addr.introducers.clear ();
+			addr->introducers.clear ();
 		
 		// update
 		UpdateRouterInfo ();
@@ -238,26 +299,36 @@ namespace i2p
 		else
 			m_RouterInfo.DisableV6 ();
 		UpdateRouterInfo ();
-	}	
+	}
+  	
+	void RouterContext::SetSupportsV4 (bool supportsV4)
+	{
+		if (supportsV4)
+			m_RouterInfo.EnableV4 ();
+		else
+			m_RouterInfo.DisableV4 ();
+		UpdateRouterInfo ();
+	}
+  
 
 	void RouterContext::UpdateNTCPV6Address (const boost::asio::ip::address& host)
 	{
 		bool updated = false, found = false;	
 		int port = 0;
 		auto& addresses = m_RouterInfo.GetAddresses ();
-		for (auto& addr : addresses)
+		for (auto& addr: addresses)
 		{
-			if (addr.host.is_v6 () && addr.transportStyle == i2p::data::RouterInfo::eTransportNTCP)
+			if (addr->host.is_v6 () && addr->transportStyle == i2p::data::RouterInfo::eTransportNTCP)
 			{
-				if (addr.host != host)
+				if (addr->host != host)
 				{
-					addr.host = host;
+					addr->host = host;
 					updated = true;
 				}
 				found = true;	
 			}	
 			else
-				port = addr.port;	
+				port = addr->port;	
 		}	
 		if (!found)
 		{
@@ -284,15 +355,15 @@ namespace i2p
 		if (m_IsFloodfill)
 		{
 			// update routers and leasesets
-			m_RouterInfo.SetProperty (ROUTER_INFO_PROPERTY_LEASESETS, boost::lexical_cast<std::string>(i2p::data::netdb.GetNumLeaseSets ()));
-			m_RouterInfo.SetProperty (ROUTER_INFO_PROPERTY_ROUTERS, boost::lexical_cast<std::string>(i2p::data::netdb.GetNumRouters ()));
+			m_RouterInfo.SetProperty (i2p::data::ROUTER_INFO_PROPERTY_LEASESETS, boost::lexical_cast<std::string>(i2p::data::netdb.GetNumLeaseSets ()));
+			m_RouterInfo.SetProperty (i2p::data::ROUTER_INFO_PROPERTY_ROUTERS, boost::lexical_cast<std::string>(i2p::data::netdb.GetNumRouters ()));
 			UpdateRouterInfo (); 
 		}
 	}
 		
 	bool RouterContext::Load ()
 	{
-		std::ifstream fk (i2p::util::filesystem::GetFullPath (ROUTER_KEYS).c_str (), std::ifstream::binary | std::ofstream::in);
+		std::ifstream fk (i2p::fs::DataDirPath (ROUTER_KEYS), std::ifstream::in | std::ifstream::binary);
 		if (!fk.is_open ())	return false;
 		fk.seekg (0, std::ios::end);
 		size_t len = fk.tellg();
@@ -312,16 +383,24 @@ namespace i2p
 			delete[] buf;
 		}
 
-		i2p::data::RouterInfo routerInfo(i2p::util::filesystem::GetFullPath (ROUTER_INFO)); // TODO
 		m_RouterInfo.SetRouterIdentity (GetIdentity ());
-		m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
-		m_RouterInfo.SetProperty ("coreVersion", I2P_VERSION);
-		m_RouterInfo.SetProperty ("router.version", I2P_VERSION);
+		i2p::data::RouterInfo routerInfo(i2p::fs::DataDirPath (ROUTER_INFO)); 
+		if (!routerInfo.IsUnreachable ()) // router.info looks good
+		{
+			m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
+			m_RouterInfo.SetProperty ("coreVersion", I2P_VERSION);
+			m_RouterInfo.SetProperty ("router.version", I2P_VERSION);
+
+			// Migration to 0.9.24. TODO: remove later
+			m_RouterInfo.DeleteProperty ("coreVersion");
+			m_RouterInfo.DeleteProperty ("stat_uptime");
+		}
+		else
+		{
+			LogPrint (eLogError, ROUTER_INFO, " is malformed. Creating new");
+			NewRouterInfo ();
+		}			
 
-		// Migration to 0.9.24. TODO: remove later
-		m_RouterInfo.DeleteProperty ("coreVersion");
-		m_RouterInfo.DeleteProperty ("stat_uptime");
-		
 		if (IsUnreachable ())
 			SetReachable (); // we assume reachable until we discover firewall through peer tests
 		
@@ -331,7 +410,7 @@ namespace i2p
 	void RouterContext::SaveKeys ()
 	{	
 		// save in the same format as .dat files
-		std::ofstream fk (i2p::util::filesystem::GetFullPath (ROUTER_KEYS).c_str (), std::ofstream::binary | std::ofstream::out);
+		std::ofstream fk (i2p::fs::DataDirPath (ROUTER_KEYS), std::ofstream::binary | std::ofstream::out);
 		size_t len = m_Keys.GetFullLen ();
 		uint8_t * buf = new uint8_t[len];
 		m_Keys.ToBuffer (buf, len);
@@ -360,6 +439,12 @@ namespace i2p
 		std::unique_lock<std::mutex> l(m_GarlicMutex);
 		i2p::garlic::GarlicDestination::ProcessDeliveryStatusMessage (msg);
 	}	
+
+	void RouterContext::CleanupDestination ()
+	{
+		std::unique_lock<std::mutex> l(m_GarlicMutex);
+		i2p::garlic::GarlicDestination::CleanupExpiredTags ();
+	}
 		
 	uint32_t RouterContext::GetUptime () const
 	{

RouterContext.h

@@ -15,9 +15,6 @@ namespace i2p
 	const char ROUTER_INFO[] = "router.info";
 	const char ROUTER_KEYS[] = "router.keys";	
 	const int ROUTER_INFO_UPDATE_INTERVAL = 1800; // 30 minutes
-	
-	const char ROUTER_INFO_PROPERTY_LEASESETS[] = "netdb.knownLeaseSets";
-	const char ROUTER_INFO_PROPERTY_ROUTERS[] = "netdb.knownRouters";		
 
 	enum RouterStatus
 	{
@@ -33,6 +30,7 @@ namespace i2p
 			RouterContext ();
 			void Init ();
 
+			const i2p::data::PrivateKeys& GetPrivateKeys () const { return m_Keys; };
 			i2p::data::RouterInfo& GetRouterInfo () { return m_RouterInfo; };
 			std::shared_ptr<const i2p::data::RouterInfo> GetSharedRouterInfo () const 
 			{ 
@@ -48,6 +46,7 @@ namespace i2p
 			uint32_t GetUptime () const;
 			uint32_t GetStartupTime () const { return m_StartupTime; };
 			uint64_t GetLastUpdateTime () const { return m_LastUpdateTime; };
+			uint64_t GetBandwidthLimit () const { return m_BandwidthLimit; };
 			RouterStatus GetStatus () const { return m_Status; };
 			void SetStatus (RouterStatus status);
 
@@ -60,24 +59,30 @@ namespace i2p
 			void SetReachable ();
 			bool IsFloodfill () const { return m_IsFloodfill; };	
 			void SetFloodfill (bool floodfill);	
-			void SetHighBandwidth ();
-			void SetLowBandwidth ();
-			void SetExtraBandwidth ();
+			void SetFamily (const std::string& family);
+			std::string GetFamily () const;
+			void SetBandwidth (int limit); /* in kilobytes */
+			void SetBandwidth (char L); /* by letter */
 			bool AcceptsTunnels () const { return m_AcceptsTunnels; };
 			void SetAcceptsTunnels (bool acceptsTunnels) { m_AcceptsTunnels = acceptsTunnels; };
 			bool SupportsV6 () const { return m_RouterInfo.IsV6 (); };
+			bool SupportsV4 () const { return m_RouterInfo.IsV4 (); };
 			void SetSupportsV6 (bool supportsV6);
+			void SetSupportsV4 (bool supportsV4);
+
 			void UpdateNTCPV6Address (const boost::asio::ip::address& host); // called from NTCP session		
-			void UpdateStats ();		
+			void UpdateStats ();	
+			void CleanupDestination ();	// garlic destination
 
 			// implements LocalDestination
-			const i2p::data::PrivateKeys& GetPrivateKeys () const { return m_Keys; };
+			std::shared_ptr<const i2p::data::IdentityEx> GetIdentity () const { return m_Keys.GetPublic (); };
 			const uint8_t * GetEncryptionPrivateKey () const { return m_Keys.GetPrivateKey (); };
 			const uint8_t * GetEncryptionPublicKey () const { return GetIdentity ()->GetStandardIdentity ().publicKey; };
+			void Sign (const uint8_t * buf, int len, uint8_t * signature) const { m_Keys.Sign (buf, len, signature); }; 
 			void SetLeaseSetUpdated () {};
 
 			// implements GarlicDestination
-			std::shared_ptr<const i2p::data::LeaseSet> GetLeaseSet () { return nullptr; };
+			std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSet () { return nullptr; };
 			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () const;
 			void HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
 
@@ -100,6 +105,7 @@ namespace i2p
 			uint64_t m_LastUpdateTime;
 			bool m_AcceptsTunnels, m_IsFloodfill;
 			uint64_t m_StartupTime; // in seconds since epoch
+			uint32_t m_BandwidthLimit; // allowed bandwidth
 			RouterStatus m_Status;
 			std::mutex m_GarlicMutex;
 	};

RouterInfo.cpp

@@ -8,16 +8,23 @@
 #include "Base.h"
 #include "Timestamp.h"
 #include "Log.h"
+#include "NetDb.h"
 #include "RouterInfo.h"
 
 namespace i2p
 {
 namespace data
 {		
+	RouterInfo::RouterInfo (): m_Buffer (nullptr) 
+	{ 
+		m_Addresses = std::make_shared<Addresses>(); // create empty list
+	}
+	
 	RouterInfo::RouterInfo (const std::string& fullPath):
 		m_FullPath (fullPath), m_IsUpdated (false), m_IsUnreachable (false), 
 		m_SupportedTransports (0), m_Caps (0)
 	{
+		m_Addresses = std::make_shared<Addresses>(); // create empty list
 		m_Buffer = new uint8_t[MAX_RI_BUFFER_SIZE];
 		ReadFromFile ();
 	}	
@@ -25,6 +32,7 @@ namespace data
 	RouterInfo::RouterInfo (const uint8_t * buf, int len):
 		m_IsUpdated (true), m_IsUnreachable (false), m_SupportedTransports (0), m_Caps (0)
 	{
+		m_Addresses = std::make_shared<Addresses>(); // create empty list
 		m_Buffer = new uint8_t[MAX_RI_BUFFER_SIZE];
 		memcpy (m_Buffer, buf, len);
 		m_BufferLen = len;
@@ -47,7 +55,7 @@ namespace data
 			m_IsUnreachable = false;
 			m_SupportedTransports = 0;
 			m_Caps = 0;
-			m_Addresses.clear ();
+			// don't clean up m_Addresses, it will be replaced in ReadFromStream
 			m_Properties.clear ();
 			// copy buffer
 			if (!m_Buffer)	
@@ -76,7 +84,7 @@ namespace data
 	
 	bool RouterInfo::LoadFile ()
 	{
-		std::ifstream s(m_FullPath.c_str (), std::ifstream::binary);
+		std::ifstream s(m_FullPath, std::ifstream::binary);
 		if (s.is_open ())	
 		{	
 			s.seekg (0,std::ios::end);
@@ -103,6 +111,8 @@ namespace data
 	{
 		if (LoadFile ())
 			ReadFromBuffer (false); 
+		else
+			m_IsUnreachable = true;	
 	}	
 
 	void RouterInfo::ReadFromBuffer (bool verifySignature)
@@ -141,11 +151,13 @@ namespace data
 		s.read ((char *)&m_Timestamp, sizeof (m_Timestamp));
 		m_Timestamp = be64toh (m_Timestamp);
 		// read addresses
+		auto addresses = std::make_shared<Addresses>(); 
 		uint8_t numAddresses;
 		s.read ((char *)&numAddresses, sizeof (numAddresses)); if (!s) return;	
 		bool introducers = false;
 		for (int i = 0; i < numAddresses; i++)
 		{
+			uint8_t supportedTransports = 0;
 			bool isValidAddress = true;
 			Address address;
 			s.read ((char *)&address.cost, sizeof (address.cost));
@@ -178,12 +190,12 @@ namespace data
 					{	
 						if (address.transportStyle == eTransportNTCP)
 						{
-							m_SupportedTransports |= eNTCPV4; // TODO:
+							supportedTransports |= eNTCPV4; // TODO:
 							address.addressString = value;
 						}
 						else
 						{	
-							m_SupportedTransports |= eSSUV4; // TODO:
+							supportedTransports |= eSSUV4; // TODO:
 							address.addressString = value;
 						}	
 					}	
@@ -191,9 +203,9 @@ namespace data
 					{
 						// add supported protocol
 						if (address.host.is_v4 ())
-							m_SupportedTransports |= (address.transportStyle == eTransportNTCP) ? eNTCPV4 : eSSUV4;	
+							supportedTransports |= (address.transportStyle == eTransportNTCP) ? eNTCPV4 : eSSUV4;	
 						else
-							m_SupportedTransports |= (address.transportStyle == eTransportNTCP) ? eNTCPV6 : eSSUV6;
+							supportedTransports |= (address.transportStyle == eTransportNTCP) ? eNTCPV6 : eSSUV6;
  					}	
 				}	
 				else if (!strcmp (key, "port"))
@@ -229,8 +241,12 @@ namespace data
 				if (!s) return;
 			}	
 			if (isValidAddress)
-				m_Addresses.push_back(address);
+			{
+				addresses->push_back(std::make_shared<Address>(address));
+				m_SupportedTransports |= supportedTransports;
+			}
 		}	
+		m_Addresses = addresses;
 		// read peers
 		uint8_t numPeers;
 		s.read ((char *)&numPeers, sizeof (numPeers)); if (!s) return;
@@ -258,17 +274,36 @@ namespace data
 			if (!strcmp (key, "caps"))
 				ExtractCaps (value);
 			// check netId
-			if (!strcmp (key, "netId") && atoi (value) != I2PD_NET_ID)
+			else if (!strcmp (key, ROUTER_INFO_PROPERTY_NETID) && atoi (value) != I2PD_NET_ID)
 			{
-				LogPrint (eLogError, "Unexpected netid=", value);
+				LogPrint (eLogError, "Unexpected ", ROUTER_INFO_PROPERTY_NETID, "=", value);
 				m_IsUnreachable = true;		
 			}	
+			// family
+			else if (!strcmp (key, ROUTER_INFO_PROPERTY_FAMILY))
+			{
+				m_Family = value;
+				boost::to_lower (m_Family);
+			}
+			else if (!strcmp (key, ROUTER_INFO_PROPERTY_FAMILY_SIG))
+			{
+				if (!netdb.GetFamilies ().VerifyFamily (m_Family, GetIdentHash (), value))
+				{
+					LogPrint (eLogWarning, "RouterInfo: family signature verification failed");
+					m_Family.clear ();
+				}
+			}				
+
 			if (!s) return;
 		}		
 
-		if (!m_SupportedTransports || !m_Addresses.size() || (UsesIntroducer () && !introducers))
+		if (!m_SupportedTransports || !m_Addresses->size() || (UsesIntroducer () && !introducers))
 			SetUnreachable (true);
-	}	
+	}
+
+  bool RouterInfo::IsFamily(const std::string & fam) const {
+    return m_Family == fam;
+  }
 
 	void RouterInfo::ExtractCaps (const char * value)
 	{
@@ -313,36 +348,40 @@ namespace data
 	void RouterInfo::UpdateCapsProperty ()
 	{	
 		std::string caps;
-		if (m_Caps & eFloodfill) 
-		{
-			if (m_Caps & eExtraBandwidth) caps += CAPS_FLAG_EXTRA_BANDWIDTH1; // 'P'
-			caps += CAPS_FLAG_HIGH_BANDWIDTH3; // 'O'
+		if (m_Caps & eFloodfill) {
 			caps += CAPS_FLAG_FLOODFILL; // floodfill  
-		}	
-		else
-		{
-			if (m_Caps & eExtraBandwidth) caps += CAPS_FLAG_EXTRA_BANDWIDTH1;
-			caps += (m_Caps & eHighBandwidth) ? CAPS_FLAG_HIGH_BANDWIDTH3 : CAPS_FLAG_LOW_BANDWIDTH2; // bandwidth	
+			caps += (m_Caps & eExtraBandwidth)
+				? CAPS_FLAG_EXTRA_BANDWIDTH1 // 'P'
+				: CAPS_FLAG_HIGH_BANDWIDTH3; // 'O'
+		} else {
+			if (m_Caps & eExtraBandwidth) {
+				caps += CAPS_FLAG_EXTRA_BANDWIDTH1; // 'P'
+			} else if (m_Caps & eHighBandwidth) {
+				caps += CAPS_FLAG_HIGH_BANDWIDTH3; // 'O'
+			} else {
+				caps += CAPS_FLAG_LOW_BANDWIDTH2; // 'L'
+			}
 		}	
 		if (m_Caps & eHidden) caps += CAPS_FLAG_HIDDEN; // hidden
 		if (m_Caps & eReachable) caps += CAPS_FLAG_REACHABLE; // reachable
 		if (m_Caps & eUnreachable) caps += CAPS_FLAG_UNREACHABLE; // unreachable
 
-		SetProperty ("caps", caps.c_str ());
+		SetProperty ("caps", caps);
 	}
 		
-	void RouterInfo::WriteToStream (std::ostream& s)
+	void RouterInfo::WriteToStream (std::ostream& s) const
 	{
 		uint64_t ts = htobe64 (m_Timestamp);
-		s.write ((char *)&ts, sizeof (ts));
+		s.write ((const char *)&ts, sizeof (ts));
 
 		// addresses
-		uint8_t numAddresses = m_Addresses.size ();
+		uint8_t numAddresses = m_Addresses->size ();
 		s.write ((char *)&numAddresses, sizeof (numAddresses));
-		for (auto& address : m_Addresses)
+		for (const auto& addr_ptr : *m_Addresses)
 		{
-			s.write ((char *)&address.cost, sizeof (address.cost));
-			s.write ((char *)&address.date, sizeof (address.date));
+			const Address& address = *addr_ptr;
+			s.write ((const char *)&address.cost, sizeof (address.cost));
+			s.write ((const char *)&address.date, sizeof (address.date));
 			std::stringstream properties;
 			if (address.transportStyle == eTransportNTCP)
 				WriteString ("NTCP", s);
@@ -371,7 +410,7 @@ namespace data
 				if (address.introducers.size () > 0)
 				{	
 					int i = 0;
-					for (auto introducer: address.introducers)
+					for (const auto& introducer: address.introducers)
 					{
 						WriteString ("ihost" + boost::lexical_cast<std::string>(i), properties);
 						properties << '=';
@@ -380,7 +419,7 @@ namespace data
 						i++;
 					}	
 					i = 0;
-					for (auto introducer: address.introducers)
+					for (const auto& introducer: address.introducers)
 					{
 						WriteString ("ikey" + boost::lexical_cast<std::string>(i), properties);
 						properties << '=';
@@ -392,7 +431,7 @@ namespace data
 						i++;
 					}	
 					i = 0;
-					for (auto introducer: address.introducers)
+					for (const auto& introducer: address.introducers)
 					{
 						WriteString ("iport" + boost::lexical_cast<std::string>(i), properties);
 						properties << '=';
@@ -401,7 +440,7 @@ namespace data
 						i++;
 					}	
 					i = 0;
-					for (auto introducer: address.introducers)
+					for (const auto& introducer: address.introducers)
 					{
 						WriteString ("itag" + boost::lexical_cast<std::string>(i), properties);
 						properties << '=';
@@ -443,7 +482,7 @@ namespace data
 
 		// properties
 		std::stringstream properties;
-		for (auto& p : m_Properties)
+		for (const auto& p : m_Properties)
 		{
 			WriteString (p.first, properties);
 			properties << '=';
@@ -455,6 +494,14 @@ namespace data
 		s.write (properties.str ().c_str (), properties.str ().size ());
 	}	
 
+	bool RouterInfo::IsNewer (const uint8_t * buf, size_t len) const
+	{
+		if (!m_RouterIdentity) return false;
+		size_t size = m_RouterIdentity->GetFullLen ();
+		if (size + 8 > len) return false;
+		return bufbe64toh (buf + size) > m_Timestamp; 
+	}
+
 	const uint8_t * RouterInfo::LoadBuffer ()
 	{
 		if (!m_Buffer)
@@ -482,19 +529,20 @@ namespace data
 		m_BufferLen += privateKeys.GetPublic ()->GetSignatureLen ();
 	}	
 
-	void RouterInfo::SaveToFile (const std::string& fullPath)
+	bool RouterInfo::SaveToFile (const std::string& fullPath)
 	{
 		m_FullPath = fullPath;
-		if (m_Buffer)
-		{	
-			std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
-			if (f.is_open ())
-				f.write ((char *)m_Buffer, m_BufferLen);
-			else
-				LogPrint(eLogError, "RouterInfo: Can't save to ", fullPath);
-		}
-		else
+		if (!m_Buffer) {
 			LogPrint (eLogError, "RouterInfo: Can't save, m_Buffer == NULL");
+			return false;
+		}
+		std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
+		if (!f.is_open ()) {
+			LogPrint(eLogError, "RouterInfo: Can't save to ", fullPath);
+			return false;
+		}
+		f.write ((char *)m_Buffer, m_BufferLen);
+		return true;
 	}
 	
 	size_t RouterInfo::ReadString (char * str, std::istream& s)
@@ -515,46 +563,47 @@ namespace data
 
 	void RouterInfo::AddNTCPAddress (const char * host, int port)
 	{
-		Address addr;
-		addr.host = boost::asio::ip::address::from_string (host);
-		addr.port = port;
-		addr.transportStyle = eTransportNTCP;
-		addr.cost = 2;
-		addr.date = 0;
-		addr.mtu = 0;
-		for (auto it: m_Addresses) // don't insert same address twice
-			if (it == addr) return;
-		m_Addresses.push_back(addr);	
-		m_SupportedTransports |= addr.host.is_v6 () ? eNTCPV6 : eNTCPV4;
+		auto addr = std::make_shared<Address>();
+		addr->host = boost::asio::ip::address::from_string (host);
+		addr->port = port;
+		addr->transportStyle = eTransportNTCP;
+		addr->cost = 2;
+		addr->date = 0;
+		addr->mtu = 0;
+		for (const auto& it: *m_Addresses) // don't insert same address twice
+			if (*it == *addr) return;
+		m_SupportedTransports |= addr->host.is_v6 () ? eNTCPV6 : eNTCPV4;
+		m_Addresses->push_back(std::move(addr));
 	}	
 
 	void RouterInfo::AddSSUAddress (const char * host, int port, const uint8_t * key, int mtu)
 	{
-		Address addr;
-		addr.host = boost::asio::ip::address::from_string (host);
-		addr.port = port;
-		addr.transportStyle = eTransportSSU;
-		addr.cost = 10; // NTCP should have priority over SSU
-		addr.date = 0;
-		addr.mtu = mtu; 
-		memcpy (addr.key, key, 32);
-		for (auto it: m_Addresses) // don't insert same address twice
-			if (it == addr) return;
-		m_Addresses.push_back(addr);	
-		m_SupportedTransports |= addr.host.is_v6 () ? eSSUV6 : eSSUV4;
-		m_Caps |= eSSUTesting; 
-		m_Caps |= eSSUIntroducer; 
+		auto addr = std::make_shared<Address>();
+		addr->host = boost::asio::ip::address::from_string (host);
+		addr->port = port;
+		addr->transportStyle = eTransportSSU;
+		addr->cost = 10; // NTCP should have priority over SSU
+		addr->date = 0;
+		addr->mtu = mtu; 
+		memcpy (addr->key, key, 32);
+		for (const auto& it: *m_Addresses) // don't insert same address twice
+			if (*it == *addr) return;
+		m_SupportedTransports |= addr->host.is_v6 () ? eSSUV6 : eSSUV4;
+		m_Addresses->push_back(std::move(addr));
+
+		m_Caps |= eSSUTesting;
+		m_Caps |= eSSUIntroducer;
 	}	
 
 	bool RouterInfo::AddIntroducer (const Introducer& introducer)
 	{
-		for (auto& addr : m_Addresses)
+		for (auto& addr : *m_Addresses)
 		{
-			if (addr.transportStyle == eTransportSSU && addr.host.is_v4 ())
+			if (addr->transportStyle == eTransportSSU && addr->host.is_v4 ())
 			{	
-				for (auto intro: addr.introducers)
+				for (auto& intro: addr->introducers)
 					if (intro.iTag == introducer.iTag) return false; // already presented
-				addr.introducers.push_back (introducer);
+				addr->introducers.push_back (introducer);
 				return true;
 			}	
 		}	
@@ -563,16 +612,16 @@ namespace data
 
 	bool RouterInfo::RemoveIntroducer (const boost::asio::ip::udp::endpoint& e)
 	{		
-		for (auto& addr : m_Addresses)
+		for (auto& addr: *m_Addresses)
 		{
-			if (addr.transportStyle == eTransportSSU && addr.host.is_v4 ())
+			if (addr->transportStyle == eTransportSSU && addr->host.is_v4 ())
 			{	
-				for (std::vector<Introducer>::iterator it = addr.introducers.begin (); it != addr.introducers.end (); it++)
+				for (auto it = addr->introducers.begin (); it != addr->introducers.end (); ++it)
 					if ( boost::asio::ip::udp::endpoint (it->iHost, it->iPort) == e) 
 					{
-						addr.introducers.erase (it);
+						addr->introducers.erase (it);
 						return true;
-					}	
+					}
 			}	
 		}	
 		return false;
@@ -601,11 +650,14 @@ namespace data
 		m_Properties.erase (key);
 	}
 
-	bool RouterInfo::IsFloodfill () const
+	std::string RouterInfo::GetProperty (const std::string& key) const 
 	{
-		return m_Caps & Caps::eFloodfill;
+		auto it = m_Properties.find (key);
+		if (it != m_Properties.end ())
+			return it->second;
+		return "";
 	}	
-
+		
 	bool RouterInfo::IsNTCP (bool v4only) const
 	{
 		if (v4only)
@@ -627,70 +679,86 @@ namespace data
 		return m_SupportedTransports & (eNTCPV6 | eSSUV6);
 	}
 
+	bool RouterInfo::IsV4 () const
+	{
+		return m_SupportedTransports & (eNTCPV4 | eSSUV4);
+	}
+	
 	void RouterInfo::EnableV6 ()
 	{
 		if (!IsV6 ())
 			m_SupportedTransports |= eNTCPV6 | eSSUV6;
 	}
-		
+
+  void RouterInfo::EnableV4 ()
+	{
+		if (!IsV4 ())
+			m_SupportedTransports |= eNTCPV4 | eSSUV4;
+	}
+	
+  
 	void RouterInfo::DisableV6 ()
 	{		
 		if (IsV6 ())
 		{	
-			// NTCP
-			m_SupportedTransports &= ~eNTCPV6; 
-			for (size_t i = 0; i < m_Addresses.size (); i++)
+			m_SupportedTransports &= ~(eNTCPV6 | eSSUV6); 
+			for (auto it = m_Addresses->begin (); it != m_Addresses->end ();)
 			{
-				if (m_Addresses[i].transportStyle == i2p::data::RouterInfo::eTransportNTCP &&
-					m_Addresses[i].host.is_v6 ())
-				{
-					m_Addresses.erase (m_Addresses.begin () + i);
-					break;
-				}
-			}	
-			
-			// SSU
-			m_SupportedTransports &= ~eSSUV6; 
-			for (size_t i = 0; i < m_Addresses.size (); i++)
-			{
-				if (m_Addresses[i].transportStyle == i2p::data::RouterInfo::eTransportSSU &&
-					m_Addresses[i].host.is_v6 ())
-				{
-					m_Addresses.erase (m_Addresses.begin () + i);
-					break;
-				}
+				auto addr = *it;
+				if (addr->host.is_v6 ())
+					it = m_Addresses->erase (it);
+				else
+					++it;
 			}	
 		}	
 	}
-		
+
+  void RouterInfo::DisableV4 ()
+	{		
+		if (IsV4 ())
+		{	
+			m_SupportedTransports &= ~(eNTCPV4 | eSSUV4); 
+			for (auto it = m_Addresses->begin (); it != m_Addresses->end ();)
+			{
+				auto addr = *it;
+				if (addr->host.is_v4 ())
+					it = m_Addresses->erase (it);
+				else
+					++it;
+			}	
+		}	
+	}
+	
+  
 	bool RouterInfo::UsesIntroducer () const
 	{
 		return m_Caps & Caps::eUnreachable; // non-reachable
 	}		
 		
-	const RouterInfo::Address * RouterInfo::GetNTCPAddress (bool v4only) const
+	std::shared_ptr<const RouterInfo::Address> RouterInfo::GetNTCPAddress (bool v4only) const
 	{
 		return GetAddress (eTransportNTCP, v4only);
 	}	
 
-	const RouterInfo::Address * RouterInfo::GetSSUAddress (bool v4only) const 
+	std::shared_ptr<const RouterInfo::Address> RouterInfo::GetSSUAddress (bool v4only) const 
 	{
 		return GetAddress (eTransportSSU, v4only);
 	}	
 
-	const RouterInfo::Address * RouterInfo::GetSSUV6Address () const 
+	std::shared_ptr<const RouterInfo::Address> RouterInfo::GetSSUV6Address () const 
 	{
 		return GetAddress (eTransportSSU, false, true);
 	}	
 		
