Merge 17399da399 into 9432202fad

Signed-off-by: r4sas <r4sas@i2pmail.org>

.editorconfig

@@ -34,3 +34,6 @@ trim_trailing_whitespace = false
 [*.yml]
 indent_style = space
 indent_size = 2
+
+[*.patch]
+trim_trailing_whitespace = false

.github/workflows/build-deb.yml

@@ -1,6 +1,24 @@
 name: Build Debian packages
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+    - '*'
+    paths:
+    - .github/workflows/build-deb.yml
+    - contrib/**
+    - daemon/**
+    - debian/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Makefile
+    - Makefile.linux
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'
 
 jobs:
   build:
@@ -14,26 +32,30 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
+    - name: Commit Hash
+      id: commit
+      uses: prompt/actions-commit-hash@v3.0.0
+
     - name: Build package
       uses: jtdor/build-deb-action@v1
       with:
         docker-image: debian:${{ matrix.dist }}-slim
         buildpackage-opts: --build=binary --no-sign
-        before-build-hook: debchange --controlmaint --local "+${{ github.sha }}~${{ matrix.dist }}" -b --distribution ${{ matrix.dist }} "CI build"
+        before-build-hook: debchange --controlmaint --local "+${{ steps.commit.outputs.short }}~${{ matrix.dist }}" -b --distribution ${{ matrix.dist }} "CI build"
         extra-build-deps: devscripts git
 
     - name: Upload package
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: i2pd_${{ matrix.dist }}
         path: debian/artifacts/i2pd_*.deb
 
     - name: Upload debugging symbols
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: i2pd-dbgsym_${{ matrix.dist }}
         path: debian/artifacts/i2pd-dbgsym_*.deb

.github/workflows/build-freebsd.yml

@@ -1,19 +1,37 @@
 name: Build on FreeBSD
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+    - '*'
+    paths:
+    - .github/workflows/build-freebsd.yml
+    - build/CMakeLists.txt
+    - build/cmake_modules/**
+    - daemon/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Makefile
+    - Makefile.bsd
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'
 
 jobs:
   build:
-    runs-on: macos-12
+    runs-on: ubuntu-latest
     name: with UPnP
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Test in FreeBSD
       id: test
-      uses: vmactions/freebsd-vm@v0.3.0
+      uses: vmactions/freebsd-vm@v1
       with:
         usesh: true
         mem: 2048
@@ -26,7 +44,7 @@ jobs:
           gmake -j2
 
     - name: Upload artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: i2pd-freebsd
         path: build/i2pd

.github/workflows/build-osx.yml

@@ -1,6 +1,22 @@
 name: Build on OSX
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+    - '*'
+    paths:
+    - .github/workflows/build-osx.yml
+    - daemon/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Makefile
+    - Makefile.homebrew
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'
 
 jobs:
   build:
@@ -14,13 +30,16 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
-    - name: install packages
+    - name: Install required formulae
       run: |
         find /usr/local/bin -lname '*/Library/Frameworks/Python.framework/*' -delete
         brew update
         brew install boost miniupnpc openssl@1.1
 
-    - name: build application
+    - name: List installed formulae
+      run: brew list
+
+    - name: Build application
       run: make HOMEBREW=1 USE_UPNP=${{ matrix.with_upnp }} PREFIX=$GITHUB_WORKSPACE/output -j3

.github/workflows/build-windows-msvc.yml

@@ -1,52 +0,0 @@
-name: Build on Windows with MSVC
-
-on: [push, pull_request]
-
-jobs:
-  build:
-    name: Build
-    runs-on: windows-latest
-
-    strategy:
-      fail-fast: false
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-
-    - name: Build and install zlib
-      run: |
-        powershell -Command "(Invoke-WebRequest -Uri https://raw.githubusercontent.com/r4sas/zlib.install/master/install.bat -OutFile install_zlib.bat)"
-        powershell -Command "(Get-Content install_zlib.bat) | Set-Content install_zlib.bat" # fixing line endings
-        set BUILD_TYPE=Debug
-        ./install_zlib.bat
-        set BUILD_TYPE=Release
-        ./install_zlib.bat
-        del install_zlib.bat
-
-    - name: Install Boost
-      uses: crazy-max/ghaction-chocolatey@v2
-      with:
-        args: install boost-msvc-14.3
-
-    - name: Install OpenSSL
-      uses: crazy-max/ghaction-chocolatey@v2
-      with:
-        args: install openssl
-
-    - name: Configure
-      working-directory: build
-      run: cmake -DWITH_STATIC=ON .
-
-    - name: Build
-      working-directory: build
-      run: cmake --build . --config Debug -- -m
-
-    - name: Upload artifacts
-      uses: actions/upload-artifact@v3
-      with:
-        name: i2pd-msvc
-        path: build/Debug/i2pd.*
-

.github/workflows/build-windows-msvc.yml-disabled

@@ -0,0 +1,80 @@
+name: Build on Windows with MSVC
+
+on:
+  push:
+    branches:
+    - '*'
+    paths:
+    - .github/workflows/build-windows-msvc.yml
+    - build/CMakeLists.txt
+    - build/cmake_modules/**
+    - daemon/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Win32/**
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'
+
+jobs:
+  build:
+    name: Build
+    runs-on: windows-latest
+    env:
+      boost_path: ${{ github.workspace }}\boost_1_83_0
+      openssl_path: ${{ github.workspace }}\openssl_3_2_1
+
+    strategy:
+      fail-fast: false
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Build and install zlib
+      run: |
+        powershell -Command "(Invoke-WebRequest -Uri https://raw.githubusercontent.com/r4sas/zlib.install/master/install.bat -OutFile install_zlib.bat)"
+        powershell -Command "(Get-Content install_zlib.bat) | Set-Content install_zlib.bat" # fixing line endings
+        set BUILD_TYPE=Debug
+        ./install_zlib.bat
+        set BUILD_TYPE=Release
+        ./install_zlib.bat
+        del install_zlib.bat
+
+    - name: Install Boost
+      run: |
+        powershell -Command "(Start-BitsTransfer -Source https://sourceforge.net/projects/boost/files/boost-binaries/1.83.0/boost_1_83_0-msvc-14.3-64.exe/download -Destination boost_1_83_0-msvc-14.3-64.exe)"
+        ./boost_1_83_0-msvc-14.3-64.exe /DIR="${{env.boost_path}}" /VERYSILENT /SUPPRESSMSGBOXES /SP-
+
+    - name: Install OpenSSL
+      run: |
+        powershell -Command "(Start-BitsTransfer -Source https://slproweb.com/download/Win64OpenSSL-3_2_1.exe -Destination Win64OpenSSL-3_2_1.exe)"
+        ./Win64OpenSSL-3_2_1.exe /DIR="${{env.openssl_path}}" /TASKS="copytobin" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
+
+    - name: Make copy of the OpenSSL libraries for CMake
+      run: |
+        dir ${{ github.workspace }}
+        dir ${{env.openssl_path}}\lib\VC
+        dir ${{env.openssl_path}}\lib\VC\x64\
+        dir ${{env.openssl_path}}\lib\VC\x64\MTd\
+        xcopy /s /y "${{env.openssl_path}}\lib\VC\x64\MTd" "${{env.openssl_path}}\lib"
+
+    - name: Configure
+      working-directory: build
+      run: cmake -DBoost_ROOT="${{env.boost_path}}" -DOPENSSL_ROOT_DIR="${{env.openssl_path}}" -DWITH_STATIC=ON .
+
+    - name: Build
+      working-directory: build
+      run: cmake --build . --config Debug -- -m
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: i2pd-msvc
+        path: build/Debug/i2pd.*
+

.github/workflows/build-windows.yml

@@ -1,6 +1,25 @@
 name: Build on Windows
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+    - '*'
+    paths:
+    - .github/workflows/build-windows.yml
+    - build/CMakeLists.txt
+    - build/cmake_modules/**
+    - daemon/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Win32/**
+    - Makefile
+    - Makefile.mingw
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'
 
 defaults:
   run:
@@ -23,7 +42,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
@@ -44,7 +63,7 @@ jobs:
         make USE_UPNP=yes DEBUG=no USE_GIT_VERSION=yes -j3
 
     - name: Upload artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: i2pd-${{ matrix.arch_short }}.exe
         path: i2pd.exe
@@ -65,7 +84,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
@@ -83,7 +102,7 @@ jobs:
         cmake --build . -- -j3
 
     - name: Upload artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: i2pd-cmake-${{ matrix.arch_short }}.exe
         path: build/i2pd.exe
@@ -97,7 +116,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
@@ -106,34 +125,126 @@ jobs:
       with:
         msystem: MINGW32
         install: base-devel git mingw-w64-i686-gcc mingw-w64-i686-boost mingw-w64-i686-openssl mingw-w64-i686-miniupnpc
+        cache: true
         update: true
 
-    - name: Build WinXP-capable CRT packages
+    - name: Clone MinGW packages repository and revert boost to 1.85.0
       run: |
         git clone https://github.com/msys2/MINGW-packages
-        pushd MINGW-packages
-        pushd mingw-w64-headers-git
-        sed -i 's/0x601/0x501/' PKGBUILD
-        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm
-        pacman --noconfirm -U mingw-w64-i686-headers-git-*-any.pkg.tar.zst
-        popd
-        pushd mingw-w64-crt-git
-        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm
-        pacman --noconfirm -U mingw-w64-i686-crt-git-*-any.pkg.tar.zst
-        popd
-        pushd mingw-w64-winpthreads-git
-        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm
-        pacman --noconfirm -U mingw-w64-i686-libwinpthread-git-*-any.pkg.tar.zst mingw-w64-i686-winpthreads-git-*-any.pkg.tar.zst
-        popd
-        popd
+        cd MINGW-packages
+        git checkout 4cbb366edf2f268ac3146174b40ce38604646fc5 mingw-w64-boost
+        cd mingw-w64-boost
+        sed -i 's/boostorg.jfrog.io\/artifactory\/main/archives.boost.io/' PKGBUILD
 
+    # headers
+    - name: Get headers package version
+      id:  version-headers
+      run: |
+        echo "version=$(pacman -Si mingw-w64-i686-headers-git | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
+    - name: Cache headers package
+      uses: actions/cache@v4
+      id: cache-headers
+      with:
+        path: MINGW-packages/mingw-w64-headers-git/*.zst
+        key: winxp-headers-${{ steps.version-headers.outputs.version }}
+    - name: Build WinXP-capable headers package
+      if: steps.cache-headers.outputs.cache-hit != 'true'
+      run: |
+        cd MINGW-packages/mingw-w64-headers-git
+        sed -i 's/0x601/0x501/' PKGBUILD
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
+    - name: Install headers package
+      run: pacman --noconfirm -U MINGW-packages/mingw-w64-headers-git/mingw-w64-i686-*-any.pkg.tar.zst
+
+    # CRT
+    - name: Get crt package version
+      id:  version-crt
+      run: |
+        echo "version=$(pacman -Si mingw-w64-i686-crt-git | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
+    - name: Cache crt package
+      uses: actions/cache@v4
+      id: cache-crt
+      with:
+        path: MINGW-packages/mingw-w64-crt-git/*.zst
+        key: winxp-crt-${{ steps.version-crt.outputs.version }}
+    - name: Build WinXP-capable crt package
+      if: steps.cache-crt.outputs.cache-hit != 'true'
+      run: |
+        cd MINGW-packages/mingw-w64-crt-git
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
+    - name: Install crt package
+      run: pacman --noconfirm -U MINGW-packages/mingw-w64-crt-git/mingw-w64-i686-*-any.pkg.tar.zst
+
+    # winpthreads
+    - name: Get winpthreads package version
+      id:  version-winpthreads
+      run: |
+        echo "version=$(pacman -Si mingw-w64-i686-winpthreads-git | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
+    - name: Cache winpthreads package
+      uses: actions/cache@v4
+      id: cache-winpthreads
+      with:
+        path: MINGW-packages/mingw-w64-winpthreads-git/*.zst
+        key: winxp-winpthreads-${{ steps.version-winpthreads.outputs.version }}
+    - name: Build WinXP-capable winpthreads package
+      if: steps.cache-winpthreads.outputs.cache-hit != 'true'
+      run: |
+        cd MINGW-packages/mingw-w64-winpthreads-git
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
+    - name: Install winpthreads package
+      run: pacman --noconfirm -U MINGW-packages/mingw-w64-winpthreads-git/mingw-w64-i686-*-any.pkg.tar.zst
+
+    # OpenSSL
+    - name: Get openssl package version
+      id:  version-openssl
+      run: |
+        echo "version=$(pacman -Si mingw-w64-i686-openssl | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
+    - name: Cache openssl package
+      uses: actions/cache@v4
+      id: cache-openssl
+      with:
+        path: MINGW-packages/mingw-w64-openssl/*.zst
+        key: winxp-openssl-${{ steps.version-openssl.outputs.version }}
+    - name: Build WinXP-capable openssl package
+      if: steps.cache-openssl.outputs.cache-hit != 'true'
+      run: |
+        cd MINGW-packages/mingw-w64-openssl
+        gpg --recv-keys D894E2CE8B3D79F5
+        gpg --recv-keys 216094DFD0CB81EF
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
+    - name: Install openssl package
+      run: pacman --noconfirm -U MINGW-packages/mingw-w64-openssl/mingw-w64-i686-*-any.pkg.tar.zst
+
+    # Boost
+    #- name: Get boost package version
+    #  id:  version-boost
+    #  run: |
+    #    echo "version=$(pacman -Si mingw-w64-i686-boost | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
+    - name: Cache boost package
+      uses: actions/cache@v4
+      id: cache-boost
+      with:
+        path: MINGW-packages/mingw-w64-boost/*.zst
+        key: winxp-boost-1.85.0+crt-${{ steps.version-headers.outputs.version }}+ossl-${{ steps.version-openssl.outputs.version }}
+    # Rebuild package if packages above has changed
+    - name: Build WinXP-capable boost package
+      if: steps.cache-boost.outputs.cache-hit != 'true'
+      run: |
+        cd MINGW-packages/mingw-w64-boost
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
+    - name: Remove boost packages
+      run: pacman --noconfirm -R mingw-w64-i686-boost mingw-w64-i686-boost-libs
+    - name: Install boost package
+      run: pacman --noconfirm -U MINGW-packages/mingw-w64-boost/mingw-w64-i686-*-any.pkg.tar.zst
+
+    # Building i2pd
     - name: Build application
       run: |
         mkdir -p obj/Win32 obj/libi2pd obj/libi2pd_client obj/daemon
         make USE_UPNP=yes DEBUG=no USE_GIT_VERSION=yes USE_WINXP_FLAGS=yes -j3
 
     - name: Upload artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: i2pd-xp.exe
         path: i2pd.exe

.github/workflows/build.yml

@@ -1,6 +1,24 @@
 name: Build on Ubuntu
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+    - '*'
+    paths:
+    - .github/workflows/build.yml
+    - build/CMakeLists.txt
+    - build/cmake_modules/**
+    - daemon/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Makefile
+    - Makefile.linux
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'
 
 jobs:
   build-make:
@@ -14,7 +32,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: install packages
       run: |
@@ -35,7 +53,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: install packages
       run: |

.github/workflows/docker.yml

@@ -5,6 +5,16 @@ on:
     branches:
     - openssl
     - docker
+    paths:
+    - .github/workflows/docker.yml
+    - contrib/docker/**
+    - contrib/certificates/**
+    - daemon/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Makefile
+    - Makefile.linux
     tags:
     - '*'
 
@@ -27,29 +37,29 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
+      uses: docker/setup-qemu-action@v3
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3
 
     - name: Login to DockerHub
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}
 
     - name: Login to GitHub Container registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Build container for ${{ matrix.archname }}
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v5
       with:
         context: ./contrib/docker
         file: ./contrib/docker/Dockerfile
@@ -72,22 +82,22 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
+      uses: docker/setup-qemu-action@v3
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3
 
     - name: Login to DockerHub
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}
 
     - name: Login to GitHub Container registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}

ChangeLog

@@ -1,6 +1,279 @@
 # for this file format description,
 # see https://github.com/olivierlacan/keep-a-changelog
 
+## [2.56.0] - 2025-02-11
+### Added
+- Config params for shared local destination
+- AddressBook full addresses cache
+- Decline transit tunnel to duplicated router
+- Recreate tunnels in random order
+### Changed
+- Exclude disk operations from SSU2 and NTCP2 threads
+- Set minimal version for peer test to 0.9.62
+- Send ack requested flag after second SSU2 resend attempt
+- Shorter ECIESx25519 ack request interval for datagram and I2CP sessions
+- Don't change datagram routing path too often if unidirectional data stream
+- Reduce LeaseSet and local RouterInfo publishing confirmation intervals
+- Don't delete buffer of connected routers or if an update received
+- Smaller RouterInfo request timeout if sent directly
+- Persist local RouterInfo in separate thread
+- Don't recalculate and process ranges for every SSU2 Ack block
+- Reseeds list
+### Fixed
+- Termination deadlock if SAM session is active
+- Race condition at tunnel endpoint
+- Inbound tunnel build encryption
+
+## [2.55.0] - 2024-12-30
+### Added
+- Support boost 1.87
+- "i2p.streaming.maxConcurrentStreams" tunnel's param to limit number of simultaneous streams
+- Separate thread for tunnel build requests
+- Show next peer and connectivity on "Transit tunnels" page
+- Tunnel name for local destination thread
+- Throttle incoming ECIESx25519 sessions
+- Send tunnel data to transport session directly if possible
+- Publish 'R' cap for yggdrasil-only routers, and 'U' cap for routers through proxy
+- Random tunnel rejection when medium congestion
+- Save unreachable router's endpoint to use it next time without introducers
+- Recognize symmetric NAT from peer test message 7
+- Resend HolePunch and RelayResponse messages
+### Changed
+- Removed own implementation of AESNI and always use one from openssl
+- Renamed main thread to i2pd-daemon
+- Set i2p.streaming.profile=2 for shared local destination
+- Reduced LeaseSet and RouterInfo lookup timeouts
+- Cleanup ECIES sessions and tags more often
+- Check LeaseSet expiration time
+- Handle NTCP2 session handshakes in separate thread
+- Limit last decline time by 1.5 hours in router's profile
+- Don't handle RelayRequest and RelayIntro with same nonce twice
+- Increased hole punch expiration interval
+- Send peer test message 6 with delay if message 4 was received before message 5
+- Pre-calculate more x25519 keys for transports in runtime
+- Don't request LeaseSet for incoming stream
+- Terminate incoming stream right away if no remote LeaseSet
+- Handle choked, new RTO and window size calculation and resetting algorithm for streams
+### Fixed
+- Empty string in addressbook subscriptions
+- ECIESx25519 sessions without destination
+- Missing RouterInfo buffer in NetDb
+- Invalid I2PControl certificate
+- Routers disappear from NetDb when offline
+- Peer test message 6 sent to unknown endpoint
+- Race condition with LeaseSet update
+- Excessive CPU usage by streams
+- Crash on shutdown
+
+## [2.54.0] - 2024-10-06
+### Added
+- Maintain recently connected routers list to avoid false-positive peer test
+- Limited connectivity mode(through proxy)
+- "i2p.streaming.profile" tunnel's param to let tunnel select also low-bandwidth routers
+- Limit stream's inbound speed
+- Periodic ack requests in ratchets session
+- Set congestion cap G immediately if through proxy
+- Show tunnel's routers bandwidth caps in web console
+- Handle immediate ack requested flag in SSU2 data packets
+- Resend and ack peer test and relay messages
+- "senduseragent" HTTP proxy's param to pass through user's User-Agent
+### Changed
+- Exclude 'N' routers from high-bandwidth routers for client tunnels
+- C++11 support has been dropped, the minimal requirement is C++17 now, C++20 for some compilers
+- Removed dependency from boost::date_time and boost::filesystem
+- Set default i2cp.leaseSetEncType to 0,4 and to 4 for server tunnels
+- Handle i2cp.inboundlimit and i2cp.outboundlimit params in I2CP
+- Publish LeaseSet with new timestamp update if tunnel was replaced in the same second
+- Increase max number of generated tags to 800 per tagset
+- Routing path expiration by time instead num attempts
+- Save timestamp from epoch instead local time to profiles
+- Update introducer's iTag if session to introducer was replaced to new one
+- RTT, window size and number of NACKs calculation for streaming
+- Don't select same peer for tunnel too often
+- Use WinApi for data path UTF-8 conversion for Windows
+### Fixed
+- Jump link crash if address book is disabled
+- Race condition if connect through an introducer
+- "Date" header in I2PControl response
+- Incomplete response from web console
+- AEAD verification with LibreSSL
+- Number of generated tags and new keys for follow-on tagsets
+- Expired leases in LeaseSet
+- Attempts to send HolePunch to 0.0.0.0
+- Incorrect options size in quick ack streaming packet
+- Low bandwidth router appeared as first peer in high-bandwidth client tunnel
+
+## [2.53.1] - 2024-07-29
+### Changed
+- I2CP performance improvement
+### Fixed
+- 100% CPU usage after I2CP/SAM/BOB session termination
+- Incorrect client limits returned through I2CP
+- Build with LibreSSL
+
+## [2.53.0] - 2024-07-19
+### Added
+- New congestion control algorithm for streaming
+- Support miniupnp-2.2.8
+- Limit stream's outbound speed
+- Flood to next day closest floodfills before UTC midnight
+- Recognize duplicated routers and bypass them
+- Random SSU2 resend interval
+### Changed
+- Set minimal version to 0.9.69 for floodfills and 0.9.58 for client tunnels
+- Removed openssl 1.0.2 support
+- Move unsent I2NP messages to the new session if replaced
+- Use mt19937 RNG instead rand()
+- Update router's congestion caps before initial publishing
+- Don't try introducer with invalid address
+- Select newest introducers to publish
+- Don't request relay tag for every session if we have enough introducers
+- Update timestamp for non-reachable or hidden router
+- Reset streaming routing path if duplicated SYN received
+- Update LeaseSet if inbound tunnel failed
+- Reseeds list
+### Fixed
+- Crash when a destination gets terminated
+- Expired offline signature upon destination creation
+- Race condition between local RouterInfo buffer creation and sending it through the transports
+
+## [2.52.0] - 2024-05-12
+### Added
+- Separate threads for persisting RouterInfos and profiles to disk
+- Give preference to address with direct connection
+- Exclude addresses with incorrect static or intro key
+- Avoid two firewalled routers in the row in tunnel
+- Drop unsolicited database search replies
+### Changed
+- Increase number of hashes to 16 in exploratory lookup reply
+- Reduce number of a RouterInfo lookup attempts to 5
+- Reset stream RTO if outbound tunnel was changed
+- Insert previously excluded floodfill back when successfully connected
+- Increase maximum stream resend attempts to 9
+- Reply to exploratory lookups with only confirmed routers if low tunnel build rate
+- Don't accept too old RouterInfo
+- Build client tunnels through confirmed routers only if low tunnel build rate
+- Manage netDb requests more frequently
+- Don't reply with closer than us only floodfills for lookup
+### Fixed
+- Crash on router lookup if exploratory pool is not ready
+- Race condition in excluded peers for next lookup
+- Excessive number of lookups for same destination
+- Race condition with transport peers during shutdown
+- Corrupted RouterInfo files
+
+## [2.51.0] - 2024-04-06
+### Added
+- Non-blocking mode for UDP sockets
+- Set SSU2 socket buffer size based on bandwidth limit
+- Encrypted tunnel tests
+- Support for multiple UDP server tunnels on one destination
+- Publish medium congestion indication
+- Local domain sockets for SOCKS proxy upstream
+- Tunnel status "declined" in web console
+- SAM error reply "Incompatible crypto" if remote destination has incompatible crypto
+- Reduce amount of traffic by handling local message drops
+- Keep SSU2 socket open even if it fails to bind
+- Lower SSU2 resend traffic spikes
+- Expiration for messages in SSU2 send queue
+- Use EWMA for stream RTT estimation
+- Request choking delay if too many NACKs in stream
+- Allow 0ms latency for tunnel
+- Randomize tunnels selection for tests
+### Changed
+- Upstream SOCKS proxy from SOCKS4 to SOCKS5
+- Transit tunnels limit to 4 bytes. Default value to 10K
+- Reply CANT_REACH_PEER if connect to ourselves in SAM
+- Don't send already expired I2NP messages
+- Use monotonic timer to measure tunnel test latency
+- Standard NTCP2 frame doesn't exceed 16K
+- Always send request through tunnels in case of restricted routes
+- Don't delete connected routers from NetDb
+- Send lookup reply directly to reply tunnel gateway if possible
+- Reduce unreachable router ban interval to 8 minutes
+- Don't request banned routers / don't try to connect to unreachable router
+- Consider 'M' routers as low bandwidth
+- Limit minimal received SSU2 packet size to 40 bytes
+- Bob picks peer test session only if Charlie's address supports peer testing
+- Reject peer test msg 2 if peer testing is not supported
+- Don't request termination if SSU2 session was not established
+- Set maximum SSU2 queue size depending on RTT value
+- New streaming RTT calculation algorithm
+- Don't double initial RTO for streams when changing tunnels
+- Restore failed tunnel if test or data for inbound tunnel received
+- Don't fail last remaining tunnel in pool
+- Publish LeasetSet again if local destination was not ready or no tunnels
+- Make more attempts to pick high bandwidth hop for client tunnel
+- Reduced SSU2 session termination timeout to 165 seconds
+- Reseeds list
+### Fixed
+- ECIESx25519 symmetric key tagset early expiration
+- Encrypted LeaseSet lookup
+- Outbound tunnel build fails if it's endpoint is the same as reply tunnel gateway
+- I2PControl RouterManager returns invalid JSON when unknown params are passed
+- Mix of data between different UDP sessions on the same server
+- TARGET_OS_SIMULATOR check
+- Handling of "reservedrange" param
+- New NTCP2 session gets teminated upon termination of old one
+- New SSU2 session gets teminated upon termination of old one
+- Peer test to non-supporting router
+- Streaming ackThrough off 1 if number of NACKs exceeds 255
+- Race condition in ECIESx25519 tags table
+- Good tunnel becomes failed
+- Crash when packet comes to terminated stream
+- Stream hangs during LeaseSet update
+
+## [2.50.2] - 2024-01-06
+###Fixed
+- Crash with OpenSSL 3.2.0
+- False positive clock skew detection
+
+## [2.50.1] - 2023-12-23
+###Fixed
+- Support for new EdDSA usage behavior in OpenSSL 3.2.0
+
+## [2.50.0] - 2023-12-18
+### Added
+- Support of concurrent ACCEPTs on SAM 3.1
+- Haiku OS support
+- Low bandwidth and far routers can expire before 1 hour
+### Changed
+- Don't pick too active peer for first hop
+- Try peer test again if status is Unknown
+- Send peer tests with random delay
+- Reseeds list
+### Fixed
+- XSS vulnerability in addresshelper
+- Publishing NAT64 ipv6 addresses
+- Deadlock in AsyncSend callback
+
+## [2.49.0] - 2023-09-18
+### Added
+- Handle SOCK5 authorization with empty user/password
+- Drop incoming transport sessions from too old or from future routers
+- Memory pool for router profiles
+- Allow 0 hops in explicitPeers
+### Changed
+- Separate network and testing status
+- Remove AVX code
+- Improve NTCP2 transport session logging
+- Select router with ipv4 for tunnel endpoint
+- Consider all addresses non-published for U and H routers even if they have host/port
+- Don't pick completely unreachable routers for tunnels
+- Exclude SSU1 introducers from SSU2 addresses
+- Don't create paired inbound tunnel if length is different
+- Remove introducer from RouterInfo after 60 minutes
+- Reduce SSU2 keep alive interval and add keep alive interval variance
+- Don't pick too old sessions for introducer
+### Fixed
+- Version of the subnegotiation in user/password SOCKS5 response
+- Send keepalive for existing session with introducer
+- Buffer offset for EVP_EncryptFinal_ex() to include outlen
+- Termination block size processing for transport sessions
+- Crash if deleted BOB destination was shared between few BOB sessions
+- Introducers with zero tag
+- Padding for SSU2 path response
+
 ## [2.48.0] - 2023-06-12
 ### Added
 - Allow user/password authentication method for SOCK5 proxy

Makefile

@@ -29,7 +29,6 @@ DAEMON_SRC_DIR := daemon
 # import source files lists
 include filelist.mk
 
-USE_AESNI       := $(or $(USE_AESNI),yes)
 USE_STATIC      := $(or $(USE_STATIC),no)
 USE_UPNP        := $(or $(USE_UPNP),no)
 DEBUG           := $(or $(DEBUG),yes)
@@ -67,6 +66,9 @@ else ifneq (, $(findstring linux, $(SYS))$(findstring gnu, $(SYS)))
 else ifneq (, $(findstring freebsd, $(SYS))$(findstring openbsd, $(SYS)))
 	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
 	include Makefile.bsd
+else ifneq (, $(findstring haiku, $(SYS)))
+	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
+	include Makefile.haiku
 else # not supported
 	$(error Not supported platform)
 endif
@@ -118,7 +120,7 @@ obj/%.o: %.cpp | mk_obj_dir
 -include $(DEPS)
 
