use 15s average bw for transit limits check

Signed-off-by: R4SAS <r4sas@i2pmail.org>
calculate bandwidth every 1 and 15 seconds
2025-03-07 06:09:42 +00:00 · 2022-12-12 18:22:16 +03:00 · 2022-12-12 08:12:23 +03:00 · 2022-12-11 17:03:53 -05:00 · 2022-12-10 19:09:37 -05:00 · 2022-12-10 15:44:37 -05:00
149 changed files with 11016 additions and 6961 deletions
--- a/.github/workflows/build-deb.yml
+++ b/.github/workflows/build-deb.yml
@@ -0,0 +1,32 @@
+name: Build Debian packages
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: ${{ matrix.dist }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        dist: ['buster', 'bullseye', 'bookworm']
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: change debian changelog
+      run: |
+        sudo apt-get update
+        sudo apt-get install devscripts
+        debchange -v "`git describe --tags`-${{ matrix.dist }}" -b -M --distribution ${{ matrix.dist }} "trunk build"
+    - uses: jtdor/build-deb-action@v1
+      with:
+        docker-image: debian:${{ matrix.dist }}-slim
+        buildpackage-opts: --build=binary --no-sign
+    - uses: actions/upload-artifact@v3
+      with:
+        name: i2pd_${{ matrix.dist }}
+        path: debian/artifacts/i2pd_*.deb
+    - uses: actions/upload-artifact@v3
+      with:
+        name: i2pd-dbgsym_${{ matrix.dist }}
+        path: debian/artifacts/i2pd-dbgsym_*.deb
--- a/.github/workflows/build-freebsd.yml
+++ b/.github/workflows/build-freebsd.yml
@@ -4,18 +4,25 @@ on: [push, pull_request]

 jobs:
  build:
-    runs-on: macos-10.15
+    runs-on: macos-12
    name: with UPnP
    steps:
    - uses: actions/checkout@v2
    - name: Test in FreeBSD
      id: test
-      uses: vmactions/freebsd-vm@v0.1.5
+      uses: vmactions/freebsd-vm@v0.3.0
      with:
        usesh: true
        mem: 2048
-        prepare: pkg install -y devel/cmake devel/gmake devel/boost-libs security/openssl net/miniupnpc 
+        sync: rsync
+        copyback: true
+        prepare: pkg install -y devel/cmake devel/gmake devel/boost-libs security/openssl net/miniupnpc
        run: |
          cd build
          cmake -DWITH_UPNP=ON -DCMAKE_BUILD_TYPE=Release .
          gmake -j2
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v2
+      with:
+        name: i2pd-freebsd
+        path: build/i2pd
--- a/.github/workflows/build-windows.yml
+++ b/.github/workflows/build-windows.yml
@@ -35,3 +35,41 @@ jobs:
      with:
        name: i2pd-${{ matrix.arch_short }}.exe
        path: i2pd.exe
+  build-xp:
+    name: Building for Windows XP
+    runs-on: windows-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Setup MSYS2
+      uses: msys2/setup-msys2@v2
+      with:
+        msystem: MINGW32
+        install: base-devel git mingw-w64-i686-gcc mingw-w64-i686-boost mingw-w64-i686-openssl mingw-w64-i686-miniupnpc
+        update: true
+    - name: Build WinXP-capable CRT packages
+      run: |
+        git clone https://github.com/msys2/MINGW-packages
+        pushd MINGW-packages
+        pushd mingw-w64-headers-git
+        sed -i 's/0x601/0x501/' PKGBUILD
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm
+        pacman --noconfirm -U mingw-w64-i686-headers-git-*-any.pkg.tar.zst
+        popd
+        pushd mingw-w64-crt-git
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm
+        pacman --noconfirm -U mingw-w64-i686-crt-git-*-any.pkg.tar.zst
+        popd
+        pushd mingw-w64-winpthreads-git
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm
+        pacman --noconfirm -U mingw-w64-i686-libwinpthread-git-*-any.pkg.tar.zst mingw-w64-i686-winpthreads-git-*-any.pkg.tar.zst
+        popd
+        popd
+    - name: Build application
+      run: |
+        mkdir -p obj/Win32 obj/libi2pd obj/libi2pd_client obj/daemon
+        make USE_UPNP=yes DEBUG=no USE_GIT_VERSION=yes USE_WINXP_FLAGS=yes -j3
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v2
+      with:
+        name: i2pd-xp.exe
+        path: i2pd.exe
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -38,51 +38,3 @@ jobs:
        cd build
        cmake -DWITH_UPNP=${{ matrix.with_upnp }} .
        make -j3
-  build-deb-stretch:
-    name: Build package for stretch
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        fetch-depth: 0
-    - name: change debian changelog
-      run: |
-        sudo apt-get update
-        sudo apt-get install devscripts
-        debchange -v "`git describe --tags`-stretch" -b -M --distribution stretch "trunk build"
-    - uses: singingwolfboy/build-dpkg-stretch@v1
-      id: build
-      with:
-        args: --unsigned-source --unsigned-changes -b
-    - uses: actions/upload-artifact@v1
-      with:
-        name: ${{ steps.build.outputs.filename }}
-        path: ${{ steps.build.outputs.filename }}
-    - uses: actions/upload-artifact@v1
-      with:
-        name: ${{ steps.build.outputs.filename-dbgsym }}
-        path: ${{ steps.build.outputs.filename-dbgsym }}
-  build-deb-buster:
-    name: Build package for buster
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        fetch-depth: 0
-    - name: change debian changelog
-      run: |
-        sudo apt-get update
-        sudo apt-get install devscripts
-        debchange -v "`git describe --tags`-buster" -b -M --distribution buster "trunk build"
-    - uses: singingwolfboy/build-dpkg-buster@v1
-      id: build
-      with:
-        args: --unsigned-source --unsigned-changes -b
-    - uses: actions/upload-artifact@v1
-      with:
-        name: ${{ steps.build.outputs.filename }}
-        path: ${{ steps.build.outputs.filename }}
-    - uses: actions/upload-artifact@v1
-      with:
-        name: ${{ steps.build.outputs.filename-dbgsym }}
-        path: ${{ steps.build.outputs.filename-dbgsym }}
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -1,63 +1,140 @@
 name: Build containers

-on: [push]
+on:
+  push:
+    branches:
+    - openssl
+    - docker
+    tags:
+    - '*'

 jobs:
-  docker:
+  build:
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read

+    strategy:
+      matrix:
+        include: [
+          { platform: 'linux/amd64', archname: 'amd64' },
+          { platform: 'linux/386', archname: 'i386' },
+          { platform: 'linux/arm64', archname: 'arm64' },
+          { platform: 'linux/arm/v7', archname: 'armv7' },
+        ]
+
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2

      - name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container registry
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

-      - name: Build and push trunk container
-        if: ${{ !startsWith(github.ref, 'refs/tags/') }}
-        uses: docker/build-push-action@v2
+      - name: Build container for ${{ matrix.archname }}
+        uses: docker/build-push-action@v3
        with:
          context: ./contrib/docker
          file: ./contrib/docker/Dockerfile
-          platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7
+          platforms: ${{ matrix.platform }}
          push: true
          tags: |
-            purplei2p/i2pd:latest
-            ghcr.io/purplei2p/i2pd:latest
+            purplei2p/i2pd:latest-${{ matrix.archname }}
+            ghcr.io/purplei2p/i2pd:latest-${{ matrix.archname }}

-      - name: Set env
+  push:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+
+    needs: build
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create and push latest manifest image to Docker Hub
+        uses: Noelware/docker-manifest-action@master
+        with:
+          base-image: purplei2p/i2pd:latest
+          extra-images: purplei2p/i2pd:latest-amd64,purplei2p/i2pd:latest-i386,purplei2p/i2pd:latest-arm64,purplei2p/i2pd:latest-armv7
+          push: true
+
+      - name: Create and push latest manifest image to GHCR
+        uses: Noelware/docker-manifest-action@master
+        with:
+          base-image: ghcr.io/purplei2p/i2pd:latest
+          extra-images: ghcr.io/purplei2p/i2pd:latest-amd64,ghcr.io/purplei2p/i2pd:latest-i386,ghcr.io/purplei2p/i2pd:latest-arm64,ghcr.io/purplei2p/i2pd:latest-armv7
+          push: true
+
+      - name: Store release version to env
        if: ${{ startsWith(github.ref, 'refs/tags/') }}
        run: echo "RELEASE_VERSION=${GITHUB_REF:10}" >> $GITHUB_ENV

-      - name: Build and push release container
+      - name: Create and push release manifest image to Docker Hub
        if: ${{ startsWith(github.ref, 'refs/tags/') }}
-        uses: docker/build-push-action@v2
+        uses: Noelware/docker-manifest-action@master
        with:
-          context: ./contrib/docker
-          file: ./contrib/docker/Dockerfile
-          platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7
+          base-image: purplei2p/i2pd:latest-release
+          extra-images: purplei2p/i2pd:latest-amd64,purplei2p/i2pd:latest-i386,purplei2p/i2pd:latest-arm64,purplei2p/i2pd:latest-armv7
+          push: true
+
+      - name: Create and push release manifest image to GHCR
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        uses: Noelware/docker-manifest-action@master
+        with:
+          base-image: ghcr.io/purplei2p/i2pd:latest-release
+          extra-images: ghcr.io/purplei2p/i2pd:latest-amd64,ghcr.io/purplei2p/i2pd:latest-i386,ghcr.io/purplei2p/i2pd:latest-arm64,ghcr.io/purplei2p/i2pd:latest-armv7
+          push: true
+
+      - name: Create and push versioned manifest image to Docker Hub
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        uses: Noelware/docker-manifest-action@master
+        with:
+          base-image: purplei2p/i2pd:release-${{ env.RELEASE_VERSION }}
+          extra-images: purplei2p/i2pd:latest-amd64,purplei2p/i2pd:latest-i386,purplei2p/i2pd:latest-arm64,purplei2p/i2pd:latest-armv7
+          push: true
+
+      - name: Create and push versioned manifest image to GHCR
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        uses: Noelware/docker-manifest-action@master
+        with:
+          base-image: ghcr.io/purplei2p/i2pd:release-${{ env.RELEASE_VERSION }}
+          extra-images: ghcr.io/purplei2p/i2pd:latest-amd64,ghcr.io/purplei2p/i2pd:latest-i386,ghcr.io/purplei2p/i2pd:latest-arm64,ghcr.io/purplei2p/i2pd:latest-armv7
          push: true
-          tags: |
-            purplei2p/i2pd:latest
-            purplei2p/i2pd:release-${{ env.RELEASE_VERSION }}
-            ghcr.io/purplei2p/i2pd:latest
-            ghcr.io/purplei2p/i2pd:release-${{ env.RELEASE_VERSION }}
--- a/98
+++ b/98
@@ -1,6 +1,100 @@
 # for this file format description,
 # see https://github.com/olivierlacan/keep-a-changelog

+## [2.44.0] - 2022-11-20
+### Added
+- SSL connection for server I2P tunnels
+- Localization to Italian and Spanish
+- SSU2 through SOCKS5 UDP proxy
+- Reload tunnels through web console
+- SSU2 send immediate ack request flag
+- SSU2 send and verify path challenge
+- Configurable ssu2.mtu4 and ssu2.mtu6
+### Changed
+- SSU2 is enbaled and SSU is disabled by default
+- Separate network status and error
+- Random selection between NTCP2 and SSU2 priority
+- Added notbob.i2p to jump services
+- Remove DoNotTrack flag from HTTP Request header
+- Skip addresshelper page if destination was not changed
+- SSU2 allow different ports from RelayReponse and HolePunch
+- SSU2 resend PeerTest msg 1 and msg 2
+- SSU2 Send Retry instead SessionCreated if clock skew detected
+### Fixed
+- Long HTTP headers for HTTP proxy and HTTP server tunnel
+- SSU2 resends and resend limits
+- Crash at startup if addressbook is disabled
+- NTCP2 ipv6 connection through SOCKS5 proxy
+- SSU2 SessionRequest with zero token
+- SSU2 MTU less than 1280
+- SSU2 port=1
+- Incorrect addresses from network interfaces
+- Definitions for Darwin PPC; do not use pthread_setname_np
+
+## [2.43.0] - 2022-08-22
+### Added
+- Complete SSU2 implementation
+- Localization to Chinese
+- Send RouterInfo update for long live sessions
+- Explicit ipv6 ranges of known tunnel brokers for MTU detection
+- Always send "Connection: close" and strip out Keep-Alive for server HTTP tunnel
+- Show ports for all transports in web console
+- Translation of webconsole site title
+- Support for Windows ProgramData path when running as service
+- Ability to turn off address book
+- Handle signals TSTP and CONT to stop and resume network
+### Changed
+- Case insensitive headers for server HTTP tunnel
+- Do not show 'Address registration' line if LeaseSet is encrypted
+- SSU2 transports have higher priority than SSU
+- Disable ElGamal precalculated table if no SSU
+- Deprecate limits.ntcpsoft, limits.ntcphard and limits.ntcpthreads config options
+- SSU2 is enabled and SSU is disabled by default for new installations
+### Fixed
+- Typo with Referer header name in HTTP proxy
+- Can't handle garlic message from an exploratory tunnel
+- Incorrect encryption key for exploratory lookup reply
+- Bound checks issues in LeaseSets code
+- MTU detection on Windows
+- Crash on stop of active server tunnel
+- Send datagram to wrong destination in SAM
+- Incorrect static key in RouterInfo if the keys were regenerated
+- Duplicated sessions in BOB
+
+## [2.42.1] - 2022-05-24
+### Fixed
+- Incorrect jump link in HTTP Proxy
+
+## [2.42.0] - 2022-05-22
+### Added
+- Preliminary SSU2 implementation
+- Tunnel length variance
+- Localization to French
+- Daily cleanup of obsolete peer profiles
+- Ordered jump services list in HTTP proxy
+- Win32 service
+- Show port for local non-published SSU addresses in web console
+### Changed
+- Maximum RouterInfo length increased to 3K
+- Skip unknown addresses in RouterInfo
+- Don't pick own router for peer test
+- Reseeds list
+- Internal numeric id for families
+- Use ipv6 preference only when netinet headers not used
+- Close stream if delete requested
+- Remove version from title in web console
+- Drop MESHNET build option
+- Set data path before initialization
+- Don't show registration block in web console if token is not provided
+### Fixed
+- Encrypted LeaseSet for EdDSA signature
+- Clients tunnels are not built if clock is not synced on start
+- Incorrect processing of i2cp.dontPublishLeaseSet param
+- UDP tunnels reload
+- Build for LibreSSL 3.5.2
+- Race condition in short tunnel build message
+- Race condition in local RouterInfo buffer allocation
+
 ## [2.41.0] - 2022-02-20
 ### Added
 - Clock syncronization through SSU
@@ -347,7 +441,7 @@
 ### Added
 - Client auth flag for b33 address
 ### Changed
- Remove incoming  NTCP2 session from pending list when established
+- Remove incoming NTCP2 session from pending list when established
 - Handle errors for NTCP2 SessionConfrimed send
 ### Fixed
 - Failure to start on Windows XP
@@ -651,7 +745,7 @@
 ### Added
 - Datagram i2p tunnels
 - Unique local addresses for server tunnels
- Configurable list of reseed servers  and initial addressbook
+- Configurable list of reseed servers and initial addressbook
 - Configurable netid
 - Initial iOS support

--- a/15
+++ b/15
@@ -4,7 +4,7 @@ SYS := $(shell $(CXX) -dumpmachine)

 ifneq (, $(findstring darwin, $(SYS)))
 	SHARED_SUFFIX = dylib
-else ifneq (, $(findstring mingw, $(SYS))$(findstring cygwin, $(SYS)))
+else ifneq (, $(findstring mingw, $(SYS))$(findstring windows-gnu, $(SYS))$(findstring cygwin, $(SYS)))
 	SHARED_SUFFIX = dll
 else
 	SHARED_SUFFIX = so
@@ -31,7 +31,6 @@ include filelist.mk

 USE_AESNI       := $(or $(USE_AESNI),yes)
 USE_STATIC      := $(or $(USE_STATIC),no)
-USE_MESHNET     := $(or $(USE_MESHNET),no)
 USE_UPNP        := $(or $(USE_UPNP),no)
 DEBUG           := $(or $(DEBUG),yes)

@@ -55,29 +54,25 @@ ifneq (, $(findstring darwin, $(SYS)))
 	else
 		include Makefile.osx
 	endif
+else ifneq (, $(findstring mingw, $(SYS))$(findstring windows-gnu, $(SYS))$(findstring cygwin, $(SYS)))
+	DAEMON_SRC += Win32/DaemonWin32.cpp Win32/Win32App.cpp Win32/Win32Service.cpp Win32/Win32NetState.cpp
+	include Makefile.mingw
 else ifneq (, $(findstring linux, $(SYS))$(findstring gnu, $(SYS)))
 	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
 	include Makefile.linux
 else ifneq (, $(findstring freebsd, $(SYS))$(findstring openbsd, $(SYS)))
 	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
 	include Makefile.bsd
-else ifneq (, $(findstring mingw, $(SYS))$(findstring cygwin, $(SYS)))
-	DAEMON_SRC += Win32/DaemonWin32.cpp Win32/Win32App.cpp Win32/Win32NetState.cpp
-	include Makefile.mingw
 else # not supported
 	$(error Not supported platform)
 endif

-ifeq ($(USE_MESHNET),yes)
-	NEEDED_CXXFLAGS += -DMESHNET
-endif
-
 ifeq ($(USE_GIT_VERSION),yes)
 	GIT_VERSION := $(shell git describe --tags)
 	NEEDED_CXXFLAGS += -DGITVER=\"$(GIT_VERSION)\"
 endif

-NEEDED_CXXFLAGS += -MMD -MP -I$(LIB_SRC_DIR) -I$(LIB_CLIENT_SRC_DIR) -I$(LANG_SRC_DIR)
+NEEDED_CXXFLAGS += -MMD -MP -I$(LIB_SRC_DIR) -I$(LIB_CLIENT_SRC_DIR) -I$(LANG_SRC_DIR) -DOPENSSL_SUPPRESS_DEPRECATED

 LIB_OBJS        += $(patsubst %.cpp,obj/%.o,$(LIB_SRC))
 LIB_CLIENT_OBJS += $(patsubst %.cpp,obj/%.o,$(LIB_CLIENT_SRC))
--- a/Makefile.homebrew
+++ b/Makefile.homebrew
@@ -39,13 +39,19 @@ ifeq ($(USE_AESNI),yes)
 endif

 install: all
-	install -d ${PREFIX}/bin ${PREFIX}/etc/i2pd ${PREFIX}/share/doc/i2pd ${PREFIX}/share/i2pd ${PREFIX}/share/man/man1 ${PREFIX}/var/lib/i2pd
-	install -m 755 ${I2PD} ${PREFIX}/bin/
+	install -d ${PREFIX}/bin
+	install -m 755 ${I2PD} ${PREFIX}/bin
+	install -d ${PREFIX}/etc ${PREFIX}/etc/i2pd ${PREFIX}/etc/i2pd/tunnels.conf.d
 	install -m 644 contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/etc/i2pd
-	@cp -R contrib/certificates ${PREFIX}/share/i2pd/
+	install -d ${PREFIX}/share ${PREFIX}/share/doc ${PREFIX}/share/doc/i2pd
 	install -m 644 ChangeLog LICENSE README.md contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/share/doc/i2pd
+	install -d ${PREFIX}/share/i2pd
+	@cp -R contrib/certificates ${PREFIX}/share/i2pd/
+	install -d ${PREFIX}/share/man ${PREFIX}/share/man/man1
 	@gzip -kf debian/i2pd.1 && install debian/i2pd.1.gz ${PREFIX}/share/man/man1
-	@ln -sf ${PREFIX}/share/i2pd/certificates ${PREFIX}/var/lib/i2pd/
+	install -d ${PREFIX}/var ${PREFIX}/var/lib ${PREFIX}/var/lib/i2pd
+	@ln -sf ${PREFIX}/share/i2pd/certificates ${PREFIX}/var/lib/i2pd/certificates
+	@ln -sf ${PREFIX}/etc/i2pd/tunnels.conf.d ${PREFIX}/var/lib/i2pd/tunnels.d
 	@ln -sf ${PREFIX}/etc/i2pd/i2pd.conf ${PREFIX}/var/lib/i2pd/i2pd.conf
 	@ln -sf ${PREFIX}/etc/i2pd/subscriptions.txt ${PREFIX}/var/lib/i2pd/subscriptions.txt
 	@ln -sf ${PREFIX}/etc/i2pd/tunnels.conf ${PREFIX}/var/lib/i2pd/tunnels.conf
--- a/Makefile.linux
+++ b/Makefile.linux
@@ -62,3 +62,21 @@ ifneq (, $(findstring i386, $(SYS))$(findstring i686, $(SYS))$(findstring x86_64
 	NEEDED_CXXFLAGS += -D__AES__ -maes
 endif
 endif
+
+install: all
+	install -d ${PREFIX}/bin
+	install -m 755 ${I2PD} ${PREFIX}/bin
+	install -d ${PREFIX}/etc ${PREFIX}/etc/i2pd ${PREFIX}/etc/i2pd/tunnels.conf.d
+	install -m 644 contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/etc/i2pd
+	install -d ${PREFIX}/share ${PREFIX}/share/doc ${PREFIX}/share/doc/i2pd
+	install -m 644 ChangeLog LICENSE README.md contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/share/doc/i2pd
+	install -d ${PREFIX}/share/i2pd
+	@cp -R contrib/certificates ${PREFIX}/share/i2pd/
+	install -d ${PREFIX}/share/man ${PREFIX}/share/man/man1
+	@gzip -kf debian/i2pd.1 && install debian/i2pd.1.gz ${PREFIX}/share/man/man1
+	install -d ${PREFIX}/var ${PREFIX}/var/lib ${PREFIX}/var/lib/i2pd
+	@ln -sf ${PREFIX}/share/i2pd/certificates ${PREFIX}/var/lib/i2pd/certificates
+	@ln -sf ${PREFIX}/etc/i2pd/tunnels.conf.d ${PREFIX}/var/lib/i2pd/tunnels.d
+	@ln -sf ${PREFIX}/etc/i2pd/i2pd.conf ${PREFIX}/var/lib/i2pd/i2pd.conf
+	@ln -sf ${PREFIX}/etc/i2pd/subscriptions.txt ${PREFIX}/var/lib/i2pd/subscriptions.txt
+	@ln -sf ${PREFIX}/etc/i2pd/tunnels.conf ${PREFIX}/var/lib/i2pd/tunnels.conf
--- a/Makefile.mingw
+++ b/Makefile.mingw
@@ -3,19 +3,11 @@ USE_WIN32_APP := yes

 WINDRES = windres

-CXXFLAGS := $(CXX_DEBUG) -DWIN32_LEAN_AND_MEAN -fPIC -msse
+CXXFLAGS := $(CXX_DEBUG) -fPIC -msse
 INCFLAGS = -I$(DAEMON_SRC_DIR) -IWin32
 LDFLAGS := ${LD_DEBUG} -static

-# detect proper flag for c++11 support by compilers
-CXXVER := $(shell $(CXX) -dumpversion)
-ifeq ($(shell expr match ${CXXVER} "[4]\.[7-9]\|4\.1[0-9]\|[5-6]"),4) # gcc 4.7 - 6
-	NEEDED_CXXFLAGS += -std=c++11
-else ifeq ($(shell expr match ${CXXVER} "[1,7-9]"),1) # gcc >= 7
-	NEEDED_CXXFLAGS += -std=c++17
-else # not supported
-$(error Compiler too old)
-endif
+NEEDED_CXXFLAGS += -std=c++17 -DWIN32_LEAN_AND_MEAN

 # Boost libraries suffix
 BOOST_SUFFIX = -mt
--- a/Win32/DaemonWin32.cpp
+++ b/Win32/DaemonWin32.cpp
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -14,6 +14,7 @@
 #include "Log.h"

 #ifdef _WIN32
+#include "Win32Service.h"
 #ifdef WIN32_APP
 #include <windows.h>
 #include "Win32App.h"
@@ -39,6 +40,19 @@ namespace util

 		if (!Daemon_Singleton::init(argc, argv))
 			return false;
+
+		if (isDaemon)
+		{
+			LogPrint(eLogDebug, "Daemon: running as service");
+			I2PService service((PSTR)SERVICE_NAME);
+			if (!I2PService::Run(service))
+			{
+				LogPrint(eLogError, "Daemon: Service failed to run w/err 0x%08lx\n", GetLastError());
+				return false;
+			}
+			return false;
+		}
+
 		return true;
 	}

--- a/Win32/Win32App.cpp
+++ b/Win32/Win32App.cpp
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -154,25 +154,23 @@ namespace win32
 			case eRouterStatusUnknown: s << "Unk"; break;
 			case eRouterStatusProxy: s << "Proxy"; break;
 			case eRouterStatusMesh: s << "Mesh"; break;
-			case eRouterStatusError:
-			{
-				s << "Err";
-				switch (i2p::context.GetError ())
-				{
-					case eRouterErrorClockSkew:
-						s << " - Clock skew";
-					break;
-					case eRouterErrorOffline:
-						s << " - Offline";
-					break;
-					case eRouterErrorSymmetricNAT:
-						s << " - Symmetric NAT";
-					break;
-					default: ;
-				}
-				break;
-			}
 			default: s << "Unk";
+		};
+		if (i2p::context.GetError () != eRouterErrorNone)
+		{
+			switch (i2p::context.GetError ())
+			{
+				case eRouterErrorClockSkew:
+					s << " - Clock skew";
+				break;
+				case eRouterErrorOffline:
+					s << " - Offline";
+				break;
+				case eRouterErrorSymmetricNAT:
+					s << " - Symmetric NAT";
+				break;
+				default: ;
+			}
 		}
 	}

--- a/Win32/Win32Service.cpp
+++ b/Win32/Win32Service.cpp
@@ -0,0 +1,283 @@
+/*
+* Copyright (c) 2013-2022, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include "Win32Service.h"
+#include <assert.h>
+#include <windows.h>
+
+#include "Daemon.h"
+#include "Log.h"
+
+I2PService *I2PService::s_service = NULL;
+
+BOOL I2PService::isService()
+{
+	BOOL bIsService = FALSE;
+	HWINSTA hWinStation = GetProcessWindowStation();
+	if (hWinStation != NULL)
+	{
+		USEROBJECTFLAGS uof = { 0 };
+		if (GetUserObjectInformation(hWinStation, UOI_FLAGS, &uof, sizeof(USEROBJECTFLAGS), NULL) && ((uof.dwFlags & WSF_VISIBLE) == 0))
+		{
+			bIsService = TRUE;
+		}
+	}
+	return bIsService;
+}
+
+BOOL I2PService::Run(I2PService &service)
+{
+	s_service = &service;
+	SERVICE_TABLE_ENTRY serviceTable[] =
+	{
+		{ service.m_name, ServiceMain },
+		{ NULL, NULL }
+	};
+	return StartServiceCtrlDispatcher(serviceTable);
+}
+
+void WINAPI I2PService::ServiceMain(DWORD dwArgc, PSTR *pszArgv)
+{
+	assert(s_service != NULL);
+	s_service->m_statusHandle = RegisterServiceCtrlHandler(
+		s_service->m_name, ServiceCtrlHandler);
+	if (s_service->m_statusHandle == NULL)
+	{
+		throw GetLastError();
+	}
+	s_service->Start(dwArgc, pszArgv);
+}
+
+
+void WINAPI I2PService::ServiceCtrlHandler(DWORD dwCtrl)
+{
+	switch (dwCtrl)
+	{
+		case SERVICE_CONTROL_STOP: s_service->Stop(); break;
+		case SERVICE_CONTROL_PAUSE: s_service->Pause(); break;
+		case SERVICE_CONTROL_CONTINUE: s_service->Continue(); break;
+		case SERVICE_CONTROL_SHUTDOWN: s_service->Shutdown(); break;
+		case SERVICE_CONTROL_INTERROGATE: break;
+		default: break;
+	}
+}
+
+I2PService::I2PService(PSTR pszServiceName,
+	BOOL fCanStop,
+	BOOL fCanShutdown,
+	BOOL fCanPauseContinue)
+{
+	m_name = (pszServiceName == NULL) ? (PSTR)"" : pszServiceName;
+	m_statusHandle = NULL;
+	m_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
+	m_status.dwCurrentState = SERVICE_START_PENDING;
+
+	DWORD dwControlsAccepted = 0;
+	if (fCanStop)
+		dwControlsAccepted |= SERVICE_ACCEPT_STOP;
+	if (fCanShutdown)
+		dwControlsAccepted |= SERVICE_ACCEPT_SHUTDOWN;
+	if (fCanPauseContinue)
+		dwControlsAccepted |= SERVICE_ACCEPT_PAUSE_CONTINUE;
+
+	m_status.dwControlsAccepted = dwControlsAccepted;
+	m_status.dwWin32ExitCode = NO_ERROR;
+	m_status.dwServiceSpecificExitCode = 0;
+	m_status.dwCheckPoint = 0;
+	m_status.dwWaitHint = 0;
+	m_fStopping = FALSE;
+	// Create a manual-reset event that is not signaled at first to indicate
+	// the stopped signal of the service.
+	m_hStoppedEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
+	if (m_hStoppedEvent == NULL)
+	{
+		throw GetLastError();
+	}
+}
+
+I2PService::~I2PService(void)
+{
+	if (m_hStoppedEvent)
+	{
+		CloseHandle(m_hStoppedEvent);
+		m_hStoppedEvent = NULL;
+	}
+}
+
+void I2PService::Start(DWORD dwArgc, PSTR *pszArgv)
+{
+	try
+	{
+		SetServiceStatus(SERVICE_START_PENDING);
+		OnStart(dwArgc, pszArgv);
+		SetServiceStatus(SERVICE_RUNNING);
+	}
+	catch (DWORD dwError)
+	{
+		LogPrint(eLogError, "Win32Service: Start error: ", dwError);
+		SetServiceStatus(SERVICE_STOPPED, dwError);
+	}
+	catch (...)
+	{
+		LogPrint(eLogError, "Win32Service: failed to start: ", EVENTLOG_ERROR_TYPE);
+		SetServiceStatus(SERVICE_STOPPED);
+	}
+}
+
+void I2PService::OnStart(DWORD dwArgc, PSTR *pszArgv)
+{
+	LogPrint(eLogInfo, "Win32Service: in OnStart (", EVENTLOG_INFORMATION_TYPE, ")");
+	Daemon.start();
+	_worker = new std::thread(std::bind(&I2PService::WorkerThread, this));
+}
+
+void I2PService::WorkerThread()
+{
+	while (!m_fStopping)
+	{
+		::Sleep(1000); // Simulate some lengthy operations.
+	}
+	// Signal the stopped event.
+	SetEvent(m_hStoppedEvent);
+}
+
+void I2PService::Stop()
+{
+	DWORD dwOriginalState = m_status.dwCurrentState;
+	try
+	{
+		SetServiceStatus(SERVICE_STOP_PENDING);
+		OnStop();
+		SetServiceStatus(SERVICE_STOPPED);
+	}
+	catch (DWORD dwError)
+	{
+		LogPrint(eLogInfo, "Win32Service: Stop error: ", dwError);
+		SetServiceStatus(dwOriginalState);
+	}
+	catch (...)
+	{
+		LogPrint(eLogError, "Win32Service: Failed to stop: ", EVENTLOG_ERROR_TYPE);
+		SetServiceStatus(dwOriginalState);
+	}
+}
+
+void I2PService::OnStop()
+{
+	// Log a service stop message to the Application log.
+	LogPrint(eLogInfo, "Win32Service: in OnStop (", EVENTLOG_INFORMATION_TYPE, ")");
+	Daemon.stop();
+	m_fStopping = TRUE;
+	if (WaitForSingleObject(m_hStoppedEvent, INFINITE) != WAIT_OBJECT_0)
+	{
+		throw GetLastError();
+	}
+	_worker->join();
+	delete _worker;
+}
+
+void I2PService::Pause()
+{
+	try
+	{
+		SetServiceStatus(SERVICE_PAUSE_PENDING);
+		OnPause();
+		SetServiceStatus(SERVICE_PAUSED);
+	}
+	catch (DWORD dwError)
+	{
+		LogPrint(eLogError, "Win32Service: Pause error: ", dwError);
+		SetServiceStatus(SERVICE_RUNNING);
+	}
+	catch (...)
+	{
+		LogPrint(eLogError, "Win32Service: Failed to pause: ", EVENTLOG_ERROR_TYPE);
+		SetServiceStatus(SERVICE_RUNNING);
+	}
+}
+
+void I2PService::OnPause()
+{
+}
+
+void I2PService::Continue()
+{
+	try
+	{
+		SetServiceStatus(SERVICE_CONTINUE_PENDING);
+		OnContinue();
+		SetServiceStatus(SERVICE_RUNNING);
+	}
+	catch (DWORD dwError)
+	{
+		LogPrint(eLogError, "Win32Service: Continue error: ", dwError);
+		SetServiceStatus(SERVICE_PAUSED);
+	}
+	catch (...)
+	{
+		LogPrint(eLogError, "Win32Service: Failed to resume: ", EVENTLOG_ERROR_TYPE);
+		SetServiceStatus(SERVICE_PAUSED);
+	}
+}
+
+void I2PService::OnContinue()
+{
+}
+
+void I2PService::Shutdown()
+{
+	try
+	{
+		OnShutdown();
+		SetServiceStatus(SERVICE_STOPPED);
+	}
+	catch (DWORD dwError)
+	{
+		LogPrint(eLogError, "Win32Service: Shutdown error: ", dwError);
+	}
+	catch (...)
+	{
+		LogPrint(eLogError, "Win32Service: Failed to shut down: ", EVENTLOG_ERROR_TYPE);
+	}
+}
+
+void I2PService::OnShutdown()
+{
+}
+
+void I2PService::SetServiceStatus(DWORD dwCurrentState,
+	DWORD dwWin32ExitCode,
+	DWORD dwWaitHint)
+{
+	static DWORD dwCheckPoint = 1;
+	m_status.dwCurrentState = dwCurrentState;
+	m_status.dwWin32ExitCode = dwWin32ExitCode;
+	m_status.dwWaitHint = dwWaitHint;
+	m_status.dwCheckPoint =
+		((dwCurrentState == SERVICE_RUNNING) ||
+		(dwCurrentState == SERVICE_STOPPED)) ?
+		0 : dwCheckPoint++;
+
+	::SetServiceStatus(m_statusHandle, &m_status);
+}
+
+//*****************************************************************************
+
+void FreeHandles(SC_HANDLE schSCManager, SC_HANDLE schService)
+{
+	if (schSCManager)
+	{
+		CloseServiceHandle(schSCManager);
+		schSCManager = NULL;
+	}
+	if (schService)
+	{
+		CloseServiceHandle(schService);
+		schService = NULL;
+	}
+}
--- a/Win32/Win32Service.h
+++ b/Win32/Win32Service.h
@@ -0,0 +1,63 @@
+/*
+* Copyright (c) 2013-2022, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#ifndef WIN_32_SERVICE_H__
+#define WIN_32_SERVICE_H__
+
+#include <thread>
+#include <windows.h>
+
+#define SERVICE_NAME "i2pdService"
+
+class I2PService
+{
+	public:
+
+		I2PService(PSTR pszServiceName,
+			BOOL fCanStop = TRUE,
+			BOOL fCanShutdown = TRUE,
+			BOOL fCanPauseContinue = FALSE);
+
+		virtual ~I2PService(void);
+
+		static BOOL isService();
+		static BOOL Run(I2PService &service);
+		void Stop();
+
+	protected:
+
+		virtual void OnStart(DWORD dwArgc, PSTR *pszArgv);
+		virtual void OnStop();
+		virtual void OnPause();
+		virtual void OnContinue();
+		virtual void OnShutdown();
+		void SetServiceStatus(DWORD dwCurrentState,
+			DWORD dwWin32ExitCode = NO_ERROR,
+			DWORD dwWaitHint = 0);
+
+	private:
+
+		static void WINAPI ServiceMain(DWORD dwArgc, LPSTR *lpszArgv);
+		static void WINAPI ServiceCtrlHandler(DWORD dwCtrl);
+		void WorkerThread();
+		void Start(DWORD dwArgc, PSTR *pszArgv);
+		void Pause();
+		void Continue();
+		void Shutdown();
+		static I2PService* s_service;
+		PSTR m_name;
+		SERVICE_STATUS m_status;
+		SERVICE_STATUS_HANDLE m_statusHandle;
+
+		BOOL m_fStopping;
+		HANDLE m_hStoppedEvent;
+
+		std::thread* _worker;
+};
+
+#endif // WIN_32_SERVICE_H__
--- a/build/CMakeLists.txt
+++ b/build/CMakeLists.txt
@@ -17,13 +17,13 @@ option(WITH_LIBRARY         "Build library"                           ON)
 option(WITH_BINARY          "Build binary"                            ON)
 option(WITH_STATIC          "Static build"                            OFF)
 option(WITH_UPNP            "Include support for UPnP client"         OFF)
-option(WITH_MESHNET         "Build for cjdns test network"            OFF)
+option(WITH_GIT_VERSION     "Use git commit info as version"          OFF)
 option(WITH_ADDRSANITIZER   "Build with address sanitizer unix only"  OFF)
 option(WITH_THREADSANITIZER "Build with thread sanitizer unix only"   OFF)

 # paths
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake_modules")
-set(CMAKE_SOURCE_DIR "..")
+set(CMAKE_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/..")

 #Handle paths nicely
 include(GNUInstallDirs)
@@ -85,18 +85,21 @@ set(DAEMON_SRC
  "${DAEMON_SRC_DIR}/Daemon.cpp"
  "${DAEMON_SRC_DIR}/HTTPServer.cpp"
  "${DAEMON_SRC_DIR}/I2PControl.cpp"
+  "${DAEMON_SRC_DIR}/I2PControlHandlers.cpp"
  "${DAEMON_SRC_DIR}/i2pd.cpp"
  "${DAEMON_SRC_DIR}/UPnP.cpp"
 )

-if(WITH_MESHNET)
-  add_definitions(-DMESHNET)
-endif()
-
 if(WITH_UPNP)
  add_definitions(-DUSE_UPNP)
 endif()

+if(WITH_GIT_VERSION)
+  include(GetGitRevisionDescription)
+  git_describe(GIT_VERSION)
+  add_definitions(-DGITVER="${GIT_VERSION}")
+endif()
+
 if(APPLE)
  add_definitions(-DMAC_OSX)
 endif()
@@ -169,25 +172,21 @@ if(WITH_THREADSANITIZER)
 endif()


+# Enable usage of STD's Atomic instead of Boost's on PowerPC
+# For more information refer to https://github.com/PurpleI2P/i2pd/issues/1726#issuecomment-1306335111
+if(ARCHITECTURE MATCHES "ppc")
+  add_definitions(-DBOOST_SP_USE_STD_ATOMIC)
+endif()
+
+
 # libraries
-# TODO: once CMake 3.1+ becomes mainstream, see e.g. http://stackoverflow.com/a/29871891/673826
-# use imported Threads::Threads instead
 set(THREADS_PREFER_PTHREAD_FLAG ON)
-if(IOS)
-  set(CMAKE_THREAD_LIBS_INIT "-lpthread")
-  set(CMAKE_HAVE_THREADS_LIBRARY 1)
-  set(CMAKE_USE_WIN32_THREADS_INIT 0)
-  set(CMAKE_USE_PTHREADS_INIT 1)
-else()
-  find_package(Threads REQUIRED)
-endif()
-if(THREADS_HAVE_PTHREAD_ARG) # compile time flag
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pthread")
-endif()
+find_package(Threads REQUIRED)

 if(WITH_STATIC)
  set(Boost_USE_STATIC_LIBS ON)
  set(Boost_USE_STATIC_RUNTIME ON)
+  set(OPENSSL_USE_STATIC_LIBS ON)
  set(BUILD_SHARED_LIBS OFF)
  if(${CMAKE_CXX_COMPILER} MATCHES ".*-openwrt-.*")
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pthread")
@@ -202,8 +201,6 @@ else()
  add_definitions(-DBOOST_SYSTEM_DYN_LINK -DBOOST_FILESYSTEM_DYN_LINK -DBOOST_PROGRAM_OPTIONS_DYN_LINK -DBOOST_DATE_TIME_DYN_LINK -DBOOST_REGEX_DYN_LINK)
 endif()

-target_link_libraries(libi2pdclient libi2pd libi2pdlang)
-
 find_package(Boost COMPONENTS system filesystem program_options date_time REQUIRED)
 if(NOT DEFINED Boost_INCLUDE_DIRS)
  message(SEND_ERROR "Boost is not found, or your boost version was below 1.46. Please download Boost!")
@@ -215,7 +212,7 @@ if(NOT DEFINED OPENSSL_INCLUDE_DIR)
 endif()

 if(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0")
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-deprecated-declarations")
+  add_definitions(-DOPENSSL_SUPPRESS_DEPRECATED)
 endif()

 if(WITH_UPNP)
@@ -235,12 +232,6 @@ endif()
 # load includes
 include_directories(SYSTEM ${Boost_INCLUDE_DIRS} ${OPENSSL_INCLUDE_DIR} ${ZLIB_INCLUDE_DIR})

-# warn if for meshnet
-if(WITH_MESHNET)
-  message(STATUS "Building for testnet")
-  message(WARNING "This build will NOT work on mainline i2p")
-endif()
-
 include(CheckAtomic)

 # show summary
@@ -258,15 +249,11 @@ message(STATUS "  LIBRARY          : ${WITH_LIBRARY}")
 message(STATUS "  BINARY           : ${WITH_BINARY}")
 message(STATUS "  STATIC BUILD     : ${WITH_STATIC}")
 message(STATUS "  UPnP             : ${WITH_UPNP}")
-message(STATUS "  MESHNET          : ${WITH_MESHNET}")
+message(STATUS "  GIT VERSION      : ${WITH_GIT_VERSION}")
 message(STATUS "  ADDRSANITIZER    : ${WITH_ADDRSANITIZER}")
 message(STATUS "  THREADSANITIZER  : ${WITH_THREADSANITIZER}")
 message(STATUS "---------------------------------------")

-if(WITH_MESHNET)
-  message(STATUS "WARNING: Using the MESHNET option will make it impossible to use the application with the main network!!!")
-endif()
-
 if(WITH_BINARY)
  add_executable("${PROJECT_NAME}" ${DAEMON_SRC})

@@ -278,23 +265,17 @@ if(WITH_BINARY)
    set_target_properties("${PROJECT_NAME}" PROPERTIES LINK_FLAGS "-z relro -z now")
  endif()

-  if(WITH_UPNP)
-    set(UPNP_LIB ${MINIUPNPC_LIBRARY})
-  endif()
-
  # FindBoost pulls pthread for thread which is broken for static linking at least on Ubuntu 15.04
  list(GET Boost_LIBRARIES -1 LAST_Boost_LIBRARIES)
  if(${LAST_Boost_LIBRARIES} MATCHES ".*pthread.*")
    list(REMOVE_AT Boost_LIBRARIES -1)
  endif()

-
  if(WITH_STATIC)
    set(DL_LIB ${CMAKE_DL_LIBS})
  endif()

-  target_link_libraries(libi2pd ${Boost_LIBRARIES} ${ZLIB_LIBRARY})
-  target_link_libraries("${PROJECT_NAME}" libi2pd libi2pdclient libi2pdlang ${DL_LIB} ${Boost_LIBRARIES} ${OPENSSL_LIBRARIES} ${UPNP_LIB} ${ZLIB_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${DL_LIB} ${CMAKE_REQUIRED_LIBRARIES})
+  target_link_libraries("${PROJECT_NAME}" libi2pd libi2pdclient libi2pdlang ${DL_LIB} ${Boost_LIBRARIES} OpenSSL::SSL OpenSSL::Crypto ${MINIUPNPC_LIBRARY} ZLIB::ZLIB Threads::Threads ${DL_LIB} ${CMAKE_REQUIRED_LIBRARIES})

  install(TARGETS "${PROJECT_NAME}" RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} COMPONENT Runtime)
  set(APPS "\${CMAKE_INSTALL_PREFIX}/bin/${PROJECT_NAME}${CMAKE_EXECUTABLE_SUFFIX}")
--- a/build/build_mingw.cmd
+++ b/build/build_mingw.cmd
@@ -52,22 +52,28 @@ REM converting configuration files to DOS format (make usable in Windows Notepad
 %xSH% "unix2dos contrib/i2pd.conf contrib/tunnels.conf contrib/tunnels.d/* contrib/webconsole/style.css" >> build\build.log 2>&1

 REM Prepare binary signing command if signing key and password provided
-if defined SIGNKEY (
-  if defined SIGNPASS (
-    echo Signing options found
+if defined SIGN (
+  echo Signing enabled

-    for %%X in (signtool.exe) do (set xSIGNTOOL=%%~$PATH:X)
-    if not defined xSIGNTOOL (
-      if not defined SIGNTOOL (
-        echo Error: Can't find signtool. Please provide path to binary using SIGNTOOL variable.
-        exit /b 1
-      ) else (
-        set "xSIGNTOOL=%SIGNTOOL%"
-      )
+  for %%X in (signtool.exe) do (set xSIGNTOOL=%%~$PATH:X)
+  if not defined xSIGNTOOL (
+    if not defined SIGNTOOL (
+      echo Error: Can't find signtool. Please provide path to binary using SIGNTOOL variable.
+      exit /b 1
+    ) else (
+      set "xSIGNTOOL=%SIGNTOOL%"
    )
-
-    set "xSIGNOPTS=sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f ^"%SIGNKEY%^" /p ^"%SIGNPASS%^""
  )
+
+  if defined SIGNKEY (
+    set "xSIGNKEYOPTS=/f ^"%SIGNKEY%^""
+  )
+
+  if defined SIGNPASS (
+    set "xSIGNPASSOPTS=/p ^"%SIGNPASS%^""
+  )
+
+  set "xSIGNOPTS=sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 %xSIGNKEYOPTS% %xSIGNPASSOPTS%"
 )