-	const RouterInfo::Address * RouterInfo::GetAddress (TransportStyle s, bool v4only, bool v6only) const
+	std::shared_ptr<const RouterInfo::Address> RouterInfo::GetAddress (TransportStyle s, bool v4only, bool v6only) const
 	{
-		for (auto& address : m_Addresses)
+		auto addresses = m_Addresses;
+		for (const auto& address : *addresses)
 		{
-			if (address.transportStyle == s)
+			if (address->transportStyle == s)
 			{	
-				if ((!v4only || address.host.is_v4 ()) && (!v6only || address.host.is_v6 ()))
-					return &address;
+				if ((!v4only || address->host.is_v4 ()) && (!v6only || address->host.is_v6 ()))
+					return address;
 			}	
 		}	
 		return nullptr;

RouterInfo.h

@@ -5,6 +5,7 @@
 #include <string>
 #include <map>
 #include <vector>
+#include <list>
 #include <iostream>
 #include <boost/asio.hpp>
 #include "Identity.h"
@@ -14,17 +15,24 @@ namespace i2p
 {
 namespace data
 {
+	const char ROUTER_INFO_PROPERTY_LEASESETS[] = "netdb.knownLeaseSets";
+	const char ROUTER_INFO_PROPERTY_ROUTERS[] = "netdb.knownRouters";	
+	const char ROUTER_INFO_PROPERTY_NETID[] = "netId";
+	const char ROUTER_INFO_PROPERTY_FAMILY[] = "family";	
+	const char ROUTER_INFO_PROPERTY_FAMILY_SIG[] = "family.sig";
+	
 	const char CAPS_FLAG_FLOODFILL = 'f';
 	const char CAPS_FLAG_HIDDEN = 'H';
 	const char CAPS_FLAG_REACHABLE = 'R';
 	const char CAPS_FLAG_UNREACHABLE = 'U';	
-	const char CAPS_FLAG_LOW_BANDWIDTH1 = 'K';		
-	const char CAPS_FLAG_LOW_BANDWIDTH2 = 'L';	
-	const char CAPS_FLAG_HIGH_BANDWIDTH1 = 'M';	
-	const char CAPS_FLAG_HIGH_BANDWIDTH2 = 'N';
-	const char CAPS_FLAG_HIGH_BANDWIDTH3 = 'O';
-	const char CAPS_FLAG_EXTRA_BANDWIDTH1 = 'P';
-	const char CAPS_FLAG_EXTRA_BANDWIDTH2 = 'X';
+	/* bandwidth flags */
+	const char CAPS_FLAG_LOW_BANDWIDTH1   = 'K'; /*   < 12 KBps */
+	const char CAPS_FLAG_LOW_BANDWIDTH2   = 'L'; /*  12-48 KBps */
+	const char CAPS_FLAG_HIGH_BANDWIDTH1  = 'M'; /*  48-64 KBps */
+	const char CAPS_FLAG_HIGH_BANDWIDTH2  = 'N'; /*  64-128 KBps */
+	const char CAPS_FLAG_HIGH_BANDWIDTH3  = 'O'; /* 128-256 KBps */
+	const char CAPS_FLAG_EXTRA_BANDWIDTH1 = 'P'; /* 256-2000 KBps */
+	const char CAPS_FLAG_EXTRA_BANDWIDTH2 = 'X'; /*   > 2000 KBps */
 	
 	const char CAPS_FLAG_SSU_TESTING = 'B';
 	const char CAPS_FLAG_SSU_INTRODUCER = 'C';
@@ -98,9 +106,10 @@ namespace data
 					return !(*this == other);
 				}	
 			};
-			
+			typedef std::list<std::shared_ptr<Address> > Addresses;			
+
+			RouterInfo ();
 			RouterInfo (const std::string& fullPath);
-			RouterInfo (): m_Buffer (nullptr) { };
 			RouterInfo (const RouterInfo& ) = default;
 			RouterInfo& operator=(const RouterInfo& ) = default;
 			RouterInfo (const uint8_t * buf, int len);
@@ -110,10 +119,10 @@ namespace data
 			void SetRouterIdentity (std::shared_ptr<const IdentityEx> identity);
 			std::string GetIdentHashBase64 () const { return GetIdentHash ().ToBase64 (); };
 			uint64_t GetTimestamp () const { return m_Timestamp; };
-			std::vector<Address>& GetAddresses () { return m_Addresses; };
-			const Address * GetNTCPAddress (bool v4only = true) const;
-			const Address * GetSSUAddress (bool v4only = true) const;
-			const Address * GetSSUV6Address () const;
+			Addresses& GetAddresses () { return *m_Addresses; }; // should be called for local RI only, otherwise must return shared_ptr
+			std::shared_ptr<const Address> GetNTCPAddress (bool v4only = true) const;
+			std::shared_ptr<const Address> GetSSUAddress (bool v4only = true) const;
+			std::shared_ptr<const Address> GetSSUV6Address () const;
 			
 			void AddNTCPAddress (const char * host, int port);
 			void AddSSUAddress (const char * host, int port, const uint8_t * key, int mtu = 0);
@@ -121,13 +130,18 @@ namespace data
 			bool RemoveIntroducer (const boost::asio::ip::udp::endpoint& e);
 			void SetProperty (const std::string& key, const std::string& value); // called from RouterContext only
 			void DeleteProperty (const std::string& key); // called from RouterContext only
+			std::string GetProperty (const std::string& key) const; // called from RouterContext only
 			void ClearProperties () { m_Properties.clear (); };
-			bool IsFloodfill () const;
+			bool IsFloodfill () const { return m_Caps & Caps::eFloodfill; };
+			bool IsReachable () const { return m_Caps & Caps::eReachable; };
 			bool IsNTCP (bool v4only = true) const;
 			bool IsSSU (bool v4only = true) const;
 			bool IsV6 () const;
+			bool IsV4 () const;
 			void EnableV6 ();
 			void DisableV6 ();
+			void EnableV4 ();
+			void DisableV4 ();
 			bool IsCompatible (const RouterInfo& other) const { return m_SupportedTransports & other.m_SupportedTransports; };
 			bool UsesIntroducer () const;
 			bool IsIntroducer () const { return m_Caps & eSSUIntroducer; };
@@ -150,41 +164,44 @@ namespace data
 
 			bool IsUpdated () const { return m_IsUpdated; };
 			void SetUpdated (bool updated) { m_IsUpdated = updated; }; 
-			void SaveToFile (const std::string& fullPath);
+			bool SaveToFile (const std::string& fullPath);
 
 			std::shared_ptr<RouterProfile> GetProfile () const;
 			void SaveProfile () { if (m_Profile) m_Profile->Save (); };
 			
 			void Update (const uint8_t * buf, int len);
 			void DeleteBuffer () { delete[] m_Buffer; m_Buffer = nullptr; };
-			
+			bool IsNewer (const uint8_t * buf, size_t len) const;			
+
+      /** return true if we are in a router family and the signature is valid */
+      bool IsFamily(const std::string & fam) const;
+      
 			// implements RoutingDestination
 			const IdentHash& GetIdentHash () const { return m_RouterIdentity->GetIdentHash (); };
 			const uint8_t * GetEncryptionPublicKey () const { return m_RouterIdentity->GetStandardIdentity ().publicKey; };
 			bool IsDestination () const { return false; };
 
-			
 		private:
 
 			bool LoadFile ();
 			void ReadFromFile ();
 			void ReadFromStream (std::istream& s);
 			void ReadFromBuffer (bool verifySignature);
-			void WriteToStream (std::ostream& s);
-			size_t ReadString (char * str, std::istream& s);
-			void WriteString (const std::string& str, std::ostream& s);
+			void WriteToStream (std::ostream& s) const;
+			static size_t ReadString (char* str, std::istream& s);
+			static void WriteString (const std::string& str, std::ostream& s);
 			void ExtractCaps (const char * value);
-			const Address * GetAddress (TransportStyle s, bool v4only, bool v6only = false) const;
+			std::shared_ptr<const Address> GetAddress (TransportStyle s, bool v4only, bool v6only = false) const;
 			void UpdateCapsProperty ();			
 
 		private:
 
-			std::string m_FullPath;
+			std::string m_FullPath, m_Family;
 			std::shared_ptr<const IdentityEx> m_RouterIdentity;
 			uint8_t * m_Buffer;
 			size_t m_BufferLen;
 			uint64_t m_Timestamp;
-			std::vector<Address> m_Addresses;
+			std::shared_ptr<Addresses> m_Addresses;
 			std::map<std::string, std::string> m_Properties;
 			bool m_IsUpdated, m_IsUnreachable;
 			uint8_t m_SupportedTransports, m_Caps;

SAM.cpp

@@ -47,16 +47,17 @@ namespace client
 			break;
 			case eSAMSocketTypeStream:
 			{
-				if (m_Session)
-					m_Session->sockets.remove (shared_from_this ());
+				if (m_Session) 
+					m_Session->DelSocket (shared_from_this ());
 				break;
 			}
 			case eSAMSocketTypeAcceptor:
 			{
 				if (m_Session)
-				{
-					m_Session->sockets.remove (shared_from_this ());
-					m_Session->localDestination->StopAcceptingStreams ();
+				{	
+					m_Session->DelSocket (shared_from_this ());
+					if (m_Session->localDestination)
+						m_Session->localDestination->StopAcceptingStreams ();
 				}
 				break;
 			}
@@ -64,7 +65,8 @@ namespace client
 				;
 		}
 		m_SocketType = eSAMSocketTypeTerminated;
-		m_Socket.close ();
+		if (m_Socket.is_open()) m_Socket.close ();
+		m_Session = nullptr;
 	}
 
 	void SAMSocket::ReceiveHandshake ()
@@ -369,7 +371,7 @@ namespace client
 	void SAMSocket::Connect (std::shared_ptr<const i2p::data::LeaseSet> remote)
 	{
 		m_SocketType = eSAMSocketTypeStream;
-		m_Session->sockets.push_back (shared_from_this ());
+		m_Session->AddSocket (shared_from_this ());
 		m_Stream = m_Session->localDestination->CreateStream (remote);
 		m_Stream->Send ((uint8_t *)m_Buffer, 0); // connect
 		I2PReceive ();			
@@ -402,7 +404,7 @@ namespace client
 			if (!m_Session->localDestination->IsAcceptingStreams ())
 			{
 				m_SocketType = eSAMSocketTypeAcceptor;
-				m_Session->sockets.push_back (shared_from_this ());
+				m_Session->AddSocket (shared_from_this ());
 				m_Session->localDestination->AcceptStreams (std::bind (&SAMSocket::HandleI2PAccept, shared_from_this (), std::placeholders::_1));
 				SendMessageReply (SAM_STREAM_STATUS_OK, strlen(SAM_STREAM_STATUS_OK), false);
 			}
@@ -631,10 +633,15 @@ namespace client
 			m_SocketType = eSAMSocketTypeStream;
 			if (!m_IsSilent)
 			{
-				// send remote peer address
-				uint8_t ident[1024];
-				size_t l = stream->GetRemoteIdentity ()->ToBuffer (ident, 1024);
-				size_t l1 = i2p::data::ByteStreamToBase64 (ident, l, (char *)m_StreamBuffer, SAM_SOCKET_BUFFER_SIZE);
+				// get remote peer address
+				auto ident_ptr = stream->GetRemoteIdentity();
+				const size_t ident_len = ident_ptr->GetFullLen();
+				uint8_t* ident = new uint8_t[ident_len];
+
+				// send remote peer address as base64 
+				const size_t l = ident_ptr->ToBuffer (ident, ident_len);
+				const size_t l1 = i2p::data::ByteStreamToBase64 (ident, l, (char *)m_StreamBuffer, SAM_SOCKET_BUFFER_SIZE);
+				delete[] ident;
 				m_StreamBuffer[l1] = '\n';
 				HandleI2PReceive (boost::system::error_code (), l1 +1); // we send identity like it has been received from stream
 			}	
@@ -671,19 +678,20 @@ namespace client
 		
 	SAMSession::~SAMSession ()
 	{
-		for (auto it: sockets)
-			it->SetSocketType (eSAMSocketTypeTerminated);
+		CloseStreams();
 		i2p::client::context.DeleteLocalDestination (localDestination);
 	}
 
 	void SAMSession::CloseStreams ()
 	{
-		for (auto it: sockets)
-		{	
-			it->CloseStream ();
-			it->SetSocketType (eSAMSocketTypeTerminated);
-		}	
-		sockets.clear ();
+		{
+			std::lock_guard<std::mutex> lock(m_SocketsMutex);
+			for (auto& sock : m_Sockets) {
+				sock->CloseStream();
+			}
+		}
+		// XXX: should this be done inside locked parts?
+		m_Sockets.clear();
 	}
 
 	SAMBridge::SAMBridge (const std::string& address, int port):
@@ -711,8 +719,8 @@ namespace client
 	{
 		m_IsRunning = false;
 		m_Acceptor.cancel ();
-		for (auto it: m_Sessions)
-			delete it.second;
+		for (auto& it: m_Sessions)
+			it.second->CloseStreams ();
 		m_Sessions.clear ();
 		m_Service.stop ();
 		if (m_Thread)
@@ -766,7 +774,7 @@ namespace client
 			Accept ();
 	}
 
-	SAMSession * SAMBridge::CreateSession (const std::string& id, const std::string& destination, 
+	std::shared_ptr<SAMSession> SAMBridge::CreateSession (const std::string& id, const std::string& destination, 
 		const std::map<std::string, std::string> * params)
 	{
 		std::shared_ptr<ClientDestination> localDestination = nullptr; 
@@ -791,8 +799,9 @@ namespace client
 		}
 		if (localDestination)
 		{
+			auto session = std::make_shared<SAMSession>(localDestination);
 			std::unique_lock<std::mutex> l(m_SessionsMutex);
-			auto ret = m_Sessions.insert (std::pair<std::string, SAMSession *>(id, new SAMSession (localDestination)));
+			auto ret = m_Sessions.insert (std::make_pair(id, session));
 			if (!ret.second)
 				LogPrint (eLogWarning, "SAM: Session ", id, " already exists");
 			return ret.first->second;
@@ -802,19 +811,24 @@ namespace client
 
 	void SAMBridge::CloseSession (const std::string& id)
 	{
-		std::unique_lock<std::mutex> l(m_SessionsMutex);
-		auto it = m_Sessions.find (id);
-		if (it != m_Sessions.end ())
+		std::shared_ptr<SAMSession> session;
 		{
-			auto session = it->second;
+			std::unique_lock<std::mutex> l(m_SessionsMutex);
+			auto it = m_Sessions.find (id);
+			if (it != m_Sessions.end ())
+			{	
+				session = it->second;
+				m_Sessions.erase (it);
+			}	
+		}	
+		if (session)
+		{	
 			session->localDestination->StopAcceptingStreams ();
 			session->CloseStreams ();
-			m_Sessions.erase (it);
-			delete session;
 		}
 	}
 
-	SAMSession * SAMBridge::FindSession (const std::string& id) const
+	std::shared_ptr<SAMSession> SAMBridge::FindSession (const std::string& id) const
 	{
 		std::unique_lock<std::mutex> l(m_SessionsMutex);
 		auto it = m_Sessions.find (id);

SAM.h

@@ -128,13 +128,36 @@ namespace client
 			std::string m_ID; // nickname
 			bool m_IsSilent;
 			std::shared_ptr<i2p::stream::Stream> m_Stream;
-			SAMSession * m_Session;
+			std::shared_ptr<SAMSession> m_Session;
 	};	
 
 	struct SAMSession
 	{
 		std::shared_ptr<ClientDestination> localDestination;
-		std::list<std::shared_ptr<SAMSocket> > sockets;
+		std::list<std::shared_ptr<SAMSocket> > m_Sockets;
+		std::mutex m_SocketsMutex;
+
+		/** safely add a socket to this session */
+		void AddSocket(std::shared_ptr<SAMSocket> sock) {
+			std::lock_guard<std::mutex> lock(m_SocketsMutex);
+			m_Sockets.push_back(sock);
+		}
+
+		/** safely remove a socket from this session */
+		void DelSocket(std::shared_ptr<SAMSocket> sock) {
+			std::lock_guard<std::mutex> lock(m_SocketsMutex);
+			m_Sockets.remove(sock);
+		}
+
+		/** get a list holding a copy of all sam sockets from this session */
+		std::list<std::shared_ptr<SAMSocket> > ListSockets() {
+			std::list<std::shared_ptr<SAMSocket> > l;
+			{
+				std::lock_guard<std::mutex> lock(m_SocketsMutex);
+				for(const auto& sock : m_Sockets ) l.push_back(sock);
+			}
+			return l;
+		}
 		
 		SAMSession (std::shared_ptr<ClientDestination> dest);		
 		~SAMSession ();
@@ -153,10 +176,10 @@ namespace client
 			void Stop ();
 			
 			boost::asio::io_service& GetService () { return m_Service; };
-			SAMSession * CreateSession (const std::string& id, const std::string& destination, // empty string  means transient
+			std::shared_ptr<SAMSession> CreateSession (const std::string& id, const std::string& destination, // empty string  means transient
 				const std::map<std::string, std::string> * params);
 			void CloseSession (const std::string& id);
-			SAMSession * FindSession (const std::string& id) const;
+			std::shared_ptr<SAMSession> FindSession (const std::string& id) const;
 
 		private:
 
@@ -177,7 +200,7 @@ namespace client
 			boost::asio::ip::udp::endpoint m_DatagramEndpoint, m_SenderEndpoint;
 			boost::asio::ip::udp::socket m_DatagramSocket;
 			mutable std::mutex m_SessionsMutex;
-			std::map<std::string, SAMSession *> m_Sessions;
+			std::map<std::string, std::shared_ptr<SAMSession> > m_Sessions;
 			uint8_t m_DatagramReceiveBuffer[i2p::datagram::MAX_DATAGRAM_SIZE+1];
 
 		public:

SOCKS.cpp

@@ -9,6 +9,7 @@
 #include "ClientContext.h"
 #include "I2PEndian.h"
 #include "I2PTunnel.h"
+#include "I2PService.h"
 
 namespace i2p
 {
@@ -17,11 +18,15 @@ namespace proxy
 	static const size_t socks_buffer_size = 8192;
 	static const size_t max_socks_hostname_size = 255; // Limit for socks5 and bad idea to traverse
 
+	static const size_t SOCKS_FORWARDER_BUFFER_SIZE = 8192;
+
+	static const size_t SOCKS_UPSTREAM_SOCKS4A_REPLY_SIZE = 8;
+	
 	struct SOCKSDnsAddress 
 	{
 		uint8_t size;
 		char value[max_socks_hostname_size];
-		void FromString (std::string str) 
+		void FromString (const std::string& str)
 		{
 			size = str.length();
 			if (str.length() > max_socks_hostname_size) size = max_socks_hostname_size;
@@ -51,7 +56,10 @@ namespace proxy
 				GET5_IPV6,
 				GET5_HOST_SIZE,
 				GET5_HOST,
-				DONE
+				READY,
+				UPSTREAM_RESOLVE,
+				UPSTREAM_CONNECT,
+				UPSTREAM_HANDSHAKE
 			};
 			enum authMethods 
 			{
@@ -109,6 +117,7 @@ namespace proxy
 			boost::asio::const_buffers_1 GenerateSOCKS5SelectAuth(authMethods method);
 			boost::asio::const_buffers_1 GenerateSOCKS4Response(errTypes error, uint32_t ip, uint16_t port);
 			boost::asio::const_buffers_1 GenerateSOCKS5Response(errTypes error, addrTypes type, const address &addr, uint16_t port);
+		boost::asio::const_buffers_1 GenerateUpstreamRequest();
 			bool Socks5ChooseAuth();
 			void SocksRequestFailed(errTypes error);
 			void SocksRequestSuccess();
@@ -116,12 +125,29 @@ namespace proxy
 			void SentSocksDone(const boost::system::error_code & ecode);
 			void SentSocksResponse(const boost::system::error_code & ecode);
 			void HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream);
+			void ForwardSOCKS();
 
-			uint8_t m_sock_buff[socks_buffer_size];
-			std::shared_ptr<boost::asio::ip::tcp::socket> m_sock;
+		void SocksUpstreamSuccess();
+		void AsyncUpstreamSockRead();
+		void SendUpstreamRequest();
+			void HandleUpstreamData(uint8_t * buff, std::size_t len);
+		void HandleUpstreamSockSend(const boost::system::error_code & ecode, std::size_t bytes_transfered);
+		void HandleUpstreamSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered);
+		void HandleUpstreamConnected(const boost::system::error_code & ecode,
+																 boost::asio::ip::tcp::resolver::iterator itr);
+		void HandleUpstreamResolved(const boost::system::error_code & ecode,
+																boost::asio::ip::tcp::resolver::iterator itr);
+		
+		boost::asio::ip::tcp::resolver m_proxy_resolver;
+		uint8_t m_sock_buff[socks_buffer_size];
+		std::shared_ptr<boost::asio::ip::tcp::socket> m_sock, m_upstreamSock;
 			std::shared_ptr<i2p::stream::Stream> m_stream;
 			uint8_t *m_remaining_data; //Data left to be sent
+			uint8_t *m_remaining_upstream_data; //upstream data left to be forwarded
 			uint8_t m_response[7+max_socks_hostname_size];
+		uint8_t m_upstream_response[SOCKS_UPSTREAM_SOCKS4A_REPLY_SIZE];
+		uint8_t m_upstream_request[14+max_socks_hostname_size];
+		std::size_t m_upstream_response_len;
 			address m_address; //Address
 			std::size_t m_remaining_data_len; //Size of the data left to be sent
 			uint32_t m_4aip; //Used in 4a requests
@@ -133,16 +159,25 @@ namespace proxy
 			socksVersions m_socksv; //Socks version
 			cmdTypes m_cmd; // Command requested
 			state m_state;
-
+			const bool m_UseUpstreamProxy; // do we want to use the upstream proxy for non i2p addresses?
+		const std::string m_UpstreamProxyAddress;
+		const uint16_t m_UpstreamProxyPort;
+		
 		public:
-			SOCKSHandler(SOCKSServer * parent, std::shared_ptr<boost::asio::ip::tcp::socket> sock) :
-				I2PServiceHandler(parent), m_sock(sock), m_stream(nullptr),
-				m_authchosen(AUTH_UNACCEPTABLE), m_addrtype(ADDR_IPV4)
+		SOCKSHandler(SOCKSServer * parent, std::shared_ptr<boost::asio::ip::tcp::socket> sock, const std::string & upstreamAddr, const uint16_t upstreamPort, const bool useUpstream) :
+				I2PServiceHandler(parent),
+				m_proxy_resolver(parent->GetService()),
+				m_sock(sock), m_stream(nullptr),
+				m_authchosen(AUTH_UNACCEPTABLE), m_addrtype(ADDR_IPV4),
+				m_UseUpstreamProxy(useUpstream),
+				m_UpstreamProxyAddress(upstreamAddr),
+				m_UpstreamProxyPort(upstreamPort) 
 				{ m_address.ip = 0; EnterState(GET_SOCKSV); }
+				
 			~SOCKSHandler() { Terminate(); }
 			void Handle() { AsyncSockRead(); }
 	};
-
+	
 	void SOCKSHandler::AsyncSockRead()
 	{
 		LogPrint(eLogDebug, "SOCKS: async sock read");
@@ -164,6 +199,12 @@ namespace proxy
 			m_sock->close();
 			m_sock = nullptr;
 		}
+		if (m_upstreamSock)
+		{
+			LogPrint(eLogDebug, "SOCKS: closing upstream socket");
+			m_upstreamSock->close();
+			m_upstreamSock = nullptr;
+		}
 		if (m_stream) 
 		{
 			LogPrint(eLogDebug, "SOCKS: closing stream");
@@ -210,6 +251,37 @@ namespace proxy
 		return boost::asio::const_buffers_1(m_response,size);
 	}
 
+	boost::asio::const_buffers_1 SOCKSHandler::GenerateUpstreamRequest()
+	{
+		size_t upstreamRequestSize = 0;
+		// TODO: negotiate with upstream
+		// SOCKS 4a
+		m_upstream_request[0] = '\x04'; //version
+		m_upstream_request[1] = m_cmd;
+		htobe16buf(m_upstream_request+2, m_port);
+		m_upstream_request[4] = 0;
+		m_upstream_request[5] = 0;
+		m_upstream_request[6] = 0;
+		m_upstream_request[7] = 1;
+		// user id
+		m_upstream_request[8] = 'i';
+		m_upstream_request[9] = '2';
+		m_upstream_request[10] = 'p';
+		m_upstream_request[11] = 'd';
+		m_upstream_request[12] = 0;
+		upstreamRequestSize +=	13;
+		if (m_address.dns.size <= max_socks_hostname_size - ( upstreamRequestSize + 1) ) {
+			// bounds check okay
+			memcpy(m_upstream_request + upstreamRequestSize, m_address.dns.value, m_address.dns.size);
+			upstreamRequestSize += m_address.dns.size;
+			// null terminate
+			m_upstream_request[++upstreamRequestSize] = 0;
+		} else {
+			LogPrint(eLogError, "SOCKS: BUG!!! m_addr.dns.sizs > max_socks_hostname - ( upstreamRequestSize + 1 ) )");
+		}
+		return boost::asio::const_buffers_1(m_upstream_request, upstreamRequestSize);
+	}
+
 	bool SOCKSHandler::Socks5ChooseAuth()
 	{
 		m_response[0] = '\x05'; //Version
@@ -219,14 +291,14 @@ namespace proxy
 		{
 			LogPrint(eLogWarning, "SOCKS: v5 authentication negotiation failed");
 			boost::asio::async_write(*m_sock, response, std::bind(&SOCKSHandler::SentSocksFailed,
-									      shared_from_this(), std::placeholders::_1));
+												shared_from_this(), std::placeholders::_1));
 			return false;
 		} 
 		else 
 		{
 			LogPrint(eLogDebug, "SOCKS: v5 choosing authentication method: ", m_authchosen);
 			boost::asio::async_write(*m_sock, response, std::bind(&SOCKSHandler::SentSocksResponse,
-									      shared_from_this(), std::placeholders::_1));
+												shared_from_this(), std::placeholders::_1));
 			return true;
 		}
 	}
@@ -249,7 +321,7 @@ namespace proxy
 			break;
 		}
 		boost::asio::async_write(*m_sock, response, std::bind(&SOCKSHandler::SentSocksFailed,
-								      shared_from_this(), std::placeholders::_1));
+											shared_from_this(), std::placeholders::_1));
 	}
 
 	void SOCKSHandler::SocksRequestSuccess()
@@ -271,7 +343,7 @@ namespace proxy
 			break;
 		}
 		boost::asio::async_write(*m_sock, response, std::bind(&SOCKSHandler::SentSocksDone,
-								      shared_from_this(), std::placeholders::_1));
+											shared_from_this(), std::placeholders::_1));
 	}
 
 	void SOCKSHandler::EnterState(SOCKSHandler::state nstate, uint8_t parseleft) {
@@ -313,13 +385,6 @@ namespace proxy
 			SocksRequestFailed(SOCKS5_ADDR_UNSUP);
 			return false;
 		}
-		//TODO: we may want to support other domains
-		if(m_addrtype == ADDR_DNS && m_address.dns.ToString().find(".i2p") == std::string::npos) 
-		{
-			LogPrint(eLogError, "SOCKS: invalid hostname: ", m_address.dns.ToString());
-			SocksRequestFailed(SOCKS5_ADDR_UNSUP);
-			return false;
-		}
 		return true;
 	}
 
@@ -386,7 +451,7 @@ namespace proxy
 					{
 						switch (m_socksv) 
 						{
-							case SOCKS5: EnterState(DONE); break;
+							case SOCKS5: EnterState(READY); break;
 							case SOCKS4: EnterState(GET_IPV4); break;
 						}
 					}
@@ -407,7 +472,7 @@ namespace proxy
 					if (!*sock_buff) 
 					{
 						if( m_4aip == 0 || m_4aip > 255 )
-							EnterState(DONE);
+							EnterState(READY);
 						else
 							EnterState(GET4A_HOST);
 					}
@@ -415,7 +480,7 @@ namespace proxy
 				case GET4A_HOST:
 					if (!*sock_buff) 
 					{
-						EnterState(DONE);
+						EnterState(READY);
 						break;
 					}
 					if (m_address.dns.size >= max_socks_hostname_size) 
@@ -476,7 +541,7 @@ namespace proxy
 			}
 			sock_buff++;
 			len--;
-			if (m_state == DONE) 
+			if (m_state == READY) 
 			{
 				m_remaining_data_len = len;
 				m_remaining_data = sock_buff;
@@ -498,11 +563,23 @@ namespace proxy
 
 		if (HandleData(m_sock_buff, len)) 
 		{
-			if (m_state == DONE) 
+			if (m_state == READY) 
 			{
-				LogPrint(eLogInfo, "SOCKS: requested ", m_address.dns.ToString(), ":" , m_port);
-				GetOwner()->CreateStream ( std::bind (&SOCKSHandler::HandleStreamRequestComplete,
-						shared_from_this(), std::placeholders::_1), m_address.dns.ToString(), m_port);
+				const std::string addr = m_address.dns.ToString();
+				LogPrint(eLogInfo, "SOCKS: requested ", addr, ":" , m_port);
+				const size_t addrlen = addr.size();
+				// does it end with .i2p?
+				if ( addr.rfind(".i2p") == addrlen - 4) {
+					// yes it does, make an i2p session
+					GetOwner()->CreateStream ( std::bind (&SOCKSHandler::HandleStreamRequestComplete,
+							shared_from_this(), std::placeholders::_1), m_address.dns.ToString(), m_port);
+				} else if (m_UseUpstreamProxy) {
+					// forward it to upstream proxy
+					ForwardSOCKS();
+				} else {
+					// no upstream proxy 
+					SocksRequestFailed(SOCKS5_ADDR_UNSUP);
+				}
 			} 
 			else
 				AsyncSockRead();
@@ -556,17 +633,159 @@ namespace proxy
 			SocksRequestFailed(SOCKS5_HOST_UNREACH);
 		}
 	}
+	
+	void SOCKSHandler::ForwardSOCKS()
+	{
+		LogPrint(eLogInfo, "SOCKS: forwarding to upstream");
+		EnterState(UPSTREAM_RESOLVE);
+		boost::asio::ip::tcp::resolver::query q(m_UpstreamProxyAddress,boost::lexical_cast<std::string>(m_UpstreamProxyPort) );
+		m_proxy_resolver.async_resolve(q, std::bind(&SOCKSHandler::HandleUpstreamResolved, shared_from_this(),
+			std::placeholders::_1, std::placeholders::_2));
+	}
 