 $(I2PD): $(DAEMON_OBJS) $(ARLIB) $(ARLIB_CLIENT) $(ARLIB_LANG)
-	$(CXX) -o $@ $(DEFINES) $(LDFLAGS) $^ $(LDLIBS)
+	$(CXX) $(DEFINES) $(LDFLAGS) -o $@ $^ $(LDLIBS)
 
 $(SHLIB): $(LIB_OBJS)
 ifneq ($(USE_STATIC),yes)

Makefile.bsd

@@ -1,13 +1,22 @@
 CXX = clang++
 CXXFLAGS ?= ${CXX_DEBUG} -Wall -Wextra -Wno-unused-parameter -pedantic -Wno-misleading-indentation
+DEFINES = -D_GLIBCXX_USE_NANOSLEEP=1
+INCFLAGS = -I/usr/include/ -I/usr/local/include/
+LDFLAGS = ${LD_DEBUG} -Wl,-rpath,/usr/local/lib -L/usr/local/lib
+LDLIBS = -lssl -lcrypto -lz -lpthread -lboost_system -lboost_program_options
+
 ## NOTE: NEEDED_CXXFLAGS is here so that custom CXXFLAGS can be specified at build time
 ## **without** overwriting the CXXFLAGS which we need in order to build.
 ## For example, when adding 'hardening flags' to the build
 ## (e.g. -fstack-protector-strong -Wformat -Werror=format-security), we do not want to remove
 ## -std=c++11. If you want to remove this variable please do so in a way that allows setting
 ## custom FLAGS to work at build-time.
-NEEDED_CXXFLAGS = -std=c++11
-DEFINES = -D_GLIBCXX_USE_NANOSLEEP=1
-INCFLAGS = -I/usr/include/ -I/usr/local/include/
-LDFLAGS = ${LD_DEBUG} -Wl,-rpath,/usr/local/lib -L/usr/local/lib
-LDLIBS = -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
+CXXVER := $(shell $(CXX) -dumpversion|cut -c 1-2)
+ifeq (${CXXVER}, "4.") # older clang always returned 4.2.1
+	$(error Compiler too old)
+else ifeq (${CXXVER}, ${filter ${CXXVER},16 17 18 19})  # clang 16 - 19
+	NEEDED_CXXFLAGS = -std=c++20
+else
+	NEEDED_CXXFLAGS = -std=c++17
+endif
+

Makefile.haiku

@@ -0,0 +1,10 @@
+CXX = g++
+CXXFLAGS := -Wall -std=c++17
+INCFLAGS = -I/system/develop/headers
+DEFINES = -D_DEFAULT_SOURCE -D_GNU_SOURCE
+LDLIBS = -lbe -lbsd -lnetwork -lz -lssl -lcrypto -lboost_system -lboost_program_options -lpthread
+
+ifeq ($(USE_UPNP),yes)
+	DEFINES += -DUSE_UPNP
+	LDLIBS += -lminiupnpc
+endif

Makefile.homebrew

@@ -1,41 +1,33 @@
 # root directory holding homebrew
-BREWROOT = /usr/local
+BREWROOT = /opt/homebrew
 BOOSTROOT = ${BREWROOT}/opt/boost
 SSLROOT = ${BREWROOT}/opt/openssl@1.1
 UPNPROOT = ${BREWROOT}/opt/miniupnpc
-CXXFLAGS = ${CXX_DEBUG} -Wall -std=c++11 -DMAC_OSX -Wno-overloaded-virtual
-INCFLAGS = -I${SSLROOT}/include -I${BOOSTROOT}/include
-LDFLAGS = ${LD_DEBUG}
 
-ifndef TRAVIS
-	CXX = clang++
-endif
+CXXFLAGS ?= ${CXX_DEBUG} -Wall -Wno-overloaded-virtual
+NEEDED_CXXFLAGS ?= -std=c++17
+INCFLAGS ?= -I${SSLROOT}/include -I${BOOSTROOT}/include
+LDFLAGS ?= ${LD_DEBUG}
+DEFINES += -DMAC_OSX
 
 ifeq ($(USE_STATIC),yes)
-	LDLIBS = -lz ${SSLROOT}/lib/libcrypto.a ${SSLROOT}/lib/libssl.a ${BOOSTROOT}/lib/libboost_system.a ${BOOSTROOT}/lib/libboost_date_time.a ${BOOSTROOT}/lib/libboost_filesystem.a ${BOOSTROOT}/lib/libboost_program_options.a -lpthread
+	LDLIBS = -lz ${SSLROOT}/lib/libcrypto.a ${SSLROOT}/lib/libssl.a ${BOOSTROOT}/lib/libboost_system.a ${BOOSTROOT}/lib/libboost_filesystem.a ${BOOSTROOT}/lib/libboost_program_options.a
+ifeq ($(USE_UPNP),yes)
+	LDLIBS += ${UPNPROOT}/lib/libminiupnpc.a
+endif
+	LDLIBS +=  -lpthread -ldl
 else
 	LDFLAGS += -L${SSLROOT}/lib -L${BOOSTROOT}/lib
-	LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
+	LDLIBS = -lz -lssl -lcrypto -lboost_system -lboost_filesystem -lboost_program_options -lpthread
+ifeq ($(USE_UPNP),yes)
+	LDFLAGS += -L${UPNPROOT}/lib
+	LDLIBS += -lminiupnpc
+endif
 endif
 
 ifeq ($(USE_UPNP),yes)
-	LDFLAGS += -ldl
-	CXXFLAGS += -DUSE_UPNP
+	DEFINES += -DUSE_UPNP
 	INCFLAGS += -I${UPNPROOT}/include
-	ifeq ($(USE_STATIC),yes)
-		LDLIBS += ${UPNPROOT}/lib/libminiupnpc.a
-	else
-		LDFLAGS += -L${UPNPROOT}/lib
-		LDLIBS += -lminiupnpc
-	endif
-endif
-
-# OSX Notes
-# http://www.hutsby.net/2011/08/macs-with-aes-ni.html
-# Seems like all recent Mac's have AES-NI, after firmware upgrade 2.2
-# Found no good way to detect it from command line. TODO: Might be some osx sysinfo magic
-ifeq ($(USE_AESNI),yes)
-	CXXFLAGS += -D__AES__ -maes
 endif
 
 install: all

Makefile.linux

@@ -9,24 +9,17 @@ LDFLAGS ?= ${LD_DEBUG}
 ## -std=c++11. If you want to remove this variable please do so in a way that allows setting
 ## custom FDLAGS to work at build-time.
 
-# detect proper flag for c++11 support by compilers
+# detect proper flag for c++17 support by compilers
 CXXVER := $(shell $(CXX) -dumpversion)
 ifeq ($(shell expr match $(CXX) 'clang'),5)
-	NEEDED_CXXFLAGS += -std=c++11
-else ifeq ($(shell expr match ${CXXVER} "4\.[0-9][0-9]"),4) # gcc >= 4.10
-	NEEDED_CXXFLAGS += -std=c++11
-else ifeq ($(shell expr match ${CXXVER} "4\.[8-9]"),3) # gcc 4.8 - 4.9
-	NEEDED_CXXFLAGS += -std=c++11 -D_GLIBCXX_USE_NANOSLEEP=1
-else ifeq ($(shell expr match ${CXXVER} "[5-6]"),1) # gcc 5 - 6
-	NEEDED_CXXFLAGS += -std=c++11
-	LDLIBS = -latomic
-else ifeq ($(shell expr match ${CXXVER} "[7-9]"),1) # gcc 7 - 9
 	NEEDED_CXXFLAGS += -std=c++17
-	LDLIBS = -latomic
-else ifeq ($(shell expr match ${CXXVER} "1[0-9]"),2) # gcc 10+
-#	NEEDED_CXXFLAGS += -std=c++20
+else ifeq ($(shell expr match ${CXXVER} "[8-9]"),1) # gcc 8 - 9
 	NEEDED_CXXFLAGS += -std=c++17
-	LDLIBS = -latomic
+	LDLIBS = -lboost_system -lstdc++fs
+else ifeq ($(shell expr match ${CXXVER} "1[0-2]"),2) # gcc 10 - 12
+	NEEDED_CXXFLAGS += -std=c++17
+else ifeq ($(shell expr match ${CXXVER} "1[3-9]"),2) # gcc 13+
+	NEEDED_CXXFLAGS += -std=c++20
 else # not supported
 $(error Compiler too old)
 endif
@@ -38,9 +31,6 @@ ifeq ($(USE_STATIC),yes)
 #   Using 'getaddrinfo' in statically linked applications requires at runtime
 #   the shared libraries from the glibc version used for linking
 	LIBDIR := /usr/lib/$(SYS)
-	LDLIBS += $(LIBDIR)/libboost_system.a
-	LDLIBS += $(LIBDIR)/libboost_date_time.a
-	LDLIBS += $(LIBDIR)/libboost_filesystem.a
 	LDLIBS += $(LIBDIR)/libboost_program_options.a
 	LDLIBS += $(LIBDIR)/libssl.a
 	LDLIBS += $(LIBDIR)/libcrypto.a
@@ -50,7 +40,7 @@ ifeq ($(USE_UPNP),yes)
 endif
 	LDLIBS += -lpthread -ldl
 else
-	LDLIBS += -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
+	LDLIBS += -lssl -lcrypto -lz -lboost_program_options -lpthread -latomic
 ifeq ($(USE_UPNP),yes)
 	LDLIBS += -lminiupnpc
 endif
@@ -61,13 +51,6 @@ ifeq ($(USE_UPNP),yes)
 	DEFINES += -DUSE_UPNP
 endif
 
-ifeq ($(USE_AESNI),yes)
-ifneq (, $(findstring i386, $(SYS))$(findstring i686, $(SYS))$(findstring x86_64, $(SYS))) # only x86-based CPU supports that
-	NEEDED_CXXFLAGS += -maes
-	DEFINES += -D__AES__
-endif
-endif
-
 install: all
 	install -d ${PREFIX}/bin
 	install -m 755 ${I2PD} ${PREFIX}/bin

Makefile.mingw

@@ -5,32 +5,32 @@ WINDRES = windres
 
 CXXFLAGS := $(CXX_DEBUG) -fPIC -msse
 INCFLAGS := -I$(DAEMON_SRC_DIR) -IWin32
-LDFLAGS := ${LD_DEBUG} -static
+LDFLAGS := ${LD_DEBUG} -static -fPIC -msse
 
-NEEDED_CXXFLAGS += -std=c++17
+NEEDED_CXXFLAGS += -std=c++20
 DEFINES += -DWIN32_LEAN_AND_MEAN
 
-# Boost libraries suffix
-BOOST_SUFFIX = -mt
-
 # UPNP Support
 ifeq ($(USE_UPNP),yes)
 	DEFINES += -DUSE_UPNP -DMINIUPNP_STATICLIB
 	LDLIBS = -lminiupnpc
 endif
 
+ifeq ($(USE_WINXP_FLAGS), yes)
+	DEFINES += -DWINVER=0x0501 -D_WIN32_WINNT=0x0501
+endif
+
 LDLIBS += \
-	-lboost_system$(BOOST_SUFFIX) \
-	-lboost_date_time$(BOOST_SUFFIX) \
-	-lboost_filesystem$(BOOST_SUFFIX) \
-	-lboost_program_options$(BOOST_SUFFIX) \
-	-lssl \
-	-lcrypto \
-	-lz \
+	$(MINGW_PREFIX)/lib/libboost_filesystem-mt.a \
+	$(MINGW_PREFIX)/lib/libboost_program_options-mt.a \
+	$(MINGW_PREFIX)/lib/libssl.a \
+	$(MINGW_PREFIX)/lib/libcrypto.a \
+	$(MINGW_PREFIX)/lib/libz.a \
 	-lwsock32 \
 	-lws2_32 \
-	-lgdi32 \
 	-liphlpapi \
+	-lcrypt32 \
+	-lgdi32 \
 	-lole32 \
 	-luuid \
 	-lpthread
@@ -42,15 +42,6 @@ ifeq ($(USE_WIN32_APP), yes)
 	DAEMON_OBJS += $(patsubst %.rc,obj/%.o,$(DAEMON_RC))
 endif
 
-ifeq ($(USE_WINXP_FLAGS), yes)
-	DEFINES += -DWINVER=0x0501 -D_WIN32_WINNT=0x0501
-endif
-
-ifeq ($(USE_AESNI),yes)
-	NEEDED_CXXFLAGS += -maes
-	DEFINES += -D__AES__
-endif
-
 ifeq ($(USE_ASLR),yes)
 	LDFLAGS += -Wl,--nxcompat -Wl,--high-entropy-va -Wl,--dynamicbase,--export-all-symbols
 endif

Makefile.osx

@@ -1,16 +1,15 @@
 CXX = clang++
-CXXFLAGS := ${CXX_DEBUG} -Wall -std=c++11
+CXXFLAGS := ${CXX_DEBUG} -Wall -std=c++17
 INCFLAGS = -I/usr/local/include
 DEFINES := -DMAC_OSX
 LDFLAGS := -Wl,-rpath,/usr/local/lib -L/usr/local/lib
 LDFLAGS += -Wl,-dead_strip
 LDFLAGS += -Wl,-dead_strip_dylibs
-LDFLAGS += -Wl,-bind_at_load
 
 ifeq ($(USE_STATIC),yes)
-	LDLIBS = -lz /usr/local/lib/libcrypto.a /usr/local/lib/libssl.a /usr/local/lib/libboost_system.a /usr/local/lib/libboost_date_time.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread
+	LDLIBS = -lz /usr/local/lib/libssl.a /usr/local/lib/libcrypto.a /usr/local/lib/libboost_system.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread
 else
-	LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
+	LDLIBS = -lz -lssl -lcrypto -lboost_system -lboost_filesystem -lboost_program_options -lpthread
 endif
 
 ifeq ($(USE_UPNP),yes)
@@ -26,9 +25,5 @@ endif
 OSARCH = $(shell uname -p)
 
 ifneq ($(OSARCH),powerpc)
-	ifeq ($(USE_AESNI),yes)
-		CXXFLAGS += -D__AES__ -maes
-	else
-		CXXFLAGS += -msse
-	endif
+	CXXFLAGS += -msse
 endif

README.md

@@ -99,13 +99,23 @@ Current status: [![Crowdin](https://badges.crowdin.net/i2pd/localized.svg)](http
 Donations
 ---------
 
-BTC: 3MDoGJW9TLMTCDGrR9bLgWXfm6sjmgy86f  
-LTC: LKQirrYrDeTuAPnpYq5y7LVKtywfkkHi59  
-ETH: 0x9e5bac70d20d1079ceaa111127f4fb3bccce379d  
-DASH: Xw8YUrQpYzP9tZBmbjqxS3M97Q7v3vJKUF  
-ZEC: t1cTckLuXsr1dwVrK4NDzfhehss4NvMadAJ  
-GST: GbD2JSQHBHCKLa9WTHmigJRpyFgmBj4woG  
-XMR: 497pJc7X4xqKvcLBLpSUtRgWqMMyo24u4btCos3cak6gbMkpobgSU6492ztUcUBghyeHpYeczB55s38NpuHoH5WGNSPDRMH  
+**E-Mail**: ```i2porignal at yandex.com```
+
+**BTC**: ```3MDoGJW9TLMTCDGrR9bLgWXfm6sjmgy86f```
+
+**LTC**: ```LKQirrYrDeTuAPnpYq5y7LVKtywfkkHi59```
+
+**ETH**: ```0x9e5bac70d20d1079ceaa111127f4fb3bccce379d```
+
+**GST**: ```GbD2JSQHBHCKLa9WTHmigJRpyFgmBj4woG```
+
+**DASH**: ```Xw8YUrQpYzP9tZBmbjqxS3M97Q7v3vJKUF```
+
+**ZEC**: ```t1cTckLuXsr1dwVrK4NDzfhehss4NvMadAJ```
+
+**ANC**: ```AQJYweYYUqM1nVfLqfoSMpUMfzxvS4Xd7z```
+
+**XMR**: ```497pJc7X4xqKvcLBLpSUtRgWqMMyo24u4btCos3cak6gbMkpobgSU6492ztUcUBghyeHpYeczB55s38NpuHoH5WGNSPDRMH```
 
 License
 -------

Win32/Win32App.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -145,30 +145,37 @@ namespace win32
 		s << bytes << " Bytes\n";
 	}
 
-	static void ShowNetworkStatus (std::stringstream& s, RouterStatus status)
+	static void ShowNetworkStatus (std::stringstream& s, RouterStatus status, bool testing, RouterError error)
 	{
 		switch (status)
 		{
 			case eRouterStatusOK: s << "OK"; break;
-			case eRouterStatusTesting: s << "Test"; break;
 			case eRouterStatusFirewalled: s << "FW"; break;
 			case eRouterStatusUnknown: s << "Unk"; break;
 			case eRouterStatusProxy: s << "Proxy"; break;
 			case eRouterStatusMesh: s << "Mesh"; break;
 			default: s << "Unk";
 		};
-		if (i2p::context.GetError () != eRouterErrorNone)
+		if (testing)
+			s << " (Test)";
+		if (error != eRouterErrorNone)
 		{
-			switch (i2p::context.GetError ())
+			switch (error)
 			{
 				case eRouterErrorClockSkew:
-					s << " - Clock skew";
+					s << " - " << tr("Clock skew");
 				break;
 				case eRouterErrorOffline:
-					s << " - Offline";
+					s << " - " << tr("Offline");
 				break;
 				case eRouterErrorSymmetricNAT:
-					s << " - Symmetric NAT";
+					s << " - " << tr("Symmetric NAT");
+				break;
+				case eRouterErrorFullConeNAT:
+					s << " - " << tr("Full cone NAT");
+				break;
+				case eRouterErrorNoDescriptors:
+					s << " - " << tr("No Descriptors");
 				break;
 				default: ;
 			}
@@ -179,11 +186,11 @@ namespace win32
 	{
 		s << "\n";
 		s << "Status: ";
-		ShowNetworkStatus (s, i2p::context.GetStatus ());
+		ShowNetworkStatus (s, i2p::context.GetStatus (), i2p::context.GetTesting(), i2p::context.GetError ());
 		if (i2p::context.SupportsV6 ())
 		{
 			s << " / ";
-			ShowNetworkStatus (s, i2p::context.GetStatusV6 ());
+			ShowNetworkStatus (s, i2p::context.GetStatusV6 (), i2p::context.GetTestingV6(), i2p::context.GetErrorV6 ());
 		}
 		s << "; ";
 		s << "Success Rate: " << i2p::tunnel::tunnels.GetTunnelCreationSuccessRate() << "%\n";
@@ -306,7 +313,7 @@ namespace win32
 					}
 					case ID_DATADIR:
 					{
-						std::string datadir(i2p::fs::GetUTF8DataDir());
+						std::string datadir(i2p::fs::GetDataDir());
 						ShellExecute(NULL, "explore", datadir.c_str(), NULL, NULL, SW_SHOWNORMAL);
 						return 0;
 					}
@@ -348,9 +355,7 @@ namespace win32
 						}
 					}
 				}
-#if (__cplusplus >= 201703L) // C++ 17 or higher
 				[[fallthrough]];
-#endif
 			}
 			case WM_TRAYICON:
 			{

Win32/Win32NetState.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -73,16 +73,24 @@ void UnSubscribeFromEvents()
 		}
 
 		if (pNetEvent)
+		{
 			pNetEvent->Release();
+		}
 
 		if (pCPContainer)
+		{
 			pCPContainer->Release();
+		}
 
 		if (pNetworkListManager)
+		{
 			pNetworkListManager->Release();
+		}
 
 		if (pUnknown)
+		{
 			pUnknown->Release();
+		}
 
 		CoUninitialize();
 	}

Win32/Win32NetState.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -15,10 +15,11 @@
 #include "Log.h"
 #include "Transports.h"
 
-class CNetworkListManagerEvent : public INetworkListManagerEvents
+class CNetworkListManagerEvent final : public INetworkListManagerEvents
 {
 public:
 	CNetworkListManagerEvent() : m_ref(1) { }
+	~CNetworkListManagerEvent() { }
 
 	HRESULT STDMETHODCALLTYPE QueryInterface(REFIID riid, void **ppvObject)
 	{

build/CMakeLists.txt

@@ -25,11 +25,10 @@ project(
   i2pd
   VERSION ${PROJECT_VERSION}
   HOMEPAGE_URL "https://i2pd.website/"
-  LANGUAGES CXX
+  LANGUAGES C CXX
 )
 
 # configurable options
-option(WITH_AESNI           "Use AES-NI instructions set"             ON)
 option(WITH_HARDENING       "Use hardening compiler flags"            OFF)
 option(WITH_LIBRARY         "Build library"                           ON)
 option(WITH_BINARY          "Build binary"                            ON)
@@ -121,7 +120,7 @@ if(WIN32)
   )
 
   file(GLOB WIN32_RC ${WIN32_SRC_DIR}/*.rc)
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWIN32_APP -DWIN32_LEAN_AND_MEAN")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWIN32_APP -DWIN32_LEAN_AND_MEAN -DNOMINMAX")
 
 endif()
 
@@ -139,6 +138,10 @@ if(APPLE)
   add_definitions(-DMAC_OSX)
 endif()
 
+if(HAIKU)
+  add_definitions(-D_DEFAULT_SOURCE -D_GNU_SOURCE)
+endif()
+
 if(MSVC)
   add_definitions(-DWINVER=0x0600)
   add_definitions(-D_WIN32_WINNT=0x0600)
@@ -152,20 +155,6 @@ else()
   endif()
   set(CMAKE_CXX_FLAGS_MINSIZEREL "${CMAKE_CXX_FLAGS_MINSIZEREL} -ffunction-sections -fdata-sections")
   set(CMAKE_EXE_LINKER_FLAGS_MINSIZEREL "-Wl,--gc-sections") # -flto is added from above
-
-  # check for c++17 & c++11 support
-  include(CheckCXXCompilerFlag)
-
-  CHECK_CXX_COMPILER_FLAG("-std=c++17" CXX17_SUPPORTED)
-  CHECK_CXX_COMPILER_FLAG("-std=c++11" CXX11_SUPPORTED)
-
-  if(CXX17_SUPPORTED)
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++17")
-  elseif(CXX11_SUPPORTED)
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
-  else()
-    message(SEND_ERROR "C++17 nor C++11 standard not seems to be supported by compiler. Too old version?")
-  endif()
 endif()
 
 if(CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
@@ -195,19 +184,6 @@ if(UNIX)
   endif()
 endif()
 
-# Note: AES-NI and AVX is available on x86-based CPU's.
-# Here also ARM64 implementation, but currently we don't support it.
-# MSVC is not supported.
-if(MSVC)
-  message(STATUS "AES-NI is not supported on MSVC, option was disabled")
-  set(WITH_AESNI OFF)
-endif()
-
-if(WITH_AESNI AND (ARCHITECTURE MATCHES "x86_64" OR ARCHITECTURE MATCHES "i386"))
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -maes")
-  add_definitions(-D__AES__)
-endif()
-
 if(WITH_ADDRSANITIZER)
   set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fno-omit-frame-pointer")
   set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")
@@ -222,6 +198,10 @@ if(WITH_THREADSANITIZER)
   endif()
 endif()
 
+if (CMAKE_COMPILER_IS_GNUCC AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 10.0 AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 8.0) # gcc 8-9
+    list(APPEND CMAKE_REQUIRED_LIBRARIES "stdc++fs")
+endif()
+
 # Use std::atomic instead of GCC builtins on macOS PowerPC:
 # For more information refer to: https://github.com/PurpleI2P/i2pd/issues/1726#issuecomment-1306335111
 # This has been fixed in Boost 1.81, nevertheless we retain the setting for the sake of compatibility.
@@ -276,14 +256,14 @@ else()
   if(NOT MSVC)
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC")
   endif()
-  add_definitions(-DBOOST_ATOMIC_DYN_LINK -DBOOST_SYSTEM_DYN_LINK -DBOOST_FILESYSTEM_DYN_LINK -DBOOST_PROGRAM_OPTIONS_DYN_LINK -DBOOST_DATE_TIME_DYN_LINK -DBOOST_REGEX_DYN_LINK)
+  add_definitions(-DBOOST_ATOMIC_DYN_LINK -DBOOST_SYSTEM_DYN_LINK -DBOOST_FILESYSTEM_DYN_LINK -DBOOST_PROGRAM_OPTIONS_DYN_LINK)
   if(WIN32)
     set(Boost_USE_STATIC_LIBS OFF)
     set(Boost_USE_STATIC_RUNTIME OFF)
   endif()
 endif()
 
-find_package(Boost REQUIRED COMPONENTS system filesystem program_options date_time OPTIONAL_COMPONENTS atomic)
+find_package(Boost REQUIRED COMPONENTS system filesystem program_options)
 if(NOT DEFINED Boost_FOUND)
   message(SEND_ERROR "Boost is not found, or your boost version was below 1.46. Please download Boost!")
 endif()
@@ -311,6 +291,26 @@ if(ZLIB_FOUND)
   link_directories(${ZLIB_ROOT}/lib)
 endif()
 
+# C++ standard to use, based on compiler and version of boost
+if(NOT MSVC)
+# check for c++20 & c++17 support
+  include(CheckCXXCompilerFlag)
+
+  if(Boost_VERSION VERSION_GREATER_EQUAL "1.83") # min boost version for c++20
+    CHECK_CXX_COMPILER_FLAG("-std=c++20" CXX20_SUPPORTED)
+  endif()
+  CHECK_CXX_COMPILER_FLAG("-std=c++17" CXX17_SUPPORTED)
+ 
+
+  if(CXX20_SUPPORTED)
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++20")
+  elseif(CXX17_SUPPORTED)
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++17")
+  else()
+    message(SEND_ERROR "C++20 nor C++17 standard not seems to be supported by compiler. Too old version?")
+  endif()
+endif()
+
 # load includes
 include_directories(SYSTEM ${Boost_INCLUDE_DIRS} ${OPENSSL_INCLUDE_DIR} ${ZLIB_INCLUDE_DIR})
 
@@ -321,9 +321,9 @@ message(STATUS "Compiler vendor    : ${CMAKE_CXX_COMPILER_ID}")
 message(STATUS "Compiler version   : ${CMAKE_CXX_COMPILER_VERSION}")
 message(STATUS "Compiler path      : ${CMAKE_CXX_COMPILER}")
 message(STATUS "Architecture       : ${ARCHITECTURE}")
+message(STATUS "Compiler flags     : ${CMAKE_CXX_FLAGS}")
 message(STATUS "Install prefix:    : ${CMAKE_INSTALL_PREFIX}")
 message(STATUS "Options:")
-message(STATUS "  AESNI            : ${WITH_AESNI}")
 message(STATUS "  HARDENING        : ${WITH_HARDENING}")
 message(STATUS "  LIBRARY          : ${WITH_LIBRARY}")
 message(STATUS "  BINARY           : ${WITH_BINARY}")

build/cmake_modules/CheckAtomic.cmake

@@ -8,7 +8,7 @@ INCLUDE(CheckLibraryExists)
 
 function(check_working_cxx_atomics varname)
   set(OLD_CMAKE_REQUIRED_FLAGS ${CMAKE_REQUIRED_FLAGS})
-  set(CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS} -std=c++11")
+  set(CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS} -std=c++17")
   CHECK_CXX_SOURCE_COMPILES("
 #include <atomic>
 std::atomic<int> x;
@@ -25,7 +25,7 @@ endfunction(check_working_cxx_atomics)
 
 function(check_working_cxx_atomics64 varname)
   set(OLD_CMAKE_REQUIRED_FLAGS ${CMAKE_REQUIRED_FLAGS})
-  set(CMAKE_REQUIRED_FLAGS "-std=c++11 ${CMAKE_REQUIRED_FLAGS}")
+  set(CMAKE_REQUIRED_FLAGS "-std=c++17 ${CMAKE_REQUIRED_FLAGS}")
   CHECK_CXX_SOURCE_COMPILES("
 #include <atomic>
 #include <cstdint>

build/cmake_modules/GetGitRevisionDescription.cmake

@@ -59,7 +59,7 @@ get_filename_component(_gitdescmoddir ${CMAKE_CURRENT_LIST_FILE} PATH)
 # function returns an empty string via _git_dir_var.
 #
 # Example: Given a path C:/bla/foo/bar and assuming C:/bla/.git exists and
-# neither foo nor bar contain a file/directory .git. This wil return
+# neither foo nor bar contain a file/directory .git. This will return
 # C:/bla/.git
 #
 function(_git_find_closest_git_dir _start_dir _git_dir_var)

build/win_installer.iss

@@ -24,7 +24,7 @@ ExtraDiskSpaceRequired=15
 
 AppID={{621A23E0-3CF4-4BD6-97BC-4835EA5206A2}
 AppVerName={#I2Pd_AppName}
-AppCopyright=Copyright (c) 2013-2022, The PurpleI2P Project
+AppCopyright=Copyright (c) 2013-2024, The PurpleI2P Project
 AppPublisherURL=http://i2pd.website/
 AppSupportURL=https://github.com/PurpleI2P/i2pd/issues
 AppUpdatesURL=https://github.com/PurpleI2P/i2pd/releases

contrib/apparmor/docker-i2pd

@@ -0,0 +1,42 @@
+# _________________________________________
+# /  Copy this file to the right location   \
+# | then load with:                         |
+# |                                         |
+# | apparmor_parser -r -W                   |
+# | /etc/apparmor.d/docker-i2pd             |
+# |                                         |
+# | docker run --security-opt               |
+# | "apparmor=docker-i2pd" ...              |
+# | purplei2p/i2pd                          |
+# |                                         |
+# \ And "aa-status" to verify it's loaded.  /
+#  -----------------------------------------
+#         \   ^__^
+#          \  (oo)\_______
+#             (__)\       )\/\
+#                 ||----w |
+#                 ||     ||
+
+#include <tunables/global>
+
+profile docker-i2pd flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+  #include <abstractions/openssl>
+  #include <abstractions/nameservice>
+
+  /bin/busybox ix,
+  /usr/local/bin/i2pd ix,
+  /entrypoint.sh ixr,
+
+  /i2pd_certificates/** r,
+
+  /home/i2pd/data/** rw,
+
+  /home/i2pd/data/i2pd.pid k,
+
+  deny /home/i2pd/data/i2pd.conf w,
+  deny /home/i2pd/data/tunnels.conf w,
+  deny /home/i2pd/data/tunnels.d/** w,
+  deny /home/i2pd/data/certificates/** w,
+  deny /home/i2pd/data/i2pd.log r,
+}

contrib/apparmor/usr.bin.i2pd

@@ -4,7 +4,7 @@
 #
 #include <tunables/global>
 
-profile i2pd /{usr/,}sbin/i2pd {
+profile i2pd /{usr/,}bin/i2pd {
   #include <abstractions/base>
   #include <abstractions/openssl>
   #include <abstractions/nameservice>
@@ -14,12 +14,12 @@ profile i2pd /{usr/,}sbin/i2pd {
   /var/lib/i2pd/** rw,
   /var/log/i2pd/i2pd.log w,
   /{var/,}run/i2pd/i2pd.pid rwk,
-  /{usr/,}sbin/i2pd mr,
+  /{usr/,}bin/i2pd mr,
   @{system_share_dirs}/i2pd/** r,
 