 REM starting building
--- a/build/cmake_modules/GetGitRevisionDescription.cmake
+++ b/build/cmake_modules/GetGitRevisionDescription.cmake
@@ -0,0 +1,284 @@
+# - Returns a version string from Git
+#
+# These functions force a re-configure on each git commit so that you can
+# trust the values of the variables in your build system.
+#
+#  get_git_head_revision(<refspecvar> <hashvar> [ALLOW_LOOKING_ABOVE_CMAKE_SOURCE_DIR])
+#
+# Returns the refspec and sha hash of the current head revision
+#
+#  git_describe(<var> [<additional arguments to git describe> ...])
+#
+# Returns the results of git describe on the source tree, and adjusting
+# the output so that it tests false if an error occurs.
+#
+#  git_describe_working_tree(<var> [<additional arguments to git describe> ...])
+#
+# Returns the results of git describe on the working tree (--dirty option),
+# and adjusting the output so that it tests false if an error occurs.
+#
+#  git_get_exact_tag(<var> [<additional arguments to git describe> ...])
+#
+# Returns the results of git describe --exact-match on the source tree,
+# and adjusting the output so that it tests false if there was no exact
+# matching tag.
+#
+#  git_local_changes(<var>)
+#
+# Returns either "CLEAN" or "DIRTY" with respect to uncommitted changes.
+# Uses the return code of "git diff-index --quiet HEAD --".
+# Does not regard untracked files.
+#
+# Requires CMake 2.6 or newer (uses the 'function' command)
+#
+# Original Author:
+# 2009-2020 Ryan Pavlik <ryan.pavlik@gmail.com> <abiryan@ryand.net>
+# http://academic.cleardefinition.com
+#
+# Copyright 2009-2013, Iowa State University.
+# Copyright 2013-2020, Ryan Pavlik
+# Copyright 2013-2020, Contributors
+# SPDX-License-Identifier: BSL-1.0
+# Distributed under the Boost Software License, Version 1.0.
+# (See accompanying file LICENSE_1_0.txt or copy at
+# http://www.boost.org/LICENSE_1_0.txt)
+
+if(__get_git_revision_description)
+    return()
+endif()
+set(__get_git_revision_description YES)
+
+# We must run the following at "include" time, not at function call time,
+# to find the path to this module rather than the path to a calling list file
+get_filename_component(_gitdescmoddir ${CMAKE_CURRENT_LIST_FILE} PATH)
+
+# Function _git_find_closest_git_dir finds the next closest .git directory
+# that is part of any directory in the path defined by _start_dir.
+# The result is returned in the parent scope variable whose name is passed
+# as variable _git_dir_var. If no .git directory can be found, the
+# function returns an empty string via _git_dir_var.
+#
+# Example: Given a path C:/bla/foo/bar and assuming C:/bla/.git exists and
+# neither foo nor bar contain a file/directory .git. This wil return
+# C:/bla/.git
+#
+function(_git_find_closest_git_dir _start_dir _git_dir_var)
+    set(cur_dir "${_start_dir}")
+    set(git_dir "${_start_dir}/.git")
+    while(NOT EXISTS "${git_dir}")
+        # .git dir not found, search parent directories
+        set(git_previous_parent "${cur_dir}")
+        get_filename_component(cur_dir "${cur_dir}" DIRECTORY)
+        if(cur_dir STREQUAL git_previous_parent)
+            # We have reached the root directory, we are not in git
+            set(${_git_dir_var}
+                ""
+                PARENT_SCOPE)
+            return()
+        endif()
+        set(git_dir "${cur_dir}/.git")
+    endwhile()
+    set(${_git_dir_var}
+        "${git_dir}"
+        PARENT_SCOPE)
+endfunction()
+
+function(get_git_head_revision _refspecvar _hashvar)
+    _git_find_closest_git_dir("${CMAKE_CURRENT_SOURCE_DIR}" GIT_DIR)
+
+    if("${ARGN}" STREQUAL "ALLOW_LOOKING_ABOVE_CMAKE_SOURCE_DIR")
+        set(ALLOW_LOOKING_ABOVE_CMAKE_SOURCE_DIR TRUE)
+    else()
+        set(ALLOW_LOOKING_ABOVE_CMAKE_SOURCE_DIR FALSE)
+    endif()
+    if(NOT "${GIT_DIR}" STREQUAL "")
+        file(RELATIVE_PATH _relative_to_source_dir "${CMAKE_SOURCE_DIR}"
+             "${GIT_DIR}")
+        if("${_relative_to_source_dir}" MATCHES "[.][.]" AND NOT ALLOW_LOOKING_ABOVE_CMAKE_SOURCE_DIR)
+            # We've gone above the CMake root dir.
+            set(GIT_DIR "")
+        endif()
+    endif()
+    if("${GIT_DIR}" STREQUAL "")
+        set(${_refspecvar}
+            "GITDIR-NOTFOUND"
+            PARENT_SCOPE)
+        set(${_hashvar}
+            "GITDIR-NOTFOUND"
+            PARENT_SCOPE)
+        return()
+    endif()
+
+    # Check if the current source dir is a git submodule or a worktree.
+    # In both cases .git is a file instead of a directory.
+    #
+    if(NOT IS_DIRECTORY ${GIT_DIR})
+        # The following git command will return a non empty string that
+        # points to the super project working tree if the current
+        # source dir is inside a git submodule.
+        # Otherwise the command will return an empty string.
+        #
+        execute_process(
+            COMMAND "${GIT_EXECUTABLE}" rev-parse
+                    --show-superproject-working-tree
+            WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+            OUTPUT_VARIABLE out
+            ERROR_QUIET OUTPUT_STRIP_TRAILING_WHITESPACE)
+        if(NOT "${out}" STREQUAL "")
+            # If out is empty, GIT_DIR/CMAKE_CURRENT_SOURCE_DIR is in a submodule
+            file(READ ${GIT_DIR} submodule)
+            string(REGEX REPLACE "gitdir: (.*)$" "\\1" GIT_DIR_RELATIVE
+                                 ${submodule})
+            string(STRIP ${GIT_DIR_RELATIVE} GIT_DIR_RELATIVE)
+            get_filename_component(SUBMODULE_DIR ${GIT_DIR} PATH)
+            get_filename_component(GIT_DIR ${SUBMODULE_DIR}/${GIT_DIR_RELATIVE}
+                                   ABSOLUTE)
+            set(HEAD_SOURCE_FILE "${GIT_DIR}/HEAD")
+        else()
+            # GIT_DIR/CMAKE_CURRENT_SOURCE_DIR is in a worktree
+            file(READ ${GIT_DIR} worktree_ref)
+            # The .git directory contains a path to the worktree information directory
+            # inside the parent git repo of the worktree.
+            #
+            string(REGEX REPLACE "gitdir: (.*)$" "\\1" git_worktree_dir
+                                 ${worktree_ref})
+            string(STRIP ${git_worktree_dir} git_worktree_dir)
+            _git_find_closest_git_dir("${git_worktree_dir}" GIT_DIR)
+            set(HEAD_SOURCE_FILE "${git_worktree_dir}/HEAD")
+        endif()
+    else()
+        set(HEAD_SOURCE_FILE "${GIT_DIR}/HEAD")
+    endif()
+    set(GIT_DATA "${CMAKE_CURRENT_BINARY_DIR}/CMakeFiles/git-data")
+    if(NOT EXISTS "${GIT_DATA}")
+        file(MAKE_DIRECTORY "${GIT_DATA}")
+    endif()
+
+    if(NOT EXISTS "${HEAD_SOURCE_FILE}")
+        return()
+    endif()
+    set(HEAD_FILE "${GIT_DATA}/HEAD")
+    configure_file("${HEAD_SOURCE_FILE}" "${HEAD_FILE}" COPYONLY)
+
+    configure_file("${_gitdescmoddir}/GetGitRevisionDescription.cmake.in"
+                   "${GIT_DATA}/grabRef.cmake" @ONLY)
+    include("${GIT_DATA}/grabRef.cmake")
+
+    set(${_refspecvar}
+        "${HEAD_REF}"
+        PARENT_SCOPE)
+    set(${_hashvar}
+        "${HEAD_HASH}"
+        PARENT_SCOPE)
+endfunction()
+
+function(git_describe _var)
+    if(NOT GIT_FOUND)
+        find_package(Git QUIET)
+    endif()
+    get_git_head_revision(refspec hash)
+    if(NOT GIT_FOUND)
+        set(${_var}
+            "GIT-NOTFOUND"
+            PARENT_SCOPE)
+        return()
+    endif()
+    if(NOT hash)
+        set(${_var}
+            "HEAD-HASH-NOTFOUND"
+            PARENT_SCOPE)
+        return()
+    endif()
+
+    # TODO sanitize
+    #if((${ARGN}" MATCHES "&&") OR
+    #	(ARGN MATCHES "||") OR
+    #	(ARGN MATCHES "\\;"))
+    #	message("Please report the following error to the project!")
+    #	message(FATAL_ERROR "Looks like someone's doing something nefarious with git_describe! Passed arguments ${ARGN}")
+    #endif()
+
+    #message(STATUS "Arguments to execute_process: ${ARGN}")
+
+    execute_process(
+        COMMAND "${GIT_EXECUTABLE}" describe --tags --always ${hash} ${ARGN}
+        WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+        RESULT_VARIABLE res
+        OUTPUT_VARIABLE out
+        ERROR_QUIET OUTPUT_STRIP_TRAILING_WHITESPACE)
+    if(NOT res EQUAL 0)
+        set(out "${out}-${res}-NOTFOUND")
+    endif()
+
+    set(${_var}
+        "${out}"
+        PARENT_SCOPE)
+endfunction()
+
+function(git_describe_working_tree _var)
+    if(NOT GIT_FOUND)
+        find_package(Git QUIET)
+    endif()
+    if(NOT GIT_FOUND)
+        set(${_var}
+            "GIT-NOTFOUND"
+            PARENT_SCOPE)
+        return()
+    endif()
+
+    execute_process(
+        COMMAND "${GIT_EXECUTABLE}" describe --dirty ${ARGN}
+        WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+        RESULT_VARIABLE res
+        OUTPUT_VARIABLE out
+        ERROR_QUIET OUTPUT_STRIP_TRAILING_WHITESPACE)
+    if(NOT res EQUAL 0)
+        set(out "${out}-${res}-NOTFOUND")
+    endif()
+
+    set(${_var}
+        "${out}"
+        PARENT_SCOPE)
+endfunction()
+
+function(git_get_exact_tag _var)
+    git_describe(out --exact-match ${ARGN})
+    set(${_var}
+        "${out}"
+        PARENT_SCOPE)
+endfunction()
+
+function(git_local_changes _var)
+    if(NOT GIT_FOUND)
+        find_package(Git QUIET)
+    endif()
+    get_git_head_revision(refspec hash)
+    if(NOT GIT_FOUND)
+        set(${_var}
+            "GIT-NOTFOUND"
+            PARENT_SCOPE)
+        return()
+    endif()
+    if(NOT hash)
+        set(${_var}
+            "HEAD-HASH-NOTFOUND"
+            PARENT_SCOPE)
+        return()
+    endif()
+
+    execute_process(
+        COMMAND "${GIT_EXECUTABLE}" diff-index --quiet HEAD --
+        WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+        RESULT_VARIABLE res
+        OUTPUT_VARIABLE out
+        ERROR_QUIET OUTPUT_STRIP_TRAILING_WHITESPACE)
+    if(res EQUAL 0)
+        set(${_var}
+            "CLEAN"
+            PARENT_SCOPE)
+    else()
+        set(${_var}
+            "DIRTY"
+            PARENT_SCOPE)
+    endif()
+endfunction()
--- a/build/cmake_modules/GetGitRevisionDescription.cmake.in
+++ b/build/cmake_modules/GetGitRevisionDescription.cmake.in
@@ -0,0 +1,43 @@
+#
+# Internal file for GetGitRevisionDescription.cmake
+#
+# Requires CMake 2.6 or newer (uses the 'function' command)
+#
+# Original Author:
+# 2009-2010 Ryan Pavlik <rpavlik@iastate.edu> <abiryan@ryand.net>
+# http://academic.cleardefinition.com
+# Iowa State University HCI Graduate Program/VRAC
+#
+# Copyright 2009-2012, Iowa State University
+# Copyright 2011-2015, Contributors
+# Distributed under the Boost Software License, Version 1.0.
+# (See accompanying file LICENSE_1_0.txt or copy at
+# http://www.boost.org/LICENSE_1_0.txt)
+# SPDX-License-Identifier: BSL-1.0
+
+set(HEAD_HASH)
+
+file(READ "@HEAD_FILE@" HEAD_CONTENTS LIMIT 1024)
+
+string(STRIP "${HEAD_CONTENTS}" HEAD_CONTENTS)
+if(HEAD_CONTENTS MATCHES "ref")
+	# named branch
+	string(REPLACE "ref: " "" HEAD_REF "${HEAD_CONTENTS}")
+	if(EXISTS "@GIT_DIR@/${HEAD_REF}")
+		configure_file("@GIT_DIR@/${HEAD_REF}" "@GIT_DATA@/head-ref" COPYONLY)
+	else()
+		configure_file("@GIT_DIR@/packed-refs" "@GIT_DATA@/packed-refs" COPYONLY)
+		file(READ "@GIT_DATA@/packed-refs" PACKED_REFS)
+		if(${PACKED_REFS} MATCHES "([0-9a-z]*) ${HEAD_REF}")
+			set(HEAD_HASH "${CMAKE_MATCH_1}")
+		endif()
+	endif()
+else()
+	# detached HEAD
+	configure_file("@GIT_DIR@/HEAD" "@GIT_DATA@/head-ref" COPYONLY)
+endif()
+
+if(NOT HEAD_HASH)
+	file(READ "@GIT_DATA@/head-ref" HEAD_HASH LIMIT 1024)
+	string(STRIP "${HEAD_HASH}" HEAD_HASH)
+endif()
--- a/build/cmake_modules/TargetArch.cmake
+++ b/build/cmake_modules/TargetArch.cmake
@@ -61,7 +61,7 @@ set(archdetect_c_code "
    #else
        #error cmake_ARCH mips
    #endif
-#elif defined(__ppc__) || defined(__ppc) || defined(__powerpc__) \\
+#elif defined(__ppc__) || defined(__ppc) || defined(__powerpc__) || defined(__POWERPC__) \\
      || defined(_ARCH_COM) || defined(_ARCH_PWR) || defined(_ARCH_PPC)  \\
      || defined(_M_MPPC) || defined(_M_PPC)
    #if defined(__ppc64__) || defined(__powerpc64__) || defined(__64BIT__)
--- a/contrib/android_binary_only/.gitignore
+++ b/contrib/android_binary_only/.gitignore
@@ -1,18 +0,0 @@
-gen
-tests
-bin
-libs
-log*
-obj
-.gradle
-.idea
-.externalNativeBuild
-ant.properties
-local.properties
-build.sh
-android.iml
-build
-gradle
-gradlew
-gradlew.bat
-
--- a/contrib/android_binary_only/jni/Android.mk
+++ b/contrib/android_binary_only/jni/Android.mk
@@ -1,74 +0,0 @@
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-LOCAL_MODULE := i2pd
-LOCAL_CPP_FEATURES := rtti exceptions
-LOCAL_C_INCLUDES += $(IFADDRS_PATH) $(LIB_SRC_PATH) $(LIB_CLIENT_SRC_PATH) $(DAEMON_SRC_PATH)
-LOCAL_STATIC_LIBRARIES := \
-	boost_system \
-	boost_date_time \
-	boost_filesystem \
-	boost_program_options \
-	crypto ssl \
-	miniupnpc
-LOCAL_LDLIBS := -lz
-
-LOCAL_SRC_FILES := $(IFADDRS_PATH)/ifaddrs.c \
-	$(wildcard $(LIB_SRC_PATH)/*.cpp)\
-	$(wildcard $(LIB_CLIENT_SRC_PATH)/*.cpp)\
-	$(DAEMON_SRC_PATH)/UnixDaemon.cpp \
-	$(DAEMON_SRC_PATH)/Daemon.cpp \
-	$(DAEMON_SRC_PATH)/UPnP.cpp \
-	$(DAEMON_SRC_PATH)/HTTPServer.cpp \
-	$(DAEMON_SRC_PATH)/I2PControl.cpp \
-	$(DAEMON_SRC_PATH)/i2pd.cpp
-include $(BUILD_EXECUTABLE)
-
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-LOCAL_MODULE := boost_system
-LOCAL_SRC_FILES := $(BOOST_PATH)/boost-1_72_0/$(TARGET_ARCH_ABI)/lib/libboost_system.a
-LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost-1_72_0/include
-include $(PREBUILT_STATIC_LIBRARY)
-
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-LOCAL_MODULE := boost_date_time
-LOCAL_SRC_FILES := $(BOOST_PATH)/boost-1_72_0/$(TARGET_ARCH_ABI)/lib/libboost_date_time.a
-LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost-1_72_0/include
-include $(PREBUILT_STATIC_LIBRARY)
-
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-LOCAL_MODULE := boost_filesystem
-LOCAL_SRC_FILES := $(BOOST_PATH)/boost-1_72_0/$(TARGET_ARCH_ABI)/lib/libboost_filesystem.a
-LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost-1_72_0/include
-include $(PREBUILT_STATIC_LIBRARY)
-
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-LOCAL_MODULE := boost_program_options
-LOCAL_SRC_FILES := $(BOOST_PATH)/boost-1_72_0/$(TARGET_ARCH_ABI)/lib/libboost_program_options.a
-LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost-1_72_0/include
-include $(PREBUILT_STATIC_LIBRARY)
-
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-LOCAL_MODULE := crypto
-LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.1a-clang/$(TARGET_ARCH_ABI)/lib/libcrypto.a
-LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.1a-clang/include
-include $(PREBUILT_STATIC_LIBRARY)
-
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-LOCAL_MODULE := ssl
-LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.1a-clang/$(TARGET_ARCH_ABI)/lib/libssl.a
-LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.1a-clang/include
-LOCAL_STATIC_LIBRARIES := crypto
-include $(PREBUILT_STATIC_LIBRARY)
-
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-LOCAL_MODULE := miniupnpc
-LOCAL_SRC_FILES := $(MINIUPNP_PATH)/miniupnpc-2.1/$(TARGET_ARCH_ABI)/lib/libminiupnpc.a
-LOCAL_EXPORT_C_INCLUDES := $(MINIUPNP_PATH)/miniupnpc-2.1/include
-include $(PREBUILT_STATIC_LIBRARY)
--- a/contrib/android_binary_only/jni/Application.mk
+++ b/contrib/android_binary_only/jni/Application.mk
@@ -1,40 +0,0 @@
-APP_ABI := all
-#APP_ABI += x86
-#APP_ABI += x86_64
-#APP_ABI += armeabi-v7a
-#APP_ABI += arm64-v8a
-#can be android-3 but will fail for x86 since arch-x86 is not present at ndkroot/platforms/android-3/ . libz is taken from there.
-APP_PLATFORM := android-14
-
-NDK_TOOLCHAIN_VERSION := clang
-APP_STL := c++_static
-
-# Enable c++17 extensions in source code
-APP_CPPFLAGS += -std=c++17 -fvisibility=default -fPIE
-
-APP_CPPFLAGS += -DANDROID_BINARY -DANDROID -D__ANDROID__ -DUSE_UPNP
-APP_LDFLAGS += -rdynamic -fPIE -pie
-ifeq ($(TARGET_ARCH_ABI),armeabi-v7a)
-APP_CPPFLAGS += -DANDROID_ARM7A
-endif
-
-# Forcing debug optimization. Use `ndk-build NDK_DEBUG=1` instead.
-#APP_OPTIM  := debug
-
-# git clone https://github.com/PurpleI2P/Boost-for-Android-Prebuilt.git -b boost-1_72_0
-# git clone https://github.com/PurpleI2P/OpenSSL-for-Android-Prebuilt.git
-# git clone https://github.com/PurpleI2P/MiniUPnP-for-Android-Prebuilt.git
-# git clone https://github.com/PurpleI2P/android-ifaddrs.git
-# change to your own
-I2PD_LIBS_PATH = /path/to/libraries
-BOOST_PATH = $(I2PD_LIBS_PATH)/Boost-for-Android-Prebuilt
-OPENSSL_PATH = $(I2PD_LIBS_PATH)/OpenSSL-for-Android-Prebuilt
-MINIUPNP_PATH = $(I2PD_LIBS_PATH)/MiniUPnP-for-Android-Prebuilt
-IFADDRS_PATH = $(I2PD_LIBS_PATH)/android-ifaddrs
-
-# don't change me
-I2PD_SRC_PATH = $(PWD)/../..
-
-LIB_SRC_PATH = $(I2PD_SRC_PATH)/libi2pd
-LIB_CLIENT_SRC_PATH = $(I2PD_SRC_PATH)/libi2pd_client
-DAEMON_SRC_PATH = $(I2PD_SRC_PATH)/daemon
--- a/contrib/android_binary_pack/.gitignore
+++ b/contrib/android_binary_pack/.gitignore
@@ -1,2 +0,0 @@
-archive
-i2pd_*_android_binary.zip
--- a/contrib/android_binary_pack/build-archive
+++ b/contrib/android_binary_pack/build-archive
@@ -1,48 +0,0 @@
-#!/bin/bash
-
-# Copyright (c) 2013-2020, The PurpleI2P Project
-#
-# This file is part of Purple i2pd project and licensed under BSD3
-#
-# See full license text in LICENSE file at top of project tree
-
-GITDESC=$(git describe --tags)
-
-declare -A ABILIST=(
-	["armeabi-v7a"]="armv7l"
-	["arm64-v8a"]="aarch64"
-	["x86"]="x86"
-	["x86_64"]="x86_64"
-)
-
-# Remove old files and archives
-if [ -d archive ]; then
-	rm -r archive
-fi
-
-if [ -f ../i2pd_*_android_binary.zip ]; then
-	rm i2pd_*_android_binary.zip
-fi
-
-# Prepare files for package
-mkdir archive
-
-for ABI in "${!ABILIST[@]}"; do
-	if [ -f ../android_binary_only/libs/${ABI}/i2pd ]; then
-		cp ../android_binary_only/libs/${ABI}/i2pd archive/i2pd-${ABILIST[$ABI]}
-	fi
-done
-
-cp i2pd archive/i2pd
-cp -rH ../android/assets/certificates archive/
-cp -rH ../android/assets/tunnels.conf.d archive/
-cp -H ../android/assets/i2pd.conf archive/
-cp -H ../android/assets/tunnels.conf archive/
-
-# Compress files
-cd archive
-zip -r6 ../i2pd_${GITDESC}_android_binary.zip .
-
-# Remove temporary folder
-cd ..
-rm -r archive
--- a/contrib/android_binary_pack/i2pd
+++ b/contrib/android_binary_pack/i2pd
@@ -1,33 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2013-2020, The PurpleI2P Project
-#
-# This file is part of Purple i2pd project and licensed under BSD3
-#
-# See full license text in LICENSE file at top of project tree
-#
-# That script written for use with Termux.
-
-# https://stackoverflow.com/a/246128
-SOURCE="${0}"
-while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
-  DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"
-  SOURCE="$(readlink "$SOURCE")"
-  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
-done
-DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"
-
-arch=$(uname -m)
-
-screenfind=$(which screen)
-if [ -z $screenfind ]; then
-  echo "Can't find 'screen' installed. That script needs it!";
-  exit 1;
-fi
-
-if [ -z i2pd-$arch ]; then
-  echo "Can't find i2pd binary for your archtecture.";
-  exit 1;
-fi
-
-screen -AmdS i2pd ./i2pd-$arch --datadir=$DIR
--- a/contrib/certificates/family/stormycloud.crt
+++ b/contrib/certificates/family/stormycloud.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICKDCCAc6gAwIBAgIUcPHZXtYSqGNRCD6z8gp79WUFtI0wCgYIKoZIzj0EAwIw
+gZMxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEPMA0GA1UEBwwGQXVzdGlu
+MRgwFgYDVQQKDA9TdG9ybXlDbG91ZCBJbmMxIzAhBgNVBAMMGnN0b3JteWNsb3Vk
+LmZhbWlseS5pMnAubmV0MSQwIgYJKoZIhvcNAQkBFhVhZG1pbkBzdG9ybXljbG91
+ZC5vcmcwHhcNMjIwMzE5MTU1MjU2WhcNMzIwMzE2MTU1MjU2WjCBkzELMAkGA1UE
+BhMCVVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xGDAWBgNVBAoM
+D1N0b3JteUNsb3VkIEluYzEjMCEGA1UEAwwac3Rvcm15Y2xvdWQuZmFtaWx5Lmky
+cC5uZXQxJDAiBgkqhkiG9w0BCQEWFWFkbWluQHN0b3JteWNsb3VkLm9yZzBZMBMG
+ByqGSM49AgEGCCqGSM49AwEHA0IABFUli0hvJEmowNjJVjbKEIWBJhqe973S4VdL
+cJuA5yY3dC4Y998abWEox7/Y1BhnBbpJuiodA341bXKkLMXQy/kwCgYIKoZIzj0E
+AwIDSAAwRQIgD12F/TfY3iV1/WDF7BSKgbD5g2MfELUIy1dtUlJQuJUCIQD69mZw
+V1Z9j2x0ZsuirS3i6AMfVyTDj0RFS3U1jeHzIQ==
+-----END CERTIFICATE-----
--- a/contrib/certificates/reseed/i2p-reseed_at_mk16.de.crt
+++ b/contrib/certificates/reseed/i2p-reseed_at_mk16.de.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIFzTCCA7WgAwIBAgIQeUqFi0fHNQopg6BZlBLhVzANBgkqhkiG9w0BAQsFADBy
+MQswCQYDVQQGEwJYWDELMAkGA1UEBxMCWFgxCzAJBgNVBAkTAlhYMR4wHAYDVQQK
+ExVJMlAgQW5vbnltb3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEbMBkGA1UEAwwS
+aTJwLXJlc2VlZEBtazE2LmRlMB4XDTIyMDIwNTE3MzkzM1oXDTMyMDIwNTE3Mzkz
+M1owcjELMAkGA1UEBhMCWFgxCzAJBgNVBAcTAlhYMQswCQYDVQQJEwJYWDEeMBwG
+A1UEChMVSTJQIEFub255bW91cyBOZXR3b3JrMQwwCgYDVQQLEwNJMlAxGzAZBgNV
+BAMMEmkycC1yZXNlZWRAbWsxNi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAMYxs2D2xpN/8blGawvAlU9DemHIxApOEwaLNfh8aAvqEdB41NTqcx4U
+H8VchSormCfkCvezuMHO+K2HX7ihEZ1v6tbr6aX6hY9UZUyDDYsKmJoB1oKEhddv
+5UYfcWPE2eSykdFsWgTQD6Z+cRQWHEoCzb7qc+Jrw6KcnHMD0VrmBrEQPzTBxMHW
+4HC97PVkSLJTDArnS6ZiX4IbWRPw/mbpJT6EoVZo8J/it0pdn/X4KodEXDcnEMSe
+VRulfZH/nSmOOvKhoHPckmgz/u66BlnuSYXEIB0KfDIcAlSYiPDxGnAemTozJYXA
+UVMeFMs+YE5wiPgzzu+vpC31xtZLq0gyaCfgEi1P9j2ES/8pH3Gw6W2OH4kBx+jO
+TBsfI+ph6qFZ3WWT23MRVyl3ATuI/GHdczTxD9JaOn74lLI+Hnu8wXnyztVWkTMB
+4sAnzjdeHkvNDyQ10vSaN0HnGfg6zuAuUSqFQujFF8Vg8ZCcsh8GouWfzYDvi9mj
+9pfxx8v6UCC719I4J9CgFjWnn2Hqez3fO8fFulY61VPyCCZp4gKWbI2SIQP/n5gz
+ecYJRrJoem+rYfEQ/fwxROsvm3fCO4D6dt7ILRuX286GDIw2qSvP1zZVAioMwSj3
+9CAjKLwD/BhTRiMOlpaVv6IWqjtevbiaIKvbHTnoxvkGsDqe3gJhAgMBAAGjXzBd
+MA4GA1UdDwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw
+DwYDVR0TAQH/BAUwAwEB/zAbBgNVHQ4EFAQSaTJwLXJlc2VlZEBtazE2LmRlMA0G
+CSqGSIb3DQEBCwUAA4ICAQAb+x6XpJdjpVYw2bvWIUbatQJwq0YaEW5W61xGLgIG
+a37oll3YZbSY9Vk+N1cE0f61L3ya4Ioz6zlH/MO2zUG/dEk8vqdgIPUYJvyF7wwF
+w3/G4VMaDKOJx4bAZNmaiRFGYNhCOhCnZx6uZGrLNIJ2Dc+mflrGmGwYphtXVV3e
+Iv+ki3gSRgfXuMfKi4B5bLPnz7XDe4TSmwZZSRac4ly4KqmZUyntqbilRxaGTej3
+VYJ1tac8yppyk5N3VopMQNmBarNZG16wSOTD7CtKgn382jgRW8cR7BMeqhORivp0
+ZnPJFhzh4uthdlPdXXo6lxfvZjfiwlDPytvEu2QBz3urTgopGqRLcTBnLucWg9li
+OSy9z7hNEnIN3iIJJAwI1wBdDa7K0h3PFBbIUa7X2ybn81VeNSfO25Lo8YTZEKsc
+wcThJrNV6qOQv8rM/7aXugi6+VzPlCR+18iKRbebCnlqGR2dT1zFtj3negtOkrjo
+LH4H6VUr3q2Ie56IubS2hUKiUkDm0ckP3Vum35GGntyEAzl6uyog0hJFOJb3aq30
+YQLzyVEOz8NnA+32oMRzJJdDxQ7pqG5fgq7EF4d++YSgEfdVXxvfgXQ6m3jAyC7Z
+p/gX4rlxNsjeGU3Ds51wkmhH4IB1aSQr52PE6RaBhhh3SmADEv6S/3eGvE4F4MN5
+2Q==
+-----END CERTIFICATE-----
--- a/contrib/docker/Dockerfile
+++ b/contrib/docker/Dockerfile
@@ -1,5 +1,18 @@
+#
+# Copyright (c) 2017-2022, The PurpleI2P Project
+#
+# This file is part of Purple i2pd project and licensed under BSD3
+#
+# See full license text in LICENSE file at top of project tree
+#
+
 FROM alpine:latest
-LABEL authors "Mikal Villa <mikal@sigterm.no>, Darknet Villain <supervillain@riseup.net>"
+LABEL authors="Mikal Villa <mikal@sigterm.no>, Darknet Villain <supervillain@riseup.net>"
+LABEL maintainer="R4SAS <r4sas@i2pmail.org>"
+
+LABEL org.opencontainers.image.source=https://github.com/PurpleI2P/i2pd
+LABEL org.opencontainers.image.documentation=https://i2pd.readthedocs.io/en/latest/
+LABEL org.opencontainers.image.licenses=BSD3

 # Expose git branch, tag and URL variables as arguments
 ARG GIT_BRANCH="openssl"
@@ -11,27 +24,28 @@ ENV REPO_URL=${REPO_URL}

 ENV I2PD_HOME="/home/i2pd"
 ENV DATA_DIR="${I2PD_HOME}/data"
-ENV DEFAULT_ARGS=" --datadir=$DATA_DIR --reseed.verify=true --upnp.enabled=false --http.enabled=true --http.address=0.0.0.0 --httpproxy.enabled=true --httpproxy.address=0.0.0.0 --socksproxy.enabled=true --socksproxy.address=0.0.0.0 --sam.enabled=true --sam.address=0.0.0.0"
+ENV DEFAULT_ARGS=" --datadir=$DATA_DIR"

 RUN mkdir -p "$I2PD_HOME" "$DATA_DIR" \
    && adduser -S -h "$I2PD_HOME" i2pd \
    && chown -R i2pd:nobody "$I2PD_HOME"

-#
-# Each RUN is a layer, adding the dependencies and building i2pd in one layer takes around 8-900Mb, so to keep the
-# image under 20mb we need to remove all the build dependencies in the same "RUN" / layer.
-#

-# 1. install deps, clone and build.
-# 2. strip binaries.
-# 3. Purge all dependencies and other unrelated packages, including build directory.
+# 1. Building binary
+#   Each RUN is a layer, adding the dependencies and building i2pd in one layer takes around 8-900Mb, so to keep the
+#   image under 20mb we need to remove all the build dependencies in the same "RUN" / layer.
+#
+#   1. install deps, clone and build.
+#   2. strip binaries.
+#   3. Purge all dependencies and other unrelated packages, including build directory.
+
 RUN apk update \
    && apk --no-cache --virtual build-dependendencies add make gcc g++ libtool zlib-dev boost-dev build-base openssl-dev openssl miniupnpc-dev git \
    && mkdir -p /tmp/build \
    && cd /tmp/build && git clone -b ${GIT_BRANCH} ${REPO_URL} \
    && cd i2pd \
    && if [ -n "${GIT_TAG}" ]; then git checkout tags/${GIT_TAG}; fi \
-    && make USE_UPNP=yes \
+    && make -j$(nproc) USE_UPNP=yes \
    && cp -R contrib/certificates /i2pd_certificates \
    && mkdir -p /usr/local/bin \
    && mv i2pd /usr/local/bin \
@@ -45,6 +59,9 @@ RUN apk update \
 # 2. Adding required libraries to run i2pd to ensure it will run.
 RUN apk --no-cache add boost-filesystem boost-system boost-program_options boost-date_time boost-thread boost-iostreams openssl miniupnpc musl-utils libstdc++

+# 3. Copy preconfigured config file and entrypoint
+COPY i2pd-docker.conf "$I2PD_HOME/i2pd.conf"
+RUN chown i2pd:nobody "$I2PD_HOME/i2pd.conf"
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod a+x /entrypoint.sh

--- a/contrib/docker/i2pd-docker.conf
+++ b/contrib/docker/i2pd-docker.conf
@@ -0,0 +1,52 @@
+## Preconfigured i2pd configuration file for a Docker container
+## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
+## for more options you can use in this file.
+
+## Note that for exposing ports outside of container you need to bind all services to 0.0.0.0
+
+log = file
+loglevel = none
+
+ipv4 = true
+ipv6 = false
+
+# bandwidth = L
+# notransit = false
+# floodfill = false
+
+[ntcp2]
+enabled = true
+published = true
+
+[ssu2]
+enabled = true
+published = true
+
+[http]
+enabled = true
+address = 0.0.0.0
+port = 7070
+
+[httpproxy]
+enabled = true
+address = 0.0.0.0
+port = 4444
+
+[socksproxy]
+enabled = true
+address = 0.0.0.0
+port = 4447
+
+[sam]
+enabled = true
+address = 0.0.0.0
+port = 7656
+
+[upnp]
+enabled = false
+
+[reseed]
+verify = true
+
+[limits]
+# transittunnels = 2500
--- a/contrib/i18n/English.po
+++ b/contrib/i18n/English.po
@@ -1,13 +1,13 @@
 # i2pd
-# Copyright (C) 2021 PurpleI2P team
+# Copyright (C) 2021-2022 PurpleI2P team
 # This file is distributed under the same license as the i2pd package.
-# R4SAS <r4sas@i2pmail.org>, 2021.
+# R4SAS <r4sas@i2pmail.org>, 2021-2022.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: i2pd\n"
 "Report-Msgid-Bugs-To: https://github.com/PurpleI2P/i2pd/issues\n"
-"POT-Creation-Date: 2021-08-06 17:12\n"
+"POT-Creation-Date: 2022-07-26 21:22\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -18,706 +18,712 @@ msgstr ""
 "X-Poedit-SearchPath-0: daemon/HTTPServer.cpp\n"
 "X-Poedit-SearchPath-1: libi2pd_client/HTTPProxy.cpp\n"

-#: daemon/HTTPServer.cpp:177
+#: daemon/HTTPServer.cpp:108
 msgid "day"
 msgid_plural "days"
 msgstr[0] ""
 msgstr[1] ""

-#: daemon/HTTPServer.cpp:181
+#: daemon/HTTPServer.cpp:112
 msgid "hour"
 msgid_plural "hours"
 msgstr[0] ""
 msgstr[1] ""

-#: daemon/HTTPServer.cpp:185
+#: daemon/HTTPServer.cpp:116
 msgid "minute"
 msgid_plural "minutes"
 msgstr[0] ""
 msgstr[1] ""

-#: daemon/HTTPServer.cpp:188
+#: daemon/HTTPServer.cpp:119
 msgid "second"
 msgid_plural "seconds"
 msgstr[0] ""
 msgstr[1] ""

 #. tr: Kibibit
-#: daemon/HTTPServer.cpp:196 daemon/HTTPServer.cpp:224
+#: daemon/HTTPServer.cpp:127 daemon/HTTPServer.cpp:155
 msgid "KiB"
 msgstr ""

 #. tr: Mebibit
-#: daemon/HTTPServer.cpp:198
+#: daemon/HTTPServer.cpp:129
 msgid "MiB"
 msgstr ""

 #. tr: Gibibit
-#: daemon/HTTPServer.cpp:200
+#: daemon/HTTPServer.cpp:131
 msgid "GiB"
 msgstr ""

-#: daemon/HTTPServer.cpp:217
+#: daemon/HTTPServer.cpp:148
 msgid "building"
 msgstr ""

-#: daemon/HTTPServer.cpp:218
+#: daemon/HTTPServer.cpp:149
 msgid "failed"
 msgstr ""

-#: daemon/HTTPServer.cpp:219
+#: daemon/HTTPServer.cpp:150
 msgid "expiring"
 msgstr ""

-#: daemon/HTTPServer.cpp:220
+#: daemon/HTTPServer.cpp:151
 msgid "established"
 msgstr ""

-#: daemon/HTTPServer.cpp:221
+#: daemon/HTTPServer.cpp:152
 msgid "unknown"
 msgstr ""

-#: daemon/HTTPServer.cpp:223
+#: daemon/HTTPServer.cpp:154
 msgid "exploratory"
 msgstr ""

-#: daemon/HTTPServer.cpp:259
+#. tr: Webconsole page title
+#: daemon/HTTPServer.cpp:185
+msgid "Purple I2P Webconsole"
+msgstr ""
+
+#: daemon/HTTPServer.cpp:190
 msgid "<b>i2pd</b> webconsole"
 msgstr ""

-#: daemon/HTTPServer.cpp:262
+#: daemon/HTTPServer.cpp:193
 msgid "Main page"
 msgstr ""

-#: daemon/HTTPServer.cpp:263 daemon/HTTPServer.cpp:725
+#: daemon/HTTPServer.cpp:194 daemon/HTTPServer.cpp:700
 msgid "Router commands"
 msgstr ""

-#: daemon/HTTPServer.cpp:264 daemon/HTTPServer.cpp:448
-#: daemon/HTTPServer.cpp:460
+#: daemon/HTTPServer.cpp:195 daemon/HTTPServer.cpp:382
+#: daemon/HTTPServer.cpp:394
 msgid "Local Destinations"
 msgstr ""

-#: daemon/HTTPServer.cpp:266 daemon/HTTPServer.cpp:418
-#: daemon/HTTPServer.cpp:504 daemon/HTTPServer.cpp:510
-#: daemon/HTTPServer.cpp:641 daemon/HTTPServer.cpp:684
-#: daemon/HTTPServer.cpp:688
+#: daemon/HTTPServer.cpp:197 daemon/HTTPServer.cpp:352
+#: daemon/HTTPServer.cpp:438 daemon/HTTPServer.cpp:444
+#: daemon/HTTPServer.cpp:597 daemon/HTTPServer.cpp:640
+#: daemon/HTTPServer.cpp:644
 msgid "LeaseSets"
 msgstr ""

-#: daemon/HTTPServer.cpp:268 daemon/HTTPServer.cpp:694
+#: daemon/HTTPServer.cpp:199 daemon/HTTPServer.cpp:650
 msgid "Tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:269 daemon/HTTPServer.cpp:425
-#: daemon/HTTPServer.cpp:787 daemon/HTTPServer.cpp:803
+#: daemon/HTTPServer.cpp:201 daemon/HTTPServer.cpp:359
+#: daemon/HTTPServer.cpp:770 daemon/HTTPServer.cpp:786
 msgid "Transit Tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:270 daemon/HTTPServer.cpp:852
+#: daemon/HTTPServer.cpp:203 daemon/HTTPServer.cpp:839
 msgid "Transports"
 msgstr ""

-#: daemon/HTTPServer.cpp:271
+#: daemon/HTTPServer.cpp:204
 msgid "I2P tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:273 daemon/HTTPServer.cpp:914
-#: daemon/HTTPServer.cpp:924
+#: daemon/HTTPServer.cpp:206 daemon/HTTPServer.cpp:908
+#: daemon/HTTPServer.cpp:918
 msgid "SAM sessions"
 msgstr ""

-#: daemon/HTTPServer.cpp:289 daemon/HTTPServer.cpp:1306
-#: daemon/HTTPServer.cpp:1309 daemon/HTTPServer.cpp:1312
-#: daemon/HTTPServer.cpp:1326 daemon/HTTPServer.cpp:1371
-#: daemon/HTTPServer.cpp:1374 daemon/HTTPServer.cpp:1377
+#: daemon/HTTPServer.cpp:222 daemon/HTTPServer.cpp:1302
+#: daemon/HTTPServer.cpp:1305 daemon/HTTPServer.cpp:1308
+#: daemon/HTTPServer.cpp:1322 daemon/HTTPServer.cpp:1367
+#: daemon/HTTPServer.cpp:1370 daemon/HTTPServer.cpp:1373
 msgid "ERROR"
 msgstr ""

-#: daemon/HTTPServer.cpp:296
+#: daemon/HTTPServer.cpp:229
 msgid "OK"
 msgstr ""

-#: daemon/HTTPServer.cpp:297
+#: daemon/HTTPServer.cpp:230
 msgid "Testing"
 msgstr ""

-#: daemon/HTTPServer.cpp:298
+#: daemon/HTTPServer.cpp:231
 msgid "Firewalled"
 msgstr ""

-#: daemon/HTTPServer.cpp:299 daemon/HTTPServer.cpp:320
-#: daemon/HTTPServer.cpp:406
+#: daemon/HTTPServer.cpp:232 daemon/HTTPServer.cpp:253
+#: daemon/HTTPServer.cpp:325
 msgid "Unknown"
 msgstr ""

-#: daemon/HTTPServer.cpp:300 daemon/HTTPServer.cpp:435
-#: daemon/HTTPServer.cpp:436 daemon/HTTPServer.cpp:982
-#: daemon/HTTPServer.cpp:991
+#: daemon/HTTPServer.cpp:233 daemon/HTTPServer.cpp:369
+#: daemon/HTTPServer.cpp:370 daemon/HTTPServer.cpp:976
+#: daemon/HTTPServer.cpp:985
 msgid "Proxy"
 msgstr ""

-#: daemon/HTTPServer.cpp:301
+#: daemon/HTTPServer.cpp:234
 msgid "Mesh"
 msgstr ""

-#: daemon/HTTPServer.cpp:304
+#: daemon/HTTPServer.cpp:237
 msgid "Error"
 msgstr ""

-#: daemon/HTTPServer.cpp:308
+#: daemon/HTTPServer.cpp:241
 msgid "Clock skew"
 msgstr ""

-#: daemon/HTTPServer.cpp:311
+#: daemon/HTTPServer.cpp:244
 msgid "Offline"
 msgstr ""

-#: daemon/HTTPServer.cpp:314
+#: daemon/HTTPServer.cpp:247
 msgid "Symmetric NAT"
 msgstr ""

-#: daemon/HTTPServer.cpp:326
+#: daemon/HTTPServer.cpp:259
 msgid "Uptime"
 msgstr ""

-#: daemon/HTTPServer.cpp:329
+#: daemon/HTTPServer.cpp:262
 msgid "Network status"
 msgstr ""

-#: daemon/HTTPServer.cpp:334
+#: daemon/HTTPServer.cpp:267
 msgid "Network status v6"
 msgstr ""

-#: daemon/HTTPServer.cpp:340 daemon/HTTPServer.cpp:347
+#: daemon/HTTPServer.cpp:273 daemon/HTTPServer.cpp:280
 msgid "Stopping in"
 msgstr ""

-#: daemon/HTTPServer.cpp:354
+#: daemon/HTTPServer.cpp:287
 msgid "Family"
 msgstr ""

-#: daemon/HTTPServer.cpp:355
+#: daemon/HTTPServer.cpp:288
 msgid "Tunnel creation success rate"
 msgstr ""

-#: daemon/HTTPServer.cpp:356
+#: daemon/HTTPServer.cpp:289
 msgid "Received"
 msgstr ""

 #. tr: Kibibit/s
-#: daemon/HTTPServer.cpp:358 daemon/HTTPServer.cpp:361
-#: daemon/HTTPServer.cpp:364
+#: daemon/HTTPServer.cpp:291 daemon/HTTPServer.cpp:294
+#: daemon/HTTPServer.cpp:297
 msgid "KiB/s"
 msgstr ""

-#: daemon/HTTPServer.cpp:359
+#: daemon/HTTPServer.cpp:292
 msgid "Sent"
 msgstr ""

-#: daemon/HTTPServer.cpp:362
+#: daemon/HTTPServer.cpp:295
 msgid "Transit"
 msgstr ""

-#: daemon/HTTPServer.cpp:365
+#: daemon/HTTPServer.cpp:298
 msgid "Data path"
 msgstr ""

-#: daemon/HTTPServer.cpp:368
+#: daemon/HTTPServer.cpp:301
 msgid "Hidden content. Press on text to see."
 msgstr ""

-#: daemon/HTTPServer.cpp:371
+#: daemon/HTTPServer.cpp:304
 msgid "Router Ident"
 msgstr ""

-#: daemon/HTTPServer.cpp:373
+#: daemon/HTTPServer.cpp:306
 msgid "Router Family"
 msgstr ""

-#: daemon/HTTPServer.cpp:374
+#: daemon/HTTPServer.cpp:307
 msgid "Router Caps"
 msgstr ""

-#: daemon/HTTPServer.cpp:375
+#: daemon/HTTPServer.cpp:308
 msgid "Version"
 msgstr ""

-#: daemon/HTTPServer.cpp:376
+#: daemon/HTTPServer.cpp:309
 msgid "Our external address"
 msgstr ""

-#: daemon/HTTPServer.cpp:384
+#: daemon/HTTPServer.cpp:337
 msgid "supported"
 msgstr ""

-#: daemon/HTTPServer.cpp:416
+#: daemon/HTTPServer.cpp:350
 msgid "Routers"
 msgstr ""

-#: daemon/HTTPServer.cpp:417
+#: daemon/HTTPServer.cpp:351
 msgid "Floodfills"
 msgstr ""

-#: daemon/HTTPServer.cpp:424 daemon/HTTPServer.cpp:968
+#: daemon/HTTPServer.cpp:358 daemon/HTTPServer.cpp:962
 msgid "Client Tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:434
+#: daemon/HTTPServer.cpp:368
 msgid "Services"
 msgstr ""

-#: daemon/HTTPServer.cpp:435 daemon/HTTPServer.cpp:436
-#: daemon/HTTPServer.cpp:437 daemon/HTTPServer.cpp:438
-#: daemon/HTTPServer.cpp:439 daemon/HTTPServer.cpp:440
+#: daemon/HTTPServer.cpp:369 daemon/HTTPServer.cpp:370
+#: daemon/HTTPServer.cpp:371 daemon/HTTPServer.cpp:372
+#: daemon/HTTPServer.cpp:373 daemon/HTTPServer.cpp:374
 msgid "Enabled"
 msgstr ""

-#: daemon/HTTPServer.cpp:435 daemon/HTTPServer.cpp:436
-#: daemon/HTTPServer.cpp:437 daemon/HTTPServer.cpp:438
-#: daemon/HTTPServer.cpp:439 daemon/HTTPServer.cpp:440
+#: daemon/HTTPServer.cpp:369 daemon/HTTPServer.cpp:370
+#: daemon/HTTPServer.cpp:371 daemon/HTTPServer.cpp:372
+#: daemon/HTTPServer.cpp:373 daemon/HTTPServer.cpp:374
 msgid "Disabled"
 msgstr ""

-#: daemon/HTTPServer.cpp:483
+#: daemon/HTTPServer.cpp:417
 msgid "Encrypted B33 address"
 msgstr ""

-#: daemon/HTTPServer.cpp:492
+#: daemon/HTTPServer.cpp:426
 msgid "Address registration line"
 msgstr ""

-#: daemon/HTTPServer.cpp:497
+#: daemon/HTTPServer.cpp:431
 msgid "Domain"
 msgstr ""

-#: daemon/HTTPServer.cpp:498
+#: daemon/HTTPServer.cpp:432
 msgid "Generate"
 msgstr ""

-#: daemon/HTTPServer.cpp:499
+#: daemon/HTTPServer.cpp:433
 msgid ""
 "<b>Note:</b> result string can be used only for registering 2LD domains "
 "(example.i2p). For registering subdomains please use i2pd-tools."
 msgstr ""

-#: daemon/HTTPServer.cpp:505
+#: daemon/HTTPServer.cpp:439
 msgid "Address"
 msgstr ""

-#: daemon/HTTPServer.cpp:505
+#: daemon/HTTPServer.cpp:439
 msgid "Type"
 msgstr ""

-#: daemon/HTTPServer.cpp:505
+#: daemon/HTTPServer.cpp:439
 msgid "EncType"
 msgstr ""

-#: daemon/HTTPServer.cpp:515 daemon/HTTPServer.cpp:699
+#: daemon/HTTPServer.cpp:449 daemon/HTTPServer.cpp:655
 msgid "Inbound tunnels"
 msgstr ""

 #. tr: Milliseconds
-#: daemon/HTTPServer.cpp:520 daemon/HTTPServer.cpp:530
-#: daemon/HTTPServer.cpp:704 daemon/HTTPServer.cpp:714
+#: daemon/HTTPServer.cpp:464 daemon/HTTPServer.cpp:484
+#: daemon/HTTPServer.cpp:669 daemon/HTTPServer.cpp:689
 msgid "ms"
 msgstr ""

-#: daemon/HTTPServer.cpp:525 daemon/HTTPServer.cpp:709
+#: daemon/HTTPServer.cpp:469 daemon/HTTPServer.cpp:674
 msgid "Outbound tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:537
+#: daemon/HTTPServer.cpp:491
 msgid "Tags"
 msgstr ""

-#: daemon/HTTPServer.cpp:537
+#: daemon/HTTPServer.cpp:491
 msgid "Incoming"
 msgstr ""

-#: daemon/HTTPServer.cpp:544 daemon/HTTPServer.cpp:547
+#: daemon/HTTPServer.cpp:498 daemon/HTTPServer.cpp:501
 msgid "Outgoing"
 msgstr ""

-#: daemon/HTTPServer.cpp:545 daemon/HTTPServer.cpp:561
+#: daemon/HTTPServer.cpp:499 daemon/HTTPServer.cpp:515
 msgid "Destination"
 msgstr ""

-#: daemon/HTTPServer.cpp:545
+#: daemon/HTTPServer.cpp:499
 msgid "Amount"
 msgstr ""

-#: daemon/HTTPServer.cpp:552
+#: daemon/HTTPServer.cpp:506
 msgid "Incoming Tags"
 msgstr ""

-#: daemon/HTTPServer.cpp:560 daemon/HTTPServer.cpp:563
+#: daemon/HTTPServer.cpp:514 daemon/HTTPServer.cpp:517
 msgid "Tags sessions"
 msgstr ""

-#: daemon/HTTPServer.cpp:561
+#: daemon/HTTPServer.cpp:515
 msgid "Status"
 msgstr ""

-#: daemon/HTTPServer.cpp:570 daemon/HTTPServer.cpp:626
+#: daemon/HTTPServer.cpp:524 daemon/HTTPServer.cpp:582
 msgid "Local Destination"
 msgstr ""

-#: daemon/HTTPServer.cpp:580 daemon/HTTPServer.cpp:947
+#: daemon/HTTPServer.cpp:535 daemon/HTTPServer.cpp:941
 msgid "Streams"
 msgstr ""