-	SOCKSServer::SOCKSServer(const std::string& address, int port, const std::string& outAddress, int outPort,
-	    std::shared_ptr<i2p::client::ClientDestination> localDestination) : 
+	void SOCKSHandler::AsyncUpstreamSockRead()
+	{
+		LogPrint(eLogDebug, "SOCKS: async upstream sock read");
+		if (m_upstreamSock) {
+			m_upstreamSock->async_read_some(boost::asio::buffer(m_upstream_response, SOCKS_UPSTREAM_SOCKS4A_REPLY_SIZE),
+																		std::bind(&SOCKSHandler::HandleUpstreamSockRecv, shared_from_this(),
+																							std::placeholders::_1, std::placeholders::_2));
+		} else {
+			LogPrint(eLogError, "SOCKS: no upstream socket for read");
+			SocksRequestFailed(SOCKS5_GEN_FAIL);
+		}
+	}
+	
+	void SOCKSHandler::HandleUpstreamSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered)
+	{
+		if (ecode) {
+			if (m_state == UPSTREAM_HANDSHAKE ) {
+				// we are trying to handshake but it failed
+				SocksRequestFailed(SOCKS5_NET_UNREACH);
+			} else {
+				LogPrint(eLogError, "SOCKS: bad state when reading from upstream: ", (int) m_state);
+			}
+			return;
+		}
+		HandleUpstreamData(m_upstream_response, bytes_transfered);
+	}
+
+	void SOCKSHandler::SocksUpstreamSuccess()
+	{
+		LogPrint(eLogInfo, "SOCKS: upstream success");
+		boost::asio::const_buffers_1 response(nullptr, 0);
+		switch (m_socksv) 
+		{
+			case SOCKS4:
+				LogPrint(eLogInfo, "SOCKS: v4 connection success");
+				response = GenerateSOCKS4Response(SOCKS4_OK, m_4aip, m_port);
+			break;
+			case SOCKS5:
+				LogPrint(eLogInfo, "SOCKS: v5 connection success");
+				//HACK only 16 bits passed in port as SOCKS5 doesn't allow for more
+				response = GenerateSOCKS5Response(SOCKS5_OK, ADDR_DNS, m_address, m_port);
+			break;
+		}
+		m_sock->send(response);
+		auto forwarder = std::make_shared<i2p::client::TCPIPPipe>(GetOwner(), m_sock, m_upstreamSock);
+		m_upstreamSock = nullptr;
+		m_sock = nullptr;
+		GetOwner()->AddHandler(forwarder);
+		forwarder->Start();
+		Terminate();
+				
+	}
+	
+	void SOCKSHandler::HandleUpstreamData(uint8_t * dataptr, std::size_t len)
+	{
+		if (m_state == UPSTREAM_HANDSHAKE) {
+			m_upstream_response_len += len;
+			// handle handshake data
+			if (m_upstream_response_len < SOCKS_UPSTREAM_SOCKS4A_REPLY_SIZE) {
+				// too small, continue reading
+				AsyncUpstreamSockRead();
+			} else if (len == SOCKS_UPSTREAM_SOCKS4A_REPLY_SIZE) {
+				// just right
+				uint8_t resp = m_upstream_response[1];
+				if (resp == SOCKS4_OK) {
+					// we have connected !
+					SocksUpstreamSuccess();
+				} else {
+					// upstream failure
+					LogPrint(eLogError, "SOCKS: upstream proxy failure: ", (int) resp);
+					// TODO: runtime error?
+					SocksRequestFailed(SOCKS5_GEN_FAIL);
+				}
+			} else {
+				// too big
+				SocksRequestFailed(SOCKS5_GEN_FAIL);
+			}
+		} else {
+			// invalid state
+			LogPrint(eLogError, "SOCKS: invalid state reading from upstream: ", (int) m_state);
+		}
+	}
+	
+	void SOCKSHandler::SendUpstreamRequest()
+	{
+		LogPrint(eLogInfo, "SOCKS: negotiating with upstream proxy");
+		EnterState(UPSTREAM_HANDSHAKE);
+		if (m_upstreamSock) {
+			boost::asio::write(*m_upstreamSock,
+												 GenerateUpstreamRequest());
+			AsyncUpstreamSockRead();
+		} else {
+			LogPrint(eLogError, "SOCKS: no upstream socket to send handshake to");
+		}
+	}
+	
+	void SOCKSHandler::HandleUpstreamConnected(const boost::system::error_code & ecode, boost::asio::ip::tcp::resolver::iterator itr)
+	{
+		if (ecode) {
+			LogPrint(eLogWarning, "SOCKS: could not connect to upstream proxy: ", ecode.message());
+			SocksRequestFailed(SOCKS5_NET_UNREACH);
+			return;
+		}
+		LogPrint(eLogInfo, "SOCKS: connected to upstream proxy");
+		SendUpstreamRequest();
+	}
+	
+	void SOCKSHandler::HandleUpstreamResolved(const boost::system::error_code & ecode, boost::asio::ip::tcp::resolver::iterator itr)
+	{
+		if (ecode) {
+			// error resolving
+			LogPrint(eLogWarning, "SOCKS: upstream proxy", m_UpstreamProxyAddress, " not resolved: ", ecode.message());
+			SocksRequestFailed(SOCKS5_NET_UNREACH);
+			return;
+		}
+		LogPrint(eLogInfo, "SOCKS: upstream proxy resolved");
+		EnterState(UPSTREAM_CONNECT);
+		auto & service = GetOwner()->GetService();
+		m_upstreamSock = std::make_shared<boost::asio::ip::tcp::socket>(service);
+		boost::asio::async_connect(*m_upstreamSock, itr,
+			std::bind(&SOCKSHandler::HandleUpstreamConnected,
+								shared_from_this(), std::placeholders::_1, std::placeholders::_2));
+	}
+	
+	SOCKSServer::SOCKSServer(const std::string& address, int port, const std::string& outAddress, uint16_t outPort,
+			std::shared_ptr<i2p::client::ClientDestination> localDestination) : 
 		TCPIPAcceptor (address, port, localDestination ? localDestination : i2p::client::context.GetSharedLocalDestination ()) 
 	{
+		m_UseUpstreamProxy = false;
+		if (outAddress.length() > 0)
+			SetUpstreamProxy(outAddress, outPort);
 	}
 	
 	std::shared_ptr<i2p::client::I2PServiceHandler> SOCKSServer::CreateHandler(std::shared_ptr<boost::asio::ip::tcp::socket> socket)
 	{
-		return std::make_shared<SOCKSHandler> (this, socket);
+		return std::make_shared<SOCKSHandler> (this, socket, m_UpstreamProxyAddress, m_UpstreamProxyPort, m_UseUpstreamProxy);
 	}
 
+	void SOCKSServer::SetUpstreamProxy(const std::string & addr, const uint16_t port)
+	{
+		m_UpstreamProxyAddress = addr;
+		m_UpstreamProxyPort = port;
+		m_UseUpstreamProxy = true;
+	}
 }
 }

SOCKS.h

@@ -15,14 +15,21 @@ namespace proxy
 	{
 		public:
 
-			SOCKSServer(const std::string& address, int port, const std::string& outAddress, int outPort,
+			SOCKSServer(const std::string& address, int port, const std::string& outAddress, uint16_t outPort,
 				std::shared_ptr<i2p::client::ClientDestination> localDestination = nullptr);
 			~SOCKSServer() {};
 
+			void SetUpstreamProxy(const std::string & addr, const uint16_t port);
+		
 		protected:
 			// Implements TCPIPAcceptor
 			std::shared_ptr<i2p::client::I2PServiceHandler> CreateHandler(std::shared_ptr<boost::asio::ip::tcp::socket> socket);
 			const char* GetName() { return "SOCKS"; }
+
+	private:
+		std::string m_UpstreamProxyAddress;
+		uint16_t m_UpstreamProxyPort;
+		bool m_UseUpstreamProxy;
 	};
 
 	typedef SOCKSServer SOCKSProxy;

SSU.cpp

@@ -10,12 +10,31 @@ namespace i2p
 {
 namespace transport
 {
-	SSUServer::SSUServer (int port): m_Thread (nullptr), m_ThreadV6 (nullptr), m_ReceiversThread (nullptr),
+
+	SSUServer::SSUServer (const boost::asio::ip::address & addr, int port):
+		m_OnlyV6(true), m_IsRunning(false),
+		m_Thread (nullptr), m_ThreadV6 (nullptr), m_ReceiversThread (nullptr),
+		m_Work (m_Service), m_WorkV6 (m_ServiceV6), m_ReceiversWork (m_ReceiversService), 
+		m_EndpointV6 (addr, port), 
+		m_Socket (m_ReceiversService, m_Endpoint), m_SocketV6 (m_ReceiversService), 
+		m_IntroducersUpdateTimer (m_Service), m_PeerTestsCleanupTimer (m_Service)	
+	{
+		m_SocketV6.open (boost::asio::ip::udp::v6());
+		m_SocketV6.set_option (boost::asio::ip::v6_only (true));
+		m_SocketV6.set_option (boost::asio::socket_base::receive_buffer_size (65535));
+		m_SocketV6.set_option (boost::asio::socket_base::send_buffer_size (65535));
+		m_SocketV6.bind (m_EndpointV6);
+	}
+	
+	SSUServer::SSUServer (int port):
+		m_OnlyV6(false), m_IsRunning(false),
+		m_Thread (nullptr), m_ThreadV6 (nullptr), m_ReceiversThread (nullptr),
 		m_Work (m_Service), m_WorkV6 (m_ServiceV6), m_ReceiversWork (m_ReceiversService), 
 		m_Endpoint (boost::asio::ip::udp::v4 (), port), m_EndpointV6 (boost::asio::ip::udp::v6 (), port), 
 		m_Socket (m_ReceiversService, m_Endpoint), m_SocketV6 (m_ReceiversService), 
 		m_IntroducersUpdateTimer (m_Service), m_PeerTestsCleanupTimer (m_Service)	
 	{
+		
 		m_Socket.set_option (boost::asio::socket_base::receive_buffer_size (65535));
 		m_Socket.set_option (boost::asio::socket_base::send_buffer_size (65535));
 		if (context.SupportsV6 ())
@@ -35,13 +54,16 @@ namespace transport
 	void SSUServer::Start ()
 	{
 		m_IsRunning = true;
-		m_ReceiversThread = new std::thread (std::bind (&SSUServer::RunReceivers, this)); 
-		m_Thread = new std::thread (std::bind (&SSUServer::Run, this));
-		m_ReceiversService.post (std::bind (&SSUServer::Receive, this));  
+		m_ReceiversThread = new std::thread (std::bind (&SSUServer::RunReceivers, this));
+		if (!m_OnlyV6)
+		{
+			m_Thread = new std::thread (std::bind (&SSUServer::Run, this));
+			m_ReceiversService.post (std::bind (&SSUServer::Receive, this));
+		}
 		if (context.SupportsV6 ())
 		{	
 			m_ThreadV6 = new std::thread (std::bind (&SSUServer::RunV6, this));
-			m_ReceiversService.post (std::bind (&SSUServer::ReceiveV6, this));  
+			m_ReceiversService.post (std::bind (&SSUServer::ReceiveV6, this));	
 		}
 		SchedulePeerTestsCleanupTimer ();	
 		ScheduleIntroducersUpdateTimer (); // wait for 30 seconds and decide if we need introducers
@@ -215,9 +237,8 @@ namespace transport
 		std::map<boost::asio::ip::udp::endpoint, std::shared_ptr<SSUSession> > * sessions)
 	{
 		std::shared_ptr<SSUSession> session;	
-		for (auto it1: packets)
+		for (auto& packet: packets)
 		{
-			auto packet = it1;
 			try
 			{	
 				if (!session || session->GetRemoteEndpoint () != packet->from) // we received packet for other session than previous
@@ -231,7 +252,7 @@ namespace transport
 						session = std::make_shared<SSUSession> (*this, packet->from);
 						session->WaitForConnect ();
 						(*sessions)[packet->from] = session;
-						LogPrint (eLogInfo, "SSU: new session from ", packet->from.address ().to_string (), ":", packet->from.port (), " created");
+						LogPrint (eLogDebug, "SSU: new session from ", packet->from.address ().to_string (), ":", packet->from.port (), " created");
 					}
 				}
 				session->ProcessNextMessage (packet->buf, packet->len, packet->from);
@@ -312,7 +333,7 @@ namespace transport
 			auto session = std::make_shared<SSUSession> (*this, remoteEndpoint, router, peerTest);
 			sessions[remoteEndpoint] = session;
 			// connect 					
-			LogPrint (eLogInfo, "SSU: Creating new session to [", i2p::data::GetIdentHashAbbreviation (router->GetIdentHash ()), "] ",
+			LogPrint (eLogDebug, "SSU: Creating new session to [", i2p::data::GetIdentHashAbbreviation (router->GetIdentHash ()), "] ",
 				remoteEndpoint.address ().to_string (), ":", remoteEndpoint.port ());
 			session->Connect ();
 		}
@@ -364,10 +385,10 @@ namespace transport
 					}				
 
 					if (introducerSession) // session found 
-						LogPrint (eLogInfo, "SSU: Session to introducer already exists");
+						LogPrint (eLogWarning, "SSU: Session to introducer already exists");
 					else // create new
 					{
-						LogPrint (eLogInfo, "SSU: Creating new session to introducer");
+						LogPrint (eLogDebug, "SSU: Creating new session to introducer ", introducer->iHost);
 						boost::asio::ip::udp::endpoint introducerEndpoint (introducer->iHost, introducer->iPort);
 						introducerSession = std::make_shared<SSUSession> (*this, introducerEndpoint, router);
 						m_Sessions[introducerEndpoint] = introducerSession;													
@@ -409,11 +430,11 @@ namespace transport
 
 	void SSUServer::DeleteAllSessions ()
 	{
-		for (auto it: m_Sessions)
+		for (auto& it: m_Sessions)
 			it.second->Close ();
 		m_Sessions.clear ();
 
-		for (auto it: m_SessionsV6)
+		for (auto& it: m_SessionsV6)
 			it.second->Close ();
 		m_SessionsV6.clear ();
 	}
@@ -422,7 +443,7 @@ namespace transport
 	std::shared_ptr<SSUSession> SSUServer::GetRandomV4Session (Filter filter) // v4 only
 	{
 		std::vector<std::shared_ptr<SSUSession> > filteredSessions;
-		for (auto s :m_Sessions)
+		for (const auto& s :m_Sessions)
 			if (filter (s.second)) filteredSessions.push_back (s.second);
 		if (filteredSessions.size () > 0)
 		{
@@ -437,8 +458,31 @@ namespace transport
 		return GetRandomV4Session (
 			[excluded](std::shared_ptr<SSUSession> session)->bool 
 			{ 
-				return session->GetState () == eSessionStateEstablished && !session->IsV6 () && 
-					session != excluded; 
+				return session->GetState () == eSessionStateEstablished && session != excluded; 
+			}
+								);
+	}
+
+	template<typename Filter>
+	std::shared_ptr<SSUSession> SSUServer::GetRandomV6Session (Filter filter) // v6 only
+	{
+		std::vector<std::shared_ptr<SSUSession> > filteredSessions;
+		for (const auto& s :m_SessionsV6)
+			if (filter (s.second)) filteredSessions.push_back (s.second);
+		if (filteredSessions.size () > 0)
+		{
+			auto ind = rand () % filteredSessions.size ();
+			return filteredSessions[ind];
+		}
+		return nullptr;	
+	}
+
+	std::shared_ptr<SSUSession> SSUServer::GetRandomEstablishedV6Session (std::shared_ptr<const SSUSession> excluded) // v6 only
+	{
+		return GetRandomV6Session (
+			[excluded](std::shared_ptr<SSUSession> session)->bool 
+			{ 
+				return session->GetState () == eSessionStateEstablished && session != excluded; 
 			}
 								);
 	}
@@ -490,7 +534,7 @@ namespace transport
 			std::list<boost::asio::ip::udp::endpoint> newList;
 			size_t numIntroducers = 0;
 			uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
-			for (auto it :m_Introducers)
+			for (const auto& it : m_Introducers)
 			{	
 				auto session = FindSession (it);
 				if (session && ts < session->GetCreationTime () + SSU_TO_INTRODUCER_SESSION_DURATION)
@@ -507,23 +551,20 @@ namespace transport
 			{
 				// create new
 				auto introducers = FindIntroducers (SSU_MAX_NUM_INTRODUCERS);
-				if (introducers.size () > 0)
+				for (const auto& it1: introducers)
 				{
-					for (auto it1: introducers)
+					const auto& ep = it1->GetRemoteEndpoint ();
+					i2p::data::RouterInfo::Introducer introducer;
+					introducer.iHost = ep.address ();
+					introducer.iPort = ep.port ();
+					introducer.iTag = it1->GetRelayTag ();
+					introducer.iKey = it1->GetIntroKey ();
+					if (i2p::context.AddIntroducer (introducer))
 					{
-						auto& ep = it1->GetRemoteEndpoint ();
-						i2p::data::RouterInfo::Introducer introducer;
-						introducer.iHost = ep.address ();
-						introducer.iPort = ep.port ();
-						introducer.iTag = it1->GetRelayTag ();
-						introducer.iKey = it1->GetIntroKey ();
-						if (i2p::context.AddIntroducer (introducer))
-						{	
-							newList.push_back (ep);
-							if (newList.size () >= SSU_MAX_NUM_INTRODUCERS) break;
-						}	
-					}	
-				}	
+						newList.push_back (ep);
+						if (newList.size () >= SSU_MAX_NUM_INTRODUCERS) break;
+					}
+				}
 			}	
 			m_Introducers = newList;
 			if (m_Introducers.size () < SSU_MAX_NUM_INTRODUCERS)
@@ -592,7 +633,7 @@ namespace transport
 					it = m_PeerTests.erase (it);
 				}
 				else
-					it++;	 
+					++it;
 			}
 			if (numDeleted > 0)
 				LogPrint (eLogDebug, "SSU: ", numDeleted, " peer tests have been expired");

SSU.h

@@ -37,6 +37,7 @@ namespace transport
 		public:
 
 			SSUServer (int port);
+			SSUServer (const boost::asio::ip::address & addr, int port);			// ipv6 only constructor
 			~SSUServer ();
 			void Start ();
 			void Stop ();
@@ -47,6 +48,7 @@ namespace transport
 			std::shared_ptr<SSUSession> FindSession (std::shared_ptr<const i2p::data::RouterInfo> router) const;
 			std::shared_ptr<SSUSession> FindSession (const boost::asio::ip::udp::endpoint& e) const;
 			std::shared_ptr<SSUSession> GetRandomEstablishedV4Session (std::shared_ptr<const SSUSession> excluded);
+			std::shared_ptr<SSUSession> GetRandomEstablishedV6Session (std::shared_ptr<const SSUSession> excluded);
 			void DeleteSession (std::shared_ptr<SSUSession> session);
 			void DeleteAllSessions ();			
 
@@ -62,7 +64,7 @@ namespace transport
 			std::shared_ptr<SSUSession> GetPeerTestSession (uint32_t nonce);
 			void UpdatePeerTest (uint32_t nonce, PeerTestParticipant role);
 			void RemovePeerTest (uint32_t nonce);
-
+      
 		private:
 
 			void Run ();
@@ -78,7 +80,9 @@ namespace transport
 			void CreateSessionThroughIntroducer (std::shared_ptr<const i2p::data::RouterInfo> router, bool peerTest = false);			
 			template<typename Filter>
 			std::shared_ptr<SSUSession> GetRandomV4Session (Filter filter);
-			
+			template<typename Filter>
+			std::shared_ptr<SSUSession> GetRandomV6Session (Filter filter);			
+
 			std::set<SSUSession *> FindIntroducers (int maxNumIntroducers);	
 			void ScheduleIntroducersUpdateTimer ();
 			void HandleIntroducersUpdateTimer (const boost::system::error_code& ecode);
@@ -93,8 +97,9 @@ namespace transport
 				uint64_t creationTime;
 				PeerTestParticipant role;
 				std::shared_ptr<SSUSession> session; // for Bob to Alice
-			};	
+			};
 			
+			bool m_OnlyV6;			
 			bool m_IsRunning;
 			std::thread * m_Thread, * m_ThreadV6, * m_ReceiversThread;	
 			boost::asio::io_service m_Service, m_ServiceV6, m_ReceiversService;

SSUData.cpp

@@ -25,10 +25,10 @@ namespace transport
 	}
 
 	SSUData::SSUData (SSUSession& session):
-		m_Session (session), m_ResendTimer (session.GetService ()), m_DecayTimer (session.GetService ()),
+		m_Session (session), m_ResendTimer (session.GetService ()), 
 		m_IncompleteMessagesCleanupTimer (session.GetService ()), 
 		m_MaxPacketSize (session.IsV6 () ? SSU_V6_MAX_PACKET_SIZE : SSU_V4_MAX_PACKET_SIZE), 
-		m_PacketSize (m_MaxPacketSize)
+		m_PacketSize (m_MaxPacketSize), m_LastMessageReceivedTime (0)
 	{
 	}
 
@@ -44,7 +44,6 @@ namespace transport
 	void SSUData::Stop ()
 	{
 		m_ResendTimer.cancel ();
-		m_DecayTimer.cancel ();
 		m_IncompleteMessagesCleanupTimer.cancel ();
 	}	
 		
@@ -233,15 +232,12 @@ namespace transport
 				{
 					if (!m_ReceivedMessages.count (msgID))
 					{	
-						if (m_ReceivedMessages.size () > MAX_NUM_RECEIVED_MESSAGES)
-							m_ReceivedMessages.clear ();
-						else
-							ScheduleDecay ();
 						m_ReceivedMessages.insert (msgID);
+						m_LastMessageReceivedTime = i2p::util::GetSecondsSinceEpoch ();
 						if (!msg->IsExpired ())
 							m_Handler.PutNextMessage (msg);
 						else
-							LogPrint (eLogInfo, "SSU: message expired");
+							LogPrint (eLogDebug, "SSU: message expired");
 					}	
 					else
 						LogPrint (eLogWarning, "SSU: Message ", msgID, " already received");
@@ -425,28 +421,30 @@ namespace transport
 		if (ecode != boost::asio::error::operation_aborted)
 		{
 			uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
+			int numResent = 0;
 			for (auto it = m_SentMessages.begin (); it != m_SentMessages.end ();)
 			{
 				if (ts >= it->second->nextResendTime)
 				{	
 					if (it->second->numResends < MAX_NUM_RESENDS)
-					{	
+					{
 						for (auto& f: it->second->fragments)
-							if (f) 
+							if (f)
 							{
 								try
-								{	
+								{
 									m_Session.Send (f->buf, f->len); // resend
+									numResent++;
 								}
 								catch (boost::system::system_error& ec)
 								{
 									LogPrint (eLogWarning, "SSU: Can't resend data fragment ", ec.what ());
 								}
-							}	
+							}
 
 						it->second->numResends++;
 						it->second->nextResendTime += it->second->numResends*RESEND_INTERVAL;
-						it++;
+						++it;
 					}	
 					else
 					{
@@ -455,27 +453,18 @@ namespace transport
 					}	
 				}	
 				else
-					it++;
+					++it;
 			}
-			ScheduleResend ();	
+			if (numResent < MAX_OUTGOING_WINDOW_SIZE)
+				ScheduleResend ();
+			else
+			{
+				LogPrint (eLogError, "SSU: resend window exceeds max size. Session terminated");
+				m_Session.Close ();
+			}	
 		}	
 	}	
 
-	void SSUData::ScheduleDecay ()
-	{		
-		m_DecayTimer.cancel ();
-		m_DecayTimer.expires_from_now (boost::posix_time::seconds(DECAY_INTERVAL));
-		auto s = m_Session.shared_from_this();
-		m_ResendTimer.async_wait ([s](const boost::system::error_code& ecode)
-			{ s->m_Data.HandleDecayTimer (ecode); });
-	}	
-
-	void SSUData::HandleDecayTimer (const boost::system::error_code& ecode)
-	{
-		if (ecode != boost::asio::error::operation_aborted)
-			m_ReceivedMessages.clear ();
-	}	
-
 	void SSUData::ScheduleIncompleteMessagesCleanup ()
 	{
 		m_IncompleteMessagesCleanupTimer.cancel ();
@@ -498,8 +487,13 @@ namespace transport
 					it = m_IncompleteMessages.erase (it);
 				}	
 				else
-					it++;
+					++it;
 			}	
+			// decay
+			if (m_ReceivedMessages.size () > MAX_NUM_RECEIVED_MESSAGES ||
+			    i2p::util::GetSecondsSinceEpoch () > m_LastMessageReceivedTime + DECAY_INTERVAL)
+				m_ReceivedMessages.clear ();
+			
 			ScheduleIncompleteMessagesCleanup ();
 		}	
 	}	

SSUData.h

@@ -5,7 +5,7 @@
 #include <string.h>
 #include <map>
 #include <vector>
-#include <set>
+#include <unordered_set>
 #include <memory>
 #include <boost/asio.hpp>
 #include "I2NPProtocol.h"
@@ -18,7 +18,11 @@ namespace transport
 {
 
 	const size_t SSU_MTU_V4 = 1484;
+	#ifdef MESHNET
+	const size_t SSU_MTU_V6 = 1286;
+	#else
 	const size_t SSU_MTU_V6 = 1472;
+	#endif
 	const size_t IPV4_HEADER_SIZE = 20;
 	const size_t IPV6_HEADER_SIZE = 40;	
 	const size_t UDP_HEADER_SIZE = 8;
@@ -29,6 +33,7 @@ namespace transport
 	const int DECAY_INTERVAL = 20; // in seconds
 	const int INCOMPLETE_MESSAGES_CLEANUP_TIMEOUT = 30; // in seconds
 	const unsigned int MAX_NUM_RECEIVED_MESSAGES = 1000; // how many msgID we store for duplicates check
+	const int MAX_OUTGOING_WINDOW_SIZE = 200; // how many unacked message we can store
 	// data flags
 	const uint8_t DATA_FLAG_EXTENDED_DATA_INCLUDED = 0x02;
 	const uint8_t DATA_FLAG_WANT_REPLY = 0x04;
@@ -104,9 +109,6 @@ namespace transport
 			void ScheduleResend ();
 			void HandleResendTimer (const boost::system::error_code& ecode);	
 
-			void ScheduleDecay ();
-			void HandleDecayTimer (const boost::system::error_code& ecode);	
-
 			void ScheduleIncompleteMessagesCleanup ();
 			void HandleIncompleteMessagesCleanupTimer (const boost::system::error_code& ecode);	
 			
@@ -116,10 +118,11 @@ namespace transport
 			SSUSession& m_Session;
 			std::map<uint32_t, std::unique_ptr<IncompleteMessage> > m_IncompleteMessages;
 			std::map<uint32_t, std::unique_ptr<SentMessage> > m_SentMessages;
-			std::set<uint32_t> m_ReceivedMessages;
-			boost::asio::deadline_timer m_ResendTimer, m_DecayTimer, m_IncompleteMessagesCleanupTimer;
+			std::unordered_set<uint32_t> m_ReceivedMessages;
+			boost::asio::deadline_timer m_ResendTimer, m_IncompleteMessagesCleanupTimer;
 			int m_MaxPacketSize, m_PacketSize;
 			i2p::I2NPMessagesHandler m_Handler;
+			uint32_t m_LastMessageReceivedTime; // in second
 	};	
 }
 }