   # user homedir (if started not by init.d or systemd)
   owner @{HOME}/.i2pd/   rw,
   owner @{HOME}/.i2pd/** rwk,
 
-  #include if exists <local/usr.sbin.i2pd>
+  #include if exists <local/usr.bin.i2pd>
 }

contrib/certificates/reseed/admin_at_stormycloud.org.crt

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF1zCCA7+gAwIBAgIRAMDqFR09Xuj8ZUu+oetSvAEwDQYJKoZIhvcNAQELBQAw
+dTELMAkGA1UEBhMCWFgxCzAJBgNVBAcTAlhYMQswCQYDVQQJEwJYWDEeMBwGA1UE
+ChMVSTJQIEFub255bW91cyBOZXR3b3JrMQwwCgYDVQQLEwNJMlAxHjAcBgNVBAMM
+FWFkbWluQHN0b3JteWNsb3VkLm9yZzAeFw0yNDAxMjUxNDE1MzBaFw0zNDAxMjUx
+NDE1MzBaMHUxCzAJBgNVBAYTAlhYMQswCQYDVQQHEwJYWDELMAkGA1UECRMCWFgx
+HjAcBgNVBAoTFUkyUCBBbm9ueW1vdXMgTmV0d29yazEMMAoGA1UECxMDSTJQMR4w
+HAYDVQQDDBVhZG1pbkBzdG9ybXljbG91ZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDbGX+GikPzQXr9zvkrhfO9g0l49KHLNQhUKYqd6T+PfnGo
+Fm0d3ZZVVQZ045vWgroOXDGGZZWxUIlb2inRaR2DF1TxN3pPYt59RgY9ZQ9+TL7o
+isY91krCRygY8EcAmHIjlfZQ9dBVcL7CfyT0MYZA5Efee9+NDHSewTfQP9T2faIE
+83Fcyd93a2mIHYjKUbJnojng/wgsy8srbsEuuTok4MIQmDj+B5nz+za2FgI0/ydh
+srlMt4aGJF4/DIem9z9d0zBCOkwrmtFIzjNF1mOSA8ES4m5YnKA/y9rZlRidLPGu
+prbXhPVnqHeOnHMz2QCw1wbVo504kl0bMqyEz2tVWsO9ep7iZoQs2xkFAEaegYNT
+QLUpwVGlyuq3wXXwopFRffOSimGSazICwWI6j+K0pOtgefNJaWrqKYvtkj1SbK2L
+LBNUIENz6VnB7KPRckuX6zxC8PpOiBK9BcftfO+xAz/wC6qq3riBPw30KKSym0nC
+Zp5KciDn4Phtw9PGq8Bkl8SyWl0jtFnfTB1tzJkisf2qKcNHaFTEe2JW763YLbh/
+AU+8X8evFu40qLgvOgKoyy5DLy6i8zetX+3t9K0Fxt9+Vzzq6lm5V/RS8iIPPn+M
+q1/3Z5kD0KQBG9h/Gl8BH+lB71ZxPAOZ3SMu8DJZcxBLVmDWqQPCr5CKnoz0swID
+AQABo2IwYDAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHgYDVR0OBBcEFWFkbWluQHN0b3JteWNs
+b3VkLm9yZzANBgkqhkiG9w0BAQsFAAOCAgEARWOJ69vTHMneSXYscha+4Ytjg0RM
+faewJNEGj8qy/Qvh9si2bWYNPRK6BlbHFS7pRYBLAnhaeLBGVv1CCR6GUMMe74zQ
+UuMeAoWU6qMDmB3GfYoZJh8sIxpwHqyJeTdeccRbZ4sX4F6u3IHPXYiU/AgbYqH7
+pYXQg2lCjXZYaDFAlEf5SlYUDOhhXe5kR8Edhlrsu32/JzA1DQK0JjxKCBp+DQmA
+ltdOpQtAg03fHP4ssdj7VvjIDl28iIlATwBvHrdNm7T0tYWn6TWhvxbRqvfTxfaH
+MvxnPdIJwNP4/9TyQkwjwHb1h+ucho3CnxI/AxspdOvT1ElMhP6Ce6rcS9pk11Rl
+x0ChsqpWwDg7KYpg0qZFSKCTBp4zBq9xoMJ6BQcgMfyl736WbsCzFTEyfifp8beg
+NxUa/Qk7w7cuSPGyMIKNOmOR7FLlFbtocy8sXVsUQdqnp/edelufdNe39U9uNtY6
+yoXI9//Tc6NgOwy2Oyia0slZ5qHRkB7e4USXMRzJ3p4q9eCVKjAJs81Utp7O2U+9
+vhbhwWP8CAnNTT1E5WS6EKtfrdqF7wjkV+noPGLDGmrXi01J1fSMAjMfVO+7/LOL
+UN+G4ybKWnEhhOO27yidN8Xx6UrCS23DBlPPQAeA74dTsTExiOxf1o1EXzcQiMyO
+LAj3/Ojbi1xkWhI=
+-----END CERTIFICATE-----

contrib/certificates/reseed/hiduser0_at_mail.i2p.crt

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFgTCCA2mgAwIBAgIETWAY1DANBgkqhkiG9w0BAQ0FADBxMQswCQYDVQQGEwJY
-WDELMAkGA1UECAwCWFgxCzAJBgNVBAcMAlhYMR4wHAYDVQQKDBVJMlAgQW5vbnlt
-b3VzIE5ldHdvcmsxDDAKBgNVBAsMA0kyUDEaMBgGA1UEAwwRaGlkdXNlcjBAbWFp
-bC5pMnAwHhcNMjExMjEzMTU0MDI3WhcNMzExMjExMTU0MDI3WjBxMQswCQYDVQQG
-EwJYWDELMAkGA1UECAwCWFgxCzAJBgNVBAcMAlhYMR4wHAYDVQQKDBVJMlAgQW5v
-bnltb3VzIE5ldHdvcmsxDDAKBgNVBAsMA0kyUDEaMBgGA1UEAwwRaGlkdXNlcjBA
-bWFpbC5pMnAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXnjJ8UQ0f
-lHHpfPMiHofBPSuL4sbOJY6fOXwPhSg/h6THh9DS/ZWmJXQ3qRD0glDVtv4/Dr/9
-ldGQ5eltF9iCFXCQlMEy2HjQrBKq0nsl7RpYK12cyMaod0kkzCUk9ITLi9CmHM3Z
-gQZcmG8TWjFEpDR+idx/QkQt2pcO4vzWlDit3Vh4ivnbX5jGQHbsVjQEMQWxr+pX
-dsS+YQpjZ6RBmrooGTPO8QDOOeYLAn0lCjmffc/kzIH9E/p4/O0rOpyhVYbdxUD1
-5wkqN9l4yrtxmORG/PudnRQQ0r4TUq8vsxfGY0Euo9IbhgXF2Parel1ZhDxB1WZV
-VwWtgLIh9jGA1UMa8SYKnEfp8LWNZ3b3mUUnZb3kMrLk6jGYRWNsHmamhd4mC7AZ
-qf/8lOkEIw3bPd3YguCDRVcLui5BwIEZmqXg8uoESxfO/sW3pBrN/8M7MkTex9kN
-vjitGDDXvenK27qmNgZxbBlX72yTSfys7XTYTLnxZC8AwdAo2Wz9Z6HhGiPonf2h
-vZkc9ZxuE0jFIrsbJra4X7iyjXgi4vV4ARNg/9Ft6F4/OIbECgeDcBQqq4TlT2bZ
-EfWVrBbqXoj5vNsLigIkd+AyUNwPYEcB5IFSiiOh98pC7BH3pg0m8U5YBjxe1i+9
-EQOOG0Qtx+JigXZHu6bGE0Twy9zy+UzoKQIDAQABoyEwHzAdBgNVHQ4EFgQUGK1b
-0DkL6aLalcfBc/Uj/SF08C0wDQYJKoZIhvcNAQENBQADggIBAMpXM82bJDpH1TlH
-TvhU3Z7nfZdvEhOQfujaFUYiuNripuEKcFGn948+DvAG0FUN+uNlJoqOVs8D7InD
-gWlA9zpqw5Cl5Hij/Wns9QbXuAHJeA23fVUoaM2A6v9ifcIQ1A+rDuRQAo6/64KW
-ChTg2e99RBpfGOyqgeh7tLLe0lPPekVpKHFuXabokaKRDuBcVHcUL4tWXe3dcyqa
-Ej/PJrrS+nWL0EGZ4q80CEd2LPuDzPxNGCJt/R7ZfadENWajcgcXGceh1QBzozrB
-SL/Ya6wF9SrsB7V/r5wX0LM4ZdDaLWbtmUe5Op0h/ZMH25Sa8xAXVz+O9L6sWSoO
-FaiYTOvAiyyPz+nsxKa3xYryDHno7eKSt+hGOcaurhxbdZaEFY/CegEc73tCt9xK
-e9qF8O/WkDLmixuErw3f5en4IfzGR7p3lJAwW/8WD8C6HS39h/eE7dVZNaWgtQnZ
-SgGjgZMTJqTcQ3aZmfuCZefxGFok8w6AIkdbnd1pdMBRjYu8aXgl2hQSB9ZADDE9
-R5d3rXi0PkSFLIvsNjVa5KXrZk/tB0Hpfmepq7CufBqjP/LG9TieRoXzLYUKFF74
-QRwjP+y7AJ+VDUTpY1NV1P+k+2raubU2bOnLF3zL5DtyoyieGPhyeMMvp0fRIxdg
-bSl5VHgPXHNM8mcnndMAuzvl7jEK
------END CERTIFICATE-----

contrib/debian/README

@@ -1,2 +1,5 @@
-This forder contain systemd unit files.
-To use systemd daemon control, place files from this directory to debian folder before building package.
+This forder contain files required for building debian packages.
+
+The trunk repository is contains the packaging files for the latest stable version of Debian (if we not forgot to update them).
+
+Files in subdirectories contains fixes to make possible to build package on specific versions of Debian/Ubuntu. They are used when building the release package.

contrib/debian/bionic/compat

@@ -0,0 +1 @@
+11

contrib/debian/bionic/control

@@ -0,0 +1,18 @@
+Source: i2pd
+Section: net
+Priority: optional
+Maintainer: r4sas <r4sas@i2pmail.org>
+Build-Depends: debhelper (>= 11~), libboost-system-dev (>= 1.46), libboost-date-time-dev (>= 1.46), libboost-filesystem-dev (>= 1.46), libboost-program-options-dev (>= 1.46), libminiupnpc-dev, libssl-dev, zlib1g-dev
+Standards-Version: 4.2.0
+Homepage: http://i2pd.website/
+Vcs-Git: git://github.com/PurpleI2P/i2pd.git
+Vcs-Browser: https://github.com/PurpleI2P/i2pd
+
+Package: i2pd
+Architecture: any
+Pre-Depends: ${misc:Pre-Depends}, adduser
+Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base,
+Description: Full-featured C++ implementation of I2P client.
+ I2P (Invisible Internet Protocol) is a universal anonymous network layer. All
+ communications over I2P are anonymous and end-to-end encrypted, participants
+ don't reveal their real IP addresses.

contrib/debian/trusty/compat

@@ -0,0 +1 @@
+9

contrib/debian/trusty/control

@@ -0,0 +1,18 @@
+Source: i2pd
+Section: net
+Priority: optional
+Maintainer: r4sas <r4sas@i2pmail.org>
+Build-Depends: debhelper (>= 9), libboost-system-dev (>= 1.46), libboost-date-time-dev (>= 1.46), libboost-filesystem-dev (>= 1.46), libboost-program-options-dev (>= 1.46), libminiupnpc-dev, libssl-dev, zlib1g-dev
+Standards-Version: 3.9.8
+Homepage: http://i2pd.website/
+Vcs-Git: git://github.com/PurpleI2P/i2pd.git
+Vcs-Browser: https://github.com/PurpleI2P/i2pd
+
+Package: i2pd
+Architecture: any
+Pre-Depends: ${misc:Pre-Depends}, adduser
+Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base,
+Description: Full-featured C++ implementation of I2P client.
+ I2P (Invisible Internet Protocol) is a universal anonymous network layer. All
+ communications over I2P are anonymous and end-to-end encrypted, participants
+ don't reveal their real IP addresses.

contrib/debian/trusty/patches/01-upnp.patch

@@ -0,0 +1,17 @@
+Description: Enable UPnP usage in package
+Author: r4sas <r4sas@i2pmail.org>
+
+Reviewed-By: r4sas <r4sas@i2pmail.org>
+Last-Update: 2024-12-30
+
+--- i2pd.orig/Makefile
++++ i2pd/Makefile
+@@ -31,7 +31,7 @@ # import source files lists
+ include filelist.mk
+ 
+ USE_STATIC      := $(or $(USE_STATIC),no)
+-USE_UPNP        := $(or $(USE_UPNP),no)
++USE_UPNP        := $(or $(USE_UPNP),yes)
+ DEBUG           := $(or $(DEBUG),yes)
+ 
+ # for debugging purposes only, when commit hash needed in trunk builds in i2pd version string

contrib/debian/trusty/patches/02-service.patch

@@ -0,0 +1,19 @@
+Description: Disable LogsDirectory and LogsDirectoryMode options in service
+Author: r4sas <r4sas@i2pmail.org>
+
+Reviewed-By: r4sas <r4sas@i2pmail.org>
+Last-Update: 2024-07-19
+
+--- a/contrib/i2pd.service
++++ b/contrib/i2pd.service
+@@ -8,8 +8,8 @@ User=i2pd
+ Group=i2pd
+ RuntimeDirectory=i2pd
+ RuntimeDirectoryMode=0700
+-LogsDirectory=i2pd
+-LogsDirectoryMode=0700
++#LogsDirectory=i2pd
++#LogsDirectoryMode=0700
+ Type=forking
+ ExecStart=/usr/bin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
+ ExecReload=/bin/sh -c "kill -HUP $MAINPID"

contrib/debian/trusty/patches/series

@@ -0,0 +1,2 @@
+01-upnp.patch
+02-service.patch

contrib/debian/trusty/rules

@@ -0,0 +1,18 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE=1
+
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+
+include /usr/share/dpkg/architecture.mk
+
+ifeq ($(DEB_HOST_ARCH),i386)
+    export DEB_BUILD_OPTIONS=parallel=1
+endif
+
+export DEB_CXXFLAGS_MAINT_APPEND=-Wall -pedantic
+export DEB_LDFLAGS_MAINT_APPEND=
+
+%:
+	dh $@ --parallel
+
+override_dh_auto_install:

contrib/debian/xenial/compat

@@ -0,0 +1 @@
+9

contrib/debian/xenial/control

@@ -0,0 +1,18 @@
+Source: i2pd
+Section: net
+Priority: optional
+Maintainer: r4sas <r4sas@i2pmail.org>
+Build-Depends: debhelper (>= 9), libboost-system-dev (>= 1.46), libboost-date-time-dev (>= 1.46), libboost-filesystem-dev (>= 1.46), libboost-program-options-dev (>= 1.46), libminiupnpc-dev, libssl-dev, zlib1g-dev
+Standards-Version: 3.9.8
+Homepage: http://i2pd.website/
+Vcs-Git: git://github.com/PurpleI2P/i2pd.git
+Vcs-Browser: https://github.com/PurpleI2P/i2pd
+
+Package: i2pd
+Architecture: any
+Pre-Depends: ${misc:Pre-Depends}, adduser
+Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base,
+Description: Full-featured C++ implementation of I2P client.
+ I2P (Invisible Internet Protocol) is a universal anonymous network layer. All
+ communications over I2P are anonymous and end-to-end encrypted, participants
+ don't reveal their real IP addresses.

contrib/debian/xenial/patches/01-upnp.patch

@@ -0,0 +1,17 @@
+Description: Enable UPnP usage in package
+Author: r4sas <r4sas@i2pmail.org>
+
+Reviewed-By: r4sas <r4sas@i2pmail.org>
+Last-Update: 2024-12-30
+
+--- i2pd.orig/Makefile
++++ i2pd/Makefile
+@@ -31,7 +31,7 @@ # import source files lists
+ include filelist.mk
+ 
+ USE_STATIC      := $(or $(USE_STATIC),no)
+-USE_UPNP        := $(or $(USE_UPNP),no)
++USE_UPNP        := $(or $(USE_UPNP),yes)
+ DEBUG           := $(or $(DEBUG),yes)
+ 
+ # for debugging purposes only, when commit hash needed in trunk builds in i2pd version string

contrib/debian/xenial/patches/02-service.patch

@@ -0,0 +1,19 @@
+Description: Disable LogsDirectory and LogsDirectoryMode options in service
+Author: r4sas <r4sas@i2pmail.org>
+
+Reviewed-By: r4sas <r4sas@i2pmail.org>
+Last-Update: 2024-07-19
+
+--- a/contrib/i2pd.service
++++ b/contrib/i2pd.service
+@@ -8,8 +8,8 @@ User=i2pd
+ Group=i2pd
+ RuntimeDirectory=i2pd
+ RuntimeDirectoryMode=0700
+-LogsDirectory=i2pd
+-LogsDirectoryMode=0700
++#LogsDirectory=i2pd
++#LogsDirectoryMode=0700
+ Type=forking
+ ExecStart=/usr/bin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
+ ExecReload=/bin/sh -c "kill -HUP $MAINPID"

contrib/debian/xenial/patches/series

@@ -0,0 +1,2 @@
+01-upnp.patch
+02-service.patch

contrib/debian/xenial/rules

@@ -0,0 +1,13 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE=1
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+include /usr/share/dpkg/architecture.mk
+
+export DEB_CXXFLAGS_MAINT_APPEND  = -Wall -pedantic
+export DEB_LDFLAGS_MAINT_APPEND =
+
+%:
+	dh $@ --parallel
+
+override_dh_auto_install:

contrib/docker/docker-compose.yml

@@ -0,0 +1,13 @@
+services:
+  i2pd:
+    container_name: i2pd2
+    image: purplei2p/i2pd
+    #optional
+    entrypoint: ["./entrypoint.sh", "--loglevel error"]
+    ports:
+      - 127.0.0.1:7656:7656
+      - 127.0.0.1:7070:7070
+      - 127.0.0.1:4444:4444
+    volumes:
+      - /path/to/i2pd/data:/home/i2pd/data                 # make sure data directory and it's contents are owned by 100:65533
+      - /path/to/i2pd/i2pd_certificates:/i2pd_certificates # make sure i2pd_certificates is owned by root:root and 755 permissions on the directory

contrib/i2pd.conf

@@ -225,7 +225,7 @@ verify = true
 ## Default: "mainline" I2P Network reseeds
 # urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
 ## Reseed URLs through the Yggdrasil, separated by comma
-# yggurls = http://[324:9de3:fea4:f6ac::ace]:7070/
+# yggurls = http://[324:71e:281a:9ed3::ace]:7070/
 ## Path to local reseed data file (.su3) for manual reseeding
 # file = /path/to/i2pseeds.su3
 ## or HTTPS URL to reseed from
@@ -243,7 +243,7 @@ verify = true
 ## Default: reg.i2p at "mainline" I2P Network
 # defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
 ## Optional subscriptions URLs, separated by comma
-# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
+# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt
 
 [limits]
 ## Maximum active transit sessions (default: 5000)
@@ -277,11 +277,3 @@ verify = true
 ## Save full addresses on disk (default: true)
 # addressbook = true
 
-[cpuext]
-## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
-# aesni = true
-## Use CPU AVX instructions set when work with cryptography when available (default: true)
-# avx = true
-## Force usage of CPU instructions set, even if they not found (default: false)
-## DO NOT TOUCH that option if you really don't know what are you doing!
-# force = false

contrib/i2pd.service

@@ -11,7 +11,7 @@ RuntimeDirectoryMode=0700
 LogsDirectory=i2pd
 LogsDirectoryMode=0700
 Type=forking
-ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
+ExecStart=/usr/bin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
 ExecReload=/bin/sh -c "kill -HUP $MAINPID"
 PIDFile=/run/i2pd/i2pd.pid
 ### Uncomment, if auto restart needed

contrib/openrc/i2pd.openrc

@@ -7,7 +7,7 @@ tunconf="/etc/i2pd/tunnels.conf"
 tundir="/etc/i2pd/tunnels.conf.d"
 
 name="i2pd"
-command="/usr/sbin/i2pd"
+command="/usr/bin/i2pd"
 command_args="--service --daemon --log=file --logfile=$logfile --conf=$mainconf --tunconf=$tunconf --tunnelsdir=$tundir --pidfile=$pidfile"
 description="i2p router written in C++"
 required_dirs="/var/lib/i2pd"

contrib/rpm/i2pd-git.spec

@@ -1,7 +1,7 @@
 %define git_hash %(git rev-parse HEAD | cut -c -7)
 
 Name:          i2pd-git
-Version:       2.48.0
+Version:       2.56.0
 Release:       git%{git_hash}%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd
@@ -24,13 +24,19 @@ BuildRequires: openssl-devel
 BuildRequires: miniupnpc-devel
 BuildRequires: systemd-units
 
+%if 0%{?fedora} == 41
+BuildRequires: openssl-devel-engine
+%endif
+
 Requires:      logrotate
 Requires:      systemd
 Requires(pre): %{_sbindir}/useradd %{_sbindir}/groupadd
 
+
 %description
 C++ implementation of I2P.
 
+
 %prep
 %setup -q -n i2pd-openssl
 
@@ -38,76 +44,60 @@ C++ implementation of I2P.
 %build
 cd build
 %if 0%{?rhel} == 7
-%cmake3 \
+  %cmake3 \
     -DWITH_LIBRARY=OFF \
     -DWITH_UPNP=ON \
     -DWITH_HARDENING=ON \
     -DBUILD_SHARED_LIBS:BOOL=OFF
 %else
-%cmake \
+  %cmake \
     -DWITH_LIBRARY=OFF \
     -DWITH_UPNP=ON \
     -DWITH_HARDENING=ON \
-%if 0%{?fedora} > 29
+  %if 0%{?fedora} > 29
     -DBUILD_SHARED_LIBS:BOOL=OFF \
     .
-%else
+  %else
     -DBUILD_SHARED_LIBS:BOOL=OFF
-%endif
+  %endif
 %endif
 
-
-%if 0%{?rhel} == 9
-pushd redhat-linux-build
-%endif
-
-%if 0%{?fedora} >= 35
-pushd redhat-linux-build
+%if 0%{?rhel} == 9 || 0%{?fedora} >= 35 || 0%{?eln}
+  pushd redhat-linux-build
 %else
-%if 0%{?fedora} >= 33
-pushd %{_target_platform}
-%endif
-%endif
+  %if 0%{?fedora} >= 33
+    pushd %{_target_platform}
+  %endif
 
-%if 0%{?mageia} > 7
-pushd build
+  %if 0%{?mageia} > 7
+    pushd build
+  %endif
 %endif
 
 make %{?_smp_mflags}
 
-%if 0%{?rhel} == 9
-popd
+%if 0%{?rhel} == 9 || 0%{?fedora} >= 33 || 0%{?mageia} > 7
+  popd
 %endif
 
-%if 0%{?fedora} >= 33
-popd
-%endif
-
-%if 0%{?mageia} > 7
-popd
-%endif
 
 %install
 pushd build
 
-%if 0%{?rhel} == 9
-pushd redhat-linux-build
-%endif
-
-%if 0%{?fedora} >= 35
-pushd redhat-linux-build
+%if 0%{?rhel} == 9 || 0%{?fedora} >= 35 || 0%{?eln}
+  pushd redhat-linux-build
 %else
-%if 0%{?fedora} >= 33
-pushd %{_target_platform}
-%endif
-%endif
+  %if 0%{?fedora} >= 33
+    pushd %{_target_platform}
+  %endif
 
-%if 0%{?mageia}
-pushd build
+  %if 0%{?mageia}
+    pushd build
+  %endif
 %endif
 
 chrpath -d i2pd
-%{__install} -D -m 755 i2pd %{buildroot}%{_sbindir}/i2pd
+%{__install} -D -m 755 i2pd %{buildroot}%{_bindir}/i2pd
 %{__install} -d -m 755 %{buildroot}%{_datadir}/i2pd
 %{__install} -d -m 700 %{buildroot}%{_sharedstatedir}/i2pd
 %{__install} -d -m 700 %{buildroot}%{_localstatedir}/log/i2pd
@@ -143,7 +133,7 @@ getent passwd i2pd >/dev/null || \
 
 %files
 %doc LICENSE README.md contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf contrib/tunnels.d
-%{_sbindir}/i2pd
+%{_bindir}/i2pd
 %config(noreplace) %{_sysconfdir}/i2pd/*.conf
 %config(noreplace) %{_sysconfdir}/i2pd/tunnels.conf.d/*.conf
 %config %{_sysconfdir}/i2pd/subscriptions.txt
@@ -158,6 +148,39 @@ getent passwd i2pd >/dev/null || \
 
 
 %changelog
+* Tue Feb 11 2025 orignal <orignal@i2pmail.org> - 2.56.0
+- update to 2.56.0
+
+* Mon Dec 30 2024 orignal <orignal@i2pmail.org> - 2.55.0
+- update to 2.55.0
+
+* Sun Oct 6 2024 orignal <orignal@i2pmail.org> - 2.54.0
+- update to 2.54.0
+
+* Tue Jul 30 2024 orignal <orignal@i2pmail.org> - 2.53.1
+- update to 2.53.1
+
+* Fri Jul 19 2024 orignal <orignal@i2pmail.org> - 2.53.0
+- update to 2.53.0
+
+* Sun May 12 2024 orignal <orignal@i2pmail.org> - 2.52.0
+- update to 2.52.0
+
+* Sat Apr 06 2024 orignal <orignal@i2pmail.org> - 2.51.0
+- update to 2.51.0
+
+* Sat Jan 06 2024 orignal <orignal@i2pmail.org> - 2.50.2
+- update to 2.50.2
+
+* Sat Dec 23 2023 r4sas <r4sas@i2pmail.org> - 2.50.1
+- update to 2.50.1
+
+* Mon Dec 18 2023 orignal <orignal@i2pmail.org> - 2.50.0
+- update to 2.50.0
+
+* Mon Sep 18 2023 orignal <orignal@i2pmail.org> - 2.49.0
+- update to 2.49.0
+
 * Mon Jun 12 2023 orignal <orignal@i2pmail.org> - 2.48.0
 - update to 2.48.0
 

contrib/rpm/i2pd.spec

@@ -1,5 +1,5 @@
 Name:          i2pd
-Version:       2.48.0
+Version:       2.56.0
 Release:       1%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd-git
@@ -22,13 +22,19 @@ BuildRequires: openssl-devel
 BuildRequires: miniupnpc-devel
 BuildRequires: systemd-units
 
+%if 0%{?fedora} == 41
+BuildRequires: openssl-devel-engine
+%endif
+
 Requires:      logrotate
 Requires:      systemd
 Requires(pre): %{_sbindir}/useradd %{_sbindir}/groupadd
 
+
 %description
 C++ implementation of I2P.
 