-#: daemon/HTTPServer.cpp:602
+#: daemon/HTTPServer.cpp:558
 msgid "Close stream"
 msgstr ""

-#: daemon/HTTPServer.cpp:631
+#: daemon/HTTPServer.cpp:587
 msgid "I2CP session not found"
 msgstr ""

-#: daemon/HTTPServer.cpp:634
+#: daemon/HTTPServer.cpp:590
 msgid "I2CP is not enabled"
 msgstr ""

-#: daemon/HTTPServer.cpp:660
+#: daemon/HTTPServer.cpp:616
 msgid "Invalid"
 msgstr ""

-#: daemon/HTTPServer.cpp:663
+#: daemon/HTTPServer.cpp:619
 msgid "Store type"
 msgstr ""

-#: daemon/HTTPServer.cpp:664
+#: daemon/HTTPServer.cpp:620
 msgid "Expires"
 msgstr ""

-#: daemon/HTTPServer.cpp:669
+#: daemon/HTTPServer.cpp:625
 msgid "Non Expired Leases"
 msgstr ""

-#: daemon/HTTPServer.cpp:672
+#: daemon/HTTPServer.cpp:628
 msgid "Gateway"
 msgstr ""

-#: daemon/HTTPServer.cpp:673
+#: daemon/HTTPServer.cpp:629
 msgid "TunnelID"
 msgstr ""

-#: daemon/HTTPServer.cpp:674
+#: daemon/HTTPServer.cpp:630
 msgid "EndDate"
 msgstr ""

-#: daemon/HTTPServer.cpp:684
+#: daemon/HTTPServer.cpp:640
 msgid "not floodfill"
 msgstr ""

-#: daemon/HTTPServer.cpp:695
+#: daemon/HTTPServer.cpp:651
 msgid "Queue size"
 msgstr ""

-#: daemon/HTTPServer.cpp:726
+#: daemon/HTTPServer.cpp:701
 msgid "Run peer test"
 msgstr ""

-#: daemon/HTTPServer.cpp:731
+#: daemon/HTTPServer.cpp:706
 msgid "Decline transit tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:733
+#: daemon/HTTPServer.cpp:708
 msgid "Accept transit tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:737 daemon/HTTPServer.cpp:742
+#: daemon/HTTPServer.cpp:712 daemon/HTTPServer.cpp:717
 msgid "Cancel graceful shutdown"
 msgstr ""

-#: daemon/HTTPServer.cpp:739 daemon/HTTPServer.cpp:744
+#: daemon/HTTPServer.cpp:714 daemon/HTTPServer.cpp:719
 msgid "Start graceful shutdown"
 msgstr ""

-#: daemon/HTTPServer.cpp:747
+#: daemon/HTTPServer.cpp:722
 msgid "Force shutdown"
 msgstr ""

-#: daemon/HTTPServer.cpp:748
+#: daemon/HTTPServer.cpp:723
 msgid "Reload external CSS styles"
 msgstr ""

-#: daemon/HTTPServer.cpp:751
+#: daemon/HTTPServer.cpp:726
 msgid ""
 "<b>Note:</b> any action done here are not persistent and not changes your "
 "config files."
 msgstr ""

-#: daemon/HTTPServer.cpp:753
+#: daemon/HTTPServer.cpp:728
 msgid "Logging level"
 msgstr ""

-#: daemon/HTTPServer.cpp:761
+#: daemon/HTTPServer.cpp:736
 msgid "Transit tunnels limit"
 msgstr ""

-#: daemon/HTTPServer.cpp:766 daemon/HTTPServer.cpp:778
+#: daemon/HTTPServer.cpp:741 daemon/HTTPServer.cpp:760
 msgid "Change"
 msgstr ""

-#: daemon/HTTPServer.cpp:770
+#: daemon/HTTPServer.cpp:748
 msgid "Change language"
 msgstr ""

-#: daemon/HTTPServer.cpp:803
+#: daemon/HTTPServer.cpp:786
 msgid "no transit tunnels currently built"
 msgstr ""

-#: daemon/HTTPServer.cpp:908 daemon/HTTPServer.cpp:931
+#: daemon/HTTPServer.cpp:902 daemon/HTTPServer.cpp:925
 msgid "SAM disabled"
 msgstr ""

-#: daemon/HTTPServer.cpp:924
+#: daemon/HTTPServer.cpp:918
 msgid "no sessions currently running"
 msgstr ""

-#: daemon/HTTPServer.cpp:937
+#: daemon/HTTPServer.cpp:931
 msgid "SAM session not found"
 msgstr ""

-#: daemon/HTTPServer.cpp:942
+#: daemon/HTTPServer.cpp:936
 msgid "SAM Session"
 msgstr ""

-#: daemon/HTTPServer.cpp:999
+#: daemon/HTTPServer.cpp:993
 msgid "Server Tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:1015
+#: daemon/HTTPServer.cpp:1009
 msgid "Client Forwards"
 msgstr ""

-#: daemon/HTTPServer.cpp:1029
+#: daemon/HTTPServer.cpp:1023
 msgid "Server Forwards"
 msgstr ""

-#: daemon/HTTPServer.cpp:1227
+#: daemon/HTTPServer.cpp:1223
 msgid "Unknown page"
 msgstr ""

-#: daemon/HTTPServer.cpp:1246
+#: daemon/HTTPServer.cpp:1242
 msgid "Invalid token"
 msgstr ""

-#: daemon/HTTPServer.cpp:1304 daemon/HTTPServer.cpp:1361
-#: daemon/HTTPServer.cpp:1401
+#: daemon/HTTPServer.cpp:1300 daemon/HTTPServer.cpp:1357
+#: daemon/HTTPServer.cpp:1397
 msgid "SUCCESS"
 msgstr ""

-#: daemon/HTTPServer.cpp:1304
+#: daemon/HTTPServer.cpp:1300
 msgid "Stream closed"
 msgstr ""

-#: daemon/HTTPServer.cpp:1306
+#: daemon/HTTPServer.cpp:1302
 msgid "Stream not found or already was closed"
 msgstr ""

-#: daemon/HTTPServer.cpp:1309
+#: daemon/HTTPServer.cpp:1305
 msgid "Destination not found"
 msgstr ""

-#: daemon/HTTPServer.cpp:1312
+#: daemon/HTTPServer.cpp:1308
 msgid "StreamID can't be null"
 msgstr ""

-#: daemon/HTTPServer.cpp:1314 daemon/HTTPServer.cpp:1379
+#: daemon/HTTPServer.cpp:1310 daemon/HTTPServer.cpp:1375
 msgid "Return to destination page"
 msgstr ""

-#: daemon/HTTPServer.cpp:1315 daemon/HTTPServer.cpp:1328
-#: daemon/HTTPServer.cpp:1403
+#: daemon/HTTPServer.cpp:1311 daemon/HTTPServer.cpp:1324
+#: daemon/HTTPServer.cpp:1399
 msgid "You will be redirected in 5 seconds"
 msgstr ""

-#: daemon/HTTPServer.cpp:1326
+#: daemon/HTTPServer.cpp:1322
 msgid "Transit tunnels count must not exceed 65535"
 msgstr ""

-#: daemon/HTTPServer.cpp:1327 daemon/HTTPServer.cpp:1402
+#: daemon/HTTPServer.cpp:1323 daemon/HTTPServer.cpp:1398
 msgid "Back to commands list"
 msgstr ""

-#: daemon/HTTPServer.cpp:1363
+#: daemon/HTTPServer.cpp:1359
 msgid "Register at reg.i2p"
 msgstr ""

-#: daemon/HTTPServer.cpp:1364
+#: daemon/HTTPServer.cpp:1360
 msgid "Description"
 msgstr ""

-#: daemon/HTTPServer.cpp:1364
+#: daemon/HTTPServer.cpp:1360
 msgid "A bit information about service on domain"
 msgstr ""

-#: daemon/HTTPServer.cpp:1365
+#: daemon/HTTPServer.cpp:1361
 msgid "Submit"
 msgstr ""

-#: daemon/HTTPServer.cpp:1371
+#: daemon/HTTPServer.cpp:1367
 msgid "Domain can't end with .b32.i2p"
 msgstr ""

-#: daemon/HTTPServer.cpp:1374
+#: daemon/HTTPServer.cpp:1370
 msgid "Domain must end with .i2p"
 msgstr ""

-#: daemon/HTTPServer.cpp:1377
+#: daemon/HTTPServer.cpp:1373
 msgid "Such destination is not found"
 msgstr ""

-#: daemon/HTTPServer.cpp:1397
+#: daemon/HTTPServer.cpp:1393
 msgid "Unknown command"
 msgstr ""