SSUSession.cpp

@@ -1,7 +1,5 @@
 #include <boost/bind.hpp>
-#include <openssl/dh.h>
-#include <openssl/sha.h>
-#include <openssl/rand.h>
+#include "Crypto.h"
 #include "Log.h"
 #include "Timestamp.h"
 #include "RouterContext.h"
@@ -14,7 +12,8 @@ namespace i2p
 namespace transport
 {
 	SSUSession::SSUSession (SSUServer& server, boost::asio::ip::udp::endpoint& remoteEndpoint,
-		std::shared_ptr<const i2p::data::RouterInfo> router, bool peerTest ): TransportSession (router), 
+		std::shared_ptr<const i2p::data::RouterInfo> router, bool peerTest ): 
+		TransportSession (router, SSU_TERMINATION_TIMEOUT), 
 		m_Server (server), m_RemoteEndpoint (remoteEndpoint), m_Timer (GetService ()), 
 		m_IsPeerTest (peerTest),m_State (eSessionStateUnknown), m_IsSessionKey (false), 
 		m_RelayTag (0),m_Data (*this), m_IsDataReceived (false)
@@ -22,14 +21,14 @@ namespace transport
 		if (router)
 		{
 			// we are client
-			auto address = router->GetSSUAddress ();
+			auto address = router->GetSSUAddress (false);
 			if (address) m_IntroKey = address->key;
 			m_Data.AdjustPacketSize (router); // mtu
 		}
 		else
 		{
 			// we are server
-			auto address = i2p::context.GetRouterInfo ().GetSSUAddress ();
+			auto address = i2p::context.GetRouterInfo ().GetSSUAddress (false);
 			if (address) m_IntroKey = address->key;
 		}
 		m_CreationTime = i2p::util::GetSecondsSinceEpoch ();
@@ -110,7 +109,7 @@ namespace transport
 				else
 				{    
 					// try own intro key
-					auto address = i2p::context.GetRouterInfo ().GetSSUAddress ();
+					auto address = i2p::context.GetRouterInfo ().GetSSUAddress (false);
 					if (!address)
 					{
 						LogPrint (eLogInfo, "SSU is not supported");
@@ -157,7 +156,7 @@ namespace transport
 				ProcessData (buf + headerSize, len - headerSize);
 			break;
 			case PAYLOAD_TYPE_SESSION_REQUEST:
-				ProcessSessionRequest (buf + headerSize, len - headerSize, senderEndpoint);				
+				ProcessSessionRequest (buf, len, senderEndpoint); // buf with header				
 			break;
 			case PAYLOAD_TYPE_SESSION_CREATED:
 				ProcessSessionCreated (buf, len); // buf with header
@@ -196,11 +195,29 @@ namespace transport
 	void SSUSession::ProcessSessionRequest (const uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint)
 	{
 		LogPrint (eLogDebug, "SSU message: session request");
+		bool sendRelayTag = true; 
+		auto headerSize = sizeof (SSUHeader);
+		if (((SSUHeader *)buf)->IsExtendedOptions ())
+		{
+			uint8_t extendedOptionsLen = buf[headerSize];
+			headerSize++;
+			if (extendedOptionsLen >= 3) // options are presented
+			{
+				uint16_t flags = bufbe16toh (buf + headerSize);
+				sendRelayTag = flags & EXTENDED_OPTIONS_FLAG_REQUEST_RELAY_TAG; 
+			}
+			headerSize += extendedOptionsLen;
+		}			
+		if (headerSize >= len)
+		{
+			LogPrint (eLogError, "Session reaquest header size ", headerSize, " exceeds packet length ", len);
+			return;	
+		}
 		m_RemoteEndpoint = senderEndpoint;
 		if (!m_DHKeysPair)
 			m_DHKeysPair = transports.GetNextDHKeysPair ();
-		CreateAESandMacKey (buf);
-		SendSessionCreated (buf);
+		CreateAESandMacKey (buf + headerSize);
+		SendSessionCreated (buf + headerSize, sendRelayTag);
 	}
 
 	void SSUSession::ProcessSessionCreated (uint8_t * buf, size_t len)
@@ -247,8 +264,6 @@ namespace transport
 		uint16_t ourPort = bufbe16toh (payload);
 		s.Insert (payload, 2); // our port
 		payload += 2; // port
-		LogPrint (eLogInfo, "SSU: Our external address is ", ourIP.to_string (), ":", ourPort);
-		i2p::context.UpdateAddress (ourIP);
 		if (m_RemoteEndpoint.address ().is_v4 ())
 			s.Insert (m_RemoteEndpoint.address ().to_v4 ().to_bytes ().data (), 4); // remote IP v4
 		else
@@ -265,11 +280,18 @@ namespace transport
 		//TODO: since we are accessing a uint8_t this is unlikely to crash due to alignment but should be improved
 		m_SessionKeyDecryption.SetIV (((SSUHeader *)buf)->iv);
 		m_SessionKeyDecryption.Decrypt (payload, signatureLen, payload); // TODO: non-const payload
-		// verify
-		if (!s.Verify (m_RemoteIdentity, payload))
+		// verify signature
+		if (s.Verify (m_RemoteIdentity, payload))
+		{
+			LogPrint (eLogInfo, "SSU: Our external address is ", ourIP.to_string (), ":", ourPort);
+			i2p::context.UpdateAddress (ourIP);
+			SendSessionConfirmed (y, ourAddress, addressSize + 2);
+		}
+		else
+		{
 			LogPrint (eLogError, "SSU: message 'created' signature verification failed");
-		
-		SendSessionConfirmed (y, ourAddress, addressSize + 2);
+			Failed ();
+		}
 	}	
 
 	void SSUSession::ProcessSessionConfirmed (const uint8_t * buf, size_t len)
@@ -295,17 +317,35 @@ namespace transport
 		paddingSize &= 0x0F;  // %16
 		if (paddingSize > 0) paddingSize = 16 - paddingSize;
 		payload += paddingSize;
-		// verify
-		if (m_SignedData && !m_SignedData->Verify (m_RemoteIdentity, payload))
+		// verify signature
+		if (m_SignedData && m_SignedData->Verify (m_RemoteIdentity, payload))
+		{
+			m_Data.Send (CreateDeliveryStatusMsg (0));
+			Established ();
+		}
+		else	
+		{
 			LogPrint (eLogError, "SSU message 'confirmed' signature verification failed");
-		m_Data.Send (CreateDeliveryStatusMsg (0));
-		Established ();
+			Failed ();
+		}
 	}
 
 	void SSUSession::SendSessionRequest ()
 	{	
 		uint8_t buf[320 + 18]; // 304 bytes for ipv4, 320 for ipv6
 		uint8_t * payload = buf + sizeof (SSUHeader);
+		uint8_t flag = 0;
+		// fill extended options, 3 bytes extended options don't change message size
+		if (i2p::context.GetStatus () == eRouterStatusOK) // we don't need relays
+		{	
+			// tell out peer to now assign relay tag
+			flag = SSU_HEADER_EXTENDED_OPTIONS_INCLUDED;
+			*payload = 2; payload++; //  1 byte length
+			uint16_t flags = 0; // clear EXTENDED_OPTIONS_FLAG_REQUEST_RELAY_TAG
+			htobe16buf (payload, flags); 
+			payload += 2;
+		}	
+		// fill payload
 		memcpy (payload, m_DHKeysPair->GetPublicKey (), 256); // x
 		bool isV4 = m_RemoteEndpoint.address ().is_v4 ();
 		if (isV4)
@@ -318,16 +358,16 @@ namespace transport
 			payload[256] = 16; 
 			memcpy (payload + 257, m_RemoteEndpoint.address ().to_v6 ().to_bytes ().data(), 16); 
 		}	
-		
+		// encrypt and send
 		uint8_t iv[16];
 		RAND_bytes (iv, 16); // random iv
-		FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_REQUEST, buf, isV4 ? 304 : 320, m_IntroKey, iv, m_IntroKey);
+		FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_REQUEST, buf, isV4 ? 304 : 320, m_IntroKey, iv, m_IntroKey, flag);
 		m_Server.Send (buf, isV4 ? 304 : 320, m_RemoteEndpoint);
 	}
 
 	void SSUSession::SendRelayRequest (const i2p::data::RouterInfo::Introducer& introducer, uint32_t nonce)
 	{
-		auto address = i2p::context.GetRouterInfo ().GetSSUAddress ();
+		auto address = i2p::context.GetRouterInfo ().GetSSUAddress (false);
 		if (!address)
 		{
 			LogPrint (eLogInfo, "SSU is not supported");
@@ -357,7 +397,7 @@ namespace transport
 		m_Server.Send (buf, 96, m_RemoteEndpoint);
 	}
 
-	void SSUSession::SendSessionCreated (const uint8_t * x)
+	void SSUSession::SendSessionCreated (const uint8_t * x, bool sendRelayTag)
 	{
 		auto address = IsV6 () ? i2p::context.GetRouterInfo ().GetSSUV6Address () :
 			i2p::context.GetRouterInfo ().GetSSUAddress (true); //v4 only
@@ -401,7 +441,7 @@ namespace transport
 			s.Insert (address->host.to_v6 ().to_bytes ().data (), 16); // our IP V6
 		s.Insert<uint16_t> (htobe16 (address->port)); // our port
 		uint32_t relayTag = 0;
-		if (i2p::context.GetRouterInfo ().IsIntroducer () && !IsV6 ())
+		if (sendRelayTag && i2p::context.GetRouterInfo ().IsIntroducer () && !IsV6 ())
 		{
 			RAND_bytes((uint8_t *)&relayTag, 4);
 			if (!relayTag) relayTag = 1;
@@ -648,7 +688,7 @@ namespace transport
 	}		
 
 	void SSUSession::FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, 
-		const i2p::crypto::AESKey& aesKey, const uint8_t * iv, const i2p::crypto::MACKey& macKey)
+		const i2p::crypto::AESKey& aesKey, const uint8_t * iv, const i2p::crypto::MACKey& macKey, uint8_t flag)
 	{	
 		if (len < sizeof (SSUHeader))
 		{
@@ -657,7 +697,7 @@ namespace transport
 		}
 		SSUHeader * header = (SSUHeader *)buf;
 		memcpy (header->iv, iv, 16);
-		header->flag = payloadType << 4; // MSB is 0
+		header->flag = flag | (payloadType << 4); // MSB is 0
 		htobe32buf (header->time, i2p::util::GetSecondsSinceEpoch ());
 		uint8_t * encrypted = &header->flag;
 		uint16_t encryptedLen = len - (encrypted - buf);
@@ -775,7 +815,7 @@ namespace transport
 		if (!ecode)
 		{
 			// timeout expired
-			LogPrint (eLogWarning, "SSU: session was not established after ", SSU_CONNECT_TIMEOUT, " seconds");
+			LogPrint (eLogWarning, "SSU: session with ", m_RemoteEndpoint, " was not established after ", SSU_CONNECT_TIMEOUT, " seconds");
 			Failed ();
 		}	
 	}	
@@ -825,7 +865,6 @@ namespace transport
 		m_DHKeysPair = nullptr;
 		m_SignedData = nullptr;
 		m_Data.Start ();
-		m_Data.Send (CreateDatabaseStoreMsg ());
 		transports.PeerConnected (shared_from_this ());
 		if (m_IsPeerTest)
 			SendPeerTest ();
@@ -844,7 +883,7 @@ namespace transport
 	void SSUSession::ScheduleTermination ()
 	{
 		m_Timer.cancel ();
-		m_Timer.expires_from_now (boost::posix_time::seconds(SSU_TERMINATION_TIMEOUT));
+		m_Timer.expires_from_now (boost::posix_time::seconds(GetTerminationTimeout ()));
 		m_Timer.async_wait (std::bind (&SSUSession::HandleTerminationTimer,
 			shared_from_this (), std::placeholders::_1));
 	}
@@ -853,7 +892,7 @@ namespace transport
 	{
 		if (ecode != boost::asio::error::operation_aborted)
 		{	
-			LogPrint (eLogWarning, "SSU: no activity for ", SSU_TERMINATION_TIMEOUT, " seconds");
+			LogPrint (eLogWarning, "SSU: no activity with ", m_RemoteEndpoint, " for ", GetTerminationTimeout (), " seconds");
 			Failed ();
 		}	
 	}	
@@ -868,7 +907,7 @@ namespace transport
 	{
 		if (m_State == eSessionStateEstablished)
 		{
-			for (auto it: msgs)
+			for (const auto& it: msgs)
 				if (it) m_Data.Send (it);
 		}
 	}	
@@ -892,10 +931,10 @@ namespace transport
 	{
 		uint32_t nonce = bufbe32toh (buf); // 4 bytes
 		uint8_t size = buf[4];	// 1 byte	
-		uint32_t address = (size == 4) ? buf32toh(buf + 5) : 0; // big endian, size bytes
+		const uint8_t * address = buf + 5; // big endian, size bytes
 		uint16_t port = buf16toh(buf + size + 5); // big endian, 2 bytes
 		const uint8_t * introKey = buf + size + 7;
-		if (port && !address)
+		if (port && (size != 4) && (size != 16)) 
 		{
 			LogPrint (eLogWarning, "SSU: Address of ", size, " bytes not supported");
 			return;
@@ -916,8 +955,7 @@ namespace transport
 					LogPrint (eLogDebug, "SSU: first peer test from Charlie. We are Alice");
 					i2p::context.SetStatus (eRouterStatusOK);
 					m_Server.UpdatePeerTest (nonce, ePeerTestParticipantAlice2);
-					SendPeerTest (nonce, senderEndpoint.address ().to_v4 ().to_ulong (), 
-						senderEndpoint.port (), introKey, true, false); // to Charlie
+					SendPeerTest (nonce, senderEndpoint.address (), senderEndpoint.port (), introKey, true, false); // to Charlie
 				}
 				break;
 			}	
@@ -946,8 +984,7 @@ namespace transport
 			case ePeerTestParticipantCharlie:
 			{	
 				LogPrint (eLogDebug, "SSU: peer test from Alice. We are Charlie");
-				SendPeerTest (nonce, senderEndpoint.address ().to_v4 ().to_ulong (),
-					senderEndpoint.port (), introKey); // to Alice with her actual address
+				SendPeerTest (nonce, senderEndpoint.address (), senderEndpoint.port (), introKey); // to Alice with her actual address
 				m_Server.RemovePeerTest (nonce); // nonce has been used
 				break;
 			}
@@ -962,17 +999,29 @@ namespace transport
 						LogPrint (eLogDebug, "SSU: peer test from Bob. We are Charlie");
 						m_Server.NewPeerTest (nonce, ePeerTestParticipantCharlie);
 						Send (PAYLOAD_TYPE_PEER_TEST, buf, len); // back to Bob
-						SendPeerTest (nonce, be32toh (address), be16toh (port), introKey); // to Alice with her address received from Bob
+						boost::asio::ip::address addr; // Alice's address
+						if (size == 4) // v4
+						{
+							boost::asio::ip::address_v4::bytes_type bytes;
+							memcpy (bytes.data (), address, 4);
+							addr = boost::asio::ip::address_v4 (bytes);
+						}
+						else // v6
+						{
+							boost::asio::ip::address_v6::bytes_type bytes;
+							memcpy (bytes.data (), address, 6);
+							addr = boost::asio::ip::address_v6 (bytes);
+						}		
+						SendPeerTest (nonce, addr, be16toh (port), introKey); // to Alice with her address received from Bob
 					}
 					else
 					{
 						LogPrint (eLogDebug, "SSU: peer test from Alice. We are Bob");
-						auto session = m_Server.GetRandomEstablishedV4Session (shared_from_this ()); // Charlie, TODO: implement v6 support
+						auto session = senderEndpoint.address ().is_v4 () ? m_Server.GetRandomEstablishedV4Session (shared_from_this ()) : m_Server.GetRandomEstablishedV6Session (shared_from_this ()); // Charlie
 						if (session)
 						{
 							m_Server.NewPeerTest (nonce, ePeerTestParticipantBob, shared_from_this ());
-							session->SendPeerTest (nonce, senderEndpoint.address ().to_v4 ().to_ulong (),
-								senderEndpoint.port (), introKey, false); // to Charlie with Alice's actual address 	
+							session->SendPeerTest (nonce, senderEndpoint.address (), senderEndpoint.port (), introKey, false); // to Charlie with Alice's actual address 	
 						}	
 					}
 				}
@@ -982,7 +1031,7 @@ namespace transport
 		}	
 	}
 	
-	void SSUSession::SendPeerTest (uint32_t nonce, uint32_t address, uint16_t port, 
+	void SSUSession::SendPeerTest (uint32_t nonce, const boost::asio::ip::address& address, uint16_t port, 
 		const uint8_t * introKey, bool toAddress, bool sendAddress)
 	// toAddress is true for Alice<->Chalie communications only
 	// sendAddress is false if message comes from Alice		
@@ -993,12 +1042,21 @@ namespace transport
 		htobe32buf (payload, nonce);
 		payload += 4; // nonce	
 		// address and port
-		if (sendAddress && address)
-		{					
-			*payload = 4;
-			payload++; // size
-			htobe32buf (payload, address);
-			payload += 4; // address
+		if (sendAddress)
+		{
+			if (address.is_v4 ())
+			{
+				*payload = 4;
+				memcpy (payload + 1, address.to_v4 ().to_bytes ().data (), 4); // our IP V4
+			}
+			else if (address.is_v6 ())
+			{
+				*payload = 6;
+				memcpy (payload + 1, address.to_v6 ().to_bytes ().data (), 16); // our IP V6		
+			}
+			else
+				*payload = 0;
+			payload += (payload[0] + 1);			
 		}
 		else
 		{
@@ -1026,7 +1084,7 @@ namespace transport
 		{	
 			// encrypt message with specified intro key
 			FillHeaderAndEncrypt (PAYLOAD_TYPE_PEER_TEST, buf, 80, introKey, iv, introKey);
-			boost::asio::ip::udp::endpoint e (boost::asio::ip::address_v4 (address), port);
+			boost::asio::ip::udp::endpoint e (address, port);
 			m_Server.Send (buf, 80, e);
 		}	
 		else
@@ -1041,7 +1099,7 @@ namespace transport
 	{
 		// we are Alice
 		LogPrint (eLogDebug, "SSU: sending peer test");
-		auto address = i2p::context.GetRouterInfo ().GetSSUAddress ();
+		auto address = i2p::context.GetRouterInfo ().GetSSUAddress (false);
 		if (!address)
 		{
 			LogPrint (eLogInfo, "SSU is not supported. Can't send peer test");
@@ -1052,7 +1110,7 @@ namespace transport
 		if (!nonce) nonce = 1;
 		m_IsPeerTest = false;
 		m_Server.NewPeerTest (nonce, ePeerTestParticipantAlice1);
-		SendPeerTest (nonce, 0, 0, address->key, false, false); // address and port always zero for Alice
+		SendPeerTest (nonce, boost::asio::ip::address(), 0, address->key, false, false); // address and port always zero for Alice
 	}	
 
 	void SSUSession::SendKeepAlive ()

SSUSession.h

@@ -39,6 +39,9 @@ namespace transport
 	const uint8_t PAYLOAD_TYPE_PEER_TEST = 7;
 	const uint8_t PAYLOAD_TYPE_SESSION_DESTROYED = 8;
 
+	// extended options
+	const uint16_t EXTENDED_OPTIONS_FLAG_REQUEST_RELAY_TAG = 0x0001;
+
 	enum SessionState
 	{
 		eSessionStateUnknown,	
@@ -101,7 +104,7 @@ namespace transport
 			void SendSessionRequest ();
 			void SendRelayRequest (const i2p::data::RouterInfo::Introducer& introducer, uint32_t nonce);
 			void ProcessSessionCreated (uint8_t * buf, size_t len);
-			void SendSessionCreated (const uint8_t * x);
+			void SendSessionCreated (const uint8_t * x, bool sendRelayTag = true);
 			void ProcessSessionConfirmed (const uint8_t * buf, size_t len);
 			void SendSessionConfirmed (const uint8_t * y, const uint8_t * ourAddress, size_t ourAddressLen);
 			void ProcessRelayRequest (const uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& from);
@@ -115,13 +118,14 @@ namespace transport
 			void ScheduleConnectTimer ();
 			void HandleConnectTimer (const boost::system::error_code& ecode);
 			void ProcessPeerTest (const uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
-			void SendPeerTest (uint32_t nonce, uint32_t address, uint16_t port, const uint8_t * introKey, bool toAddress = true, bool sendAddress = true); 
+			void SendPeerTest (uint32_t nonce, const boost::asio::ip::address& address, uint16_t port, const uint8_t * introKey, bool toAddress = true, bool sendAddress = true); 
 			void ProcessData (uint8_t * buf, size_t len);		
 			void SendSesionDestroyed ();
 			void Send (uint8_t type, const uint8_t * payload, size_t len); // with session key
 			void Send (const uint8_t * buf, size_t size); 
 			
-			void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, const i2p::crypto::AESKey& aesKey, const uint8_t * iv, const i2p::crypto::MACKey& macKey);
+			void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, const i2p::crypto::AESKey& aesKey, 
+				const uint8_t * iv, const i2p::crypto::MACKey& macKey, uint8_t flag = 0);
 			void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len); // with session key 
 			void Decrypt (uint8_t * buf, size_t len, const i2p::crypto::AESKey& aesKey);
 			void DecryptSessionKey (uint8_t * buf, size_t len);

Signature.cpp

@@ -435,8 +435,13 @@ namespace crypto
 	std::unique_ptr<Ed25519>& GetEd25519 ()
 	{
 		if (!g_Ed25519)
-			g_Ed25519.reset (new Ed25519());
-			
+		{
+			auto c = new Ed25519();
+			if (!g_Ed25519) // make sure it was not created already
+				g_Ed25519.reset (c);
+			else
+				delete c;
+		}	
 		return g_Ed25519; 
 	}	
 	

Signature.h

@@ -3,12 +3,10 @@
 
 #include <inttypes.h>
 #include <string.h>
-#include <openssl/sha.h>
 #include <openssl/dsa.h>
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
 #include <openssl/rsa.h>
-#include <openssl/rand.h>
 #include <openssl/evp.h>
 #include "Crypto.h"
 

Streaming.cpp

@@ -1,4 +1,4 @@
-#include <openssl/rand.h>
+#include "Crypto.h"
 #include "Log.h"
 #include "RouterInfo.h"
 #include "RouterContext.h"
@@ -22,7 +22,6 @@ namespace stream
 	{
 		RAND_bytes ((uint8_t *)&m_RecvStreamID, 4);
 		m_RemoteIdentity = remote->GetIdentity ();
-		m_CurrentRemoteLease.endDate = 0;
 	}	
 
 	Stream::Stream (boost::asio::io_service& service, StreamingDestination& local):
@@ -37,7 +36,6 @@ namespace stream
 
 	Stream::~Stream ()
 	{	
-		Terminate ();
 		while (!m_ReceiveQueue.empty ())
 		{
 			auto packet = m_ReceiveQueue.front ();
@@ -67,6 +65,7 @@ namespace stream
 			m_SendHandler = nullptr;
 			handler (boost::asio::error::make_error_code (boost::asio::error::operation_aborted));
 		}
+		m_LocalDestination.DeleteStream (shared_from_this ());	
 	}	
 		
 	void Stream::HandleNextPacket (Packet * packet)
@@ -88,8 +87,8 @@ namespace stream
 			return;
 		}
 
-		LogPrint (eLogDebug, "Streaming: Received seqn=", receivedSeqn);
-		if (isSyn || receivedSeqn == m_LastReceivedSequenceNumber + 1)
+		LogPrint (eLogDebug, "Streaming: Received seqn=", receivedSeqn, " on sSID=", m_SendStreamID);
+		if (receivedSeqn == m_LastReceivedSequenceNumber + 1)
 		{			
 			// we have received next in sequence message
 			ProcessPacket (packet);
@@ -114,7 +113,9 @@ namespace stream
 				if (!m_IsAckSendScheduled)
 				{
 					m_IsAckSendScheduled = true;
-					m_AckSendTimer.expires_from_now (boost::posix_time::milliseconds(ACK_SEND_TIMEOUT));
+					auto ackTimeout = m_RTT/10;
+					if (ackTimeout > ACK_SEND_TIMEOUT) ackTimeout = ACK_SEND_TIMEOUT;
+					m_AckSendTimer.expires_from_now (boost::posix_time::milliseconds(ackTimeout));
 					m_AckSendTimer.async_wait (std::bind (&Stream::HandleAckSendTimer,
 						shared_from_this (), std::placeholders::_1));
 				}
@@ -128,13 +129,13 @@ namespace stream
 			if (receivedSeqn <= m_LastReceivedSequenceNumber)
 			{
 				// we have received duplicate
-				LogPrint (eLogWarning, "Streaming: Duplicate message ", receivedSeqn, " received");
+				LogPrint (eLogWarning, "Streaming: Duplicate message ", receivedSeqn, " on sSID=", m_SendStreamID);
 				SendQuickAck (); // resend ack for previous message again
 				delete packet; // packet dropped
 			}	
 			else
 			{
-				LogPrint (eLogWarning, "Streaming: Missing messages from ", m_LastReceivedSequenceNumber + 1, " to ", receivedSeqn - 1);
+				LogPrint (eLogWarning, "Streaming: Missing messages on sSID=", m_SendStreamID, ": from ", m_LastReceivedSequenceNumber + 1, " to ", receivedSeqn - 1);
 				// save message and wait for missing message again
 				SavePacket (packet);
 				if (m_LastReceivedSequenceNumber >= 0)
@@ -161,7 +162,8 @@ namespace stream
 
 	void Stream::SavePacket (Packet * packet)
 	{
-		m_SavedPackets.insert (packet);
+		if (!m_SavedPackets.insert (packet).second)
+			delete packet;
 	}	
 
 	void Stream::ProcessPacket (Packet * packet)
@@ -181,7 +183,7 @@ namespace stream
 			m_RemoteIdentity = std::make_shared<i2p::data::IdentityEx>(optionData, packet->GetOptionSize ());
 			optionData += m_RemoteIdentity->GetFullLen ();
 			if (!m_RemoteLeaseSet)
-				LogPrint (eLogDebug, "Streaming: Incoming stream from ", m_RemoteIdentity->GetIdentHash ().ToBase64 ());
+				LogPrint (eLogDebug, "Streaming: Incoming stream from ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), ", sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);
 		}	
 
 		if (flags & PACKET_FLAG_MAX_PACKET_SIZE_INCLUDED)
@@ -199,7 +201,7 @@ namespace stream
 			memset (const_cast<uint8_t *>(optionData), 0, signatureLen);
 			if (!m_RemoteIdentity->Verify (packet->GetBuffer (), packet->GetLength (), signature))
 			{  
-				LogPrint (eLogError, "Streaming: Signature verification failed");
+				LogPrint (eLogError, "Streaming: Signature verification failed, sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID);
 				Close ();
 				flags |= PACKET_FLAG_CLOSE;
 			}	
@@ -218,11 +220,19 @@ namespace stream
 		
 		m_LastReceivedSequenceNumber = receivedSeqn;
 
-		if (flags & (PACKET_FLAG_CLOSE | PACKET_FLAG_RESET))
+		if (flags & PACKET_FLAG_RESET)
 		{
+			LogPrint (eLogDebug, "Streaming: closing stream sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID, ": reset flag received in packet #", receivedSeqn);
 			m_Status = eStreamStatusReset;
 			Close ();
 		}
+		else if (flags & PACKET_FLAG_CLOSE)
+		{
+			if (m_Status != eStreamStatusClosed)
+				SendClose ();
+			m_Status = eStreamStatusClosed;
+			Terminate (); 
+		}
 	}	
 
 	void Stream::ProcessAck (Packet * packet)
@@ -230,9 +240,14 @@ namespace stream
 		bool acknowledged = false;
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 		uint32_t ackThrough = packet->GetAckThrough ();
+		if (ackThrough > m_SequenceNumber)
+		{
+			LogPrint (eLogError, "Streaming: Unexpected ackThrough=", ackThrough, " > seqn=", m_SequenceNumber);
+			return;
+		}	
 		int nackCount = packet->GetNACKCount ();
 		for (auto it = m_SentPackets.begin (); it != m_SentPackets.end ();)
-		{			
+		{
 			auto seqn = (*it)->GetSeqn ();
 			if (seqn <= ackThrough)
 			{
@@ -248,7 +263,7 @@ namespace stream
 					if (nacked)
 					{
 						LogPrint (eLogDebug, "Streaming: Packet ", seqn, " NACK");
-						it++;
+						++it;
 						continue;
 					}	
 				}
@@ -256,7 +271,7 @@ namespace stream
 				uint64_t rtt = ts - sentPacket->sendTime;
 				m_RTT = (m_RTT*seqn + rtt)/(seqn + 1);
 				m_RTO = m_RTT*1.5; // TODO: implement it better
-				LogPrint (eLogDebug, "Packet ", seqn, " acknowledged rtt=", rtt);
+				LogPrint (eLogDebug, "Streaming: Packet ", seqn, " acknowledged rtt=", rtt);
 				m_SentPackets.erase (it++);
 				delete sentPacket;	
 				acknowledged = true;
@@ -272,6 +287,10 @@ namespace stream
 						m_LastWindowSizeIncreaseTime = ts;
 					}
 				}
+				if (!seqn && m_RoutingSession) // first message confirmed
+					m_RoutingSession->SetSharedRoutingPath (
+						std::make_shared<i2p::garlic::GarlicRoutingPath> (
+							i2p::garlic::GarlicRoutingPath{m_CurrentOutboundTunnel, m_CurrentRemoteLease, m_RTT, 0, 0}));
 			}
 			else
 				break;
@@ -283,8 +302,10 @@ namespace stream
 			m_NumResendAttempts = 0;
 			SendBuffer ();
 		}	
-		if (m_Status == eStreamStatusClosing)
-			Close (); // all outgoing messages have been sent
+		if (m_Status == eStreamStatusClosed)
+			Terminate ();
+		else if (m_Status == eStreamStatusClosing)
+			Close (); // check is all outgoing messages have been sent and we can send close
 	}		
 		
 	size_t Stream::Send (const uint8_t * buf, size_t len)
@@ -330,9 +351,9 @@ namespace stream
 				htobe32buf (packet + size, m_SequenceNumber++);
 				size += 4; // sequenceNum
 				if (isNoAck)			
-					htobe32buf (packet + size, m_LastReceivedSequenceNumber);
-				else
 					htobuf32 (packet + size, 0);
+				else
+					htobe32buf (packet + size, m_LastReceivedSequenceNumber);
 				size += 4; // ack Through
 				packet[size] = 0; 
 				size++; // NACK count
@@ -384,11 +405,14 @@ namespace stream
 		}	
 		if (packets.size () > 0)
 		{
-			m_IsAckSendScheduled = false;	
-			m_AckSendTimer.cancel ();
+			if (m_SavedPackets.empty ()) // no NACKS
+			{	
+				m_IsAckSendScheduled = false;	
+				m_AckSendTimer.cancel ();
+			}	
 			bool isEmpty = m_SentPackets.empty ();
 			auto ts = i2p::util::GetMillisecondsSinceEpoch ();
-			for (auto it: packets)
+			for (auto& it: packets)
 			{
 				it->sendTime = ts;
 				m_SentPackets.insert (it);
@@ -437,7 +461,7 @@ namespace stream
 				auto seqn = it->GetSeqn ();
 				if (numNacks + (seqn - nextSeqn) >= 256)
 				{
-					LogPrint (eLogError, "Number of NACKs exceeds 256. seqn=", seqn, " nextSeqn=", nextSeqn);
+					LogPrint (eLogError, "Streaming: Number of NACKs exceeds 256. seqn=", seqn, " nextSeqn=", nextSeqn);
 					htobe32buf (packet + 12, nextSeqn); // change ack Through
 					break;
 				}	
@@ -472,35 +496,32 @@ namespace stream
 
 	void Stream::Close ()
 	{
+		LogPrint(eLogDebug, "Streaming: closing stream with sSID=", m_SendStreamID, ", rSID=", m_RecvStreamID, ", status=", m_Status);
 		switch (m_Status)
 		{
 			case eStreamStatusOpen:
 				m_Status = eStreamStatusClosing;
 				Close (); // recursion
 				if (m_Status == eStreamStatusClosing) //still closing
-					LogPrint (eLogInfo, "Streaming: Trying to send stream data before closing");
+					LogPrint (eLogDebug, "Streaming: Trying to send stream data before closing, sSID=", m_SendStreamID);
 			break;
 			case eStreamStatusReset:
-				SendClose (); 
-				Terminate ();
-				m_LocalDestination.DeleteStream (shared_from_this ());	
+				// TODO: send reset
+				Terminate ();	
 			break;
 			case eStreamStatusClosing:
 				if (m_SentPackets.empty () && m_SendBuffer.eof ()) // nothing to send
 				{
 					m_Status = eStreamStatusClosed;
 					SendClose ();
-					Terminate ();
-					m_LocalDestination.DeleteStream (shared_from_this ());	
 				}
 			break;
 			case eStreamStatusClosed:
 				// already closed
 				Terminate ();
-				m_LocalDestination.DeleteStream (shared_from_this ());		
 			break;				
 			default:
-				LogPrint (eLogWarning, "Streaming: Unexpected stream status ", (int)m_Status);
+				LogPrint (eLogWarning, "Streaming: Unexpected stream status ", (int)m_Status, "sSID=", m_SendStreamID);
 		};			
 	}
 