+
 %prep
 %setup -q
 
@@ -36,75 +42,60 @@ C++ implementation of I2P.
 %build
 cd build
 %if 0%{?rhel} == 7
-%cmake3 \
+  %cmake3 \
     -DWITH_LIBRARY=OFF \
     -DWITH_UPNP=ON \
     -DWITH_HARDENING=ON \
     -DBUILD_SHARED_LIBS:BOOL=OFF
 %else
-%cmake \
+  %cmake \
     -DWITH_LIBRARY=OFF \
     -DWITH_UPNP=ON \
     -DWITH_HARDENING=ON \
-%if 0%{?fedora} > 29
+  %if 0%{?fedora} > 29
     -DBUILD_SHARED_LIBS:BOOL=OFF \
     .
-%else
+  %else
     -DBUILD_SHARED_LIBS:BOOL=OFF
-%endif
+  %endif
 %endif
 
-%if 0%{?rhel} == 9
-pushd redhat-linux-build
-%endif
-
-%if 0%{?fedora} >= 35
-pushd redhat-linux-build
+%if 0%{?rhel} == 9 || 0%{?fedora} >= 35 || 0%{?eln}
+  pushd redhat-linux-build
 %else
-%if 0%{?fedora} >= 33
-pushd %{_target_platform}
-%endif
-%endif
+  %if 0%{?fedora} >= 33
+    pushd %{_target_platform}
+  %endif
 
-%if 0%{?mageia} > 7
-pushd build
+  %if 0%{?mageia} > 7
+    pushd build
+  %endif
 %endif
 
 make %{?_smp_mflags}
 
-%if 0%{?rhel} == 9
-popd
+%if 0%{?rhel} == 9 || 0%{?fedora} >= 33 || 0%{?mageia} > 7
+  popd
 %endif
 
-%if 0%{?fedora} >= 33
-popd
-%endif
-
-%if 0%{?mageia} > 7
-popd
-%endif
 
 %install
 pushd build
 
-%if 0%{?rhel} == 9
-pushd redhat-linux-build
-%endif
-
-%if 0%{?fedora} >= 35
-pushd redhat-linux-build
+%if 0%{?rhel} == 9 || 0%{?fedora} >= 35 || 0%{?eln}
+  pushd redhat-linux-build
 %else
-%if 0%{?fedora} >= 33
-pushd %{_target_platform}
-%endif
-%endif
+  %if 0%{?fedora} >= 33
+    pushd %{_target_platform}
+  %endif
 
-%if 0%{?mageia}
-pushd build
+  %if 0%{?mageia}
+    pushd build
+  %endif
 %endif
 
 chrpath -d i2pd
-%{__install} -D -m 755 i2pd %{buildroot}%{_sbindir}/i2pd
+%{__install} -D -m 755 i2pd %{buildroot}%{_bindir}/i2pd
 %{__install} -d -m 755 %{buildroot}%{_datadir}/i2pd
 %{__install} -d -m 700 %{buildroot}%{_sharedstatedir}/i2pd
 %{__install} -d -m 700 %{buildroot}%{_localstatedir}/log/i2pd
@@ -140,7 +131,7 @@ getent passwd i2pd >/dev/null || \
 
 %files
 %doc LICENSE README.md contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf contrib/tunnels.d
-%{_sbindir}/i2pd
+%{_bindir}/i2pd
 %config(noreplace) %{_sysconfdir}/i2pd/*.conf
 %config(noreplace) %{_sysconfdir}/i2pd/tunnels.conf.d/*.conf
 %config %{_sysconfdir}/i2pd/subscriptions.txt
@@ -155,6 +146,39 @@ getent passwd i2pd >/dev/null || \
 
 
 %changelog
+* Tue Feb 11 2025 orignal <orignal@i2pmail.org> - 2.56.0
+- update to 2.56.0
+
+* Mon Dec 30 2024 orignal <orignal@i2pmail.org> - 2.55.0
+- update to 2.55.0
+
+* Sun Oct 6 2024 orignal <orignal@i2pmail.org> - 2.54.0
+- update to 2.54.0
+
+* Tue Jul 30 2024 orignal <orignal@i2pmail.org> - 2.53.1
+- update to 2.53.1
+
+* Fri Jul 19 2024 orignal <orignal@i2pmail.org> - 2.53.0
+- update to 2.53.0
+
+* Sun May 12 2024 orignal <orignal@i2pmail.org> - 2.52.0
+- update to 2.52.0
+
+* Sat Apr 06 2024 orignal <orignal@i2pmail.org> - 2.51.0
+- update to 2.51.0
+
+* Sat Jan 06 2024 orignal <orignal@i2pmail.org> - 2.50.2
+- update to 2.50.2
+
+* Sat Dec 23 2023 r4sas <r4sas@i2pmail.org> - 2.50.1
+- update to 2.50.1
+
+* Mon Dec 18 2023 orignal <orignal@i2pmail.org> - 2.50.0
+- update to 2.50.0
+
+* Mon Sep 18 2023 orignal <orignal@i2pmail.org> - 2.49.0
+- update to 2.49.0
+
 * Mon Jun 12 2023 orignal <orignal@i2pmail.org> - 2.48.0
 - update to 2.48.0
 

contrib/tunnels.conf

@@ -5,6 +5,7 @@ port = 6668
 destination = irc.ilita.i2p
 destinationport = 6667
 keys = irc-keys.dat
+i2p.streaming.profile=2
 
 #[IRC-IRC2P]
 #type = client

contrib/upstart/i2pd.upstart

@@ -8,4 +8,4 @@ env LOGFILE="/var/log/i2pd/i2pd.log"
 
 expect fork
 
-exec /usr/sbin/i2pd --daemon --service --log=file --logfile=$LOGFILE
+exec /usr/bin/i2pd --daemon --service --log=file --logfile=$LOGFILE

daemon/Daemon.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -149,18 +149,19 @@ namespace util
 		LogPrint(eLogDebug, "FS: Certificates directory: ", certsdir);
 
 		bool precomputation; i2p::config::GetOption("precomputation.elgamal", precomputation);
-		bool aesni; i2p::config::GetOption("cpuext.aesni", aesni);
-		bool avx; i2p::config::GetOption("cpuext.avx", avx);
-		bool forceCpuExt; i2p::config::GetOption("cpuext.force", forceCpuExt);
 		bool ssu; i2p::config::GetOption("ssu", ssu);
 		if (!ssu && i2p::config::IsDefault ("precomputation.elgamal"))
 			precomputation = false; // we don't elgamal table if no ssu, unless it's specified explicitly
-		i2p::crypto::InitCrypto (precomputation, aesni, avx, forceCpuExt);
+		i2p::crypto::InitCrypto (precomputation);
 
 		i2p::transport::InitAddressFromIface (); // get address4/6 from interfaces
 
 		int netID; i2p::config::GetOption("netid", netID);
 		i2p::context.SetNetID (netID);
+
+		bool checkReserved; i2p::config::GetOption("reservedrange", checkReserved);
+		i2p::transport::transports.SetCheckReserved(checkReserved);
+
 		i2p::context.Init ();
 
 		i2p::transport::InitTransports ();
@@ -176,7 +177,7 @@ namespace util
 
 		bool transit; i2p::config::GetOption("notransit", transit);
 		i2p::context.SetAcceptsTunnels (!transit);
-		uint16_t transitTunnels; i2p::config::GetOption("limits.transittunnels", transitTunnels);
+		uint32_t transitTunnels; i2p::config::GetOption("limits.transittunnels", transitTunnels);
 		if (isFloodfill && i2p::config::IsDefault ("limits.transittunnels"))
 			transitTunnels *= 2; // double default number of transit tunnels for floodfill
 		i2p::tunnel::tunnels.SetMaxNumTransitTunnels (transitTunnels);
@@ -185,7 +186,7 @@ namespace util
 		std::string bandwidth; i2p::config::GetOption("bandwidth", bandwidth);
 		if (bandwidth.length () > 0)
 		{
-			if (bandwidth[0] >= 'K' && bandwidth[0] <= 'X')
+			if (bandwidth.length () == 1 && ((bandwidth[0] >= 'K' && bandwidth[0] <= 'P') || bandwidth[0] == 'X' ))
 			{
 				i2p::context.SetBandwidth (bandwidth[0]);
 				LogPrint(eLogInfo, "Daemon: Bandwidth set to ", i2p::context.GetBandwidthLimit (), "KBps");
@@ -299,12 +300,10 @@ namespace util
 
 		bool ntcp2; i2p::config::GetOption("ntcp2.enabled", ntcp2);
 		bool ssu2; i2p::config::GetOption("ssu2.enabled", ssu2);
-		bool checkInReserved; i2p::config::GetOption("reservedrange", checkInReserved);
 		LogPrint(eLogInfo, "Daemon: Starting Transports");
 		if(!ssu2) LogPrint(eLogInfo, "Daemon: SSU2 disabled");
 		if(!ntcp2) LogPrint(eLogInfo, "Daemon: NTCP2 disabled");
 
-		i2p::transport::transports.SetCheckReserved(checkInReserved);
 		i2p::transport::transports.Start(ntcp2, ssu2);
 		if (i2p::transport::transports.IsBoundSSU2() || i2p::transport::transports.IsBoundNTCP2())
 			LogPrint(eLogInfo, "Daemon: Transports started");

daemon/HTTPServer.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -133,23 +133,19 @@ namespace http {
 	static void ShowTunnelDetails (std::stringstream& s, enum i2p::tunnel::TunnelState eState, bool explr, int bytes)
 	{
 		std::string state, stateText;
-		switch (eState) {
+		switch (eState) 
+		{
 			case i2p::tunnel::eTunnelStateBuildReplyReceived :
 			case i2p::tunnel::eTunnelStatePending     : state = "building";    break;
-			case i2p::tunnel::eTunnelStateBuildFailed :
-			case i2p::tunnel::eTunnelStateTestFailed  :
+			case i2p::tunnel::eTunnelStateBuildFailed : state = "failed"; stateText = "declined"; break;
+			case i2p::tunnel::eTunnelStateTestFailed  : state = "failed"; stateText = "test failed";  break;
 			case i2p::tunnel::eTunnelStateFailed      : state = "failed";      break;
 			case i2p::tunnel::eTunnelStateExpiring    : state = "expiring";    break;
 			case i2p::tunnel::eTunnelStateEstablished : state = "established"; break;
 			default: state = "unknown"; break;
 		}
-
-		if      (state == "building")    stateText = tr("building");
-		else if (state == "failed")      stateText = tr("failed");
-		else if (state == "expiring")    stateText = tr("expiring");
-		else if (state == "established") stateText = tr("established");
-		else stateText = tr("unknown");
-
+		if (stateText.empty ()) stateText = tr(state);
+		
 		s << "<span class=\"tunnel " << state << "\"> " << stateText << ((explr) ? " (" + tr("exploratory") + ")" : "") << "</span>, ";
 		ShowTraffic(s, bytes);
 		s << "\r\n";
@@ -222,18 +218,19 @@ namespace http {
 		s << "<b>" << tr("ERROR") << ":</b>&nbsp;" << string << "<br>\r\n";
 	}
 
-	static void ShowNetworkStatus (std::stringstream& s, RouterStatus status, RouterError error)
+	static void ShowNetworkStatus (std::stringstream& s, RouterStatus status, bool testing, RouterError error)
 	{
 		switch (status)
 		{
 			case eRouterStatusOK: s << tr("OK"); break;
-			case eRouterStatusTesting: s << tr("Testing"); break;
 			case eRouterStatusFirewalled: s << tr("Firewalled"); break;
 			case eRouterStatusUnknown: s << tr("Unknown"); break;
 			case eRouterStatusProxy: s << tr("Proxy"); break;
 			case eRouterStatusMesh: s << tr("Mesh"); break;
 			default: s << tr("Unknown");
 		}
+		if (testing)
+			s << " (" << tr("Testing") << ")";
 		if (error != eRouterErrorNone)
 		{
 			switch (error)
@@ -264,12 +261,12 @@ namespace http {
 		ShowUptime(s, i2p::context.GetUptime ());
 		s << "<br>\r\n";
 		s << "<b>" << tr("Network status") << ":</b> ";
-		ShowNetworkStatus (s, i2p::context.GetStatus (), i2p::context.GetError ());
+		ShowNetworkStatus (s, i2p::context.GetStatus (), i2p::context.GetTesting(), i2p::context.GetError ());
 		s << "<br>\r\n";
 		if (i2p::context.SupportsV6 ())
 		{
 			s << "<b>" << tr("Network status v6") << ":</b> ";
-			ShowNetworkStatus (s, i2p::context.GetStatusV6 (), i2p::context.GetErrorV6 ());
+			ShowNetworkStatus (s, i2p::context.GetStatusV6 (), i2p::context.GetTestingV6(), i2p::context.GetErrorV6 ());
 			s << "<br>\r\n";
 		}
 #if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID)) || defined(ANDROID_BINARY))
@@ -420,6 +417,15 @@ namespace http {
 		}
 	}
 
+	static void ShowHop(std::stringstream& s, const i2p::data::IdentityEx& ident)
+	{
+		auto identHash = ident.GetIdentHash();
+		auto router = i2p::data::netdb.FindRouter(identHash);
+		s << i2p::data::GetIdentHashAbbreviation(identHash);
+		if (router)
+			s << "<small style=\"color:gray\"> " << router->GetBandwidthCap() << "</small>";
+	}
+
 	static void ShowLeaseSetDestination (std::stringstream& s, std::shared_ptr<const i2p::client::LeaseSetDestination> dest, uint32_t token)
 	{
 		s << "<b>Base32:</b><br>\r\n<textarea readonly cols=\"80\" rows=\"1\">";
@@ -485,7 +491,9 @@ namespace http {
 					it->VisitTunnelHops(
 						[&s](std::shared_ptr<const i2p::data::IdentityEx> hopIdent)
 						{
-							s << "&#8658; " << i2p::data::GetIdentHashAbbreviation (hopIdent->GetIdentHash ()) << " ";
+							s << "&#8658; ";
+							ShowHop(s, *hopIdent);
+							s << " ";
 						}
 					);
 				}
@@ -506,7 +514,9 @@ namespace http {
 					it->VisitTunnelHops(
 						[&s](std::shared_ptr<const i2p::data::IdentityEx> hopIdent)
 						{
-							s << " " << i2p::data::GetIdentHashAbbreviation (hopIdent->GetIdentHash ()) << " &#8658;";
+							s << " ";
+							ShowHop(s, *hopIdent);
+							s << " &#8658;";
 						}
 					);
 				}
@@ -691,6 +701,7 @@ namespace http {
 	{
 		s << "<b>" << tr("Tunnels") << ":</b><br>\r\n";
 		s << "<b>" << tr("Queue size") << ":</b> " << i2p::tunnel::tunnels.GetQueueSize () << "<br>\r\n<br>\r\n";
+		s << "<b>" << tr("TBM Queue size") << ":</b> " << i2p::tunnel::tunnels.GetTBMQueueSize () << "<br>\r\n<br>\r\n";
 
 		auto ExplPool = i2p::tunnel::tunnels.GetExploratoryPool ();
 
@@ -702,7 +713,9 @@ namespace http {
 				it->VisitTunnelHops(
 					[&s](std::shared_ptr<const i2p::data::IdentityEx> hopIdent)
 					{
-						s << "&#8658; " << i2p::data::GetIdentHashAbbreviation (hopIdent->GetIdentHash ()) << " ";
+						s << "&#8658; ";
+						ShowHop(s, *hopIdent);
+						s << " ";
 					}
 				);
 			}
@@ -723,7 +736,9 @@ namespace http {
 				it->VisitTunnelHops(
 					[&s](std::shared_ptr<const i2p::data::IdentityEx> hopIdent)
 					{
-						s << " " << i2p::data::GetIdentHashAbbreviation (hopIdent->GetIdentHash ()) << " &#8658;";
+						s << " ";
+						ShowHop(s, *hopIdent);
+						s << " &#8658;";
 					}
 				);
 			}
@@ -775,7 +790,7 @@ namespace http {
 		s << "  <a class=\"button" << (loglevel == eLogInfo     ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=info&token=" << token << "\"> info </a> \r\n";
 		s << "  <a class=\"button" << (loglevel == eLogDebug    ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=debug&token=" << token << "\"> debug </a><br>\r\n<br>\r\n";
 
-		uint16_t maxTunnels = i2p::tunnel::tunnels.GetMaxNumTransitTunnels ();
+		uint32_t maxTunnels = i2p::tunnel::tunnels.GetMaxNumTransitTunnels ();
 		s << "<b>" << tr("Transit tunnels limit") << "</b><br>\r\n";
 		s << "<form method=\"get\" action=\"" << webroot << "\">\r\n";
 		s << "  <input type=\"hidden\" name=\"cmd\" value=\"" << HTTP_COMMAND_LIMITTRANSIT << "\">\r\n";
@@ -811,7 +826,7 @@ namespace http {
 		if (i2p::tunnel::tunnels.CountTransitTunnels())
 		{
 			s << "<b>" << tr("Transit Tunnels") << ":</b><br>\r\n";
-			s << "<table><thead><th>&#8658;</th><th>ID</th><th>&#8658;</th><th>" << tr("Amount") << "</th></thead><tbody class=\"tableitem\">";
+			s << "<table><thead><th>&#8658;</th><th>ID</th><th>&#8658;</th><th>" << tr("Amount") << "</th><th>" << tr("Next") << "</th></thead><tbody class=\"tableitem\">";
 			for (const auto& it: i2p::tunnel::tunnels.GetTransitTunnels ())
 			{
 				if (std::dynamic_pointer_cast<i2p::tunnel::TransitTunnelGateway>(it))
@@ -821,7 +836,7 @@ namespace http {
 				else
 					s << "<tr><td>&#8658;</td><td>" << it->GetTunnelID () << "</td><td>&#8658;</td><td>";
 				ShowTraffic(s, it->GetNumTransmittedBytes ());
-				s << "</td></tr>\r\n";
+				s << "</td><td>" << it->GetNextPeerName () << "</td></tr>\r\n";
 			}
 			s << "</tbody></table>\r\n";
 		}
@@ -1466,13 +1481,13 @@ namespace http {
 		reply.body = content;
 
 		m_SendBuffer = reply.to_string();
-		boost::asio::async_write (*m_Socket, boost::asio::buffer(m_SendBuffer),
+		boost::asio::async_write (*m_Socket, boost::asio::buffer(m_SendBuffer), boost::asio::transfer_all (), 
 			std::bind (&HTTPConnection::Terminate, shared_from_this (), std::placeholders::_1));
 	}
 
 	HTTPServer::HTTPServer (const std::string& address, int port):
-		m_IsRunning (false), m_Thread (nullptr), m_Work (m_Service),
-		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint (boost::asio::ip::address::from_string(address), port)),
+		m_IsRunning (false), m_Thread (nullptr), m_Work (m_Service.get_executor ()),
+		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint (boost::asio::ip::make_address(address), port)),
 		m_Hostname(address)
 	{
 	}

daemon/HTTPServer.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -25,7 +25,7 @@ namespace http
 	const size_t HTTP_CONNECTION_BUFFER_SIZE = 8192;
 	const int TOKEN_EXPIRATION_TIMEOUT = 30; // in seconds
 	const int COMMAND_REDIRECT_TIMEOUT = 5; // in seconds
-	const int TRANSIT_TUNNELS_LIMIT = 65535;
+	const int TRANSIT_TUNNELS_LIMIT = 1000000;
 
 	class HTTPConnection: public std::enable_shared_from_this<HTTPConnection>
 	{
@@ -83,8 +83,8 @@ namespace http
 
 			bool m_IsRunning;
 			std::unique_ptr<std::thread> m_Thread;
-			boost::asio::io_service m_Service;
-			boost::asio::io_service::work m_Work;
+			boost::asio::io_context m_Service;
+			boost::asio::executor_work_guard<boost::asio::io_context::executor_type> m_Work;
 			boost::asio::ip::tcp::acceptor m_Acceptor;
 			std::string m_Hostname;
 	};

daemon/I2PControl.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -8,14 +8,12 @@
 
 #include <stdio.h>
 #include <sstream>
+#include <iomanip>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 
 // Use global placeholders from boost introduced when local_time.hpp is loaded
 #define BOOST_BIND_GLOBAL_PLACEHOLDERS
-
-#include <boost/date_time/local_time/local_time.hpp>
-#include <boost/date_time/posix_time/posix_time.hpp>
 #include <boost/property_tree/json_parser.hpp>
 #include <boost/lexical_cast.hpp>
 
@@ -33,7 +31,7 @@ namespace client
 {
 	I2PControlService::I2PControlService (const std::string& address, int port):
 		m_IsRunning (false), m_Thread (nullptr),
-		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint(boost::asio::ip::address::from_string(address), port)),
+		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint(boost::asio::ip::make_address(address), port)),
 		m_SSLContext (boost::asio::ssl::context::sslv23),
 		m_ShutdownTimer (m_Service)
 	{
@@ -47,15 +45,29 @@ namespace client
 			i2pcp_crt = i2p::fs::DataDirPath(i2pcp_crt);
 		if (i2pcp_key.at(0) != '/')
 			i2pcp_key = i2p::fs::DataDirPath(i2pcp_key);
-		if (!i2p::fs::Exists (i2pcp_crt) || !i2p::fs::Exists (i2pcp_key)) {
+		if (!i2p::fs::Exists (i2pcp_crt) || !i2p::fs::Exists (i2pcp_key)) 
+		{
 			LogPrint (eLogInfo, "I2PControl: Creating new certificate for control connection");
 			CreateCertificate (i2pcp_crt.c_str(), i2pcp_key.c_str());
-		} else {
+		} 
+		else 
 			LogPrint(eLogDebug, "I2PControl: Using cert from ", i2pcp_crt);
-		}
 		m_SSLContext.set_options (boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | boost::asio::ssl::context::single_dh_use);
-		m_SSLContext.use_certificate_file (i2pcp_crt, boost::asio::ssl::context::pem);
-		m_SSLContext.use_private_key_file (i2pcp_key, boost::asio::ssl::context::pem);
+		boost::system::error_code ec;
+		m_SSLContext.use_certificate_file (i2pcp_crt, boost::asio::ssl::context::pem, ec);
+		if (!ec)		
+			m_SSLContext.use_private_key_file (i2pcp_key, boost::asio::ssl::context::pem, ec);
+		if (ec)
+		{
+			LogPrint (eLogInfo, "I2PControl: Failed to load ceritifcate: ", ec.message (), ". Recreating");
+			CreateCertificate (i2pcp_crt.c_str(), i2pcp_key.c_str());
+			m_SSLContext.use_certificate_file (i2pcp_crt, boost::asio::ssl::context::pem, ec);
+			if (!ec)		
+				m_SSLContext.use_private_key_file (i2pcp_key, boost::asio::ssl::context::pem, ec);
+			if (ec) 
+				// give up
+				LogPrint (eLogError, "I2PControl: Can't load certificates");
+		}	
 
 		// handlers
 		m_MethodHandlers["Authenticate"]       = &I2PControlService::AuthenticateHandler;
@@ -258,9 +270,9 @@ namespace client
 			header << "Content-Length: " << boost::lexical_cast<std::string>(len) << "\r\n";
 			header << "Content-Type: application/json\r\n";
 			header << "Date: ";
-			auto facet = new boost::local_time::local_time_facet ("%a, %d %b %Y %H:%M:%S GMT");
-			header.imbue(std::locale (header.getloc(), facet));
-			header << boost::posix_time::second_clock::local_time() << "\r\n";
+			std::time_t t = std::time (nullptr);
+    		std::tm tm = *std::gmtime (&t);
+			header << std::put_time(&tm, "%a, %d %b %Y %T GMT") << "\r\n";
 			header << "\r\n";
 			offset = header.str ().size ();
 			memcpy (buf->data (), header.str ().c_str (), offset);
@@ -338,10 +350,11 @@ namespace client
 	{
 		for (auto it = params.begin (); it != params.end (); it++)
 		{
-			if (it != params.begin ()) results << ",";
 			LogPrint (eLogDebug, "I2PControl: RouterManager request: ", it->first);
 			auto it1 = m_RouterManagerHandlers.find (it->first);
-			if (it1 != m_RouterManagerHandlers.end ()) {
+			if (it1 != m_RouterManagerHandlers.end ()) 
+			{
+				if (it != params.begin ()) results << ",";
 				(this->*(it1->second))(results);
 			} else
 				LogPrint (eLogError, "I2PControl: RouterManager unknown request: ", it->first);
@@ -404,7 +417,7 @@ namespace client
 			X509_NAME_add_entry_by_txt (name, "O",  MBSTRING_ASC, (unsigned char *)I2P_CONTROL_CERTIFICATE_ORGANIZATION, -1, -1, 0); // organization
 			X509_NAME_add_entry_by_txt (name, "CN", MBSTRING_ASC, (unsigned char *)I2P_CONTROL_CERTIFICATE_COMMON_NAME, -1, -1, 0); // common name
 			X509_set_issuer_name (x509, name); // set issuer to ourselves
-			X509_sign (x509, pkey, EVP_sha1 ()); // sign
+			X509_sign (x509, pkey, EVP_sha1 ()); // sign, last param must be NULL for EdDSA
 
 			// save cert
 			if ((f = fopen (crt_path, "wb")) != NULL) {

daemon/I2PControl.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -88,7 +88,7 @@ namespace client
 			bool m_IsRunning;
 			std::thread * m_Thread;
 
-			boost::asio::io_service m_Service;
+			boost::asio::io_context m_Service;
 			boost::asio::ip::tcp::acceptor m_Acceptor;
 			boost::asio::ssl::context m_SSLContext;
 			boost::asio::deadline_timer m_ShutdownTimer;

daemon/UPnP.cpp

@@ -1,10 +1,15 @@
+/*
+* Copyright (c) 2013-2024, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
 #ifdef USE_UPNP
 #include <string>
 #include <thread>
 
-#include <boost/thread/thread.hpp>
-#include <boost/asio.hpp>
-
 #include "Log.h"
 
 #include "RouterContext.h"
@@ -47,7 +52,7 @@ namespace transport
 	{
 		m_IsRunning = true;
 		LogPrint(eLogInfo, "UPnP: Starting");
-		m_Service.post (std::bind (&UPnP::Discover, this));
+		boost::asio::post (m_Service, std::bind (&UPnP::Discover, this));
 		std::unique_lock<std::mutex> l(m_StartedMutex);
 		m_Thread.reset (new std::thread (std::bind (&UPnP::Run, this)));
 		m_Started.wait_for (l, std::chrono::seconds (5)); // 5 seconds maximum
@@ -110,10 +115,16 @@ namespace transport
 			return;
 		}
 
+#if (MINIUPNPC_API_VERSION >= 18)
+		err = UPNP_GetValidIGD (m_Devlist, &m_upnpUrls, &m_upnpData, m_NetworkAddr, sizeof (m_NetworkAddr),
+					m_externalIPAddress, sizeof (m_externalIPAddress));
+#else
 		err = UPNP_GetValidIGD (m_Devlist, &m_upnpUrls, &m_upnpData, m_NetworkAddr, sizeof (m_NetworkAddr));
+#endif
 		m_upnpUrlsInitialized=err!=0;
 		if (err == UPNP_IGD_VALID_CONNECTED)
 		{
+#if (MINIUPNPC_API_VERSION < 18)
 			err = UPNP_GetExternalIPAddress (m_upnpUrls.controlURL, m_upnpData.first.servicetype, m_externalIPAddress);
 			if(err != UPNPCOMMAND_SUCCESS)
 			{
@@ -121,6 +132,7 @@ namespace transport
 				return;
 			}
 			else
+#endif
 			{
 				LogPrint (eLogError, "UPnP: Found Internet Gateway Device ", m_upnpUrls.controlURL);
 				if (!m_externalIPAddress[0])
@@ -138,7 +150,7 @@ namespace transport
 