-#: daemon/HTTPServer.cpp:1401
+#: daemon/HTTPServer.cpp:1397
 msgid "Command accepted"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:157
+#: libi2pd_client/HTTPProxy.cpp:163
 msgid "Proxy error"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:165
+#: libi2pd_client/HTTPProxy.cpp:171
 msgid "Proxy info"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:173
+#: libi2pd_client/HTTPProxy.cpp:179
 msgid "Proxy error: Host not found"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:174
+#: libi2pd_client/HTTPProxy.cpp:180
 msgid "Remote host not found in router's addressbook"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:175
+#: libi2pd_client/HTTPProxy.cpp:181
 msgid "You may try to find this host on jump services below"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:273 libi2pd_client/HTTPProxy.cpp:288
-#: libi2pd_client/HTTPProxy.cpp:322 libi2pd_client/HTTPProxy.cpp:365
+#: libi2pd_client/HTTPProxy.cpp:282 libi2pd_client/HTTPProxy.cpp:297
+#: libi2pd_client/HTTPProxy.cpp:331 libi2pd_client/HTTPProxy.cpp:372
 msgid "Invalid request"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:273
+#: libi2pd_client/HTTPProxy.cpp:282
 msgid "Proxy unable to parse your request"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:288
+#: libi2pd_client/HTTPProxy.cpp:297
 msgid "addresshelper is not supported"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:297 libi2pd_client/HTTPProxy.cpp:306
-#: libi2pd_client/HTTPProxy.cpp:385
+#: libi2pd_client/HTTPProxy.cpp:306 libi2pd_client/HTTPProxy.cpp:315
+#: libi2pd_client/HTTPProxy.cpp:392
 msgid "Host"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:297
+#: libi2pd_client/HTTPProxy.cpp:306
 msgid "added to router's addressbook from helper"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:298
+#: libi2pd_client/HTTPProxy.cpp:307
 msgid "Click here to proceed:"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:298 libi2pd_client/HTTPProxy.cpp:308
+#: libi2pd_client/HTTPProxy.cpp:307 libi2pd_client/HTTPProxy.cpp:317
 msgid "Continue"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:299 libi2pd_client/HTTPProxy.cpp:309
+#: libi2pd_client/HTTPProxy.cpp:308 libi2pd_client/HTTPProxy.cpp:318
 msgid "Addresshelper found"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:306
+#: libi2pd_client/HTTPProxy.cpp:315
 msgid "already in router's addressbook"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:307
+#. tr: The "record" means addressbook's record. That message appears when domain was already added to addressbook, but helper link is opened for it.
+#: libi2pd_client/HTTPProxy.cpp:316
 msgid "Click here to update record:"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:322
+#: libi2pd_client/HTTPProxy.cpp:331
 msgid "invalid request uri"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:365
+#: libi2pd_client/HTTPProxy.cpp:372
 msgid "Can't detect destination host from request"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:382 libi2pd_client/HTTPProxy.cpp:386
+#: libi2pd_client/HTTPProxy.cpp:389 libi2pd_client/HTTPProxy.cpp:393
 msgid "Outproxy failure"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:382
+#: libi2pd_client/HTTPProxy.cpp:389
 msgid "bad outproxy settings"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:385
+#: libi2pd_client/HTTPProxy.cpp:392
 msgid "not inside I2P network, but outproxy is not enabled"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:474
+#: libi2pd_client/HTTPProxy.cpp:482
 msgid "unknown outproxy url"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:480
+#: libi2pd_client/HTTPProxy.cpp:490
 msgid "cannot resolve upstream proxy"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:488
+#: libi2pd_client/HTTPProxy.cpp:498
 msgid "hostname too long"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:515
+#: libi2pd_client/HTTPProxy.cpp:525
 msgid "cannot connect to upstream socks proxy"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:521
+#: libi2pd_client/HTTPProxy.cpp:531
 msgid "Cannot negotiate with socks proxy"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:563
+#: libi2pd_client/HTTPProxy.cpp:573
 msgid "CONNECT error"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:563
+#: libi2pd_client/HTTPProxy.cpp:573
 msgid "Failed to Connect"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:574 libi2pd_client/HTTPProxy.cpp:600
+#: libi2pd_client/HTTPProxy.cpp:584 libi2pd_client/HTTPProxy.cpp:610
 msgid "socks proxy error"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:582
+#: libi2pd_client/HTTPProxy.cpp:592
 msgid "failed to send request to upstream"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:603
+#: libi2pd_client/HTTPProxy.cpp:613
 msgid "No Reply From socks proxy"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:610
+#: libi2pd_client/HTTPProxy.cpp:620
 msgid "cannot connect"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:610
+#: libi2pd_client/HTTPProxy.cpp:620
 msgid "http out proxy not implemented"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:611
+#: libi2pd_client/HTTPProxy.cpp:621
 msgid "cannot connect to upstream http proxy"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:644
+#: libi2pd_client/HTTPProxy.cpp:654
 msgid "Host is down"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:644
+#: libi2pd_client/HTTPProxy.cpp:654
 msgid ""
 "Can't create connection to requested host, it may be down. Please try again "
 "later."
--- a/contrib/i18n/README.md
+++ b/contrib/i18n/README.md
@@ -9,8 +9,8 @@ Regex for transforming gettext translations to our format:
 ---

 ```
-in:  msgid\ \"(.*)\"\nmsgid_plural\ \"(.*)\"\nmsgstr\[0\]\ \"(.*)\"\nmsgstr\[1\]\ \"(.*)\"\n(msgstr\[2\]\ \"(.*)\"\n)?(msgstr\[3\]\ \"(.*)\"\n)?(msgstr\[4\]\ \"(.*)\"\n)?(msgstr\[5\]\ \"(.*)\"\n)?
-out: #{"$2", {"$3", "$4", "$6", "$8", "$10"}},\n
+in:  msgid\ \"(.*)\"\nmsgid_plural\ \"(.*)\"\nmsgstr\[0\]\ \"(.*)\"\n(msgstr\[1\]\ \"(.*)\"\n)?(msgstr\[2\]\ \"(.*)\"\n)?(msgstr\[3\]\ \"(.*)\"\n)?(msgstr\[4\]\ \"(.*)\"\n)?(msgstr\[5\]\ \"(.*)\"\n)?
+out: #{"$2", {"$3", "$5", "$7", "$9", "$11"}},\n
 ```

 ```
--- a/contrib/i2pd.conf
+++ b/contrib/i2pd.conf
@@ -75,8 +75,8 @@ ipv4 = true
 ## Enable communication through ipv6
 ipv6 = false

-## Enable SSU transport (default = true)
-# ssu = true
+## Enable SSU transport
+ssu = false

 ## Bandwidth configuration
 ## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec,
@@ -96,6 +96,22 @@ ipv6 = false
 ## Note: that mode uses much more network connections and CPU!
 # floodfill = true

+[ntcp2]
+## Enable NTCP2 transport (default = true)
+# enabled = true
+## Publish address in RouterInfo (default = true)
+# published = true
+## Port for incoming connections (default is global port option value)
+# port = 4567
+
+[ssu2]
+## Enable SSU2 transport
+# enabled = true
+## Publish address in RouterInfo
+# published = true
+## Port for incoming connections (default is global port option value or port + 1 if SSU is enabled)
+# port = 4567
+
 [http]
 ## Web Console settings
 ## Uncomment and set to 'false' to disable Web Console
@@ -110,8 +126,8 @@ port = 7070
 # user = i2pd
 # pass = changeme
 ## Select webconsole language
-## Currently supported english (default), afrikaans, armenian, german, russian,
-## turkmen, ukrainian and uzbek languages
+## Currently supported english (default), afrikaans, armenian, chinese, french,
+## german, italian, russian, spanish, turkmen, ukrainian and uzbek languages
 # lang = english

 [httpproxy]
--- a/contrib/rpm/i2pd-git.spec
+++ b/contrib/rpm/i2pd-git.spec
@@ -1,7 +1,7 @@
 %define git_hash %(git rev-parse HEAD | cut -c -7)

 Name:          i2pd-git
-Version:       2.41.0
+Version:       2.44.0
 Release:       git%{git_hash}%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd
@@ -57,6 +57,10 @@ cd build
 %endif


+%if 0%{?rhel} == 9
+pushd redhat-linux-build
+%endif
+
 %if 0%{?fedora} >= 35
 pushd redhat-linux-build
 %else
@@ -71,6 +75,10 @@ pushd build

 make %{?_smp_mflags}

+%if 0%{?rhel} == 9
+popd
+%endif
+
 %if 0%{?fedora} >= 33
 popd
 %endif
@@ -82,6 +90,10 @@ popd
 %install
 pushd build

+%if 0%{?rhel} == 9
+pushd redhat-linux-build
+%endif
+
 %if 0%{?fedora} >= 35
 pushd redhat-linux-build
 %else
@@ -146,6 +158,18 @@ getent passwd i2pd >/dev/null || \


 %changelog
+* Sun Nov 20 2022 orignal <orignal@i2pmail.org> - 2.44.0
+- update to 2.44.0
+
+* Mon Aug 22 2022 orignal <orignal@i2pmail.org> - 2.43.0
+- update to 2.43.0
+
+* Tue May 24 2022 r4sas <r4sas@i2pmail.org> - 2.42.1
+- update to 2.42.1
+
+* Sun May 22 2022 orignal <orignal@i2pmail.org> - 2.42.0
+- update to 2.42.0
+
 * Sun Feb 20 2022 r4sas <r4sas@i2pmail.org> - 2.41.0
 - update to 2.41.0
 - fixed build on Fedora Copr over openssl trunk code
--- a/contrib/rpm/i2pd.spec
+++ b/contrib/rpm/i2pd.spec
@@ -1,5 +1,5 @@
 Name:          i2pd
-Version:       2.41.0
+Version:       2.44.0
 Release:       1%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd-git
@@ -54,6 +54,10 @@ cd build
 %endif
 %endif

+%if 0%{?rhel} == 9
+pushd redhat-linux-build
+%endif
+
 %if 0%{?fedora} >= 35
 pushd redhat-linux-build
 %else
@@ -68,6 +72,10 @@ pushd build

 make %{?_smp_mflags}

+%if 0%{?rhel} == 9
+popd
+%endif
+
 %if 0%{?fedora} >= 33
 popd
 %endif
@@ -79,6 +87,10 @@ popd
 %install
 pushd build

+%if 0%{?rhel} == 9
+pushd redhat-linux-build
+%endif
+
 %if 0%{?fedora} >= 35
 pushd redhat-linux-build
 %else
@@ -143,6 +155,18 @@ getent passwd i2pd >/dev/null || \


 %changelog
+* Sun Nov 20 2022 orignal <orignal@i2pmail.org> - 2.44.0
+- update to 2.44.0
+
+* Mon Aug 22 2022 orignal <orignal@i2pmail.org> - 2.43.0
+- update to 2.43.0
+
+* Tue May 24 2022 r4sas <r4sas@i2pmail.org> - 2.42.1
+- update to 2.42.1
+
+* Sun May 22 2022 orignal <orignal@i2pmail.org> - 2.42.0
+- update to 2.42.0
+
 * Sun Feb 20 2022 r4sas <r4sas@i2pmail.org> - 2.41.0
 - update to 2.41.0

--- a/daemon/Daemon.cpp
+++ b/daemon/Daemon.cpp
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -31,7 +31,6 @@
 #include "Crypto.h"
 #include "UPnP.h"
 #include "Timestamp.h"
-#include "util.h"
 #include "I18N.h"

 namespace i2p
@@ -58,12 +57,16 @@ namespace util
 	bool Daemon_Singleton::IsService () const
 	{
 		bool service = false;
-#ifndef _WIN32
 		i2p::config::GetOption("service", service);
-#endif
 		return service;
 	}

+	void Daemon_Singleton::setDataDir(std::string path)
+	{
+		if (path != "")
+			DaemonDataDir = path;
+	}
+
 	bool Daemon_Singleton::init(int argc, char* argv[]) {
 		return init(argc, argv, nullptr);
 	}
@@ -73,8 +76,14 @@ namespace util
 		i2p::config::Init();
 		i2p::config::ParseCmdline(argc, argv);

-		std::string config;  i2p::config::GetOption("conf",    config);
-		std::string datadir; i2p::config::GetOption("datadir", datadir);
+		std::string config; i2p::config::GetOption("conf", config);
+		std::string datadir;
+		if(DaemonDataDir != "") {
+			datadir = DaemonDataDir;
+		} else {
+			i2p::config::GetOption("datadir", datadir);
+		}
+
 		i2p::fs::DetectDataDir(datadir, IsService());
 		i2p::fs::Init();

@@ -99,9 +108,9 @@ namespace util

 		certsdir = i2p::fs::GetCertsDir();

-		std::string logs     = ""; i2p::config::GetOption("log",      logs);
-		std::string logfile  = ""; i2p::config::GetOption("logfile",  logfile);
-		std::string loglevel = ""; i2p::config::GetOption("loglevel", loglevel);
+		std::string logs     = ""; i2p::config::GetOption("log",        logs);
+		std::string logfile  = ""; i2p::config::GetOption("logfile",    logfile);
+		std::string loglevel = ""; i2p::config::GetOption("loglevel",   loglevel);
 		bool logclftime;           i2p::config::GetOption("logclftime", logclftime);

 		/* setup logging */
@@ -143,107 +152,18 @@ namespace util
 		bool aesni; i2p::config::GetOption("cpuext.aesni", aesni);
 		bool avx; i2p::config::GetOption("cpuext.avx", avx);
 		bool forceCpuExt; i2p::config::GetOption("cpuext.force", forceCpuExt);
+		bool ssu; i2p::config::GetOption("ssu", ssu);
+		if (!ssu && i2p::config::IsDefault ("precomputation.elgamal"))
+			precomputation = false; // we don't elgamal table if no ssu, unless it's specified explicitly
 		i2p::crypto::InitCrypto (precomputation, aesni, avx, forceCpuExt);

+		i2p::transport::InitAddressFromIface (); // get address4/6 from interfaces
+
 		int netID; i2p::config::GetOption("netid", netID);
 		i2p::context.SetNetID (netID);
 		i2p::context.Init ();

-		bool ipv6; i2p::config::GetOption("ipv6", ipv6);
-		bool ipv4; i2p::config::GetOption("ipv4", ipv4);
-#ifdef MESHNET
-		// manual override for meshnet
-		ipv4 = false;
-		ipv6 = true;
-#endif
-		// ifname -> address
-		std::string ifname; i2p::config::GetOption("ifname", ifname);
-		if (ipv4 && i2p::config::IsDefault ("address4"))
-		{
-			std::string ifname4; i2p::config::GetOption("ifname4", ifname4);
-			if (!ifname4.empty ())
-				i2p::config::SetOption ("address4", i2p::util::net::GetInterfaceAddress(ifname4, false).to_string ()); // v4
-			else if (!ifname.empty ())
-				i2p::config::SetOption ("address4", i2p::util::net::GetInterfaceAddress(ifname, false).to_string ()); // v4
-		}
-		if (ipv6 && i2p::config::IsDefault ("address6"))
-		{
-			std::string ifname6; i2p::config::GetOption("ifname6", ifname6);
-			if (!ifname6.empty ())
-				i2p::config::SetOption ("address6", i2p::util::net::GetInterfaceAddress(ifname6, true).to_string ()); // v6
-			else if (!ifname.empty ())
-				i2p::config::SetOption ("address6", i2p::util::net::GetInterfaceAddress(ifname, true).to_string ()); // v6
-		}
-
-		bool ygg; i2p::config::GetOption("meshnets.yggdrasil", ygg);
-		boost::asio::ip::address_v6 yggaddr;
-		if (ygg)
-		{
-			std::string yggaddress; i2p::config::GetOption ("meshnets.yggaddress", yggaddress);
-			if (!yggaddress.empty ())
-			{
-				yggaddr = boost::asio::ip::address_v6::from_string (yggaddress);
-				if (yggaddr.is_unspecified () || !i2p::util::net::IsYggdrasilAddress (yggaddr) ||
-					!i2p::util::net::IsLocalAddress (yggaddr))
-				{
-					LogPrint(eLogWarning, "Daemon: Can't find Yggdrasil address ", yggaddress);
-					ygg = false;
-				}
-			}
-			else
-			{
-				yggaddr = i2p::util::net::GetYggdrasilAddress ();
-				if (yggaddr.is_unspecified ())
-				{
-					LogPrint(eLogWarning, "Daemon: Yggdrasil is not running. Disabled");
-					ygg = false;
-				}
-			}
-		}
-
-		uint16_t port; i2p::config::GetOption("port", port);
-		if (!i2p::config::IsDefault("port"))
-		{
-			LogPrint(eLogInfo, "Daemon: Accepting incoming connections at port ", port);
-			i2p::context.UpdatePort (port);
-		}
-		i2p::context.SetSupportsV6 (ipv6);
-		i2p::context.SetSupportsV4 (ipv4);
-		i2p::context.SetSupportsMesh (ygg, yggaddr);
-
-		i2p::context.RemoveNTCPAddress (!ipv6); // TODO: remove later
-		bool ntcp2; i2p::config::GetOption("ntcp2.enabled", ntcp2);
-		if (ntcp2)
-		{
-			bool published; i2p::config::GetOption("ntcp2.published", published);
-			if (published)
-			{
-				std::string ntcp2proxy; i2p::config::GetOption("ntcp2.proxy", ntcp2proxy);
-				if (!ntcp2proxy.empty ()) published = false;
-			}
-			if (published)
-			{
-				uint16_t ntcp2port; i2p::config::GetOption("ntcp2.port", ntcp2port);
-				if (!ntcp2port) ntcp2port = port; // use standard port
-				i2p::context.PublishNTCP2Address (ntcp2port, true, ipv4, ipv6, false); // publish
-				if (ipv6)
-				{
-					std::string ipv6Addr; i2p::config::GetOption("ntcp2.addressv6", ipv6Addr);
-					auto addr = boost::asio::ip::address_v6::from_string (ipv6Addr);
-					if (!addr.is_unspecified () && addr != boost::asio::ip::address_v6::any ())
-						i2p::context.UpdateNTCP2V6Address (addr); // set ipv6 address if configured
-				}
-			}
-			else
-				i2p::context.PublishNTCP2Address (port, false, ipv4, ipv6, false); // unpublish
-		}
-		if (ygg)
-		{
-			i2p::context.PublishNTCP2Address (port, true, false, false, true);
-			i2p::context.UpdateNTCP2V6Address (yggaddr);
-			if (!ipv4 && !ipv6)
-				i2p::context.SetStatus (eRouterStatusMesh);
-		}
+		i2p::transport::InitTransports ();

 		bool transit; i2p::config::GetOption("notransit", transit);
 		i2p::context.SetAcceptsTunnels (!transit);
@@ -377,15 +297,15 @@ namespace util
 		}

 		bool ntcp2; i2p::config::GetOption("ntcp2.enabled", ntcp2);
-		bool ssu; i2p::config::GetOption("ssu", ssu);
+		bool ssu2; i2p::config::GetOption("ssu2.enabled", ssu2);
 		bool checkInReserved; i2p::config::GetOption("reservedrange", checkInReserved);
 		LogPrint(eLogInfo, "Daemon: Starting Transports");
-		if(!ssu) LogPrint(eLogInfo, "Daemon: SSU disabled");
+		if(!ssu2) LogPrint(eLogInfo, "Daemon: SSU2 disabled");
 		if(!ntcp2) LogPrint(eLogInfo, "Daemon: NTCP2 disabled");

 		i2p::transport::transports.SetCheckReserved(checkInReserved);
-		i2p::transport::transports.Start(ntcp2, ssu);
-		if (i2p::transport::transports.IsBoundSSU() || i2p::transport::transports.IsBoundNTCP2())
+		i2p::transport::transports.Start(ntcp2, ssu2);
+		if (i2p::transport::transports.IsBoundSSU2() || i2p::transport::transports.IsBoundNTCP2())
 			LogPrint(eLogInfo, "Daemon: Transports started");
 		else
 		{
--- a/daemon/Daemon.h
+++ b/daemon/Daemon.h
@@ -20,27 +20,33 @@ namespace util
 	class Daemon_Singleton_Private;
 	class Daemon_Singleton
 	{
-		public:
+	public:

-			virtual bool init(int argc, char* argv[], std::shared_ptr<std::ostream> logstream);
-			virtual bool init(int argc, char* argv[]);
-			virtual bool start();
-			virtual bool stop();
-			virtual void run () {};
+		virtual bool init (int argc, char* argv[], std::shared_ptr<std::ostream> logstream);
+		virtual bool init (int argc, char* argv[]);
+		virtual bool start ();
+		virtual bool stop ();
+		virtual void run () {};

-			bool isDaemon;
-			bool running;
+		virtual void setDataDir (std::string path);

-		protected:
+		bool isDaemon;
+		bool running;

-			Daemon_Singleton();
-			virtual ~Daemon_Singleton();
+	protected:

-			bool IsService () const;
+		Daemon_Singleton ();
+		virtual ~Daemon_Singleton ();

-			// d-pointer for httpServer, httpProxy, etc.
-			class Daemon_Singleton_Private;
-			Daemon_Singleton_Private &d;
+		bool IsService () const;
+
+		// d-pointer for httpServer, httpProxy, etc.
+		class Daemon_Singleton_Private;
+		Daemon_Singleton_Private &d;
+
+	private:
+
+		std::string DaemonDataDir;
 	};

 #if defined(QT_GUI_LIB) // check if QT
--- a/daemon/HTTPServer.cpp
+++ b/daemon/HTTPServer.cpp
@@ -80,7 +80,7 @@ namespace http {
 	const char HTTP_COMMAND_SHUTDOWN_CANCEL[] = "shutdown_cancel";
 	const char HTTP_COMMAND_SHUTDOWN_NOW[] = "terminate";
 	const char HTTP_COMMAND_RUN_PEER_TEST[] = "run_peer_test";
-	const char HTTP_COMMAND_RELOAD_CONFIG[] = "reload_config";
+	const char HTTP_COMMAND_RELOAD_TUNNELS_CONFIG[] = "reload_tunnels_config";
 	const char HTTP_COMMAND_LOGLEVEL[] = "set_loglevel";
 	const char HTTP_COMMAND_KILLSTREAM[] = "closestream";
 	const char HTTP_COMMAND_LIMITTRANSIT[] = "limittransit";
@@ -182,7 +182,7 @@ namespace http {
 			"  <meta charset=\"UTF-8\">\r\n"
 			"  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n"
 			"  <link rel=\"shortcut icon\" href=\"" << itoopieFavicon << "\">\r\n"
-			"  <title>Purple I2P " VERSION " Webconsole</title>\r\n";
+			"  <title>" << tr(/* tr: Webconsole page title */ "Purple I2P Webconsole") << "</title>\r\n";
 		GetStyles(s);
 		s <<
 			"</head>\r\n"
@@ -196,8 +196,10 @@ namespace http {
 		if (i2p::context.IsFloodfill ())
 			s << "  <a href=\"" << webroot << "?page=" << HTTP_PAGE_LEASESETS << "\">" << tr("LeaseSets") << "</a><br>\r\n";
 		s <<
-			"  <a href=\"" << webroot << "?page=" << HTTP_PAGE_TUNNELS << "\">" << tr("Tunnels") << "</a><br>\r\n"
-			"  <a href=\"" << webroot << "?page=" << HTTP_PAGE_TRANSIT_TUNNELS << "\">" << tr("Transit Tunnels") << "</a><br>\r\n"
+			"  <a href=\"" << webroot << "?page=" << HTTP_PAGE_TUNNELS << "\">" << tr("Tunnels") << "</a><br>\r\n";
+		if (i2p::context.AcceptsTunnels () || i2p::tunnel::tunnels.CountTransitTunnels())
+			s << "  <a href=\"" << webroot << "?page=" << HTTP_PAGE_TRANSIT_TUNNELS << "\">" << tr("Transit Tunnels") << "</a><br>\r\n";
+		s <<
 			"  <a href=\"" << webroot << "?page=" << HTTP_PAGE_TRANSPORTS << "\">" << tr ("Transports") << "</a><br>\r\n"
 			"  <a href=\"" << webroot << "?page=" << HTTP_PAGE_I2P_TUNNELS << "\">" << tr("I2P tunnels") << "</a><br>\r\n";
 		if (i2p::client::context.GetSAMBridge ())
@@ -220,7 +222,7 @@ namespace http {
 		s << "<b>" << tr("ERROR") << ":</b>&nbsp;" << string << "<br>\r\n";
 	}

-	static void ShowNetworkStatus (std::stringstream& s, RouterStatus status)
+	static void ShowNetworkStatus (std::stringstream& s, RouterStatus status, RouterError error)
 	{
 		switch (status)
 		{
@@ -230,26 +232,28 @@ namespace http {
 			case eRouterStatusUnknown: s << tr("Unknown"); break;
 			case eRouterStatusProxy: s << tr("Proxy"); break;
 			case eRouterStatusMesh: s << tr("Mesh"); break;
-			case eRouterStatusError:
-			{
-				s << tr("Error");
-				switch (i2p::context.GetError ())
-				{
-					case eRouterErrorClockSkew:
-						s << " - " << tr("Clock skew");
-					break;
-					case eRouterErrorOffline:
-						s << " - " << tr("Offline");
-					break;
-					case eRouterErrorSymmetricNAT:
-						s << " - " << tr("Symmetric NAT");
-					break;
-					default: ;
-				}
-				break;
-			}
 			default: s << tr("Unknown");
 		}
+		if (error != eRouterErrorNone)
+		{
+			s << "<br>";
+			switch (error)
+			{
+				case eRouterErrorClockSkew:
+					s << " - " << tr("Clock skew");
+				break;
+				case eRouterErrorOffline:
+					s << " - " << tr("Offline");
+				break;
+				case eRouterErrorSymmetricNAT:
+					s << " - " << tr("Symmetric NAT");
+				break;
+				case eRouterErrorNoDescriptors:
+					s << " - " << tr("No Descriptors");
+				break;
+				default: ;
+			}
+		}
 	}

 	void ShowStatus (std::stringstream& s, bool includeHiddenContent, i2p::http::OutputFormatEnum outputFormat)
@@ -258,12 +262,12 @@ namespace http {
 		ShowUptime(s, i2p::context.GetUptime ());
 		s << "<br>\r\n";
 		s << "<b>" << tr("Network status") << ":</b> ";
-		ShowNetworkStatus (s, i2p::context.GetStatus ());
+		ShowNetworkStatus (s, i2p::context.GetStatus (), i2p::context.GetError ());
 		s << "<br>\r\n";
 		if (i2p::context.SupportsV6 ())
 		{
 			s << "<b>" << tr("Network status v6") << ":</b> ";
-			ShowNetworkStatus (s, i2p::context.GetStatusV6 ());
+			ShowNetworkStatus (s, i2p::context.GetStatusV6 (), i2p::context.GetErrorV6 ());
 			s << "<br>\r\n";
 		}
 #if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID)) || defined(ANDROID_BINARY))
@@ -286,62 +290,65 @@ namespace http {
 		s << "<b>" << tr("Tunnel creation success rate") << ":</b> " << i2p::tunnel::tunnels.GetTunnelCreationSuccessRate () << "%<br>\r\n";
 		s << "<b>" << tr("Received") << ":</b> ";
 		ShowTraffic (s, i2p::transport::transports.GetTotalReceivedBytes ());
-		s << " (" << (double) i2p::transport::transports.GetInBandwidth () / 1024 << " " << tr(/* tr: Kibibit/s */ "KiB/s") << ")<br>\r\n";
+		s << " (" << (double) i2p::transport::transports.GetInBandwidth15s () / 1024 << " " << tr(/* tr: Kibibit/s */ "KiB/s") << ")<br>\r\n";
 		s << "<b>" << tr("Sent") << ":</b> ";
 		ShowTraffic (s, i2p::transport::transports.GetTotalSentBytes ());
-		s << " (" << (double) i2p::transport::transports.GetOutBandwidth () / 1024 << " " << tr(/* tr: Kibibit/s */ "KiB/s") << ")<br>\r\n";
+		s << " (" << (double) i2p::transport::transports.GetOutBandwidth15s () / 1024 << " " << tr(/* tr: Kibibit/s */ "KiB/s") << ")<br>\r\n";
 		s << "<b>" << tr("Transit") << ":</b> ";
 		ShowTraffic (s, i2p::transport::transports.GetTotalTransitTransmittedBytes ());
-		s << " (" << (double) i2p::transport::transports.GetTransitBandwidth () / 1024 << " " << tr(/* tr: Kibibit/s */ "KiB/s") << ")<br>\r\n";
+		s << " (" << (double) i2p::transport::transports.GetTransitBandwidth15s () / 1024 << " " << tr(/* tr: Kibibit/s */ "KiB/s") << ")<br>\r\n";
 		s << "<b>" << tr("Data path") << ":</b> " << i2p::fs::GetUTF8DataDir() << "<br>\r\n";
 		s << "<div class='slide'>";
-		if((outputFormat == OutputFormatEnum::forWebConsole) || !includeHiddenContent) {
+		if ((outputFormat == OutputFormatEnum::forWebConsole) || !includeHiddenContent) {
 			s << "<label for=\"slide-info\">" << tr("Hidden content. Press on text to see.") << "</label>\r\n<input type=\"checkbox\" id=\"slide-info\" />\r\n<div class=\"slidecontent\">\r\n";
 		}
-		if(includeHiddenContent) {
+		if (includeHiddenContent) 
+		{
 			s << "<b>" << tr("Router Ident") << ":</b> " << i2p::context.GetRouterInfo().GetIdentHashBase64() << "<br>\r\n";
 			if (!i2p::context.GetRouterInfo().GetProperty("family").empty())
 				s << "<b>" << tr("Router Family") << ":</b> " << i2p::context.GetRouterInfo().GetProperty("family") << "<br>\r\n";
 			s << "<b>" << tr("Router Caps") << ":</b> " << i2p::context.GetRouterInfo().GetProperty("caps") << "<br>\r\n";
 			s << "<b>" << tr("Version") << ":</b> " VERSION "<br>\r\n";
 			s << "<b>"<< tr("Our external address") << ":</b>" << "<br>\r\n<table class=\"extaddr\"><tbody>\r\n";
-			for (const auto& address : i2p::context.GetRouterInfo().GetAddresses())
-			{
-				s << "<tr>\r\n";
-				if (address->IsNTCP2 () && !address->IsPublishedNTCP2 ())
+			auto addresses = i2p::context.GetRouterInfo().GetAddresses ();
+			if (addresses)
+			{	
+				for (const auto& address : *addresses)
 				{
-					s << "<td>NTCP2";
-					if (address->host.is_v6 ()) s << "v6";
-					s << "</td><td>" << tr("supported") << "</td>\r\n</tr>\r\n";
-					continue;
-				}
-				switch (address->transportStyle)
-				{
-					case i2p::data::RouterInfo::eTransportNTCP:
+					s << "<tr>\r\n<td>";
+					switch (address->transportStyle)
 					{
-						s << "<td>NTCP";
-						if (address->IsPublishedNTCP2 ()) s << "2";
-						if (address->host.is_v6 ()) s << "v6";
-						s << "</td>\r\n";
+						case i2p::data::RouterInfo::eTransportNTCP2:
+							s << "NTCP2";
 						break;
+						case i2p::data::RouterInfo::eTransportSSU2:
+							s << "SSU2";
+						break;
+						default:
+							s << tr("Unknown");
 					}
-					case i2p::data::RouterInfo::eTransportSSU:
+					if (address->IsV6 ())
 					{
-						s << "<td>SSU";
-						if (address->host.is_v6 ())
-							s << "v6";
-						s << "</td>\r\n";
-						break;
+						if (address->IsV4 ()) s << "v4";
+						s << "v6";
 					}
-					default:
-						s << "<td>" << tr("Unknown") << "</td>\r\n";
+					s << "</td>\r\n";
+					if (address->published)
+						s << "<td>" << address->host.to_string() << ":" << address->port << "</td>\r\n";
+					else
+					{
+						s << "<td>" << tr("supported");
+						if (address->port)
+							s << " :" << address->port;
+						s << "</td>\r\n";
+					}
+					s << "</tr>\r\n";
 				}
-				s << "<td>" << address->host.to_string() << ":" << address->port << "</td>\r\n</tr>\r\n";
-			}
+			}	
 			s << "</tbody></table>\r\n";
 		}
 		s << "</div>\r\n</div>\r\n";
-		if(outputFormat == OutputFormatEnum::forQtUi) {
+		if (outputFormat == OutputFormatEnum::forQtUi) {
 			s << "<br>";
 		}
 		s << "<b>" << tr("Routers") << ":</b> " << i2p::data::netdb.GetNumRouters () << " ";
@@ -355,7 +362,7 @@ namespace http {
 		s << "<b>" << tr("Client Tunnels") << ":</b> " << std::to_string(clientTunnelCount) << " ";
 		s << "<b>" << tr("Transit Tunnels") << ":</b> " << std::to_string(transitTunnelCount) << "<br>\r\n<br>\r\n";

-		if(outputFormat==OutputFormatEnum::forWebConsole) {
+		if (outputFormat==OutputFormatEnum::forWebConsole) {
 			bool httpproxy  = i2p::client::context.GetHttpProxy ()         ? true : false;
 			bool socksproxy = i2p::client::context.GetSocksProxy ()        ? true : false;
 			bool bob        = i2p::client::context.GetBOBCommandChannel () ? true : false;
@@ -416,7 +423,7 @@ namespace http {
 			s << "</div>\r\n</div>\r\n";
 		}

-		if(dest->IsPublic())
+		if (dest->IsPublic() && token && !dest->IsEncryptedLeaseSet ())
 		{
 			std::string webroot; i2p::config::GetOption("http.webroot", webroot);
 			auto base32 = dest->GetIdentHash ().ToBase32 ();
@@ -430,7 +437,7 @@ namespace http {
 			     "</form>\r\n<small>" << tr("<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.") << "</small>\r\n</div>\r\n</div>\r\n<br>\r\n";
 		}

-		if(dest->GetNumRemoteLeaseSets())
+		if (dest->GetNumRemoteLeaseSets())
 		{
 			s << "<div class='slide'><label for='slide-lease'><b>" << tr("LeaseSets") << ":</b> <i>" << dest->GetNumRemoteLeaseSets ()
 			  << "</i></label>\r\n<input type=\"checkbox\" id=\"slide-lease\" />\r\n<div class=\"slidecontent\">\r\n<table><thead><th>"<< tr("Address") << "</th><th>" << tr("Type") << "</th><th>" << tr("EncType") << "</th></thead><tbody class=\"tableitem\">";
@@ -446,8 +453,18 @@ namespace http {
 			s << "<b>" << tr("Inbound tunnels") << ":</b><br>\r\n<div class=\"list\">\r\n";
 			for (auto & it : pool->GetInboundTunnels ()) {
 				s << "<div class=\"listitem\">";
-				it->Print(s);
-				if(it->LatencyIsKnown())
+				// for each tunnel hop if not zero-hop
+				if (it->GetNumHops ())
+				{
+					it->VisitTunnelHops(
+						[&s](std::shared_ptr<const i2p::data::IdentityEx> hopIdent)
+						{
+							s << "&#8658; " << i2p::data::GetIdentHashAbbreviation (hopIdent->GetIdentHash ()) << " ";
+						}
+					);
+				}
+				s << "&#8658; " << it->GetTunnelID () << ":me";
+				if (it->LatencyIsKnown())
 					s << " ( " << it->GetMeanLatency() << tr(/* tr: Milliseconds */ "ms") << " )";
 				ShowTunnelDetails(s, it->GetState (), false, it->GetNumReceivedBytes ());
 				s << "</div>\r\n";
@@ -456,8 +473,18 @@ namespace http {
 			s << "<b>" << tr("Outbound tunnels") << ":</b><br>\r\n<div class=\"list\">\r\n";
 			for (auto & it : pool->GetOutboundTunnels ()) {
 				s << "<div class=\"listitem\">";
-				it->Print(s);
-				if(it->LatencyIsKnown())
+				s << it->GetTunnelID () << ":me &#8658;";
+				// for each tunnel hop if not zero-hop
+				if (it->GetNumHops ())
+				{
+					it->VisitTunnelHops(
+						[&s](std::shared_ptr<const i2p::data::IdentityEx> hopIdent)
+						{
+							s << " " << i2p::data::GetIdentHashAbbreviation (hopIdent->GetIdentHash ()) << " &#8658;";
+						}
+					);
+				}
+				if (it->LatencyIsKnown())
 					s << " ( " << it->GetMeanLatency() << tr("ms") << " )";
 				ShowTunnelDetails(s, it->GetState (), false, it->GetNumSentBytes ());
 				s << "</div>\r\n";
@@ -508,19 +535,21 @@ namespace http {
 			ShowLeaseSetDestination (s, dest, token);

 			// Print table with streams information
-			s << "<table>\r\n<caption>" << tr("Streams") << "</caption>\r\n<thead>\r\n<tr>";
-			s << "<th style=\"width:25px;\">StreamID</th>";
-			s << "<th style=\"width:5px;\" \\>"; // Stream closing button column
-			s << "<th class=\"streamdest\">Destination</th>";
-			s << "<th>Sent</th>";
-			s << "<th>Received</th>";
-			s << "<th>Out</th>";
-			s << "<th>In</th>";
-			s << "<th>Buf</th>";
-			s << "<th>RTT</th>";
-			s << "<th>Window</th>";
-			s << "<th>Status</th>";
-			s << "</tr>\r\n</thead>\r\n<tbody class=\"tableitem\">\r\n";
+			s << "<table>\r\n<caption>"
+			  << tr("Streams")
+			  << "</caption>\r\n<thead>\r\n<tr>"
+			  << "<th style=\"width:25px;\">StreamID</th>"
+			  << "<th style=\"width:5px;\" \\>" // Stream closing button column
+			  << "<th class=\"streamdest\">Destination</th>"
+			  << "<th>Sent</th>"
+			  << "<th>Received</th>"
+			  << "<th>Out</th>"
+			  << "<th>In</th>"
+			  << "<th>Buf</th>"
+			  << "<th>RTT</th>"
+			  << "<th>Window</th>"
+			  << "<th>Status</th>"
+			  << "</tr>\r\n</thead>\r\n<tbody class=\"tableitem\">\r\n";

 			for (const auto& it: dest->GetAllStreams ())
 			{
@@ -630,8 +659,17 @@ namespace http {
 		s << "<b>" << tr("Inbound tunnels") << ":</b><br>\r\n<div class=\"list\">\r\n";
 		for (auto & it : i2p::tunnel::tunnels.GetInboundTunnels ()) {
 			s << "<div class=\"listitem\">";
-			it->Print(s);
-			if(it->LatencyIsKnown())
+			if (it->GetNumHops ())
+			{
+				it->VisitTunnelHops(
+					[&s](std::shared_ptr<const i2p::data::IdentityEx> hopIdent)
+					{
+						s << "&#8658; " << i2p::data::GetIdentHashAbbreviation (hopIdent->GetIdentHash ()) << " ";
+					}
+				);
+			}
+			s << "&#8658; " << it->GetTunnelID () << ":me";
+			if (it->LatencyIsKnown())
 			s << " ( " << it->GetMeanLatency() << tr("ms") << " )";
 			ShowTunnelDetails(s, it->GetState (), (it->GetTunnelPool () == ExplPool), it->GetNumReceivedBytes ());
 			s << "</div>\r\n";
@@ -640,8 +678,18 @@ namespace http {
 		s << "<b>" << tr("Outbound tunnels") << ":</b><br>\r\n<div class=\"list\">\r\n";
 		for (auto & it : i2p::tunnel::tunnels.GetOutboundTunnels ()) {
 			s << "<div class=\"listitem\">";
-			it->Print(s);
-			if(it->LatencyIsKnown())
+			s << it->GetTunnelID () << ":me &#8658;";
+			// for each tunnel hop if not zero-hop
+			if (it->GetNumHops ())
+			{
+				it->VisitTunnelHops(
+					[&s](std::shared_ptr<const i2p::data::IdentityEx> hopIdent)
+					{
+						s << " " << i2p::data::GetIdentHashAbbreviation (hopIdent->GetIdentHash ()) << " &#8658;";
+					}
+				);
+			}
+			if (it->LatencyIsKnown())
 			s << " ( " << it->GetMeanLatency() << tr("ms") << " )";
 			ShowTunnelDetails(s, it->GetState (), (it->GetTunnelPool () == ExplPool), it->GetNumSentBytes ());
 			s << "</div>\r\n";
@@ -655,8 +703,7 @@ namespace http {

 		s << "<b>" << tr("Router commands") << "</b><br>\r\n<br>\r\n<div class=\"commands\">\r\n";
 		s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_RUN_PEER_TEST << "&token=" << token << "\">" << tr("Run peer test") << "</a><br>\r\n";
-
-		// s << "  <a href=\"/?cmd=" << HTTP_COMMAND_RELOAD_CONFIG << "\">Reload config</a><br>\r\n";
+		s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_RELOAD_TUNNELS_CONFIG << "&token=" << token << "\">" << tr("Reload tunnels configuration") << "</a><br>\r\n";

 		if (i2p::context.AcceptsTunnels ())
 			s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_DISABLE_TRANSIT << "&token=" << token << "\">" << tr("Decline transit tunnels") << "</a><br>\r\n";
@@ -697,23 +744,31 @@ namespace http {
 		s << "  <button type=\"submit\">" << tr("Change") << "</button>\r\n";
 		s << "</form>\r\n<br>\r\n";

-		std::string currLang = i2p::client::context.GetLanguage ()->GetLanguage(); // get current used language
-		s << "<b>" << tr("Change language") << "</b><br>\r\n";
-		s << "<form method=\"get\" action=\"" << webroot << "\">\r\n";
-		s << "  <input type=\"hidden\" name=\"cmd\" value=\"" << HTTP_COMMAND_SETLANGUAGE << "\">\r\n";
-		s << "  <input type=\"hidden\" name=\"token\" value=\"" << token << "\">\r\n";
-		s << "  <select name=\"lang\" id=\"lang\">\r\n";
+		// get current used language
+		std::string currLang = i2p::client::context.GetLanguage ()->GetLanguage();
+
+		s << "<b>"
+		  << tr("Change language")
+		  << "</b><br>\r\n"
+		  << "<form method=\"get\" action=\"" << webroot << "\">\r\n"
+		  << "  <input type=\"hidden\" name=\"cmd\" value=\"" << HTTP_COMMAND_SETLANGUAGE << "\">\r\n"
+		  << "  <input type=\"hidden\" name=\"token\" value=\"" << token << "\">\r\n"
+		  << "  <select name=\"lang\" id=\"lang\">\r\n";
+
 		for (const auto& it: i2p::i18n::languages)
 			s << "    <option value=\"" << it.first << "\"" << ((it.first.compare(currLang) == 0) ? " selected" : "") << ">" << it.second.LocaleName << "</option>\r\n";
-		s << "  </select>\r\n";
-		s << "  <button type=\"submit\">" << tr("Change") << "</button>\r\n";
-		s << "</form>\r\n<br>\r\n";
+
+		s << "  </select>\r\n"
+		  << "  <button type=\"submit\">"
+		  << tr("Change")
+		  << "</button>\r\n"
+		  << "</form>\r\n<br>\r\n";

 	}

 	void ShowTransitTunnels (std::stringstream& s)
 	{
-		if(i2p::tunnel::tunnels.CountTransitTunnels())
+		if (i2p::tunnel::tunnels.CountTransitTunnels())
 		{
 			s << "<b>" << tr("Transit Tunnels") << ":</b><br>\r\n<div class=\"list\">\r\n";
 			for (const auto& it: i2p::tunnel::tunnels.GetTransitTunnels ())
@@ -736,30 +791,35 @@ namespace http {
 	}

 	template<typename Sessions>
-	static void ShowNTCPTransports (std::stringstream& s, const Sessions& sessions, const std::string name)
+	static void ShowTransportSessions (std::stringstream& s, const Sessions& sessions, const std::string name)
 	{
 		std::stringstream tmp_s, tmp_s6; uint16_t cnt = 0, cnt6 = 0;
 		for (const auto& it: sessions )
 		{
-			if (it.second && it.second->IsEstablished () && !it.second->GetRemoteEndpoint ().address ().is_v6 ())
+			auto endpoint = it.second->GetRemoteEndpoint ();
+			if (it.second && it.second->IsEstablished () && endpoint.address ().is_v4 ())
 			{
 				tmp_s << "<div class=\"listitem\">\r\n";
 				if (it.second->IsOutgoing ()) tmp_s << " &#8658; ";
 				tmp_s << i2p::data::GetIdentHashAbbreviation (it.second->GetRemoteIdentity ()->GetIdentHash ()) << ": "
-					<< it.second->GetRemoteEndpoint ().address ().to_string ();
+					<< endpoint.address ().to_string () << ":" << endpoint.port ();
 				if (!it.second->IsOutgoing ()) tmp_s << " &#8658; ";
 				tmp_s << " [" << it.second->GetNumSentBytes () << ":" << it.second->GetNumReceivedBytes () << "]";
+				if (it.second->GetRelayTag ())
+					tmp_s << " [itag:" << it.second->GetRelayTag () << "]";
 				tmp_s << "</div>\r\n" << std::endl;
 				cnt++;
 			}
-			if (it.second && it.second->IsEstablished () && it.second->GetRemoteEndpoint ().address ().is_v6 ())
+			if (it.second && it.second->IsEstablished () && endpoint.address ().is_v6 ())
 			{
 				tmp_s6 << "<div class=\"listitem\">\r\n";
 				if (it.second->IsOutgoing ()) tmp_s6 << " &#8658; ";
 				tmp_s6 << i2p::data::GetIdentHashAbbreviation (it.second->GetRemoteIdentity ()->GetIdentHash ()) << ": "
-					<< "[" << it.second->GetRemoteEndpoint ().address ().to_string () << "]";
+					<< "[" << endpoint.address ().to_string () << "]:" << endpoint.port ();
 				if (!it.second->IsOutgoing ()) tmp_s6 << " &#8658; ";
 				tmp_s6 << " [" << it.second->GetNumSentBytes () << ":" << it.second->GetNumReceivedBytes () << "]";
+				if (it.second->GetRelayTag ())
+					tmp_s6 << " [itag:" << it.second->GetRelayTag () << "]";
 				tmp_s6 << "</div>\r\n" << std::endl;
 				cnt6++;
 			}
@@ -786,47 +846,14 @@ namespace http {
 		{
 			auto sessions = ntcp2Server->GetNTCP2Sessions ();
 			if (!sessions.empty ())
-				ShowNTCPTransports (s, sessions, "NTCP2");
+				ShowTransportSessions (s, sessions, "NTCP2");
 		}
-		auto ssuServer = i2p::transport::transports.GetSSUServer ();
-		if (ssuServer)
+		auto ssu2Server = i2p::transport::transports.GetSSU2Server ();
+		if (ssu2Server)
 		{
-			auto sessions = ssuServer->GetSessions ();
+			auto sessions = ssu2Server->GetSSU2Sessions ();
 			if (!sessions.empty ())
-			{
-				s << "<div class='slide'><label for='slide_ssu'><b>SSU</b> ( " << (int) sessions.size() << " )</label>\r\n<input type=\"checkbox\" id=\"slide_ssu\" />\r\n<div class=\"slidecontent list\">";
-				for (const auto& it: sessions)
-				{
-					s << "<div class=\"listitem\">\r\n";
-					auto endpoint = it.second->GetRemoteEndpoint ();
-					if (it.second->IsOutgoing ()) s << " &#8658; ";
-					s << endpoint.address ().to_string () << ":" << endpoint.port ();
-					if (!it.second->IsOutgoing ()) s << " &#8658; ";
-					s << " [" << it.second->GetNumSentBytes () << ":" << it.second->GetNumReceivedBytes () << "]";
-					if (it.second->GetRelayTag ())
-						s << " [itag:" << it.second->GetRelayTag () << "]";
-					s << "</div>\r\n" << std::endl;
-				}
-				s << "</div>\r\n</div>\r\n";
-			}
-			auto sessions6 = ssuServer->GetSessionsV6 ();
-			if (!sessions6.empty ())
-			{
-				s << "<div class='slide'><label for='slide_ssuv6'><b>SSUv6</b> ( " << (int) sessions6.size() << " )</label>\r\n<input type=\"checkbox\" id=\"slide_ssuv6\" />\r\n<div class=\"slidecontent list\">";
-				for (const auto& it: sessions6)
-				{
-					s << "<div class=\"listitem\">\r\n";
-					auto endpoint = it.second->GetRemoteEndpoint ();
-					if (it.second->IsOutgoing ()) s << " &#8658; ";
-					s << "[" << endpoint.address ().to_string () << "]:" << endpoint.port ();
-					if (!it.second->IsOutgoing ()) s << " &#8658; ";
-					s << " [" << it.second->GetNumSentBytes () << ":" << it.second->GetNumReceivedBytes () << "]";
-					if (it.second->GetRelayTag ())
-						s << " [itag:" << it.second->GetRelayTag () << "]";
-					s << "</div>\r\n" << std::endl;
-				}
-				s << "</div>\r\n</div>\r\n";
-			}
+				ShowTransportSessions (s, sessions, "SSU2");
 		}
 	}

@@ -840,7 +867,7 @@ namespace http {
 			return;
 		}

-		if(sam->GetSessions ().size ())
+		if (sam->GetSessions ().size ())
 		{
 			s << "<b>" << tr("SAM sessions") << ":</b><br>\r\n<div class=\"list\">\r\n";
 			for (auto& it: sam->GetSessions ())
@@ -1057,6 +1084,7 @@ namespace http {
 			SendReply(res, content);
 			return;
 		}
+
 		bool strictheaders;
 		i2p::config::GetOption("http.strictheaders", strictheaders);
 		if (strictheaders)
@@ -1079,6 +1107,7 @@ namespace http {
 				return;
 			}
 		}
+
 		// HTML head start
 		ShowPageHead (s);
 		if (req.uri.find("page=") != std::string::npos) {
@@ -1181,7 +1210,7 @@ namespace http {
 		std::string cmd = params["cmd"];
 		if (cmd == HTTP_COMMAND_RUN_PEER_TEST)
 			i2p::transport::transports.PeerTest ();
-		else if (cmd == HTTP_COMMAND_RELOAD_CONFIG)
+		else if (cmd == HTTP_COMMAND_RELOAD_TUNNELS_CONFIG)
 			i2p::client::context.ReloadConfig ();
 		else if (cmd == HTTP_COMMAND_ENABLE_TRANSIT)
 			i2p::context.SetAcceptsTunnels (true);
@@ -1199,7 +1228,7 @@ namespace http {
 		else if (cmd == HTTP_COMMAND_SHUTDOWN_CANCEL)
 		{
 			i2p::context.SetAcceptsTunnels (true);
-#if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID))  || defined(ANDROID_BINARY))
+#if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID)) || defined(ANDROID_BINARY))
 			Daemon.gracefulShutdownInterval = 0;
 #elif defined(WIN32_APP)
 			i2p::win32::StopGracefulShutdown ();
@@ -1231,7 +1260,7 @@ namespace http {
 			{
 				if (dest)
 				{
-					if(dest->DeleteStream (streamID))
+					if (dest->DeleteStream (streamID))
 						s << "<b>" << tr("SUCCESS") << "</b>:&nbsp;" << tr("Stream closed") << "<br>\r\n<br>\r\n";
 					else
 						s << "<b>" << tr("ERROR") << "</b>:&nbsp;" << tr("Stream not found or already was closed") << "<br>\r\n<br>\r\n";
@@ -1437,7 +1466,7 @@ namespace http {
 			CreateConnection(newSocket);
 		else
 		{
-			if(newSocket) newSocket->close();
+			if (newSocket) newSocket->close();
 			LogPrint(eLogError, "HTTP Server: Error handling accept: ", ecode.message());
 		}
 		Accept ();
--- a/daemon/HTTPServer.h
+++ b/daemon/HTTPServer.h
@@ -98,8 +98,8 @@ namespace http
 	void ShowSAMSessions (std::stringstream& s);
 	void ShowI2PTunnels (std::stringstream& s);
 	void ShowLocalDestination (std::stringstream& s, const std::string& b32, uint32_t token);
-    void ShowSAMSession (std::stringstream& s, const std::string& id);
-    void ShowI2CPLocalDestination (std::stringstream& s, const std::string& id);
+	void ShowSAMSession (std::stringstream& s, const std::string& id);
+	void ShowI2CPLocalDestination (std::stringstream& s, const std::string& id);
 } // http
 } // i2p

--- a/daemon/I2PControl.cpp
+++ b/daemon/I2PControl.cpp
@@ -14,25 +14,17 @@
 // Use global placeholders from boost introduced when local_time.hpp is loaded
 #define BOOST_BIND_GLOBAL_PLACEHOLDERS

-#include <boost/lexical_cast.hpp>
 #include <boost/date_time/local_time/local_time.hpp>
 #include <boost/date_time/posix_time/posix_time.hpp>
-#include <boost/property_tree/ini_parser.hpp>
 #include <boost/property_tree/json_parser.hpp>
+#include <boost/lexical_cast.hpp>

-#include "Crypto.h"
 #include "FS.h"
 #include "Log.h"
 #include "Config.h"
 #include "NetDb.hpp"
-#include "RouterContext.h"
-#include "Daemon.h"
 #include "Tunnel.h"
-#include "Timestamp.h"
-#include "Transports.h"
-#include "version.h"
-#include "util.h"
-#include "ClientContext.h"
+#include "Daemon.h"
 #include "I2PControl.h"

 namespace i2p
@@ -66,48 +58,21 @@ namespace client
 		m_SSLContext.use_private_key_file (i2pcp_key, boost::asio::ssl::context::pem);

 		// handlers
-		m_MethodHandlers["Authenticate"]   = &I2PControlService::AuthenticateHandler;
-		m_MethodHandlers["Echo"]           = &I2PControlService::EchoHandler;
-		m_MethodHandlers["I2PControl"]     = &I2PControlService::I2PControlHandler;
-		m_MethodHandlers["RouterInfo"]     = &I2PControlService::RouterInfoHandler;
-		m_MethodHandlers["RouterManager"]  = &I2PControlService::RouterManagerHandler;
-		m_MethodHandlers["NetworkSetting"] = &I2PControlService::NetworkSettingHandler;
-		m_MethodHandlers["ClientServicesInfo"]     = &I2PControlService::ClientServicesInfoHandler;
+		m_MethodHandlers["Authenticate"]       = &I2PControlService::AuthenticateHandler;
+		m_MethodHandlers["Echo"]               = &I2PControlService::EchoHandler;
+		m_MethodHandlers["I2PControl"]         = &I2PControlService::I2PControlHandler;
+		m_MethodHandlers["RouterInfo"]         = &I2PControlHandlers::RouterInfoHandler;
+		m_MethodHandlers["RouterManager"]      = &I2PControlService::RouterManagerHandler;
+		m_MethodHandlers["NetworkSetting"]     = &I2PControlHandlers::NetworkSettingHandler;
+		m_MethodHandlers["ClientServicesInfo"] = &I2PControlHandlers::ClientServicesInfoHandler;

 		// I2PControl
 		m_I2PControlHandlers["i2pcontrol.password"] = &I2PControlService::PasswordHandler;

-		// RouterInfo
-		m_RouterInfoHandlers["i2p.router.uptime"]  = &I2PControlService::UptimeHandler;
-		m_RouterInfoHandlers["i2p.router.version"] = &I2PControlService::VersionHandler;
-		m_RouterInfoHandlers["i2p.router.status"]  = &I2PControlService::StatusHandler;
-		m_RouterInfoHandlers["i2p.router.netdb.knownpeers"]   = &I2PControlService::NetDbKnownPeersHandler;
-		m_RouterInfoHandlers["i2p.router.netdb.activepeers"]  = &I2PControlService::NetDbActivePeersHandler;
-		m_RouterInfoHandlers["i2p.router.net.bw.inbound.1s"]  = &I2PControlService::InboundBandwidth1S;
-		m_RouterInfoHandlers["i2p.router.net.bw.outbound.1s"] = &I2PControlService::OutboundBandwidth1S;
-		m_RouterInfoHandlers["i2p.router.net.status"]         = &I2PControlService::NetStatusHandler;
-		m_RouterInfoHandlers["i2p.router.net.tunnels.participating"] = &I2PControlService::TunnelsParticipatingHandler;
-		m_RouterInfoHandlers["i2p.router.net.tunnels.successrate"] =
-&I2PControlService::TunnelsSuccessRateHandler;
-		m_RouterInfoHandlers["i2p.router.net.total.received.bytes"]  = &I2PControlService::NetTotalReceivedBytes;
-		m_RouterInfoHandlers["i2p.router.net.total.sent.bytes"]      = &I2PControlService::NetTotalSentBytes;
-
 		// RouterManager
 		m_RouterManagerHandlers["Reseed"]           = &I2PControlService::ReseedHandler;
 		m_RouterManagerHandlers["Shutdown"]         = &I2PControlService::ShutdownHandler;
 		m_RouterManagerHandlers["ShutdownGraceful"] = &I2PControlService::ShutdownGracefulHandler;
-
-		// NetworkSetting
-		m_NetworkSettingHandlers["i2p.router.net.bw.in"]  = &I2PControlService::InboundBandwidthLimit;
-		m_NetworkSettingHandlers["i2p.router.net.bw.out"] = &I2PControlService::OutboundBandwidthLimit;
-
-		// ClientServicesInfo
-		m_ClientServicesInfoHandlers["I2PTunnel"] = &I2PControlService::I2PTunnelInfoHandler;
-		m_ClientServicesInfoHandlers["HTTPProxy"] = &I2PControlService::HTTPProxyInfoHandler;
-		m_ClientServicesInfoHandlers["SOCKS"] = &I2PControlService::SOCKSInfoHandler;
-		m_ClientServicesInfoHandlers["SAM"] = &I2PControlService::SAMInfoHandler;
-		m_ClientServicesInfoHandlers["BOB"] = &I2PControlService::BOBInfoHandler;
-		m_ClientServicesInfoHandlers["I2CP"] = &I2PControlService::I2CPInfoHandler;
 	}

 	I2PControlService::~I2PControlService ()
@@ -168,7 +133,7 @@ namespace client
 			Accept ();

 		if (ecode) {
-			LogPrint (eLogError, "I2PControl: Accept error: ",  ecode.message ());
+			LogPrint (eLogError, "I2PControl: Accept error: ", ecode.message ());
 			return;
 		}
 		LogPrint (eLogDebug, "I2PControl: New request from ", socket->lowest_layer ().remote_endpoint ());
@@ -281,37 +246,6 @@ namespace client
 		}
 	}

-	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, int value) const
-	{
-		ss << "\"" << name << "\":" << value;