@@ -515,7 +536,7 @@ namespace stream
 		size += 4; // receiveStreamID
 		htobe32buf (packet + size, m_SequenceNumber++);
 		size += 4; // sequenceNum
-		htobe32buf (packet + size, m_LastReceivedSequenceNumber);
+		htobe32buf (packet + size, m_LastReceivedSequenceNumber >= 0 ?  m_LastReceivedSequenceNumber : 0);
 		size += 4; // ack Through
 		packet[size] = 0; 
 		size++; // NACK count
@@ -532,7 +553,7 @@ namespace stream
 		
 		p->len = size;
 		m_Service.post (std::bind (&Stream::SendPacket, shared_from_this (), p));
-		LogPrint (eLogDebug, "Streaming: FIN sent");
+		LogPrint (eLogDebug, "Streaming: FIN sent, sSID=", m_SendStreamID);
 	}	
 		
 	size_t Stream::ConcatenatePackets (uint8_t * buf, size_t len)
@@ -564,15 +585,10 @@ namespace stream
 				m_AckSendTimer.cancel ();
 			}
 			SendPackets (std::vector<Packet *> { packet });
-			if (m_Status == eStreamStatusOpen)
-			{	
-				bool isEmpty = m_SentPackets.empty ();
-				m_SentPackets.insert (packet);
-				if (isEmpty)
-					ScheduleResend ();
-			}	
-			else
-				delete packet;
+			bool isEmpty = m_SentPackets.empty ();
+			m_SentPackets.insert (packet);
+			if (isEmpty)
+				ScheduleResend ();
 			return true;	
 		}	
 		else
@@ -586,31 +602,48 @@ namespace stream
 			UpdateCurrentRemoteLease ();	
 			if (!m_RemoteLeaseSet)
 			{
-				LogPrint (eLogError, "Streaming: Can't send packets, missing remote LeaseSet");
+				LogPrint (eLogError, "Streaming: Can't send packets, missing remote LeaseSet, sSID=", m_SendStreamID);
 				return;
 			}
 		}
+		if (!m_CurrentOutboundTunnel) // first message to send
+		{
+			// try to get shared path first
+			if (!m_RoutingSession)
+				m_RoutingSession = m_LocalDestination.GetOwner ()->GetRoutingSession (m_RemoteLeaseSet, true);
+			if (m_RoutingSession)
+			{	
+				auto routingPath = m_RoutingSession->GetSharedRoutingPath ();
+				if (routingPath)
+				{
+					m_CurrentOutboundTunnel = routingPath->outboundTunnel;
+					m_CurrentRemoteLease = routingPath->remoteLease;
+					m_RTT = routingPath->rtt;
+					m_RTO = m_RTT*1.5; // TODO: implement it better
+				}
+			}	
+		}	
 		if (!m_CurrentOutboundTunnel || !m_CurrentOutboundTunnel->IsEstablished ())
 			m_CurrentOutboundTunnel = m_LocalDestination.GetOwner ()->GetTunnelPool ()->GetNewOutboundTunnel (m_CurrentOutboundTunnel);
 		if (!m_CurrentOutboundTunnel)
 		{
-			LogPrint (eLogError, "Streaming: No outbound tunnels in the pool");
+			LogPrint (eLogError, "Streaming: No outbound tunnels in the pool, sSID=", m_SendStreamID);
 			return;
 		}
 
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();		
-		if (!m_CurrentRemoteLease.endDate || ts >= m_CurrentRemoteLease.endDate - i2p::tunnel::TUNNEL_EXPIRATION_THRESHOLD*1000)
+		if (!m_CurrentRemoteLease || ts >= m_CurrentRemoteLease->endDate - i2p::data::LEASE_ENDDATE_THRESHOLD)
 			UpdateCurrentRemoteLease (true);
-		if (ts < m_CurrentRemoteLease.endDate)
+		if (m_CurrentRemoteLease && ts < m_CurrentRemoteLease->endDate + i2p::data::LEASE_ENDDATE_THRESHOLD)
 		{	
 			std::vector<i2p::tunnel::TunnelMessageBlock> msgs;
 			for (auto it: packets)
 			{ 
-				auto msg = m_RoutingSession->WrapSingleMessage (CreateDataMessage (it->GetBuffer (), it->GetLength ()));
+				auto msg = m_RoutingSession->WrapSingleMessage (m_LocalDestination.CreateDataMessage (it->GetBuffer (), it->GetLength (), m_Port));
 				msgs.push_back (i2p::tunnel::TunnelMessageBlock 
 					{ 
 						i2p::tunnel::eDeliveryTypeTunnel,
-						m_CurrentRemoteLease.tunnelGateway, m_CurrentRemoteLease.tunnelID,
+						m_CurrentRemoteLease->tunnelGateway, m_CurrentRemoteLease->tunnelID,
 						msg
 					});	
 				m_NumSentBytes += it->GetLength ();
@@ -618,7 +651,7 @@ namespace stream
 			m_CurrentOutboundTunnel->SendTunnelDataMsg (msgs);
 		}	
 		else
-			LogPrint (eLogWarning, "Streaming: All leases are expired");
+			LogPrint (eLogWarning, "Streaming: All leases are expired, sSID=", m_SendStreamID);
 	}
 
 		
@@ -637,7 +670,7 @@ namespace stream
 			// check for resend attempts
 			if (m_NumResendAttempts >= MAX_NUM_RESEND_ATTEMPTS)
 			{
-				LogPrint (eLogWarning, "Streaming: packet was not ACKed after ", MAX_NUM_RESEND_ATTEMPTS,  " attempts, terminate");
+				LogPrint (eLogWarning, "Streaming: packet was not ACKed after ", MAX_NUM_RESEND_ATTEMPTS, " attempts, terminate, rSID=", m_RecvStreamID, ", sSID=", m_SendStreamID);
 				m_Status = eStreamStatusReset;
 				Close ();
 				return;
@@ -669,14 +702,16 @@ namespace stream
 					case 2:
 						m_RTO = INITIAL_RTO; // drop RTO to initial upon tunnels pair change first time
 						// no break here
-					case 4:	
+					case 4:
+						if (m_RoutingSession) m_RoutingSession->SetSharedRoutingPath (nullptr);
 						UpdateCurrentRemoteLease (); // pick another lease
-						LogPrint (eLogWarning, "Streaming: Another remote lease has been selected for stream");
+						LogPrint (eLogWarning, "Streaming: Another remote lease has been selected for stream with rSID=", m_RecvStreamID, ", sSID=", m_SendStreamID);
 					break;	
 					case 3:
 						// pick another outbound tunnel 
+						if (m_RoutingSession) m_RoutingSession->SetSharedRoutingPath (nullptr);
 						m_CurrentOutboundTunnel = m_LocalDestination.GetOwner ()->GetTunnelPool ()->GetNextOutboundTunnel (m_CurrentOutboundTunnel); 
-						LogPrint (eLogWarning, "Streaming: Another outbound tunnel has been selected for stream");
+						LogPrint (eLogWarning, "Streaming: Another outbound tunnel has been selected for stream with sSID=", m_SendStreamID);
 					break;
 					default: ;	
 				}	
@@ -692,7 +727,7 @@ namespace stream
 		{
 			if (m_LastReceivedSequenceNumber < 0)
 			{
-				LogPrint (eLogWarning, "Streaming: SYN has not been recived after ", ACK_SEND_TIMEOUT, " milliseconds after follow on, terminate");
+				LogPrint (eLogWarning, "Streaming: SYN has not been received after ", ACK_SEND_TIMEOUT, " milliseconds after follow on, terminate rSID=", m_RecvStreamID, ", sSID=", m_SendStreamID);
 				m_Status = eStreamStatusReset;
 				Close ();
 				return;
@@ -705,11 +740,11 @@ namespace stream
 
 	void Stream::UpdateCurrentRemoteLease (bool expired)
 	{
-		if (!m_RemoteLeaseSet)
+		if (!m_RemoteLeaseSet || m_RemoteLeaseSet->IsExpired ()) 
 		{
 			m_RemoteLeaseSet = m_LocalDestination.GetOwner ()->FindLeaseSet (m_RemoteIdentity->GetIdentHash ());
-			if (!m_RemoteLeaseSet)		
-				LogPrint (eLogError, "Streaming: LeaseSet ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), " not found");
+			if (!m_RemoteLeaseSet)	
+				LogPrint (eLogWarning, "Streaming: LeaseSet ", m_RemoteIdentity->GetIdentHash ().ToBase64 (), " not found");
 		}
 		if (m_RemoteLeaseSet)
 		{
@@ -719,16 +754,16 @@ namespace stream
 			if (leases.empty ())
 			{
 				expired = false;
-				m_LocalDestination.GetOwner ()->RequestDestination (m_RemoteIdentity->GetIdentHash ()); // time to re-request
-				leases = m_RemoteLeaseSet->GetNonExpiredLeases (true); // then with threshold
+				m_LocalDestination.GetOwner ()->RequestDestination (m_RemoteIdentity->GetIdentHash ()); // time to request
+				leases = m_RemoteLeaseSet->GetNonExpiredLeases (true); // then with threshold	
 			}
 			if (!leases.empty ())
 			{	
 				bool updated = false;	
-				if (expired)
+				if (expired && m_CurrentRemoteLease)
 				{
-					for (auto it: leases)
-						if ((it.tunnelGateway == m_CurrentRemoteLease.tunnelGateway) && (it.tunnelID != m_CurrentRemoteLease.tunnelID))
+					for (const auto& it: leases)
+						if ((it->tunnelGateway == m_CurrentRemoteLease->tunnelGateway) && (it->tunnelID != m_CurrentRemoteLease->tunnelID))
 						{
 							m_CurrentRemoteLease = it;
 							updated = true;
@@ -738,7 +773,7 @@ namespace stream
 				if (!updated)
 				{
 					uint32_t i = rand () % leases.size ();
-					if (m_CurrentRemoteLease.endDate && leases[i].tunnelID == m_CurrentRemoteLease.tunnelID)
+					if (m_CurrentRemoteLease && leases[i]->tunnelID == m_CurrentRemoteLease->tunnelID)
 						// make sure we don't select previous 	
 						i = (i + 1) % leases.size (); // if so, pick next
 					m_CurrentRemoteLease = leases[i];		
@@ -747,46 +782,28 @@ namespace stream
 			else
 			{	
 				m_RemoteLeaseSet = nullptr;
-				m_CurrentRemoteLease.endDate = 0;
-				// re-request expired
+				m_CurrentRemoteLease = nullptr;
+				// we have requested expired before, no need to do it twice
 			}	
 		}
 		else
-			m_CurrentRemoteLease.endDate = 0;
+			m_CurrentRemoteLease = nullptr;
 	}	
 
-	std::shared_ptr<I2NPMessage> Stream::CreateDataMessage (const uint8_t * payload, size_t len)
-	{
-		auto msg = NewI2NPShortMessage ();
-		if (len <= i2p::stream::COMPRESSION_THRESHOLD_SIZE)
-			m_LocalDestination.m_Deflator.SetCompressionLevel (Z_NO_COMPRESSION);
-		else
-			m_LocalDestination.m_Deflator.SetCompressionLevel (Z_DEFAULT_COMPRESSION);
-		uint8_t * buf = msg->GetPayload ();
-		buf += 4; // reserve for lengthlength
-		msg->len += 4;
-		size_t size = m_LocalDestination.m_Deflator.Deflate (payload, len, buf, msg->maxLen - msg->len);
-		if (size)
-		{
-			htobe32buf (msg->GetPayload (), size); // length
-			htobe16buf (buf + 4, m_LocalDestination.GetLocalPort ()); // source port
-			htobe16buf (buf + 6, m_Port); // destination port 
-			buf[9] = i2p::client::PROTOCOL_TYPE_STREAMING; // streaming protocol
-			msg->len += size; 
-			msg->FillI2NPMessageHeader (eI2NPData);
-		}	
-		else
-			msg = nullptr;
-		return msg;
-	}	
-
-	StreamingDestination::StreamingDestination (std::shared_ptr<i2p::client::ClientDestination> owner, uint16_t localPort): 
-		m_Owner (owner), m_LocalPort (localPort), m_PendingIncomingTimer (m_Owner->GetService ())
+	StreamingDestination::StreamingDestination (std::shared_ptr<i2p::client::ClientDestination> owner, uint16_t localPort, bool gzip): 
+		m_Owner (owner), m_LocalPort (localPort), m_Gzip (gzip), 
+		m_PendingIncomingTimer (m_Owner->GetService ())
 	{
 	}
 		
 	StreamingDestination::~StreamingDestination ()
 	{
+		for (auto& it: m_SavedPackets)
+		{
+			for (auto it1: it.second) delete it1;
+			it.second.clear ();	
+		}
+		m_SavedPackets.clear ();
 	}
 
 	void StreamingDestination::Start ()
@@ -813,7 +830,7 @@ namespace stream
 				it->second->HandleNextPacket (packet);
 			else
 			{	
-				LogPrint (eLogError, "Streaming: Unknown stream sendStreamID=", sendStreamID);
+				LogPrint (eLogError, "Streaming: Unknown stream sSID=", sendStreamID);
 				delete packet;
 			}
 		}	
@@ -822,7 +839,20 @@ namespace stream
 			if (packet->IsSYN () && !packet->GetSeqn ()) // new incoming stream
 			{	
 				auto incomingStream = CreateNewIncomingStream ();
-				incomingStream->HandleNextPacket (packet);
+				uint32_t receiveStreamID = packet->GetReceiveStreamID ();
+				incomingStream->HandleNextPacket (packet); // SYN
+				// handle saved packets if any
+				{
+					auto it = m_SavedPackets.find (receiveStreamID);
+					if (it != m_SavedPackets.end ())
+					{
+						LogPrint (eLogDebug, "Streaming: Processing ", it->second.size (), " saved packets for rSID=", receiveStreamID);
+						for (auto it1: it->second)
+							incomingStream->HandleNextPacket (it1);
+						m_SavedPackets.erase (it);
+					}			
+				}	
+				// accept
 				if (m_Acceptor != nullptr)
 					m_Acceptor (incomingStream);
 				else
@@ -834,8 +864,8 @@ namespace stream
 						m_PendingIncomingTimer.cancel ();
 						m_PendingIncomingTimer.expires_from_now (boost::posix_time::seconds(PENDING_INCOMING_TIMEOUT));
 						m_PendingIncomingTimer.async_wait (std::bind (&StreamingDestination::HandlePendingIncomingTimer, 
-							this, std::placeholders::_1));
-						LogPrint (eLogDebug, "Streaming: Pending incoming stream added");
+							shared_from_this (), std::placeholders::_1));
+						LogPrint (eLogDebug, "Streaming: Pending incoming stream added, rSID=", receiveStreamID);
 					}
 					else
 					{	
@@ -847,16 +877,37 @@ namespace stream
 			else // follow on packet without SYN
 			{
 				uint32_t receiveStreamID = packet->GetReceiveStreamID ();
-				for (auto it: m_Streams)
+				for (auto& it: m_Streams)
 					if (it.second->GetSendStreamID () == receiveStreamID)
 					{
 						// found
 						it.second->HandleNextPacket (packet);
 						return;
 					}
-				// TODO: should queue it up
-				LogPrint (eLogError, "Streaming: Unknown stream receiveStreamID=", receiveStreamID);
-				delete packet;
+				// save follow on packet
+				auto it = m_SavedPackets.find (receiveStreamID);
+				if (it != m_SavedPackets.end ())
+					it->second.push_back (packet);
+				else
+				{
+					m_SavedPackets[receiveStreamID] = std::list<Packet *>{ packet };
+					auto timer = std::make_shared<boost::asio::deadline_timer> (m_Owner->GetService ());
+					timer->expires_from_now (boost::posix_time::seconds(PENDING_INCOMING_TIMEOUT));
+					auto s = shared_from_this ();
+					timer->async_wait ([s,timer,receiveStreamID](const boost::system::error_code& ecode)
+					{
+						if (ecode != boost::asio::error::operation_aborted)
+						{
+							auto it = s->m_SavedPackets.find (receiveStreamID);
+							if (it != s->m_SavedPackets.end ())
+							{
+								for (auto it1: it->second) delete it1;
+								it->second.clear ();
+								s->m_SavedPackets.erase (it);
+							}
+						}
+					});
+				}
 			}	
 		}	
 	}	
@@ -893,7 +944,7 @@ namespace stream
 		m_Owner->GetService ().post([acceptor, this](void)
 			{                            
 				m_Acceptor = acceptor;
-				for (auto it: m_PendingIncomingStreams)
+				for (auto& it: m_PendingIncomingStreams)
 					if (it->GetStatus () == eStreamStatusOpen) // still open?
 						m_Acceptor (it);
 				m_PendingIncomingStreams.clear ();
@@ -912,7 +963,7 @@ namespace stream
 		if (ecode != boost::asio::error::operation_aborted)
 		{
 			LogPrint (eLogWarning, "Streaming: Pending incoming timeout expired");
-			for (auto it: m_PendingIncomingStreams)
+			for (auto& it: m_PendingIncomingStreams)
 				it->Close ();
 			m_PendingIncomingStreams.clear ();
 		}	
@@ -929,5 +980,30 @@ namespace stream
 		else
 			delete uncompressed;
 	}
+
+	std::shared_ptr<I2NPMessage> StreamingDestination::CreateDataMessage (const uint8_t * payload, size_t len, uint16_t toPort)
+	{
+		auto msg = NewI2NPShortMessage ();
+		if (!m_Gzip || len <= i2p::stream::COMPRESSION_THRESHOLD_SIZE)
+			m_Deflator.SetCompressionLevel (Z_NO_COMPRESSION);
+		else
+			m_Deflator.SetCompressionLevel (Z_DEFAULT_COMPRESSION);
+		uint8_t * buf = msg->GetPayload ();
+		buf += 4; // reserve for lengthlength
+		msg->len += 4;
+		size_t size = m_Deflator.Deflate (payload, len, buf, msg->maxLen - msg->len);
+		if (size)
+		{
+			htobe32buf (msg->GetPayload (), size); // length
+			htobe16buf (buf + 4, m_LocalPort); // source port
+			htobe16buf (buf + 6, toPort); // destination port 
+			buf[9] = i2p::client::PROTOCOL_TYPE_STREAMING; // streaming protocol
+			msg->len += size; 
+			msg->FillI2NPMessageHeader (eI2NPData);
+		}	
+		else
+			msg = nullptr;
+		return msg;
+	}	
 }		
 }	

Streaming.h

@@ -158,8 +158,6 @@ namespace stream
 			void ScheduleResend ();
 			void HandleResendTimer (const boost::system::error_code& ecode);
 			void HandleAckSendTimer (const boost::system::error_code& ecode);
-
-			std::shared_ptr<I2NPMessage> CreateDataMessage (const uint8_t * payload, size_t len);
 			
 		private:
 
@@ -172,7 +170,7 @@ namespace stream
 			std::shared_ptr<const i2p::data::IdentityEx> m_RemoteIdentity;
 			std::shared_ptr<const i2p::data::LeaseSet> m_RemoteLeaseSet;
 			std::shared_ptr<i2p::garlic::GarlicRoutingSession> m_RoutingSession;
-			i2p::data::Lease m_CurrentRemoteLease;
+			std::shared_ptr<const i2p::data::Lease> m_CurrentRemoteLease;
 			std::shared_ptr<i2p::tunnel::OutboundTunnel> m_CurrentOutboundTunnel;
 			std::queue<Packet *> m_ReceiveQueue;
 			std::set<Packet *, PacketCmp> m_SavedPackets;
@@ -189,13 +187,13 @@ namespace stream
 			SendHandler m_SendHandler;
 	};
 
-	class StreamingDestination
+	class StreamingDestination: public std::enable_shared_from_this<StreamingDestination>
 	{
 		public:
 
 			typedef std::function<void (std::shared_ptr<Stream>)> Acceptor;
 
-			StreamingDestination (std::shared_ptr<i2p::client::ClientDestination> owner, uint16_t localPort = 0);
+			StreamingDestination (std::shared_ptr<i2p::client::ClientDestination> owner, uint16_t localPort = 0, bool gzip = true);
 			~StreamingDestination ();	
 
 			void Start ();
@@ -210,6 +208,7 @@ namespace stream
 			uint16_t GetLocalPort () const { return m_LocalPort; };
 
 			void HandleDataMessagePayload (const uint8_t * buf, size_t len);
+			std::shared_ptr<I2NPMessage> CreateDataMessage (const uint8_t * payload, size_t len, uint16_t toPort);
 
 		private:		
 	
@@ -221,11 +220,13 @@ namespace stream
 
 			std::shared_ptr<i2p::client::ClientDestination> m_Owner;
 			uint16_t m_LocalPort;
+			bool m_Gzip; // gzip compression of data messages
 			std::mutex m_StreamsMutex;
-			std::map<uint32_t, std::shared_ptr<Stream> > m_Streams;
+			std::map<uint32_t, std::shared_ptr<Stream> > m_Streams; // sendStreamID->stream
 			Acceptor m_Acceptor;
 			std::list<std::shared_ptr<Stream> > m_PendingIncomingStreams;
 			boost::asio::deadline_timer m_PendingIncomingTimer;
+			std::map<uint32_t, std::list<Packet *> > m_SavedPackets; // receiveStreamID->packets, arrived before SYN
 			
 		public:
 

Tag.h

@@ -0,0 +1,90 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#ifndef TAG_H__
+#define TAG_H__
+
+#include <string.h> /* memcpy */
+
+#include "Base.h"
+
+namespace i2p {
+namespace data {
+	template<int sz>
+	class Tag
+	{
+		public:
+
+			Tag (const uint8_t * buf) { memcpy (m_Buf, buf, sz); };
+			Tag (const Tag<sz>& ) = default;
+#ifndef _WIN32 // FIXME!!! msvs 2013 can't compile it
+			Tag (Tag<sz>&& ) = default;
+#endif
+			Tag () = default;
+
+			Tag<sz>& operator= (const Tag<sz>& ) = default;
+#ifndef _WIN32
+			Tag<sz>& operator= (Tag<sz>&& ) = default;
+#endif
+
+			uint8_t * operator()() { return m_Buf; };
+			const uint8_t * operator()() const { return m_Buf; };
+
+			operator uint8_t * () { return m_Buf; };
+			operator const uint8_t * () const { return m_Buf; };
+
+			const uint64_t * GetLL () const { return ll; };
+
+			bool operator== (const Tag<sz>& other) const { return !memcmp (m_Buf, other.m_Buf, sz); };
+			bool operator< (const Tag<sz>& other) const { return memcmp (m_Buf, other.m_Buf, sz) < 0; };
+
+			bool IsZero () const
+			{
+				for (int i = 0; i < sz/8; i++)
+					if (ll[i]) return false;
+				return true;
+			}
+
+			std::string ToBase64 () const
+			{
+				char str[sz*2];
+				int l = i2p::data::ByteStreamToBase64 (m_Buf, sz, str, sz*2);
+				str[l] = 0;
+				return std::string (str);
+			}
+
+			std::string ToBase32 () const
+			{
+				char str[sz*2];
+				int l = i2p::data::ByteStreamToBase32 (m_Buf, sz, str, sz*2);
+				str[l] = 0;
+				return std::string (str);
+			}
+
+			void FromBase32 (const std::string& s)
+			{
+				i2p::data::Base32ToByteStream (s.c_str (), s.length (), m_Buf, sz);
+			}
+
+			void FromBase64 (const std::string& s)
+			{
+				i2p::data::Base64ToByteStream (s.c_str (), s.length (), m_Buf, sz);
+			}
+
+		private:
+
+			union // 8 bytes alignment
+			{
+				uint8_t m_Buf[sz];
+				uint64_t ll[sz/8];
+			};
+	};
+} // data
+} // i2p
+
+#endif /* TAG_H__ */

TransitTunnel.cpp

@@ -85,25 +85,25 @@ namespace tunnel
 		m_Endpoint.HandleDecryptedTunnelDataMsg (newMsg); 
 	}
 		
-	TransitTunnel * CreateTransitTunnel (uint32_t receiveTunnelID,
+	std::shared_ptr<TransitTunnel> CreateTransitTunnel (uint32_t receiveTunnelID,
 		const uint8_t * nextIdent, uint32_t nextTunnelID, 
 	    const uint8_t * layerKey,const uint8_t * ivKey, 
 		bool isGateway, bool isEndpoint)
 	{
 		if (isEndpoint)
 		{	
-			LogPrint (eLogInfo, "TransitTunnel: endpoint ", receiveTunnelID, " created");
-			return new TransitTunnelEndpoint (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey);
+			LogPrint (eLogDebug, "TransitTunnel: endpoint ", receiveTunnelID, " created");
+			return std::make_shared<TransitTunnelEndpoint> (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey);
 		}	
 		else if (isGateway)
 		{	
 			LogPrint (eLogInfo, "TransitTunnel: gateway ", receiveTunnelID, " created");
-			return new TransitTunnelGateway (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey);
+			return std::make_shared<TransitTunnelGateway> (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey);
 		}	
 		else	
 		{	
-			LogPrint (eLogInfo, "TransitTunnel: ", receiveTunnelID, "->", nextTunnelID, " created");
-			return new TransitTunnelParticipant (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey);
+			LogPrint (eLogDebug, "TransitTunnel: ", receiveTunnelID, "->", nextTunnelID, " created");
+			return std::make_shared<TransitTunnelParticipant> (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey);
 		}	
 	}		
 }

TransitTunnel.h

@@ -93,7 +93,7 @@ namespace tunnel
 			TunnelEndpoint m_Endpoint;
 	};
 	
-	TransitTunnel * CreateTransitTunnel (uint32_t receiveTunnelID,
+	std::shared_ptr<TransitTunnel> CreateTransitTunnel (uint32_t receiveTunnelID,
 		const uint8_t * nextIdent, uint32_t nextTunnelID, 
 	    const uint8_t * layerKey,const uint8_t * ivKey, 
 		bool isGateway, bool isEndpoint);

TransportSession.h

@@ -53,8 +53,8 @@ namespace transport
 	{
 		public:
 
-			TransportSession (std::shared_ptr<const i2p::data::RouterInfo> router): 
-				m_DHKeysPair (nullptr), m_NumSentBytes (0), m_NumReceivedBytes (0), m_IsOutgoing (router)
+			TransportSession (std::shared_ptr<const i2p::data::RouterInfo> router, int terminationTimeout): 
+				m_DHKeysPair (nullptr), m_NumSentBytes (0), m_NumReceivedBytes (0), m_IsOutgoing (router), m_TerminationTimeout (terminationTimeout)
 			{
 				if (router)
 					m_RemoteIdentity = router->GetRouterIdentity ();
@@ -70,6 +70,9 @@ namespace transport
 			size_t GetNumReceivedBytes () const { return m_NumReceivedBytes; };
 			bool IsOutgoing () const { return m_IsOutgoing; };
 			
+			int GetTerminationTimeout () const { return m_TerminationTimeout; };
+			void SetTerminationTimeout (int terminationTimeout) { m_TerminationTimeout = terminationTimeout; };	
+
 			virtual void SendI2NPMessages (const std::vector<std::shared_ptr<I2NPMessage> >& msgs) = 0;
 			
 		protected:
@@ -78,6 +81,7 @@ namespace transport
 			std::shared_ptr<i2p::crypto::DHKeys> m_DHKeysPair; // X - for client and Y - for server
 			size_t m_NumSentBytes, m_NumReceivedBytes;
 			bool m_IsOutgoing;
+			int m_TerminationTimeout;
 	};	
 }
 }