 		// UPnP discovered
 		LogPrint (eLogDebug, "UPnP: ExternalIPAddress is ", m_externalIPAddress);
-		i2p::context.UpdateAddress (boost::asio::ip::address::from_string (m_externalIPAddress));
+		i2p::context.UpdateAddress (boost::asio::ip::make_address (m_externalIPAddress));
 		// port mapping
 		PortMapping ();
 	}
@@ -166,11 +178,11 @@ namespace transport
 			if (address && !address->host.is_v6 () && address->port)
 				TryPortMapping (address);
 		}
-		m_Timer.expires_from_now (boost::posix_time::minutes(20)); // every 20 minutes
+		m_Timer.expires_from_now (boost::posix_time::minutes(UPNP_PORT_FORWARDING_INTERVAL)); // every 20 minutes
 		m_Timer.async_wait ([this](const boost::system::error_code& ecode)
 		{
 			if (ecode != boost::asio::error::operation_aborted)
-			PortMapping ();
+				PortMapping ();
 		});
 	}
 

daemon/UPnP.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -28,7 +28,8 @@ namespace i2p
 namespace transport
 {
 	const int UPNP_RESPONSE_TIMEOUT = 2000; // in milliseconds
-
+	const int UPNP_PORT_FORWARDING_INTERVAL = 20; // in minutes
+	
 	enum
 	{
 		UPNP_IGD_NONE = 0,
@@ -66,7 +67,7 @@ namespace transport
 			std::unique_ptr<std::thread> m_Thread;
 			std::condition_variable m_Started;
 			std::mutex m_StartedMutex;
-			boost::asio::io_service m_Service;
+			boost::asio::io_context m_Service;
 			boost::asio::deadline_timer m_Timer;
 			bool m_upnpUrlsInitialized = false;
 			struct UPNPUrls m_upnpUrls;

daemon/UnixDaemon.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -25,6 +25,7 @@
 #include "RouterContext.h"
 #include "ClientContext.h"
 #include "Transports.h"
+#include "util.h"
 
 void handle_signal(int sig)
 {
@@ -162,12 +163,21 @@ namespace i2p
 
 #ifndef ANDROID
 				if (lockf(pidFH, F_TLOCK, 0) != 0)
+#else
+				struct flock fl;
+				fl.l_len = 0;
+				fl.l_type = F_WRLCK;
+				fl.l_whence = SEEK_SET;
+				fl.l_start = 0;
+
+				if (fcntl(pidFH, F_SETLK, &fl) != 0)
+#endif
 				{
 					LogPrint(eLogError, "Daemon: Could not lock pid file ", pidfile, ": ", strerror(errno));
 					std::cerr << "i2pd: Could not lock pid file " << pidfile << ": " << strerror(errno) << std::endl;
 					return false;
 				}
-#endif
+
 				char pid[10];
 				sprintf(pid, "%d\n", getpid());
 				ftruncate(pidFH, 0);
@@ -211,6 +221,7 @@ namespace i2p
 
 		void DaemonLinux::run ()
 		{
+			i2p::util::SetThreadName ("i2pd-daemon");
 			while (running)
 			{
 				std::this_thread::sleep_for (std::chrono::seconds(1));

debian/NEWS

@@ -0,0 +1,5 @@
+i2pd (2.53.0-1) unstable; urgency=medium
+
+  i2pd binary moved from /usr/sbin to /usr/bin. Please check your scripts if you used the old path.
+
+ -- r4sas <r4sas@i2pmail.org>  Fri, 19 Jul 2024 16:00:00 +0000

debian/changelog

@@ -1,3 +1,70 @@
+i2pd (2.56.0-1) unstable; urgency=medium
+
+  * updated to version 2.56.0/0.9.65
+
+ -- orignal <orignal@i2pmail.org>  Tue, 11 Feb 2025 16:00:00 +0000
+
+i2pd (2.55.0-1) unstable; urgency=medium
+
+  * updated to version 2.55.0
+
+ -- orignal <orignal@i2pmail.org>  Mon, 30 Dec 2024 16:00:00 +0000
+
+i2pd (2.54.0-1) unstable; urgency=medium
+
+  * updated to version 2.54.0/0.9.64
+
+ -- orignal <orignal@i2pmail.org>  Sun, 6 Oct 2024 16:00:00 +0000
+
+i2pd (2.53.1-1) unstable; urgency=medium
+
+  * updated to version 2.53.1
+
+ -- orignal <orignal@i2pmail.org>  Tue, 30 Jul 2024 16:00:00 +0000
+
+i2pd (2.53.0-1) unstable; urgency=medium
+
+  * updated to version 2.53.0/0.9.63
+  * binary moved from /usr/sbin to /usr/bin
+
+ -- r4sas <r4sas@i2pmail.org>  Sat, 20 Jul 2024 15:10:00 +0000
+
+i2pd (2.52.0-1) unstable; urgency=medium
+
+  * updated to version 2.52.0
+
+ -- orignal <orignal@i2pmail.org>  Sun, 12 May 2024 16:00:00 +0000
+
+i2pd (2.51.0-1) unstable; urgency=medium
+
+  * updated to version 2.51.0/0.9.62
+
+ -- orignal <orignal@i2pmail.org>  Sat, 06 Apr 2024 16:00:00 +0000
+
+i2pd (2.50.2-1) unstable; urgency=medium
+
+  * updated to version 2.50.2/0.9.61
+
+ -- orignal <orignal@i2pmail.org>  Sat, 06 Jan 2024 16:00:00 +0000
+
+i2pd (2.50.1-1) unstable; urgency=medium
+
+  * updated to version 2.50.1/0.9.61
+
+ -- r4sas <r4sas@i2pmail.org>  Sat, 23 Dec 2023 18:30:00 +0000
+
+i2pd (2.50.0-1) unstable; urgency=medium
+
+  * updated to version 2.50.0/0.9.61
+
+ -- orignal <orignal@i2pmail.org>  Mon, 18 Dec 2023 16:00:00 +0000
+
+i2pd (2.49.0-1) unstable; urgency=medium
+
+  * updated to version 2.49.0/0.9.60
+
+ -- orignal <orignal@i2pmail.org>  Mon, 18 Sep 2023 16:00:00 +0000
+
 i2pd (2.48.0-1) unstable; urgency=high
 
   * updated to version 2.48.0/0.9.59

debian/i2pd.1

@@ -64,7 +64,7 @@ The network interface to bind to for IPv4 connections
 The network interface to bind to for IPv6 connections
 .TP
 \fB\-\-ipv4=\fR
-Enable communication through ipv6 (\fIenabled\fR by default)
+Enable communication through ipv4 (\fIenabled\fR by default)
 .TP
 \fB\-\-ipv6\fR
 Enable communication through ipv6 (\fIdisabled\fR by default)

debian/i2pd.init

@@ -13,7 +13,7 @@
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
 DESC=i2pd                 # Introduce a short description here
 NAME=i2pd                 # Introduce the short server's name here
-DAEMON=/usr/sbin/$NAME    # Introduce the server's location here
+DAEMON=/usr/bin/$NAME    # Introduce the server's location here
 DAEMON_OPTS=""            # Arguments to run the daemon with
 PIDFILE=/var/run/$NAME/$NAME.pid
 I2PCONF=/etc/$NAME/i2pd.conf

debian/i2pd.install

@@ -1,6 +1,6 @@
-i2pd usr/sbin/
+i2pd usr/bin/
 contrib/i2pd.conf etc/i2pd/
 contrib/tunnels.conf etc/i2pd/
 contrib/certificates/ usr/share/i2pd/
 contrib/tunnels.d/README etc/i2pd/tunnels.conf.d/
-contrib/apparmor/usr.sbin.i2pd etc/apparmor.d
+contrib/apparmor/usr.bin.i2pd etc/apparmor.d

debian/patches/01-upnp.patch

@@ -2,13 +2,13 @@ Description: Enable UPnP usage in package
 Author: r4sas <r4sas@i2pmail.org>
 
 Reviewed-By: r4sas <r4sas@i2pmail.org>
-Last-Update: 2022-03-23
+Last-Update: 2024-12-30
 
 --- i2pd.orig/Makefile
 +++ i2pd/Makefile
-@@ -31,7 +31,7 @@ include filelist.mk
+@@ -31,7 +31,7 @@ # import source files lists
+ include filelist.mk
  
- USE_AESNI       := $(or $(USE_AESNI),yes)
  USE_STATIC      := $(or $(USE_STATIC),no)
 -USE_UPNP        := $(or $(USE_UPNP),no)
 +USE_UPNP        := $(or $(USE_UPNP),yes)

i18n/Chinese.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2023, The PurpleI2P Project
+* Copyright (c) 2022-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -64,11 +64,12 @@ namespace chinese // language namespace
 		{"Full cone NAT", "全锥型NAT"},
 		{"No Descriptors", "无描述符"},
 		{"Uptime", "运行时间"},
-		{"Network status", "IPv4 网络状态"},
+		{"Network status", "网络状态"},
 		{"Network status v6", "IPv6 网络状态"},
 		{"Stopping in", "距停止还有："},
 		{"Family", "家族"},
 		{"Tunnel creation success rate", "隧道创建成功率"},
+		{"Total tunnel creation success rate", "当前隧道创建成功率"},
 		{"Received", "已接收"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "已发送"},
@@ -95,6 +96,7 @@ namespace chinese // language namespace
 		{"Address", "地址"},
 		{"Type", "类型"},
 		{"EncType", "加密类型"},
+		{"Expire LeaseSet", "到期租约集"},
 		{"Inbound tunnels", "入站隧道"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "出站隧道"},
@@ -151,6 +153,8 @@ namespace chinese // language namespace
 		{"StreamID can't be null", "StreamID 不能为空"},
 		{"Return to destination page", "返回目标页面"},
 		{"You will be redirected in %d seconds", "您将在%d秒内被重定向"},
+		{"LeaseSet expiration time updated", "租约集到期时间已更新"},
+		{"LeaseSet is not found or already expired", "租约集未找到或已过期"},
 		{"Transit tunnels count must not exceed %d", "中转隧道数量限制为 %d"},
 		{"Back to commands list", "返回命令列表"},
 		{"Register at reg.i2p", "在 reg.i2p 注册域名"},

i18n/Czech.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2023, The PurpleI2P Project
+* Copyright (c) 2022-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -36,18 +36,18 @@ namespace czech // language namespace
 		{"%.2f GiB", "%.2f GiB"},
 		{"building", "vytváří se"},
 		{"failed", "selhalo"},
-		{"expiring", "končící"},
+		{"expiring", "vyprší platnost"},
 		{"established", "vytvořeno"},
 		{"unknown", "neznámý"},
 		{"exploratory", "průzkumné"},
-		{"Purple I2P Webconsole", "Purple I2P Webkonsole"},
-		{"<b>i2pd</b> webconsole", "<b>i2pd</b> webkonsole"},
+		{"Purple I2P Webconsole", "Purple I2P webová konzole"},
+		{"<b>i2pd</b> webconsole", "<b>i2pd</b> webová konzole"},
 		{"Main page", "Hlavní stránka"},
 		{"Router commands", "Router příkazy"},
-		{"Local Destinations", "Lokální destinace"},
-		{"LeaseSets", "LeaseSety"},
+		{"Local Destinations", "Místní cíle"},
+		{"LeaseSets", "Sety pronájmu"},
 		{"Tunnels", "Tunely"},
-		{"Transit Tunnels", "Transitní tunely"},
+		{"Transit Tunnels", "Tranzitní tunely"},
 		{"Transports", "Transporty"},
 		{"I2P tunnels", "I2P tunely"},
 		{"SAM sessions", "SAM relace"},
@@ -61,18 +61,21 @@ namespace czech // language namespace
 		{"Clock skew", "Časová nesrovnalost"},
 		{"Offline", "Offline"},
 		{"Symmetric NAT", "Symetrický NAT"},
+		{"Full cone NAT", "Full cone NAT"},
+		{"No Descriptors", "Žádné popisovače"},
 		{"Uptime", "Doba provozu"},
-		{"Network status", "Status sítě"},
-		{"Network status v6", "Status sítě v6"},
+		{"Network status", "Stav sítě"},
+		{"Network status v6", "Stav sítě v6"},
 		{"Stopping in", "Zastavuji za"},
 		{"Family", "Rodina"},
 		{"Tunnel creation success rate", "Úspěšnost vytváření tunelů"},
+		{"Total tunnel creation success rate", "Celková míra úspěšnosti vytváření tunelů"},
 		{"Received", "Přijato"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Odesláno"},
 		{"Transit", "Tranzit"},
-		{"Data path", "Cesta k data souborům"},
-		{"Hidden content. Press on text to see.", "Skrytý kontent. Pro zobrazení, klikni na text."},
+		{"Data path", "Cesta k datovým souborům"},
+		{"Hidden content. Press on text to see.", "Skrytý obsah. Pro zobrazení klikněte sem."},
 		{"Router Ident", "Routerová Identita"},
 		{"Router Family", "Rodina routerů"},
 		{"Router Caps", "Omezení Routerů"},
@@ -93,6 +96,7 @@ namespace czech // language namespace
 		{"Address", "Adresa"},
 		{"Type", "Typ"},
 		{"EncType", "EncType"},
+		{"Expire LeaseSet", "Zrušit platnost setu pronájmu"},
 		{"Inbound tunnels", "Příchozí tunely"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "Odchozí tunely"},
@@ -103,21 +107,24 @@ namespace czech // language namespace
 		{"Amount", "Množství"},
 		{"Incoming Tags", "Příchozí štítky"},
 		{"Tags sessions", "Relace štítků"},
-		{"Status", "Status"},
-		{"Local Destination", "Lokální Destinace"},
+		{"Status", "Stav"},
+		{"Local Destination", "Místní cíl"},
 		{"Streams", "Toky"},
 		{"Close stream", "Uzavřít tok"},
+		{"Such destination is not found", "Takováto destinace nebyla nalezena"},
 		{"I2CP session not found", "I2CP relace nenalezena"},
 		{"I2CP is not enabled", "I2CP není zapnuto"},
 		{"Invalid", "Neplatný"},
 		{"Store type", "Druh uložení"},
 		{"Expires", "Vyprší"},
-		{"Non Expired Leases", "Nevypršené Leasy"},
+		{"Non Expired Leases", "Pronájmy, kterým nevypršela platnost"},
 		{"Gateway", "Brána"},
 		{"TunnelID", "ID tunelu"},
 		{"EndDate", "Datum ukončení"},
+		{"floodfill mode is disabled", "režim floodfill je vypnut"},
 		{"Queue size", "Velikost fronty"},
 		{"Run peer test", "Spustit peer test"},
+		{"Reload tunnels configuration", "Znovu načíst nastavení tunelů"},
 		{"Decline transit tunnels", "Odmítnout tranzitní tunely"},
 		{"Accept transit tunnels", "Přijmout tranzitní tunely"},
 		{"Cancel graceful shutdown", "Zrušit hladké vypnutí"},
@@ -145,14 +152,17 @@ namespace czech // language namespace
 		{"Destination not found", "Destinace nenalezena"},
 		{"StreamID can't be null", "StreamID nemůže být null"},
 		{"Return to destination page", "Zpět na stránku destinací"},
-		{"Back to commands list", "Zpět na list příkazů"},
+		{"You will be redirected in %d seconds", "Budete přesměrováni za %d sekund"},
+		{"LeaseSet expiration time updated", "Aktualizován čas vypršení platnosti setu pronájmu"},
+		{"LeaseSet is not found or already expired", "Set pronájmu není k nalezení nebo již vypršela jeho platnost"},
+		{"Transit tunnels count must not exceed %d", "Počet tranzitních tunelů nesmí překročit %d"},
+		{"Back to commands list", "Zpět na seznam příkazů"},
 		{"Register at reg.i2p", "Zaregistrovat na reg.i2p"},
 		{"Description", "Popis"},
 		{"A bit information about service on domain", "Trochu informací o službě na doméně"},
 		{"Submit", "Odeslat"},
 		{"Domain can't end with .b32.i2p", "Doména nesmí končit na .b32.i2p"},
 		{"Domain must end with .i2p", "Doména musí končit s .i2p"},
-		{"Such destination is not found", "Takováto destinace nebyla nalezena"},
 		{"Unknown command", "Neznámý příkaz"},
 		{"Command accepted", "Příkaz přijat"},
 		{"Proxy error", "Chyba proxy serveru"},
@@ -162,6 +172,15 @@ namespace czech // language namespace
 		{"You may try to find this host on jump services below", "Můžete se pokusit najít tohoto hostitele na startovacích službách níže"},
 		{"Invalid request", "Neplatný požadavek"},
 		{"Proxy unable to parse your request", "Proxy server nemohl zpracovat váš požadavek"},
+		{"Addresshelper is not supported", "Addresshelper není podporován"},
+		{"Host %s is <font color=red>already in router's addressbook</font>. <b>Be careful: source of this URL may be harmful!</b> Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Hostitel %s je <font color=red>již v adresáři routeru</font>. <b>Buďte opatrní: zdroj této URL může být škodlivý!</b> Klikněte zde pro aktualizaci záznamu: <a href=\"%s%s%s&update=true\">Pokračovat</a>."},
+		{"Addresshelper forced update rejected", "Addresshelperem vynucená aktualizace zamítnuta"},
+		{"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s\">Continue</a>.", "Pro přidání hostitele <b>%s</b> do adresáře routeru, klikněte zde: <a href=\"%s%s%s\">Pokračovat</a>."},
+		{"Addresshelper request", "Požadavek Addresshelperu"},
+		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "Hostitel %s přidán do adresáře routeru od pomocníka. Klikněte zde pro pokračování: <a href=\"%s\">Pokračovat</a>."},
+		{"Addresshelper adding", "Addresshelper přidávání"},
+		{"Host %s is <font color=red>already in router's addressbook</font>. Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Hostitel %s je <font color=red>již v adresáři routeru</font>. Klikněte zde pro aktualizaci záznamu: <a href=\"%s%s%s&update=true\">Pokračovat</a>."},
+		{"Addresshelper update", "Addresshelper aktualizace"},
 		{"Invalid request URI", "Neplatný URI požadavek"},
 		{"Can't detect destination host from request", "Nelze zjistit cílového hostitele z požadavku"},
 		{"Outproxy failure", "Outproxy selhání"},

i18n/French.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2023, The PurpleI2P Project
+* Copyright (c) 2022-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -58,7 +58,7 @@ namespace french // language namespace
 		{"Unknown", "Inconnu"},
 		{"Proxy", "Proxy"},
 		{"Mesh", "Maillé"},
-		{"Clock skew", "Horloge décalée"},
+		{"Clock skew", "Décalage de l'horloge"},
 		{"Offline", "Hors ligne"},
 		{"Symmetric NAT", "NAT symétrique"},
 		{"Full cone NAT", "NAT à cône complet"},
@@ -68,8 +68,8 @@ namespace french // language namespace
 		{"Network status v6", "État du réseau v6"},
 		{"Stopping in", "Arrêt dans"},
 		{"Family", "Famille"},
-		{"Tunnel creation success rate", "Taux de succès de création de tunnels"},
-		{"Total tunnel creation success rate", "Taux de réussite de création de tunnel"},
+		{"Tunnel creation success rate", "Taux de création de tunnel réussie"},
+		{"Total tunnel creation success rate", "Taux total de création de tunnel réussie"},
 		{"Received", "Reçu"},
 		{"%.2f KiB/s", "%.2f Kio/s"},
 		{"Sent", "Envoyé"},
@@ -96,7 +96,7 @@ namespace french // language namespace
 		{"Address", "Adresse"},
 		{"Type", "Type"},
 		{"EncType", "EncType"},
-		{"Expire LeaseSet", "Expiration du LeaseSet"},
+		{"Expire LeaseSet", "Expirer le jeu de baux"},
 		{"Inbound tunnels", "Tunnels entrants"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "Tunnels sortants"},
@@ -153,8 +153,8 @@ namespace french // language namespace
 		{"StreamID can't be null", "StreamID ne peut pas être vide"},
 		{"Return to destination page", "Retourner à la page de destination"},
 		{"You will be redirected in %d seconds", "Vous serez redirigé dans %d secondes"},
-		{"LeaseSet expiration time updated", "Temps d'expiration du LeaseSet mis à jour"},
-		{"LeaseSet is not found or already expired", "Le LeaseSet est introuvable ou a déjà expirée"},
+		{"LeaseSet expiration time updated", "Temps d'expiration du jeu de baux mis à jour"},
+		{"LeaseSet is not found or already expired", "Le jeu de baux est introuvable ou a déjà expiré"},
 		{"Transit tunnels count must not exceed %d", "Le nombre de tunnels de transit ne doit pas excéder %d"},
 		{"Back to commands list", "Retour à la liste des commandes"},
 		{"Register at reg.i2p", "Inscription à reg.i2p"},

i18n/Italian.cpp

@@ -69,6 +69,7 @@ namespace italian // language namespace
 		{"Stopping in", "Arresto in"},
 		{"Family", "Famiglia"},
 		{"Tunnel creation success rate", "Percentuale di tunnel creati con successo"},
+		{"Total tunnel creation success rate", "Percentuale di successo totale nella creazione del tunnel"},
 		{"Received", "Ricevuti"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Inviati"},
@@ -95,6 +96,7 @@ namespace italian // language namespace
 		{"Address", "Indirizzo"},
 		{"Type", "Tipologia"},
 		{"EncType", "Tipo di crittografia"},
+		{"Expire LeaseSet", "Scadenza LeaseSet"},
 		{"Inbound tunnels", "Tunnel in entrata"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "Tunnel in uscita"},
@@ -109,6 +111,7 @@ namespace italian // language namespace
 		{"Local Destination", "Destinazione locale"},
 		{"Streams", "Flussi"},
 		{"Close stream", "Interrompi il flusso"},
+		{"Such destination is not found", "Questa destinazione non è stata trovata"},
 		{"I2CP session not found", "Sessione I2CP non trovata"},
 		{"I2CP is not enabled", "I2CP non è abilitato"},
 		{"Invalid", "Invalido"},
@@ -150,6 +153,8 @@ namespace italian // language namespace
 		{"StreamID can't be null", "Lo StreamID non può essere null"},
 		{"Return to destination page", "Ritorna alla pagina di destinazione"},
 		{"You will be redirected in %d seconds", "Sarai reindirizzato tra %d secondi"},
+		{"LeaseSet expiration time updated", "Tempo di scadenza LeaseSet aggiornato"},
+		{"LeaseSet is not found or already expired", "LeaseSet non trovato o già scaduto"},
 		{"Transit tunnels count must not exceed %d", "Il conteggio dei tunnel di transito non deve superare %d"},
 		{"Back to commands list", "Ritorna alla lista dei comandi"},
 		{"Register at reg.i2p", "Registra a reg.i2p"},
@@ -158,7 +163,6 @@ namespace italian // language namespace
 		{"Submit", "Invia"},
 		{"Domain can't end with .b32.i2p", "I domini non possono terminare con .b32.i2p"},
 		{"Domain must end with .i2p", "I domini devono terminare con .i2p"},
-		{"Such destination is not found", "Questa destinazione non è stata trovata"},
 		{"Unknown command", "Comando sconosciuto"},
 		{"Command accepted", "Comando accettato"},
 		{"Proxy error", "Errore del proxy"},

i18n/Polish.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2023, The PurpleI2P Project
+* Copyright (c) 2023-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -31,22 +31,186 @@ namespace polish // language namespace
 
 	static std::map<std::string, std::string> strings
 	{
+		{"%.2f KiB", "%.2f KiB"},
+		{"%.2f MiB", "%.2f MiB"},
+		{"%.2f GiB", "%.2f GiB"},
 		{"building", "Kompilowanie"},
 		{"failed", "nieudane"},
 		{"expiring", "wygasający"},
 		{"established", "ustanowiony"},
+		{"unknown", "nieznany"},
+		{"exploratory", "eksploracyjny"},
+		{"Purple I2P Webconsole", "Konsola webowa Purple I2P"},
+		{"<b>i2pd</b> webconsole", "<b>i2pd</b> konsola webowa"},
 		{"Main page", "Strona główna"},
 		{"Router commands", "Komendy routera"},
+		{"Local Destinations", "Lokalne miejsca docelowe"},
+		{"LeaseSets", "ZestawyNajmu"},
 		{"Tunnels", "Tunele"},
+		{"Transit Tunnels", "Tunele Tranzytu"},
+		{"Transports", "Transportery"},
+		{"I2P tunnels", "Tunele I2P"},
+		{"SAM sessions", "Sesje SAM"},
+		{"ERROR", "BŁĄD"},
 		{"OK", "Ok"},
+		{"Testing", "Testowanie"},
+		{"Firewalled", "Za zaporą sieciową"},
+		{"Unknown", "Nieznany"},
+		{"Proxy", "Proxy"},
+		{"Mesh", "Sieć"},
+		{"Clock skew", "Przesunięcie czasu"},
+		{"Offline", "Offline"},
+		{"Symmetric NAT", "Symetryczny NAT"},
+		{"Full cone NAT", "Pełny stożek NAT"},
+		{"No Descriptors", "Brak deskryptorów"},
 		{"Uptime", "Czas pracy"},
+		{"Network status", "Stan sieci"},
+		{"Network status v6", "Stan sieci v6"},
+		{"Stopping in", "Zatrzymywanie za"},
+		{"Family", "Rodzina"},
+		{"Tunnel creation success rate", "Wskaźnik sukcesu tworzenia tunelu"},
+		{"Total tunnel creation success rate", "Całkowity wskaźnik sukcesu tworzenia tunelu"},
+		{"Received", "Odebrano"},
+		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Wysłane"},
+		{"Transit", "Tranzyt"},
+		{"Data path", "Ścieżka do danych"},
+		{"Hidden content. Press on text to see.", "Ukryta zawartość. Naciśnij tekst, aby zobaczyć."},
+		{"Router Ident", "Identyfikator routera"},
+		{"Router Family", "Rodzina routera"},
+		{"Router Caps", "Możliwości routera"},
+		{"Version", "Wersja"},
+		{"Our external address", "Nasz zewnętrzny adres"},
+		{"supported", "wspierane"},
+		{"Routers", "Routery"},
+		{"Floodfills", "Floodfille"},
+		{"Client Tunnels", "Tunele Klienta"},
+		{"Services", "Usługi"},
+		{"Enabled", "Aktywny"},
+		{"Disabled", "Wyłączony"},
+		{"Encrypted B33 address", "Zaszyfrowany adres B33"},
+		{"Address registration line", "Linia rejestracji adresu"},
+		{"Domain", "Domena"},
+		{"Generate", "Generuj"},
+		{"<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.", "<b>Uwaga:</b> wynik string może być używany tylko do rejestracji domen 2LD (przykład.i2p). Do rejestracji subdomen należy użyć narzędzi i2pd."},
+		{"Address", "Adres"},
+		{"Type", "Typ"},
+		{"EncType", "TypEnkrypcji"},
+		{"Expire LeaseSet", "Wygaśnij LeaseSet"},
+		{"Inbound tunnels", "Tunele przychodzące"},
+		{"%dms", "%dms"},
+		{"Outbound tunnels", "Tunele wychodzące"},
+		{"Tags", "Tagi"},
+		{"Incoming", "Przychodzące"},
+		{"Outgoing", "Wychodzące"},
+		{"Destination", "Miejsce docelowe"},
+		{"Amount", "Ilość"},
+		{"Incoming Tags", "Przychodzące tagi"},
+		{"Tags sessions", "Sesje tagów"},
+		{"Status", "Status"},
+		{"Local Destination", "Lokalne miejsce docelowe"},
+		{"Streams", "Strumienie"},
+		{"Close stream", "Zamknij strumień"},
+		{"Such destination is not found", "Nie znaleziono takiego miejsca docelowego"},
+		{"I2CP session not found", "Sesja I2CP nie została znaleziona"},
+		{"I2CP is not enabled", "I2CP nie jest włączone"},
+		{"Invalid", "Niepoprawny"},
+		{"Store type", "Rodzaj przechowywania"},
+		{"Expires", "Wygasa za"},
+		{"Non Expired Leases", "Leasingi niewygasłe"},
+		{"Gateway", "Brama"},
+		{"TunnelID", "IDTunelu"},
+		{"EndDate", "DataZakończenia"},
+		{"floodfill mode is disabled", "tryb floodfill jest wyłączony"},
+		{"Queue size", "Wielkość kolejki"},
+		{"Run peer test", "Wykonaj test peer"},
+		{"Reload tunnels configuration", "Załaduj ponownie konfigurację tuneli"},
+		{"Decline transit tunnels", "Odrzuć tunele tranzytowe"},
+		{"Accept transit tunnels", "Akceptuj tunele tranzytowe"},
+		{"Cancel graceful shutdown", "Anuluj łagodne wyłączenie"},
+		{"Start graceful shutdown", "Rozpocznij łagodne wyłączenie"},
+		{"Force shutdown", "Wymuś wyłączenie"},
+		{"Reload external CSS styles", "Odśwież zewnętrzne style CSS"},
+		{"<b>Note:</b> any action done here are not persistent and not changes your config files.", "<b>Uwaga:</b> każda akcja wykonana tutaj nie jest trwała i nie zmienia Twoich plików konfiguracyjnych."},
+		{"Logging level", "Poziom logowania"},
+		{"Transit tunnels limit", "Limit tuneli tranzytowych"},
+		{"Change", "Zmień"},
+		{"Change language", "Zmień język"},
+		{"no transit tunnels currently built", "brak obecnie zbudowanych tuneli tranzytowych"},
+		{"SAM disabled", "SAM wyłączony"},
+		{"no sessions currently running", "brak aktualnie uruchomionych sesji"},
+		{"SAM session not found", "Sesja SAM nie została znaleziona"},
+		{"SAM Session", "Sesja SAM"},
+		{"Server Tunnels", "Tunele Serwera"},
+		{"Client Forwards", "Przekierowania Klienta"},
+		{"Server Forwards", "Przekierowania Serwera"},
+		{"Unknown page", "Nieznana strona"},
+		{"Invalid token", "Nieprawidłowy token"},
+		{"SUCCESS", "SUKCES"},
+		{"Stream closed", "Strumień zamknięty"},
+		{"Stream not found or already was closed", "Strumień nie został znaleziony lub został już zamknięty"},
+		{"Destination not found", "Nie znaleziono punktu docelowego"},
+		{"StreamID can't be null", "StreamID nie może być null"},
+		{"Return to destination page", "Wróć do strony miejsca docelowego"},
+		{"You will be redirected in %d seconds", "Zostaniesz prekierowany za %d sekund"},
+		{"LeaseSet expiration time updated", "Zaktualizowano czas wygaśnięcia LeaseSet"},
+		{"LeaseSet is not found or already expired", "LeaseSet nie został znaleziony lub już wygasł"},
+		{"Transit tunnels count must not exceed %d", "Liczba tuneli tranzytowych nie może przekraczać %d"},
+		{"Back to commands list", "Powrót do listy poleceń"},
+		{"Register at reg.i2p", "Zarejestruj się na reg.i2p"},
+		{"Description", "Opis"},
+		{"A bit information about service on domain", "Trochę informacji o usłudze w domenie"},
+		{"Submit", "Zatwierdź"},
+		{"Domain can't end with .b32.i2p", "Domena nie może kończyć się na .b32.i2p"},
+		{"Domain must end with .i2p", "Domena musi kończyć się na .i2p"},
+		{"Unknown command", "Nieznana komenda"},
+		{"Command accepted", "Polecenie zaakceptowane"},
+		{"Proxy error", "Błąd serwera proxy"},
+		{"Proxy info", "Informacje o proxy"},
+		{"Proxy error: Host not found", "Błąd proxy: Nie znaleziono hosta"},
+		{"Remote host not found in router's addressbook", "Nie znaleziono zdalnego hosta w książce adresowej routera"},
+		{"You may try to find this host on jump services below", "Możesz znaleźć tego hosta na poniższych usługach skoku"},
+		{"Invalid request", "Nieprawidłowe żądanie"},
+		{"Proxy unable to parse your request", "Serwer proxy nie może przetworzyć Twojego żądania"},
+		{"Addresshelper is not supported", "Adresshelper nie jest obsługiwany"},
+		{"Host %s is <font color=red>already in router's addressbook</font>. <b>Be careful: source of this URL may be harmful!</b> Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Host %s <font color=red>jest już w książce adresowej routera</font>. <b>Uważaj: źródło tego adresu URL może być szkodliwe!</b> Kliknij tutaj, aby zaktualizować rekord: <a href=\"%s%s%s&update=true\">Kontynuuj</a>."},
+		{"Addresshelper forced update rejected", "Wymuszona aktualizacja Addreshelper odrzucona"},
+		{"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s\">Continue</a>.", "Aby dodać host <b>%s</b> w książce adresowej routera, kliknij tutaj: <a href=\"%s%s%s\">Kontynuuj</a>."},
+		{"Addresshelper request", "Prośba Addresshelper"},
+		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "Host %s dodany do książki adresowej routera od pomocnika. Kliknij tutaj, aby kontynuować: <a href=\"%s\">Kontynuuj</a>."},
+		{"Addresshelper adding", "Dodawanie Addresshelper"},
+		{"Host %s is <font color=red>already in router's addressbook</font>. Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Host %s jest <font color=red>już w książce adresowej routera</font>. Kliknij tutaj, aby zaktualizować rekord: <a href=\"%s%s%s&update=true\">Kontynuuj</a>."},
+		{"Addresshelper update", "Aktualizacja Adresshelper"},
+		{"Invalid request URI", "Nieprawidłowe URI żądania"},
+		{"Can't detect destination host from request", "Nie można wykryć hosta docelowego z żądania"},
+		{"Outproxy failure", "Błąd proxy wyjściowego"},
+		{"Bad outproxy settings", "Błędne ustawienia proxy wyjściowych"},
+		{"Host %s is not inside I2P network, but outproxy is not enabled", "Host %s nie jest wewnątrz sieci I2P, a proxy wyjściowe nie jest włączone"},
+		{"Unknown outproxy URL", "Nieznany adres URL proxy wyjściowego"},
+		{"Cannot resolve upstream proxy", "Nie można rozwiązać serwera proxy upstream"},
+		{"Hostname is too long", "Nazwa hosta jest zbyt długa"},
+		{"Cannot connect to upstream SOCKS proxy", "Nie można połączyć się z proxy SOCKS upstream"},
+		{"Cannot negotiate with SOCKS proxy", "Nie można negocjować z proxy SOCKS"},
+		{"CONNECT error", "Błąd POŁĄCZENIE"},
+		{"Failed to connect", "Nie udało się połączyć"},
+		{"SOCKS proxy error", "Błąd proxy SOCKS"},
+		{"Failed to send request to upstream", "Nie udało się wysłać żądania do upstream"},
+		{"No reply from SOCKS proxy", "Brak odpowiedzi od serwera proxy SOCKS"},
+		{"Cannot connect", "Nie można się połączyć"},
+		{"HTTP out proxy not implemented", "Serwer wyjściowy proxy HTTP nie został zaimplementowany"},
+		{"Cannot connect to upstream HTTP proxy", "Nie można połączyć się z proxy HTTP upstream"},
+		{"Host is down", "Host jest niedostępny"},
+		{"Can't create connection to requested host, it may be down. Please try again later.", "Nie można utworzyć połączenia z żądanym hostem, może być wyłączony. Spróbuj ponownie później."},
 		{"", ""},
 	};
 