-	}
-
-	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, const std::string& value, bool quotes) const
-	{
-		ss << "\"" << name << "\":";
-		if (value.length () > 0)
-		{	
-			if (quotes)
-				ss << "\"" << value << "\"";
-			else
-				ss << value;
-		}	
-		else
-			ss << "null";
-	}
-
-	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, double value) const
-	{
-		ss << "\"" << name << "\":" << std::fixed << std::setprecision(2) << value;
-	}
-
-	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, const boost::property_tree::ptree& value) const
-	{
-		std::ostringstream buf;
-		boost::property_tree::write_json (buf, value, false);
-		ss << "\"" << name << "\":" << buf.str();
-	}
-
 	void I2PControlService::SendResponse (std::shared_ptr<ssl_socket> socket,
 		std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml)
 	{
@@ -397,91 +331,6 @@ namespace client
 		m_Tokens.clear ();
 	}

-// RouterInfo
-
-	void I2PControlService::RouterInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
-	{
-		bool first = true;
-		for (auto it = params.begin (); it != params.end (); it++)
-		{
-			LogPrint (eLogDebug, "I2PControl: RouterInfo request: ", it->first);
-			auto it1 = m_RouterInfoHandlers.find (it->first);
-			if (it1 != m_RouterInfoHandlers.end ())
-			{
-				if (!first) results << ",";
-				else first = false;
-				(this->*(it1->second))(results);
-			}
-			else
-				LogPrint (eLogError, "I2PControl: RouterInfo unknown request ", it->first);
-		}
-	}
-
-	void I2PControlService::UptimeHandler (std::ostringstream& results)
-	{
-		InsertParam (results, "i2p.router.uptime", std::to_string (i2p::context.GetUptime ()*1000LL), false);
-	}
-
-	void I2PControlService::VersionHandler (std::ostringstream& results)
-	{
-		InsertParam (results, "i2p.router.version", VERSION);
-	}
-
-	void I2PControlService::StatusHandler (std::ostringstream& results)
-	{
-		auto dest = i2p::client::context.GetSharedLocalDestination ();
-		InsertParam (results, "i2p.router.status", (dest && dest->IsReady ()) ? "1" : "0");
-	}
-
-	void I2PControlService::NetDbKnownPeersHandler (std::ostringstream& results)
-	{
-		InsertParam (results, "i2p.router.netdb.knownpeers", i2p::data::netdb.GetNumRouters ());
-	}
-
-	void I2PControlService::NetDbActivePeersHandler (std::ostringstream& results)
-	{
-		InsertParam (results, "i2p.router.netdb.activepeers", (int)i2p::transport::transports.GetPeers ().size ());
-	}
-
-	void I2PControlService::NetStatusHandler (std::ostringstream& results)
-	{
-		InsertParam (results, "i2p.router.net.status", (int)i2p::context.GetStatus ());
-	}
-
-	void I2PControlService::TunnelsParticipatingHandler (std::ostringstream& results)
-	{
-		int transit = i2p::tunnel::tunnels.GetTransitTunnels ().size ();
-		InsertParam (results, "i2p.router.net.tunnels.participating", transit);
-	}
-
-	void I2PControlService::TunnelsSuccessRateHandler (std::ostringstream& results)
-	{
-		int rate = i2p::tunnel::tunnels.GetTunnelCreationSuccessRate ();
-		InsertParam (results, "i2p.router.net.tunnels.successrate", rate);
-	}
-
-	void I2PControlService::InboundBandwidth1S (std::ostringstream& results)
-	{
-		double bw = i2p::transport::transports.GetInBandwidth ();
-		InsertParam (results, "i2p.router.net.bw.inbound.1s", bw);
-	}
-
-	void I2PControlService::OutboundBandwidth1S (std::ostringstream& results)
-	{
-		double bw = i2p::transport::transports.GetOutBandwidth ();
-		InsertParam (results, "i2p.router.net.bw.outbound.1s", bw);
-	}
-
-	void I2PControlService::NetTotalReceivedBytes (std::ostringstream& results)
-	{
-		InsertParam (results, "i2p.router.net.total.received.bytes", (double)i2p::transport::transports.GetTotalReceivedBytes ());
-	}
-
-	void I2PControlService::NetTotalSentBytes (std::ostringstream& results)
-	{
-		InsertParam (results, "i2p.router.net.total.sent.bytes",     (double)i2p::transport::transports.GetTotalSentBytes ());
-	}
-

 // RouterManager

@@ -507,7 +356,7 @@ namespace client
 		m_ShutdownTimer.expires_from_now (boost::posix_time::seconds(1)); // 1 second to make sure response has been sent
 		m_ShutdownTimer.async_wait (
 			[](const boost::system::error_code& ecode)
-		    {
+			{
 				Daemon.running = 0;
 			});
 	}
@@ -521,7 +370,7 @@ namespace client
 		m_ShutdownTimer.expires_from_now (boost::posix_time::seconds(timeout + 1)); // + 1 second
 		m_ShutdownTimer.async_wait (
 			[](const boost::system::error_code& ecode)
-		    {
+			{
 				Daemon.running = 0;
 			});
 	}
@@ -533,37 +382,6 @@ namespace client
 		i2p::data::netdb.Reseed ();
 	}

-// network setting
-	void I2PControlService::NetworkSettingHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
-	{
-		for (auto it = params.begin (); it != params.end (); it++)
-		{
-			LogPrint (eLogDebug, "I2PControl: NetworkSetting request: ", it->first);
-			auto it1 = m_NetworkSettingHandlers.find (it->first);
-			if (it1 != m_NetworkSettingHandlers.end ()) {
-				if (it != params.begin ()) results << ",";
-				(this->*(it1->second))(it->second.data (), results);
-			} else
-				LogPrint (eLogError, "I2PControl: NetworkSetting unknown request: ", it->first);
-		}
-	}
-
-	void I2PControlService::InboundBandwidthLimit (const std::string& value, std::ostringstream& results)
-	{
-		if (value != "null")
-			i2p::context.SetBandwidth (std::atoi(value.c_str()));
-		int bw = i2p::context.GetBandwidthLimit();
-		InsertParam (results, "i2p.router.net.bw.in", bw);
-	}
-
-	void I2PControlService::OutboundBandwidthLimit (const std::string& value, std::ostringstream& results)
-	{
-		if (value != "null")
-			i2p::context.SetBandwidth (std::atoi(value.c_str()));
-		int bw = i2p::context.GetBandwidthLimit();
-		InsertParam (results, "i2p.router.net.bw.out", bw);
-	}
-
 	// certificate
 	void I2PControlService::CreateCertificate (const char *crt_path, const char *key_path)
 	{
@@ -612,178 +430,5 @@ namespace client
 		}
 		EVP_PKEY_free (pkey);
 	}
-
-// ClientServicesInfo
-
-	void I2PControlService::ClientServicesInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
-	{
-		for (auto it = params.begin (); it != params.end (); it++)
-		{
-			LogPrint (eLogDebug, "I2PControl: ClientServicesInfo request: ", it->first);
-			auto it1 = m_ClientServicesInfoHandlers.find (it->first);
-			if (it1 != m_ClientServicesInfoHandlers.end ())
-			{
-				if (it != params.begin ()) results << ",";
-				(this->*(it1->second))(results);
-			}
-			else
-				LogPrint (eLogError, "I2PControl: ClientServicesInfo unknown request ", it->first);
-		}
-	}
-
-	void I2PControlService::I2PTunnelInfoHandler (std::ostringstream& results)
-	{
-		boost::property_tree::ptree pt;
-		boost::property_tree::ptree client_tunnels, server_tunnels;
-
-		for (auto& it: i2p::client::context.GetClientTunnels ())
-		{
-			auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-			boost::property_tree::ptree ct;
-			ct.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
-			client_tunnels.add_child(it.second->GetName (), ct);
-		}
-
-		auto& serverTunnels = i2p::client::context.GetServerTunnels ();
-		if (!serverTunnels.empty ()) {
-			for (auto& it: serverTunnels)
-			{
-				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-				boost::property_tree::ptree st;
-				st.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
-				st.put("port", it.second->GetLocalPort ());
-				server_tunnels.add_child(it.second->GetName (), st);
-			}
-		}
-
-		auto& clientForwards = i2p::client::context.GetClientForwards ();
-		if (!clientForwards.empty ())
-		{
-			for (auto& it: clientForwards)
-			{
-				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-				boost::property_tree::ptree ct;
-				ct.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
-				client_tunnels.add_child(it.second->GetName (), ct);
-			}
-		}
-
-		auto& serverForwards = i2p::client::context.GetServerForwards ();
-		if (!serverForwards.empty ())
-		{
-			for (auto& it: serverForwards)
-			{
-				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-				boost::property_tree::ptree st;
-				st.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
-				server_tunnels.add_child(it.second->GetName (), st);
-			}
-		}
-
-		pt.add_child("client", client_tunnels);
-		pt.add_child("server", server_tunnels);
-
-		InsertParam (results, "I2PTunnel", pt);
-	}
-
-	void I2PControlService::HTTPProxyInfoHandler (std::ostringstream& results)
-	{
-		boost::property_tree::ptree pt;
-
-		auto httpProxy = i2p::client::context.GetHttpProxy ();
-		if (httpProxy)
-		{
-			auto& ident = httpProxy->GetLocalDestination ()->GetIdentHash();
-			pt.put("enabled", true);
-			pt.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
-		}
-		else
-			pt.put("enabled", false);
-
-		InsertParam (results, "HTTPProxy", pt);
-	}
-
-	void I2PControlService::SOCKSInfoHandler (std::ostringstream& results)
-	{
-		boost::property_tree::ptree pt;
-
-		auto socksProxy = i2p::client::context.GetSocksProxy ();
-		if (socksProxy)
-		{
-			auto& ident = socksProxy->GetLocalDestination ()->GetIdentHash();
-			pt.put("enabled", true);
-			pt.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
-		}
-		else
-			pt.put("enabled", false);
-
-		InsertParam (results, "SOCKS", pt);
-	}
-
-	void I2PControlService::SAMInfoHandler (std::ostringstream& results)
-	{
-		boost::property_tree::ptree pt;
-		auto sam = i2p::client::context.GetSAMBridge ();
-		if (sam)
-		{
-			pt.put("enabled", true);
-			boost::property_tree::ptree sam_sessions;
-			for (auto& it: sam->GetSessions ())
-			{
-				boost::property_tree::ptree sam_session, sam_session_sockets;
-				auto& name = it.second->GetLocalDestination ()->GetNickname ();
-				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-				sam_session.put("name", name);
-				sam_session.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
-
-				for (const auto& socket: sam->ListSockets(it.first))
-				{
-					boost::property_tree::ptree stream;
-					stream.put("type", socket->GetSocketType ());
-					stream.put("peer", socket->GetSocket ().remote_endpoint());
-
-					sam_session_sockets.push_back(std::make_pair("", stream));
-				}
-				sam_session.add_child("sockets", sam_session_sockets);
-				sam_sessions.add_child(it.first, sam_session);
-			}
-
-			pt.add_child("sessions", sam_sessions);
-		}
-		else
-			pt.put("enabled", false);
-
-		InsertParam (results, "SAM", pt);
-	}
-
-	void I2PControlService::BOBInfoHandler (std::ostringstream& results)
-	{
-		boost::property_tree::ptree pt;
-		auto bob = i2p::client::context.GetBOBCommandChannel ();
-		if (bob)
-		{
-			/* TODO more info */
-			pt.put("enabled", true);
-		}
-		else
-			pt.put("enabled", false);
-
-		InsertParam (results, "BOB", pt);
-	}
-
-	void I2PControlService::I2CPInfoHandler (std::ostringstream& results)
-	{
-		boost::property_tree::ptree pt;
-		auto i2cp = i2p::client::context.GetI2CPServer ();
-		if (i2cp)
-		{
-			/* TODO more info */
-			pt.put("enabled", true);
-		}
-		else
-			pt.put("enabled", false);
-
-		InsertParam (results, "I2CP", pt);
-	}
 }
 }
--- a/daemon/I2PControl.h
+++ b/daemon/I2PControl.h
@@ -20,6 +20,7 @@
 #include <boost/asio.hpp>
 #include <boost/asio/ssl.hpp>
 #include <boost/property_tree/ptree.hpp>
+#include "I2PControlHandlers.h"

 namespace i2p
 {
@@ -32,7 +33,7 @@ namespace client
 	const char I2P_CONTROL_CERTIFICATE_COMMON_NAME[] = "i2pd.i2pcontrol";
 	const char I2P_CONTROL_CERTIFICATE_ORGANIZATION[] = "Purple I2P";

-	class I2PControlService
+	class I2PControlService: public I2PControlHandlers
 	{
 		typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> ssl_socket;

@@ -63,61 +64,24 @@ namespace client

 		private:

-			void InsertParam (std::ostringstream& ss, const std::string& name, int value) const;
-			void InsertParam (std::ostringstream& ss, const std::string& name, double value) const;
-			void InsertParam (std::ostringstream& ss, const std::string& name, const std::string& value, bool quotes = true) const;
-			void InsertParam (std::ostringstream& ss, const std::string& name, const boost::property_tree::ptree& value) const;
-
 			// methods
 			typedef void (I2PControlService::*MethodHandler)(const boost::property_tree::ptree& params, std::ostringstream& results);

 			void AuthenticateHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
 			void EchoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
 			void I2PControlHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
-			void RouterInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
 			void RouterManagerHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
-			void NetworkSettingHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
-			void ClientServicesInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);

 			// I2PControl
 			typedef void (I2PControlService::*I2PControlRequestHandler)(const std::string& value);
 			void PasswordHandler (const std::string& value);

-			// RouterInfo
-			typedef void (I2PControlService::*RouterInfoRequestHandler)(std::ostringstream& results);
-			void UptimeHandler (std::ostringstream& results);
-			void VersionHandler (std::ostringstream& results);
-			void StatusHandler (std::ostringstream& results);
-			void NetDbKnownPeersHandler (std::ostringstream& results);
-			void NetDbActivePeersHandler (std::ostringstream& results);
-			void NetStatusHandler (std::ostringstream& results);
-			void TunnelsParticipatingHandler (std::ostringstream& results);
-			void TunnelsSuccessRateHandler (std::ostringstream& results);
-			void InboundBandwidth1S (std::ostringstream& results);
-			void OutboundBandwidth1S (std::ostringstream& results);
-			void NetTotalReceivedBytes (std::ostringstream& results);
-			void NetTotalSentBytes (std::ostringstream& results);
-
 			// RouterManager
 			typedef void (I2PControlService::*RouterManagerRequestHandler)(std::ostringstream& results);
 			void ShutdownHandler (std::ostringstream& results);
 			void ShutdownGracefulHandler (std::ostringstream& results);
 			void ReseedHandler (std::ostringstream& results);

-			// NetworkSetting
-			typedef void (I2PControlService::*NetworkSettingRequestHandler)(const std::string& value, std::ostringstream& results);
-			void InboundBandwidthLimit  (const std::string& value, std::ostringstream& results);
-			void OutboundBandwidthLimit (const std::string& value, std::ostringstream& results);
-
-			// ClientServicesInfo
-			typedef void (I2PControlService::*ClientServicesInfoRequestHandler)(std::ostringstream& results);
-			void I2PTunnelInfoHandler (std::ostringstream& results);
-			void HTTPProxyInfoHandler (std::ostringstream& results);
-			void SOCKSInfoHandler (std::ostringstream& results);
-			void SAMInfoHandler (std::ostringstream& results);
-			void BOBInfoHandler (std::ostringstream& results);
-			void I2CPInfoHandler (std::ostringstream& results);
-
 		private:

 			std::string m_Password;
@@ -132,10 +96,7 @@ namespace client

 			std::map<std::string, MethodHandler> m_MethodHandlers;
 			std::map<std::string, I2PControlRequestHandler> m_I2PControlHandlers;
-			std::map<std::string, RouterInfoRequestHandler> m_RouterInfoHandlers;
 			std::map<std::string, RouterManagerRequestHandler> m_RouterManagerHandlers;
-			std::map<std::string, NetworkSettingRequestHandler> m_NetworkSettingHandlers;
-			std::map<std::string, ClientServicesInfoRequestHandler> m_ClientServicesInfoHandlers;
 	};
 }
 }
--- a/daemon/I2PControlHandlers.cpp
+++ b/daemon/I2PControlHandlers.cpp
@@ -0,0 +1,390 @@
+/*
+* Copyright (c) 2013-2022, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <iomanip>
+#define BOOST_BIND_GLOBAL_PLACEHOLDERS
+#include <boost/lexical_cast.hpp>
+#include <boost/property_tree/json_parser.hpp>
+
+#include "Log.h"
+#include "RouterContext.h"
+#include "NetDb.hpp"
+#include "Tunnel.h"
+#include "Transports.h"
+#include "version.h"
+#include "ClientContext.h"
+#include "I2PControlHandlers.h"
+
+namespace i2p
+{
+namespace client
+{
+	I2PControlHandlers::I2PControlHandlers ()
+	{
+		// RouterInfo
+		m_RouterInfoHandlers["i2p.router.uptime"]                    = &I2PControlHandlers::UptimeHandler;
+		m_RouterInfoHandlers["i2p.router.version"]                   = &I2PControlHandlers::VersionHandler;
+		m_RouterInfoHandlers["i2p.router.status"]                    = &I2PControlHandlers::StatusHandler;
+		m_RouterInfoHandlers["i2p.router.netdb.knownpeers"]          = &I2PControlHandlers::NetDbKnownPeersHandler;
+		m_RouterInfoHandlers["i2p.router.netdb.activepeers"]         = &I2PControlHandlers::NetDbActivePeersHandler;
+		m_RouterInfoHandlers["i2p.router.net.bw.inbound.1s"]         = &I2PControlHandlers::InboundBandwidth1S;
+		m_RouterInfoHandlers["i2p.router.net.bw.inbound.15s"]        = &I2PControlHandlers::InboundBandwidth15S;
+		m_RouterInfoHandlers["i2p.router.net.bw.outbound.1s"]        = &I2PControlHandlers::OutboundBandwidth1S;
+		m_RouterInfoHandlers["i2p.router.net.bw.outbound.15s"]       = &I2PControlHandlers::OutboundBandwidth15S;
+		m_RouterInfoHandlers["i2p.router.net.status"]                = &I2PControlHandlers::NetStatusHandler;
+		m_RouterInfoHandlers["i2p.router.net.tunnels.participating"] = &I2PControlHandlers::TunnelsParticipatingHandler;
+		m_RouterInfoHandlers["i2p.router.net.tunnels.successrate"]   = &I2PControlHandlers::TunnelsSuccessRateHandler;
+		m_RouterInfoHandlers["i2p.router.net.total.received.bytes"]  = &I2PControlHandlers::NetTotalReceivedBytes;
+		m_RouterInfoHandlers["i2p.router.net.total.sent.bytes"]      = &I2PControlHandlers::NetTotalSentBytes;
+
+		// NetworkSetting
+		m_NetworkSettingHandlers["i2p.router.net.bw.in"]  = &I2PControlHandlers::InboundBandwidthLimit;
+		m_NetworkSettingHandlers["i2p.router.net.bw.out"] = &I2PControlHandlers::OutboundBandwidthLimit;
+
+		// ClientServicesInfo
+		m_ClientServicesInfoHandlers["I2PTunnel"] = &I2PControlHandlers::I2PTunnelInfoHandler;
+		m_ClientServicesInfoHandlers["HTTPProxy"] = &I2PControlHandlers::HTTPProxyInfoHandler;
+		m_ClientServicesInfoHandlers["SOCKS"]     = &I2PControlHandlers::SOCKSInfoHandler;
+		m_ClientServicesInfoHandlers["SAM"]       = &I2PControlHandlers::SAMInfoHandler;
+		m_ClientServicesInfoHandlers["BOB"]       = &I2PControlHandlers::BOBInfoHandler;
+		m_ClientServicesInfoHandlers["I2CP"]      = &I2PControlHandlers::I2CPInfoHandler;
+	}
+
+	void I2PControlHandlers::InsertParam (std::ostringstream& ss, const std::string& name, int value) const
+	{
+		ss << "\"" << name << "\":" << value;
+	}
+
+	void I2PControlHandlers::InsertParam (std::ostringstream& ss, const std::string& name, const std::string& value, bool quotes) const
+	{
+		ss << "\"" << name << "\":";
+		if (value.length () > 0)
+		{
+			if (quotes)
+				ss << "\"" << value << "\"";
+			else
+				ss << value;
+		}
+		else
+			ss << "null";
+	}
+
+	void I2PControlHandlers::InsertParam (std::ostringstream& ss, const std::string& name, double value) const
+	{
+		ss << "\"" << name << "\":" << std::fixed << std::setprecision(2) << value;
+	}
+
+	void I2PControlHandlers::InsertParam (std::ostringstream& ss, const std::string& name, const boost::property_tree::ptree& value) const
+	{
+		std::ostringstream buf;
+		boost::property_tree::write_json (buf, value, false);
+		ss << "\"" << name << "\":" << buf.str();
+	}
+
+// RouterInfo
+
+	void I2PControlHandlers::RouterInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		bool first = true;
+		for (auto it = params.begin (); it != params.end (); it++)
+		{
+			LogPrint (eLogDebug, "I2PControl: RouterInfo request: ", it->first);
+			auto it1 = m_RouterInfoHandlers.find (it->first);
+			if (it1 != m_RouterInfoHandlers.end ())
+			{
+				if (!first) results << ",";
+				else first = false;
+				(this->*(it1->second))(results);
+			}
+			else
+				LogPrint (eLogError, "I2PControl: RouterInfo unknown request ", it->first);
+		}
+	}
+
+	void I2PControlHandlers::UptimeHandler (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.uptime", std::to_string (i2p::context.GetUptime ()*1000LL), false);
+	}
+
+	void I2PControlHandlers::VersionHandler (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.version", VERSION);
+	}
+
+	void I2PControlHandlers::StatusHandler (std::ostringstream& results)
+	{
+		auto dest = i2p::client::context.GetSharedLocalDestination ();
+		InsertParam (results, "i2p.router.status", (dest && dest->IsReady ()) ? "1" : "0");
+	}
+
+	void I2PControlHandlers::NetDbKnownPeersHandler (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.netdb.knownpeers", i2p::data::netdb.GetNumRouters ());
+	}
+
+	void I2PControlHandlers::NetDbActivePeersHandler (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.netdb.activepeers", (int)i2p::transport::transports.GetPeers ().size ());
+	}
+
+	void I2PControlHandlers::NetStatusHandler (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.net.status", (int)i2p::context.GetStatus ());
+	}
+
+	void I2PControlHandlers::TunnelsParticipatingHandler (std::ostringstream& results)
+	{
+		int transit = i2p::tunnel::tunnels.GetTransitTunnels ().size ();
+		InsertParam (results, "i2p.router.net.tunnels.participating", transit);
+	}
+
+	void I2PControlHandlers::TunnelsSuccessRateHandler (std::ostringstream& results)
+	{
+		int rate = i2p::tunnel::tunnels.GetTunnelCreationSuccessRate ();
+		InsertParam (results, "i2p.router.net.tunnels.successrate", rate);
+	}
+
+	void I2PControlHandlers::InboundBandwidth1S (std::ostringstream& results)
+	{
+		double bw = i2p::transport::transports.GetInBandwidth ();
+		InsertParam (results, "i2p.router.net.bw.inbound.1s", bw);
+	}
+
+	void I2PControlHandlers::InboundBandwidth15S (std::ostringstream& results)
+	{
+		double bw = i2p::transport::transports.GetInBandwidth15s ();
+		InsertParam (results, "i2p.router.net.bw.inbound.15s", bw);
+	}
+
+	void I2PControlHandlers::OutboundBandwidth1S (std::ostringstream& results)
+	{
+		double bw = i2p::transport::transports.GetOutBandwidth ();
+		InsertParam (results, "i2p.router.net.bw.outbound.1s", bw);
+	}
+
+	void I2PControlHandlers::OutboundBandwidth15S (std::ostringstream& results)
+	{
+		double bw = i2p::transport::transports.GetOutBandwidth15s ();
+		InsertParam (results, "i2p.router.net.bw.outbound.15s", bw);
+	}
+
+	void I2PControlHandlers::NetTotalReceivedBytes (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.net.total.received.bytes", (double)i2p::transport::transports.GetTotalReceivedBytes ());
+	}
+
+	void I2PControlHandlers::NetTotalSentBytes (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.net.total.sent.bytes", (double)i2p::transport::transports.GetTotalSentBytes ());
+	}
+
+// network setting
+	void I2PControlHandlers::NetworkSettingHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		for (auto it = params.begin (); it != params.end (); it++)
+		{
+			LogPrint (eLogDebug, "I2PControl: NetworkSetting request: ", it->first);
+			auto it1 = m_NetworkSettingHandlers.find (it->first);
+			if (it1 != m_NetworkSettingHandlers.end ()) {
+				if (it != params.begin ()) results << ",";
+				(this->*(it1->second))(it->second.data (), results);
+			} else
+				LogPrint (eLogError, "I2PControl: NetworkSetting unknown request: ", it->first);
+		}
+	}
+
+	void I2PControlHandlers::InboundBandwidthLimit (const std::string& value, std::ostringstream& results)
+	{
+		if (value != "null")
+			i2p::context.SetBandwidth (std::atoi(value.c_str()));
+		int bw = i2p::context.GetBandwidthLimit();
+		InsertParam (results, "i2p.router.net.bw.in", bw);
+	}
+
+	void I2PControlHandlers::OutboundBandwidthLimit (const std::string& value, std::ostringstream& results)
+	{
+		if (value != "null")
+			i2p::context.SetBandwidth (std::atoi(value.c_str()));
+		int bw = i2p::context.GetBandwidthLimit();
+		InsertParam (results, "i2p.router.net.bw.out", bw);
+	}
+
+// ClientServicesInfo
+
+	void I2PControlHandlers::ClientServicesInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		for (auto it = params.begin (); it != params.end (); it++)
+		{
+			LogPrint (eLogDebug, "I2PControl: ClientServicesInfo request: ", it->first);
+			auto it1 = m_ClientServicesInfoHandlers.find (it->first);
+			if (it1 != m_ClientServicesInfoHandlers.end ())
+			{
+				if (it != params.begin ()) results << ",";
+				(this->*(it1->second))(results);
+			}
+			else
+				LogPrint (eLogError, "I2PControl: ClientServicesInfo unknown request ", it->first);
+		}
+	}
+
+	void I2PControlHandlers::I2PTunnelInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+		boost::property_tree::ptree client_tunnels, server_tunnels;
+
+		for (auto& it: i2p::client::context.GetClientTunnels ())
+		{
+			auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+			boost::property_tree::ptree ct;
+			ct.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+			client_tunnels.add_child(it.second->GetName (), ct);
+		}
+
+		auto& serverTunnels = i2p::client::context.GetServerTunnels ();
+		if (!serverTunnels.empty ()) {
+			for (auto& it: serverTunnels)
+			{
+				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+				boost::property_tree::ptree st;
+				st.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+				st.put("port", it.second->GetLocalPort ());
+				server_tunnels.add_child(it.second->GetName (), st);
+			}
+		}
+
+		auto& clientForwards = i2p::client::context.GetClientForwards ();
+		if (!clientForwards.empty ())
+		{
+			for (auto& it: clientForwards)
+			{
+				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+				boost::property_tree::ptree ct;
+				ct.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+				client_tunnels.add_child(it.second->GetName (), ct);
+			}
+		}
+
+		auto& serverForwards = i2p::client::context.GetServerForwards ();
+		if (!serverForwards.empty ())
+		{
+			for (auto& it: serverForwards)
+			{
+				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+				boost::property_tree::ptree st;
+				st.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+				server_tunnels.add_child(it.second->GetName (), st);
+			}
+		}
+
+		pt.add_child("client", client_tunnels);
+		pt.add_child("server", server_tunnels);
+
+		InsertParam (results, "I2PTunnel", pt);
+	}
+
+	void I2PControlHandlers::HTTPProxyInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+
+		auto httpProxy = i2p::client::context.GetHttpProxy ();
+		if (httpProxy)
+		{
+			auto& ident = httpProxy->GetLocalDestination ()->GetIdentHash();
+			pt.put("enabled", true);
+			pt.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "HTTPProxy", pt);
+	}
+
+	void I2PControlHandlers::SOCKSInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+
+		auto socksProxy = i2p::client::context.GetSocksProxy ();
+		if (socksProxy)
+		{
+			auto& ident = socksProxy->GetLocalDestination ()->GetIdentHash();
+			pt.put("enabled", true);
+			pt.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "SOCKS", pt);
+	}
+
+	void I2PControlHandlers::SAMInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+		auto sam = i2p::client::context.GetSAMBridge ();
+		if (sam)
+		{
+			pt.put("enabled", true);
+			boost::property_tree::ptree sam_sessions;
+			for (auto& it: sam->GetSessions ())
+			{
+				boost::property_tree::ptree sam_session, sam_session_sockets;
+				auto& name = it.second->GetLocalDestination ()->GetNickname ();
+				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+				sam_session.put("name", name);
+				sam_session.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+
+				for (const auto& socket: sam->ListSockets(it.first))
+				{
+					boost::property_tree::ptree stream;
+					stream.put("type", socket->GetSocketType ());
+					stream.put("peer", socket->GetSocket ().remote_endpoint());
+
+					sam_session_sockets.push_back(std::make_pair("", stream));
+				}
+				sam_session.add_child("sockets", sam_session_sockets);
+				sam_sessions.add_child(it.first, sam_session);
+			}
+
+			pt.add_child("sessions", sam_sessions);
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "SAM", pt);
+	}
+
+	void I2PControlHandlers::BOBInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+		auto bob = i2p::client::context.GetBOBCommandChannel ();
+		if (bob)
+		{
+			/* TODO more info */
+			pt.put("enabled", true);
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "BOB", pt);
+	}
+
+	void I2PControlHandlers::I2CPInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+		auto i2cp = i2p::client::context.GetI2CPServer ();
+		if (i2cp)
+		{
+			/* TODO more info */
+			pt.put("enabled", true);
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "I2CP", pt);
+	}
+}
+}
--- a/daemon/I2PControlHandlers.h
+++ b/daemon/I2PControlHandlers.h
@@ -0,0 +1,82 @@
+/*
+* Copyright (c) 2013-2022, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#ifndef I2P_CONTROL_HANDLERS_H__
+#define I2P_CONTROL_HANDLERS_H__
+
+#include <sstream>
+#include <map>
+#include <string>
+#include <boost/property_tree/ptree.hpp>
+
+namespace i2p
+{
+namespace client
+{
+	class I2PControlHandlers
+	{
+		public:
+
+			I2PControlHandlers ();
+
+			// methods
+			// TODO: make protected
+			void RouterInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void NetworkSettingHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void ClientServicesInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+
+		protected:
+
+			void InsertParam (std::ostringstream& ss, const std::string& name, int value) const;
+			void InsertParam (std::ostringstream& ss, const std::string& name, double value) const;
+			void InsertParam (std::ostringstream& ss, const std::string& name, const std::string& value, bool quotes = true) const;
+			void InsertParam (std::ostringstream& ss, const std::string& name, const boost::property_tree::ptree& value) const;
+
+		private:
+
+			// RouterInfo
+			typedef void (I2PControlHandlers::*RouterInfoRequestHandler)(std::ostringstream& results);
+			void UptimeHandler (std::ostringstream& results);
+			void VersionHandler (std::ostringstream& results);
+			void StatusHandler (std::ostringstream& results);
+			void NetDbKnownPeersHandler (std::ostringstream& results);
+			void NetDbActivePeersHandler (std::ostringstream& results);
+			void NetStatusHandler (std::ostringstream& results);
+			void TunnelsParticipatingHandler (std::ostringstream& results);
+			void TunnelsSuccessRateHandler (std::ostringstream& results);
+			void InboundBandwidth1S (std::ostringstream& results);
+			void InboundBandwidth15S (std::ostringstream& results);
+			void OutboundBandwidth1S (std::ostringstream& results);
+			void OutboundBandwidth15S (std::ostringstream& results);
+			void NetTotalReceivedBytes (std::ostringstream& results);
+			void NetTotalSentBytes (std::ostringstream& results);
+
+			// NetworkSetting
+			typedef void (I2PControlHandlers::*NetworkSettingRequestHandler)(const std::string& value, std::ostringstream& results);
+			void InboundBandwidthLimit  (const std::string& value, std::ostringstream& results);
+			void OutboundBandwidthLimit (const std::string& value, std::ostringstream& results);
+
+			// ClientServicesInfo
+			typedef void (I2PControlHandlers::*ClientServicesInfoRequestHandler)(std::ostringstream& results);
+			void I2PTunnelInfoHandler (std::ostringstream& results);
+			void HTTPProxyInfoHandler (std::ostringstream& results);
+			void SOCKSInfoHandler (std::ostringstream& results);
+			void SAMInfoHandler (std::ostringstream& results);
+			void BOBInfoHandler (std::ostringstream& results);
+			void I2CPInfoHandler (std::ostringstream& results);
+
+		private:
+
+			std::map<std::string, RouterInfoRequestHandler> m_RouterInfoHandlers;
+			std::map<std::string, NetworkSettingRequestHandler> m_NetworkSettingHandlers;
+			std::map<std::string, ClientServicesInfoRequestHandler> m_ClientServicesInfoHandlers;
+	};
+}
+}
+
+#endif
--- a/daemon/UPnP.cpp
+++ b/daemon/UPnP.cpp
@@ -93,7 +93,7 @@ namespace transport
 #endif

 		isError = err != UPNPDISCOVER_SUCCESS;
-#else  // MINIUPNPC_API_VERSION >= 8
+#else // MINIUPNPC_API_VERSION >= 8
 		err = 0;
 		m_Devlist = upnpDiscover (UPNP_RESPONSE_TIMEOUT, NULL, NULL, 0);
 		isError = m_Devlist == NULL;
@@ -159,8 +159,9 @@ namespace transport

 	void UPnP::PortMapping ()
 	{
-		const auto& a = context.GetRouterInfo().GetAddresses();
-		for (const auto& address : a)
+		auto a = context.GetRouterInfo().GetAddresses();
+		if (!a) return;
+		for (const auto& address : *a)
 		{
 			if (!address->host.is_v6 () && address->port)
 				TryPortMapping (address);
@@ -210,8 +211,9 @@ namespace transport

 	void UPnP::CloseMapping ()
 	{
-		const auto& a = context.GetRouterInfo().GetAddresses();
-		for (const auto& address : a)
+		auto a = context.GetRouterInfo().GetAddresses();
+		if (!a) return;
+		for (const auto& address : *a)
 		{
 			if (!address->host.is_v6 () && address->port)
 			CloseMapping (address);
@@ -248,10 +250,10 @@ namespace transport
 	{
 		switch (address->transportStyle)
 		{
-			case i2p::data::RouterInfo::eTransportNTCP:
+			case i2p::data::RouterInfo::eTransportNTCP2:
 				return "TCP";
 				break;
-			case i2p::data::RouterInfo::eTransportSSU:
+			case i2p::data::RouterInfo::eTransportSSU2:
 			default:
 				return "UDP";
 		}
--- a/daemon/UPnP.h
+++ b/daemon/UPnP.h
@@ -51,7 +51,7 @@ namespace transport
 		private:

 			void Discover ();
-			int  CheckMapping (const char* port, const char* type);
+			int CheckMapping (const char* port, const char* type);
 			void PortMapping ();
 			void TryPortMapping (std::shared_ptr<i2p::data::RouterInfo::Address> address);
 			void CloseMapping ();
@@ -80,7 +80,7 @@ namespace transport
 }
 }

-#else  // USE_UPNP
+#else // USE_UPNP
 namespace i2p {
 namespace transport {
 	/* class stub */
--- a/daemon/UnixDaemon.cpp
+++ b/daemon/UnixDaemon.cpp
@@ -24,6 +24,7 @@
 #include "Tunnel.h"
 #include "RouterContext.h"
 #include "ClientContext.h"
+#include "Transports.h"

 void handle_signal(int sig)
 {
@@ -54,6 +55,14 @@ void handle_signal(int sig)
 		case SIGPIPE:
 			LogPrint(eLogInfo, "SIGPIPE received");
 		break;
+		case SIGTSTP:
+			LogPrint(eLogInfo, "Daemon: Got SIGTSTP, disconnecting from network...");
+			i2p::transport::transports.SetOnline(false);
+		break;
+		case SIGCONT:
+			LogPrint(eLogInfo, "Daemon: Got SIGCONT, restoring connection to network...");
+			i2p::transport::transports.SetOnline(true);
+		break;
 	}
 }

@@ -171,6 +180,9 @@ namespace i2p
 			}
 			gracefulShutdownInterval = 0; // not specified

+			// handle signal TSTP
+			bool handleTSTP; i2p::config::GetOption("unix.handle_sigtstp", handleTSTP);
+
 			// Signal handler
 			struct sigaction sa;
 			sa.sa_handler = handle_signal;
@@ -182,6 +194,11 @@ namespace i2p
 			sigaction(SIGTERM, &sa, 0);
 			sigaction(SIGINT, &sa, 0);
 			sigaction(SIGPIPE, &sa, 0);
+			if (handleTSTP)
+			{
+				sigaction(SIGTSTP, &sa, 0);
+				sigaction(SIGCONT, &sa, 0);
+			}

 			return Daemon_Singleton::start();
 		}
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,28 @@
+i2pd (2.44.0-1) unstable; urgency=medium
+
+  * updated to version 2.44.0/0.9.56
+
+ -- orignal <orignal@i2pmail.org>  Sun, 20 Nov 2022 19:00:00 +0000
+
+i2pd (2.43.0-1) unstable; urgency=medium
+
+  * updated to version 2.43.0/0.9.55
+
+ -- orignal <orignal@i2pmail.org>  Mon, 22 Aug 2022 16:00:00 +0000
+
+i2pd (2.42.1-1) unstable; urgency=medium
+
+  * updated to version 2.42.1/0.9.54
+  * remove -O3 optimization flag
+
+ -- r4sas <r4sas@i2pmail.org>  Tue, 24 May 2022 12:00:00 +0000
+
+i2pd (2.42.0-1) unstable; urgency=medium
+
+  * updated to version 2.42.0/0.9.54
+
+ -- orignal <orignal@i2pmail.org>  Sun, 22 May 2022 16:00:00 +0000
+
 i2pd (2.41.0-1) unstable; urgency=medium

  * updated to version 2.41.0/0.9.53
--- a/debian/patches/02-upnp.patch
+++ b/debian/patches/02-upnp.patch
@@ -2,14 +2,14 @@ Description: Enable UPnP usage in package
 Author: r4sas <r4sas@i2pmail.org>

 Reviewed-By: r4sas <r4sas@i2pmail.org>
-Last-Update: 2021-10-22
+Last-Update: 2022-03-23

 --- i2pd.orig/Makefile
 +++ i2pd/Makefile
-@@ -32,7 +32,7 @@ include filelist.mk
+@@ -31,7 +31,7 @@ include filelist.mk
+ 
 USE_AESNI       := $(or $(USE_AESNI),yes)
 USE_STATIC      := $(or $(USE_STATIC),no)
- USE_MESHNET     := $(or $(USE_MESHNET),no)
 -USE_UPNP        := $(or $(USE_UPNP),no)
 +USE_UPNP        := $(or $(USE_UPNP),yes)
 DEBUG           := $(or $(DEBUG),yes)
--- a/debian/rules
+++ b/debian/rules
@@ -1,16 +1,13 @@
 #!/usr/bin/make -f
 #export DH_VERBOSE=1
-
-
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all

-
 include /usr/share/dpkg/architecture.mk

-export DEB_CXXFLAGS_MAINT_APPEND  = -Wall -pedantic -O3
-
+export DEB_CXXFLAGS_MAINT_APPEND  = -Wall -pedantic
 export DEB_LDFLAGS_MAINT_APPEND =

-
 %:
 	dh $@ --parallel
+
+override_dh_auto_install:
--- a/i18n/Chinese.cpp
+++ b/i18n/Chinese.cpp
@@ -0,0 +1,217 @@
+/*
+* Copyright (c) 2022, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <map>
+#include <vector>
+#include <string>
+#include <memory>
+#include "I18N.h"
+
+// Simplified Chinese localization file
+// This is an example translation file without strings in it.
+
+namespace i2p
+{
+namespace i18n
+{
+namespace chinese // language namespace
+{
+	// language name in lowercase
+	static std::string language = "chinese";
+
+	// See for language plural forms here:
+	// https://localization-guide.readthedocs.io/en/latest/l10n/pluralforms.html
+	static int plural (int n) {
+		return 0;
+	}
+
+	static std::map<std::string, std::string> strings
+	{
+		{"KiB", "KiB"},
+		{"MiB", "MiB"},
+		{"GiB", "GiB"},
+		{"building", "正在构建"},
+		{"failed", "连接失败"},
+		{"expiring", "即将过期"},
+		{"established", "连接成功"},
+		{"unknown", "未知"},
+		{"exploratory", "探索"},
+		{"Purple I2P Webconsole", "Purple I2P 网页控制台"},
+		{"<b>i2pd</b> webconsole", "<b>i2pd</b> 网页控制台"},
+		{"Main page", "主页"},
+		{"Router commands", "路由命令"},
+		{"Local Destinations", "本地目标"},
+		{"LeaseSets", "租契集"},
+		{"Tunnels", "隧道"},
+		{"Transit Tunnels", "中转隧道"},
+		{"Transports", "传输"},
+		{"I2P tunnels", "I2P 隧道"},
+		{"SAM sessions", "SAM 会话"},
+		{"ERROR", "错误"},
+		{"OK", "良好"},
+		{"Testing", "测试中"},
+		{"Firewalled", "受到防火墙限制"},
+		{"Unknown", "未知"},
+		{"Proxy", "代理"},
+		{"Mesh", "Mesh组网"},
+		{"Error", "错误"},
+		{"Clock skew", "时钟偏移"},
+		{"Offline", "离线"},
+		{"Symmetric NAT", "对称 NAT"},
+		{"Uptime", "运行时间"},
+		{"Network status", "IPv4 网络状态"},
+		{"Network status v6", "IPv6 网络状态"},
+		{"Stopping in", "距停止还有："},
+		{"Family", "家族"},
+		{"Tunnel creation success rate", "隧道创建成功率"},
+		{"Received", "已接收"},
+		{"KiB/s", "KiB/s"},
+		{"Sent", "已发送"},
+		{"Transit", "中转"},
+		{"Data path", "数据文件路径"},
+		{"Hidden content. Press on text to see.", "隐藏内容 请点击此处查看。"},
+		{"Router Ident", "路由身份"},
+		{"Router Family", "路由器家族"},
+		{"Router Caps", "路由器类型"},
+		{"Version", "版本"},
+		{"Our external address", "外部地址"},
+		{"supported", "支持"},
+		{"Routers", "路由节点"},
+		{"Floodfills", "洪泛节点"},
+		{"Client Tunnels", "客户端隧道"},
+		{"Services", "服务"},
+		{"Enabled", "启用"},
+		{"Disabled", "禁用"},
+		{"Encrypted B33 address", "加密的 B33 地址"},
+		{"Address registration line", "地址域名注册"},
+		{"Domain", "域名"},
+		{"Generate", "生成"},
+		{"<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.", "<b>注意：</b> 结果字符串只能用于注册次级域名(例如：example.i2p)。若需注册子域名，请使用 i2pd-tools。"},
+		{"Address", "地址"},
+		{"Type", "类型"},
+		{"EncType", "加密类型"},
+		{"Inbound tunnels", "入站隧道"},
+		{"ms", "毫秒"},
+		{"Outbound tunnels", "出站隧道"},
+		{"Tags", "标签"},
+		{"Incoming", "传入"},
+		{"Outgoing", "传出"},
+		{"Destination", "目标"},
+		{"Amount", "数量"},
+		{"Incoming Tags", "传入标签"},
+		{"Tags sessions", "标签会话"},
+		{"Status", "状态"},
+		{"Local Destination", "本地目标"},
+		{"Streams", "流"},
+		{"Close stream", "断开流"},
+		{"I2CP session not found", "未找到 I2CP 会话"},
+		{"I2CP is not enabled", "I2CP 未启用"},
+		{"Invalid", "无效"},
+		{"Store type", "存储类型"},
+		{"Expires", "过期时间"},
+		{"Non Expired Leases", "未到期的租约"},
+		{"Gateway", "网关"},
+		{"TunnelID", "隧道 ID"},
+		{"EndDate", "结束日期"},
+		{"not floodfill", "非洪泛"},
+		{"Queue size", "队列大小"},
+		{"Run peer test", "运行节点测试"},
+		{"Decline transit tunnels", "拒绝中转隧道"},
+		{"Accept transit tunnels", "允许中转隧道"},
+		{"Cancel graceful shutdown", "取消平滑关闭"},
+		{"Start graceful shutdown", "平滑关闭"},
+		{"Force shutdown", "强制停止"},
+		{"Reload external CSS styles", "重载外部 CSS 样式"},
+		{"<b>Note:</b> any action done here are not persistent and not changes your config files.", "<b>注意：</b> 此处完成的任何操作都不是永久的，不会更改您的配置文件。"},
+		{"Logging level", "日志记录级别"},
+		{"Transit tunnels limit", "中转隧道限制"},
+		{"Change", "修改"},
+		{"Change language", "更改语言"},
+		{"no transit tunnels currently built", "目前未构建中转隧道"},
+		{"SAM disabled", "SAM 已禁用"},
+		{"no sessions currently running", "没有正在运行的会话"},
+		{"SAM session not found", "未找到 SAM 会话"},
+		{"SAM Session", "SAM 会话"},
+		{"Server Tunnels", "服务器隧道"},
+		{"Client Forwards", "客户端转发"},
+		{"Server Forwards", "服务器转发"},
+		{"Unknown page", "未知页面"},
+		{"Invalid token", "无效令牌"},
+		{"SUCCESS", "成功"},
+		{"Stream closed", "流已关闭"},
+		{"Stream not found or already was closed", "流未找到或已关闭"},
+		{"Destination not found", "找不到目标"},
+		{"StreamID can't be null", "StreamID 不能为空"},
+		{"Return to destination page", "返回目标页面"},
+		{"You will be redirected in 5 seconds", "您将在5秒内被重定向"},
+		{"Transit tunnels count must not exceed 65535", "中转隧道数量不能超过 65535"},
+		{"Back to commands list", "返回命令列表"},
+		{"Register at reg.i2p", "在 reg.i2p 注册域名"},
+		{"Description", "描述"},
+		{"A bit information about service on domain", "在此域名上运行的服务的一些信息"},
+		{"Submit", "提交"},
+		{"Domain can't end with .b32.i2p", "域名不能以 .b32.i2p 结尾"},
+		{"Domain must end with .i2p", "域名必须以 .i2p 结尾"},
+		{"Such destination is not found", "找不到此目标"},
+		{"Unknown command", "未知指令"},
+		{"Command accepted", "已接受指令"},
+		{"Proxy error", "代理错误"},
+		{"Proxy info", "代理信息"},
+		{"Proxy error: Host not found", "代理错误：未找到主机"},
+		{"Remote host not found in router's addressbook", "在路由地址簿中未找到远程主机"},
+		{"You may try to find this host on jump services below", "您可以尝试在下方的跳转服务中找到该主机"},
+		{"Invalid request", "无效请求"},
+		{"Proxy unable to parse your request", "代理无法解析您的请求"},
+		{"addresshelper is not supported", "不支持地址助手"},
+		{"Host", "主机"},
+		{"added to router's addressbook from helper", "将此地址从地址助手添加到路由地址簿"},
+		{"Click here to proceed:", "点击此处继续:"},
+		{"Continue", "继续"},
+		{"Addresshelper found", "已找到地址助手"},
+		{"already in router's addressbook", "已在路由地址簿中"},
+		{"Click here to update record:", "点击此处更新地址簿记录"},
+		{"invalid request uri", "无效的 URL 请求"},
+		{"Can't detect destination host from request", "无法从请求中检测到目标主机"},
+		{"Outproxy failure", "出口代理故障"},
+		{"bad outproxy settings", "错误的出口代理设置"},
+		{"not inside I2P network, but outproxy is not enabled", "该地址不在 I2P 网络内，但未启用出口代理"},
+		{"unknown outproxy url", "未知的出口代理地址"},
+		{"cannot resolve upstream proxy", "无法解析上游代理"},
+		{"hostname too long", "主机名过长"},
+		{"cannot connect to upstream socks proxy", "无法连接到上游 socks 代理"},
+		{"Cannot negotiate with socks proxy", "无法与 socks 代理协商"},
+		{"CONNECT error", "连接错误"},
+		{"Failed to Connect", "连接失败"},
+		{"socks proxy error", "socks 代理错误"},
+		{"failed to send request to upstream", "向上游发送请求失败"},
+		{"No Reply From socks proxy", "没有来自 socks 代理的回复"},
+		{"cannot connect", "无法连接"},
+		{"http out proxy not implemented", "http 出口代理未实现"},
+		{"cannot connect to upstream http proxy", "无法连接到上游 http 代理"},
+		{"Host is down", "主机已关闭"},
+		{"Can't create connection to requested host, it may be down. Please try again later.", "无法创建到目标主机的连接。主机可能已下线，请稍后再试。"},
+		{"", ""},
+	};
+
+	static std::map<std::string, std::vector<std::string>> plurals
+	{
+		{"days", {"日"}},
+		{"hours", {"时"}},
+		{"minutes", {"分"}},
+		{"seconds", {"秒"}},
+		{"", {""}},
+	};
+
+	std::shared_ptr<const i2p::i18n::Locale> GetLocale()
+	{
+		return std::make_shared<i2p::i18n::Locale>(language, strings, plurals, [] (int n)->int { return plural(n); });
+	}
+
+} // language
+} // i18n
+} // i2p
--- a/i18n/French.cpp
+++ b/i18n/French.cpp
@@ -0,0 +1,211 @@
+/*
+* Copyright (c) 2022, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <map>
+#include <vector>
+#include <string>
+#include <memory>
+#include "I18N.h"
+
+// French localization file
+
+namespace i2p
+{
+namespace i18n
+{
+namespace french // language namespace
+{
+	// language name in lowercase
+	static std::string language = "french";
+
+	// See for language plural forms here:
+	// https://localization-guide.readthedocs.io/en/latest/l10n/pluralforms.html
+	static int plural (int n) {
+		return n != 1 ? 1 : 0;
+	}
+
+	static std::map<std::string, std::string> strings
+	{
+		{"KiB", "Kio"},
+		{"MiB", "Mio"},
+		{"GiB", "Gio"},
+		{"building", "En construction"},
+		{"failed", "échoué"},
+		{"expiring", "expiré"},
+		{"established", "établi"},
+		{"unknown", "inconnu"},
+		{"exploratory", "exploratoire"},
+		{"Purple I2P Webconsole", "Console web Purple I2P"},
+		{"<b>i2pd</b> webconsole", "Console web <b>i2pd</b>"},
+		{"Main page", "Page principale"},
+		{"Router commands", "Commandes du routeur"},
+		{"Local Destinations", "Destinations locales"},
+		{"LeaseSets", "Jeu de baux"},
+		{"Tunnels", "Tunnels"},
+		{"Transit Tunnels", "Tunnels transitoires"},
+		{"Transports", "Transports"},
+		{"I2P tunnels", "Tunnels I2P"},
+		{"SAM sessions", "Sessions SAM"},
+		{"ERROR", "ERREUR"},
+		{"OK", "OK"},
+		{"Testing", "Test en cours"},
+		{"Firewalled", "Derrière un pare-feu"},
+		{"Unknown", "Inconnu"},
+		{"Proxy", "Proxy"},
+		{"Mesh", "Maillé"},
+		{"Error", "Erreur"},
+		{"Clock skew", "Horloge décalée"},
+		{"Offline", "Hors ligne"},
+		{"Symmetric NAT", "NAT symétrique"},
+		{"Uptime", "Temps de fonctionnement"},
+		{"Network status", "État du réseau"},
+		{"Network status v6", "État du réseau v6"},
+		{"Stopping in", "Arrêt dans"},
+		{"Family", "Famille"},
+		{"Tunnel creation success rate", "Taux de succès de création de tunnels"},
+		{"Received", "Reçu"},
+		{"KiB/s", "kio/s"},
+		{"Sent", "Envoyé"},
+		{"Transit", "Transité"},
+		{"Data path", "Emplacement des données"},
+		{"Hidden content. Press on text to see.", "Contenu caché. Cliquez sur le texte pour afficher."},
+		{"Router Ident", "Identifiant du routeur"},
+		{"Router Family", "Famille du routeur"},
+		{"Router Caps", "Limiteurs du routeur"},
+		{"Version", "Version"},
+		{"Our external address", "Notre adresse externe"},
+		{"supported", "supporté"},
+		{"Routers", "Routeurs"},
+		{"Client Tunnels", "Tunnels clients"},
+		{"Services", "Services"},
+		{"Enabled", "Activé"},
+		{"Disabled", "Désactivé"},
+		{"Encrypted B33 address", "Adresse B33 chiffrée"},
+		{"Address registration line", "Ligne d'inscription de l'adresse"},
+		{"Domain", "Domaine"},
+		{"Generate", "Générer"},
+		{"<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.", "<b>Note:</b> La chaîne résultante peut seulement être utilisée pour enregistrer les domaines 2LD (exemple.i2p). Pour enregistrer des sous-domaines, veuillez utiliser i2pd-tools."},
+		{"Address", "Adresse"},
+		{"Type", "Type"},
+		{"Inbound tunnels", "Tunnels entrants"},
+		{"ms", "ms"},
+		{"Outbound tunnels", "Tunnels sortants"},
+		{"Tags", "Balises"},
+		{"Incoming", "Entrant"},
+		{"Outgoing", "Sortant"},
+		{"Destination", "Destination"},
+		{"Amount", "Quantité"},
+		{"Incoming Tags", "Balises entrantes"},
+		{"Tags sessions", "Sessions des balises"},
+		{"Status", "Statut"},
+		{"Local Destination", "Destination locale"},
+		{"Streams", "Flux"},
+		{"Close stream", "Fermer le flux"},
+		{"I2CP session not found", "Session I2CP introuvable"},
+		{"I2CP is not enabled", "I2CP est désactivé"},
+		{"Invalid", "Invalide"},
+		{"Store type", "Type de stockage"},
+		{"Expires", "Expire"},
+		{"Non Expired Leases", "Baux non expirés"},
+		{"Gateway", "Passerelle"},
+		{"TunnelID", "ID du tunnel"},
+		{"EndDate", "Date de fin"},
+		{"Queue size", "Longueur de la file"},
+		{"Run peer test", "Lancer test des pairs"},
+		{"Decline transit tunnels", "Refuser les tunnels transitoires"},
+		{"Accept transit tunnels", "Accepter les tunnels transitoires"},
+		{"Cancel graceful shutdown", "Annuler l'arrêt gracieux"},
+		{"Start graceful shutdown", "Démarrer l'arrêt gracieux"},