Transports.cpp

@@ -1,4 +1,3 @@
-#include <openssl/dh.h>
 #include "Log.h"
 #include "Crypto.h"
 #include "RouterContext.h"
@@ -47,7 +46,7 @@ namespace transport
 			int num;
 			while ((num = m_QueueSize - m_Queue.size ()) > 0)
 				CreateDHKeysPairs (num);
-			std::unique_lock<std::mutex>  l(m_AcquiredMutex);
+			std::unique_lock<std::mutex>	l(m_AcquiredMutex);
 			m_Acquired.wait (l); // wait for element gets aquired
 		}
 	}		
@@ -61,7 +60,7 @@ namespace transport
 			{
 				auto pair = std::make_shared<i2p::crypto::DHKeys> ();
 				pair->GenerateKeys ();
-				std::unique_lock<std::mutex>  l(m_AcquiredMutex);
+				std::unique_lock<std::mutex>	l(m_AcquiredMutex);
 				m_Queue.push (pair);
 			}
 		}
@@ -70,7 +69,7 @@ namespace transport
 	std::shared_ptr<i2p::crypto::DHKeys> DHKeysPairSupplier::Acquire ()
 	{
 		{
-			std::unique_lock<std::mutex>  l(m_AcquiredMutex);
+			std::unique_lock<std::mutex>	l(m_AcquiredMutex);
 			if (!m_Queue.empty ())
 			{
 				auto pair = m_Queue.front ();
@@ -87,14 +86,14 @@ namespace transport
 
 	void DHKeysPairSupplier::Return (std::shared_ptr<i2p::crypto::DHKeys> pair)
 	{
-		std::unique_lock<std::mutex>  l(m_AcquiredMutex);
+		std::unique_lock<std::mutex>	l(m_AcquiredMutex);
 		m_Queue.push (pair);
 	}
 
 	Transports transports;	
 	
 	Transports::Transports (): 
-		m_IsRunning (false), m_Thread (nullptr), m_Work (m_Service), m_PeerCleanupTimer (m_Service),
+		m_IsOnline (true), m_IsRunning (false), m_Thread (nullptr), m_Work (m_Service), m_PeerCleanupTimer (m_Service),
 		m_NTCPServer (nullptr), m_SSUServer (nullptr), m_DHKeysPairSupplier (5), // 5 pre-generated keys
 		m_TotalSentBytes(0), m_TotalReceivedBytes(0), m_InBandwidth (0), m_OutBandwidth (0),
 		m_LastInBandwidthUpdateBytes (0), m_LastOutBandwidthUpdateBytes (0), m_LastBandwidthUpdateTime (0)	
@@ -106,28 +105,45 @@ namespace transport
 		Stop ();
 	}	
 
-	void Transports::Start ()
+	void Transports::Start (bool enableNTCP, bool enableSSU)
 	{
 		m_DHKeysPairSupplier.Start ();
 		m_IsRunning = true;
 		m_Thread = new std::thread (std::bind (&Transports::Run, this));
 		// create acceptors
-		auto addresses = context.GetRouterInfo ().GetAddresses ();
-		for (auto& address : addresses)
+		auto& addresses = context.GetRouterInfo ().GetAddresses ();
+		for (const auto& address : addresses)
 		{
-			if (!m_NTCPServer)
-			{	
+			if (m_NTCPServer == nullptr && enableNTCP)
+			{
 				m_NTCPServer = new NTCPServer ();
 				m_NTCPServer->Start ();
+				if (!(m_NTCPServer->IsBoundV6() || m_NTCPServer->IsBoundV4())) {
+					/** failed to bind to NTCP */
+					LogPrint(eLogError, "Transports: failed to bind to TCP");
+					m_NTCPServer->Stop();
+					delete m_NTCPServer;
+					m_NTCPServer = nullptr;
+				}
 			}	
 			
-			if (address.transportStyle == RouterInfo::eTransportSSU && address.host.is_v4 ())
+			if (address->transportStyle == RouterInfo::eTransportSSU)
 			{
-				if (!m_SSUServer)
-				{	
-					m_SSUServer = new SSUServer (address.port);
-					LogPrint (eLogInfo, "Transports: Start listening UDP port ", address.port);
-					m_SSUServer->Start ();	
+				if (m_SSUServer == nullptr && enableSSU)
+				{
+					if (address->host.is_v4())
+						m_SSUServer = new SSUServer (address->port);
+					else
+						m_SSUServer = new SSUServer (address->host, address->port);
+					LogPrint (eLogInfo, "Transports: Start listening UDP port ", address->port);
+					try {
+						m_SSUServer->Start ();
+					} catch ( std::exception & ex ) {
+						LogPrint(eLogError, "Transports: Failed to bind to UDP port", address->port);
+						delete m_SSUServer;
+						m_SSUServer = nullptr;
+						continue;
+					}
 					DetectExternalIP ();
 				}
 				else
@@ -200,14 +216,14 @@ namespace transport
 
 	bool Transports::IsBandwidthExceeded () const
 	{
-		if (i2p::context.GetRouterInfo ().IsExtraBandwidth ()) return false;
+		auto limit = i2p::context.GetBandwidthLimit() * 1024; // convert to bytes
 		auto bw = std::max (m_InBandwidth, m_OutBandwidth);
-		return bw > (i2p::context.GetRouterInfo ().IsHighBandwidth () ? HIGH_BANDWIDTH_LIMIT : LOW_BANDWIDTH_LIMIT);
+		return bw > limit;
 	}
 
 	void Transports::SendMessage (const i2p::data::IdentHash& ident, std::shared_ptr<i2p::I2NPMessage> msg)
 	{
-		SendMessages (ident, std::vector<std::shared_ptr<i2p::I2NPMessage> > {msg });                             
+		SendMessages (ident, std::vector<std::shared_ptr<i2p::I2NPMessage> > {msg });															
 	}	
 
 	void Transports::SendMessages (const i2p::data::IdentHash& ident, const std::vector<std::shared_ptr<i2p::I2NPMessage> >& msgs)
@@ -220,7 +236,7 @@ namespace transport
 		if (ident == i2p::context.GetRouterInfo ().GetIdentHash ())
 		{	
 			// we send it to ourself
-			for (auto it: msgs)
+			for (auto& it: msgs)
 				i2p::HandleI2NPMessage (it);
 			return;
 		}	
@@ -232,7 +248,7 @@ namespace transport
 			{
 				auto r = netdb.FindRouter (ident);
 				{
-					std::unique_lock<std::mutex>  l(m_PeersMutex);	
+					std::unique_lock<std::mutex>	l(m_PeersMutex);	
 					it = m_Peers.insert (std::pair<i2p::data::IdentHash, Peer>(ident, { 0, r, {},
 						i2p::util::GetSecondsSinceEpoch (), {} })).first;
 				}
@@ -248,8 +264,17 @@ namespace transport
 			it->second.sessions.front ()->SendI2NPMessages (msgs);
 		else
 		{	
-			for (auto it1: msgs)
-				it->second.delayedMessages.push_back (it1);
+			if (it->second.delayedMessages.size () < MAX_NUM_DELAYED_MESSAGES)
+			{	
+				for (auto& it1: msgs)
+					it->second.delayedMessages.push_back (it1);
+			}
+			else
+			{
+				LogPrint (eLogWarning, "Transports: delayed messages queue size exceeds ", MAX_NUM_DELAYED_MESSAGES);
+				std::unique_lock<std::mutex> l(m_PeersMutex);	
+				m_Peers.erase (it);
+			}	
 		}	
 	}	
 		
@@ -261,7 +286,7 @@ namespace transport
 			{
 				peer.numAttempts++;
 				auto address = peer.router->GetNTCPAddress (!context.SupportsV6 ());
-				if (address)
+				if (address && m_NTCPServer)
 				{
 #if BOOST_VERSION >= 104900
 					if (!address->host.is_unspecified ()) // we have address now
@@ -289,7 +314,7 @@ namespace transport
 					}
 				}	
 				else
-					LogPrint (eLogWarning, "Transports: NTCP address is not present for ", i2p::data::GetIdentHashAbbreviation (ident), ", trying SSU");
+					LogPrint (eLogDebug, "Transports: NTCP address is not present for ", i2p::data::GetIdentHashAbbreviation (ident), ", trying SSU");
 			}
 			if (peer.numAttempts == 1)// SSU
 			{
@@ -321,7 +346,7 @@ namespace transport
 			}	
 			LogPrint (eLogError, "Transports: No NTCP or SSU addresses available");
 			peer.Done ();
-			std::unique_lock<std::mutex>  l(m_PeersMutex);	
+			std::unique_lock<std::mutex> l(m_PeersMutex);	
 			m_Peers.erase (ident);
 			return false;
 		}	
@@ -353,7 +378,7 @@ namespace transport
 			else
 			{
 				LogPrint (eLogError, "Transports: RouterInfo not found, Failed to send messages");
-				std::unique_lock<std::mutex>  l(m_PeersMutex);	
+				std::unique_lock<std::mutex> l(m_PeersMutex);	
 				m_Peers.erase (it);
 			}	
 		}	
@@ -376,18 +401,28 @@ namespace transport
 			auto& peer = it1->second;
 			if (!ecode && peer.router)
 			{
-				auto address = (*it).endpoint ().address ();
-				LogPrint (eLogDebug, "Transports: ", (*it).host_name (), " has been resolved to ", address);
-				auto addr = peer.router->GetNTCPAddress ();
-				if (addr)
-				{
-					auto s = std::make_shared<NTCPSession> (*m_NTCPServer, peer.router);
-					m_NTCPServer->Connect (address, addr->port, s);
-					return;
+				while (it != boost::asio::ip::tcp::resolver::iterator())
+				{	
+					auto address = (*it).endpoint ().address ();
+					LogPrint (eLogDebug, "Transports: ", (*it).host_name (), " has been resolved to ", address);
+					if (address.is_v4 () || context.SupportsV6 ())
+					{
+						auto addr = peer.router->GetNTCPAddress (); // TODO: take one we requested
+						if (addr)
+						{
+							auto s = std::make_shared<NTCPSession> (*m_NTCPServer, peer.router);
+							m_NTCPServer->Connect (address, addr->port, s);
+							return;
+						}
+						break;
+					}	
+					else
+						LogPrint (eLogInfo, "Transports: NTCP ", address, " is not supported");
+					it++;
 				}	
 			}
 			LogPrint (eLogError, "Transports: Unable to resolve NTCP address: ", ecode.message ());
-			std::unique_lock<std::mutex>  l(m_PeersMutex);		
+			std::unique_lock<std::mutex> l(m_PeersMutex);		
 			m_Peers.erase (it1);
 		}
 	}
@@ -409,17 +444,27 @@ namespace transport
 			auto& peer = it1->second;
 			if (!ecode && peer.router)
 			{
-				auto address = (*it).endpoint ().address ();
-				LogPrint (eLogDebug, "Transports: ", (*it).host_name (), " has been resolved to ", address);
-				auto addr = peer.router->GetSSUAddress (!context.SupportsV6 ());;
-				if (addr)
-				{
-					m_SSUServer->CreateSession (peer.router, address, addr->port);
-					return;
+				while (it != boost::asio::ip::tcp::resolver::iterator())
+				{	
+					auto address = (*it).endpoint ().address ();
+					LogPrint (eLogDebug, "Transports: ", (*it).host_name (), " has been resolved to ", address);
+					if (address.is_v4 () || context.SupportsV6 ())
+					{
+						auto addr = peer.router->GetSSUAddress (); // TODO: take one we requested
+						if (addr)
+						{
+							m_SSUServer->CreateSession (peer.router, address, addr->port);
+							return;
+						}
+						break;
+					}
+					else
+						LogPrint (eLogInfo, "Transports: SSU ", address, " is not supported");
+					it++;
 				}	
 			}
 			LogPrint (eLogError, "Transports: Unable to resolve SSU address: ", ecode.message ());
-			std::unique_lock<std::mutex>  l(m_PeersMutex);	
+			std::unique_lock<std::mutex> l(m_PeersMutex);	
 			m_Peers.erase (it1);
 		}
 	}
@@ -427,7 +472,7 @@ namespace transport
 	void Transports::CloseSession (std::shared_ptr<const i2p::data::RouterInfo> router)
 	{
 		if (!router) return;
-		m_Service.post (std::bind (&Transports::PostCloseSession, this, router));    
+		m_Service.post (std::bind (&Transports::PostCloseSession, this, router));		 
 	}	
 
 	void Transports::PostCloseSession (std::shared_ptr<const i2p::data::RouterInfo> router)
@@ -437,26 +482,34 @@ namespace transport
 		{	
 			m_SSUServer->DeleteSession (ssuSession);
 			LogPrint (eLogDebug, "Transports: SSU session closed");
-		}	
-		// TODO: delete NTCP
+		}
+		auto ntcpSession = m_NTCPServer ? m_NTCPServer->FindNTCPSession(router->GetIdentHash()) : nullptr;
+		if (ntcpSession) // try deleting ntcp session too
+		{
+			ntcpSession->Terminate ();
+			LogPrint(eLogDebug, "Transports: NTCP session closed");
+		}
 	}	
 		
 	void Transports::DetectExternalIP ()
 	{
 		if (m_SSUServer)
 		{
+#ifndef MESHNET
 			i2p::context.SetStatus (eRouterStatusTesting);
+#endif
+
 			for (int i = 0; i < 5; i++)
 			{
 				auto router = i2p::data::netdb.GetRandomPeerTestRouter ();
-				if (router  && router->IsSSU (!context.SupportsV6 ()))
-					m_SSUServer->CreateSession (router, true);  // peer test	
+				if (router	&& router->IsSSU (!context.SupportsV6 ()))
+					m_SSUServer->CreateSession (router, true);	// peer test	
 				else
 				{
 					// if not peer test capable routers found pick any
 					router = i2p::data::netdb.GetRandomRouter ();
 					if (router && router->IsSSU ())
-						m_SSUServer->CreateSession (router);  	// no peer test
+						m_SSUServer->CreateSession (router);		// no peer test
 				}
 			}	
 		}
@@ -479,7 +532,7 @@ namespace transport
 						statusChanged = true;
 						i2p::context.SetStatus (eRouterStatusTesting); // first time only
 					}	
-					m_SSUServer->CreateSession (router, true);  // peer test	
+					m_SSUServer->CreateSession (router, true);	// peer test	
 				}	
 			}	
 		}
@@ -498,20 +551,34 @@ namespace transport
 	void Transports::PeerConnected (std::shared_ptr<TransportSession> session)
 	{
 		m_Service.post([session, this]()
-		{   
+		{		
 			auto remoteIdentity = session->GetRemoteIdentity (); 
 			if (!remoteIdentity) return;
 			auto ident = remoteIdentity->GetIdentHash ();
 			auto it = m_Peers.find (ident);
 			if (it != m_Peers.end ())
 			{
+				bool sendDatabaseStore = true;
+				if (it->second.delayedMessages.size () > 0)
+				{
+					// check if first message is our DatabaseStore (publishing)
+					auto firstMsg = it->second.delayedMessages[0];
+					if (firstMsg && firstMsg->GetTypeID () == eI2NPDatabaseStore &&
+							i2p::data::IdentHash(firstMsg->GetPayload () + DATABASE_STORE_KEY_OFFSET) == i2p::context.GetIdentHash ())
+						sendDatabaseStore = false; // we have it in the list already
+				}	
+				if (sendDatabaseStore)
+					session->SendI2NPMessages ({ CreateDatabaseStoreMsg () });
+				else
+					session->SetTerminationTimeout (10); // most likely it's publishing, no follow-up messages expected, set timeout to 10 seconds
 				it->second.sessions.push_back (session);
 				session->SendI2NPMessages (it->second.delayedMessages);
 				it->second.delayedMessages.clear ();
 			}
 			else // incoming connection
 			{
-				std::unique_lock<std::mutex>  l(m_PeersMutex);	
+				session->SendI2NPMessages ({ CreateDatabaseStoreMsg () }); // send DatabaseStore
+				std::unique_lock<std::mutex>	l(m_PeersMutex);	
 				m_Peers.insert (std::make_pair (ident, Peer{ 0, nullptr, { session }, i2p::util::GetSecondsSinceEpoch (), {} }));
 			}
 		});			
@@ -520,7 +587,7 @@ namespace transport
 	void Transports::PeerDisconnected (std::shared_ptr<TransportSession> session)
 	{
 		m_Service.post([session, this]()
-		{  
+		{	 
 			auto remoteIdentity = session->GetRemoteIdentity (); 
 			if (!remoteIdentity) return;
 			auto ident = remoteIdentity->GetIdentHash ();
@@ -534,7 +601,7 @@ namespace transport
 						ConnectToPeer (ident, it->second);
 					else
 					{
-						std::unique_lock<std::mutex>  l(m_PeersMutex);	
+						std::unique_lock<std::mutex> l(m_PeersMutex);	
 						m_Peers.erase (it);
 					}
 				}
@@ -559,14 +626,20 @@ namespace transport
 				if (it->second.sessions.empty () && ts > it->second.creationTime + SESSION_CREATION_TIMEOUT)
 				{
 					LogPrint (eLogWarning, "Transports: Session to peer ", it->first.ToBase64 (), " has not been created in ", SESSION_CREATION_TIMEOUT, " seconds");
-					std::unique_lock<std::mutex>  l(m_PeersMutex);	
+					auto profile = i2p::data::GetRouterProfile(it->first);
+					if (profile)
+					{
+						profile->TunnelNonReplied();
+						profile->Save();
+					}
+					std::unique_lock<std::mutex>	l(m_PeersMutex);	
 					it = m_Peers.erase (it);
 				}
 				else
-					it++;
+					++it;
 			}
 			UpdateBandwidth (); // TODO: use separate timer(s) for it
-			if (i2p::context.GetStatus () == eRouterStatusTesting) // if still testing,  repeat peer test
+			if (i2p::context.GetStatus () == eRouterStatusTesting) // if still testing,	 repeat peer test
 				DetectExternalIP ();
 			m_PeerCleanupTimer.expires_from_now (boost::posix_time::seconds(5*SESSION_CREATION_TIMEOUT));
 			m_PeerCleanupTimer.async_wait (std::bind (&Transports::HandlePeerCleanupTimer, this, std::placeholders::_1));
@@ -575,12 +648,36 @@ namespace transport
 
 	std::shared_ptr<const i2p::data::RouterInfo> Transports::GetRandomPeer () const
 	{
-		if (!m_Peers.size ()) return nullptr;
+		if (m_Peers.empty ()) return nullptr;
 		std::unique_lock<std::mutex> l(m_PeersMutex);	
 		auto it = m_Peers.begin ();
 		std::advance (it, rand () % m_Peers.size ());	
 		return it != m_Peers.end () ? it->second.router : nullptr;
 	}
+  void Transports::RestrictRoutes(std::vector<std::string> families)
+  {
+    std::lock_guard<std::mutex> lock(m_FamilyMutex);
+    m_TrustedFamilies.clear();
+    for ( const auto& fam : families )
+      m_TrustedFamilies.push_back(fam);
+  }
+
+  bool Transports::RoutesRestricted() const {
+    std::lock_guard<std::mutex> lock(m_FamilyMutex);
+    return m_TrustedFamilies.size() > 0;
+  }
+
+  /** XXX: if routes are not restricted this dies */
+  std::shared_ptr<const i2p::data::RouterInfo> Transports::GetRestrictedPeer() const {
+    std::string fam;
+    {
+      std::lock_guard<std::mutex> lock(m_FamilyMutex);
+      // TODO: random family (?)
+      fam = m_TrustedFamilies[0];
+    }
+    boost::to_lower(fam);
+    return i2p::data::netdb.GetRandomRouterInFamily(fam);
+  }
 }
 }
 

Transports.h

@@ -60,14 +60,13 @@ namespace transport
 
 		void Done ()
 		{
-			for (auto it: sessions)
+			for (auto& it: sessions)
 				it->Done ();
 		}	
 	};	
 	
 	const size_t SESSION_CREATION_TIMEOUT = 10; // in seconds
-	const uint32_t LOW_BANDWIDTH_LIMIT = 32*1024; // 32KBs
-	const uint32_t HIGH_BANDWIDTH_LIMIT = 256*1024; // 256KBs
+	const int MAX_NUM_DELAYED_MESSAGES = 50; 
 	class Transports
 	{
 		public:
@@ -75,9 +74,15 @@ namespace transport
 			Transports ();
 			~Transports ();
 
-			void Start ();
+			void Start (bool enableNTCP=true, bool enableSSU=true);
 			void Stop ();
+
+			bool IsBoundNTCP() const { return m_NTCPServer != nullptr; }
+			bool IsBoundSSU() const { return m_SSUServer != nullptr; }
 			
+			bool IsOnline() const { return m_IsOnline; };
+			void SetOnline (bool online) { m_IsOnline = online; };
+
 			boost::asio::io_service& GetService () { return m_Service; };
 			std::shared_ptr<i2p::crypto::DHKeys> GetNextDHKeysPair ();	
 			void ReuseDHKeysPair (std::shared_ptr<i2p::crypto::DHKeys> pair);
@@ -94,12 +99,19 @@ namespace transport
 			void UpdateReceivedBytes (uint64_t numBytes) { m_TotalReceivedBytes += numBytes; };
 			uint64_t GetTotalSentBytes () const { return m_TotalSentBytes; };
 			uint64_t GetTotalReceivedBytes () const { return m_TotalReceivedBytes; };		
-			uint32_t GetInBandwidth () const { return m_InBandwidth; }; // bytes per second
-			uint32_t GetOutBandwidth () const { return m_OutBandwidth; }; // bytes per second
+			uint32_t GetInBandwidth  () const { return m_InBandwidth; };
+			uint32_t GetOutBandwidth () const { return m_OutBandwidth; };
 			bool IsBandwidthExceeded () const;
 			size_t GetNumPeers () const { return m_Peers.size (); };
 			std::shared_ptr<const i2p::data::RouterInfo> GetRandomPeer () const;
 
+    /** get a trusted first hop for restricted routes */
+    std::shared_ptr<const i2p::data::RouterInfo> GetRestrictedPeer() const;
+    /** do we want to use restricted routes? */
+    bool RoutesRestricted() const;  
+    /** restrict routes to use only these router families for first hops */
+    void RestrictRoutes(std::vector<std::string> families);
+    
 			void PeerTest ();
 			
 		private:
@@ -124,7 +136,7 @@ namespace transport
 			
 		private:
 
-			bool m_IsRunning;
+			bool m_IsOnline, m_IsRunning;
 			std::thread * m_Thread;	
 			boost::asio::io_service m_Service;
 			boost::asio::io_service::work m_Work;
@@ -138,10 +150,14 @@ namespace transport
 			DHKeysPairSupplier m_DHKeysPairSupplier;
 
 			std::atomic<uint64_t> m_TotalSentBytes, m_TotalReceivedBytes;
-			uint32_t m_InBandwidth, m_OutBandwidth;
+			uint32_t m_InBandwidth, m_OutBandwidth; // bytes per second
 			uint64_t m_LastInBandwidthUpdateBytes, m_LastOutBandwidthUpdateBytes;	
 			uint64_t m_LastBandwidthUpdateTime;		
 
+    /** which router families to trust for first hops */
+    std::vector<std::string> m_TrustedFamilies;
+    mutable std::mutex m_FamilyMutex;
+    
 		public:
 
 			// for HTTP only

Tunnel.cpp

@@ -3,7 +3,7 @@
 #include <thread>
 #include <algorithm>
 #include <vector> 
-#include <openssl/rand.h>
+#include "Crypto.h"
 #include "RouterContext.h"
 #include "Log.h"
 #include "Timestamp.h"
@@ -13,19 +13,19 @@
 #include "Tunnel.h"
 
 namespace i2p
-{	
+{
 namespace tunnel
-{		
-	
+{
+
 	Tunnel::Tunnel (std::shared_ptr<const TunnelConfig> config): 
 		TunnelBase (config->GetTunnelID (), config->GetNextTunnelID (), config->GetNextIdentHash ()),
 		m_Config (config), m_Pool (nullptr), m_State (eTunnelStatePending), m_IsRecreated (false)
 	{
-	}	
+	}
 
 	Tunnel::~Tunnel ()
 	{
-	}	
+	}
 
 	void Tunnel::Build (uint32_t replyMsgID, std::shared_ptr<OutboundTunnel> outboundTunnel)
 	{
@@ -33,7 +33,7 @@ namespace tunnel
 		int numRecords = numHops <= STANDARD_NUM_RECORDS ? STANDARD_NUM_RECORDS : numHops; 
 		auto msg = NewI2NPShortMessage ();
 		*msg->GetPayload () = numRecords;
-		msg->len += numRecords*TUNNEL_BUILD_RECORD_SIZE + 1;		
+		msg->len += numRecords*TUNNEL_BUILD_RECORD_SIZE + 1;
 
 		// shuffle records
 		std::vector<int> recordIndicies;
@@ -56,13 +56,13 @@ namespace tunnel
 			hop->recordIndex = idx; 
 			i++;
 			hop = hop->next;
-		}	
-		// fill up fake records with random data	
+		}
+		// fill up fake records with random data
 		for (int i = numHops; i < numRecords; i++)
 		{
 			int idx = recordIndicies[i];
 			RAND_bytes (records + idx*TUNNEL_BUILD_RECORD_SIZE, TUNNEL_BUILD_RECORD_SIZE); 
-		}	
+		}
 
 		// decrypt real records
 		i2p::crypto::CBCDecryption decryption;
@@ -73,31 +73,31 @@ namespace tunnel
 			// decrypt records after current hop
 			TunnelHopConfig * hop1 = hop->next;
 			while (hop1)
-			{	
+			{
 				decryption.SetIV (hop->replyIV);
 				uint8_t * record = records + hop1->recordIndex*TUNNEL_BUILD_RECORD_SIZE;
 				decryption.Decrypt(record, TUNNEL_BUILD_RECORD_SIZE, record);
 				hop1 = hop1->next;
-			}	
+			}
 			hop = hop->prev;
-		}	
+		}
 		msg->FillI2NPMessageHeader (eI2NPVariableTunnelBuild);
 