 	static std::map<std::string, std::vector<std::string>> plurals
 	{
-		{"", {"", "", ""}},
+		{"%d days", {"%d dzień", "%d dni", "%d dni", "%d dni"}},
+		{"%d hours", {"%d godzina", "%d godziny", "%d godzin", "%d godzin"}},
+		{"%d minutes", {"%d minuta", "%d minuty", "%d minut", "%d minut"}},
+		{"%d seconds", {"%d sekunda", "%d sekundy", "%d sekund", "%d sekund"}},
+		{"", {"", "", "", ""}},
 	};
 
 	std::shared_ptr<const i2p::i18n::Locale> GetLocale()

i18n/Portuguese.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2023, The PurpleI2P Project
+* Copyright (c) 2023-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -58,7 +58,7 @@ namespace portuguese // language namespace
 		{"Unknown", "Desconhecido"},
 		{"Proxy", "Proxy"},
 		{"Mesh", "Malha"},
-		{"Clock skew", "Defasagem do Relógio"},
+		{"Clock skew", "Desvio de Relógio"},
 		{"Offline", "Desligado"},
 		{"Symmetric NAT", "NAT Simétrico"},
 		{"Full cone NAT", "Full cone NAT"},
@@ -69,11 +69,12 @@ namespace portuguese // language namespace
 		{"Stopping in", "Parando em"},
 		{"Family", "Família"},
 		{"Tunnel creation success rate", "Taxa de sucesso na criação de túneis"},
+		{"Total tunnel creation success rate", "Taxa total de sucesso na criação de túneis"},
 		{"Received", "Recebido"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Enviado"},
 		{"Transit", "Trânsito"},
-		{"Data path", "Diretório dos dados"},
+		{"Data path", "Diretório de dados"},
 		{"Hidden content. Press on text to see.", "Conteúdo oculto. Clique no texto para revelar."},
 		{"Router Ident", "Identidade do Roteador"},
 		{"Router Family", "Família do Roteador"},
@@ -95,6 +96,7 @@ namespace portuguese // language namespace
 		{"Address", "Endereço"},
 		{"Type", "Tipo"},
 		{"EncType", "Tipo de Criptografia"},
+		{"Expire LeaseSet", "Expirar LeaseSet"},
 		{"Inbound tunnels", "Túneis de Entrada"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "Túneis de Saída"},
@@ -104,11 +106,12 @@ namespace portuguese // language namespace
 		{"Destination", "Destinos"},
 		{"Amount", "Quantidade"},
 		{"Incoming Tags", "Etiquetas de Entrada"},
-		{"Tags sessions", "Sessões de etiquetas"},
+		{"Tags sessions", "Sessões de Etiquetas"},
 		{"Status", "Estado"},
-		{"Local Destination", "Destinos Locais"},
+		{"Local Destination", "Destino Local"},
 		{"Streams", "Fluxos"},
 		{"Close stream", "Fechar fluxo"},
+		{"Such destination is not found", "Tal destino não foi encontrado"},
 		{"I2CP session not found", "Sessão do I2CP não encontrada"},
 		{"I2CP is not enabled", "I2CP não está ativado"},
 		{"Invalid", "Inválido"},
@@ -145,42 +148,43 @@ namespace portuguese // language namespace
 		{"Invalid token", "Token Inválido"},
 		{"SUCCESS", "SUCESSO"},
 		{"Stream closed", "Fluxo fechado"},
-		{"Stream not found or already was closed", "Fluxo não encontrado ou já encerrado"},
+		{"Stream not found or already was closed", "Fluxo não encontrado ou já fechado"},
 		{"Destination not found", "Destino não encontrado"},
 		{"StreamID can't be null", "StreamID não pode ser nulo"},
 		{"Return to destination page", "Retornar para à página de destino"},
 		{"You will be redirected in %d seconds", "Você será redirecionado em %d segundos"},
+		{"LeaseSet expiration time updated", "Tempo de validade do LeaseSet atualizado"},
+		{"LeaseSet is not found or already expired", "LeaseSet não foi encontrado ou já expirou"},
 		{"Transit tunnels count must not exceed %d", "A contagem de túneis de trânsito não deve exceder %d"},
 		{"Back to commands list", "Voltar para a lista de comandos"},
-		{"Register at reg.i2p", "Registrar na reg.i2p"},
+		{"Register at reg.i2p", "Registrar em reg.i2p"},
 		{"Description", "Descrição"},
 		{"A bit information about service on domain", "Algumas informações sobre o serviço no domínio"},
 		{"Submit", "Enviar"},
 		{"Domain can't end with .b32.i2p", "O domínio não pode terminar com .b32.i2p"},
 		{"Domain must end with .i2p", "O domínio não pode terminar com .i2p"},
-		{"Such destination is not found", "Tal destino não foi encontrado"},
 		{"Unknown command", "Comando desconhecido"},
 		{"Command accepted", "Comando aceito"},
 		{"Proxy error", "Erro no proxy"},
 		{"Proxy info", "Informações do proxy"},
 		{"Proxy error: Host not found", "Erro no proxy: Host não encontrado"},
 		{"Remote host not found in router's addressbook", "O host remoto não foi encontrado no livro de endereços do roteador"},
-		{"You may try to find this host on jump services below", "Você pode tentar encontrar este host nos jump services abaixo"},
+		{"You may try to find this host on jump services below", "Você pode tentar encontrar este host nos serviços de jump abaixo"},
 		{"Invalid request", "Requisição inválida"},
 		{"Proxy unable to parse your request", "O proxy foi incapaz de processar a sua requisição"},
 		{"Addresshelper is not supported", "O Auxiliar de Endereços não é suportado"},
 		{"Host %s is <font color=red>already in router's addressbook</font>. <b>Be careful: source of this URL may be harmful!</b> Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "O host %s já <font color=red>está no catálogo de endereços do roteador</font>. <b>Cuidado: a fonte desta URL pode ser perigosa!</b> Clique aqui para atualizar o registro: <a href=\"%s%s%s&update=true\">Continuar</a>."},
 		{"Addresshelper forced update rejected", "A atualização forçada do Auxiliar de Endereços foi rejeitada"},
 		{"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s\">Continue</a>.", "Para adicionar o host <b> %s </b> ao catálogo de endereços do roteador, clique aqui: <a href='%s%s%s'>Continuar </a>."},
-		{"Addresshelper request", "Requisição do Auxiliar de Endereços"},
-		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "O host %s foi adicionado ao catálogo de endereços do roteador por um auxiliar. Clique aqui para proceder: <a href='%s'> Continuar </a>."},
+		{"Addresshelper request", "Requisição ao Auxiliar de Endereços"},
+		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "O host %s foi adicionado ao catálogo de endereços do roteador por um auxiliar. Clique aqui para prosseguir: <a href='%s'> Continuar </a>."},
 		{"Addresshelper adding", "Auxiliar de Endereço adicionando"},
 		{"Host %s is <font color=red>already in router's addressbook</font>. Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "O host %s já <font color=red>está no catálogo de endereços do roteador </font>. Clique aqui para atualizar o registro: <a href=\"%s%s%s&update=true\">Continuar</a>."},
 		{"Addresshelper update", "Atualização do Auxiliar de Endereços"},
 		{"Invalid request URI", "A URI de requisição é inválida"},
 		{"Can't detect destination host from request", "Incapaz de detectar o host de destino da requisição"},
 		{"Outproxy failure", "Falha no outproxy"},
-		{"Bad outproxy settings", "Configurações ruins de outproxy"},
+		{"Bad outproxy settings", "Má configurações do outproxy"},
 		{"Host %s is not inside I2P network, but outproxy is not enabled", "O host %s não está dentro da rede I2P, mas o outproxy não está ativado"},
 		{"Unknown outproxy URL", "URL de outproxy desconhecida"},
 		{"Cannot resolve upstream proxy", "Não é possível resolver o proxy de entrada"},

i18n/Ukrainian.cpp

@@ -69,6 +69,7 @@ namespace ukrainian // language namespace
 		{"Stopping in", "Зупинка через"},
 		{"Family", "Сімейство"},
 		{"Tunnel creation success rate", "Успішно побудованих тунелів"},
+		{"Total tunnel creation success rate", "Загальна кількість створених тунелів"},
 		{"Received", "Отримано"},
 		{"%.2f KiB/s", "%.2f КіБ/с"},
 		{"Sent", "Відправлено"},
@@ -95,6 +96,7 @@ namespace ukrainian // language namespace
 		{"Address", "Адреса"},
 		{"Type", "Тип"},
 		{"EncType", "ТипШифр"},
+		{"Expire LeaseSet", "Завершити LeaseSet"},
 		{"Inbound tunnels", "Вхідні тунелі"},
 		{"%dms", "%dмс"},
 		{"Outbound tunnels", "Вихідні тунелі"},
@@ -109,6 +111,7 @@ namespace ukrainian // language namespace
 		{"Local Destination", "Локальні Призначення"},
 		{"Streams", "Потоки"},
 		{"Close stream", "Закрити потік"},
+		{"Such destination is not found", "Така точка призначення не знайдена"},
 		{"I2CP session not found", "I2CP сесія не знайдена"},
 		{"I2CP is not enabled", "I2CP не увікнуто"},
 		{"Invalid", "Некоректний"},
@@ -150,6 +153,8 @@ namespace ukrainian // language namespace
 		{"StreamID can't be null", "Ідентифікатор потоку не може бути порожнім"},
 		{"Return to destination page", "Повернутися на сторінку точки призначення"},
 		{"You will be redirected in %d seconds", "Ви будете переадресовані через %d секунд"},
+		{"LeaseSet expiration time updated", "Час закінчення LeaseSet оновлено"},
+		{"LeaseSet is not found or already expired", "LeaseSet не знайдено або вже закінчився"},
 		{"Transit tunnels count must not exceed %d", "Кількість транзитних тунелів не повинна перевищувати %d"},
 		{"Back to commands list", "Повернутися до списку команд"},
 		{"Register at reg.i2p", "Зареєструвати на reg.i2p"},
@@ -158,7 +163,6 @@ namespace ukrainian // language namespace
 		{"Submit", "Надіслати"},
 		{"Domain can't end with .b32.i2p", "Домен не може закінчуватися на .b32.i2p"},
 		{"Domain must end with .i2p", "Домен повинен закінчуватися на .i2p"},
-		{"Such destination is not found", "Така точка призначення не знайдена"},
 		{"Unknown command", "Невідома команда"},
 		{"Command accepted", "Команда прийнята"},
 		{"Proxy error", "Помилка проксі"},

i18n/Uzbek.cpp

@@ -69,6 +69,7 @@ namespace uzbek // language namespace
 		{"Stopping in", "Ichida to'xtatish"},
 		{"Family", "Oila"},
 		{"Tunnel creation success rate", "Tunnel yaratish muvaffaqiyat darajasi"},
+		{"Total tunnel creation success rate", "Tunnel yaratishning umumiy muvaffaqiyat darajasi"},
 		{"Received", "Qabul qilindi"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Yuborilgan"},
@@ -95,6 +96,7 @@ namespace uzbek // language namespace
 		{"Address", "Manzil"},
 		{"Type", "Turi"},
 		{"EncType", "ShifrlashTuri"},
+		{"Expire LeaseSet", "LeaseSet muddati tugaydi"},
 		{"Inbound tunnels", "Kirish tunnellari"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "Chiquvchi tunnellar"},
@@ -109,6 +111,7 @@ namespace uzbek // language namespace
 		{"Local Destination", "Mahalliy joylanish"},
 		{"Streams", "Strim"},
 		{"Close stream", "Strimni o'chirish"},
+		{"Such destination is not found", "Bunday yo'nalish topilmadi"},
 		{"I2CP session not found", "I2CP sessiyasi topilmadi"},
 		{"I2CP is not enabled", "I2CP yoqilmagan"},
 		{"Invalid", "Noto'g'ri"},
@@ -150,6 +153,8 @@ namespace uzbek // language namespace
 		{"StreamID can't be null", "StreamID bo'sh bo'lishi mumkin emas"},
 		{"Return to destination page", "Manzilgoh sahifasiga qaytish"},
 		{"You will be redirected in %d seconds", "Siz %d soniyadan so‘ng boshqa yo‘nalishga yo‘naltirilasiz"},
+		{"LeaseSet expiration time updated", "LeaseSet amal qilish muddati yangilandi"},
+		{"LeaseSet is not found or already expired", "LeaseSet topilmadi yoki muddati tugagan"},
 		{"Transit tunnels count must not exceed %d", "Tranzit tunnellar soni %d dan oshmasligi kerak"},
 		{"Back to commands list", "Buyruqlar ro'yxatiga qaytish"},
 		{"Register at reg.i2p", "Reg.i2p-da ro'yxatdan o'ting"},
@@ -158,7 +163,6 @@ namespace uzbek // language namespace
 		{"Submit", "Yuborish"},
 		{"Domain can't end with .b32.i2p", "Domen .b32.i2p bilan tugashi mumkin emas"},
 		{"Domain must end with .i2p", "Domen .i2p bilan tugashi kerak"},
-		{"Such destination is not found", "Bunday yo'nalish topilmadi"},
 		{"Unknown command", "Noma'lum buyruq"},
 		{"Command accepted", "Buyruq qabul qilindi"},
 		{"Proxy error", "Proksi xatosi"},

libi2pd/Base.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -28,6 +28,11 @@ namespace data
 		return T32;
 	}
 
+	bool IsBase32 (char ch)
+	{
+		return (ch >= 'a' && ch <= 'z') || (ch >= '2' && ch <= '7');
+	}	
+	
 	static void iT64Build(void);
 
 	/*
@@ -55,6 +60,11 @@ namespace data
 		return T64;
 	}
 
+	bool IsBase64 (char ch)
+	{
+		return (ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9') || ch == '-' || ch == '~';
+	}	
+	
 	/*
 	* Reverse Substitution Table (built in run time)
 	*/
@@ -187,6 +197,9 @@ namespace data
 		else
 			return 0;
 
+		if(*InBuffer == P64)
+			return 0;
+
 		ps = (unsigned char *)(InBuffer + InCount - 1);
 		while ( *ps-- == P64 )
 			outCount--;
@@ -269,7 +282,7 @@ namespace data
 
 	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen)
 	{
-		int tmp = 0, bits = 0;
+		unsigned int tmp = 0, bits = 0;
 		size_t ret = 0;
 		for (size_t i = 0; i < len; i++)
 		{
@@ -298,7 +311,7 @@ namespace data
 	size_t ByteStreamToBase32 (const uint8_t * inBuf, size_t len, char * outBuf, size_t outLen)
 	{
 		size_t ret = 0, pos = 1;
-		int bits = 8, tmp = inBuf[0];
+		unsigned int bits = 8, tmp = inBuf[0];
 		while (ret < outLen && (bits > 0 || pos < len))
 		{
 			if (bits < 5)

libi2pd/Base.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -19,9 +19,11 @@ namespace data {
 	size_t Base64ToByteStream (const char * InBuffer, size_t InCount, uint8_t * OutBuffer, size_t len );
 	const char * GetBase32SubstitutionTable ();
 	const char * GetBase64SubstitutionTable ();
+	bool IsBase64 (char ch);
 
 	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen);
 	size_t ByteStreamToBase32 (const uint8_t * InBuf, size_t len, char * outBuf, size_t outLen);
+	bool IsBase32 (char ch);
 
 	/**
 	 * Compute the size for a buffer to contain encoded base64 given that the size of the input is input_size bytes

libi2pd/Blinding.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -152,11 +152,11 @@ namespace data
 			m_BlindedSigType = m_SigType;
 	}
 
-	BlindedPublicKey::BlindedPublicKey (const std::string& b33):
+	BlindedPublicKey::BlindedPublicKey (std::string_view b33):
 		m_SigType (0) // 0 means invalid, we can't blind DSA, set it later
 	{
 		uint8_t addr[40]; // TODO: define length from b33
-		size_t l = i2p::data::Base32ToByteStream (b33.c_str (), b33.length (), addr, 40);
+		size_t l = i2p::data::Base32ToByteStream (b33.data (), b33.length (), addr, 40);
 		if (l < 32)
 		{
 			LogPrint (eLogError, "Blinding: Malformed b33 ", b33);

libi2pd/Blinding.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -11,6 +11,7 @@
 
 #include <inttypes.h>
 #include <string>
+#include <string_view>
 #include <vector>
 #include "Identity.h"
 
@@ -23,7 +24,7 @@ namespace data
 		public:
 
 			BlindedPublicKey (std::shared_ptr<const IdentityEx> identity, bool clientAuth = false);
-			BlindedPublicKey (const std::string& b33); // from b33 without .b32.i2p
+			BlindedPublicKey (std::string_view b33); // from b33 without .b32.i2p
 			std::string ToB33 () const;
 
 			const uint8_t * GetPublicKey () const { return m_PublicKey.data (); };

libi2pd/CPU.cpp

@@ -1,58 +0,0 @@
-/*
-* Copyright (c) 2013-2020, The PurpleI2P Project
-*
-* This file is part of Purple i2pd project and licensed under BSD3
-*
-* See full license text in LICENSE file at top of project tree
-*/
-
-#include "CPU.h"
-#if defined(__x86_64__) || defined(__i386__)
-#include <cpuid.h>
-#endif
-#include "Log.h"
-
-#ifndef bit_AES
-#define bit_AES (1 << 25)
-#endif
-#ifndef bit_AVX
-#define bit_AVX (1 << 28)
-#endif
-
-
-namespace i2p
-{
-namespace cpu
-{
-	bool aesni = false;
-	bool avx = false;
-
-	void Detect(bool AesSwitch, bool AvxSwitch, bool force)
-	{
-#if defined(__x86_64__) || defined(__i386__)
-		int info[4];
-		__cpuid(0, info[0], info[1], info[2], info[3]);
-		if (info[0] >= 0x00000001) {
-			__cpuid(0x00000001, info[0], info[1], info[2], info[3]);
-#if defined (_WIN32) && (WINVER == 0x0501) // WinXP
-			if (AesSwitch && force) { // only if forced
-#else
-			if ((info[2] & bit_AES && AesSwitch) || (AesSwitch && force)) {
-#endif
-				aesni = true;
-			}
-#if defined (_WIN32) && (WINVER == 0x0501) // WinXP
-			if (AvxSwitch && force) { // only if forced
-#else
-			if ((info[2] & bit_AVX && AvxSwitch) || (AvxSwitch && force)) {
-#endif
-				avx = true;
-			}
-		}
-#endif // defined(__x86_64__) || defined(__i386__)
-
-		LogPrint(eLogInfo, "AESNI ", (aesni ? "enabled" : "disabled"));
-		LogPrint(eLogInfo, "AVX ", (avx ? "enabled" : "disabled"));
-	}
-}
-}

libi2pd/CPU.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -9,15 +9,16 @@
 #ifndef LIBI2PD_CPU_H
 #define LIBI2PD_CPU_H
 
-namespace i2p
-{
-namespace cpu
-{
-	extern bool aesni;
-	extern bool avx;
-
-	void Detect(bool AesSwitch, bool AvxSwitch, bool force);
-}
-}
+#if defined(_M_AMD64) || defined(__x86_64__) || defined(_M_IX86) || defined(__i386__)
+#	define IS_X86 1
+#	if defined(_M_AMD64) || defined(__x86_64__)
+#		define IS_X86_64 1
+#	else
+#		define IS_X86_64 0
+#	endif
+#else
+#	define IS_X86 0
+#	define IS_X86_64 0
+#endif
 