+		{"Force shutdown", "Forcer l'arrêt"},
+		{"Reload external CSS styles", "Rafraîchir les styles CSS externes"},
+		{"<b>Note:</b> any action done here are not persistent and not changes your config files.", "<b>Note:</b> Toute action effectuée ici n'est pas permanente et ne modifie pas vos fichiers de configuration."},
+		{"Logging level", "Niveau de journalisation"},
+		{"Transit tunnels limit", "Limite sur les tunnels transitoires"},
+		{"Change", "Changer"},
+		{"Change language", "Changer la langue"},
+		{"no transit tunnels currently built", "aucun tunnel transitoire présentement établi"},
+		{"SAM disabled", "SAM désactivé"},
+		{"no sessions currently running", "aucune session présentement en cours"},
+		{"SAM session not found", "session SAM introuvable"},
+		{"SAM Session", "Session SAM"},
+		{"Server Tunnels", "Tunnels serveurs"},
+		{"Unknown page", "Page inconnue"},
+		{"Invalid token", "Jeton invalide"},
+		{"SUCCESS", "SUCCÈS"},
+		{"Stream closed", "Flux fermé"},
+		{"Stream not found or already was closed", "Flux introuvable ou déjà fermé"},
+		{"Destination not found", "Destination introuvable"},
+		{"StreamID can't be null", "StreamID ne peut pas être vide"},
+		{"Return to destination page", "Retourner à la page de destination"},
+		{"You will be redirected in 5 seconds", "Vous allez être redirigé dans cinq secondes"},
+		{"Transit tunnels count must not exceed 65535", "Le nombre de tunnels transitoires ne doit pas dépasser 65535"},
+		{"Back to commands list", "Retour à la liste des commandes"},
+		{"Register at reg.i2p", "Inscription à reg.i2p"},
+		{"Description", "Description"},
+		{"A bit information about service on domain", "Un peu d'information à propos des services disponibles dans le domaine"},
+		{"Submit", "Soumettre"},
+		{"Domain can't end with .b32.i2p", "Le domaine ne peut pas terminer par .b32.i2p"},
+		{"Domain must end with .i2p", "Le domaine doit terminer par .i2p"},
+		{"Such destination is not found", "Cette destination est introuvable"},
+		{"Unknown command", "Commande inconnue"},
+		{"Command accepted", "Commande acceptée"},
+		{"Proxy error", "Erreur de proxy"},
+		{"Proxy info", "Information sur le proxy"},
+		{"Proxy error: Host not found", "Erreur de proxy: Hôte introuvable"},
+		{"Remote host not found in router's addressbook", "Hôte distant introuvable dans le carnet d'adresse du routeur"},
+		{"You may try to find this host on jump services below", "Vous pouvez essayer de trouver cet hôte sur des services de redirection ci-dessous"},
+		{"Invalid request", "Requête invalide"},
+		{"Proxy unable to parse your request", "Proxy incapable de comprendre votre requête"},
+		{"addresshelper is not supported", "Assistant d'adresse non supporté"},
+		{"Host", "Hôte"},
+		{"added to router's addressbook from helper", "Ajouté au carnet d'adresse du routeur par l'assistant"},
+		{"Click here to proceed:", "Cliquez ici pour continuer:"},
+		{"Continue", "Continuer"},
+		{"Addresshelper found", "Assistant d'adresse trouvé"},
+		{"already in router's addressbook", "déjà dans le carnet d'adresses du routeur"},
+		{"Click here to update record:", "Cliquez ici pour mettre à jour le carnet d'adresse:"},
+		{"invalid request uri", "uri de la requête invalide"},
+		{"Can't detect destination host from request", "Impossible de détecter l'hôte de destination à partir de la requête"},
+		{"Outproxy failure", "Échec de proxy de sortie"},
+		{"bad outproxy settings", "Mauvaise configuration du proxy de sortie"},
+		{"not inside I2P network, but outproxy is not enabled", "pas dans le réseau I2P, mais le proxy de sortie n'est pas activé"},
+		{"unknown outproxy url", "URL du proxy de sortie inconnu"},
+		{"cannot resolve upstream proxy", "impossible de résoudre l'adresse du proxy en amont"},
+		{"hostname too long", "nom d'hôte trop long"},
+		{"cannot connect to upstream socks proxy", "impossible de se connecter au proxy socks en amont"},
+		{"Cannot negotiate with socks proxy", "Impossible de négocier avec le proxy socks"},
+		{"CONNECT error", "Erreur de connexion"},
+		{"Failed to Connect", "Échec de connexion"},
+		{"socks proxy error", "Erreur de proxy socks"},
+		{"failed to send request to upstream", "Erreur lors de l'envoie de la requête en amont"},
+		{"No Reply From socks proxy", "Pas de réponse du proxy socks"},
+		{"cannot connect", "impossible de connecter"},
+		{"http out proxy not implemented", "Proxy de sortie HTTP non implémenté"},
+		{"cannot connect to upstream http proxy", "impossible de se connecter au proxy HTTP en amont"},
+		{"Host is down", "Hôte hors service"},
+		{"Can't create connection to requested host, it may be down. Please try again later.", "Impossible d'établir une connexion avec l'hôte, il est peut-être hors service. Veuillez réessayer plus tard."},
+		{"", ""},
+	};
+
+	static std::map<std::string, std::vector<std::string>> plurals
+	{
+		{"days", {"jour", "jours"}},
+		{"hours", {"heure", "heures"}},
+		{"minutes", {"minute", "minutes"}},
+		{"seconds", {"seconde", "secondes"}},
+		{"", {"", ""}},
+	};
+
+	std::shared_ptr<const i2p::i18n::Locale> GetLocale()
+	{
+		return std::make_shared<i2p::i18n::Locale>(language, strings, plurals, [] (int n)->int { return plural(n); });
+	}
+
+} // language
+} // i18n
+} // i2p
--- a/i18n/German.cpp
+++ b/i18n/German.cpp
@@ -36,14 +36,15 @@ namespace german // language namespace
 		{"GiB", "GiB"},
 		{"building", "In Bau"},
 		{"failed", "fehlgeschlagen"},
-		{"expiring", "läuft ab in"},
+		{"expiring", "läuft ab"},
 		{"established", "hergestellt"},
 		{"unknown", "Unbekannt"},
-		{"exploratory", "erforschende"},
-		{"<b>i2pd</b> webconsole", "<b>i2pd</b> Webkonsole"},
+		{"exploratory", "erforschend"},
+		{"Purple I2P Webconsole", "Purple I2P-Webkonsole"},
+		{"<b>i2pd</b> webconsole", "<b>i2pd</b>-Webkonsole"},
 		{"Main page", "Startseite"},
-		{"Router commands", "Router Befehle"},
-		{"Local Destinations", "Lokale Destination"},
+		{"Router commands", "Routerbefehle"},
+		{"Local Destinations", "Lokale Ziele"},
 		{"LeaseSets", "LeaseSets"},
 		{"Tunnels", "Tunnel"},
 		{"Transit Tunnels", "Transittunnel"},
@@ -53,7 +54,7 @@ namespace german // language namespace
 		{"ERROR", "FEHLER"},
 		{"OK", "OK"},
 		{"Testing", "Testen"},
-		{"Firewalled", "Hinter eine Firewall"},
+		{"Firewalled", "Hinter einer Firewall"},
 		{"Unknown", "Unbekannt"},
 		{"Proxy", "Proxy"},
 		{"Mesh", "Mesh"},
@@ -81,15 +82,15 @@ namespace german // language namespace
 		{"supported", "unterstützt"},
 		{"Routers", "Router"},
 		{"Floodfills", "Floodfills"},
-		{"Client Tunnels", "Klienttunnel"},
+		{"Client Tunnels", "Clienttunnel"},
 		{"Services", "Services"},
 		{"Enabled", "Aktiviert"},
 		{"Disabled", "Deaktiviert"},
-		{"Encrypted B33 address", "Verschlüsselte B33 Adresse"},
-		{"Address registration line", "Adresseregistrierungszeile"},
+		{"Encrypted B33 address", "Verschlüsselte B33-Adresse"},
+		{"Address registration line", "Adressregistrierungszeile"},
 		{"Domain", "Domain"},
 		{"Generate", "Generieren"},
-		{"<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.", "<b>Hinweis:</b> Der resultierende String kann nur für die Registrierung einer 2LD Domain (beispiel.i2p) benutzt werden. Für die Registrierung von Subdomains kann i2pd-tools verwendet werden."},
+		{"<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.", "<b>Hinweis:</b> Der resultierende String kann nur für die Registrierung einer 2LD-Domain (beispiel.i2p) benutzt werden. Für die Registrierung von Subdomains kann i2pd-tools verwendet werden."},
 		{"Address", "Adresse"},
 		{"Type", "Typ"},
 		{"EncType", "Verschlüsselungstyp"},
@@ -99,15 +100,15 @@ namespace german // language namespace
 		{"Tags", "Tags"},
 		{"Incoming", "Eingehend"},
 		{"Outgoing", "Ausgehend"},
-		{"Destination", "Destination"},
+		{"Destination", "Ziel"},
 		{"Amount", "Anzahl"},
 		{"Incoming Tags", "Eingehende Tags"},
-		{"Tags sessions", "Tags Sitzungen"},
+		{"Tags sessions", "Tags-Sitzungen"},
 		{"Status", "Status"},
-		{"Local Destination", "Lokale Destination"},
+		{"Local Destination", "Lokales Ziel"},
 		{"Streams", "Streams"},
 		{"Close stream", "Stream schließen"},
-		{"I2CP session not found", "I2CP Sitzung nicht gefunden"},
+		{"I2CP session not found", "I2CP-Sitzung nicht gefunden"},
 		{"I2CP is not enabled", "I2CP ist nicht aktiviert"},
 		{"Invalid", "Ungültig"},
 		{"Store type", "Speichertyp"},
@@ -117,67 +118,67 @@ namespace german // language namespace
 		{"TunnelID", "TunnelID"},
 		{"EndDate", "Enddatum"},
 		{"not floodfill", "kein Floodfill"},
-		{"Queue size", "Warteschlangengröße"},
-		{"Run peer test", "Peer-Test ausführen"},
+		{"Queue size", "Größe der Warteschlange"},
+		{"Run peer test", "Peer-Test durchführen"},
 		{"Decline transit tunnels", "Transittunnel ablehnen"},
 		{"Accept transit tunnels", "Transittunnel akzeptieren"},
-		{"Cancel graceful shutdown", "Beende das kontrollierte herunterfahren"},
+		{"Cancel graceful shutdown", "Beende das kontrollierte Herunterfahren"},
 		{"Start graceful shutdown", "Starte das kontrollierte Herunterfahren"},
 		{"Force shutdown", "Herunterfahren erzwingen"},
-		{"Reload external CSS styles", "Lade externe CSS-Styles neu"},
+		{"Reload external CSS styles", "Lade externe CSS-Stile neu"},
 		{"<b>Note:</b> any action done here are not persistent and not changes your config files.", "<b>Hinweis:</b> Alle hier durchgeführten Aktionen sind nicht dauerhaft und ändern die Konfigurationsdateien nicht."},
 		{"Logging level", "Protokollierungslevel"},
 		{"Transit tunnels limit", "Limit für Transittunnel"},
-		{"Change", "Verändern"},
+		{"Change", "Ändern"},
 		{"Change language", "Sprache ändern"},
 		{"no transit tunnels currently built", "derzeit keine Transittunnel aufgebaut"},
 		{"SAM disabled", "SAM deaktiviert"},
 		{"no sessions currently running", "Derzeit keine laufenden Sitzungen"},
-		{"SAM session not found", "SAM Sitzung nicht gefunden"},
-		{"SAM Session", "SAM Sitzung"},
+		{"SAM session not found", "SAM-Sitzung nicht gefunden"},
+		{"SAM Session", "SAM-Sitzung"},
 		{"Server Tunnels", "Servertunnel"},
-		{"Client Forwards", "Klient-Weiterleitungen"},
+		{"Client Forwards", "Client-Weiterleitungen"},
 		{"Server Forwards", "Server-Weiterleitungen"},
 		{"Unknown page", "Unbekannte Seite"},
 		{"Invalid token", "Ungültiger Token"},
 		{"SUCCESS", "ERFOLGREICH"},
 		{"Stream closed", "Stream geschlossen"},
 		{"Stream not found or already was closed", "Stream nicht gefunden oder bereits geschlossen"},
-		{"Destination not found", "Destination nicht gefunden"},
+		{"Destination not found", "Ziel nicht gefunden"},
 		{"StreamID can't be null", "StreamID kann nicht null sein"},
-		{"Return to destination page", "Zurück zur Destination-Seite"},
+		{"Return to destination page", "Zurück zur Ziel-Seite"},
 		{"You will be redirected in 5 seconds", "Du wirst in 5 Sekunden weitergeleitet"},
 		{"Transit tunnels count must not exceed 65535", "Es darf maximal 65535 Transittunnel geben"},
-		{"Back to commands list", "Zurück zur Kommandoliste"},
+		{"Back to commands list", "Zurück zur Befehlsliste"},
 		{"Register at reg.i2p", "Auf reg.i2p registrieren"},
 		{"Description", "Beschreibung"},
-		{"A bit information about service on domain", "Ein bisschen Informationen über den Service auf der Domain"},
-		{"Submit", "Einreichen"},
-		{"Domain can't end with .b32.i2p", "Domain kann nicht mit .b32.i2p enden"},
-		{"Domain must end with .i2p", "Domain muss mit .i2p enden"},
-		{"Such destination is not found", "Eine solche Destination konnte nicht gefunden werden"},
+		{"A bit information about service on domain", "Ein paar Informationen über den Service auf der Domain"},
+		{"Submit", "Absenden"},
+		{"Domain can't end with .b32.i2p", "Domain kann nicht auf .b32.i2p enden"},
+		{"Domain must end with .i2p", "Domain muss auf .i2p enden"},
+		{"Such destination is not found", "Ein solches Ziel konnte nicht gefunden werden"},
 		{"Unknown command", "Unbekannter Befehl"},
 		{"Command accepted", "Befehl akzeptiert"},
 		{"Proxy error", "Proxy-Fehler"},
 		{"Proxy info", "Proxy-Info"},
 		{"Proxy error: Host not found", "Proxy-Fehler: Host nicht gefunden"},
-		{"Remote host not found in router's addressbook", "Remote-Host nicht im Router Adressbuch gefunden"},
-		{"You may try to find this host on jump services below", "Vielleicht kannst du diesen Host auf einen der Jump-Services unten finden"},
+		{"Remote host not found in router's addressbook", "Remote-Host nicht im Router-Adressbuch gefunden"},
+		{"You may try to find this host on jump services below", "Vielleicht kannst du diesen Host auf einem der nachfolgenden Jump-Services finden"},
 		{"Invalid request", "Ungültige Anfrage"},
-		{"Proxy unable to parse your request", "Proxy konnte die Anfrage nicht interpretieren"},
-		{"addresshelper is not supported", "addresshelper wird nicht unterstützt"},
+		{"Proxy unable to parse your request", "Proxy konnte die Anfrage nicht verarbeiten"},
+		{"addresshelper is not supported", "Addresshelfer wird nicht unterstützt"},
 		{"Host", "Host"},
-		{"added to router's addressbook from helper", "vom Helfer zum Router Adressbuch hinzugefügt"},
+		{"added to router's addressbook from helper", "vom Helfer zum Router-Adressbuch hinzugefügt"},
 		{"Click here to proceed:", "Klicke hier um fortzufahren:"},
 		{"Continue", "Fortsetzen"},
 		{"Addresshelper found", "Adresshelfer gefunden"},
 		{"already in router's addressbook", "bereits im Adressbuch des Routers"},
 		{"Click here to update record:", "Klicke hier, um den Eintrag zu aktualisieren:"},
 		{"invalid request uri", "ungültige Anfrage-URI"},
-		{"Can't detect destination host from request", "Kann Anhand der Anfrage den Destination-Host nicht erkennen"},
+		{"Can't detect destination host from request", "Kann den Ziel-Host von der Anfrage nicht erkennen"},
 		{"Outproxy failure", "Outproxy-Fehler"},
 		{"bad outproxy settings", "ungültige Outproxy-Einstellungen"},
-		{"not inside I2P network, but outproxy is not enabled", "nicht innerhalb des I2P-Netzwerks, aber Outproxy ist nicht aktiviert"},
+		{"not inside I2P network, but outproxy is not enabled", "außerhalb des I2P-Netzwerks, aber Outproxy ist nicht aktiviert"},
 		{"unknown outproxy url", "unbekannte Outproxy-URL"},
 		{"cannot resolve upstream proxy", "kann den Upstream-Proxy nicht auflösen"},
 		{"hostname too long", "Hostname zu lang"},
@@ -192,7 +193,7 @@ namespace german // language namespace
 		{"http out proxy not implemented", "HTTP-Outproxy nicht implementiert"},
 		{"cannot connect to upstream http proxy", "Kann nicht zu Upstream-HTTP-Proxy verbinden"},
 		{"Host is down", "Host ist offline"},
-		{"Can't create connection to requested host, it may be down. Please try again later.", "Konnte keine Verbindung zum angefragten Host aufbaunen, vielleicht ist es offline. Versuche es später noch einmal."},
+		{"Can't create connection to requested host, it may be down. Please try again later.", "Konnte keine Verbindung zum angefragten Host aufbauen, vielleicht ist er offline. Versuche es später noch mal."},
 		{"", ""},
 	};

--- a/i18n/I18N.cpp
+++ b/i18n/I18N.cpp
@@ -0,0 +1,36 @@
+/*
+* Copyright (c) 2021-2022, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include "ClientContext.h"
+#include "I18N_langs.h"
+#include "I18N.h"
+
+namespace i2p
+{
+namespace i18n
+{
+	void SetLanguage(const std::string &lang)
+	{
+		const auto it = i2p::i18n::languages.find(lang);
+		if (it == i2p::i18n::languages.end()) // fallback
+			i2p::client::context.SetLanguage (i2p::i18n::english::GetLocale());
+		else
+			i2p::client::context.SetLanguage (it->second.LocaleFunc());
+	}
+
+	std::string translate (const std::string& arg)
+	{
+		return i2p::client::context.GetLanguage ()->GetString (arg);
+	}
+
+	std::string translate (const std::string& arg, const std::string& arg2, const int& n)
+	{
+		return i2p::client::context.GetLanguage ()->GetPlural (arg, arg2, n);
+	}
+} // i18n
+} // i2p
--- a/i18n/I18N.h
+++ b/i18n/I18N.h
@@ -9,30 +9,68 @@
 #ifndef __I18N_H__
 #define __I18N_H__

-#include "ClientContext.h"
+#include <string>
+#include <map>
+#include <utility>
+#include <functional>

 namespace i2p
 {
 namespace i18n
 {
-	inline void SetLanguage(const std::string &lang)
+	class Locale
 	{
-		const auto it = i2p::i18n::languages.find(lang);
-		if (it == i2p::i18n::languages.end()) // fallback
-			i2p::client::context.SetLanguage (i2p::i18n::english::GetLocale());
-		else
-			i2p::client::context.SetLanguage (it->second.LocaleFunc());
-	}
+		public:
+			Locale (
+				const std::string& language,
+				const std::map<std::string, std::string>& strings,
+				const std::map<std::string, std::vector<std::string>>& plurals,
+				std::function<int(int)> formula
+			): m_Language (language), m_Strings (strings), m_Plurals (plurals), m_Formula (formula) { };

-	inline std::string translate (const std::string& arg)
-	{
-		return i2p::client::context.GetLanguage ()->GetString (arg);
-	}
+			// Get activated language name for webconsole
+			std::string GetLanguage() const
+			{
+				return m_Language;
+			}

-	inline std::string translate (const std::string& arg, const std::string& arg2, const int& n)
-	{
-		return i2p::client::context.GetLanguage ()->GetPlural (arg, arg2, n);
-	}
+			std::string GetString (const std::string& arg) const
+			{
+				const auto it = m_Strings.find(arg);
+				if (it == m_Strings.end())
+				{
+					return arg;
+				}
+				else
+				{
+					return it->second;
+				}
+			}
+
+			std::string GetPlural (const std::string& arg, const std::string& arg2, const int& n) const
+			{
+				const auto it = m_Plurals.find(arg2);
+				if (it == m_Plurals.end()) // not found, fallback to english
+				{
+					return n == 1 ? arg : arg2;
+				}
+				else
+				{
+					int form = m_Formula(n);
+					return it->second[form];
+				}
+			}
+
+		private:
+			const std::string m_Language;
+			const std::map<std::string, std::string> m_Strings;
+			const std::map<std::string, std::vector<std::string>> m_Plurals;
+			std::function<int(int)> m_Formula;
+	};
+	
+	void SetLanguage(const std::string &lang);
+	std::string translate (const std::string& arg);
+	std::string translate (const std::string& arg, const std::string& arg2, const int& n);
 } // i18n
 } // i2p

--- a/i18n/I18N_langs.h
+++ b/i18n/I18N_langs.h
@@ -9,60 +9,12 @@
 #ifndef __I18N_LANGS_H__
 #define __I18N_LANGS_H__

+#include "I18N.h"
+
 namespace i2p
 {
 namespace i18n
 {
-	class Locale
-	{
-		public:
-			Locale (
-				const std::string& language,
-				const std::map<std::string, std::string>& strings,
-				const std::map<std::string, std::vector<std::string>>& plurals,
-				std::function<int(int)> formula
-			): m_Language (language), m_Strings (strings), m_Plurals (plurals), m_Formula (formula) { };
-
-			// Get activated language name for webconsole
-			std::string GetLanguage() const
-			{
-				return m_Language;
-			}
-
-			std::string GetString (const std::string& arg) const
-			{
-				const auto it = m_Strings.find(arg);
-				if (it == m_Strings.end())
-				{
-					return arg;
-				}
-				else
-				{
-					return it->second;
-				}
-			}
-
-			std::string GetPlural (const std::string& arg, const std::string& arg2, const int& n) const
-			{
-				const auto it = m_Plurals.find(arg2);
-				if (it == m_Plurals.end()) // not found, fallback to english
-				{
-					return n == 1 ? arg : arg2;
-				}
-				else
-				{
-					int form = m_Formula(n);
-					return it->second[form];
-				}
-			}
-
-		private:
-			const std::string m_Language;
-			const std::map<std::string, std::string> m_Strings;
-			const std::map<std::string, std::vector<std::string>> m_Plurals;
-			std::function<int(int)> m_Formula;
-	};
-
 	struct langData
 	{
 		std::string LocaleName; // localized name
@@ -73,9 +25,13 @@ namespace i18n
 	// Add localization here with language name as namespace
 	namespace afrikaans { std::shared_ptr<const i2p::i18n::Locale> GetLocale (); }
 	namespace armenian  { std::shared_ptr<const i2p::i18n::Locale> GetLocale (); }
+	namespace chinese   { std::shared_ptr<const i2p::i18n::Locale> GetLocale (); }
 	namespace english   { std::shared_ptr<const i2p::i18n::Locale> GetLocale (); }
+	namespace french    { std::shared_ptr<const i2p::i18n::Locale> GetLocale (); }
 	namespace german    { std::shared_ptr<const i2p::i18n::Locale> GetLocale (); }
+	namespace italian   { std::shared_ptr<const i2p::i18n::Locale> GetLocale (); }
 	namespace russian   { std::shared_ptr<const i2p::i18n::Locale> GetLocale (); }
+	namespace spanish   { std::shared_ptr<const i2p::i18n::Locale> GetLocale (); }
 	namespace turkmen   { std::shared_ptr<const i2p::i18n::Locale> GetLocale (); }
 	namespace ukrainian { std::shared_ptr<const i2p::i18n::Locale> GetLocale (); }
 	namespace uzbek     { std::shared_ptr<const i2p::i18n::Locale> GetLocale (); }
@@ -86,12 +42,16 @@ namespace i18n
 	static std::map<std::string, langData> languages
 	{
 		{ "afrikaans", {"Afrikaans", "af", i2p::i18n::afrikaans::GetLocale} },
-		{ "armenian", {"հայերէն", "hy", i2p::i18n::armenian::GetLocale} },
+		{ "armenian", {"hայերէն", "hy", i2p::i18n::armenian::GetLocale} },
+		{ "chinese", {"简体字", "zh-CN", i2p::i18n::chinese::GetLocale} },
 		{ "english", {"English", "en", i2p::i18n::english::GetLocale} },
+		{ "french", {"Français", "fr", i2p::i18n::french::GetLocale} },
 		{ "german", {"Deutsch", "de", i2p::i18n::german::GetLocale} },
-		{ "russian", {"русский язык", "ru", i2p::i18n::russian::GetLocale} },
-		{ "turkmen", {"türkmen dili", "tk", i2p::i18n::turkmen::GetLocale} },
-		{ "ukrainian", {"украї́нська мо́ва", "uk", i2p::i18n::ukrainian::GetLocale} },
+		{ "italian", {"Italiano", "it", i2p::i18n::italian::GetLocale} },
+		{ "russian", {"Русский язык", "ru", i2p::i18n::russian::GetLocale} },
+		{ "spanish", {"Español", "es", i2p::i18n::spanish::GetLocale} },
+		{ "turkmen", {"Türkmen dili", "tk", i2p::i18n::turkmen::GetLocale} },
+		{ "ukrainian", {"Украї́нська мо́ва", "uk", i2p::i18n::ukrainian::GetLocale} },
 		{ "uzbek", {"Oʻzbek", "uz", i2p::i18n::uzbek::GetLocale} },
 	};

--- a/i18n/Italian.cpp
+++ b/i18n/Italian.cpp
@@ -0,0 +1,216 @@
+/*
+* Copyright (c) 2022, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <map>
+#include <vector>
+#include <string>
+#include <memory>
+#include "I18N.h"
+
+// Italian localization file
+
+namespace i2p
+{
+namespace i18n
+{
+namespace italian // language namespace
+{
+	// language name in lowercase
+	static std::string language = "italian";
+
+	// See for language plural forms here:
+	// https://localization-guide.readthedocs.io/en/latest/l10n/pluralforms.html
+	static int plural (int n) {
+		return n != 1 ? 1 : 0;
+	}
+
+	static std::map<std::string, std::string> strings
+	{
+		{"KiB", "KiB"},
+		{"MiB", "MiB"},
+		{"GiB", "GiB"},
+		{"building", "in costruzione"},
+		{"failed", "fallito"},
+		{"expiring", "in scadenza"},
+		{"established", "stabilita"},
+		{"unknown", "sconosciuto"},
+		{"exploratory", "esplorativo"},
+		{"Purple I2P Webconsole", "Terminale web Purple I2P"},
+		{"<b>i2pd</b> webconsole", "Terminal web <b>i2pd</b>"},
+		{"Main page", "Pagina principale"},
+		{"Router commands", "Comandi router"},
+		{"Local Destinations", "Destinazioni locali"},
+		{"LeaseSets", "LeaseSets"},
+		{"Tunnels", "Tunnel"},
+		{"Transit Tunnels", "Tunnel di transito"},
+		{"Transports", "Trasporti"},
+		{"I2P tunnels", "Tunnel I2P"},
+		{"SAM sessions", "Sessioni SAM"},
+		{"ERROR", "ERRORE"},
+		{"OK", "OK"},
+		{"Testing", "Testando"},
+		{"Firewalled", "Protetto da firewall"},
+		{"Unknown", "Sconosciuto"},
+		{"Proxy", "Proxy"},
+		{"Mesh", "Mesh"},
+		{"Error", "Errore"},
+		{"Clock skew", "Orologio disallineato"},
+		{"Offline", "Disconnesso"},
+		{"Symmetric NAT", "NAT simmetrico"},
+		{"Uptime", "In funzione da"},
+		{"Network status", "Stato della rete"},
+		{"Network status v6", "Stato della rete v6"},
+		{"Stopping in", "Arresto in"},
+		{"Family", "Famiglia"},
+		{"Tunnel creation success rate", "Percentuale di tunnel creati con successo"},
+		{"Received", "Ricevuti"},
+		{"KiB/s", "KiB/s"},
+		{"Sent", "Inviati"},
+		{"Transit", "Transitati"},
+		{"Data path", "Percorso dati"},
+		{"Hidden content. Press on text to see.", "Contenuto nascosto. Premi sul testo per vedere."},
+		{"Router Ident", "Identificativo del router"},
+		{"Router Family", "Famiglia del router"},
+		{"Router Caps", "Limiti del router"},
+		{"Version", "Versione"},
+		{"Our external address", "Il nostro indirizzo esterno"},
+		{"supported", "supportato"},
+		{"Routers", "Router"},
+		{"Floodfills", "Floodfill"},
+		{"Client Tunnels", "Tunnel client"},
+		{"Services", "Servizi"},
+		{"Enabled", "Abilitato"},
+		{"Disabled", "Disabilitato"},
+		{"Encrypted B33 address", "Indirizzo criptato B33"},
+		{"Address registration line", "Linea di registrazione indirizzo"},
+		{"Domain", "Dominio"},
+		{"Generate", "Genera"},
+		{"<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.", "<b>Nota:</b> la stringa risultante può essere utilizzata solo per registrare domini 2LD (example.i2p). Per registrare i sottodomini, si prega di utilizzare i2pd-tools."},
+		{"Address", "Indirizzo"},
+		{"Type", "Tipologia"},
+		{"EncType", "Tipo di crittografia"},
+		{"Inbound tunnels", "Tunnel in entrata"},
+		{"ms", "ms"},
+		{"Outbound tunnels", "Tunnel in uscita"},
+		{"Tags", "Tag"},
+		{"Incoming", "In entrata"},
+		{"Outgoing", "In uscita"},
+		{"Destination", "Destinazione"},
+		{"Amount", "Quantità"},
+		{"Incoming Tags", "Tag in entrata"},
+		{"Tags sessions", "Sessioni dei tag"},
+		{"Status", "Stato"},
+		{"Local Destination", "Destinazione locale"},
+		{"Streams", "Flussi"},
+		{"Close stream", "Interrompi il flusso"},
+		{"I2CP session not found", "Sessione I2CP non trovata"},
+		{"I2CP is not enabled", "I2CP non è abilitato"},
+		{"Invalid", "Invalido"},
+		{"Store type", "Tipologia di archivio"},
+		{"Expires", "Scade"},
+		{"Non Expired Leases", "Lease non scaduti"},
+		{"Gateway", "Gateway"},
+		{"TunnelID", "TunnelID"},
+		{"EndDate", "Data di fine"},
+		{"not floodfill", "no floodfill"},
+		{"Queue size", "Dimensione della coda"},
+		{"Run peer test", "Esegui il test dei peer"},
+		{"Decline transit tunnels", "Rifiuta tunnel di transito"},
+		{"Accept transit tunnels", "Accetta tunnel di transito"},
+		{"Cancel graceful shutdown", "Annulla l'interruzione controllata"},
+		{"Start graceful shutdown", "Avvia l'interruzione controllata"},
+		{"Force shutdown", "Forza l'arresto"},
+		{"Reload external CSS styles", "Ricarica gli stili CSS esterni"},
+		{"<b>Note:</b> any action done here are not persistent and not changes your config files.", "<b>Nota:</b> qualsiasi azione effettuata qui non è persistente e non modifica i file di configurazione."},
+		{"Logging level", "Livello di log"},
+		{"Transit tunnels limit", "Limite di tunnel di transito"},
+		{"Change", "Modifica"},
+		{"Change language", "Modifica linguaggio"},
+		{"no transit tunnels currently built", "Attualmente non ci sono tunnel di transito instaurati"},
+		{"SAM disabled", "SAM disabilitato"},
+		{"no sessions currently running", "Attualmente non ci sono sessioni attive"},
+		{"SAM session not found", "Sessione SAM non trovata"},
+		{"SAM Session", "Sessione SAM"},
+		{"Server Tunnels", "Tunnel server"},
+		{"Client Forwards", "Client di inoltro"},
+		{"Server Forwards", "Server di inoltro"},
+		{"Unknown page", "Pagina sconosciuta"},
+		{"Invalid token", "Token non valido"},
+		{"SUCCESS", "SUCCESSO"},
+		{"Stream closed", "Flusso terminato"},
+		{"Stream not found or already was closed", "Il flusso non è stato trovato oppure è già stato terminato"},
+		{"Destination not found", "Destinazione non trovata"},
+		{"StreamID can't be null", "Lo StreamID non può essere null"},
+		{"Return to destination page", "Ritorna alla pagina di destinazione"},
+		{"You will be redirected in 5 seconds", "Verrai reindirizzato in 5 secondi"},
+		{"Transit tunnels count must not exceed 65535", "Il numero di tunnel di transito non può superare i 65535"},
+		{"Back to commands list", "Ritorna alla lista dei comandi"},
+		{"Register at reg.i2p", "Registra a reg.i2p"},
+		{"Description", "Descrizione"},
+		{"A bit information about service on domain", "Alcune informazioni riguardo il servizio sul dominio"},
+		{"Submit", "Invia"},
+		{"Domain can't end with .b32.i2p", "I domini non possono terminare con .b32.i2p"},
+		{"Domain must end with .i2p", "I domini devono terminare con .i2p"},
+		{"Such destination is not found", "Questa destinazione non è stata trovata"},
+		{"Unknown command", "Comando sconosciuto"},
+		{"Command accepted", "Comando accettato"},
+		{"Proxy error", "Errore del proxy"},
+		{"Proxy info", "Informazioni del proxy"},
+		{"Proxy error: Host not found", "Errore del proxy: Host non trovato"},
+		{"Remote host not found in router's addressbook", "L'host remoto non è stato trovato nella rubrica del router"},
+		{"You may try to find this host on jump services below", "Si può provare a trovare questo host sui servizi di salto qui sotto"},
+		{"Invalid request", "Richiesta non valida"},
+		{"Proxy unable to parse your request", "Il proxy non è in grado di elaborare la tua richiesta"},
+		{"addresshelper is not supported", "addresshelper non è supportato"},
+		{"Host", "Host"},
+		{"added to router's addressbook from helper", "aggiunto alla rubrica tramite l'helper"},
+		{"Click here to proceed:", "Clicca qui per procedere:"},
+		{"Continue", "Continua"},
+		{"Addresshelper found", "Addresshelper trovato"},
+		{"already in router's addressbook", "già presente nella rubrica del router"},
+		{"Click here to update record:", "Clicca qui per aggiornare l'elemento:"},
+		{"invalid request uri", "uri della richiesta non valido"},
+		{"Can't detect destination host from request", "Impossibile determinare l'host di destinazione dalla richiesta"},
+		{"Outproxy failure", "Fallimento del proxy di uscita"},
+		{"bad outproxy settings", "impostazioni errate del proxy di uscita"},
+		{"not inside I2P network, but outproxy is not enabled", "non all'interno della rete I2P, ma il proxy di uscita non è abilitato"},
+		{"unknown outproxy url", "url del proxy di uscita sconosciuto"},
+		{"cannot resolve upstream proxy", "impossibile identificare il flusso a monte del proxy"},
+		{"hostname too long", "il nome dell'host è troppo lungo"},
+		{"cannot connect to upstream socks proxy", "impossibile connettersi al flusso a monte del proxy socks"},
+		{"Cannot negotiate with socks proxy", "Impossibile negoziare con il proxy socks"},
+		{"CONNECT error", "Errore di connessione"},
+		{"Failed to Connect", "Connessione fallita"},
+		{"socks proxy error", "errore del proxy socks"},
+		{"failed to send request to upstream", "invio della richiesta a monte non riuscito"},
+		{"No Reply From socks proxy", "Nessuna risposta dal proxy socks"},
+		{"cannot connect", "impossibile connettersi"},
+		{"http out proxy not implemented", "proxy http di uscita non implementato"},
+		{"cannot connect to upstream http proxy", "impossibile connettersi al proxy http a monte"},
+		{"Host is down", "L'host è offline"},
+		{"Can't create connection to requested host, it may be down. Please try again later.", "Impossibile creare la connessione all'host richiesto, probabilmente è offline. Riprova più tardi."},
+		{"", ""},
+	};
+
+	static std::map<std::string, std::vector<std::string>> plurals
+	{
+		{"days", {"giorno", "giorni"}},
+		{"hours", {"ora", "ore"}},
+		{"minutes", {"minuto", "minuti"}},
+		{"seconds", {"secondo", "secondi"}},
+		{"", {"", ""}},
+	};
+
+	std::shared_ptr<const i2p::i18n::Locale> GetLocale()
+	{
+		return std::make_shared<i2p::i18n::Locale>(language, strings, plurals, [] (int n)->int { return plural(n); });
+	}
+
+} // language
+} // i18n
+} // i2p
--- a/i18n/Spanish.cpp
+++ b/i18n/Spanish.cpp
@@ -0,0 +1,216 @@
+/*
+* Copyright (c) 2022, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <map>
+#include <vector>
+#include <string>
+#include <memory>
+#include "I18N.h"
+
+// Spanish localization file
+
+namespace i2p
+{
+namespace i18n
+{
+namespace spanish // language namespace
+{
+	// language name in lowercase
+	static std::string language = "spanish";
+
+	// See for language plural forms here:
+	// https://localization-guide.readthedocs.io/en/latest/l10n/pluralforms.html
+	static int plural (int n) {
+		return n != 1 ? 1 : 0;
+	}
+
+	static std::map<std::string, std::string> strings
+	{
+		{"KiB", "KiB"},
+		{"MiB", "MiB"},
+		{"GiB", "GiB"},
+		{"building", "pendiente"},
+		{"failed", "fallido"},
+		{"expiring", "expiró"},
+		{"established", "establecido"},
+		{"unknown", "desconocido"},
+		{"exploratory", "exploratorio"},
+		{"Purple I2P Webconsole", "Consola web de Purple I2P"},
+		{"<b>i2pd</b> webconsole", "Consola web de <b>i2pd</b>"},
+		{"Main page", "Inicio"},
+		{"Router commands", "Comandos de enrutador"},
+		{"Local Destinations", "Destinos locales"},
+		{"LeaseSets", "LeaseSets"},
+		{"Tunnels", "Túneles"},
+		{"Transit Tunnels", "Túneles de Tránsito"},
+		{"Transports", "Transportes"},
+		{"I2P tunnels", "Túneles I2P"},
+		{"SAM sessions", "Sesiones SAM"},
+		{"ERROR", "ERROR"},
+		{"OK", "VALE"},
+		{"Testing", "Probando"},
+		{"Firewalled", "Con cortafuegos"},
+		{"Unknown", "Desconocido"},
+		{"Proxy", "Proxy"},
+		{"Mesh", "Malla"},
+		{"Error", "Error"},
+		{"Clock skew", "Reloj desfasado"},
+		{"Offline", "Desconectado"},
+		{"Symmetric NAT", "NAT simétrico"},
+		{"Uptime", "Tiempo en línea"},
+		{"Network status", "Estado de red"},
+		{"Network status v6", "Estado de red v6"},
+		{"Stopping in", "Parando en"},
+		{"Family", "Familia"},
+		{"Tunnel creation success rate", "Tasa de éxito de creación de túneles"},
+		{"Received", "Recibido"},
+		{"KiB/s", "KiB/s"},
+		{"Sent", "Enviado"},
+		{"Transit", "Tránsito"},
+		{"Data path", "Ruta de datos"},
+		{"Hidden content. Press on text to see.", "Contenido oculto. Presione para ver."},
+		{"Router Ident", "Ident del Enrutador"},
+		{"Router Family", "Familia de enrutador"},
+		{"Router Caps", "Atributos del Enrutador"},
+		{"Version", "Versión"},
+		{"Our external address", "Nuestra dirección externa"},
+		{"supported", "soportado"},
+		{"Routers", "Enrutadores"},
+		{"Floodfills", "Inundaciones"},
+		{"Client Tunnels", "Túneles de cliente"},
+		{"Services", "Servicios"},
+		{"Enabled", "Activado"},
+		{"Disabled", "Desactivado"},
+		{"Encrypted B33 address", "Dirección encriptada B33"},
+		{"Address registration line", "Línea para registrar direcciones"},
+		{"Domain", "Dominio"},
+		{"Generate", "Generar"},
+		{"<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.", "<b>Nota:</b> la cadena resultante solo se puede usar para registrar dominios 2LD (ejemplo.i2p). Para registrar subdominios, por favor utilice i2pd-tools."},
+		{"Address", "Dirección"},
+		{"Type", "Tipo"},
+		{"EncType", "TipoEncrip"},
+		{"Inbound tunnels", "Túneles entrantes"},
+		{"ms", "ms"},
+		{"Outbound tunnels", "Túneles salientes"},
+		{"Tags", "Etiquetas"},
+		{"Incoming", "Entrante"},
+		{"Outgoing", "Saliente"},
+		{"Destination", "Destino"},
+		{"Amount", "Cantidad"},
+		{"Incoming Tags", "Etiquetas entrantes"},
+		{"Tags sessions", "Sesiones de etiquetas"},
+		{"Status", "Estado"},
+		{"Local Destination", "Destino Local"},
+		{"Streams", "Flujos"},
+		{"Close stream", "Cerrar flujo"},
+		{"I2CP session not found", "Sesión I2CP no encontrada"},
+		{"I2CP is not enabled", "I2CP no está activado"},
+		{"Invalid", "Inválido"},
+		{"Store type", "Tipo de almacenamiento"},
+		{"Expires", "Caduca"},
+		{"Non Expired Leases", "Sesiones No Expiradas"},
+		{"Gateway", "Puerta de enlace"},
+		{"TunnelID", "TunnelID"},
+		{"EndDate", "FechaVenc"},
+		{"not floodfill", "no inundado"},
+		{"Queue size", "Tamaño de cola"},
+		{"Run peer test", "Ejecutar prueba de par"},
+		{"Decline transit tunnels", "Rechazar túneles de tránsito"},
+		{"Accept transit tunnels", "Aceptar túneles de tránsito"},
+		{"Cancel graceful shutdown", "Cancelar apagado con gracia"},
+		{"Start graceful shutdown", "Iniciar apagado con gracia"},
+		{"Force shutdown", "Forzar apagado"},
+		{"Reload external CSS styles", "Recargar estilos CSS externos"},
+		{"<b>Note:</b> any action done here are not persistent and not changes your config files.", "<b>Nota:</b> cualquier acción hecha aquí no es persistente y no cambia tus archivos de configuración."},
+		{"Logging level", "Nivel de registro de errores"},
+		{"Transit tunnels limit", "Límite de túneles de tránsito"},
+		{"Change", "Cambiar"},
+		{"Change language", "Cambiar idioma"},
+		{"no transit tunnels currently built", "no hay túneles de tránsito actualmente construidos"},
+		{"SAM disabled", "SAM desactivado"},
+		{"no sessions currently running", "no hay sesiones ejecutándose ahora"},
+		{"SAM session not found", "Sesión SAM no encontrada"},
+		{"SAM Session", "Sesión SAM"},
+		{"Server Tunnels", "Túneles de Servidor"},
+		{"Client Forwards", "Redirecciones de Cliente"},
+		{"Server Forwards", "Redirecciones de Servidor"},
+		{"Unknown page", "Página desconocida"},
+		{"Invalid token", "Token inválido"},
+		{"SUCCESS", "ÉXITO"},
+		{"Stream closed", "Transmisión cerrada"},
+		{"Stream not found or already was closed", "No se encontró la transmisión o ya se cerró"},
+		{"Destination not found", "Destino no encontrado"},
+		{"StreamID can't be null", "StreamID no puede ser nulo"},
+		{"Return to destination page", "Volver a la página de destino"},
+		{"You will be redirected in 5 seconds", "Serás redirigido en 5 segundos"},
+		{"Transit tunnels count must not exceed 65535", "La cantidad de túneles de tránsito no puede exceder 65535"},
+		{"Back to commands list", "Volver a lista de comandos"},
+		{"Register at reg.i2p", "Registrar en reg.i2p"},
+		{"Description", "Descripción"},
+		{"A bit information about service on domain", "Un poco de información sobre el servicio en el dominio"},
+		{"Submit", "Enviar"},
+		{"Domain can't end with .b32.i2p", "El dominio no puede terminar con .b32.i2p"},
+		{"Domain must end with .i2p", "El dominio debe terminar con .i2p"},
+		{"Such destination is not found", "No se encontró el destino"},
+		{"Unknown command", "Comando desconocido"},
+		{"Command accepted", "Comando aceptado"},
+		{"Proxy error", "Error de proxy"},
+		{"Proxy info", "Información del proxy"},
+		{"Proxy error: Host not found", "Error de proxy: Host no encontrado"},
+		{"Remote host not found in router's addressbook", "Servidor remoto no encontrado en la libreta de direcciones del enrutador"},
+		{"You may try to find this host on jump services below", "Puede intentar encontrar este dominio en los siguientes servicios de salto"},
+		{"Invalid request", "Solicitud inválida"},
+		{"Proxy unable to parse your request", "Proxy no puede procesar su solicitud"},
+		{"addresshelper is not supported", "ayudante de dirección no soportado"},
+		{"Host", "Dominio"},
+		{"added to router's addressbook from helper", "añadido a la libreta de direcciones desde el ayudante"},
+		{"Click here to proceed:", "Haga clic aquí para continuar:"},
+		{"Continue", "Continuar"},
+		{"Addresshelper found", "Se encontró ayudante de dirección"},
+		{"already in router's addressbook", "ya se encontró en libreta de direcciones"},
+		{"Click here to update record:", "Haga clic aquí para actualizar el registro:"},
+		{"invalid request uri", "uri de solicitud inválida"},
+		{"Can't detect destination host from request", "No se puede detectar el host de destino de la solicitud"},
+		{"Outproxy failure", "Fallo en el proxy saliente"},
+		{"bad outproxy settings", "configuración de outproxy incorrecta"},
+		{"not inside I2P network, but outproxy is not enabled", "no está dentro de la red I2P, pero el proxy de salida no está activado"},
+		{"unknown outproxy url", "url de proxy outproxy desconocido"},
+		{"cannot resolve upstream proxy", "no se puede resolver el proxy de upstream"},
+		{"hostname too long", "nombre de dominio muy largo"},
+		{"cannot connect to upstream socks proxy", "no se puede conectar al proxy socks principal"},
+		{"Cannot negotiate with socks proxy", "No se puede negociar con el proxy socks"},
+		{"CONNECT error", "Error de CONNECT"},
+		{"Failed to Connect", "Error al Conectar"},
+		{"socks proxy error", "error de proxy socks"},
+		{"failed to send request to upstream", "no se pudo enviar petición al principal"},
+		{"No Reply From socks proxy", "Sin respuesta del proxy socks"},
+		{"cannot connect", "no se puede conectar"},
+		{"http out proxy not implemented", "proxy externo http no implementado"},
+		{"cannot connect to upstream http proxy", "no se puede conectar al proxy http principal"},
+		{"Host is down", "Servidor caído"},
+		{"Can't create connection to requested host, it may be down. Please try again later.", "No se puede crear la conexión al servidor solicitado, puede estar caído. Intente de nuevo más tarde."},
+		{"", ""},
+	};
+
+	static std::map<std::string, std::vector<std::string>> plurals
+	{
+		{"days", {"día", "días"}},
+		{"hours", {"hora", "horas"}},
+		{"minutes", {"minuto", "minutos"}},
+		{"seconds", {"segundo", "segundos"}},
+		{"", {"", ""}},
+	};
+
+	std::shared_ptr<const i2p::i18n::Locale> GetLocale()
+	{
+		return std::make_shared<i2p::i18n::Locale>(language, strings, plurals, [] (int n)->int { return plural(n); });
+	}
+
+} // language
+} // i18n
+} // i2p
--- a/libi2pd/Base.h
+++ b/libi2pd/Base.h
@@ -24,8 +24,8 @@ namespace data {
 	size_t ByteStreamToBase32 (const uint8_t * InBuf, size_t len, char * outBuf, size_t outLen);

 	/**
-	 Compute the size for a buffer to contain encoded base64 given that the size of the input is input_size bytes
-	*/
+	 * Compute the size for a buffer to contain encoded base64 given that the size of the input is input_size bytes
+	 */
 	size_t Base64EncodingBufferSize(const size_t input_size);

 	std::string ToBase64Standard (const std::string& in); // using standard table, for Proxy-Authorization
--- a/libi2pd/Blinding.cpp
+++ b/libi2pd/Blinding.cpp
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -99,7 +99,7 @@ namespace data
 	static size_t BlindECDSA (i2p::data::SigningKeyType sigType, const uint8_t * key, const uint8_t * seed, Fn blind, Args&&...args)
 	// blind is BlindEncodedPublicKeyECDSA or BlindEncodedPrivateKeyECDSA
 	{
-		size_t publicKeyLength  = 0;
+		size_t publicKeyLength = 0;
 		EC_GROUP * group = nullptr;
 		switch (sigType)
 		{
@@ -146,7 +146,10 @@ namespace data
 		m_PublicKey.resize (len);
 		memcpy (m_PublicKey.data (), identity->GetSigningPublicKeyBuffer (), len);
 		m_SigType = identity->GetSigningKeyType ();
-		m_BlindedSigType = m_SigType;
+		if (m_SigType == i2p::data::SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519)
+			m_BlindedSigType = i2p::data::SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519; // 7 -> 11
+		else
+			m_BlindedSigType = m_SigType;
 	}

 	BlindedPublicKey::BlindedPublicKey (const std::string& b33):
--- a/libi2pd/Blinding.h
+++ b/libi2pd/Blinding.h
@@ -28,8 +28,8 @@ namespace data

 			const uint8_t * GetPublicKey () const { return m_PublicKey.data (); };
 			size_t GetPublicKeyLen () const { return m_PublicKey.size (); };
-			SigningKeyType GetSigType () const  { return m_SigType; };
-			SigningKeyType GetBlindedSigType () const  { return m_BlindedSigType; };
+			SigningKeyType GetSigType () const { return m_SigType; };
+			SigningKeyType GetBlindedSigType () const { return m_BlindedSigType; };
 			bool IsValid () const { return GetSigType (); }; // signature type 0 means invalid

 			void GetSubcredential (const uint8_t * blinded, size_t len, uint8_t * subcredential) const; // 32 bytes
--- a/libi2pd/BloomFilter.cpp
+++ b/libi2pd/BloomFilter.cpp
@@ -1,77 +0,0 @@
-/*
-* Copyright (c) 2013-2020, The PurpleI2P Project
-*
-* This file is part of Purple i2pd project and licensed under BSD3
-*
-* See full license text in LICENSE file at top of project tree
-*/
-
-#include "BloomFilter.h"
-#include "I2PEndian.h"
-#include <array>
-#include <openssl/sha.h>
-
-namespace i2p
-{
-namespace util
-{
-
-	/** @brief decaying bloom filter implementation */
-	class DecayingBloomFilter : public IBloomFilter
-	{
-	public:
-
-		DecayingBloomFilter(const std::size_t size)
-		{
-			m_Size = size;
-			m_Data = new uint8_t[size];
-		}
-
-		/** @brief implements IBloomFilter::~IBloomFilter */
-		~DecayingBloomFilter()
-		{
-			delete [] m_Data;
-		}
-
-		/** @brief implements IBloomFilter::Add */
-		bool Add(const uint8_t * data, std::size_t len)
-		{
-			std::size_t idx;
-			uint8_t mask;
-			Get(data, len, idx, mask);
-			if(m_Data[idx] & mask) return false; // filter hit
-			m_Data[idx] |= mask;
-			return true;
-		}
-
-		/** @brief implements IBloomFilter::Decay */
-		void Decay()
-		{
-			// reset bloom filter buffer
-			memset(m_Data, 0, m_Size);
-		}
-
-	private:
-		/** @brief get bit index for for data */
-		void Get(const uint8_t * data, std::size_t len, std::size_t & idx, uint8_t & bm)
-		{
-			bm = 1;
-			uint8_t digest[32];
-			// TODO: use blake2 because it's faster
-			SHA256(data, len, digest);
-			uint64_t i = buf64toh(digest);
-			idx = i % m_Size;
-			bm <<= (i % 8);
-		}
-
-		uint8_t * m_Data;
-		std::size_t m_Size;
-	};
-
-
-	BloomFilterPtr BloomFilter(std::size_t capacity)
-	{
-		return std::make_shared<DecayingBloomFilter>(capacity);
-	}
-}
-}
--- a/libi2pd/BloomFilter.h
+++ b/libi2pd/BloomFilter.h
@@ -1,39 +0,0 @@
-/*
-* Copyright (c) 2013-2020, The PurpleI2P Project
-*
-* This file is part of Purple i2pd project and licensed under BSD3
-*
-* See full license text in LICENSE file at top of project tree
-*/
-
-#ifndef BLOOM_FILTER_H_
-#define BLOOM_FILTER_H_
-#include <memory>
-#include <cstdint>
-
-namespace i2p
-{
-namespace util
-{
-
-	/** @brief interface for bloom filter */
-	struct IBloomFilter
-	{
-
-		/** @brief destructor */
-		virtual ~IBloomFilter() {};
-		/** @brief add entry to bloom filter, return false if filter hit otherwise return true */
-		virtual bool Add(const uint8_t * data, std::size_t len) = 0;
-		/** @brief optionally decay old entries */
-		virtual void Decay() = 0;
-	};
-
-	typedef std::shared_ptr<IBloomFilter> BloomFilterPtr;
-
-	/** @brief create bloom filter */
-	BloomFilterPtr BloomFilter(std::size_t capacity = 1024 * 8);
-
-}
-}
-
-#endif
--- a/libi2pd/Config.cpp
+++ b/libi2pd/Config.cpp
@@ -64,7 +64,7 @@ namespace config {
 			("bandwidth", value<std::string>()->default_value(""),            "Transit traffic bandwidth limit: integer in KBps or letters: L (32), O (256), P (2048), X (>9000)")
 			("share", value<int>()->default_value(100),                       "Limit of transit traffic from max bandwidth in percents. (default: 100)")
 			("ntcp", bool_switch()->default_value(false),                     "Ignored. Always false")
-			("ssu", bool_switch()->default_value(true),                       "Enable SSU transport (default: enabled)")
+			("ssu", bool_switch()->default_value(false),                      "Ignored. Always false")
 			("ntcpproxy", value<std::string>()->default_value(""),            "Ignored")
 #ifdef _WIN32
 			("svcctl", value<std::string>()->default_value(""),               "Ignored")
@@ -78,9 +78,9 @@ namespace config {
 			("limits.coresize", value<uint32_t>()->default_value(0),          "Maximum size of corefile in Kb (0 - use system limit)")
 			("limits.openfiles", value<uint16_t>()->default_value(0),         "Maximum number of open files (0 - use system default)")
 			("limits.transittunnels", value<uint16_t>()->default_value(2500), "Maximum active transit sessions (default:2500)")
-			("limits.ntcpsoft", value<uint16_t>()->default_value(0),          "Threshold to start probabilistic backoff with ntcp sessions (default: use system limit)")
-			("limits.ntcphard", value<uint16_t>()->default_value(0),          "Maximum number of ntcp sessions (default: use system limit)")