 		// send message
 		if (outboundTunnel)
-			outboundTunnel->SendTunnelDataMsg (GetNextIdentHash (), 0, msg);	
+			outboundTunnel->SendTunnelDataMsg (GetNextIdentHash (), 0, msg);
 		else
 			i2p::transport::transports.SendMessage (GetNextIdentHash (), msg);
-	}	
-		
+	}
+
 	bool Tunnel::HandleTunnelBuildResponse (uint8_t * msg, size_t len)
 	{
 		LogPrint (eLogDebug, "Tunnel: TunnelBuildResponse ", (int)msg[0], " records.");
-		
+
 		i2p::crypto::CBCDecryption decryption;
 		TunnelHopConfig * hop = m_Config->GetLastHop (); 
 		while (hop)
-		{	
+		{
 			decryption.SetKey (hop->replyKey);
 			// decrypt records before and including current hop
 			TunnelHopConfig * hop1 = hop;
@@ -105,22 +105,22 @@ namespace tunnel
 			{
 				auto idx = hop1->recordIndex;
 				if (idx >= 0 && idx < msg[0])
-				{	
+				{
 					uint8_t * record = msg + 1 + idx*TUNNEL_BUILD_RECORD_SIZE;
 					decryption.SetIV (hop->replyIV);
 					decryption.Decrypt(record, TUNNEL_BUILD_RECORD_SIZE, record);
-				}	
+				}
 				else
 					LogPrint (eLogWarning, "Tunnel: hop index ", idx, " is out of range");
 				hop1 = hop1->prev;
-			}	
+			}
 			hop = hop->prev;
 		}
 
 		bool established = true;
 		hop = m_Config->GetFirstHop ();
 		while (hop)
-		{			
+		{
 			const uint8_t * record = msg + 1 + hop->recordIndex*TUNNEL_BUILD_RECORD_SIZE;
 			uint8_t ret = record[BUILD_RESPONSE_RECORD_RET_OFFSET];
 			LogPrint (eLogDebug, "Tunnel: Build response ret code=", (int)ret);
@@ -143,12 +143,12 @@ namespace tunnel
 				tunnelHop->decryption.SetKeys (hop->layerKey, hop->ivKey);
 				m_Hops.push_back (std::unique_ptr<TunnelHop>(tunnelHop));
 				hop = hop->prev;
-			}	
+			}
 			m_Config = nullptr;
-		}	
+		}
 		if (established) m_State = eTunnelStateEstablished;
 		return established;
-	}	
+	}
 
 	void Tunnel::EncryptTunnelMsg (std::shared_ptr<const I2NPMessage> in, std::shared_ptr<I2NPMessage> out)
 	{
@@ -158,20 +158,20 @@ namespace tunnel
 		{
 			it->decryption.Decrypt (inPayload, outPayload);
 			inPayload = outPayload;	
-		}	
-	}	
+		}
+	}
 
 	void Tunnel::SendTunnelDataMsg (std::shared_ptr<i2p::I2NPMessage> msg)
 	{
 		LogPrint (eLogWarning, "Tunnel: Can't send I2NP messages without delivery instructions");
-	}	
+	}
 
 	std::vector<std::shared_ptr<const i2p::data::IdentityEx> > Tunnel::GetPeers () const
 	{
 		auto peers = GetInvertedPeers ();
-		std::reverse (peers.begin (), peers.end ());	
+		std::reverse (peers.begin (), peers.end ());
 		return peers;
-	}	
+	}
 
 	std::vector<std::shared_ptr<const i2p::data::IdentityEx> > Tunnel::GetInvertedPeers () const
 	{
@@ -179,33 +179,54 @@ namespace tunnel
 		std::vector<std::shared_ptr<const i2p::data::IdentityEx> > ret;
 		for (auto& it: m_Hops)
 			ret.push_back (it->ident);
-		return ret;	
-	}	
+		return ret;
+	}
 
 	void Tunnel::PrintHops (std::stringstream& s) const
 	{
 		for (auto& it: m_Hops)
-		{	
-			s << " ⇒ ";
+		{
+			s << " &#8658; ";
 			s << i2p::data::GetIdentHashAbbreviation (it->ident->GetIdentHash ());
-		}	
-	}	
-		
+		}
+	}
+
 	void InboundTunnel::HandleTunnelDataMsg (std::shared_ptr<const I2NPMessage> msg)
 	{
-		if (IsFailed ()) SetState (eTunnelStateEstablished); // incoming messages means a tunnel is alive	
+		if (IsFailed ()) SetState (eTunnelStateEstablished); // incoming messages means a tunnel is alive
 		auto newMsg = CreateEmptyTunnelDataMsg ();
 		EncryptTunnelMsg (msg, newMsg);
 		newMsg->from = shared_from_this ();
-		m_Endpoint.HandleDecryptedTunnelDataMsg (newMsg);	
-	}	
+		m_Endpoint.HandleDecryptedTunnelDataMsg (newMsg);
+	}
 
 	void InboundTunnel::Print (std::stringstream& s) const
 	{
 		PrintHops (s);
-		s << " ⇒ " << GetTunnelID () << ":me";
-	}	
-		
+		s << " &#8658; " << GetTunnelID () << ":me";
+	}
+
+	ZeroHopsInboundTunnel::ZeroHopsInboundTunnel ():
+		InboundTunnel (std::make_shared<ZeroHopsTunnelConfig> ()),
+		m_NumReceivedBytes (0)
+	{
+	}
+
+	void ZeroHopsInboundTunnel::SendTunnelDataMsg (std::shared_ptr<i2p::I2NPMessage> msg)
+	{
+		if (msg)
+		{
+			m_NumReceivedBytes += msg->GetLength ();
+			msg->from = shared_from_this ();
+			HandleI2NPMessage (msg);
+		}
+	}
+
+	void ZeroHopsInboundTunnel::Print (std::stringstream& s) const
+	{
+		s << " &#8658; " << GetTunnelID () << ":me";
+	}
+
 	void OutboundTunnel::SendTunnelDataMsg (const uint8_t * gwHash, uint32_t gwTunnel, std::shared_ptr<i2p::I2NPMessage> msg)
 	{
 		TunnelMessageBlock block;
@@ -213,29 +234,28 @@ namespace tunnel
 		{
 			block.hash = gwHash;
 			if (gwTunnel)
-			{	
+			{
 				block.deliveryType = eDeliveryTypeTunnel;
 				block.tunnelID = gwTunnel;
-			}	
+			}
 			else
 				block.deliveryType = eDeliveryTypeRouter;
-		}	
-		else	
+		}
+		else
 			block.deliveryType = eDeliveryTypeLocal;
 		block.data = msg;
-		
-		std::unique_lock<std::mutex> l(m_SendMutex);
-		m_Gateway.SendTunnelDataMsg (block);
+
+		SendTunnelDataMsg ({block});
 	}
-		
+
 	void OutboundTunnel::SendTunnelDataMsg (const std::vector<TunnelMessageBlock>& msgs)
 	{
 		std::unique_lock<std::mutex> l(m_SendMutex);
 		for (auto& it : msgs)
 			m_Gateway.PutTunnelDataMsg (it);
 		m_Gateway.SendBuffer ();
-	}	
-	
+	}
+
 	void OutboundTunnel::HandleTunnelDataMsg (std::shared_ptr<const i2p::I2NPMessage> tunnelMsg)
 	{
 		LogPrint (eLogError, "Tunnel: incoming message for outbound tunnel ", GetTunnelID ());
@@ -245,93 +265,114 @@ namespace tunnel
 	{
 		s << GetTunnelID () << ":me";
 		PrintHops (s);
-		s << " ⇒ ";
-	}	
-		
+		s << " &#8658; ";
+	}
+
+	ZeroHopsOutboundTunnel::ZeroHopsOutboundTunnel ():
+		OutboundTunnel (std::make_shared<ZeroHopsTunnelConfig> ()),
+		m_NumSentBytes (0)
+	{
+	}
+
+	void ZeroHopsOutboundTunnel::SendTunnelDataMsg (const std::vector<TunnelMessageBlock>& msgs)
+	{
+		for (auto& msg : msgs)
+		{
+			switch (msg.deliveryType)
+			{
+				case eDeliveryTypeLocal:
+					i2p::HandleI2NPMessage (msg.data);
+				break;
+				case eDeliveryTypeTunnel:
+					i2p::transport::transports.SendMessage (msg.hash, i2p::CreateTunnelGatewayMsg (msg.tunnelID, msg.data));
+				break;
+				case eDeliveryTypeRouter:
+					i2p::transport::transports.SendMessage (msg.hash, msg.data);
+				break;
+				default:
+					LogPrint (eLogError, "Tunnel: Unknown delivery type ", (int)msg.deliveryType);
+			}
+		}
+	}
+
+	void ZeroHopsOutboundTunnel::Print (std::stringstream& s) const
+	{
+		s << GetTunnelID () << ":me &#8658; ";
+	}
+
 	Tunnels tunnels;
-	
+
 	Tunnels::Tunnels (): m_IsRunning (false), m_Thread (nullptr),
 		m_NumSuccesiveTunnelCreations (0), m_NumFailedTunnelCreations (0)
 	{
 	}
-	
-	Tunnels::~Tunnels ()	
+
+	Tunnels::~Tunnels ()
 	{
-		for (auto& it : m_TransitTunnels)
-			delete it.second;
-		m_TransitTunnels.clear ();
-	}	
-	
-	std::shared_ptr<InboundTunnel> Tunnels::GetInboundTunnel (uint32_t tunnelID)
+	}
+
+	std::shared_ptr<TunnelBase> Tunnels::GetTunnel (uint32_t tunnelID)
 	{
-		auto it = m_InboundTunnels.find(tunnelID);
-		if (it != m_InboundTunnels.end ())
+		auto it = m_Tunnels.find(tunnelID);
+		if (it != m_Tunnels.end ())
 			return it->second;
 		return nullptr;
-	}	
-	
-	TransitTunnel * Tunnels::GetTransitTunnel (uint32_t tunnelID)
-	{
-		auto it = m_TransitTunnels.find(tunnelID);
-		if (it != m_TransitTunnels.end ())
-			return it->second;
-		return nullptr;
-	}	
-	
+	}
+
 	std::shared_ptr<InboundTunnel> Tunnels::GetPendingInboundTunnel (uint32_t replyMsgID)
 	{
-		return GetPendingTunnel (replyMsgID, m_PendingInboundTunnels);	
+		return GetPendingTunnel (replyMsgID, m_PendingInboundTunnels);
 	}
 	
 	std::shared_ptr<OutboundTunnel> Tunnels::GetPendingOutboundTunnel (uint32_t replyMsgID)
 	{
-		return GetPendingTunnel (replyMsgID, m_PendingOutboundTunnels);	
-	}		
+		return GetPendingTunnel (replyMsgID, m_PendingOutboundTunnels);
+	}
 
-	template<class TTunnel>		
+	template<class TTunnel>
 	std::shared_ptr<TTunnel> Tunnels::GetPendingTunnel (uint32_t replyMsgID, const std::map<uint32_t, std::shared_ptr<TTunnel> >& pendingTunnels)
 	{
 		auto it = pendingTunnels.find(replyMsgID);
 		if (it != pendingTunnels.end () && it->second->GetState () == eTunnelStatePending)
-		{	
-			it->second->SetState (eTunnelStateBuildReplyReceived);	
+		{
+			it->second->SetState (eTunnelStateBuildReplyReceived);
 			return it->second;
 		}
 		return nullptr;
-	}	
+	}
 
 	std::shared_ptr<InboundTunnel> Tunnels::GetNextInboundTunnel ()
 	{
 		std::shared_ptr<InboundTunnel> tunnel; 
 		size_t minReceived = 0;
-		for (auto it : m_InboundTunnels)
+		for (const auto& it : m_InboundTunnels)
 		{
-			if (!it.second->IsEstablished ()) continue;
-			if (!tunnel || it.second->GetNumReceivedBytes () < minReceived)
+			if (!it->IsEstablished ()) continue;
+			if (!tunnel || it->GetNumReceivedBytes () < minReceived)
 			{
-				tunnel = it.second;
-				minReceived = it.second->GetNumReceivedBytes ();
+				tunnel = it;
+				minReceived = it->GetNumReceivedBytes ();
 			}
-		}			
+		}
 		return tunnel;
 	}
-	
+
 	std::shared_ptr<OutboundTunnel> Tunnels::GetNextOutboundTunnel ()
 	{
-		if (!m_OutboundTunnels.size ()) return nullptr;
+		if (m_OutboundTunnels.empty ()) return nullptr;
 		uint32_t ind = rand () % m_OutboundTunnels.size (), i = 0;
 		std::shared_ptr<OutboundTunnel> tunnel;
-		for (auto it: m_OutboundTunnels)
-		{	
+		for (const auto& it: m_OutboundTunnels)
+		{
 			if (it->IsEstablished ())
 			{
 				tunnel = it;
 				i++;
 			}
 			if (i > ind && tunnel) break;
-		}	
+		}
 		return tunnel;
-	}	
+	}
 
 	std::shared_ptr<TunnelPool> Tunnels::CreateTunnelPool (int numInboundHops, 
 		int numOutboundHops, int numInboundTunnels, int numOutboundTunnels)
@@ -340,19 +381,19 @@ namespace tunnel
 		std::unique_lock<std::mutex> l(m_PoolsMutex);
 		m_Pools.push_back (pool);
 		return pool;
-	}	
+	}
 
 	void Tunnels::DeleteTunnelPool (std::shared_ptr<TunnelPool> pool)
 	{
 		if (pool)
-		{	
+		{
 			StopTunnelPool (pool);
 			{
 				std::unique_lock<std::mutex> l(m_PoolsMutex);
 				m_Pools.remove (pool);
-			}	
-		}	
-	}	
+			}
+		}
+	}
 
 	void Tunnels::StopTunnelPool (std::shared_ptr<TunnelPool> pool)
 	{
@@ -360,70 +401,66 @@ namespace tunnel
 		{
 			pool->SetActive (false);
 			pool->DetachTunnels ();
-		}	
-	}	
-		
-	void Tunnels::AddTransitTunnel (TransitTunnel * tunnel)
-	{
-		std::unique_lock<std::mutex> l(m_TransitTunnelsMutex);
-		if (!m_TransitTunnels.insert (std::make_pair (tunnel->GetTunnelID (), tunnel)).second)
-		{	
-			LogPrint (eLogError, "Tunnel: transit tunnel with id ", tunnel->GetTunnelID (), " already exists");
-			delete tunnel;
 		}
-	}	
+	}
+	
+	void Tunnels::AddTransitTunnel (std::shared_ptr<TransitTunnel> tunnel)
+	{
+		if (m_Tunnels.emplace (tunnel->GetTunnelID (), tunnel).second)
+			m_TransitTunnels.push_back (tunnel);
+		else
+			LogPrint (eLogError, "Tunnel: tunnel with id ", tunnel->GetTunnelID (), " already exists");
+	}
 
 	void Tunnels::Start ()
 	{
 		m_IsRunning = true;
 		m_Thread = new std::thread (std::bind (&Tunnels::Run, this));
 	}
-	
+
 	void Tunnels::Stop ()
 	{
 		m_IsRunning = false;
 		m_Queue.WakeUp ();
 		if (m_Thread)
-		{	
+		{
 			m_Thread->join (); 
 			delete m_Thread;
 			m_Thread = 0;
-		}	
-	}	
+		}
+	}
 
 	void Tunnels::Run ()
 	{
 		std::this_thread::sleep_for (std::chrono::seconds(1)); // wait for other parts are ready
-		
+
 		uint64_t lastTs = 0;
 		while (m_IsRunning)
 		{
 			try
-			{	
+			{
 				auto msg = m_Queue.GetNextWithTimeout (1000); // 1 sec
 				if (msg)
-				{	
+				{
 					uint32_t prevTunnelID = 0, tunnelID = 0;
-					TunnelBase * prevTunnel = nullptr; 
+					std::shared_ptr<TunnelBase> prevTunnel;
 					do
 					{
-						TunnelBase * tunnel = nullptr;
+						std::shared_ptr<TunnelBase> tunnel;
 						uint8_t typeID = msg->GetTypeID ();
 						switch (typeID)
-						{									
+						{
 							case eI2NPTunnelData:
 							case eI2NPTunnelGateway:
-							{	
+							{
 								tunnelID = bufbe32toh (msg->GetPayload ()); 
 								if (tunnelID == prevTunnelID)
 									tunnel = prevTunnel;
 								else if (prevTunnel)
 									prevTunnel->FlushTunnelDataMsgs (); 
-						
-								if (!tunnel && typeID == eI2NPTunnelData)
-									tunnel = GetInboundTunnel (tunnelID).get ();
+
 								if (!tunnel)
-									tunnel = GetTransitTunnel (tunnelID);
+									tunnel = GetTunnel (tunnelID);
 								if (tunnel)
 								{
 									if (typeID == eI2NPTunnelData)
@@ -431,20 +468,21 @@ namespace tunnel
 									else // tunnel gateway assumed
 										HandleTunnelGatewayMsg (tunnel, msg);
 								}
-								else		
-									LogPrint (eLogWarning, "Tunnel: tunnel with id ", tunnelID, " not found");
+								else
+									LogPrint (eLogWarning, "Tunnel: tunnel not found, tunnelID=", tunnelID, " previousTunnelID=", prevTunnelID, " type=", (int)typeID);
+
 								break;
-							}	
-							case eI2NPVariableTunnelBuild:		
+							}
+							case eI2NPVariableTunnelBuild:
 							case eI2NPVariableTunnelBuildReply:
 							case eI2NPTunnelBuild:
-							case eI2NPTunnelBuildReply:	
+							case eI2NPTunnelBuildReply:
 								HandleI2NPMessage (msg->GetBuffer (), msg->GetLength ());
-							break;	
+							break;
 							default:
 								LogPrint (eLogWarning, "Tunnel: unexpected messsage type ", (int) typeID);
 						}
-							
+
 						msg = m_Queue.Get ();
 						if (msg)
 						{
@@ -455,8 +493,8 @@ namespace tunnel
 							tunnel->FlushTunnelDataMsgs ();
 					}
 					while (msg);
-				}	
-			
+				}
+
 				uint64_t ts = i2p::util::GetSecondsSinceEpoch ();
 				if (ts - lastTs >= 15) // manage tunnels every 15 seconds
 				{
@@ -467,11 +505,11 @@ namespace tunnel
 			catch (std::exception& ex)
 			{
 				LogPrint (eLogError, "Tunnel: runtime exception: ", ex.what ());
-			}	
-		}	
-	}	
+			}
+		}
+	}
 
-	void Tunnels::HandleTunnelGatewayMsg (TunnelBase * tunnel, std::shared_ptr<I2NPMessage> msg)
+	void Tunnels::HandleTunnelGatewayMsg (std::shared_ptr<TunnelBase> tunnel, std::shared_ptr<I2NPMessage> msg)
 	{
 		if (!tunnel)
 		{
@@ -490,7 +528,7 @@ namespace tunnel
 		msg->len = msg->offset + len;
 		auto typeID = msg->GetTypeID ();
 		LogPrint (eLogDebug, "Tunnel: gateway of ", (int) len, " bytes for tunnel ", tunnel->GetTunnelID (), ", msg type ", (int)typeID);
-			
+
 		if (IsRouterInfoMsg (msg) || typeID == eI2NPDatabaseSearchReply)
 			// transit DatabaseStore my contain new/updated RI 
 			// or DatabaseSearchReply with new routers
@@ -505,7 +543,7 @@ namespace tunnel
 		ManageOutboundTunnels ();
 		ManageTransitTunnels ();
 		ManageTunnelPools ();
-	}	
+	}
 
 	void Tunnels::ManagePendingTunnels ()
 	{
@@ -519,14 +557,14 @@ namespace tunnel
 		// check pending tunnel. delete failed or timeout
 		uint64_t ts = i2p::util::GetSecondsSinceEpoch ();
 		for (auto it = pendingTunnels.begin (); it != pendingTunnels.end ();)
-		{	
+		{
 			auto tunnel = it->second;
 			switch (tunnel->GetState ())
 			{
 				case eTunnelStatePending: 
 					if (ts > tunnel->GetCreationTime () + TUNNEL_CREATION_TIMEOUT)
 					{
-						LogPrint (eLogWarning, "Tunnel: pending build request ", it->first, " timeout, deleted");
+						LogPrint (eLogDebug, "Tunnel: pending build request ", it->first, " timeout, deleted");
 						// update stats
 						auto config = tunnel->GetTunnelConfig ();
 						if (config)
@@ -541,30 +579,30 @@ namespace tunnel
 										profile->TunnelNonReplied ();
 								}
 								hop = hop->next;
-							}	
-						}	
+							}
+						}
 						// delete
 						it = pendingTunnels.erase (it);
 						m_NumFailedTunnelCreations++;
 					}
 					else
-						it++;
+						++it;
 				break;
 				case eTunnelStateBuildFailed:
-					LogPrint (eLogWarning, "Tunnel: pending build request ", it->first, " failed, deleted");
+					LogPrint (eLogDebug, "Tunnel: pending build request ", it->first, " failed, deleted");
 					it = pendingTunnels.erase (it);
 					m_NumFailedTunnelCreations++;
 				break;
 				case eTunnelStateBuildReplyReceived:
 					// intermediate state, will be either established of build failed
-					it++;
-				break;	
+					++it;
+				break;
 				default:
 					// success
 					it = pendingTunnels.erase (it);
 					m_NumSuccesiveTunnelCreations++;
-			}	
-		}	
+			}
+		}
 	}
 
 	void Tunnels::ManageOutboundTunnels ()
@@ -580,27 +618,28 @@ namespace tunnel
 					auto pool = tunnel->GetTunnelPool ();
 					if (pool)
 						pool->TunnelExpired (tunnel);
+					// we don't have outbound tunnels in m_Tunnels
 					it = m_OutboundTunnels.erase (it);
-				}	
+				}
 				else 
 				{
 					if (tunnel->IsEstablished ())
-					{	
+					{
 						if (!tunnel->IsRecreated () && ts + TUNNEL_RECREATION_THRESHOLD > tunnel->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT)
 						{
-							tunnel->SetIsRecreated ();	
+							tunnel->SetIsRecreated ();
 							auto pool = tunnel->GetTunnelPool ();
 							if (pool)
 								pool->RecreateOutboundTunnel (tunnel);
 						}
 						if (ts + TUNNEL_EXPIRATION_THRESHOLD > tunnel->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT)
 							tunnel->SetState (eTunnelStateExpiring);
-					}	
-					it++;
+					}
+					++it;
 				}
 			}
-		}	
-	
+		}
+
 		if (m_OutboundTunnels.size () < 5) 
 		{
 			// trying to create one more oubound tunnel
@@ -609,51 +648,53 @@ namespace tunnel
 			if (!inboundTunnel || !router) return;
 			LogPrint (eLogDebug, "Tunnel: creating one hop outbound tunnel");
 			CreateTunnel<OutboundTunnel> (
-				std::make_shared<TunnelConfig> (std::vector<std::shared_ptr<const i2p::data::IdentityEx> > { router->GetRouterIdentity () },		
-		     		inboundTunnel->GetNextTunnelID (), inboundTunnel->GetNextIdentHash ())
-			                              );
+				std::make_shared<TunnelConfig> (std::vector<std::shared_ptr<const i2p::data::IdentityEx> > { router->GetRouterIdentity () },
+					inboundTunnel->GetNextTunnelID (), inboundTunnel->GetNextIdentHash ())
+			);
 		}
 	}
-	
+
 	void Tunnels::ManageInboundTunnels ()
 	{
 		uint64_t ts = i2p::util::GetSecondsSinceEpoch ();
 		{
 			for (auto it = m_InboundTunnels.begin (); it != m_InboundTunnels.end ();)
 			{
-				auto tunnel = it->second;
+				auto tunnel = *it;
 				if (ts > tunnel->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT)
 				{
 					LogPrint (eLogDebug, "Tunnel: tunnel with id ", tunnel->GetTunnelID (), " expired");
 					auto pool = tunnel->GetTunnelPool ();
 					if (pool)
 						pool->TunnelExpired (tunnel);
+					m_Tunnels.erase (tunnel->GetTunnelID ());
 					it = m_InboundTunnels.erase (it);
-				}	
+				}
 				else 
 				{
 					if (tunnel->IsEstablished ())
-					{	
+					{
 						if (!tunnel->IsRecreated () && ts + TUNNEL_RECREATION_THRESHOLD > tunnel->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT)
 						{
-							tunnel->SetIsRecreated ();	
+							tunnel->SetIsRecreated ();
 							auto pool = tunnel->GetTunnelPool ();
 							if (pool)
 								pool->RecreateInboundTunnel (tunnel);
 						}
-	
+
 						if (ts + TUNNEL_EXPIRATION_THRESHOLD > tunnel->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT)
 							tunnel->SetState (eTunnelStateExpiring);
-					}	
+					}
 					it++;
 				}
 			}
-		}	
+		}
 
 		if (m_InboundTunnels.empty ())
 		{
 			LogPrint (eLogDebug, "Tunnel: Creating zero hops inbound tunnel");
 			CreateZeroHopsInboundTunnel ();
+			CreateZeroHopsOutboundTunnel ();
 			if (!m_ExploratoryPool)
 			{
 				m_ExploratoryPool = CreateTunnelPool (2, 2, 5, 5); // 2-hop exploratory, 5 tunnels
@@ -661,62 +702,62 @@ namespace tunnel
 			}
 			return;
 		}
-		
+
 		if (m_OutboundTunnels.empty () || m_InboundTunnels.size () < 5) 
 		{
-			// trying to create one more inbound tunnel		
+			// trying to create one more inbound tunnel
 			auto router = i2p::data::netdb.GetRandomRouter ();
+			if (!router) {
+				LogPrint (eLogWarning, "Tunnel: can't find any router, skip creating tunnel");
+				return;
+			}
 			LogPrint (eLogDebug, "Tunnel: creating one hop inbound tunnel");
 			CreateTunnel<InboundTunnel> (
 				std::make_shared<TunnelConfig> (std::vector<std::shared_ptr<const i2p::data::IdentityEx> > { router->GetRouterIdentity () })
-			                             );
+			);
 		}
-	}	
+	}
 
 	void Tunnels::ManageTransitTunnels ()
 	{
 		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
 		for (auto it = m_TransitTunnels.begin (); it != m_TransitTunnels.end ();)
 		{
-			if (ts > it->second->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT)
+			auto tunnel = *it;
+			if (ts > tunnel->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT)
 			{
-				auto tmp = it->second;
-				LogPrint (eLogDebug, "Tunnel: Transit tunnel with id ", tmp->GetTunnelID (), " expired");
-				{
-					std::unique_lock<std::mutex> l(m_TransitTunnelsMutex);
-					it = m_TransitTunnels.erase (it);
-				}	
-				delete tmp;
-			}	
+				LogPrint (eLogDebug, "Tunnel: Transit tunnel with id ", tunnel->GetTunnelID (), " expired");
+				m_Tunnels.erase (tunnel->GetTunnelID ());
+				it = m_TransitTunnels.erase (it);
+			}
 			else 
 				it++;
 		}
-	}	
+	}
 
 	void Tunnels::ManageTunnelPools ()
 	{
 		std::unique_lock<std::mutex> l(m_PoolsMutex);
-		for (auto it: m_Pools)
-		{	
-			auto pool = it;
+		for (auto& pool : m_Pools)
+		{
 			if (pool && pool->IsActive ())
-			{	
+			{
 				pool->CreateTunnels ();
 				pool->TestTunnels ();
-			}		
+			}
 		}
-	}	
-	
+	}
+
 	void Tunnels::PostTunnelData (std::shared_ptr<I2NPMessage> msg)
 	{
-		if (msg) m_Queue.Put (msg);		
-	}	
+		if (msg) m_Queue.Put (msg);
+	}
 
 	void Tunnels::PostTunnelData (const std::vector<std::shared_ptr<I2NPMessage> >& msgs)
 	{
 		m_Queue.Put (msgs);
-	}	
-		
+	}
+
 	template<class TTunnel>
 	std::shared_ptr<TTunnel> Tunnels::CreateTunnel (std::shared_ptr<TunnelConfig> config, std::shared_ptr<OutboundTunnel> outboundTunnel)
 	{
@@ -726,7 +767,23 @@ namespace tunnel
 		AddPendingTunnel (replyMsgID, newTunnel); 
 		newTunnel->Build (replyMsgID, outboundTunnel);
 		return newTunnel;
-	}	
+	}
+
+	std::shared_ptr<InboundTunnel> Tunnels::CreateInboundTunnel (std::shared_ptr<TunnelConfig> config, std::shared_ptr<OutboundTunnel> outboundTunnel)
+	{
+		if (config)
+			return CreateTunnel<InboundTunnel>(config, outboundTunnel);
+		else
+			return CreateZeroHopsInboundTunnel ();
+	}
+
+	std::shared_ptr<OutboundTunnel> Tunnels::CreateOutboundTunnel (std::shared_ptr<TunnelConfig> config)
+	{
+		if (config)
+			return CreateTunnel<OutboundTunnel>(config);
+		else
+			return CreateZeroHopsOutboundTunnel ();
+	}
 
 	void Tunnels::AddPendingTunnel (uint32_t replyMsgID, std::shared_ptr<InboundTunnel> tunnel)
 	{
@@ -740,56 +797,88 @@ namespace tunnel
 
 	void Tunnels::AddOutboundTunnel (std::shared_ptr<OutboundTunnel> newTunnel)
 	{
+		// we don't need to insert it to m_Tunnels
 		m_OutboundTunnels.push_back (newTunnel);
 		auto pool = newTunnel->GetTunnelPool ();
 		if (pool && pool->IsActive ())
 			pool->TunnelCreated (newTunnel);
 		else
 			newTunnel->SetTunnelPool (nullptr);
-	}	
+	}
 
 	void Tunnels::AddInboundTunnel (std::shared_ptr<InboundTunnel> newTunnel)
 	{
-		m_InboundTunnels[newTunnel->GetTunnelID ()] = newTunnel;
-		auto pool = newTunnel->GetTunnelPool ();
-		if (!pool)
-		{		
-			// build symmetric outbound tunnel
-			CreateTunnel<OutboundTunnel> (std::make_shared<TunnelConfig>(newTunnel->GetInvertedPeers (),
-					newTunnel->GetNextTunnelID (), newTunnel->GetNextIdentHash ()), 
-				GetNextOutboundTunnel ());		
+		if (m_Tunnels.emplace (newTunnel->GetTunnelID (), newTunnel).second)
+		{
+			m_InboundTunnels.push_back (newTunnel);
+			auto pool = newTunnel->GetTunnelPool ();
+			if (!pool)
+			{
+				// build symmetric outbound tunnel
+				CreateTunnel<OutboundTunnel> (std::make_shared<TunnelConfig>(newTunnel->GetInvertedPeers (),
+						newTunnel->GetNextTunnelID (), newTunnel->GetNextIdentHash ()), 
+					GetNextOutboundTunnel ());
+			}
+			else
+			{
+				if (pool->IsActive ())
+					pool->TunnelCreated (newTunnel);
+				else
+					newTunnel->SetTunnelPool (nullptr);
+			}
 		}
 		else
-		{
-			if (pool->IsActive ())
-				pool->TunnelCreated (newTunnel);
-			else
-				newTunnel->SetTunnelPool (nullptr);
-		}	
-	}	
+			LogPrint (eLogError, "Tunnel: tunnel with id ", newTunnel->GetTunnelID (), " already exists");
+	}
 
-	
-	void Tunnels::CreateZeroHopsInboundTunnel ()
+
+	std::shared_ptr<ZeroHopsInboundTunnel> Tunnels::CreateZeroHopsInboundTunnel ()
 	{
-		CreateTunnel<InboundTunnel> (
-			std::make_shared<TunnelConfig> (std::vector<std::shared_ptr<const i2p::data::IdentityEx> >
-			    { 
-					i2p::context.GetIdentity ()
-				}));
-	}	
+		auto inboundTunnel = std::make_shared<ZeroHopsInboundTunnel> ();
+		inboundTunnel->SetState (eTunnelStateEstablished);
+		m_InboundTunnels.push_back (inboundTunnel);
+		m_Tunnels[inboundTunnel->GetTunnelID ()] = inboundTunnel;
+		return inboundTunnel;
+	}
+
+	std::shared_ptr<ZeroHopsOutboundTunnel> Tunnels::CreateZeroHopsOutboundTunnel ()
+	{
+		auto outboundTunnel = std::make_shared<ZeroHopsOutboundTunnel> ();
+		outboundTunnel->SetState (eTunnelStateEstablished);
+		m_OutboundTunnels.push_back (outboundTunnel);
+		// we don't insert into m_Tunnels
+		return outboundTunnel;
+	}
 
 	int Tunnels::GetTransitTunnelsExpirationTimeout ()
 	{
 		int timeout = 0;
 		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
-		std::unique_lock<std::mutex> l(m_TransitTunnelsMutex);
-		for (auto it: m_TransitTunnels)
+		// TODO: possible race condition with I2PControl
+		for (const auto& it : m_TransitTunnels)
 		{
-			int t = it.second->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT - ts;
+			int t = it->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT - ts;
 			if (t > timeout) timeout = t;
-		}	
+		}
 		return timeout;
-	}	
-}
-}
+	}
 
+	size_t Tunnels::CountTransitTunnels() const
+	{
+		// TODO: locking
+		return m_TransitTunnels.size();
+	}
+
+	size_t Tunnels::CountInboundTunnels() const
+	{
+		// TODO: locking
+		return m_InboundTunnels.size();
+	}
+
+	size_t Tunnels::CountOutboundTunnels() const
+	{
+		// TODO: locking
+		return m_OutboundTunnels.size();
+	}
+}
+}