 #endif

libi2pd/ChaCha20.cpp

@@ -1,137 +0,0 @@
-/*
-* Copyright (c) 2013-2020, The PurpleI2P Project
-*
-* This file is part of Purple i2pd project and licensed under BSD3
-*
-* See full license text in LICENSE file at top of project tree
-*
-* Kovri go write your own code
-*
-*/
-
-#include "I2PEndian.h"
-#include "ChaCha20.h"
-
-#if !OPENSSL_AEAD_CHACHA20_POLY1305
-namespace i2p
-{
-namespace crypto
-{
-namespace chacha
-{
-void u32t8le(uint32_t v, uint8_t * p)
-{
-	p[0] = v & 0xff;
-	p[1] = (v >> 8) & 0xff;
-	p[2] = (v >> 16) & 0xff;
-	p[3] = (v >> 24) & 0xff;
-}
-
-uint32_t u8t32le(const uint8_t * p)
-{
-	uint32_t value = p[3];
-
-	value = (value << 8) | p[2];
-	value = (value << 8) | p[1];
-	value = (value << 8) | p[0];
-
-	return value;
-}
-
-uint32_t rotl32(uint32_t x, int n)
-{
-	return x << n | (x >> (-n & 31));
-}
-
-void quarterround(uint32_t *x, int a, int b, int c, int d)
-{
-	x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a], 16);
-	x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c], 12);
-	x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a],  8);
-	x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c],  7);
-}
-
-
-void Chacha20Block::operator << (const Chacha20State & st)
-{
-	int i;
-	for (i = 0; i < 16; i++)
-		u32t8le(st.data[i], data + (i << 2));
-}
-
-void block (Chacha20State &input, int rounds)
-{
-	int i;
-	Chacha20State x;
-	x.Copy(input);
-
-	for (i = rounds; i > 0; i -= 2)
-	{
-		quarterround(x.data, 0, 4,  8, 12);
-		quarterround(x.data, 1, 5,  9, 13);
-		quarterround(x.data, 2, 6, 10, 14);
-		quarterround(x.data, 3, 7, 11, 15);
-		quarterround(x.data, 0, 5, 10, 15);
-		quarterround(x.data, 1, 6, 11, 12);
-		quarterround(x.data, 2, 7,  8, 13);
-		quarterround(x.data, 3, 4,  9, 14);
-	}
-	x += input;
-	input.block << x;
-}
-
-void Chacha20Init (Chacha20State& state, const uint8_t * nonce, const uint8_t * key, uint32_t counter)
-{
-	state.data[0] = 0x61707865;
-	state.data[1] = 0x3320646e;
-	state.data[2] = 0x79622d32;
-	state.data[3] = 0x6b206574;
-	for (size_t i = 0; i < 8; i++)
-		state.data[4 + i] = chacha::u8t32le(key + i * 4);
-
-	state.data[12] = htole32 (counter);
-	for (size_t i = 0; i < 3; i++)
-		state.data[13 + i] = chacha::u8t32le(nonce + i * 4);
-}
-
-void Chacha20SetCounter (Chacha20State& state, uint32_t counter)
-{
-	state.data[12] = htole32 (counter);
-	state.offset = 0;
-}
-
-void Chacha20Encrypt (Chacha20State& state, uint8_t * buf, size_t sz)
-{
-	if (state.offset > 0)
-	{
-		// previous block if any
-		auto s = chacha::blocksize - state.offset;
-		if (sz < s) s = sz;
-		for (size_t i = 0; i < s; i++)
-			buf[i] ^= state.block.data[state.offset + i];
-		buf += s;
-		sz -= s;
-		state.offset += s;
-		if (state.offset >= chacha::blocksize) state.offset = 0;
-	}
-	for (size_t i = 0; i < sz; i += chacha::blocksize)
-	{
-		chacha::block(state, chacha::rounds);
-		state.data[12]++;
-		for (size_t j = i; j < i + chacha::blocksize; j++)
-		{
-			if (j >= sz)
-			{
-				state.offset = j & 0x3F; // % 64
-				break;
-			}
-			buf[j] ^= state.block.data[j - i];
-		}
-	}
-}
-
-} // namespace chacha
-} // namespace crypto
-} // namespace i2p
-
-#endif

libi2pd/ChaCha20.h

@@ -1,72 +0,0 @@
-/*
-* Copyright (c) 2013-2020, The PurpleI2P Project
-*
-* This file is part of Purple i2pd project and licensed under BSD3
-*
-* See full license text in LICENSE file at top of project tree
-*
-* Kovri go write your own code
-*
-*/
-#ifndef LIBI2PD_CHACHA20_H
-#define LIBI2PD_CHACHA20_H
-#include <cstdint>
-#include <cstring>
-#include <inttypes.h>
-#include <string.h>
-#include "Crypto.h"
-
-#if !OPENSSL_AEAD_CHACHA20_POLY1305
-namespace i2p
-{
-namespace crypto
-{
-	const std::size_t CHACHA20_KEY_BYTES = 32;
-	const std::size_t CHACHA20_NOUNCE_BYTES = 12;
-
-namespace chacha
-{
-	constexpr std::size_t blocksize = 64;
-	constexpr int rounds = 20;
-
-	struct Chacha20State;
-	struct Chacha20Block
-	{
-		Chacha20Block () {};
-		Chacha20Block (Chacha20Block &&) = delete;
-
-		uint8_t data[blocksize];
-
-		void operator << (const Chacha20State & st);
-	};
-
-	struct Chacha20State
-	{
-		Chacha20State (): offset (0) {};
-		Chacha20State (Chacha20State &&) = delete;
-
-		Chacha20State & operator += (const Chacha20State & other)
-		{
-			for(int i = 0; i < 16; i++)
-				data[i] += other.data[i];
-			return *this;
-		}
-
-		void Copy(const Chacha20State & other)
-		{
-			memcpy(data, other.data, sizeof(uint32_t) * 16);
-		}
-		uint32_t data[16];
-		Chacha20Block block;
-		size_t offset;
-	};
-
-	void Chacha20Init (Chacha20State& state, const uint8_t * nonce, const uint8_t * key, uint32_t counter);
-	void Chacha20SetCounter (Chacha20State& state, uint32_t counter);
-	void Chacha20Encrypt (Chacha20State& state, uint8_t * buf, size_t sz); // encrypt buf in place
-} // namespace chacha
-} // namespace crypto
-} // namespace i2p
-
-#endif
-#endif

libi2pd/Config.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -77,7 +77,7 @@ namespace config {
 		limits.add_options()
 			("limits.coresize", value<uint32_t>()->default_value(0),          "Maximum size of corefile in Kb (0 - use system limit)")
 			("limits.openfiles", value<uint16_t>()->default_value(0),         "Maximum number of open files (0 - use system default)")
-			("limits.transittunnels", value<uint16_t>()->default_value(5000), "Maximum active transit tunnels (default:5000)")
+			("limits.transittunnels", value<uint32_t>()->default_value(10000), "Maximum active transit tunnels (default:10000)")
 			("limits.zombies", value<double>()->default_value(0),             "Minimum percentage of successfully created tunnels under which tunnel cleanup is paused (default [%]: 0.00)")
 			("limits.ntcpsoft", value<uint16_t>()->default_value(0),          "Ignored")
 			("limits.ntcphard", value<uint16_t>()->default_value(0),          "Ignored")
@@ -117,9 +117,14 @@ namespace config {
 			("httpproxy.latency.max", value<std::string>()->default_value("0"),       "HTTP proxy max latency for tunnels")
 			("httpproxy.outproxy", value<std::string>()->default_value(""),           "HTTP proxy upstream out proxy url")
 			("httpproxy.addresshelper", value<bool>()->default_value(true),           "Enable or disable addresshelper")
+			("httpproxy.senduseragent", value<bool>()->default_value(false),          "Pass through user's User-Agent if enabled. Disabled by default")
 			("httpproxy.i2cp.leaseSetType", value<std::string>()->default_value("3"), "Local destination's LeaseSet type")
 			("httpproxy.i2cp.leaseSetEncType", value<std::string>()->default_value("0,4"), "Local destination's LeaseSet encryption type")
 			("httpproxy.i2cp.leaseSetPrivKey", value<std::string>()->default_value(""), "LeaseSet private key")
+			("httpproxy.i2p.streaming.maxOutboundSpeed", value<std::string>()->default_value("1730000000"), "Max outbound speed of HTTP proxy stream in bytes/sec")
+			("httpproxy.i2p.streaming.maxInboundSpeed", value<std::string>()->default_value("1730000000"), "Max inbound speed of HTTP proxy stream in bytes/sec")
+			("httpproxy.i2p.streaming.profile", value<std::string>()->default_value("1"), "HTTP Proxy bandwidth usage profile. 1 - bulk(high), 2- interactive(low)")
+
 		;
 
 		options_description socksproxy("SOCKS Proxy options");
@@ -144,8 +149,22 @@ namespace config {
 			("socksproxy.i2cp.leaseSetType", value<std::string>()->default_value("3"), "Local destination's LeaseSet type")
 			("socksproxy.i2cp.leaseSetEncType", value<std::string>()->default_value("0,4"), "Local destination's LeaseSet encryption type")
 			("socksproxy.i2cp.leaseSetPrivKey", value<std::string>()->default_value(""), "LeaseSet private key")
+			("socksproxy.i2p.streaming.maxOutboundSpeed", value<std::string>()->default_value("1730000000"), "Max outbound speed of SOCKS proxy stream in bytes/sec")
+			("socksproxy.i2p.streaming.maxInboundSpeed", value<std::string>()->default_value("1730000000"), "Max inbound speed of SOCKS proxy stream in bytes/sec")
+			("socksproxy.i2p.streaming.profile", value<std::string>()->default_value("1"), "SOCKS Proxy bandwidth usage profile. 1 - bulk(high), 2- interactive(low)")
 		;
 
+		options_description shareddest("Shared local destination options");
+		shareddest.add_options()
+			("shareddest.inbound.length", value<std::string>()->default_value("3"),    "Shared local destination inbound tunnel length")
+			("shareddest.outbound.length", value<std::string>()->default_value("3"),   "Shared local destination outbound tunnel length")
+			("shareddest.inbound.quantity", value<std::string>()->default_value("3"),  "Shared local destination inbound tunnels quantity")
+			("shareddest.outbound.quantity", value<std::string>()->default_value("3"), "Shared local destination outbound tunnels quantity")
+			("shareddest.i2cp.leaseSetType", value<std::string>()->default_value("3"), "Shared local destination's LeaseSet type")
+			("shareddest.i2cp.leaseSetEncType", value<std::string>()->default_value("0,4"), "Shared local destination's LeaseSet encryption type")
+			("shareddest.i2p.streaming.profile", value<std::string>()->default_value("2"), "Shared local destination bandwidth usage profile. 1 - bulk(high), 2- interactive(low)")
+		;	
+		
 		options_description sam("SAM bridge options");
 		sam.add_options()
 			("sam.enabled", value<bool>()->default_value(true),               "Enable or disable SAM Application bridge")
@@ -168,6 +187,8 @@ namespace config {
 			("i2cp.address", value<std::string>()->default_value("127.0.0.1"), "I2CP listen address")
 			("i2cp.port", value<uint16_t>()->default_value(7654),              "I2CP listen port")
 			("i2cp.singlethread", value<bool>()->default_value(true),          "Destinations run in the I2CP server's thread")
+			("i2cp.inboundlimit", value<uint32_t>()->default_value(0),         "Client inbound limit in KBps to return in BandwidthLimitsMessage. Router's bandwidth by default")
+			("i2cp.outboundlimit", value<uint32_t>()->default_value(0),        "Client outbound limit in KBps to return in BandwidthLimitsMessage. Router's bandwidth by default")
 		;
 
 		options_description i2pcontrol("I2PControl options");
@@ -193,7 +214,7 @@ namespace config {
 		options_description precomputation("Precomputation options");
 		precomputation.add_options()
 			("precomputation.elgamal",
-#if defined(__x86_64__)
+#if (defined(_M_AMD64) || defined(__x86_64__))
 				value<bool>()->default_value(false),
 #else
 				value<bool>()->default_value(true),
@@ -205,7 +226,7 @@ namespace config {
 		reseed.add_options()
 			("reseed.verify", value<bool>()->default_value(false),        "Verify .su3 signature")
 			("reseed.threshold", value<uint16_t>()->default_value(25),    "Minimum number of known routers before requesting reseed")
-			("reseed.floodfill", value<std::string>()->default_value(""), "Path to router info of floodfill to reseed from")
+			("reseed.floodfill", value<std::string>()->default_value(""), "Ignored. Always empty")
 			("reseed.file", value<std::string>()->default_value(""),      "Path to local .su3 file or HTTPS URL to reseed from")
 			("reseed.zipfile", value<std::string>()->default_value(""),   "Path to local .zip file to reseed from")
 			("reseed.proxy", value<std::string>()->default_value(""),     "url for reseed proxy, supports http/socks")
@@ -217,17 +238,17 @@ namespace config {
 				"https://reseed.onion.im/,"
 				"https://i2pseed.creativecowpat.net:8443/,"
 				"https://reseed.i2pgit.org/,"
-				"https://banana.incognet.io/,"
+				"https://coconut.incognet.io/,"
 				"https://reseed-pl.i2pd.xyz/,"
 				"https://www2.mk16.de/,"
 			    "https://i2p.ghativega.in/,"
-			    "https://i2p.novg.net/"
+			    "https://i2p.novg.net/,"
+            	"https://reseed.stormycloud.org/"
 			),                                                            "Reseed URLs, separated by comma")
 			("reseed.yggurls", value<std::string>()->default_value(
 				"http://[324:71e:281a:9ed3::ace]:7070/,"
 				"http://[301:65b9:c7cd:9a36::1]:18801/,"
 				"http://[320:8936:ec1a:31f1::216]/,"
-				"http://[306:3834:97b9:a00a::1]/,"
 				"http://[316:f9e0:f22e:a74f::216]/"
 			),                                                            "Reseed URLs through the Yggdrasil, separated by comma")
 		;
@@ -305,11 +326,11 @@ namespace config {
 			("persist.addressbook", value<bool>()->default_value(true),    "Persist full addresses (default: true)")
 		;
 
-		options_description cpuext("CPU encryption extensions options");
+		options_description cpuext("CPU encryption extensions options. Deprecated");
 		cpuext.add_options()
-			("cpuext.aesni", bool_switch()->default_value(true),                     "Use auto detection for AESNI CPU extensions. If false, AESNI will be not used")
-			("cpuext.avx", bool_switch()->default_value(true),                       "Use auto detection for AVX CPU extensions. If false, AVX will be not used")
-			("cpuext.force", bool_switch()->default_value(false),                    "Force usage of CPU extensions. Useful when cpuinfo is not available on virtual machines")
+			("cpuext.aesni", bool_switch()->default_value(true),                     "Deprecated option")
+			("cpuext.avx", bool_switch()->default_value(false),                      "Deprecated option")
+			("cpuext.force", bool_switch()->default_value(false),                    "Deprecated option")
 		;
 
 		options_description meshnets("Meshnet transports options");
@@ -331,6 +352,7 @@ namespace config {
 			.add(httpserver)
 			.add(httpproxy)
 			.add(socksproxy)
+			.add(shareddest)
 			.add(sam)
 			.add(bob)
 			.add(i2cp)

libi2pd/Crypto.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -19,10 +19,7 @@
 #if OPENSSL_HKDF
 #include <openssl/kdf.h>
 #endif
-#if !OPENSSL_AEAD_CHACHA20_POLY1305
-#include "ChaCha20.h"
-#include "Poly1305.h"
-#endif
+#include "CPU.h"
 #include "Crypto.h"
 #include "Ed25519.h"
 #include "I2PEndian.h"
@@ -159,7 +156,7 @@ namespace crypto
 
 // DH/ElGamal
 
-#if !defined(__x86_64__)
+#if !IS_X86_64
 	const int ELGAMAL_SHORT_EXPONENT_NUM_BITS = 226;
 	const int ELGAMAL_SHORT_EXPONENT_NUM_BYTES = ELGAMAL_SHORT_EXPONENT_NUM_BITS/8+1;
 #endif
@@ -244,17 +241,12 @@ namespace crypto
 // x25519
 	X25519Keys::X25519Keys ()
 	{
-#if OPENSSL_X25519
 		m_Ctx = EVP_PKEY_CTX_new_id (NID_X25519, NULL);
 		m_Pkey = nullptr;
-#else
-		m_Ctx = BN_CTX_new ();
-#endif
 	}
 
 	X25519Keys::X25519Keys (const uint8_t * priv, const uint8_t * pub)
 	{
-#if OPENSSL_X25519
 		m_Pkey = EVP_PKEY_new_raw_private_key (EVP_PKEY_X25519, NULL, priv, 32);
 		m_Ctx = EVP_PKEY_CTX_new (m_Pkey, NULL);
 		if (pub)
@@ -264,29 +256,16 @@ namespace crypto
 			size_t len = 32;
 			EVP_PKEY_get_raw_public_key (m_Pkey, m_PublicKey, &len);
 		}
-#else
-		m_Ctx = BN_CTX_new ();
-		memcpy (m_PrivateKey, priv, 32);
-		if (pub)
-			memcpy (m_PublicKey, pub, 32);
-		else
-			GetEd25519 ()->ScalarMulB (m_PrivateKey, m_PublicKey, m_Ctx);
-#endif
 	}
 
 	X25519Keys::~X25519Keys ()
 	{
-#if OPENSSL_X25519
 		EVP_PKEY_CTX_free (m_Ctx);
 		if (m_Pkey) EVP_PKEY_free (m_Pkey);
-#else
-		BN_CTX_free (m_Ctx);
-#endif
 	}
 
 	void X25519Keys::GenerateKeys ()
 	{
-#if OPENSSL_X25519
 		if (m_Pkey)
 		{
 			EVP_PKEY_free (m_Pkey);
@@ -298,16 +277,11 @@ namespace crypto
 		m_Ctx = EVP_PKEY_CTX_new (m_Pkey, NULL); // TODO: do we really need to re-create m_Ctx?
 		size_t len = 32;
 		EVP_PKEY_get_raw_public_key (m_Pkey, m_PublicKey, &len);
-#else
-		RAND_bytes (m_PrivateKey, 32);
-		GetEd25519 ()->ScalarMulB (m_PrivateKey, m_PublicKey, m_Ctx);
-#endif
 	}
 
 	bool X25519Keys::Agree (const uint8_t * pub, uint8_t * shared)
 	{
 		if (!pub || (pub[31] & 0x80)) return false; // not x25519 key
-#if OPENSSL_X25519
 		EVP_PKEY_derive_init (m_Ctx);
 		auto pkey = EVP_PKEY_new_raw_public_key (EVP_PKEY_X25519, NULL, pub, 32);
 		if (!pkey) return false;
@@ -315,25 +289,17 @@ namespace crypto
 		size_t len = 32;
 		EVP_PKEY_derive (m_Ctx, shared, &len);
 		EVP_PKEY_free (pkey);
-#else
-		GetEd25519 ()->ScalarMul (pub, m_PrivateKey, shared, m_Ctx);
-#endif
 		return true;
 	}
 
 	void X25519Keys::GetPrivateKey (uint8_t * priv) const
 	{
-#if OPENSSL_X25519
 		size_t len = 32;
 		EVP_PKEY_get_raw_private_key (m_Pkey, priv, &len);
-#else
-		memcpy (priv, m_PrivateKey, 32);
-#endif
 	}
 
 	void X25519Keys::SetPrivateKey (const uint8_t * priv, bool calculatePublic)
 	{
-#if OPENSSL_X25519
 		if (m_Ctx) EVP_PKEY_CTX_free (m_Ctx);
 		if (m_Pkey) EVP_PKEY_free (m_Pkey);
 		m_Pkey = EVP_PKEY_new_raw_private_key (EVP_PKEY_X25519, NULL, priv, 32);
@@ -343,11 +309,6 @@ namespace crypto
 			size_t len = 32;
 			EVP_PKEY_get_raw_public_key (m_Pkey, m_PublicKey, &len);
 		}
-#else
-		memcpy (m_PrivateKey, priv, 32);
-		if (calculatePublic)
-			GetEd25519 ()->ScalarMulB (m_PrivateKey, m_PublicKey, m_Ctx);
-#endif
 	}
 
 // ElGamal
@@ -361,7 +322,7 @@ namespace crypto
 		BIGNUM * b1 = BN_CTX_get (ctx);
 		BIGNUM * b = BN_CTX_get (ctx);
 		// select random k
-#if defined(__x86_64__)
+#if IS_X86_64
 		BN_rand (k, ELGAMAL_FULL_EXPONENT_NUM_BITS, -1, 1); // full exponent for x64
 #else
 		BN_rand (k, ELGAMAL_SHORT_EXPONENT_NUM_BITS, -1, 1); // short exponent of 226 bits
@@ -428,7 +389,7 @@ namespace crypto
 
 	void GenerateElGamalKeyPair (uint8_t * priv, uint8_t * pub)
 	{
-#if defined(__x86_64__) || defined(__i386__) || defined(_MSC_VER)
+#if IS_X86 || defined(_MSC_VER)
 		RAND_bytes (priv, 256);
 #else
 		// lower 226 bits (28 bytes and 2 bits) only. short exponent
@@ -481,9 +442,8 @@ namespace crypto
 		// encrypt
 		CBCEncryption encryption;
 		encryption.SetKey (shared);
-		encryption.SetIV (iv);
 		encrypted[257] = 0;
-		encryption.Encrypt (m, 256, encrypted + 258);
+		encryption.Encrypt (m, 256, iv, encrypted + 258);
 		EC_POINT_free (p);
 		BN_CTX_end (ctx);
 		BN_CTX_free (ctx);
@@ -516,8 +476,7 @@ namespace crypto
 			uint8_t m[256];
 			CBCDecryption decryption;
 			decryption.SetKey (shared);
-			decryption.SetIV (iv);
-			decryption.Decrypt (encrypted + 258, 256, m);
+			decryption.Decrypt (encrypted + 258, 256, iv, m);
 			// verify and copy
 			uint8_t hash[32];
 			SHA256 (m + 33, 222, hash);
@@ -555,435 +514,114 @@ namespace crypto
 	}
 
 // AES
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-	#define KeyExpansion256(round0,round1) \
-		"pshufd $0xff, %%xmm2, %%xmm2 \n" \
-		"movaps %%xmm1, %%xmm4 \n" \
-		"pslldq $4, %%xmm4 \n" \
-		"pxor %%xmm4, %%xmm1 \n" \
-		"pslldq $4, %%xmm4 \n" \
-		"pxor %%xmm4, %%xmm1 \n" \
-		"pslldq $4, %%xmm4 \n" \
-		"pxor %%xmm4, %%xmm1 \n" \
-		"pxor %%xmm2, %%xmm1 \n" \
-		"movaps %%xmm1, "#round0"(%[sched]) \n" \
-		"aeskeygenassist $0, %%xmm1, %%xmm4 \n" \
-		"pshufd $0xaa, %%xmm4, %%xmm2 \n" \
-		"movaps %%xmm3, %%xmm4 \n" \
-		"pslldq $4, %%xmm4 \n" \
-		"pxor %%xmm4, %%xmm3 \n" \
-		"pslldq $4, %%xmm4 \n" \
-		"pxor %%xmm4, %%xmm3 \n" \
-		"pslldq $4, %%xmm4 \n" \
-		"pxor %%xmm4, %%xmm3 \n" \
-		"pxor %%xmm2, %%xmm3 \n" \
-		"movaps %%xmm3, "#round1"(%[sched]) \n"
-#endif
-
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-	void ECBCryptoAESNI::ExpandKey (const AESKey& key)
+	ECBEncryption::ECBEncryption ()
 	{
-		__asm__
-		(
-			"movups (%[key]), %%xmm1 \n"
-			"movups 16(%[key]), %%xmm3 \n"
-			"movaps %%xmm1, (%[sched]) \n"
-			"movaps %%xmm3, 16(%[sched]) \n"
-			"aeskeygenassist $1, %%xmm3, %%xmm2 \n"
-			KeyExpansion256(32,48)
-			"aeskeygenassist $2, %%xmm3, %%xmm2 \n"
-			KeyExpansion256(64,80)
-			"aeskeygenassist $4, %%xmm3, %%xmm2 \n"
-			KeyExpansion256(96,112)
-			"aeskeygenassist $8, %%xmm3, %%xmm2 \n"
-			KeyExpansion256(128,144)
-			"aeskeygenassist $16, %%xmm3, %%xmm2 \n"
-			KeyExpansion256(160,176)
-			"aeskeygenassist $32, %%xmm3, %%xmm2 \n"
-			KeyExpansion256(192,208)
-			"aeskeygenassist $64, %%xmm3, %%xmm2 \n"
-			// key expansion final
-			"pshufd $0xff, %%xmm2, %%xmm2 \n"
-			"movaps %%xmm1, %%xmm4 \n"
-			"pslldq $4, %%xmm4 \n"
-			"pxor %%xmm4, %%xmm1 \n"
-			"pslldq $4, %%xmm4 \n"
-			"pxor %%xmm4, %%xmm1 \n"
-			"pslldq $4, %%xmm4 \n"
-			"pxor %%xmm4, %%xmm1 \n"
-			"pxor %%xmm2, %%xmm1 \n"
-			"movups %%xmm1, 224(%[sched]) \n"
-			: // output
-			: [key]"r"((const uint8_t *)key), [sched]"r"(GetKeySchedule ()) // input
-			: "%xmm1", "%xmm2", "%xmm3", "%xmm4", "memory" // clogged
-		);
+		m_Ctx = EVP_CIPHER_CTX_new ();
 	}
-#endif
-
-
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-	#define EncryptAES256(sched) \
-		"pxor (%["#sched"]), %%xmm0 \n" \
-		"aesenc	16(%["#sched"]), %%xmm0 \n" \
-		"aesenc	32(%["#sched"]), %%xmm0 \n" \
-		"aesenc	48(%["#sched"]), %%xmm0 \n" \
-		"aesenc	64(%["#sched"]), %%xmm0 \n" \
-		"aesenc	80(%["#sched"]), %%xmm0 \n" \
-		"aesenc	96(%["#sched"]), %%xmm0 \n" \
-		"aesenc	112(%["#sched"]), %%xmm0 \n" \
-		"aesenc	128(%["#sched"]), %%xmm0 \n" \
-		"aesenc	144(%["#sched"]), %%xmm0 \n" \
-		"aesenc	160(%["#sched"]), %%xmm0 \n" \
-		"aesenc	176(%["#sched"]), %%xmm0 \n" \
-		"aesenc	192(%["#sched"]), %%xmm0 \n" \
-		"aesenc	208(%["#sched"]), %%xmm0 \n" \
-		"aesenclast	224(%["#sched"]), %%xmm0 \n"
-#endif
-
-	void ECBEncryption::Encrypt (const ChipherBlock * in, ChipherBlock * out)
+	
+	ECBEncryption::~ECBEncryption ()
 	{
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-		if(i2p::cpu::aesni)
-		{
-			__asm__
-				(
-					"movups (%[in]), %%xmm0 \n"
-					EncryptAES256(sched)
-					"movups %%xmm0, (%[out]) \n"
-					: : [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out) : "%xmm0", "memory"
-					);
-		}
-		else
-#endif
-		{
-			AES_encrypt (in->buf, out->buf, &m_Key);
-		}
+		if (m_Ctx)
+			EVP_CIPHER_CTX_free (m_Ctx);
+	}	
+	
+	void ECBEncryption::Encrypt (const uint8_t * in, uint8_t * out)
+	{
+		EVP_EncryptInit_ex (m_Ctx, EVP_aes_256_ecb(), NULL, m_Key, NULL);
+		EVP_CIPHER_CTX_set_padding (m_Ctx, 0);
+		int len;
+		EVP_EncryptUpdate (m_Ctx, out, &len, in, 16);
+		EVP_EncryptFinal_ex (m_Ctx, out + len, &len);
 	}
 
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-	#define DecryptAES256(sched) \
-		"pxor 224(%["#sched"]), %%xmm0 \n" \
-		"aesdec	208(%["#sched"]), %%xmm0 \n" \
-		"aesdec	192(%["#sched"]), %%xmm0 \n" \
-		"aesdec	176(%["#sched"]), %%xmm0 \n" \
-		"aesdec	160(%["#sched"]), %%xmm0 \n" \
-		"aesdec	144(%["#sched"]), %%xmm0 \n" \
-		"aesdec	128(%["#sched"]), %%xmm0 \n" \
-		"aesdec	112(%["#sched"]), %%xmm0 \n" \
-		"aesdec	96(%["#sched"]), %%xmm0 \n" \
-		"aesdec	80(%["#sched"]), %%xmm0 \n" \
-		"aesdec	64(%["#sched"]), %%xmm0 \n" \
-		"aesdec	48(%["#sched"]), %%xmm0 \n" \
-		"aesdec	32(%["#sched"]), %%xmm0 \n" \
-		"aesdec	16(%["#sched"]), %%xmm0 \n" \
-		"aesdeclast (%["#sched"]), %%xmm0 \n"
-#endif
-
-	void ECBDecryption::Decrypt (const ChipherBlock * in, ChipherBlock * out)
+	ECBDecryption::ECBDecryption ()
 	{
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-		if(i2p::cpu::aesni)
-		{
-			__asm__
-				(
-					"movups (%[in]), %%xmm0 \n"
-					DecryptAES256(sched)
-					"movups %%xmm0, (%[out]) \n"
-					: : [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out) : "%xmm0", "memory"
-					);
-		}
-		else
-#endif
-		{
-			AES_decrypt (in->buf, out->buf, &m_Key);
-		}
+		m_Ctx = EVP_CIPHER_CTX_new ();
+	}
+	
+	ECBDecryption::~ECBDecryption ()
+	{
+		if (m_Ctx)
+			EVP_CIPHER_CTX_free (m_Ctx);
+	}	
+	
+	void ECBDecryption::Decrypt (const uint8_t * in, uint8_t * out)
+	{
+		EVP_DecryptInit_ex (m_Ctx, EVP_aes_256_ecb(), NULL, m_Key, NULL);
+		EVP_CIPHER_CTX_set_padding (m_Ctx, 0);
+		int len;
+		EVP_DecryptUpdate (m_Ctx, out, &len, in, 16);
+		EVP_DecryptFinal_ex (m_Ctx, out + len, &len);
 	}
 
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-	#define CallAESIMC(offset) \
-		"movaps "#offset"(%[shed]), %%xmm0 \n" \
-		"aesimc %%xmm0, %%xmm0 \n" \
-		"movaps %%xmm0, "#offset"(%[shed]) \n"
-#endif
 
-	void ECBEncryption::SetKey (const AESKey& key)
-	{
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-		if(i2p::cpu::aesni)
-		{
-			ExpandKey (key);
-		}
-		else
-#endif
-		{
-			AES_set_encrypt_key (key, 256, &m_Key);
-		}
+	CBCEncryption::CBCEncryption () 
+	{ 
+		m_Ctx = EVP_CIPHER_CTX_new ();
 	}
-
-	void ECBDecryption::SetKey (const AESKey& key)
+	
+	CBCEncryption::~CBCEncryption ()
 	{
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-		if(i2p::cpu::aesni)
-		{
-			ExpandKey (key); // expand encryption key first
-			// then invert it using aesimc
-			__asm__
-				(
-					CallAESIMC(16)
-					CallAESIMC(32)
-					CallAESIMC(48)
-					CallAESIMC(64)
-					CallAESIMC(80)
-					CallAESIMC(96)
-					CallAESIMC(112)
-					CallAESIMC(128)
-					CallAESIMC(144)
-					CallAESIMC(160)
-					CallAESIMC(176)
-					CallAESIMC(192)
-					CallAESIMC(208)
-					: : [shed]"r"(GetKeySchedule ()) : "%xmm0", "memory"
-					);
-		}
-		else
-#endif
-		{
-			AES_set_decrypt_key (key, 256, &m_Key);
-		}
-	}
-
-	void CBCEncryption::Encrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out)
-	{
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-		if(i2p::cpu::aesni)
-		{
-			__asm__
-				(
-					"movups (%[iv]), %%xmm1 \n"
-					"1: \n"
-					"movups (%[in]), %%xmm0 \n"
-					"pxor %%xmm1, %%xmm0 \n"
-					EncryptAES256(sched)
-					"movaps %%xmm0, %%xmm1 \n"
-					"movups %%xmm0, (%[out]) \n"
-					"add $16, %[in] \n"
-					"add $16, %[out] \n"
-					"dec %[num] \n"
-					"jnz 1b \n"
-					"movups %%xmm1, (%[iv]) \n"
-					:
-					: [iv]"r"((uint8_t *)m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()),
-						[in]"r"(in), [out]"r"(out), [num]"r"(numBlocks)
-					: "%xmm0", "%xmm1", "cc", "memory"
-					);
-		}
-		else
-#endif
-		{
-			for (int i = 0; i < numBlocks; i++)
-			{
-				*m_LastBlock.GetChipherBlock () ^= in[i];
-				m_ECBEncryption.Encrypt (m_LastBlock.GetChipherBlock (), m_LastBlock.GetChipherBlock ());
-				out[i] = *m_LastBlock.GetChipherBlock ();
-			}
-		}
-	}
-
-	void CBCEncryption::Encrypt (const uint8_t * in, std::size_t len, uint8_t * out)
+		if (m_Ctx)
+			EVP_CIPHER_CTX_free (m_Ctx);
+	}	
+	
+	void CBCEncryption::Encrypt (const uint8_t * in, size_t len, const uint8_t * iv, uint8_t * out)
 	{
 		// len/16
-		int numBlocks = len >> 4;
-		if (numBlocks > 0)
-			Encrypt (numBlocks, (const ChipherBlock *)in, (ChipherBlock *)out);
+		EVP_EncryptInit_ex (m_Ctx, EVP_aes_256_cbc(), NULL, m_Key, iv);
+		EVP_CIPHER_CTX_set_padding (m_Ctx, 0);
+		int l;
+		EVP_EncryptUpdate (m_Ctx, out, &l, in, len);
+		EVP_EncryptFinal_ex (m_Ctx, out + l, &l);
 	}
 