-			("limits.ntcpthreads", value<uint16_t>()->default_value(1),       "Maximum number of threads used by NTCP DH worker (default: 1)")
+			("limits.ntcpsoft", value<uint16_t>()->default_value(0),          "Ignored")
+			("limits.ntcphard", value<uint16_t>()->default_value(0),          "Ignored")
+			("limits.ntcpthreads", value<uint16_t>()->default_value(1),       "Ignored")
 		;

 		options_description httpserver("HTTP Server options");
@@ -109,6 +109,8 @@ namespace config {
 			("httpproxy.outbound.length", value<std::string>()->default_value("3"),   "HTTP proxy outbound tunnel length")
 			("httpproxy.inbound.quantity", value<std::string>()->default_value("5"),  "HTTP proxy inbound tunnels quantity")
 			("httpproxy.outbound.quantity", value<std::string>()->default_value("5"), "HTTP proxy outbound tunnels quantity")
+			("httpproxy.inbound.lengthVariance", value<std::string>()->default_value("0"),  "HTTP proxy inbound tunnels length variance")
+			("httpproxy.outbound.lengthVariance", value<std::string>()->default_value("0"), "HTTP proxy outbound tunnels length variance")
 			("httpproxy.latency.min", value<std::string>()->default_value("0"),       "HTTP proxy min latency for tunnels")
 			("httpproxy.latency.max", value<std::string>()->default_value("0"),       "HTTP proxy max latency for tunnels")
 			("httpproxy.outproxy", value<std::string>()->default_value(""),           "HTTP proxy upstream out proxy url")
@@ -130,6 +132,8 @@ namespace config {
 			("socksproxy.outbound.length", value<std::string>()->default_value("3"),   "SOCKS proxy outbound tunnel length")
 			("socksproxy.inbound.quantity", value<std::string>()->default_value("5"),  "SOCKS proxy inbound tunnels quantity")
 			("socksproxy.outbound.quantity", value<std::string>()->default_value("5"), "SOCKS proxy outbound tunnels quantity")
+			("socksproxy.inbound.lengthVariance", value<std::string>()->default_value("0"),  "SOCKS proxy inbound tunnels length variance")
+			("socksproxy.outbound.lengthVariance", value<std::string>()->default_value("0"), "SOCKS proxy outbound tunnels length variance")
 			("socksproxy.latency.min", value<std::string>()->default_value("0"),       "SOCKS proxy min latency for tunnels")
 			("socksproxy.latency.max", value<std::string>()->default_value("0"),       "SOCKS proxy max latency for tunnels")
 			("socksproxy.outproxy.enabled", value<bool>()->default_value(false),       "Enable or disable SOCKS outproxy")
@@ -211,18 +215,22 @@ namespace config {
 				"https://i2pseed.creativecowpat.net:8443/,"
 				"https://reseed.i2pgit.org/,"
 				"https://i2p.novg.net/,"
-				"https://banana.incognet.io/"
+				"https://banana.incognet.io/,"
+				"https://reseed-pl.i2pd.xyz/,"
+				"https://www2.mk16.de/"
 			),                                                            "Reseed URLs, separated by comma")
 			("reseed.yggurls", value<std::string>()->default_value(
 				"http://[324:71e:281a:9ed3::ace]:7070/,"
 				"http://[301:65b9:c7cd:9a36::1]:18801/,"
 				"http://[320:8936:ec1a:31f1::216]/,"
-			    "http://[306:3834:97b9:a00a::1]/"                                                   
+				"http://[306:3834:97b9:a00a::1]/,"
+				"http://[316:f9e0:f22e:a74f::216]/"
 			),                                                            "Reseed URLs through the Yggdrasil, separated by comma")
 		;

 		options_description addressbook("AddressBook options");
 		addressbook.add_options()
+			("addressbook.enabled", value<bool>()->default_value(true), "Enable address book lookups and subscritions (default: enabled)")
 			("addressbook.defaulturl", value<std::string>()->default_value(
 				"http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt"
 			),                                                                     "AddressBook subscription URL for initial setup")
@@ -264,6 +272,16 @@ namespace config {
 			("ntcp2.proxy", value<std::string>()->default_value(""),       "Proxy URL for NTCP2 transport")
 		;

+		options_description ssu2("SSU2 Options");
+		ssu2.add_options()
+			("ssu2.enabled", value<bool>()->default_value(true),         "Enable SSU2 (default: enabled)")
+			("ssu2.published", value<bool>()->default_value(true),        "Publish SSU2 (default: enabled)")
+			("ssu2.port", value<uint16_t>()->default_value(0),            "Port to listen for incoming SSU2 packets (default: auto)")
+			("ssu2.mtu4", value<uint16_t>()->default_value(0),            "MTU for ipv4 address (default: detect)")
+			("ssu2.mtu6", value<uint16_t>()->default_value(0),            "MTU for ipv6 address (default: detect)")
+			("ssu2.proxy", value<std::string>()->default_value(""),       "Socks5 proxy URL for SSU2 transport")
+		;
+
 		options_description nettime("Time sync options");
 		nettime.add_options()
 			("nettime.enabled", value<bool>()->default_value(false),       "Disable time sync (default: disabled)")
@@ -296,6 +314,13 @@ namespace config {
 			("meshnets.yggaddress", value<std::string>()->default_value(""),         "Yggdrasil address to publish")
 		;

+#ifdef __linux__
+		options_description unix_specific("UNIX-specific options");
+		unix_specific.add_options()
+			("unix.handle_sigtstp", bool_switch()->default_value(false),             "Handle SIGTSTP and SIGCONT signals (default: disabled)")
+		;
+#endif
+
 		m_OptionsDesc
 			.add(general)
 			.add(limits)
@@ -314,10 +339,14 @@ namespace config {
 			.add(websocket) // deprecated
 			.add(exploratory)
 			.add(ntcp2)
+			.add(ssu2)
 			.add(nettime)
 			.add(persist)
 			.add(cpuext)
 			.add(meshnets)
+#ifdef __linux__
+			.add(unix_specific)
+#endif
 		;
 	}

--- a/libi2pd/Config.h
+++ b/libi2pd/Config.h
@@ -29,16 +29,16 @@ namespace config {
 	extern boost::program_options::variables_map m_Options;

 	/**
-	 * @brief  Initialize list of acceptable parameters
+	 * @brief Initialize list of acceptable parameters
 	 *
 	 * Should be called before any Parse* functions.
 	 */
 	void Init();

 	/**
-	 * @brief  Parse cmdline parameters, and show help if requested
-	 * @param  argc  Cmdline arguments count, should be passed from main().
-	 * @param  argv  Cmdline parameters array, should be passed from main()
+	 * @brief Parse cmdline parameters, and show help if requested
+	 * @param argc Cmdline arguments count, should be passed from main().
+	 * @param argv Cmdline parameters array, should be passed from main()
 	 *
 	 * If --help is given in parameters, shows its list with description
 	 * and terminates the program with exitcode 0.
@@ -52,8 +52,8 @@ namespace config {
 	void ParseCmdline(int argc, char* argv[], bool ignoreUnknown = false);

 	/**
-	 * @brief  Load and parse given config file
-	 * @param  path  Path to config file
+	 * @brief Load and parse given config file
+	 * @param path Path to config file
 	 *
 	 * If error occurred when opening file path is points to,
 	 * we show the error message and terminate program.
@@ -67,14 +67,14 @@ namespace config {
 	void ParseConfig(const std::string& path);

 	/**
-	 * @brief  Used to combine options from cmdline, config and default values
+	 * @brief Used to combine options from cmdline, config and default values
 	 */
 	void Finalize();

 	/**
-	 * @brief  Accessor to parameters by name
-	 * @param  name  Name of the requested parameter
-	 * @param  value Variable where to store option
+	 * @brief Accessor to parameters by name
+	 * @param name Name of the requested parameter
+	 * @param value Variable where to store option
 	 * @return this function returns false if parameter not found
 	 *
 	 * Example: uint16_t port; GetOption("sam.port", port);
@@ -98,9 +98,9 @@ namespace config {
 	bool GetOptionAsAny(const std::string& name, boost::any& value);

 	/**
-	 * @brief  Set value of given parameter
-	 * @param  name  Name of settable parameter
-	 * @param  value New parameter value
+	 * @brief Set value of given parameter
+	 * @param name Name of settable parameter
+	 * @param value New parameter value
 	 * @return true if value set up successful, false otherwise
 	 *
 	 * Example: uint16_t port = 2827; SetOption("bob.port", port);
@@ -116,8 +116,8 @@ namespace config {
 	}

 	/**
-	 * @brief  Check is value explicitly given or default
-	 * @param  name  Name of checked parameter
+	 * @brief Check is value explicitly given or default
+	 * @param name Name of checked parameter
 	 * @return true if value set to default, false otherwise
 	 */
 	bool IsDefault(const char *name);
--- a/libi2pd/Crypto.cpp
+++ b/libi2pd/Crypto.cpp
@@ -239,55 +239,6 @@ namespace crypto

 	static BIGNUM * (* g_ElggTable)[255] = nullptr;

-// DH
-
-	DHKeys::DHKeys ()
-	{
-		m_DH = DH_new ();
-		DH_set0_pqg (m_DH, BN_dup (elgp), NULL, BN_dup (elgg));
-		DH_set0_key (m_DH, NULL, NULL);
-	}
-
-	DHKeys::~DHKeys ()
-	{
-		DH_free (m_DH);
-	}
-
-	void DHKeys::GenerateKeys ()
-	{
-		BIGNUM * priv_key = NULL, * pub_key = NULL;
-#if !defined(__x86_64__) // use short exponent for non x64
-		priv_key = BN_new ();
-		BN_rand (priv_key, ELGAMAL_SHORT_EXPONENT_NUM_BITS, 0, 1);
-#endif
-		if (g_ElggTable)
-		{
-#if defined(__x86_64__)
-			priv_key = BN_new ();
-			BN_rand (priv_key, ELGAMAL_FULL_EXPONENT_NUM_BITS, 0, 1);
-#endif
-			auto ctx = BN_CTX_new ();
-			pub_key = ElggPow (priv_key, g_ElggTable, ctx);
-			DH_set0_key (m_DH, pub_key, priv_key);
-			BN_CTX_free (ctx);
-		}
-		else
-		{
-			DH_set0_key (m_DH, NULL, priv_key);
-			DH_generate_key (m_DH);
-			DH_get0_key (m_DH, (const BIGNUM **)&pub_key, (const BIGNUM **)&priv_key);
-		}
-
-		bn2buf (pub_key, m_PublicKey, 256);
-	}
-
-	void DHKeys::Agree (const uint8_t * pub, uint8_t * shared)
-	{
-		BIGNUM * pk = BN_bin2bn (pub, 256, NULL);
-		DH_compute_key (shared, pk, m_DH);
-		BN_free (pk);
-	}
-
 // x25519
 	X25519Keys::X25519Keys ()
 	{
@@ -601,77 +552,6 @@ namespace crypto
 		BN_CTX_free (ctx);
 	}

-// HMAC
-	const uint64_t IPAD = 0x3636363636363636;
-	const uint64_t OPAD = 0x5C5C5C5C5C5C5C5C;
-
-
-	static const uint64_t ipads[] = { IPAD, IPAD, IPAD, IPAD };
-	static const uint64_t opads[] = { OPAD, OPAD, OPAD, OPAD };
-
-	void HMACMD5Digest (uint8_t * msg, size_t len, const MACKey& key, uint8_t * digest)
-	// key is 32 bytes
-	// digest is 16 bytes
-	// block size is 64 bytes
-	{
-		uint64_t buf[256];
-		uint64_t hash[12]; // 96 bytes
-#if (defined(__x86_64__) || defined(__i386__)) && defined(__AVX__) // not all X86 targets supports AVX (like old Pentium, see #1600)
-		if(i2p::cpu::avx)
-		{
-			__asm__
-				(
-					"vmovups %[key], %%ymm0 \n"
-					"vmovups %[ipad], %%ymm1 \n"
-					"vmovups %%ymm1, 32(%[buf]) \n"
-					"vxorps %%ymm0, %%ymm1, %%ymm1 \n"
-					"vmovups %%ymm1, (%[buf]) \n"
-					"vmovups %[opad], %%ymm1 \n"
-					"vmovups %%ymm1, 32(%[hash]) \n"
-					"vxorps %%ymm0, %%ymm1, %%ymm1 \n"
-					"vmovups %%ymm1, (%[hash]) \n"
-					"vzeroall \n" // end of AVX
-					"movups %%xmm0, 80(%[hash]) \n" // zero last 16 bytes
-					:
-					: [key]"m"(*(const uint8_t *)key), [ipad]"m"(*ipads), [opad]"m"(*opads),
-						[buf]"r"(buf), [hash]"r"(hash)
-					: "memory", "%xmm0" // TODO: change to %ymm0 later
-					);
-		}
-		else
-#endif
-		{
-			// ikeypad
-			buf[0] = key.GetLL ()[0] ^ IPAD;
-			buf[1] = key.GetLL ()[1] ^ IPAD;
-			buf[2] = key.GetLL ()[2] ^ IPAD;
-			buf[3] = key.GetLL ()[3] ^ IPAD;
-			buf[4] = IPAD;
-			buf[5] = IPAD;
-			buf[6] = IPAD;
-			buf[7] = IPAD;
-			// okeypad
-			hash[0] = key.GetLL ()[0] ^ OPAD;
-			hash[1] = key.GetLL ()[1] ^ OPAD;
-			hash[2] = key.GetLL ()[2] ^ OPAD;
-			hash[3] = key.GetLL ()[3] ^ OPAD;
-			hash[4] = OPAD;
-			hash[5] = OPAD;
-			hash[6] = OPAD;
-			hash[7] = OPAD;
-			// fill last 16 bytes with zeros (first hash size assumed 32 bytes in I2P)
-			memset (hash + 10, 0, 16);
-		}
-
-		// concatenate with msg
-		memcpy (buf + 8, msg, len);
-		// calculate first hash
-		MD5((uint8_t *)buf, len + 64, (uint8_t *)(hash + 8)); // 16 bytes
-
-		// calculate digest
-		MD5((uint8_t *)hash, 96, digest);
-	}
-
 // AES
 #ifdef __AES__
 	#define KeyExpansion256(round0,round1) \
@@ -1305,6 +1185,16 @@ namespace crypto
 		SHA256_Final (m_H, &ctx);
 	}

+	void NoiseSymmetricState::MixHash (const std::vector<std::pair<uint8_t *, size_t> >& bufs)
+	{
+		SHA256_CTX ctx;
+		SHA256_Init (&ctx);
+		SHA256_Update (&ctx, m_H, 32);
+		for (const auto& it: bufs)
+			SHA256_Update (&ctx, it.first, it.second);
+		SHA256_Final (m_H, &ctx);
+	}
+
 	void NoiseSymmetricState::MixKey (const uint8_t * sharedSecret)
 	{
 		HKDF (m_CK, sharedSecret, 32, "", m_CK);
@@ -1320,7 +1210,7 @@ namespace crypto
 		SHA256_Init (&ctx);
 		SHA256_Update (&ctx, hh, 32);
 		SHA256_Update (&ctx, pub, 32);
-		SHA256_Final (state.m_H, &ctx);  // h = MixHash(pub) = SHA256(hh || pub)
+		SHA256_Final (state.m_H, &ctx); // h = MixHash(pub) = SHA256(hh || pub)
 	}

 	void InitNoiseNState (NoiseSymmetricState& state, const uint8_t * pub)
@@ -1358,12 +1248,12 @@ namespace crypto
 		}; // SHA256 ("Noise_XKchaobfse+hs1+hs2+hs3_25519_ChaChaPoly_SHA256")
 		static const uint8_t hh[32] =
 		{
-			0xdc, 0x85, 0xe6, 0xaf, 0x7b, 0x02, 0x65, 0x0c, 0xf1, 0xf9, 0x0d, 0x71, 0xfb, 0xc6, 0xd4, 0x53, 
+			0xdc, 0x85, 0xe6, 0xaf, 0x7b, 0x02, 0x65, 0x0c, 0xf1, 0xf9, 0x0d, 0x71, 0xfb, 0xc6, 0xd4, 0x53,
 			0xa7, 0xcf, 0x6d, 0xbf, 0xbd, 0x52, 0x5e, 0xa5, 0xb5, 0x79, 0x1c, 0x47, 0xb3, 0x5e, 0xbc, 0x33
 		}; // SHA256 (protocolNameHash)
 		InitNoiseState (state, protocolNameHash, hh, pub);
 	}
-	
+
 	void InitNoiseIKState (NoiseSymmetricState& state, const uint8_t * pub)
 	{
 		static const uint8_t protocolNameHash[32] =
--- a/libi2pd/Crypto.h
+++ b/libi2pd/Crypto.h
@@ -29,23 +29,25 @@
 #include "CPU.h"

 // recognize openssl version and features
-#if ((OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER)) // 1.0.2 and below or LibreSSL
-#   define LEGACY_OPENSSL 1
-#   define X509_getm_notBefore X509_get_notBefore
-#   define X509_getm_notAfter X509_get_notAfter
+#if (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050200fL)) // LibreSSL 3.5.2 and above
+#	define LEGACY_OPENSSL 0
+#elif ((OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER)) // 1.0.2 and below or LibreSSL
+#	define LEGACY_OPENSSL 1
+#	define X509_getm_notBefore X509_get_notBefore
+#	define X509_getm_notAfter X509_get_notAfter
 #else
-#   define LEGACY_OPENSSL 0
-#   if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
-#       define OPENSSL_HKDF 1
-#       define OPENSSL_EDDSA 1
-#       define OPENSSL_X25519 1
-#		if (OPENSSL_VERSION_NUMBER < 0x030000000) // 3.0.0, regression in SipHash
-#       	define OPENSSL_SIPHASH 1
+#	define LEGACY_OPENSSL 0
+#	if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
+#		define OPENSSL_HKDF 1
+#		define OPENSSL_EDDSA 1
+#		define OPENSSL_X25519 1
+#		if (OPENSSL_VERSION_NUMBER != 0x030000000) // 3.0.0, regression in SipHash
+#			define OPENSSL_SIPHASH 1
 #		endif
-#   endif
-#   if !defined OPENSSL_NO_CHACHA && !defined OPENSSL_NO_POLY1305 // some builds might not include them
-#       define OPENSSL_AEAD_CHACHA20_POLY1305 1
-#   endif
+#	endif
+#	if !defined OPENSSL_NO_CHACHA && !defined OPENSSL_NO_POLY1305 // some builds might not include them
+#		define OPENSSL_AEAD_CHACHA20_POLY1305 1
+#	endif
 #endif

 namespace i2p
@@ -60,24 +62,6 @@ namespace crypto
 	// RSA
 	const BIGNUM * GetRSAE ();

-	// DH
-	class DHKeys
-	{
-		public:
-
-			DHKeys ();
-			~DHKeys ();
-
-			void GenerateKeys ();
-			const uint8_t * GetPublicKey () const { return m_PublicKey; };
-			void Agree (const uint8_t * pub, uint8_t * shared);
-
-		private:
-
-			DH * m_DH;
-			uint8_t m_PublicKey[256];
-	};
-
 	// x25519
 	class X25519Keys
 	{
@@ -119,10 +103,6 @@ namespace crypto
 	bool ECIESDecrypt (const EC_GROUP * curve, const BIGNUM * key, const uint8_t * encrypted, uint8_t * data); // 514 bytes encrypted, 222 data
 	void GenerateECIESKeyPair (const EC_GROUP * curve, BIGNUM *& priv, EC_POINT *& pub);

-	// HMAC
-	typedef i2p::data::Tag<32> MACKey;
-	void HMACMD5Digest (uint8_t * msg, size_t len, const MACKey& key, uint8_t * digest);
-
 	// AES
 	struct ChipherBlock
 	{
@@ -317,6 +297,7 @@ namespace crypto
 		uint8_t m_H[32] /*h*/, m_CK[64] /*[ck, k]*/;

 		void MixHash (const uint8_t * buf, size_t len);
+		void MixHash (const std::vector<std::pair<uint8_t *, size_t> >& bufs);
 		void MixKey (const uint8_t * sharedSecret);
 	};

@@ -382,7 +363,7 @@ inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
 		if (dh->p) BN_free (dh->p);
 		if (dh->q) BN_free (dh->q);
 		if (dh->g) BN_free (dh->g);
-		dh->p = p; dh->q = q; dh->g = g;  return 1;
+		dh->p = p; dh->q = q; dh->g = g; return 1;
 	}
 inline int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
 	{
--- a/libi2pd/Datagram.cpp
+++ b/libi2pd/Datagram.cpp
@@ -324,7 +324,7 @@ namespace datagram

 		auto path = m_RoutingSession->GetSharedRoutingPath();
 		if (path && m_RoutingSession->IsRatchets () &&
-		    m_LastUse > m_RoutingSession->GetLastActivityTimestamp ()*1000 + DATAGRAM_SESSION_PATH_TIMEOUT)
+			m_LastUse > m_RoutingSession->GetLastActivityTimestamp ()*1000 + DATAGRAM_SESSION_PATH_TIMEOUT)
 		{
 			m_RoutingSession->SetSharedRoutingPath (nullptr);
 			path = nullptr;
--- a/libi2pd/Datagram.h
+++ b/libi2pd/Datagram.h
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -15,6 +15,7 @@
 #include <map>
 #include <vector>
 #include "Base.h"
+#include "Gzip.h"
 #include "Identity.h"
 #include "LeaseSet.h"
 #include "I2NPProtocol.h"
--- a/libi2pd/Destination.cpp
+++ b/libi2pd/Destination.cpp
@@ -13,7 +13,6 @@
 #include <vector>
 #include <boost/algorithm/string.hpp>
 #include "Crypto.h"
-#include "Config.h"
 #include "Log.h"
 #include "FS.h"
 #include "Timestamp.h"
@@ -35,6 +34,8 @@ namespace client
 		int inQty   = DEFAULT_INBOUND_TUNNELS_QUANTITY;
 		int outLen  = DEFAULT_OUTBOUND_TUNNEL_LENGTH;
 		int outQty  = DEFAULT_OUTBOUND_TUNNELS_QUANTITY;
+		int inVar   = DEFAULT_INBOUND_TUNNELS_LENGTH_VARIANCE;
+		int outVar  = DEFAULT_OUTBOUND_TUNNELS_LENGTH_VARIANCE;
 		int numTags = DEFAULT_TAGS_TO_SEND;
 		std::shared_ptr<std::vector<i2p::data::IdentHash> > explicitPeers;
 		try
@@ -53,6 +54,12 @@ namespace client
 				it = params->find (I2CP_PARAM_OUTBOUND_TUNNELS_QUANTITY);
 				if (it != params->end ())
 					outQty = std::stoi(it->second);
+				it = params->find (I2CP_PARAM_INBOUND_TUNNELS_LENGTH_VARIANCE);
+				if (it != params->end ())
+					inVar = std::stoi(it->second);
+				it = params->find (I2CP_PARAM_OUTBOUND_TUNNELS_LENGTH_VARIANCE);
+				if (it != params->end ())
+					outVar = std::stoi(it->second);
 				it = params->find (I2CP_PARAM_TAGS_TO_SEND);
 				if (it != params->end ())
 					numTags = std::stoi(it->second);
@@ -86,9 +93,7 @@ namespace client
 				if (it != params->end ())
 				{
 					// oveeride isPublic
-					bool dontpublish = false;
-					i2p::config::GetOption (it->second, dontpublish);
-					m_IsPublic = !dontpublish;
+					m_IsPublic = (it->second != "true");
 				}
 				it = params->find (I2CP_PARAM_LEASESET_TYPE);
 				if (it != params->end ())
@@ -123,7 +128,7 @@ namespace client
 			LogPrint(eLogError, "Destination: Unable to parse parameters for destination: ", ex.what());
 		}
 		SetNumTags (numTags);
-		m_Pool = i2p::tunnel::tunnels.CreateTunnelPool (inLen, outLen, inQty, outQty);
+		m_Pool = i2p::tunnel::tunnels.CreateTunnelPool (inLen, outLen, inQty, outQty, inVar, outVar);
 		if (explicitPeers)
 			m_Pool->SetExplicitPeers (explicitPeers);
 		if(params)
@@ -331,6 +336,22 @@ namespace client
 		return true;
 	}

+	void LeaseSetDestination::SubmitECIESx25519Key (const uint8_t * key, uint64_t tag)
+	{
+		struct
+		{
+			uint8_t k[32];
+			uint64_t t;
+		} data;
+		memcpy (data.k, key, 32);
+		data.t = tag;
+		auto s = shared_from_this ();
+		m_Service.post ([s,data](void)
+			{
+				s->AddECIESx25519Key (data.k, data.t);
+			});
+	}
+
 	void LeaseSetDestination::ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg)
 	{
 		m_Service.post (std::bind (&LeaseSetDestination::HandleGarlicMessage, shared_from_this (), msg));
@@ -396,7 +417,7 @@ namespace client
 				std::lock_guard<std::mutex> lock(m_RemoteLeaseSetsMutex);
 				auto it = m_RemoteLeaseSets.find (key);
 				if (it != m_RemoteLeaseSets.end () &&
-				    it->second->GetStoreType () == buf[DATABASE_STORE_TYPE_OFFSET]) // update only if same type
+					it->second->GetStoreType () == buf[DATABASE_STORE_TYPE_OFFSET]) // update only if same type
 				{
 					leaseSet = it->second;
 					if (leaseSet->IsNewer (buf + offset, len - offset))
@@ -566,7 +587,7 @@ namespace client
 			LogPrint (eLogError, "Destination: Can't publish LeaseSet, no more floodfills found");
 			m_ExcludedFloodfills.clear ();
 			return;
-		}	
+		}
 		auto outbound = m_Pool->GetNextOutboundTunnel (nullptr, floodfill->GetCompatibleTransports (false));
 		auto inbound = m_Pool->GetNextInboundTunnel (nullptr, floodfill->GetCompatibleTransports (true));
 		if (!outbound || !inbound)
@@ -578,22 +599,22 @@ namespace client
 			{
 				outbound = m_Pool->GetNextOutboundTunnel (nullptr, floodfill->GetCompatibleTransports (false));
 				if (outbound)
-				{	
+				{
 					inbound = m_Pool->GetNextInboundTunnel (nullptr, floodfill->GetCompatibleTransports (true));
 					if (!inbound)
 						LogPrint (eLogError, "Destination: Can't publish LeaseSet. No inbound tunnels");
-				}	
+				}
 				else
 					LogPrint (eLogError, "Destination: Can't publish LeaseSet. No outbound tunnels");
-			}	
+			}
 			else
 				LogPrint (eLogError, "Destination: Can't publish LeaseSet, no more floodfills found");
 			if (!floodfill || !outbound || !inbound)
 			{
 				m_ExcludedFloodfills.clear ();
 				return;
-			}	
-		}	
+			}
+		}
 		m_ExcludedFloodfills.insert (floodfill->GetIdentHash ());
 		LogPrint (eLogDebug, "Destination: Publish LeaseSet of ", GetIdentHash ().ToBase32 ());
 		RAND_bytes ((uint8_t *)&m_PublishReplyToken, 4);
@@ -930,7 +951,7 @@ namespace client
 		for (auto& it: encryptionKeyTypes)
 		{
 			auto encryptionKey = new EncryptionKey (it);
-			if (isPublic)
+			if (IsPublic ())
 				PersistTemporaryKeys (encryptionKey, isSingleKey);
 			else
 				encryptionKey->GenerateKeys ();
@@ -945,7 +966,7 @@ namespace client
 				m_StandardEncryptionKey.reset (encryptionKey);
 		}

-		if (isPublic)
+		if (IsPublic ())
 			LogPrint (eLogInfo, "Destination: Local address ", GetIdentHash().ToBase32 (), " created");

 		try
@@ -958,7 +979,7 @@ namespace client
 					m_StreamingAckDelay = std::stoi(it->second);
 				it = params->find (I2CP_PARAM_STREAMING_ANSWER_PINGS);
 				if (it != params->end ())
-					i2p::config::GetOption (it->second, m_IsStreamingAnswerPings);
+					m_IsStreamingAnswerPings = (it->second == "true");

 				if (GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_ENCRYPTED_LEASESET2)
 				{
@@ -1075,7 +1096,13 @@ namespace client
 		}
 		auto leaseSet = FindLeaseSet (dest);
 		if (leaseSet)
-			streamRequestComplete(CreateStream (leaseSet, port));
+		{	
+			auto stream = CreateStream (leaseSet, port);
+			GetService ().post ([streamRequestComplete, stream]() 
+				{                
+					streamRequestComplete(stream);
+				});
+		}	
 		else
 		{
 			auto s = GetSharedFromThis ();
@@ -1108,6 +1135,35 @@ namespace client
 			});
 	}

+	template<typename Dest>	
+	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStreamSync (const Dest& dest, int port) 
+	{
+		std::shared_ptr<i2p::stream::Stream> stream;
+		std::condition_variable streamRequestComplete;
+		std::mutex streamRequestCompleteMutex;
+		std::unique_lock<std::mutex> l(streamRequestCompleteMutex);
+		CreateStream (
+			[&streamRequestComplete, &streamRequestCompleteMutex, &stream](std::shared_ptr<i2p::stream::Stream> s)
+		    {
+				stream = s;
+				std::unique_lock<std::mutex> l(streamRequestCompleteMutex);
+				streamRequestComplete.notify_all ();
+			},
+		    dest, port);
+		streamRequestComplete.wait (l);
+		return stream;
+	}	
+
+	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStream (const i2p::data::IdentHash& dest, int port) 
+	{
+		return CreateStreamSync (dest, port);
+	}	
+
+	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStream (std::shared_ptr<const i2p::data::BlindedPublicKey> dest, int port)
+	{
+		return CreateStreamSync (dest, port);
+	}	
+		
 	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port)
 	{
 		if (m_StreamingDestination)
--- a/libi2pd/Destination.h
+++ b/libi2pd/Destination.h
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -53,6 +53,10 @@ namespace client
 	const int DEFAULT_INBOUND_TUNNELS_QUANTITY = 5;
 	const char I2CP_PARAM_OUTBOUND_TUNNELS_QUANTITY[] = "outbound.quantity";
 	const int DEFAULT_OUTBOUND_TUNNELS_QUANTITY = 5;
+	const char I2CP_PARAM_INBOUND_TUNNELS_LENGTH_VARIANCE[] = "inbound.lengthVariance";
+	const int DEFAULT_INBOUND_TUNNELS_LENGTH_VARIANCE = 0;
+	const char I2CP_PARAM_OUTBOUND_TUNNELS_LENGTH_VARIANCE[] = "outbound.lengthVariance";
+	const int DEFAULT_OUTBOUND_TUNNELS_LENGTH_VARIANCE = 0;
 	const char I2CP_PARAM_EXPLICIT_PEERS[] = "explicitPeers";
 	const int STREAM_REQUEST_TIMEOUT = 60; //in seconds
 	const char I2CP_PARAM_TAGS_TO_SEND[] = "crypto.tagsToSend";
@@ -134,6 +138,7 @@ namespace client

 			// override GarlicDestination
 			bool SubmitSessionKey (const uint8_t * key, const uint8_t * tag);
+			void SubmitECIESx25519Key (const uint8_t * key, uint64_t tag);
 			void ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg);
 			void ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);
 			void SetLeaseSetUpdated ();
@@ -242,6 +247,8 @@ namespace client
 			// following methods operate with default streaming destination
 			void CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, int port = 0);
 			void CreateStream (StreamRequestComplete streamRequestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> dest, int port = 0);
+			std::shared_ptr<i2p::stream::Stream> CreateStream (const i2p::data::IdentHash& dest, int port = 0); // sync
+			std::shared_ptr<i2p::stream::Stream> CreateStream (std::shared_ptr<const i2p::data::BlindedPublicKey> dest, int port = 0); // sync
 			std::shared_ptr<i2p::stream::Stream> CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port = 0);
 			void SendPing (const i2p::data::IdentHash& to);
 			void SendPing (std::shared_ptr<const i2p::data::BlindedPublicKey> to);
@@ -277,6 +284,9 @@ namespace client
 			void PersistTemporaryKeys (EncryptionKey * keys, bool isSingleKey);
 			void ReadAuthKey (const std::string& group, const std::map<std::string, std::string> * params);

+			template<typename Dest>	
+			std::shared_ptr<i2p::stream::Stream> CreateStreamSync (const Dest& dest, int port);
+			
 		private:

 			i2p::data::PrivateKeys m_Keys;
--- a/libi2pd/ECIESX25519AEADRatchetSession.h
+++ b/libi2pd/ECIESX25519AEADRatchetSession.h
@@ -212,7 +212,7 @@ namespace garlic
 			uint8_t m_NSREncodedKey[32], m_NSRH[32], m_NSRKey[32]; // new session reply, for incoming only
 			std::shared_ptr<i2p::crypto::X25519Keys> m_EphemeralKeys;
 			SessionState m_State = eSessionStateNew;
-			uint64_t m_SessionCreatedTimestamp = 0,  m_LastActivityTimestamp = 0, // incoming (in seconds)
+			uint64_t m_SessionCreatedTimestamp = 0, m_LastActivityTimestamp = 0, // incoming (in seconds)
 				m_LastSentTimestamp = 0; // in milliseconds
 			std::shared_ptr<RatchetTagSet> m_SendTagset, m_NSRSendTagset;
 			std::unique_ptr<i2p::data::IdentHash> m_Destination;// TODO: might not need it
@@ -229,7 +229,7 @@ namespace garlic
 			{
 				return m_Destination ? *m_Destination : i2p::data::IdentHash ();
 			}
-	 };
+	};

 	// single session for all incoming messages
 	class RouterIncomingRatchetSession: public ECIESX25519AEADRatchetSession
--- a/libi2pd/Ed25519.cpp
+++ b/libi2pd/Ed25519.cpp
@@ -33,7 +33,7 @@ namespace crypto
 		BN_add (l, l, tmp);
 		BN_sub_word (two_252_2, 2); // 2^252 - 2

-		 // -121665*inv(121666)
+		// -121665*inv(121666)
 		d = BN_new ();
 		BN_set_word (tmp, 121666);
 		BN_mod_inverse (tmp, tmp, q, ctx);
@@ -61,7 +61,7 @@ namespace crypto
 		BN_mod (By, By, q, ctx); // % q

 		// precalculate Bi256 table
-		Bi256Carry = { Bx, By };  // B
+		Bi256Carry = { Bx, By }; // B
 		for (int i = 0; i < 32; i++)
 		{
 			Bi256[i][0] = Bi256Carry; // first point
@@ -215,7 +215,7 @@ namespace crypto
 		if (!t1) { t1 = BN_CTX_get (ctx); BN_mul (t1, p1.x, p1.y, ctx); }
 		if (!t2) { t2 = BN_CTX_get (ctx); BN_mul (t2, p2.x, p2.y, ctx); }
 		BN_mul (t3, t1, t2, ctx);
-		BN_mul (t3, t3, d, ctx);  // C = d*t1*t2
+		BN_mul (t3, t3, d, ctx); // C = d*t1*t2

 		if (p1.z)
 		{
@@ -264,9 +264,9 @@ namespace crypto
 		else
 		{
 			BN_mul (t2, p.x, p.y, ctx); // t = x*y
-			BN_sqr (t2, t2, ctx);  // t2 = t^2
+			BN_sqr (t2, t2, ctx); // t2 = t^2
 		}
-		BN_mul (t2, t2, d, ctx);  // t2 = C = d*t^2
+		BN_mul (t2, t2, d, ctx); // t2 = C = d*t^2
 		if (p.z)
 			BN_sqr (z2, p.z, ctx); // z2 = D = z^2
 		else
@@ -349,7 +349,7 @@ namespace crypto
 			BN_mod_inverse (y, p.z, q, ctx);
 			BN_mod_mul (x, p.x, y, q, ctx); // x = x/z
 			BN_mod_mul (y, p.y, y, q, ctx); // y = y/z
-			return  EDDSAPoint{x, y};
+			return EDDSAPoint{x, y};
 		}
 		else
 			return EDDSAPoint{BN_dup (p.x), BN_dup (p.y)};
@@ -506,13 +506,13 @@ namespace crypto
 			std::swap (z2, z3);
 		}
 		BN_mod_inverse (z2, z2, q, ctx);
-		BIGNUM * res =  BN_new (); // not from ctx
+		BIGNUM * res = BN_new (); // not from ctx
 		BN_mod_mul(res, x2, z2, q, ctx);
 		BN_CTX_end (ctx);
 		return res;
 	}

-	void Ed25519::ScalarMul (const uint8_t * p, const  uint8_t * e, uint8_t * buf, BN_CTX * ctx) const
+	void Ed25519::ScalarMul (const uint8_t * p, const uint8_t * e, uint8_t * buf, BN_CTX * ctx) const
 	{
 		BIGNUM * p1 = DecodeBN<32> (p);
 		uint8_t k[32];
@@ -524,7 +524,7 @@ namespace crypto
 		BN_free (p1); BN_free (n); BN_free (q1);
 	}

-	void Ed25519::ScalarMulB (const  uint8_t * e, uint8_t * buf, BN_CTX * ctx) const
+	void Ed25519::ScalarMulB (const uint8_t * e, uint8_t * buf, BN_CTX * ctx) const
 	{
 		BIGNUM *p1 = BN_new (); BN_set_word (p1, 9);
 		uint8_t k[32];
--- a/libi2pd/Ed25519.h
+++ b/libi2pd/Ed25519.h
@@ -85,8 +85,8 @@ namespace crypto
 			EDDSAPoint DecodePublicKey (const uint8_t * buf, BN_CTX * ctx) const;
 			void EncodePublicKey (const EDDSAPoint& publicKey, uint8_t * buf, BN_CTX * ctx) const;
 #if !OPENSSL_X25519
-			void ScalarMul (const uint8_t * p, const  uint8_t * e, uint8_t * buf, BN_CTX * ctx) const; // p is point, e is number for x25519
-			void ScalarMulB (const  uint8_t * e, uint8_t * buf, BN_CTX * ctx) const;
+			void ScalarMul (const uint8_t * p, const uint8_t * e, uint8_t * buf, BN_CTX * ctx) const; // p is point, e is number for x25519
+			void ScalarMulB (const uint8_t * e, uint8_t * buf, BN_CTX * ctx) const;
 #endif
 			void BlindPublicKey (const uint8_t * pub, const uint8_t * seed, uint8_t * blinded); // for encrypted LeaseSet2, pub - 32, seed - 64, blinded - 32
 			void BlindPrivateKey (const uint8_t * priv, const uint8_t * seed, uint8_t * blindedPriv, uint8_t * blindedPub); // for encrypted LeaseSet2, pub - 32, seed - 64, blinded - 32
--- a/libi2pd/Elligator.cpp
+++ b/libi2pd/Elligator.cpp
@@ -189,7 +189,7 @@ namespace crypto
 		// assume a < p, so don't check for a % p = 0, but a = 0 only
 		if (BN_is_zero(a)) return 0;
 		BIGNUM * r = BN_CTX_get (ctx);
-		BN_mod_exp (r, a, p12, p, ctx); // 	r = a^((p-1)/2) mod p
+		BN_mod_exp (r, a, p12, p, ctx); // r = a^((p-1)/2) mod p
 		if (BN_is_word(r, 1))
 			return 1;
 		else if (BN_is_zero(r))
--- a/libi2pd/FS.cpp
+++ b/libi2pd/FS.cpp
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -60,10 +60,38 @@ namespace fs {
 	}

 	void DetectDataDir(const std::string & cmdline_param, bool isService) {
+		// with 'datadir' option
 		if (cmdline_param != "") {
 			dataDir = cmdline_param;
 			return;
 		}
+
+#if !defined(MAC_OSX) && !defined(ANDROID)
+		// with 'service' option
+		if (isService) {
+#ifdef _WIN32
+			wchar_t commonAppData[MAX_PATH];
+			if(SHGetFolderPathW(NULL, CSIDL_COMMON_APPDATA, NULL, 0, commonAppData) != S_OK)
+			{
+#ifdef WIN32_APP
+				MessageBox(NULL, TEXT("Unable to get common AppData path!"), TEXT("I2Pd: error"), MB_ICONERROR | MB_OK);
+#else
+				fprintf(stderr, "Error: Unable to get common AppData path!");
+#endif
+				exit(1);
+			}
+			else
+			{
+				dataDir = boost::filesystem::wpath(commonAppData).string() + "\\" + appName;
+			}
+#else
+			dataDir = "/var/lib/" + appName;
+#endif
+			return;
+		}
+#endif
+
+		// detect directory as usual
 #ifdef _WIN32
 		wchar_t localAppData[MAX_PATH];

@@ -117,12 +145,10 @@ namespace fs {
 			dataDir = std::string (ext) + "/" + appName;
 			return;
 		}
-#endif
-		// otherwise use /data/files
+#endif // ANDROID
+		// use /home/user/.i2pd or /tmp/i2pd
 		char *home = getenv("HOME");
-		if (isService) {
-			dataDir = "/var/lib/" + appName;
-		} else if (home != NULL && strlen(home) > 0) {
+		if (home != NULL && strlen(home) > 0) {
 			dataDir = std::string(home) + "/." + appName;
 		} else {
 			dataDir = "/tmp/" + appName;
--- a/libi2pd/FS.h
+++ b/libi2pd/FS.h
@@ -83,8 +83,8 @@ namespace fs {

 	/**
 	 * @brief Set datadir either from cmdline option or using autodetection
-	 * @param cmdline_param  Value of cmdline parameter --datadir=<something>
-	 * @param isService      Value of cmdline parameter --service
+	 * @param cmdline_param Value of cmdline parameter --datadir=<something>
+	 * @param isService Value of cmdline parameter --service
 	 *
 	 * Examples of autodetected paths:
 	 *
@@ -93,11 +93,11 @@ namespace fs {
 	 *   Mac: /Library/Application Support/i2pd/ or ~/Library/Application Support/i2pd/
 	 *   Unix: /var/lib/i2pd/ (system=1) >> ~/.i2pd/ or /tmp/i2pd/
 	 */
-	 void DetectDataDir(const std::string & cmdline_datadir, bool isService = false);
+	void DetectDataDir(const std::string & cmdline_datadir, bool isService = false);

 	/**
 	 * @brief Set certsdir either from cmdline option or using autodetection
-	 * @param cmdline_param  Value of cmdline parameter --certsdir=<something>
+	 * @param cmdline_param Value of cmdline parameter --certsdir=<something>
 	 *
 	 * Examples of autodetected paths:
 	 *
@@ -106,7 +106,7 @@ namespace fs {
 	 *   Mac: /Library/Application Support/i2pd/ or ~/Library/Application Support/i2pd/certificates
 	 *   Unix: /var/lib/i2pd/certificates (system=1) >> ~/.i2pd/ or /tmp/i2pd/certificates
 	 */
-	 void SetCertsDir(const std::string & cmdline_certsdir);
+	void SetCertsDir(const std::string & cmdline_certsdir);

 	/**
 	 * @brief Create subdirectories inside datadir
@@ -115,7 +115,7 @@ namespace fs {

 	/**
 	 * @brief Get list of files in directory
-	 * @param path  Path to directory
+	 * @param path Path to directory
 	 * @param files Vector to store found files
 	 * @return true on success and false if directory not exists
 	 */
--- a/libi2pd/Family.cpp
+++ b/libi2pd/Family.cpp
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -88,7 +88,7 @@ namespace data
 				}
 				EVP_PKEY_free (pkey);
 				if (verifier && cn)
-					m_SigningKeys[cn] = verifier;
+					m_SigningKeys.emplace (cn, std::make_pair(verifier, m_SigningKeys.size () + 1));
 			}
 			SSL_free (ssl);
 		}
@@ -121,7 +121,7 @@ namespace data
 	}

 	bool Families::VerifyFamily (const std::string& family, const IdentHash& ident,
-		const char * signature, const char * key)
+		const char * signature, const char * key) const
 	{
 		uint8_t buf[100], signatureBuf[64];
 		size_t len = family.length (), signatureLen = strlen (signature);
@@ -137,11 +137,19 @@ namespace data
 		Base64ToByteStream (signature, signatureLen, signatureBuf, 64);
 		auto it = m_SigningKeys.find (family);
 		if (it != m_SigningKeys.end ())
-			return it->second->Verify (buf, len, signatureBuf);
+			return it->second.first->Verify (buf, len, signatureBuf);
 		// TODO: process key
 		return true;
 	}

+	FamilyID Families::GetFamilyID (const std::string& family) const
+	{
+		auto it = m_SigningKeys.find (family);
+		if (it != m_SigningKeys.end ())
+			return it->second.second;
+		return 0;
+	}
+
 	std::string CreateFamilySignature (const std::string& family, const IdentHash& ident)
 	{
 		auto filename = i2p::fs::DataDirPath("family", (family + ".key"));
--- a/libi2pd/Family.h
+++ b/libi2pd/Family.h
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -19,6 +19,7 @@ namespace i2p
 {
 namespace data
 {
+	typedef int FamilyID;
 	class Families
 	{
 		public:
@@ -27,7 +28,8 @@ namespace data
 			~Families ();
 			void LoadCertificates ();
 			bool VerifyFamily (const std::string& family, const IdentHash& ident,
-				const char * signature, const char * key = nullptr);
+				const char * signature, const char * key = nullptr) const;
+			FamilyID GetFamilyID (const std::string& family) const;

 		private:

@@ -35,7 +37,7 @@ namespace data

 		private:

-			std::map<std::string, std::shared_ptr<i2p::crypto::Verifier> > m_SigningKeys;
+			std::map<std::string, std::pair<std::shared_ptr<i2p::crypto::Verifier>, FamilyID> > m_SigningKeys; // family -> (verifier, id)
 	};

 	std::string CreateFamilySignature (const std::string& family, const IdentHash& ident);
--- a/libi2pd/Garlic.cpp
+++ b/libi2pd/Garlic.cpp
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -293,14 +293,14 @@ namespace garlic
 		size_t size = 0;
 		if (isDestination)
 		{
-			buf[size] = eGarlicDeliveryTypeDestination << 5;//  delivery instructions flag destination
+			buf[size] = eGarlicDeliveryTypeDestination << 5;// delivery instructions flag destination
 			size++;
 			memcpy (buf + size, m_Destination->GetIdentHash (), 32);
 			size += 32;
 		}
 		else
 		{
-			buf[size] = 0;//  delivery instructions flag local
+			buf[size] = 0;// delivery instructions flag local
 			size++;
 		}

@@ -484,6 +484,11 @@ namespace garlic
 		return true;
 	}

+	void GarlicDestination::SubmitECIESx25519Key (const uint8_t * key, uint64_t tag)
+	{
+		AddECIESx25519Key (key, tag);
+	}
+
 	void GarlicDestination::HandleGarlicMessage (std::shared_ptr<I2NPMessage> msg)
 	{
 		uint8_t * buf = msg->GetPayload ();
@@ -739,7 +744,7 @@ namespace garlic
 				LogPrint (eLogError, "Garlic: Message is too short");
 				break;
 			}
-			buf += GetI2NPMessageLength (buf, len - offset); //  I2NP
+			buf += GetI2NPMessageLength (buf, len - offset); // I2NP
 			buf += 4; // CloveID
 			buf += 8; // Date
 			buf += 3; // Certificate
@@ -1019,7 +1024,7 @@ namespace garlic
 		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
 		for (auto it: files)
 			if (ts >= i2p::fs::GetLastUpdateTime (it) + INCOMING_TAGS_EXPIRATION_TIMEOUT)
-				 i2p::fs::Remove (it);
+				i2p::fs::Remove (it);
 	}

 	void GarlicDestination::HandleECIESx25519GarlicClove (const uint8_t * buf, size_t len)
--- a/libi2pd/Garlic.h
+++ b/libi2pd/Garlic.h
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -245,6 +245,7 @@ namespace garlic
 			void AddSessionKey (const uint8_t * key, const uint8_t * tag); // one tag
 			void AddECIESx25519Key (const uint8_t * key, uint64_t tag); // one tag
 			virtual bool SubmitSessionKey (const uint8_t * key, const uint8_t * tag); // from different thread
+			virtual void SubmitECIESx25519Key (const uint8_t * key, uint64_t tag); // from different thread
 			void DeliveryStatusSent (GarlicRoutingSessionPtr session, uint32_t msgID);
 			uint64_t AddECIESx25519SessionNextTag (ReceiveRatchetTagSetPtr tagset);
 			void AddECIESx25519Session (const uint8_t * staticKey, ECIESX25519AEADRatchetSessionPtr session);
--- a/libi2pd/Gost.cpp
+++ b/libi2pd/Gost.cpp
@@ -96,7 +96,7 @@ namespace crypto
 		EC_POINT * C = EC_POINT_new (m_Group);
 		EC_POINT_mul (m_Group, C, z1, pub, z2, ctx); // z1*P + z2*pub
 		BIGNUM * x = BN_CTX_get (ctx);
-		GetXY  (C, x, nullptr); // Cx
+		GetXY (C, x, nullptr); // Cx
 		BN_mod (x, x, q, ctx); // Cx % q
 		bool ret = !BN_cmp (x, r); // Cx = r ?
 		EC_POINT_free (C);
@@ -111,8 +111,8 @@ namespace crypto
 		BN_CTX * ctx = BN_CTX_new ();
 		BN_CTX_start (ctx);
 		EC_POINT * C = EC_POINT_new (m_Group); // C = k*P = (rx, ry)
-		EC_POINT * Q  = nullptr;
-		if (EC_POINT_set_compressed_coordinates_GFp (m_Group, C, r, isNegativeY ? 1 : 0,  ctx))
+		EC_POINT * Q = nullptr;
+		if (EC_POINT_set_compressed_coordinates_GFp (m_Group, C, r, isNegativeY ? 1 : 0, ctx))
 		{
 			EC_POINT * S = EC_POINT_new (m_Group); // S = s*P
 			EC_POINT_mul (m_Group, S, s, nullptr, nullptr, ctx);
--- a/libi2pd/Gzip.cpp
+++ b/libi2pd/Gzip.cpp
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -57,7 +57,8 @@ namespace data
 			if ((err = inflate (&m_Inflator, Z_NO_FLUSH)) == Z_STREAM_END)
 				return outLen - m_Inflator.avail_out;
 			// else
-			LogPrint (eLogError, "Gzip: Inflate error ", err);
+			if (err)
+				LogPrint (eLogError, "Gzip: Inflate error ", err);
 			return 0;
 		}
 	}
@@ -128,7 +129,8 @@ namespace data
 			return outLen - m_Deflator.avail_out;
 		}
 		// else
-		LogPrint (eLogError, "Gzip: Deflate error ", err);
+		if (err)
+			LogPrint (eLogError, "Gzip: Deflate error ", err);
 		return 0;
 	}

@@ -158,7 +160,8 @@ namespace data
 			offset = outLen - m_Deflator.avail_out;
 		}
 		// else
-		LogPrint (eLogError, "Gzip: Deflate error ", err);
+		if (err)
+			LogPrint (eLogError, "Gzip: Deflate error ", err);
 		return 0;
 	}

--- a/libi2pd/HTTP.cpp
+++ b/libi2pd/HTTP.cpp
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -135,6 +135,7 @@ namespace http
 					? url.substr(pos_p, std::string::npos)
 					: url.substr(pos_p, pos_c - pos_p);
 				/* stoi throws exception on failure, we don't need it */
+				port = 0;
 				for (char c : port_str) {
 					if (c < '0' || c > '9')
 						return false;
@@ -279,7 +280,7 @@ namespace http
 				method  = tokens[0];
 				uri     = tokens[1];
 				version = tokens[2];
-				expect = HEADER_LINE;
+				expect  = HEADER_LINE;
 			}
 			else
 			{
@@ -363,7 +364,7 @@ namespace http
 			return false; /* no header */
 		if (it->second.find("gzip") != std::string::npos)
 			return true; /* gotcha! */
-		if (includingI2PGzip &&  it->second.find("x-i2p-gzip") != std::string::npos)
+		if (includingI2PGzip && it->second.find("x-i2p-gzip") != std::string::npos)
 			return true;
 		return false;
 	}
@@ -409,7 +410,7 @@ namespace http
 				/* all ok */
 				version = tokens[0];
 				status  = tokens[2];
-				expect = HEADER_LINE;
+				expect  = HEADER_LINE;
 			} else {
 				std::string line = str.substr(pos, eol - pos);
 				auto p = parse_header_line(line);
@@ -460,7 +461,7 @@ namespace http
 			case 304: ptr = "Not Modified"; break;
 			case 307: ptr = "Temporary Redirect"; break;
 			/* client error */
-			case 400: ptr = "Bad Request";  break;
+			case 400: ptr = "Bad Request"; break;
 			case 401: ptr = "Unauthorized"; break;
 			case 403: ptr = "Forbidden"; break;
 			case 404: ptr = "Not Found"; break;
@@ -471,7 +472,7 @@ namespace http
 			case 502: ptr = "Bad Gateway"; break;
 			case 503: ptr = "Not Implemented"; break;
 			case 504: ptr = "Gateway Timeout"; break;
-			default:  ptr = "Unknown Status";  break;
+			default:  ptr = "Unknown Status"; break;
 		}
 		return ptr;
 	}
--- a/libi2pd/HTTP.h
+++ b/libi2pd/HTTP.h
@@ -161,7 +161,7 @@ namespace http

 	/**
 	 * @brief Merge HTTP response content with Transfer-Encoding: chunked
-	 * @param in  Input stream
+	 * @param in Input stream
 	 * @param out Output stream
 	 * @return true on success, false otherwise
 	 */
--- a/libi2pd/I2NPProtocol.cpp
+++ b/libi2pd/I2NPProtocol.cpp
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -171,7 +171,7 @@ namespace i2p
 	std::shared_ptr<I2NPMessage> CreateLeaseSetDatabaseLookupMsg (const i2p::data::IdentHash& dest,
 		const std::set<i2p::data::IdentHash>& excludedFloodfills,
 		std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel, const uint8_t * replyKey,
-		    const uint8_t * replyTag, bool replyECIES)
+			const uint8_t * replyTag, bool replyECIES)
 	{
 		int cnt = excludedFloodfills.size ();
 		auto m = cnt > 7 ? NewI2NPMessage () : NewI2NPShortMessage ();
@@ -244,7 +244,7 @@ namespace i2p
 	}

 	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::RouterInfo> router,
-	    uint32_t replyToken, std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel)
+		uint32_t replyToken, std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel)
 	{
 		if (!router) // we send own RouterInfo
 			router = context.GetSharedRouterInfo ();
@@ -629,7 +629,7 @@ namespace i2p
 						// we send it to reply tunnel
 						transports.SendMessage (clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET,
 						CreateTunnelGatewayMsg (bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
-							i2p::garlic::WrapECIESX25519Message (replyMsg,  noiseState.m_CK + 32, tag)));
+							i2p::garlic::WrapECIESX25519Message (replyMsg, noiseState.m_CK + 32, tag)));
 					}
 					else
 					{
@@ -802,13 +802,8 @@ namespace i2p
 				break;
 				case eI2NPGarlic:
 				{
-					if (msg->from)
-					{
-						if (msg->from->GetTunnelPool ())
-							msg->from->GetTunnelPool ()->ProcessGarlicMessage (msg);
-						else
-							LogPrint (eLogInfo, "I2NP: Local destination for garlic doesn't exist anymore");
-					}
+					if (msg->from && msg->from->GetTunnelPool ())
+						msg->from->GetTunnelPool ()->ProcessGarlicMessage (msg);
 					else
 						i2p::context.ProcessGarlicMessage (msg);
 					break;
--- a/libi2pd/I2NPProtocol.h
+++ b/libi2pd/I2NPProtocol.h
@@ -150,7 +150,7 @@ namespace tunnel
 		std::shared_ptr<i2p::tunnel::InboundTunnel> from;

 		I2NPMessage (): buf (nullptr),len (I2NP_HEADER_SIZE + 2),
-			offset(2), maxLen (0), from (nullptr) {};  // reserve 2 bytes for NTCP header
+			offset(2), maxLen (0), from (nullptr) {}; // reserve 2 bytes for NTCP header

 		// header accessors
 		uint8_t * GetHeader () { return GetBuffer (); };
@@ -274,8 +274,8 @@ namespace tunnel
 		uint32_t replyTunnelID, bool exploratory = false, std::set<i2p::data::IdentHash> * excludedPeers = nullptr);
 	std::shared_ptr<I2NPMessage> CreateLeaseSetDatabaseLookupMsg (const i2p::data::IdentHash& dest,
 		const std::set<i2p::data::IdentHash>& excludedFloodfills,
-	    std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel,
-	    const uint8_t * replyKey, const uint8_t * replyTag, bool replyECIES = false);
+		std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel,
+		const uint8_t * replyKey, const uint8_t * replyTag, bool replyECIES = false);
 	std::shared_ptr<I2NPMessage> CreateDatabaseSearchReply (const i2p::data::IdentHash& ident, std::vector<i2p::data::IdentHash> routers);

 	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::RouterInfo> router = nullptr, uint32_t replyToken = 0, std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel = nullptr);
--- a/libi2pd/Identity.cpp
+++ b/libi2pd/Identity.cpp
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -49,13 +49,30 @@ namespace data

 	IdentityEx::IdentityEx(const uint8_t * publicKey, const uint8_t * signingKey, SigningKeyType type, CryptoKeyType cryptoType)
 	{
+		/*uint8_t randomPaddingBlock[32];
+		RAND_bytes (randomPaddingBlock, 32);*/
 		if (cryptoType == CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)
 		{
-			memcpy (m_StandardIdentity.publicKey, publicKey, 32);
-			RAND_bytes (m_StandardIdentity.publicKey + 32, 224);
+			/*memcpy (m_StandardIdentity.publicKey, publicKey ? publicKey : randomPaddingBlock, 32);
+			for (int i = 0; i < 7; i++) // 224 bytes
+				memcpy (m_StandardIdentity.publicKey + 32*(i + 1), randomPaddingBlock, 32);*/
+			if (publicKey)
+			{	
+				memcpy (m_StandardIdentity.publicKey, publicKey, 32);
+				RAND_bytes (m_StandardIdentity.publicKey + 32, 224);
+			}	
+			else
+				RAND_bytes (m_StandardIdentity.publicKey, 256);
 		}
 		else
-			memcpy (m_StandardIdentity.publicKey, publicKey, 256);
+		{
+			if (publicKey)
+				memcpy (m_StandardIdentity.publicKey, publicKey, 256);
+			else
+				RAND_bytes (m_StandardIdentity.publicKey, 256);
+				/*for (int i = 0; i < 8; i++) // 256 bytes
+					memcpy (m_StandardIdentity.publicKey + 32*i, randomPaddingBlock, 32);*/
+		}	
 		if (type != SIGNING_KEY_TYPE_DSA_SHA1)
 		{
 			size_t excessLen = 0;
@@ -64,7 +81,7 @@ namespace data
 			{
 				case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
 				{