Tunnel.h

@@ -3,6 +3,7 @@
 
 #include <inttypes.h>
 #include <map>
+#include <unordered_map>
 #include <list>
 #include <vector>
 #include <string>
@@ -71,6 +72,8 @@ namespace tunnel
 			void SetTunnelPool (std::shared_ptr<TunnelPool> pool) { m_Pool = pool; };			
 			
 			bool HandleTunnelBuildResponse (uint8_t * msg, size_t len);
+
+			virtual void Print (std::stringstream&) const {};
 			
 			// implements TunnelBase
 			void SendTunnelDataMsg (std::shared_ptr<i2p::I2NPMessage> msg);
@@ -97,9 +100,9 @@ namespace tunnel
 				Tunnel (config), m_Gateway (this), m_EndpointIdentHash (config->GetLastIdentHash ()) {};
 
 			void SendTunnelDataMsg (const uint8_t * gwHash, uint32_t gwTunnel, std::shared_ptr<i2p::I2NPMessage> msg);
-			void SendTunnelDataMsg (const std::vector<TunnelMessageBlock>& msgs); // multiple messages
+			virtual void SendTunnelDataMsg (const std::vector<TunnelMessageBlock>& msgs); // multiple messages
 			const i2p::data::IdentHash& GetEndpointIdentHash () const { return m_EndpointIdentHash; }; 
-			size_t GetNumSentBytes () const { return m_Gateway.GetNumSentBytes (); };
+			virtual size_t GetNumSentBytes () const { return m_Gateway.GetNumSentBytes (); };
 			void Print (std::stringstream& s) const;
 			
 			// implements TunnelBase
@@ -111,22 +114,49 @@ namespace tunnel
 			TunnelGateway m_Gateway; 
 			i2p::data::IdentHash m_EndpointIdentHash;
 	};
-	
+
 	class InboundTunnel: public Tunnel, public std::enable_shared_from_this<InboundTunnel>
 	{
 		public:
 
 			InboundTunnel (std::shared_ptr<const TunnelConfig> config): Tunnel (config), m_Endpoint (true) {};
 			void HandleTunnelDataMsg (std::shared_ptr<const I2NPMessage> msg);
-			size_t GetNumReceivedBytes () const { return m_Endpoint.GetNumReceivedBytes (); };
+			virtual size_t GetNumReceivedBytes () const { return m_Endpoint.GetNumReceivedBytes (); };
 			void Print (std::stringstream& s) const;
 			
 		private:
 
 			TunnelEndpoint m_Endpoint; 
 	};	
-
 	
+	class ZeroHopsInboundTunnel: public InboundTunnel
+	{
+		public:
+
+			ZeroHopsInboundTunnel ();
+			void SendTunnelDataMsg (std::shared_ptr<i2p::I2NPMessage> msg); 
+			void Print (std::stringstream& s) const;
+			size_t GetNumReceivedBytes () const { return m_NumReceivedBytes; };
+			
+		private:
+
+			size_t m_NumReceivedBytes;
+	};		
+	
+	class ZeroHopsOutboundTunnel: public OutboundTunnel
+	{
+		public:
+
+			ZeroHopsOutboundTunnel ();
+			void SendTunnelDataMsg (const std::vector<TunnelMessageBlock>& msgs);
+			void Print (std::stringstream& s) const;
+			size_t GetNumSentBytes () const { return m_NumSentBytes; };
+			
+		private:
+
+			size_t m_NumSentBytes;
+	};	
+
 	class Tunnels
 	{	
 		public:
@@ -136,21 +166,20 @@ namespace tunnel
 			void Start ();
 			void Stop ();		
 			
-			std::shared_ptr<InboundTunnel> GetInboundTunnel (uint32_t tunnelID);
 			std::shared_ptr<InboundTunnel> GetPendingInboundTunnel (uint32_t replyMsgID);	
 			std::shared_ptr<OutboundTunnel> GetPendingOutboundTunnel (uint32_t replyMsgID);			
 			std::shared_ptr<InboundTunnel> GetNextInboundTunnel ();
 			std::shared_ptr<OutboundTunnel> GetNextOutboundTunnel ();
 			std::shared_ptr<TunnelPool> GetExploratoryPool () const { return m_ExploratoryPool; };
-			TransitTunnel * GetTransitTunnel (uint32_t tunnelID);
+			std::shared_ptr<TunnelBase> GetTunnel (uint32_t tunnelID);
 			int GetTransitTunnelsExpirationTimeout ();
-			void AddTransitTunnel (TransitTunnel * tunnel);
+			void AddTransitTunnel (std::shared_ptr<TransitTunnel> tunnel);
 			void AddOutboundTunnel (std::shared_ptr<OutboundTunnel> newTunnel);
 			void AddInboundTunnel (std::shared_ptr<InboundTunnel> newTunnel);
+			std::shared_ptr<InboundTunnel> CreateInboundTunnel (std::shared_ptr<TunnelConfig> config, std::shared_ptr<OutboundTunnel> outboundTunnel);
+			std::shared_ptr<OutboundTunnel> CreateOutboundTunnel (std::shared_ptr<TunnelConfig> config);
 			void PostTunnelData (std::shared_ptr<I2NPMessage> msg);
 			void PostTunnelData (const std::vector<std::shared_ptr<I2NPMessage> >& msgs);
-			template<class TTunnel>
-			std::shared_ptr<TTunnel> CreateTunnel (std::shared_ptr<TunnelConfig> config, std::shared_ptr<OutboundTunnel> outboundTunnel = nullptr);
 			void AddPendingTunnel (uint32_t replyMsgID, std::shared_ptr<InboundTunnel> tunnel);
 			void AddPendingTunnel (uint32_t replyMsgID, std::shared_ptr<OutboundTunnel> tunnel);
 			std::shared_ptr<TunnelPool> CreateTunnelPool (int numInboundHops, 
@@ -160,10 +189,13 @@ namespace tunnel
 			
 		private:
 		
+			template<class TTunnel>
+			std::shared_ptr<TTunnel> CreateTunnel (std::shared_ptr<TunnelConfig> config, std::shared_ptr<OutboundTunnel> outboundTunnel = nullptr);
+
 			template<class TTunnel>
 			std::shared_ptr<TTunnel> GetPendingTunnel (uint32_t replyMsgID, const std::map<uint32_t, std::shared_ptr<TTunnel> >& pendingTunnels);			
 
-			void HandleTunnelGatewayMsg (TunnelBase * tunnel, std::shared_ptr<I2NPMessage> msg);
+			void HandleTunnelGatewayMsg (std::shared_ptr<TunnelBase> tunnel, std::shared_ptr<I2NPMessage> msg);
 
 			void Run ();	
 			void ManageTunnels ();
@@ -175,18 +207,19 @@ namespace tunnel
 			void ManagePendingTunnels (PendingTunnels& pendingTunnels);
 			void ManageTunnelPools ();
 			
-			void CreateZeroHopsInboundTunnel ();
-			
+			std::shared_ptr<ZeroHopsInboundTunnel> CreateZeroHopsInboundTunnel ();
+			std::shared_ptr<ZeroHopsOutboundTunnel> CreateZeroHopsOutboundTunnel ();			
+
 		private:
 
 			bool m_IsRunning;
 			std::thread * m_Thread;	
 			std::map<uint32_t, std::shared_ptr<InboundTunnel> > m_PendingInboundTunnels; // by replyMsgID
 			std::map<uint32_t, std::shared_ptr<OutboundTunnel> > m_PendingOutboundTunnels; // by replyMsgID
-			std::map<uint32_t, std::shared_ptr<InboundTunnel> > m_InboundTunnels;
+			std::list<std::shared_ptr<InboundTunnel> > m_InboundTunnels;
 			std::list<std::shared_ptr<OutboundTunnel> > m_OutboundTunnels;
-			std::mutex m_TransitTunnelsMutex;
-			std::map<uint32_t, TransitTunnel *> m_TransitTunnels;
+			std::list<std::shared_ptr<TransitTunnel> > m_TransitTunnels;
+			std::unordered_map<uint32_t, std::shared_ptr<TunnelBase> > m_Tunnels; // tunnelID->tunnel known by this id
 			std::mutex m_PoolsMutex;
 			std::list<std::shared_ptr<TunnelPool>> m_Pools;
 			std::shared_ptr<TunnelPool> m_ExploratoryPool;
@@ -201,6 +234,11 @@ namespace tunnel
 			const decltype(m_OutboundTunnels)& GetOutboundTunnels () const { return m_OutboundTunnels; };
 			const decltype(m_InboundTunnels)& GetInboundTunnels () const { return m_InboundTunnels; };
 			const decltype(m_TransitTunnels)& GetTransitTunnels () const { return m_TransitTunnels; };
+
+			size_t CountTransitTunnels() const;
+			size_t CountInboundTunnels() const;
+			size_t CountOutboundTunnels() const;
+			
 			int GetQueueSize () { return m_Queue.GetSize (); };
 			int GetTunnelCreationSuccessRate () const // in percents
 			{ 

TunnelConfig.h

@@ -5,7 +5,6 @@
 #include <sstream>
 #include <vector>
 #include <memory>
-#include <openssl/rand.h>
 #include "Crypto.h"
 #include "Identity.h"
 #include "RouterContext.h"
@@ -108,7 +107,7 @@ namespace tunnel
 		}	
 	};	
 
-	class TunnelConfig: public std::enable_shared_from_this<TunnelConfig>
+	class TunnelConfig
 	{
 		public:			
 			
@@ -160,26 +159,31 @@ namespace tunnel
 				return num;
 			}
 
-			bool IsInbound () const { return m_FirstHop->isGateway; }
+			bool IsEmpty () const
+			{
+				return !m_FirstHop;
+			}			
 
-			uint32_t GetTunnelID () const 
+			virtual bool IsInbound () const { return m_FirstHop->isGateway; }
+
+			virtual uint32_t GetTunnelID () const 
 			{	
 				if (!m_FirstHop) return 0;
 				return IsInbound () ? m_LastHop->nextTunnelID : m_FirstHop->tunnelID; 
 			}
 
-			uint32_t GetNextTunnelID () const 
+			virtual uint32_t GetNextTunnelID () const 
 			{	
 				if (!m_FirstHop) return 0;
 				return m_FirstHop->tunnelID; 
 			}
 
-			const i2p::data::IdentHash& GetNextIdentHash () const 
+			virtual const i2p::data::IdentHash& GetNextIdentHash () const 
 			{ 
 				return m_FirstHop->ident->GetIdentHash (); 
 			}	
 
-			const i2p::data::IdentHash& GetLastIdentHash () const 
+			virtual const i2p::data::IdentHash& GetLastIdentHash () const 
 			{ 
 				return m_LastHop->ident->GetIdentHash (); 
 			}	
@@ -196,18 +200,20 @@ namespace tunnel
 				return peers;
 			}
 			
-		private:
+		protected:
 
 			// this constructor can't be called from outside
 			TunnelConfig (): m_FirstHop (nullptr), m_LastHop (nullptr)
 			{
 			}
+	
+		private:
 
 			template<class Peers>
 			void CreatePeers (const Peers& peers)
 			{
 				TunnelHopConfig * prev = nullptr;
-				for (auto it: peers)
+				for (const auto& it: peers)
 				{
 					auto hop = new TunnelHopConfig (it);
 					if (prev)
@@ -222,6 +228,24 @@ namespace tunnel
 		private:
 
 			TunnelHopConfig * m_FirstHop, * m_LastHop;
+	};
+
+	class ZeroHopsTunnelConfig: public TunnelConfig
+	{
+		public:
+
+			ZeroHopsTunnelConfig () { RAND_bytes ((uint8_t *)&m_TunnelID, 4);};
+
+			bool IsInbound () const { return true; }; // TODO:		
+			uint32_t GetTunnelID () const { return m_TunnelID; };
+			uint32_t GetNextTunnelID () const { return m_TunnelID; };
+			const i2p::data::IdentHash& GetNextIdentHash () const { return i2p::context.GetIdentHash (); };
+			const i2p::data::IdentHash& GetLastIdentHash () const { return i2p::context.GetIdentHash (); };
+
+
+		private:
+		
+			uint32_t m_TunnelID;	
 	};	
 }		
 }	

TunnelEndpoint.cpp

@@ -1,6 +1,6 @@
 #include "I2PEndian.h"
 #include <string.h>
-#include <openssl/sha.h>
+#include "Crypto.h"
 #include "Log.h"
 #include "NetDb.h"
 #include "I2NPProtocol.h"
@@ -119,7 +119,7 @@ namespace tunnel
 							if (ret.second)
 								HandleOutOfSequenceFragment (msgID, ret.first->second);
 							else
-								LogPrint (eLogError, "TunnelMessage: Incomplete message ", msgID, "already exists");
+								LogPrint (eLogError, "TunnelMessage: Incomplete message ", msgID, " already exists");
 						}
 						else
 						{
@@ -205,7 +205,7 @@ namespace tunnel
 			if (it->second.fragmentNum == msg.nextFragmentNum)
 			{
 				LogPrint (eLogWarning, "TunnelMessage: Out-of-sequence fragment ", (int)it->second.fragmentNum, " of message ", msgID, " found");
-				auto size = it->second.data->GetLength ();
+				size_t size = it->second.data->GetLength ();
 				if (msg.data->len + size > msg.data->maxLen)
 				{
 					LogPrint (eLogWarning, "TunnelMessage: Tunnel endpoint I2NP message size ", msg.data->maxLen, " is not enough");
@@ -235,7 +235,7 @@ namespace tunnel
 			LogPrint (eLogInfo, "TunnelMessage: message expired");
 			return;
 		}	
-		auto typeID = msg.data->GetTypeID ();
+		uint8_t typeID = msg.data->GetTypeID ();
 		LogPrint (eLogDebug, "TunnelMessage: handle fragment of ", msg.data->GetLength (), " bytes, msg type ", (int)typeID);
 		// catch RI or reply with new list of routers	
 		if ((IsRouterInfoMsg (msg.data) || typeID == eI2NPDatabaseSearchReply) &&

TunnelGateway.cpp

@@ -1,6 +1,5 @@
 #include <string.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include "Crypto.h"
 #include "I2PEndian.h"
 #include "Log.h"
 #include "RouterContext.h"
@@ -50,7 +49,7 @@ namespace tunnel
 
 		// create fragments
 		std::shared_ptr<I2NPMessage> msg = block.data;
-		auto fullMsgLen = diLen + msg->GetLength () + 2; // delivery instructions + payload + 2 bytes length
+		size_t fullMsgLen = diLen + msg->GetLength () + 2; // delivery instructions + payload + 2 bytes length
 		if (fullMsgLen <= m_RemainingSize)
 		{
 			// message fits. First and last fragment
@@ -67,10 +66,10 @@ namespace tunnel
 		{
 			if (!messageCreated) // check if we should complete previous message
 			{	
-				auto numFollowOnFragments = fullMsgLen / TUNNEL_DATA_MAX_PAYLOAD_SIZE;
+				size_t numFollowOnFragments = fullMsgLen / TUNNEL_DATA_MAX_PAYLOAD_SIZE;
 				// length of bytes don't fit full tunnel message
 				// every follow-on fragment adds 7 bytes
-				auto nonFit = (fullMsgLen + numFollowOnFragments*7) % TUNNEL_DATA_MAX_PAYLOAD_SIZE; 
+				size_t nonFit = (fullMsgLen + numFollowOnFragments*7) % TUNNEL_DATA_MAX_PAYLOAD_SIZE; 
 				if (!nonFit || nonFit > m_RemainingSize)
 				{
 					CompleteCurrentTunnelDataMessage ();
@@ -198,7 +197,7 @@ namespace tunnel
 	{
 		m_Buffer.CompleteCurrentTunnelDataMessage ();
 		auto tunnelMsgs = m_Buffer.GetTunnelDataMsgs ();
-		for (auto tunnelMsg : tunnelMsgs)
+		for (auto& tunnelMsg : tunnelMsgs)
 		{	
 			m_Tunnel->EncryptTunnelMsg (tunnelMsg, tunnelMsg); 
 			tunnelMsg->FillI2NPMessageHeader (eI2NPTunnelData); 

TunnelPool.cpp

@@ -1,5 +1,4 @@
 #include <algorithm>
-#include <openssl/rand.h>
 #include "I2PEndian.h"
 #include "Crypto.h"
 #include "Tunnel.h"
@@ -50,13 +49,13 @@ namespace tunnel
 	{
 		{
 			std::unique_lock<std::mutex> l(m_InboundTunnelsMutex);	
-			for (auto it: m_InboundTunnels)
+			for (auto& it: m_InboundTunnels)
 				it->SetTunnelPool (nullptr);
 			m_InboundTunnels.clear ();
 		}
 		{
 			std::unique_lock<std::mutex> l(m_OutboundTunnelsMutex);
-			for (auto it: m_OutboundTunnels)
+			for (auto& it: m_OutboundTunnels)
 				it->SetTunnelPool (nullptr);
 			m_OutboundTunnels.clear ();
 		}
@@ -79,7 +78,7 @@ namespace tunnel
 		if (expiredTunnel)
 		{	
 			expiredTunnel->SetTunnelPool (nullptr);
-			for (auto it: m_Tests)
+			for (auto& it: m_Tests)
 				if (it.second.second == expiredTunnel) it.second.second = nullptr;
 
 			std::unique_lock<std::mutex> l(m_InboundTunnelsMutex);
@@ -102,7 +101,7 @@ namespace tunnel
 		if (expiredTunnel)
 		{
 			expiredTunnel->SetTunnelPool (nullptr);
-			for (auto it: m_Tests)
+			for (auto& it: m_Tests)
 				if (it.second.first == expiredTunnel) it.second.first = nullptr;
 
 			std::unique_lock<std::mutex> l(m_OutboundTunnelsMutex);
@@ -115,7 +114,7 @@ namespace tunnel
 		std::vector<std::shared_ptr<InboundTunnel> > v;
 		int i = 0;
 		std::unique_lock<std::mutex> l(m_InboundTunnelsMutex);
-		for (auto it : m_InboundTunnels)
+		for (const auto& it : m_InboundTunnels)
 		{
 			if (i >= num) break;
 			if (it->IsEstablished ())
@@ -145,7 +144,7 @@ namespace tunnel
 		if (tunnels.empty ()) return nullptr;		
 		uint32_t ind = rand () % (tunnels.size ()/2 + 1), i = 0;
 		typename TTunnels::value_type tunnel = nullptr;
-		for (auto it: tunnels)
+		for (const auto& it: tunnels)
 		{	
 			if (it->IsEstablished () && it != excluded)
 			{
@@ -165,7 +164,7 @@ namespace tunnel
 		if (old)
 		{
 			std::unique_lock<std::mutex> l(m_OutboundTunnelsMutex);	
-			for (auto it: m_OutboundTunnels)
+			for (const auto& it: m_OutboundTunnels)
 				if (it->IsEstablished () && old->GetEndpointIdentHash () == it->GetEndpointIdentHash ())
 				{
 					tunnel = it;
@@ -183,7 +182,7 @@ namespace tunnel
 		int num = 0;
 		{
 			std::unique_lock<std::mutex> l(m_InboundTunnelsMutex);
-			for (auto it : m_InboundTunnels)
+			for (const auto& it : m_InboundTunnels)
 				if (it->IsEstablished ()) num++;
 		}
 		for (int i = num; i < m_NumInboundTunnels; i++)
@@ -192,7 +191,7 @@ namespace tunnel
 		num = 0;
 		{
 			std::unique_lock<std::mutex> l(m_OutboundTunnelsMutex);	
-			for (auto it : m_OutboundTunnels)
+			for (const auto& it : m_OutboundTunnels)
 				if (it->IsEstablished ()) num++;
 		}
 		for (int i = num; i < m_NumOutboundTunnels; i++)
@@ -201,7 +200,13 @@ namespace tunnel
 
 	void TunnelPool::TestTunnels ()
 	{
-		for (auto it: m_Tests)
+		decltype(m_Tests) tests;
+		{
+			std::unique_lock<std::mutex> l(m_TestsMutex);
+			tests.swap(m_Tests);
+		}
+
+		for (auto& it: tests)
 		{
 			LogPrint (eLogWarning, "Tunnels: test of tunnel ", it.first, " failed");
 			// if test failed again with another tunnel we consider it failed
@@ -232,7 +237,7 @@ namespace tunnel
 					it.second.second->SetState (eTunnelStateTestFailed);
 			}	
 		}
-		m_Tests.clear ();
+	
 		// new tests	
 		auto it1 = m_OutboundTunnels.begin ();
 		auto it2 = m_InboundTunnels.begin ();
@@ -242,21 +247,24 @@ namespace tunnel
 			if ((*it1)->IsFailed ())
 			{	
 				failed = true;
-				it1++;
+				++it1;
 			}
 			if ((*it2)->IsFailed ())
 			{	
 				failed = true;
-				it2++;
+				++it2;
 			}
 			if (!failed)
 			{
  				uint32_t msgID;
 				RAND_bytes ((uint8_t *)&msgID, 4);
- 				m_Tests[msgID] = std::make_pair (*it1, *it2);
+				{
+					std::unique_lock<std::mutex> l(m_TestsMutex);
+ 					m_Tests[msgID] = std::make_pair (*it1, *it2);
+				}
  				(*it1)->SendTunnelDataMsg ((*it2)->GetNextIdentHash (), (*it2)->GetNextTunnelID (),
 					CreateDeliveryStatusMsg (msgID));
-				it1++; it2++;
+				++it1; ++it2;
 			}	
 		}
 	}
@@ -276,16 +284,26 @@ namespace tunnel
 		buf += 4;	
 		uint64_t timestamp = bufbe64toh (buf);
 
-		auto it = m_Tests.find (msgID);
-		if (it != m_Tests.end ())
+		decltype(m_Tests)::mapped_type test;
+		bool found = false;	
+		{
+			std::unique_lock<std::mutex> l(m_TestsMutex);
+			auto it = m_Tests.find (msgID);
+			if (it != m_Tests.end ())
+			{
+				found = true;
+				test = it->second; 
+				m_Tests.erase (it);
+			}
+		}
+		if (found)
 		{
 			// restore from test failed state if any
-			if (it->second.first->GetState () == eTunnelStateTestFailed)
-				it->second.first->SetState (eTunnelStateEstablished);
-			if (it->second.second->GetState () == eTunnelStateTestFailed)
-				it->second.second->SetState (eTunnelStateEstablished);
-			LogPrint (eLogDebug, "Tunnels: test of ", it->first, " successful. ", i2p::util::GetMillisecondsSinceEpoch () - timestamp, " milliseconds");
-			m_Tests.erase (it);
+			if (test.first->GetState () == eTunnelStateTestFailed)
+				test.first->SetState (eTunnelStateEstablished);
+			if (test.second->GetState () == eTunnelStateTestFailed)
+				test.second->SetState (eTunnelStateEstablished);
+			LogPrint (eLogDebug, "Tunnels: test of ", msgID, " successful. ", i2p::util::GetMillisecondsSinceEpoch () - timestamp, " milliseconds");
 		}
 		else
 		{
@@ -303,16 +321,25 @@ namespace tunnel
 			i2p::data::netdb.GetHighBandwidthRandomRouter (prevHop);
 
 		if (!hop || hop->GetProfile ()->IsBad ())
-			hop = i2p::data::netdb.GetRandomRouter ();
+			hop = i2p::data::netdb.GetRandomRouter (prevHop);
 		return hop;	
 	}	
 
 	bool TunnelPool::SelectPeers (std::vector<std::shared_ptr<const i2p::data::IdentityEx> >& peers, bool isInbound)
 	{
 		if (m_ExplicitPeers) return SelectExplicitPeers (peers, isInbound);
-		auto prevHop = i2p::context.GetSharedRouterInfo ();	
 		int numHops = isInbound ? m_NumInboundHops : m_NumOutboundHops;
-		if (i2p::transport::transports.GetNumPeers () > 25)
+		if (numHops <= 0) return true; // peers is empty 
+		auto prevHop = i2p::context.GetSharedRouterInfo ();			
+		if(i2p::transport::transports.RoutesRestricted())
+		{
+			/** if routes are restricted prepend trusted first hop */
+			auto hop = i2p::transport::transports.GetRestrictedPeer();
+			if(!hop) return false;
+			peers.push_back(hop->GetRouterIdentity());
+			prevHop = hop;
+		}
+		else if (i2p::transport::transports.GetNumPeers () > 25)
 		{
 			auto r = i2p::transport::transports.GetRandomPeer ();
 			if (r && !r->GetProfile ()->IsBad ())
@@ -323,7 +350,7 @@ namespace tunnel
 			}
 		}
 		
-		for (int i = 0; i < numHops; i++)
+		for(int i = 0; i < numHops; i++ )
 		{
 			auto hop = SelectNextHop (prevHop);
 			if (!hop)
@@ -333,7 +360,7 @@ namespace tunnel
 			}	
 			prevHop = hop;
 			peers.push_back (hop->GetRouterIdentity ());
-		}		
+		}
 		return true;
 	}	
 	
@@ -370,9 +397,16 @@ namespace tunnel
 		std::vector<std::shared_ptr<const i2p::data::IdentityEx> > peers;
 		if (SelectPeers (peers, true))
 		{
-			std::reverse (peers.begin (), peers.end ());	
-			auto tunnel = tunnels.CreateTunnel<InboundTunnel> (std::make_shared<TunnelConfig> (peers), outboundTunnel);
+			std::shared_ptr<TunnelConfig> config;
+			if (m_NumInboundHops > 0)
+			{	
+				std::reverse (peers.begin (), peers.end ());	
+				config = std::make_shared<TunnelConfig> (peers);
+			}	
+			auto tunnel = tunnels.CreateInboundTunnel (config, outboundTunnel);
 			tunnel->SetTunnelPool (shared_from_this ());
+			if (tunnel->IsEstablished ()) // zero hops
+				TunnelCreated (tunnel);
 		}	
 		else
 			LogPrint (eLogError, "Tunnels: Can't create inbound tunnel, no peers available");
@@ -384,8 +418,12 @@ namespace tunnel
 		if (!outboundTunnel)
 			outboundTunnel = tunnels.GetNextOutboundTunnel ();
 		LogPrint (eLogDebug, "Tunnels: Re-creating destination inbound tunnel...");
-		auto newTunnel = tunnels.CreateTunnel<InboundTunnel> (std::make_shared<TunnelConfig>(tunnel->GetPeers ()), outboundTunnel);
+		std::shared_ptr<TunnelConfig> config;
+		if (m_NumInboundHops > 0) config = std::make_shared<TunnelConfig>(tunnel->GetPeers ());
+		auto newTunnel = tunnels.CreateInboundTunnel (config, outboundTunnel);
 		newTunnel->SetTunnelPool (shared_from_this());
+		if (newTunnel->IsEstablished ()) // zero hops
+			TunnelCreated (newTunnel);
 	}	
 		
 	void TunnelPool::CreateOutboundTunnel ()
@@ -399,9 +437,13 @@ namespace tunnel
 			std::vector<std::shared_ptr<const i2p::data::IdentityEx> > peers;
 			if (SelectPeers (peers, false))
 			{	
-				auto tunnel = tunnels.CreateTunnel<OutboundTunnel> (
-					std::make_shared<TunnelConfig> (peers, inboundTunnel->GetNextTunnelID (), inboundTunnel->GetNextIdentHash ()));
+				std::shared_ptr<TunnelConfig> config;
+				if (m_NumOutboundHops > 0) 
+					config = std::make_shared<TunnelConfig>(peers, inboundTunnel->GetNextTunnelID (), inboundTunnel->GetNextIdentHash ());
+				auto tunnel = tunnels.CreateOutboundTunnel (config);
 				tunnel->SetTunnelPool (shared_from_this ());
+				if (tunnel->IsEstablished ()) // zero hops
+					TunnelCreated (tunnel);
 			}	
 			else
 				LogPrint (eLogError, "Tunnels: Can't create outbound tunnel, no peers available");
@@ -418,10 +460,13 @@ namespace tunnel
 		if (inboundTunnel)
 		{	
 			LogPrint (eLogDebug, "Tunnels: Re-creating destination outbound tunnel...");
-			auto newTunnel = tunnels.CreateTunnel<OutboundTunnel> (
-				std::make_shared<TunnelConfig> (tunnel->GetPeers (),
-					inboundTunnel->GetNextTunnelID (), inboundTunnel->GetNextIdentHash ()));
+			std::shared_ptr<TunnelConfig> config;
+			if (m_NumOutboundHops > 0)
+				config = std::make_shared<TunnelConfig>(tunnel->GetPeers (), inboundTunnel->GetNextTunnelID (), inboundTunnel->GetNextIdentHash ());
+			auto newTunnel = tunnels.CreateOutboundTunnel (config);
 			newTunnel->SetTunnelPool (shared_from_this ());
+			if (newTunnel->IsEstablished ()) // zero hops
+				TunnelCreated (newTunnel);
 		}	
 		else
 			LogPrint (eLogDebug, "Tunnels: Can't re-create outbound tunnel, no inbound tunnels found");
@@ -430,7 +475,7 @@ namespace tunnel
 	void TunnelPool::CreatePairedInboundTunnel (std::shared_ptr<OutboundTunnel> outboundTunnel)
 	{
 		LogPrint (eLogDebug, "Tunnels: Creating paired inbound tunnel...");
-		auto tunnel = tunnels.CreateTunnel<InboundTunnel> (std::make_shared<TunnelConfig>(outboundTunnel->GetInvertedPeers ()), outboundTunnel);
+		auto tunnel = tunnels.CreateInboundTunnel (std::make_shared<TunnelConfig>(outboundTunnel->GetInvertedPeers ()), outboundTunnel);
 		tunnel->SetTunnelPool (shared_from_this ());
 	}	
 }