-					size_t padding =  128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
+					size_t padding = 128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
 					RAND_bytes (m_StandardIdentity.signingKey, padding);
 					memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP256_KEY_LENGTH);
 					break;
@@ -93,7 +110,9 @@ namespace data
 				case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519:
 				{
 					size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
-					RAND_bytes (m_StandardIdentity.signingKey, padding);
+					/*for (int i = 0; i < 3; i++) // 96 bytes
+						memcpy (m_StandardIdentity.signingKey + 32*i, randomPaddingBlock, 32);*/
+					RAND_bytes (m_StandardIdentity.signingKey, 96);	
 					memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH);
 					break;
 				}
@@ -695,7 +714,7 @@ namespace data
 		return nullptr;
 	}

-	PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type, CryptoKeyType cryptoType)
+	PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type, CryptoKeyType cryptoType, bool isDestination)
 	{
 		if (type != SIGNING_KEY_TYPE_DSA_SHA1)
 		{
@@ -705,9 +724,12 @@ namespace data
 			GenerateSigningKeyPair (type, keys.m_SigningPrivateKey, signingPublicKey);
 			// encryption
 			uint8_t publicKey[256];
-			GenerateCryptoKeyPair (cryptoType, keys.m_PrivateKey, publicKey);
+			if (isDestination)
+				RAND_bytes (keys.m_PrivateKey, 256);
+			else	
+				GenerateCryptoKeyPair (cryptoType, keys.m_PrivateKey, publicKey);
 			// identity
-			keys.m_Public = std::make_shared<IdentityEx> (publicKey, signingPublicKey, type, cryptoType);
+			keys.m_Public = std::make_shared<IdentityEx> (isDestination ? nullptr : publicKey, signingPublicKey, type, cryptoType);

 			keys.CreateSigner ();
 			return keys;
@@ -788,7 +810,7 @@ namespace data
 			keys.m_OfflineSignature.resize (pubKeyLen + m_Public->GetSignatureLen () + 6);
 			htobe32buf (keys.m_OfflineSignature.data (), expires); // expires
 			htobe16buf (keys.m_OfflineSignature.data () + 4, type); // type
-			GenerateSigningKeyPair (type, keys.m_SigningPrivateKey, keys.m_OfflineSignature.data () + 6); // public  key
+			GenerateSigningKeyPair (type, keys.m_SigningPrivateKey, keys.m_OfflineSignature.data () + 6); // public key
 			Sign (keys.m_OfflineSignature.data (), pubKeyLen + 6, keys.m_OfflineSignature.data () + 6 + pubKeyLen); // signature
 			// recreate signer
 			keys.m_Signer = nullptr;
--- a/libi2pd/Identity.h
+++ b/libi2pd/Identity.h
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -120,7 +120,7 @@ namespace data
 			CryptoKeyType GetCryptoKeyType () const;
 			void DropVerifier () const; // to save memory

-  			bool operator == (const IdentityEx & other) const { return GetIdentHash() == other.GetIdentHash(); }
+			bool operator == (const IdentityEx & other) const { return GetIdentHash() == other.GetIdentHash(); }
 			void RecalculateIdentHash(uint8_t * buff=nullptr);

 			static i2p::crypto::Verifier * CreateVerifier (SigningKeyType keyType);
@@ -171,7 +171,7 @@ namespace data
 			std::shared_ptr<i2p::crypto::CryptoKeyDecryptor> CreateDecryptor (const uint8_t * key) const;

 			static std::shared_ptr<i2p::crypto::CryptoKeyDecryptor> CreateDecryptor (CryptoKeyType cryptoType, const uint8_t * key);
-			static PrivateKeys CreateRandomKeys (SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1, CryptoKeyType cryptoType = CRYPTO_KEY_TYPE_ELGAMAL);
+			static PrivateKeys CreateRandomKeys (SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1, CryptoKeyType cryptoType = CRYPTO_KEY_TYPE_ELGAMAL, bool isDestination = false);
 			static void GenerateSigningKeyPair (SigningKeyType type, uint8_t * priv, uint8_t * pub);
 			static void GenerateCryptoKeyPair (CryptoKeyType type, uint8_t * priv, uint8_t * pub); // priv and pub are 256 bytes long
 			static i2p::crypto::Signer * CreateSigner (SigningKeyType keyType, const uint8_t * priv);
@@ -222,7 +222,7 @@ namespace data
 			RoutingDestination () {};
 			virtual ~RoutingDestination () {};

-			virtual std::shared_ptr<const IdentityEx> GetIdentity ()  const = 0;
+			virtual std::shared_ptr<const IdentityEx> GetIdentity () const = 0;
 			virtual void Encrypt (const uint8_t * data, uint8_t * encrypted) const = 0; // encrypt data for
 			virtual bool IsDestination () const = 0; // for garlic

--- a/libi2pd/LeaseSet.cpp
+++ b/libi2pd/LeaseSet.cpp
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -37,14 +37,7 @@ namespace data

 	void LeaseSet::Update (const uint8_t * buf, size_t len, bool verifySignature)
 	{
-		if (len > m_BufferLen)
-		{
-			auto oldBuffer = m_Buffer;
-			m_Buffer = new uint8_t[len];
-			delete[] oldBuffer;
-		}
-		memcpy (m_Buffer, buf, len);
-		m_BufferLen = len;
+		SetBuffer (buf, len);
 		ReadFromBuffer (false, verifySignature);
 	}

@@ -59,9 +52,9 @@ namespace data
 		if (readIdentity || !m_Identity)
 			m_Identity = std::make_shared<IdentityEx>(m_Buffer, m_BufferLen);
 		size_t size = m_Identity->GetFullLen ();
-		if (size > m_BufferLen)
+		if (size + 256 > m_BufferLen)
 		{
-			LogPrint (eLogError, "LeaseSet: Identity length ", size, " exceeds buffer size ", m_BufferLen);
+			LogPrint (eLogError, "LeaseSet: Identity length ", int(size), " exceeds buffer size ", int(m_BufferLen));
 			m_IsValid = false;
 			return;
 		}
@@ -74,7 +67,7 @@ namespace data
 		size += m_Identity->GetSigningPublicKeyLen (); // unused signing key
 		if (size + 1 > m_BufferLen)
 		{
-			LogPrint (eLogError, "LeaseSet: ", size, " exceeds buffer size ", m_BufferLen);
+			LogPrint (eLogError, "LeaseSet: ", int(size), " exceeds buffer size ", int(m_BufferLen));
 			m_IsValid = false;
 			return;
 		}
@@ -89,7 +82,7 @@ namespace data
 		}
 		if (size + num*LEASE_SIZE > m_BufferLen)
 		{
-			LogPrint (eLogError, "LeaseSet: ", size, " exceeds buffer size ", m_BufferLen);
+			LogPrint (eLogError, "LeaseSet: ", int(size), " exceeds buffer size ", int(m_BufferLen));
 			m_IsValid = false;
 			return;
 		}
@@ -125,7 +118,7 @@ namespace data
 			auto signedSize = leases - m_Buffer;
 			if (signedSize + m_Identity->GetSignatureLen () > m_BufferLen)
 			{
-				LogPrint (eLogError, "LeaseSet: Signature exceeds buffer size ", m_BufferLen);
+				LogPrint (eLogError, "LeaseSet: Signature exceeds buffer size ", int(m_BufferLen));
 				m_IsValid = false;
 			}
 			else if (!m_Identity->Verify (m_Buffer, signedSize, leases))
@@ -172,7 +165,7 @@ namespace data
 				m_ExpirationTime = lease.endDate;
 			if (m_StoreLeases)
 			{
-				auto ret = m_Leases.insert (std::make_shared<Lease>(lease));
+				auto ret = m_Leases.insert (i2p::data::netdb.NewLease (lease));
 				if (!ret.second) (*ret.first)->endDate = lease.endDate; // update existing
 				(*ret.first)->isUpdated = true;
 			}
@@ -264,8 +257,18 @@ namespace data

 	void LeaseSet::SetBuffer (const uint8_t * buf, size_t len)
 	{
-		if (m_Buffer) delete[] m_Buffer;
-		m_Buffer = new uint8_t[len];
+		if (len > MAX_LS_BUFFER_SIZE)
+		{
+			LogPrint (eLogError, "LeaseSet: Buffer is too long ", len);
+			len = MAX_LS_BUFFER_SIZE;
+		}	
+		if (m_Buffer && len > m_BufferLen) 
+		{	
+			delete[] m_Buffer;
+			m_Buffer = nullptr;
+		}	
+		if (!m_Buffer)
+			m_Buffer = new uint8_t[len];
 		m_BufferLen = len;
 		memcpy (m_Buffer, buf, len);
 	}
@@ -274,7 +277,7 @@ namespace data
 	{
 		if (len <= m_BufferLen) m_BufferLen = len;
 		else
-			LogPrint (eLogError, "LeaseSet2: Actual buffer size ", len , " exceeds full buffer size ", m_BufferLen);
+			LogPrint (eLogError, "LeaseSet2: Actual buffer size ", int(len) , " exceeds full buffer size ", int(m_BufferLen));
 	}

 	LeaseSet2::LeaseSet2 (uint8_t storeType, const uint8_t * buf, size_t len, bool storeLeases, CryptoKeyType preferredCrypto):
@@ -320,7 +323,7 @@ namespace data
 		else
 			identity = GetIdentity ();
 		size_t offset = identity->GetFullLen ();
-		if (offset + 8 >= len) return;
+		if (offset + 8 > len) return;
 		m_PublishedTimestamp = bufbe32toh (buf + offset); offset += 4; // published timestamp (seconds)
 		uint16_t expires = bufbe16toh (buf + offset); offset += 2; // expires (seconds)
 		SetExpirationTime ((m_PublishedTimestamp + expires)*1000LL); // in milliseconds
@@ -364,6 +367,10 @@ namespace data
 			SetIsValid (verified);
 		}
 		offset += m_TransientVerifier ? m_TransientVerifier->GetSignatureLen () : identity->GetSignatureLen ();
+		if (offset > len) {
+			LogPrint (eLogWarning, "LeaseSet2: short buffer: wanted ", int(offset), "bytes, have ", int(len));
+			return;
+		}
 		SetBufferLen (offset);
 	}

@@ -388,17 +395,17 @@ namespace data
 		// properties
 		uint16_t propertiesLen = bufbe16toh (buf + offset); offset += 2;
 		offset += propertiesLen; // skip for now. TODO: implement properties
-		if (offset + 1 >= len) return 0;
 		// key sections
 		CryptoKeyType preferredKeyType = m_EncryptionType;
 		bool preferredKeyFound = false;
+		if (offset + 1 > len) return 0;
 		int numKeySections = buf[offset]; offset++;
 		for (int i = 0; i < numKeySections; i++)
 		{
+			if (offset + 4 > len) return 0;
 			uint16_t keyType = bufbe16toh (buf + offset); offset += 2; // encryption key type
-			if (offset + 2 >= len) return 0;
 			uint16_t encryptionKeyLen = bufbe16toh (buf + offset); offset += 2;
-			if (offset + encryptionKeyLen >= len) return 0;
+			if (offset + encryptionKeyLen > len) return 0;
 			if (IsStoreLeases () && !preferredKeyFound) // create encryptor with leases only
 			{
 				// we pick first valid key if preferred not found
@@ -413,7 +420,7 @@ namespace data
 			offset += encryptionKeyLen;
 		}
 		// leases
-		if (offset + 1 >= len) return 0;
+		if (offset + 1 > len) return 0;
 		int numLeases = buf[offset]; offset++;
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 		if (IsStoreLeases ())
@@ -432,7 +439,8 @@ namespace data
 		}
 		else
 			offset += numLeases*LEASE2_SIZE; // 40 bytes per lease
-		return offset;
+
+		return (offset > len ? 0 : offset);
 	}

 	size_t LeaseSet2::ReadMetaLS2TypeSpecificPart (const uint8_t * buf, size_t len)
@@ -442,18 +450,18 @@ namespace data
 		uint16_t propertiesLen = bufbe16toh (buf + offset); offset += 2;
 		offset += propertiesLen; // skip for now. TODO: implement properties
 		// entries
-		if (offset + 1 >= len) return 0;
+		if (offset + 1 > len) return 0;
 		int numEntries = buf[offset]; offset++;
 		for (int i = 0; i < numEntries; i++)
 		{
-			if (offset + 40 >= len) return 0;
+			if (offset + LEASE2_SIZE > len) return 0;
 			offset += 32; // hash
 			offset += 3; // flags
 			offset += 1; // cost
 			offset += 4; // expires
 		}
 		// revocations
-		if (offset + 1 >= len) return 0;
+		if (offset + 1 > len) return 0;
 		int numRevocations = buf[offset]; offset++;
 		for (int i = 0; i < numRevocations; i++)
 		{
@@ -582,7 +590,7 @@ namespace data
 	// helper for ExtractClientAuthData
 	static inline bool GetAuthCookie (const uint8_t * authClients, int numClients, const uint8_t * okm, uint8_t * authCookie)
 	{
-		// try to find clientCookie_i  for clientID_i = okm[44:51]
+		// try to find clientCookie_i for clientID_i = okm[44:51]
 		for (int i = 0; i < numClients; i++)
 		{
 			if (!memcmp (okm + 44, authClients + i*40, 8)) // clientID_i
@@ -606,7 +614,7 @@ namespace data
 			{
 				const uint8_t * ephemeralPublicKey = buf + offset; offset += 32; // ephemeralPublicKey
 				uint16_t numClients = bufbe16toh (buf + offset); offset += 2; // clients
-				const uint8_t * authClients = buf + offset; offset +=  numClients*40; // authClients
+				const uint8_t * authClients = buf + offset; offset += numClients*40; // authClients
 				if (offset > len)
 				{
 					LogPrint (eLogError, "LeaseSet2: Too many clients ", numClients, " in DH auth data");
@@ -632,7 +640,7 @@ namespace data
 			{
 				const uint8_t * authSalt = buf + offset; offset += 32; // authSalt
 				uint16_t numClients = bufbe16toh (buf + offset); offset += 2; // clients
-				const uint8_t * authClients = buf + offset; offset +=  numClients*40; // authClients
+				const uint8_t * authClients = buf + offset; offset += numClients*40; // authClients
 				if (offset > len)
 				{
 					LogPrint (eLogError, "LeaseSet2: Too many clients ", numClients, " in PSK auth data");
@@ -737,7 +745,7 @@ namespace data
 			htobe64buf (m_Buffer + offset, ts);
 			offset += 8; // end date
 		}
-		//  we don't sign it yet. must be signed later on
+		// we don't sign it yet. must be signed later on
 	}

 	LocalLeaseSet::LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * buf, size_t len):
@@ -995,7 +1003,7 @@ namespace data
 			ek.GenerateKeys (); // esk and epk
 			memcpy (authData, ek.GetPublicKey (), 32); authData += 32; // epk
 			htobe16buf (authData, authKeys->size ()); authData += 2; // num clients
-			uint8_t authInput[100]; //  sharedSecret || cpk_i || subcredential || publishedTimestamp
+			uint8_t authInput[100]; // sharedSecret || cpk_i || subcredential || publishedTimestamp
 			memcpy (authInput + 64, subcredential, 36);
 			for (auto& it: *authKeys)
 			{
--- a/libi2pd/LeaseSet.h
+++ b/libi2pd/LeaseSet.h
@@ -128,8 +128,8 @@ namespace data
 	};

 	/**
-			validate lease set buffer signature and extract expiration timestamp
-			@returns true if the leaseset is well formed and signature is valid
+	 * validate lease set buffer signature and extract expiration timestamp
+	 * @returns true if the leaseset is well formed and signature is valid
 	 */
 	bool LeaseSetBufferValidate(const uint8_t * ptr, size_t sz, uint64_t & expires);

--- a/libi2pd/Log.cpp
+++ b/libi2pd/Log.cpp
@@ -46,7 +46,7 @@ namespace log {

 #ifndef _WIN32
 	/**
-	 * @brief  Maps our log levels to syslog one
+	 * @brief Maps our log levels to syslog one
 	 * @return syslog priority LOG_*, as defined in syslog.h
 	 */
 	static inline int GetSyslogPrio (enum LogLevel l) {
@@ -113,11 +113,11 @@ namespace log {

 	std::string str_tolower(std::string s) {
 		std::transform(s.begin(), s.end(), s.begin(),
-					// static_cast<int(*)(int)>(std::tolower)         // wrong
-					// [](int c){ return std::tolower(c); }           // wrong
-					// [](char c){ return std::tolower(c); }          // wrong
-					   [](unsigned char c){ return std::tolower(c); } // correct
-					);
+			// static_cast<int(*)(int)>(std::tolower)      // wrong
+			// [](int c){ return std::tolower(c); }        // wrong
+			// [](char c){ return std::tolower(c); }       // wrong
+			[](unsigned char c){ return std::tolower(c); } // correct
+		);
 		return s;
 	}

@@ -170,7 +170,7 @@ namespace log {
 				break;
 			case eLogStdout:
 			default:
-				std::cout    << TimeAsString(msg->timestamp)
+				std::cout << TimeAsString(msg->timestamp)
 					<< "@" << short_tid
 					<< "/" << LogMsgColors[msg->level] << g_LogLevelStr[msg->level] << LogMsgColors[eNumLogLevels]
 					<< " - " << msg->text << std::endl;
--- a/libi2pd/Log.h
+++ b/libi2pd/Log.h
@@ -52,7 +52,7 @@ namespace log {
 	{
 		private:

-			enum LogType  m_Destination;
+			enum LogType m_Destination;
 			enum LogLevel m_MinLevel;
 			std::shared_ptr<std::ostream> m_LogStream;
 			std::string m_Logfile;
@@ -75,7 +75,7 @@ namespace log {

 			/**
 			 * @brief Makes formatted string from unix timestamp
-			 * @param ts  Second since epoch
+			 * @param ts Second since epoch
 			 *
 			 * This function internally caches the result for last provided value
 			 */
@@ -86,52 +86,52 @@ namespace log {
 			Log ();
 			~Log ();

-			LogType  GetLogType  () { return m_Destination; };
+			LogType GetLogType () { return m_Destination; };
 			LogLevel GetLogLevel () { return m_MinLevel; };

 			void Start ();
 			void Stop ();

 			/**
-			 * @brief  Sets minimal allowed level for log messages
-			 * @param  level  String with wanted minimal msg level
+			 * @brief Sets minimal allowed level for log messages
+			 * @param level String with wanted minimal msg level
 			 */
-			void     SetLogLevel (const std::string& level);
+			void SetLogLevel (const std::string& level);

 			/**
 			 * @brief Sets log destination to logfile
-			 * @param path  Path to logfile
+			 * @param path Path to logfile
 			 */
 			void SendTo (const std::string &path);

 			/**
 			 * @brief Sets log destination to given output stream
-			 * @param os  Output stream
+			 * @param os Output stream
 			 */
 			void SendTo (std::shared_ptr<std::ostream> os);

 			/**
-			 * @brief  Sets format for timestamps in log
-			 * @param  format  String with timestamp format
+			 * @brief Sets format for timestamps in log
+			 * @param format String with timestamp format
 			 */
 			void SetTimeFormat (std::string format) { m_TimeFormat = format; };

 	#ifndef _WIN32
 			/**
 			 * @brief Sets log destination to syslog
-			 * @param name     Wanted program name
+			 * @param name Wanted program name
 			 * @param facility Wanted log category
 			 */
 			void SendTo (const char *name, int facility);
 	#endif

 			/**
-			 * @brief  Format log message and write to output stream/syslog
-			 * @param  msg  Pointer to processed message
+			 * @brief Format log message and write to output stream/syslog
+			 * @param msg Pointer to processed message
 			 */
 			void Append(std::shared_ptr<i2p::log::LogMsg> &);

-			/** @brief  Reopen log file */
+			/** @brief Reopen log file */
 			void Reopen();
 	};

@@ -144,8 +144,8 @@ namespace log {
 	 */
 	struct LogMsg {
 		std::time_t timestamp;
-		std::string text; /**< message text as single string */
-		LogLevel level;   /**< message level */
+		std::string text;    /**< message text as single string */
+		LogLevel level;      /**< message level */
 		std::thread::id tid; /**< id of thread that generated message */

 		LogMsg (LogLevel lvl, std::time_t ts, std::string&& txt): timestamp(ts), text(std::move(txt)), level(lvl) {}
@@ -153,7 +153,7 @@ namespace log {

 	Log & Logger();

-	typedef std::function<void (const std::string&)>  ThrowFunction;
+	typedef std::function<void (const std::string&)> ThrowFunction;
 	ThrowFunction GetThrowFunction ();
 	void SetThrowFunction (ThrowFunction f);
 } // log
--- a/libi2pd/NTCP2.cpp
+++ b/libi2pd/NTCP2.cpp
@@ -23,7 +23,7 @@
 #include "HTTP.h"
 #include "util.h"

-#ifdef __linux__
+#if defined(__linux__) && !defined(_NETINET_IN_H)
 	#include <linux/in6.h>
 #endif

@@ -59,14 +59,14 @@ namespace transport

 	void NTCP2Establisher::KDF1Bob ()
 	{
-		KeyDerivationFunction1 (GetRemotePub (), i2p::context.GetStaticKeys (), i2p::context.GetNTCP2StaticPublicKey (), GetRemotePub ());
+		KeyDerivationFunction1 (GetRemotePub (), i2p::context.GetNTCP2StaticKeys (), i2p::context.GetNTCP2StaticPublicKey (), GetRemotePub ());
 	}

 	void NTCP2Establisher::KeyDerivationFunction2 (const uint8_t * sessionRequest, size_t sessionRequestLen, const uint8_t * epub)
 	{
 		MixHash (sessionRequest + 32, 32); // encrypted payload

-		int paddingLength =  sessionRequestLen - 64;
+		int paddingLength = sessionRequestLen - 64;
 		if (paddingLength > 0)
 			MixHash (sessionRequest + 64, paddingLength);
 		MixHash (epub, 32);
@@ -91,7 +91,7 @@ namespace transport
 	void NTCP2Establisher::KDF3Alice ()
 	{
 		uint8_t inputKeyMaterial[32];
-		i2p::context.GetStaticKeys ().Agree (GetRemotePub (), inputKeyMaterial);
+		i2p::context.GetNTCP2StaticKeys ().Agree (GetRemotePub (), inputKeyMaterial);
 		MixKey (inputKeyMaterial);
 	}

@@ -130,7 +130,7 @@ namespace transport
 		// m3p2Len
 		auto bufLen = i2p::context.GetRouterInfo ().GetBufferLen ();
 		m3p2Len = bufLen + 4 + 16; // (RI header + RI + MAC for now) TODO: implement options
-		htobe16buf (options + 4,  m3p2Len);
+		htobe16buf (options + 4, m3p2Len);
 		// fill m3p2 payload (RouterInfo block)
 		m_SessionConfirmedBuffer = new uint8_t[m3p2Len + 48]; // m3p1 is 48 bytes
 		uint8_t * m3p2 = m_SessionConfirmedBuffer + 48;
@@ -231,11 +231,11 @@ namespace transport
 				auto ts = i2p::util::GetSecondsSinceEpoch ();
 				uint32_t tsA = bufbe32toh (options + 8);
 				if (tsA < ts - NTCP2_CLOCK_SKEW || tsA > ts + NTCP2_CLOCK_SKEW)
-				{	
+				{
 					LogPrint (eLogWarning, "NTCP2: SessionRequest time difference ", (int)(ts - tsA), " exceeds clock skew");
 					clockSkew = true;
 					// we send SessionCreate to let Alice know our time and then close session
-				}	
+				}
 			}
 			else
 			{
@@ -309,7 +309,7 @@ namespace transport

 		KDF3Bob ();
 		if (i2p::crypto::AEADChaCha20Poly1305 (m_SessionConfirmedBuffer + 48, m3p2Len - 16, GetH (), 32, GetK (), nonce, m3p2Buf, m3p2Len - 16, false)) // decrypt
-			// caclulate new h again for KDF data
+			// calculate new h again for KDF data
 			MixHash (m_SessionConfirmedBuffer + 48, m3p2Len); // h = SHA256(h || ciphertext)
 		else
 		{
@@ -320,7 +320,7 @@ namespace transport
 	}

 	NTCP2Session::NTCP2Session (NTCP2Server& server, std::shared_ptr<const i2p::data::RouterInfo> in_RemoteRouter,
-	    	std::shared_ptr<const i2p::data::RouterInfo::Address> addr):
+		std::shared_ptr<const i2p::data::RouterInfo::Address> addr):
 		TransportSession (in_RemoteRouter, NTCP2_ESTABLISH_TIMEOUT),
 		m_Server (server), m_Socket (m_Server.GetService ()),
 		m_IsEstablished (false), m_IsTerminated (false),
@@ -418,7 +418,7 @@ namespace transport
 	void NTCP2Session::DeleteNextReceiveBuffer (uint64_t ts)
 	{
 		if (m_NextReceivedBuffer && !m_IsReceiving &&
-		    ts > m_LastActivityTimestamp + NTCP2_RECEIVE_BUFFER_DELETION_TIMEOUT)
+			ts > m_LastActivityTimestamp + NTCP2_RECEIVE_BUFFER_DELETION_TIMEOUT)
 		{
 			delete[] m_NextReceivedBuffer;
 			m_NextReceivedBuffer = nullptr;
@@ -484,9 +484,9 @@ namespace transport
 				if (clockSkew)
 				{
 					// we don't care about padding, send SessionCreated and close session
-					SendSessionCreated (); 
+					SendSessionCreated ();
 					m_Server.GetService ().post (std::bind (&NTCP2Session::Terminate, shared_from_this ()));
-				}	
+				}
 				else if (paddingLen > 0)
 				{
 					if (paddingLen <= NTCP2_SESSION_REQUEST_MAX_SIZE - 64) // session request is 287 bytes max
@@ -496,7 +496,7 @@ namespace transport
 					}
 					else
 					{
-						LogPrint (eLogWarning, "NTCP2: SessionRequest padding length ", (int)paddingLen,  " is too long");
+						LogPrint (eLogWarning, "NTCP2: SessionRequest padding length ", (int)paddingLen, " is too long");
 						Terminate ();
 					}
 				}
@@ -549,7 +549,7 @@ namespace transport
 					}
 					else
 					{
-						LogPrint (eLogWarning, "NTCP2: SessionCreated padding length ", (int)paddingLen,  " is too long");
+						LogPrint (eLogWarning, "NTCP2: SessionCreated padding length ", (int)paddingLen, " is too long");
 						Terminate ();
 					}
 				}
@@ -757,7 +757,7 @@ namespace transport
 		if (IsTerminated ()) return;
 #ifdef __linux__
 		const int one = 1;
-    	setsockopt(m_Socket.native_handle(), IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
+		setsockopt(m_Socket.native_handle(), IPPROTO_TCP, TCP_QUICKACK, &one, sizeof(one));
 #endif
 		boost::asio::async_read (m_Socket, boost::asio::buffer(&m_NextReceivedLen, 2), boost::asio::transfer_all (),
 			std::bind(&NTCP2Session::HandleReceivedLength, shared_from_this (), std::placeholders::_1, std::placeholders::_2));
@@ -1126,11 +1126,11 @@ namespace transport
 	{
 		if (!m_SendKey ||
 #if OPENSSL_SIPHASH
-		    !m_SendMDCtx
+			!m_SendMDCtx
 #else
-		    !m_SendSipKey
+			!m_SendSipKey
 #endif
-		    ) return;
+		) return;
 		m_NextSendBuffer = new uint8_t[49]; // 49 = 12 bytes message + 16 bytes MAC + 2 bytes size + up to 19 padding block
 		// termination block
 		m_NextSendBuffer[2] = eNTCP2BlkTermination;
@@ -1164,20 +1164,20 @@ namespace transport
 		else if (m_SendQueue.size () > NTCP2_MAX_OUTGOING_QUEUE_SIZE)
 		{
 			LogPrint (eLogWarning, "NTCP2: Outgoing messages queue size to ",
-			   	GetIdentHashBase64(), " exceeds ",  NTCP2_MAX_OUTGOING_QUEUE_SIZE);
+				GetIdentHashBase64(), " exceeds ", NTCP2_MAX_OUTGOING_QUEUE_SIZE);
 			Terminate ();
 		}
 	}

-	void NTCP2Session::SendLocalRouterInfo ()
+	void NTCP2Session::SendLocalRouterInfo (bool update)
 	{
-		if (!IsOutgoing ()) // we send it in SessionConfirmed
+		if (update || !IsOutgoing ()) // we send it in SessionConfirmed for ougoing session
 			m_Server.GetService ().post (std::bind (&NTCP2Session::SendRouterInfo, shared_from_this ()));
 	}

 	NTCP2Server::NTCP2Server ():
 		RunnableServiceWithWork ("NTCP2"), m_TerminationTimer (GetService ()),
-		 m_ProxyType(eNoProxy), m_Resolver(GetService ())
+			m_ProxyType(eNoProxy), m_Resolver(GetService ())
 	{
 	}

@@ -1210,8 +1210,9 @@ namespace transport
 			else
 				LogPrint(eLogInfo, "NTCP2: Proxy is not used");
 			// start acceptors
-			auto& addresses = context.GetRouterInfo ().GetAddresses ();
-			for (const auto& address: addresses)
+			auto addresses = context.GetRouterInfo ().GetAddresses ();
+			if (!addresses) return;
+			for (const auto& address: *addresses)
 			{
 				if (!address) continue;
 				if (address->IsPublishedNTCP2 () && address->port)
@@ -1243,7 +1244,7 @@ namespace transport
 							m_NTCP2V6Acceptor->open (boost::asio::ip::tcp::v6());
 							m_NTCP2V6Acceptor->set_option (boost::asio::ip::v6_only (true));
 							m_NTCP2V6Acceptor->set_option (boost::asio::socket_base::reuse_address (true));
-#ifdef __linux__
+#if defined(__linux__) && !defined(_NETINET_IN_H)
 							if (!m_Address6 && !m_YggdrasilAddress) // only if not binded to address
 							{
 								// Set preference to use public IPv6 address -- tested on linux, not works on windows, and not tested on others
@@ -1424,10 +1425,17 @@ namespace transport
 				LogPrint (eLogError, "NTCP2: Connected from error ", ec.message ());
 		}
 		else
+		{	
 			LogPrint (eLogError, "NTCP2: Accept error ", error.message ());
-
+			if (error == boost::asio::error::no_descriptors)
+			{
+				i2p::context.SetError (eRouterErrorNoDescriptors);
+				return; 
+			}	
+		}	
+		
 		if (error != boost::asio::error::operation_aborted)
-		{
+		{			
 			if (!conn) // connection is used, create new one
 				conn = std::make_shared<NTCP2Session> (*this);
 			else // reuse failed
@@ -1456,6 +1464,15 @@ namespace transport
 			else
 				LogPrint (eLogError, "NTCP2: Connected from error ", ec.message ());
 		}
+		else
+		{	
+			LogPrint (eLogError, "NTCP2: Accept ipv6 error ", error.message ());
+			if (error == boost::asio::error::no_descriptors)
+			{
+				i2p::context.SetErrorV6 (eRouterErrorNoDescriptors);
+				return; 
+			}	
+		}	

 		if (error != boost::asio::error::operation_aborted)
 		{
@@ -1500,8 +1517,24 @@ namespace transport
 				else
 					it++;
 			}
-
 			ScheduleTermination ();
+			
+			// try to restart acceptors if no description
+			// we do it after timer to let timer take descriptor first 
+			if (i2p::context.GetError () == eRouterErrorNoDescriptors)
+			{
+				i2p::context.SetError (eRouterErrorNone);
+				auto conn = std::make_shared<NTCP2Session> (*this);
+				m_NTCP2Acceptor->async_accept(conn->GetSocket (), std::bind (&NTCP2Server::HandleAccept, this,
+					conn, std::placeholders::_1));
+			}	
+			if (i2p::context.GetErrorV6 () == eRouterErrorNoDescriptors)
+			{
+				i2p::context.SetErrorV6 (eRouterErrorNone);
+				auto conn = std::make_shared<NTCP2Session> (*this);
+				m_NTCP2V6Acceptor->async_accept(conn->GetSocket (), std::bind (&NTCP2Server::HandleAcceptV6, this,
+					conn, std::placeholders::_1));
+			}	
 		}
 	}

@@ -1558,7 +1591,7 @@ namespace transport
 			case eSocksProxy:
 			{
 				// TODO: support username/password auth etc
-				static const uint8_t buff[3] = {0x05, 0x01, 0x00};
+				static const uint8_t buff[3] = {SOCKS5_VER, 0x01, 0x00};
 				boost::asio::async_write(conn->GetSocket(), boost::asio::buffer(buff, 3), boost::asio::transfer_all(),
 					[] (const boost::system::error_code & ec, std::size_t transferred)
 					{
@@ -1672,21 +1705,21 @@ namespace transport
 		size_t sz = 6; // header + port
 		auto buff = std::make_shared<std::vector<int8_t> >(256);
 		auto readbuff = std::make_shared<std::vector<int8_t> >(256);
-		(*buff)[0] = 0x05;
-		(*buff)[1] = 0x01;
+		(*buff)[0] = SOCKS5_VER;
+		(*buff)[1] = SOCKS5_CMD_CONNECT;
 		(*buff)[2] = 0x00;

 		auto& ep = conn->GetRemoteEndpoint ();
 		if(ep.address ().is_v4 ())
 		{
-			(*buff)[3] = 0x01;
+			(*buff)[3] = SOCKS5_ATYP_IPV4;
 			auto addrbytes = ep.address ().to_v4().to_bytes();
 			sz += 4;
 			memcpy(buff->data () + 4, addrbytes.data(), 4);
 		}
 		else if (ep.address ().is_v6 ())
 		{
-			(*buff)[3] = 0x04;
+			(*buff)[3] = SOCKS5_ATYP_IPV6;
 			auto addrbytes = ep.address ().to_v6().to_bytes();
 			sz += 16;
 			memcpy(buff->data () + 4, addrbytes.data(), 16);
@@ -1708,22 +1741,24 @@ namespace transport
 				}
 			});

-		boost::asio::async_read(conn->GetSocket(), boost::asio::buffer(readbuff->data (), 10),
+		boost::asio::async_read(conn->GetSocket(), boost::asio::buffer(readbuff->data (), SOCKS5_UDP_IPV4_REQUEST_HEADER_SIZE), // read min reply size
+		    boost::asio::transfer_all(),                    
 			[timer, conn, sz, readbuff](const boost::system::error_code & e, std::size_t transferred)
 			{
-				if(e)
-				{
+				if (e)
 					LogPrint(eLogError, "NTCP2: SOCKS proxy read error ", e.message());
-				}
-				else if(transferred == sz)
+				else if (!(*readbuff)[1]) // succeeded
 				{
-					if((*readbuff)[1] == 0x00)
-					{
-						timer->cancel();
-						conn->ClientLogin();
-						return;
-					}
+					boost::system::error_code ec;
+					size_t moreBytes = conn->GetSocket ().available(ec);	
+					if (moreBytes) // read remaining portion of reply if ipv6 received
+						boost::asio::read (conn->GetSocket (), boost::asio::buffer(readbuff->data (), moreBytes), boost::asio::transfer_all (), ec);
+					timer->cancel();
+					conn->ClientLogin();
+					return;
 				}
+				else
+					LogPrint(eLogError, "NTCP2: Proxy reply error ", (int)(*readbuff)[1]);
 				timer->cancel();
 				conn->Terminate();
 			});
--- a/libi2pd/NTCP2.h
+++ b/libi2pd/NTCP2.h
@@ -148,7 +148,7 @@ namespace transport
 			void ClientLogin (); // Alice
 			void ServerLogin (); // Bob

-			void SendLocalRouterInfo (); // after handshake
+			void SendLocalRouterInfo (bool update); // after handshake or by update
 			void SendI2NPMessages (const std::vector<std::shared_ptr<I2NPMessage> >& msgs);

 		private:
--- a/libi2pd/NetDb.cpp
+++ b/libi2pd/NetDb.cpp
@@ -107,7 +107,10 @@ namespace data
 	{
 		i2p::util::SetThreadName("NetDB");

-		uint32_t lastSave = 0, lastPublish = 0, lastExploratory = 0, lastManageRequest = 0, lastDestinationCleanup = 0;
+		uint64_t lastSave = 0, lastPublish = 0, lastExploratory = 0, lastManageRequest = 0, lastDestinationCleanup = 0;
+		uint64_t lastProfilesCleanup = i2p::util::GetSecondsSinceEpoch ();
+		int16_t profilesCleanupVariance = 0;
+
 		while (m_IsRunning)
 		{
 			try
@@ -155,6 +158,7 @@ namespace data
 					m_Requests.ManageRequests ();
 					lastManageRequest = ts;
 				}
+
 				if (ts - lastSave >= 60) // save routers, manage leasesets and validate subscriptions every minute
 				{
 					if (lastSave)
@@ -164,12 +168,20 @@ namespace data
 					}
 					lastSave = ts;
 				}
+
 				if (ts - lastDestinationCleanup >= i2p::garlic::INCOMING_TAGS_EXPIRATION_TIMEOUT)
 				{
 					i2p::context.CleanupDestination ();
 					lastDestinationCleanup = ts;
 				}

+				if (ts - lastProfilesCleanup >= (uint64_t)(i2p::data::PEER_PROFILE_AUTOCLEAN_TIMEOUT + profilesCleanupVariance))
+				{
+					DeleteObsoleteProfiles ();
+					lastProfilesCleanup = ts;
+					profilesCleanupVariance = (rand () % (2 * i2p::data::PEER_PROFILE_AUTOCLEAN_VARIANCE) - i2p::data::PEER_PROFILE_AUTOCLEAN_VARIANCE);
+				}
+
 				// publish
 				if (!m_HiddenMode && i2p::transport::transports.IsOnline ())
 				{
@@ -195,6 +207,7 @@ namespace data
 						lastPublish = ts;
 					}
 				}
+
 				if (ts - lastExploratory >= 30) // exploratory every 30 seconds
 				{
 					auto numRouters = m_RouterInfos.size ();
@@ -227,11 +240,10 @@ namespace data
 		m_HiddenMode = hide;
 	}

-	bool NetDb::AddRouterInfo (const uint8_t * buf, int len)
+	std::shared_ptr<const RouterInfo> NetDb::AddRouterInfo (const uint8_t * buf, int len)
 	{
 		bool updated;
-		AddRouterInfo (buf, len, updated);
-		return updated;
+		return AddRouterInfo (buf, len, updated);
 	}

 	std::shared_ptr<const RouterInfo> NetDb::AddRouterInfo (const uint8_t * buf, int len, bool& updated)
@@ -259,7 +271,10 @@ namespace data
 			if (r->IsNewer (buf, len))
 			{
 				bool wasFloodfill = r->IsFloodfill ();
-				r->Update (buf, len);
+				{
+					std::unique_lock<std::mutex> l(m_RouterInfosMutex);
+					r->Update (buf, len);
+				}
 				LogPrint (eLogInfo, "NetDb: RouterInfo updated: ", ident.ToBase64());
 				if (wasFloodfill != r->IsFloodfill ()) // if floodfill status updated
 				{
@@ -423,12 +438,15 @@ namespace data

 		// try reseeding from floodfill first if specified
 		std::string riPath;
-		if(i2p::config::GetOption("reseed.floodfill", riPath)) {
+		if(i2p::config::GetOption("reseed.floodfill", riPath))
+		{
 			auto ri = std::make_shared<RouterInfo>(riPath);
-			if (ri->IsFloodfill()) {
+			if (ri->IsFloodfill())
+			{
 				const uint8_t * riData = ri->GetBuffer();
 				int riLen = ri->GetBufferLen();
-				if(!i2p::data::netdb.AddRouterInfo(riData, riLen)) {
+				if (!i2p::data::netdb.AddRouterInfo(riData, riLen))
+				{
 					// bad router info
 					LogPrint(eLogError, "NetDb: Bad router info");
 					return;
@@ -476,7 +494,7 @@ namespace data
 	{
 		auto r = std::make_shared<RouterInfo>(path);
 		if (r->GetRouterIdentity () && !r->IsUnreachable () && r->HasValidAddresses () &&
-		    ts < r->GetTimestamp () + 24*60*60*NETDB_MAX_OFFLINE_EXPIRATION_TIMEOUT*1000LL)
+			ts < r->GetTimestamp () + 24*60*60*NETDB_MAX_OFFLINE_EXPIRATION_TIMEOUT*1000LL)
 		{
 			r->DeleteBuffer ();
 			if (m_RouterInfos.emplace (r->GetIdentHash (), r).second)
@@ -585,6 +603,7 @@ namespace data
 		uint64_t expirationTimeout = NETDB_MAX_EXPIRATION_TIMEOUT*1000LL;
 		uint64_t ts = i2p::util::GetMillisecondsSinceEpoch();
 		auto uptime = i2p::context.GetUptime ();
+		bool isLowRate = i2p::tunnel::tunnels.GetTunnelCreationSuccessRate () < NETDB_MIN_TUNNEL_CREATION_SUCCESS_RATE;
 		// routers don't expire if less than 90 or uptime is less than 1 hour
 		bool checkForExpiration = total > NETDB_MIN_ROUTERS && uptime > 600; // 10 minutes
 		if (checkForExpiration && uptime > 3600) // 1 hour
@@ -606,11 +625,12 @@ namespace data
 				continue;
 			}
 			// make router reachable back if too few routers or floodfills
-			if (it.second->IsUnreachable () && (total - deletedCount < NETDB_MIN_ROUTERS ||
-			    (it.second->IsFloodfill () && totalFloodfills - deletedFloodfillsCount < NETDB_MIN_FLOODFILLS)))
+			if (it.second->IsUnreachable () && (total - deletedCount < NETDB_MIN_ROUTERS || isLowRate ||
+				(it.second->IsFloodfill () && totalFloodfills - deletedFloodfillsCount < NETDB_MIN_FLOODFILLS)))
 				it.second->SetUnreachable (false);
 			// find & mark expired routers
-			if (!it.second->IsReachable () && it.second->IsSSU (false))
+			if (!it.second->IsReachable () && (it.second->GetCompatibleTransports (true) & RouterInfo::eSSU2V4))
+			// non-reachable router, but reachable by ipv4  SSU2 means introducers
 			{
 				if (ts > it.second->GetTimestamp () + NETDB_INTRODUCEE_EXPIRATION_TIMEOUT*1000LL)
 				// RouterInfo expires after 1 hour if uses introducer
@@ -630,6 +650,8 @@ namespace data
 		} // m_RouterInfos iteration

 		m_RouterInfoBuffersPool.CleanUpMt ();
+		m_RouterInfoAddressesPool.CleanUpMt ();
+		m_RouterInfoAddressVectorsPool.CleanUpMt ();	
 			
 		if (updatedCount > 0)
 			LogPrint (eLogInfo, "NetDb: Saved ", updatedCount, " new/updated routers");
@@ -659,7 +681,7 @@ namespace data
 					else
 						++it;
 			}
-		}	
+		}
 	}

 	void NetDb::RequestDestination (const IdentHash& destination, RequestedDestination::RequestComplete requestComplete, bool direct)
@@ -675,7 +697,7 @@ namespace data
 		if (floodfill)
 		{
 			if (direct && !floodfill->IsReachableFrom (i2p::context.GetRouterInfo ()) &&
-			    !i2p::transport::transports.IsConnected (floodfill->GetIdentHash ()))
+				!i2p::transport::transports.IsConnected (floodfill->GetIdentHash ()))
 				direct = false; // floodfill can't be reached directly
 			if (direct)
 				transports.SendMessage (floodfill->GetIdentHash (), dest->CreateRequestMessage (floodfill->GetIdentHash ()));
@@ -730,6 +752,11 @@ namespace data
 	{
 		const uint8_t * buf = m->GetPayload ();
 		size_t len = m->GetSize ();
+		if (len < DATABASE_STORE_HEADER_SIZE)
+		{
+			LogPrint (eLogError, "NetDb: Database store msg is too short ", len, ". Dropped");
+			return;
+		}	
 		IdentHash ident (buf + DATABASE_STORE_KEY_OFFSET);
 		if (ident.IsZero ())
 		{
@@ -740,6 +767,11 @@ namespace data
 		size_t offset = DATABASE_STORE_HEADER_SIZE;
 		if (replyToken)
 		{
+			if (len < offset + 36) // 32 + 4
+			{
+				LogPrint (eLogError, "NetDb: Database store msg with reply token is too short ", len, ". Dropped");
+				return;
+			}	
 			auto deliveryStatus = CreateDeliveryStatusMsg (replyToken);
 			uint32_t tunnelID = bufbe32toh (buf + offset);
 			offset += 4;
@@ -927,9 +959,9 @@ namespace data
 		}
 		uint16_t numExcluded = bufbe16toh (excluded);
 		excluded += 2;
-		if (numExcluded > 512)
+		if (numExcluded > 512 || (excluded - buf) + numExcluded*32 > (int)msg->GetPayloadLength ())
 		{
-			LogPrint (eLogWarning, "NetDb: Number of excluded peers", numExcluded, " exceeds 512");
+			LogPrint (eLogWarning, "NetDb: Number of excluded peers", numExcluded, " is too much");
 			return;
 		}

@@ -938,10 +970,11 @@ namespace data
 		{
 			LogPrint (eLogInfo, "NetDb: Exploratory close to ", key, " ", numExcluded, " excluded");
 			std::set<IdentHash> excludedRouters;
+			const uint8_t * excluded_ident = excluded;
 			for (int i = 0; i < numExcluded; i++)
 			{
-				excludedRouters.insert (excluded);
-				excluded += 32;
+				excludedRouters.insert (excluded_ident);
+				excluded_ident += 32;
 			}
 			std::vector<IdentHash> routers;
 			for (int i = 0; i < 3; i++)
@@ -958,14 +991,13 @@ namespace data
 		else
 		{
 			if (lookupType == DATABASE_LOOKUP_TYPE_ROUTERINFO_LOOKUP ||
-			    lookupType == DATABASE_LOOKUP_TYPE_NORMAL_LOOKUP)
+				lookupType == DATABASE_LOOKUP_TYPE_NORMAL_LOOKUP)
 			{
 				auto router = FindRouter (ident);
 				if (router)
 				{
 					LogPrint (eLogDebug, "NetDb: Requested RouterInfo ", key, " found");
-					if (!router->GetBuffer ())
-						router->LoadBuffer (m_Storage.Path (router->GetIdentHashBase64 ()));
+					PopulateRouterInfoBuffer (router);
 					if (router->GetBuffer ())
 						replyMsg = CreateDatabaseStoreMsg (router);
 				}
@@ -1000,7 +1032,7 @@ namespace data
 				if (closestFloodfills.empty ())
 					LogPrint (eLogWarning, "NetDb: Requested ", key, " not found, ", numExcluded, " peers excluded");
 				replyMsg = CreateDatabaseSearchReply (ident, closestFloodfills);
-		}
+			}
 		}
 		excluded += numExcluded * 32;
 		if (replyMsg)
@@ -1123,7 +1155,7 @@ namespace data
 			m_PublishExcluded.insert (floodfill->GetIdentHash ());
 			m_PublishReplyToken = replyToken;
 			if (floodfill->IsReachableFrom (i2p::context.GetRouterInfo ()) || // are we able to connect?
-			    i2p::transport::transports.IsConnected (floodfill->GetIdentHash ()))  // already connected ?
+				i2p::transport::transports.IsConnected (floodfill->GetIdentHash ())) // already connected ?
 				// send directly
 				transports.SendMessage (floodfill->GetIdentHash (), CreateDatabaseStoreMsg (i2p::context.GetSharedRouterInfo (), replyToken));
 			else
@@ -1180,32 +1212,23 @@ namespace data
 			});
 	}

-	std::shared_ptr<const RouterInfo> NetDb::GetRandomPeerTestRouter (bool v4, const std::set<IdentHash>& excluded) const
+	std::shared_ptr<const RouterInfo> NetDb::GetRandomSSU2PeerTestRouter (bool v4, const std::set<IdentHash>& excluded) const
 	{
 		return GetRandomRouter (
 			[v4, &excluded](std::shared_ptr<const RouterInfo> router)->bool
 			{
 				return !router->IsHidden () && router->IsECIES () &&
-					router->IsPeerTesting (v4) && !excluded.count (router->GetIdentHash ());
+					router->IsSSU2PeerTesting (v4) && !excluded.count (router->GetIdentHash ());
 			});
 	}

-	std::shared_ptr<const RouterInfo> NetDb::GetRandomSSUV6Router () const
-	{
-		return GetRandomRouter (
-			[](std::shared_ptr<const RouterInfo> router)->bool
-			{
-				return !router->IsHidden () && router->IsECIES () && router->IsSSUV6 ();
-			});
-	}
-
-	std::shared_ptr<const RouterInfo> NetDb::GetRandomIntroducer (bool v4, const std::set<IdentHash>& excluded) const
+	std::shared_ptr<const RouterInfo> NetDb::GetRandomSSU2Introducer (bool v4, const std::set<IdentHash>& excluded) const
 	{
 		return GetRandomRouter (
 			[v4, &excluded](std::shared_ptr<const RouterInfo> router)->bool
 			{
-				return !router->IsHidden () && router->IsECIES () && !router->IsFloodfill () && // floodfills don't send relay tag
-					router->IsIntroducer (v4) && !excluded.count (router->GetIdentHash ());
+				return !router->IsHidden () && router->IsSSU2Introducer (v4) &&
+					!excluded.count (router->GetIdentHash ());
 			});
 	}

@@ -1364,7 +1387,8 @@ namespace data
 		return res;
 	}

-	std::shared_ptr<const RouterInfo> NetDb::GetRandomRouterInFamily(const std::string & fam) const {
+	std::shared_ptr<const RouterInfo> NetDb::GetRandomRouterInFamily (FamilyID fam) const
+	{
 		return GetRandomRouter(
 			[fam](std::shared_ptr<const RouterInfo> router)->bool
 		{
@@ -1408,6 +1432,13 @@ namespace data
 			else
 				++it;
 		}
+		m_LeasesPool.CleanUpMt ();
+	}
+
+	void NetDb::PopulateRouterInfoBuffer (std::shared_ptr<RouterInfo> r)
+	{
+		if (!r || r->GetBuffer ()) return;
+		r->LoadBuffer (m_Storage.Path (r->GetIdentHashBase64 ()));
 	}
 }
 }
--- a/libi2pd/NetDb.hpp
+++ b/libi2pd/NetDb.hpp
@@ -38,6 +38,7 @@ namespace data
 {
 	const int NETDB_MIN_ROUTERS = 90;
 	const int NETDB_MIN_FLOODFILLS = 5;
+	const int NETDB_MIN_TUNNEL_CREATION_SUCCESS_RATE = 8; // in percents
 	const int NETDB_FLOODFILL_EXPIRATION_TIMEOUT = 60 * 60; // 1 hour, in seconds
 	const int NETDB_INTRODUCEE_EXPIRATION_TIMEOUT = 65 * 60;
 	const int NETDB_MIN_EXPIRATION_TIMEOUT = 90 * 60; // 1.5 hours
@@ -69,7 +70,7 @@ namespace data
 			void Start ();
 			void Stop ();

-			bool AddRouterInfo (const uint8_t * buf, int len);
+			std::shared_ptr<const RouterInfo> AddRouterInfo (const uint8_t * buf, int len);
 			bool AddRouterInfo (const IdentHash& ident, const uint8_t * buf, int len);
 			bool AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len);
 			bool AddLeaseSet2 (const IdentHash& ident, const uint8_t * buf, int len, uint8_t storeType);
@@ -89,14 +90,13 @@ namespace data
 			std::shared_ptr<const RouterInfo> GetRandomRouter () const;
 			std::shared_ptr<const RouterInfo> GetRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith, bool reverse) const;
 			std::shared_ptr<const RouterInfo> GetHighBandwidthRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith, bool reverse) const;
-			std::shared_ptr<const RouterInfo> GetRandomPeerTestRouter (bool v4, const std::set<IdentHash>& excluded) const;
-			std::shared_ptr<const RouterInfo> GetRandomSSUV6Router () const; // TODO: change to v6 peer test later
-			std::shared_ptr<const RouterInfo> GetRandomIntroducer (bool v4, const std::set<IdentHash>& excluded) const;
+			std::shared_ptr<const RouterInfo> GetRandomSSU2PeerTestRouter (bool v4, const std::set<IdentHash>& excluded) const;
+			std::shared_ptr<const RouterInfo> GetRandomSSU2Introducer (bool v4, const std::set<IdentHash>& excluded) const;
 			std::shared_ptr<const RouterInfo> GetClosestFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded, bool closeThanUsOnly = false) const;
 			std::vector<IdentHash> GetClosestFloodfills (const IdentHash& destination, size_t num,
 				std::set<IdentHash>& excluded, bool closeThanUsOnly = false) const;
 			std::shared_ptr<const RouterInfo> GetClosestNonFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded) const;
-			std::shared_ptr<const RouterInfo> GetRandomRouterInFamily(const std::string & fam) const;
+			std::shared_ptr<const RouterInfo> GetRandomRouterInFamily (FamilyID fam) const;
 			void SetUnreachable (const IdentHash& ident, bool unreachable);

 			void PostI2NPMsg (std::shared_ptr<const I2NPMessage> msg);
@@ -123,7 +123,17 @@ namespace data

 			void ClearRouterInfos () { m_RouterInfos.clear (); };
 			std::shared_ptr<RouterInfo::Buffer> NewRouterInfoBuffer () { return m_RouterInfoBuffersPool.AcquireSharedMt (); };
-			
+			void PopulateRouterInfoBuffer (std::shared_ptr<RouterInfo> r);
+			std::shared_ptr<RouterInfo::Address> NewRouterInfoAddress () { return m_RouterInfoAddressesPool.AcquireSharedMt (); };
+			boost::shared_ptr<RouterInfo::Addresses> NewRouterInfoAddresses () 
+			{  
+				return boost::shared_ptr<RouterInfo::Addresses>(m_RouterInfoAddressVectorsPool.AcquireMt (), 
+					std::bind <void (i2p::util::MemoryPoolMt<RouterInfo::Addresses>::*)(RouterInfo::Addresses *)>
+						(&i2p::util::MemoryPoolMt<RouterInfo::Addresses>::ReleaseMt, 
+						&m_RouterInfoAddressVectorsPool, std::placeholders::_1));
+			};
+			std::shared_ptr<Lease> NewLease (const Lease& lease) { return m_LeasesPool.AcquireSharedMt (lease); };
+
 			uint32_t GetPublishReplyToken () const { return m_PublishReplyToken; };

 		private:
@@ -179,6 +189,9 @@ namespace data
 			uint32_t m_PublishReplyToken = 0;

 			i2p::util::MemoryPoolMt<RouterInfo::Buffer> m_RouterInfoBuffersPool;
+			i2p::util::MemoryPoolMt<RouterInfo::Address> m_RouterInfoAddressesPool;
+			i2p::util::MemoryPoolMt<RouterInfo::Addresses> m_RouterInfoAddressVectorsPool;
+			i2p::util::MemoryPoolMt<Lease> m_LeasesPool;
 	};

 	extern NetDb netdb;
--- a/libi2pd/NetDbRequests.h
+++ b/libi2pd/NetDbRequests.h
@@ -60,7 +60,7 @@ namespace data
 			void Start ();
 			void Stop ();

-			 std::shared_ptr<RequestedDestination> CreateRequest (const IdentHash& destination, bool isExploratory, RequestedDestination::RequestComplete requestComplete = nullptr);
+			std::shared_ptr<RequestedDestination> CreateRequest (const IdentHash& destination, bool isExploratory, RequestedDestination::RequestComplete requestComplete = nullptr);
 			void RequestComplete (const IdentHash& ident, std::shared_ptr<RouterInfo> r);
 			std::shared_ptr<RequestedDestination> FindRequest (const IdentHash& ident) const;
 			void ManageRequests ();
--- a/libi2pd/Poly1305.cpp
+++ b/libi2pd/Poly1305.cpp
@@ -1,12 +1,13 @@
-#include "Poly1305.h"
 /**
-   This code is licensed under the MCGSI Public License
-   Copyright 2018 Jeff Becker
-
-   Kovri go write your own code
-
+ * This code is licensed under the MCGSI Public License
+ * Copyright 2018 Jeff Becker
+ *
+ *Kovri go write your own code
+ *
 */

+#include "Poly1305.h"
+
 #if !OPENSSL_AEAD_CHACHA20_POLY1305
 namespace i2p
 {
--- a/libi2pd/Poly1305.h
+++ b/libi2pd/Poly1305.h
@@ -5,6 +5,7 @@
 * Kovri go write your own code
 *
 */
+
 #ifndef LIBI2PD_POLY1305_H
 #define LIBI2PD_POLY1305_H
 #include <cstdint>
--- a/libi2pd/Profiling.h
+++ b/libi2pd/Profiling.h
@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2022, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -29,6 +29,8 @@ namespace data
 	const char PEER_PROFILE_USAGE_REJECTED[] = "rejected";

 	const int PEER_PROFILE_EXPIRATION_TIMEOUT = 72; // in hours (3 days)
+	const int PEER_PROFILE_AUTOCLEAN_TIMEOUT = 24 * 3600; // in seconds (1 day)
+	const int PEER_PROFILE_AUTOCLEAN_VARIANCE = 3 * 3600; // in seconds (3 hours)

 	class RouterProfile
 	{
--- a/libi2pd/Queue.h
+++ b/libi2pd/Queue.h
@@ -28,7 +28,7 @@ namespace util

 			void Put (Element e)
 			{
-				std::unique_lock<std::mutex>  l(m_QueueMutex);
+				std::unique_lock<std::mutex> l(m_QueueMutex);
 				m_Queue.push (std::move(e));
 				m_NonEmpty.notify_one ();
 			}
@@ -38,7 +38,7 @@ namespace util
 			{
 				if (!vec.empty ())
 				{
-					std::unique_lock<std::mutex>  l(m_QueueMutex);
+					std::unique_lock<std::mutex> l(m_QueueMutex);
 					for (const auto& it: vec)
 						m_Queue.push (std::move(it));
 					m_NonEmpty.notify_one ();
--- a/Show More
+++ b/Show More