-	void CBCEncryption::Encrypt (const uint8_t * in, uint8_t * out)
-	{
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-		if(i2p::cpu::aesni)
-		{
-			__asm__
-				(
-					"movups (%[iv]), %%xmm1 \n"
-					"movups (%[in]), %%xmm0 \n"
-					"pxor %%xmm1, %%xmm0 \n"
-					EncryptAES256(sched)
-					"movups %%xmm0, (%[out]) \n"
-					"movups %%xmm0, (%[iv]) \n"
-					:
-					: [iv]"r"((uint8_t *)m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()),
-						[in]"r"(in), [out]"r"(out)
-					: "%xmm0", "%xmm1", "memory"
-					);
-		}
-		else
-#endif
-			Encrypt (1, (const ChipherBlock *)in, (ChipherBlock *)out);
+	CBCDecryption::CBCDecryption () 
+	{ 
+		m_Ctx = EVP_CIPHER_CTX_new ();
 	}
-
-	void CBCDecryption::Decrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out)
+	
+	CBCDecryption::~CBCDecryption ()
 	{
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-		if(i2p::cpu::aesni)
-		{
-			__asm__
-				(
-					"movups (%[iv]), %%xmm1 \n"
-					"1: \n"
-					"movups (%[in]), %%xmm0 \n"
-					"movaps %%xmm0, %%xmm2 \n"
-					DecryptAES256(sched)
-					"pxor %%xmm1, %%xmm0 \n"
-					"movups %%xmm0, (%[out]) \n"
-					"movaps %%xmm2, %%xmm1 \n"
-					"add $16, %[in] \n"
-					"add $16, %[out] \n"
-					"dec %[num] \n"
-					"jnz 1b \n"
-					"movups %%xmm1, (%[iv]) \n"
-					:
-					: [iv]"r"((uint8_t *)m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()),
-						[in]"r"(in), [out]"r"(out), [num]"r"(numBlocks)
-					: "%xmm0", "%xmm1", "%xmm2", "cc", "memory"
-					);
-		}
-		else
-#endif
-		{
-			for (int i = 0; i < numBlocks; i++)
-			{
-				ChipherBlock tmp = in[i];
-				m_ECBDecryption.Decrypt (in + i, out + i);
-				out[i] ^= *m_IV.GetChipherBlock ();
-				*m_IV.GetChipherBlock () = tmp;
-			}
-		}
-	}
-
-	void CBCDecryption::Decrypt (const uint8_t * in, std::size_t len, uint8_t * out)
+		if (m_Ctx)
+			EVP_CIPHER_CTX_free (m_Ctx);
+	}	
+	
+	void CBCDecryption::Decrypt (const uint8_t * in, size_t len, const uint8_t * iv, uint8_t * out)
 	{
-		int numBlocks = len >> 4;
-		if (numBlocks > 0)
-			Decrypt (numBlocks, (const ChipherBlock *)in, (ChipherBlock *)out);
-	}
-
-	void CBCDecryption::Decrypt (const uint8_t * in, uint8_t * out)
-	{
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-		if(i2p::cpu::aesni)
-		{
-			__asm__
-				(
-					"movups (%[iv]), %%xmm1 \n"
-					"movups (%[in]), %%xmm0 \n"
-					"movups %%xmm0, (%[iv]) \n"
-					DecryptAES256(sched)
-					"pxor %%xmm1, %%xmm0 \n"
-					"movups %%xmm0, (%[out]) \n"
-					:
-					: [iv]"r"((uint8_t *)m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()),
-						[in]"r"(in), [out]"r"(out)
-					: "%xmm0", "%xmm1", "memory"
-					);
-		}
-		else
-#endif
-			Decrypt (1, (const ChipherBlock *)in, (ChipherBlock *)out);
+		// len/16
+		EVP_DecryptInit_ex (m_Ctx, EVP_aes_256_cbc(), NULL, m_Key, iv);
+		EVP_CIPHER_CTX_set_padding (m_Ctx, 0);
+		int l;
+		EVP_DecryptUpdate (m_Ctx, out, &l, in, len);
+		EVP_DecryptFinal_ex (m_Ctx, out + l, &l);
 	}
 
 	void TunnelEncryption::Encrypt (const uint8_t * in, uint8_t * out)
 	{
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-		if(i2p::cpu::aesni)
-		{
-			__asm__
-				(
-					// encrypt IV
-					"movups (%[in]), %%xmm0 \n"
-					EncryptAES256(sched_iv)
-					"movaps %%xmm0, %%xmm1 \n"
-					// double IV encryption
-					EncryptAES256(sched_iv)
-					"movups %%xmm0, (%[out]) \n"
-					// encrypt data, IV is xmm1
-					"1: \n"
-					"add $16, %[in] \n"
-					"add $16, %[out] \n"
-					"movups (%[in]), %%xmm0 \n"
-					"pxor %%xmm1, %%xmm0 \n"
-					EncryptAES256(sched_l)
-					"movaps %%xmm0, %%xmm1 \n"
-					"movups %%xmm0, (%[out]) \n"
-					"dec %[num] \n"
-					"jnz 1b \n"
-					:
-					: [sched_iv]"r"(m_IVEncryption.GetKeySchedule ()), [sched_l]"r"(m_LayerEncryption.ECB().GetKeySchedule ()),
-						[in]"r"(in), [out]"r"(out), [num]"r"(63) // 63 blocks = 1008 bytes
-					: "%xmm0", "%xmm1", "cc", "memory"
-					);
-		}
-		else
-#endif
-		{
-			m_IVEncryption.Encrypt ((const ChipherBlock *)in, (ChipherBlock *)out); // iv
-			m_LayerEncryption.SetIV (out);
-			m_LayerEncryption.Encrypt (in + 16, i2p::tunnel::TUNNEL_DATA_ENCRYPTED_SIZE, out + 16); // data
-			m_IVEncryption.Encrypt ((ChipherBlock *)out, (ChipherBlock *)out); // double iv
-		}
+		uint8_t iv[16];
+		m_IVEncryption.Encrypt (in, iv); // iv
+		m_LayerEncryption.Encrypt (in + 16, i2p::tunnel::TUNNEL_DATA_ENCRYPTED_SIZE, iv, out + 16); // data
+		m_IVEncryption.Encrypt (iv, out); // double iv
 	}
 
 	void TunnelDecryption::Decrypt (const uint8_t * in, uint8_t * out)
 	{
-#if defined(__AES__) && (defined(__x86_64__) || defined(__i386__))
-		if(i2p::cpu::aesni)
-		{
-			__asm__
-				(
-					// decrypt IV
-					"movups	(%[in]), %%xmm0 \n"
-					DecryptAES256(sched_iv)
-					"movaps %%xmm0, %%xmm1 \n"
-					// double IV encryption
-					DecryptAES256(sched_iv)
-					"movups %%xmm0, (%[out]) \n"
-					// decrypt data, IV is xmm1
-					"1: \n"
-					"add $16, %[in] \n"
-					"add $16, %[out] \n"
-					"movups (%[in]), %%xmm0 \n"
-					"movaps %%xmm0, %%xmm2 \n"
-					DecryptAES256(sched_l)
-					"pxor %%xmm1, %%xmm0 \n"
-					"movups %%xmm0, (%[out]) \n"
-					"movaps %%xmm2, %%xmm1 \n"
-					"dec %[num] \n"
-					"jnz 1b \n"
-					:
-					: [sched_iv]"r"(m_IVDecryption.GetKeySchedule ()), [sched_l]"r"(m_LayerDecryption.ECB().GetKeySchedule ()),
-						[in]"r"(in), [out]"r"(out), [num]"r"(63) // 63 blocks = 1008 bytes
-					: "%xmm0", "%xmm1", "%xmm2", "cc", "memory"
-					);
-		}
-		else
-#endif
-		{
-			m_IVDecryption.Decrypt ((const ChipherBlock *)in, (ChipherBlock *)out); // iv
-			m_LayerDecryption.SetIV (out);
-			m_LayerDecryption.Decrypt (in + 16, i2p::tunnel::TUNNEL_DATA_ENCRYPTED_SIZE, out + 16); // data
-			m_IVDecryption.Decrypt ((ChipherBlock *)out, (ChipherBlock *)out); // double iv
-		}
+		uint8_t iv[16];
+		m_IVDecryption.Decrypt (in, iv); // iv
+		m_LayerDecryption.Decrypt (in + 16, i2p::tunnel::TUNNEL_DATA_ENCRYPTED_SIZE, iv, out + 16); // data
+		m_IVDecryption.Decrypt (iv, out); // double iv
 	}
 
 // AEAD/ChaCha20/Poly1305
 
-	bool AEADChaCha20Poly1305 (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen, const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len, bool encrypt)
+	static bool AEADChaCha20Poly1305 (EVP_CIPHER_CTX * ctx, const uint8_t * msg, size_t msgLen, 
+		const uint8_t * ad, size_t adLen, const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len, bool encrypt)
 	{
-		if (len < msgLen) return false;
+		if (!ctx || len < msgLen) return false;
 		if (encrypt && len < msgLen + 16) return false;
 		bool ret = true;
-#if OPENSSL_AEAD_CHACHA20_POLY1305
 		int outlen = 0;
-		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new ();
 		if (encrypt)
 		{
 			EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), 0, 0, 0);
@@ -991,11 +629,20 @@ namespace crypto
 			EVP_EncryptInit_ex(ctx, NULL, NULL, key, nonce);
 			EVP_EncryptUpdate(ctx, NULL, &outlen, ad, adLen);
 			EVP_EncryptUpdate(ctx, buf, &outlen, msg, msgLen);
-			EVP_EncryptFinal_ex(ctx, buf, &outlen);
+			EVP_EncryptFinal_ex(ctx, buf + outlen, &outlen);
 			EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, buf + msgLen);
 		}
 		else
 		{
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x4000000fL
+			std::vector<uint8_t> m(msgLen + 16);
+			if (msg == buf)
+			{	
+				// we have to use different buffers otherwise verification fails
+				memcpy (m.data (), msg, msgLen + 16);
+				msg = m.data ();
+			}	
+#endif			
 			EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), 0, 0, 0);
 			EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, 0);
 			EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, (uint8_t *)(msg + msgLen));
@@ -1004,140 +651,100 @@ namespace crypto
 			EVP_DecryptUpdate(ctx, buf, &outlen, msg, msgLen);
 			ret = EVP_DecryptFinal_ex(ctx, buf + outlen, &outlen) > 0;
 		}
-
-		EVP_CIPHER_CTX_free (ctx);
-#else
-		chacha::Chacha20State state;
-		// generate one time poly key
-		chacha::Chacha20Init (state, nonce, key, 0);
-		uint64_t polyKey[8];
-		memset(polyKey, 0, sizeof(polyKey));
-		chacha::Chacha20Encrypt (state, (uint8_t *)polyKey, 64);
-		// create Poly1305 hash
-		Poly1305 polyHash (polyKey);
-		if (!ad) adLen = 0;
-		uint8_t padding[16]; memset (padding, 0, 16);
-		if (ad)
-		{
-			polyHash.Update (ad, adLen);// additional authenticated data
-			auto rem = adLen & 0x0F; // %16
-			if (rem)
-			{
-				// padding1
-				rem = 16 - rem;
-				polyHash.Update (padding, rem);
-			}
-		}
-		// encrypt/decrypt data and add to hash
-		Chacha20SetCounter (state, 1);
-		if (buf != msg)
-			memcpy (buf, msg, msgLen);
-		if (encrypt)
-		{
-			chacha::Chacha20Encrypt (state, buf, msgLen); // encrypt
-			polyHash.Update (buf, msgLen); // after encryption
-		}
-		else
-		{
-			polyHash.Update (buf, msgLen); // before decryption
-			chacha::Chacha20Encrypt (state, buf, msgLen); // decrypt
-		}
-
-		auto rem = msgLen & 0x0F; // %16
-		if (rem)
-		{
-			// padding2
-			rem = 16 - rem;
-			polyHash.Update (padding, rem);
-		}
-		// adLen and msgLen
-		htole64buf (padding, adLen);
-		htole64buf (padding + 8, msgLen);
-		polyHash.Update (padding, 16);
-
-		if (encrypt)
-			// calculate Poly1305 tag and write in after encrypted data
-			polyHash.Finish ((uint64_t *)(buf + msgLen));
-		else
-		{
-			uint64_t tag[4];
-			// calculate Poly1305 tag
-			polyHash.Finish (tag);
-			if (memcmp (tag, msg + msgLen, 16)) ret = false; // compare with provided
-		}
-#endif
 		return ret;
 	}
 
-	void AEADChaCha20Poly1305Encrypt (const std::vector<std::pair<uint8_t *, size_t> >& bufs, const uint8_t * key, const uint8_t * nonce, uint8_t * mac)
+	bool AEADChaCha20Poly1305 (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen, 
+		const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len, bool encrypt)
 	{
-		if (bufs.empty ()) return;
-#if OPENSSL_AEAD_CHACHA20_POLY1305
-		int outlen = 0;
-		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new ();
-		EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), 0, 0, 0);
-		EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, 0);
-		EVP_EncryptInit_ex(ctx, NULL, NULL, key, nonce);
-		for (const auto& it: bufs)
-			EVP_EncryptUpdate(ctx, it.first, &outlen, it.first, it.second);
-		EVP_EncryptFinal_ex(ctx, NULL, &outlen);
-		EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, mac);
+		EVP_CIPHER_CTX * ctx = EVP_CIPHER_CTX_new ();
+		auto ret = AEADChaCha20Poly1305 (ctx, msg, msgLen, ad, adLen, key, nonce, buf, len, encrypt);
 		EVP_CIPHER_CTX_free (ctx);
-#else
-		chacha::Chacha20State state;
-		// generate one time poly key
-		chacha::Chacha20Init (state, nonce, key, 0);
-		uint64_t polyKey[8];
-		memset(polyKey, 0, sizeof(polyKey));
-		chacha::Chacha20Encrypt (state, (uint8_t *)polyKey, 64);
-		Poly1305 polyHash (polyKey);
-		// encrypt buffers
-		Chacha20SetCounter (state, 1);
-		size_t size = 0;
-		for (const auto& it: bufs)
-		{
-			chacha::Chacha20Encrypt (state, it.first, it.second);
-			polyHash.Update (it.first, it.second); // after encryption
-			size += it.second;
-		}
-		// padding
-		uint8_t padding[16];
-		memset (padding, 0, 16);
-		auto rem = size & 0x0F; // %16
-		if (rem)
-		{
-			// padding2
-			rem = 16 - rem;
-			polyHash.Update (padding, rem);
-		}
-		// adLen and msgLen
-		// adLen is always zero
-		htole64buf (padding + 8, size);
-		polyHash.Update (padding, 16);
-		// MAC
-		polyHash.Finish ((uint64_t *)mac);
-#endif
+		return ret;
 	}
 
-	void ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out)
+	AEADChaCha20Poly1305Encryptor::AEADChaCha20Poly1305Encryptor ()
+	{
+		m_Ctx = EVP_CIPHER_CTX_new ();
+	}
+	
+	AEADChaCha20Poly1305Encryptor::~AEADChaCha20Poly1305Encryptor ()
+	{
+		if (m_Ctx)
+			EVP_CIPHER_CTX_free (m_Ctx);
+	}	
+
+	bool AEADChaCha20Poly1305Encryptor::Encrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+		const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len)
+	{
+		return AEADChaCha20Poly1305 (m_Ctx, msg, msgLen, ad, adLen, key, nonce, buf, len, true);
+	}	
+
+	void AEADChaCha20Poly1305Encryptor::Encrypt (const std::vector<std::pair<uint8_t *, size_t> >& bufs, 
+		const uint8_t * key, const uint8_t * nonce, uint8_t * mac)
+	{
+		if (bufs.empty ()) return;
+		int outlen = 0;
+		EVP_EncryptInit_ex(m_Ctx, EVP_chacha20_poly1305(), 0, 0, 0);
+		EVP_CIPHER_CTX_ctrl(m_Ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, 0);
+		EVP_EncryptInit_ex(m_Ctx, NULL, NULL, key, nonce);
+		for (const auto& it: bufs)
+			EVP_EncryptUpdate(m_Ctx, it.first, &outlen, it.first, it.second);
+		EVP_EncryptFinal_ex(m_Ctx, NULL, &outlen);
+		EVP_CIPHER_CTX_ctrl(m_Ctx, EVP_CTRL_AEAD_GET_TAG, 16, mac);
+	}	
+	
+	AEADChaCha20Poly1305Decryptor::AEADChaCha20Poly1305Decryptor ()
+	{
+		m_Ctx = EVP_CIPHER_CTX_new ();
+	}
+	
+	AEADChaCha20Poly1305Decryptor::~AEADChaCha20Poly1305Decryptor ()
+	{
+		if (m_Ctx)
+			EVP_CIPHER_CTX_free (m_Ctx);
+	}	
+
+	bool AEADChaCha20Poly1305Decryptor::Decrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+		const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len)
+	{
+		return AEADChaCha20Poly1305 (m_Ctx, msg, msgLen, ad, adLen, key, nonce, buf, len, false);
+	}
+
+	static void ChaCha20 (EVP_CIPHER_CTX *ctx, const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out)
 	{
-#if OPENSSL_AEAD_CHACHA20_POLY1305
-		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new ();
 		uint32_t iv[4];
 		iv[0] = htole32 (1); memcpy (iv + 1, nonce, 12); // counter | nonce
 		EVP_EncryptInit_ex(ctx, EVP_chacha20 (), NULL, key, (const uint8_t *)iv);
 		int outlen = 0;
 		EVP_EncryptUpdate(ctx, out, &outlen, msg, msgLen);
 		EVP_EncryptFinal_ex(ctx, NULL, &outlen);
+	}
+	
+	void ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out)
+	{
+		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new ();
+		ChaCha20 (ctx, msg, msgLen, key, nonce, out);
 		EVP_CIPHER_CTX_free (ctx);
-#else
-		chacha::Chacha20State state;
-		chacha::Chacha20Init (state, nonce, key, 1);
-		if (out != msg) memcpy (out, msg, msgLen);
-		chacha::Chacha20Encrypt (state, out, msgLen);
-#endif
 	}
 
+	
+	ChaCha20Context::ChaCha20Context ()
+	{
+		m_Ctx = EVP_CIPHER_CTX_new ();
+	}
+	
+	ChaCha20Context::~ChaCha20Context ()
+	{
+		if (m_Ctx)
+			EVP_CIPHER_CTX_free (m_Ctx);
+	}
+	
+	void ChaCha20Context::operator ()(const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out)
+	{
+		ChaCha20 (m_Ctx, msg, msgLen, key, nonce, out);
+	}	
+	
 	void HKDF (const uint8_t * salt, const uint8_t * key, size_t keyLen, const std::string& info,
 		uint8_t * out, size_t outLen)
 	{
@@ -1285,19 +892,15 @@ namespace crypto
 		}
 	}*/
 
-	void InitCrypto (bool precomputation, bool aesni, bool avx, bool force)
+	void InitCrypto (bool precomputation)
 	{
-		i2p::cpu::Detect (aesni, avx, force);
-#if LEGACY_OPENSSL
-		SSL_library_init ();
-#endif
 /*		auto numLocks = CRYPTO_num_locks();
 		for (int i = 0; i < numLocks; i++)
 			m_OpenSSLMutexes.emplace_back (new std::mutex);
 		CRYPTO_set_locking_callback (OpensslLockingCallback);*/
 		if (precomputation)
 		{
-#if defined(__x86_64__)
+#if IS_X86_64
 			g_ElggTable = new BIGNUM * [ELGAMAL_FULL_EXPONENT_NUM_BYTES][255];
 			PrecalculateElggTable (g_ElggTable, ELGAMAL_FULL_EXPONENT_NUM_BYTES);
 #else
@@ -1312,7 +915,7 @@ namespace crypto
 		if (g_ElggTable)
 		{
 			DestroyElggTable (g_ElggTable,
-#if defined(__x86_64__)
+#if IS_X86_64
 				ELGAMAL_FULL_EXPONENT_NUM_BYTES
 #else
 				ELGAMAL_SHORT_EXPONENT_NUM_BYTES

libi2pd/Crypto.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -21,32 +21,17 @@
 #include <openssl/sha.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
-#include <openssl/engine.h>
 #include <openssl/opensslv.h>
 
 #include "Base.h"
 #include "Tag.h"
-#include "CPU.h"
 
 // recognize openssl version and features
-#if (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050200fL)) // LibreSSL 3.5.2 and above
-#	define LEGACY_OPENSSL 0
-#elif ((OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER)) // 1.0.2 and below or LibreSSL
-#	define LEGACY_OPENSSL 1
-#	define X509_getm_notBefore X509_get_notBefore
-#	define X509_getm_notAfter X509_get_notAfter
-#else
-#	define LEGACY_OPENSSL 0
-#	if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
-#		define OPENSSL_HKDF 1
-#		define OPENSSL_EDDSA 1
-#		define OPENSSL_X25519 1
-#		if (OPENSSL_VERSION_NUMBER != 0x030000000) // 3.0.0, regression in SipHash
-#			define OPENSSL_SIPHASH 1
-#		endif
-#	endif
-#	if !defined OPENSSL_NO_CHACHA && !defined OPENSSL_NO_POLY1305 // some builds might not include them
-#		define OPENSSL_AEAD_CHACHA20_POLY1305 1
+#if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
+#	define OPENSSL_HKDF 1
+#	define OPENSSL_EDDSA 1
+#	if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER != 0x030000000)) // 3.0.0, regression in SipHash, not implemented in LibreSSL
+#		define OPENSSL_SIPHASH 1
 #	endif
 #endif
 
@@ -83,13 +68,8 @@ namespace crypto
 		private:
 
 			uint8_t m_PublicKey[32];
-#if OPENSSL_X25519
 			EVP_PKEY_CTX * m_Ctx;
 			EVP_PKEY * m_Pkey;
-#else
-			BN_CTX * m_Ctx;
-			uint8_t m_PrivateKey[32];
-#endif
 			bool m_IsElligatorIneligible = false; // true if definitely ineligible
 	};
 
@@ -104,142 +84,70 @@ namespace crypto
 	void GenerateECIESKeyPair (const EC_GROUP * curve, BIGNUM *& priv, EC_POINT *& pub);
 
 	// AES
-	struct ChipherBlock
-	{
-		uint8_t buf[16];
-
-		void operator^=(const ChipherBlock& other) // XOR
-		{
-			if (!(((size_t)buf | (size_t)other.buf) & 0x03)) // multiple of 4 ?
-			{
-				for (int i = 0; i < 4; i++)
-					reinterpret_cast<uint32_t *>(buf)[i] ^= reinterpret_cast<const uint32_t *>(other.buf)[i];
-			}
-			else
-			{
-				for (int i = 0; i < 16; i++)
-					buf[i] ^= other.buf[i];
-			}
-		}
-	};
-
 	typedef i2p::data::Tag<32> AESKey;
-
-	template<size_t sz>
-	class AESAlignedBuffer // 16 bytes alignment
-	{
-		public:
-
-			AESAlignedBuffer ()
-			{
-				m_Buf = m_UnalignedBuffer;
-				uint8_t rem = ((size_t)m_Buf) & 0x0f;
-				if (rem)
-					m_Buf += (16 - rem);
-			}
-
-			operator uint8_t * () { return m_Buf; };
-			operator const uint8_t * () const { return m_Buf; };
-			ChipherBlock * GetChipherBlock () { return (ChipherBlock *)m_Buf; };
-			const ChipherBlock * GetChipherBlock () const { return (const ChipherBlock *)m_Buf; };
-
-		private:
-
-			uint8_t m_UnalignedBuffer[sz + 15]; // up to 15 bytes alignment
-			uint8_t * m_Buf;
-	};
-
-
-#ifdef __AES__
-	class ECBCryptoAESNI
-	{
-		public:
-
-			uint8_t * GetKeySchedule () { return m_KeySchedule; };
-
-		protected:
-
-			void ExpandKey (const AESKey& key);
-
-		private:
-
-			AESAlignedBuffer<240> m_KeySchedule;	// 14 rounds for AES-256, 240 bytes
-	};
-#endif
-
-#ifdef __AES__
-	class ECBEncryption: public ECBCryptoAESNI
-#else
+	
 	class ECBEncryption
-#endif
 	{
 		public:
 
-		void SetKey (const AESKey& key);
+			ECBEncryption ();
+			~ECBEncryption ();
+			
+			void SetKey (const uint8_t * key) { m_Key = key; };
+			void Encrypt(const uint8_t * in, uint8_t * out);
 
-		void Encrypt(const ChipherBlock * in, ChipherBlock * out);
+		private:
 
-	private:
-		AES_KEY m_Key;
+			AESKey m_Key;
+			EVP_CIPHER_CTX * m_Ctx;	
 	};
 
-#ifdef __AES__
-	class ECBDecryption: public ECBCryptoAESNI
-#else
 	class ECBDecryption
-#endif
 	{
 		public:
 
-			void SetKey (const AESKey& key);
-			void Decrypt (const ChipherBlock * in, ChipherBlock * out);
+			ECBDecryption ();
+			~ECBDecryption ();
+			
+			void SetKey (const uint8_t * key) { m_Key = key; };
+			void Decrypt (const uint8_t * in, uint8_t * out);
+			
 		private:
-			AES_KEY m_Key;
+			
+			AESKey m_Key;
+			EVP_CIPHER_CTX * m_Ctx;	
 	};
 
 	class CBCEncryption
 	{
 		public:
 
-			CBCEncryption () { memset ((uint8_t *)m_LastBlock, 0, 16); };
-
-			void SetKey (const AESKey& key) { m_ECBEncryption.SetKey (key); }; // 32 bytes
-			void SetIV (const uint8_t * iv) { memcpy ((uint8_t *)m_LastBlock, iv, 16); }; // 16 bytes
-			void GetIV (uint8_t * iv) const { memcpy (iv, (const uint8_t *)m_LastBlock, 16); };
-
-			void Encrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
-			void Encrypt (const uint8_t * in, std::size_t len, uint8_t * out);
-			void Encrypt (const uint8_t * in, uint8_t * out); // one block
-
-			ECBEncryption & ECB() { return m_ECBEncryption; }
+			CBCEncryption ();
+			~CBCEncryption ();
 
+			void SetKey (const uint8_t * key) { m_Key = key; }; // 32 bytes		
+			void Encrypt (const uint8_t * in, size_t len, const uint8_t * iv, uint8_t * out);
+			
 		private:
 
-			AESAlignedBuffer<16> m_LastBlock;
-
-			ECBEncryption m_ECBEncryption;
+			AESKey m_Key;
+			EVP_CIPHER_CTX * m_Ctx;	
 	};
 
 	class CBCDecryption
 	{
 		public:
 
-			CBCDecryption () { memset ((uint8_t *)m_IV, 0, 16); };
-
-			void SetKey (const AESKey& key) { m_ECBDecryption.SetKey (key); }; // 32 bytes
-			void SetIV (const uint8_t * iv) { memcpy ((uint8_t *)m_IV, iv, 16); }; // 16 bytes
-			void GetIV (uint8_t * iv) const { memcpy (iv, (const uint8_t *)m_IV, 16); };
-
-			void Decrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
-			void Decrypt (const uint8_t * in, std::size_t len, uint8_t * out);
-			void Decrypt (const uint8_t * in, uint8_t * out); // one block
-
-			ECBDecryption & ECB() { return m_ECBDecryption; }
+			CBCDecryption ();
+			~CBCDecryption ();
+			
+			void SetKey (const uint8_t * key) { m_Key = key; }; // 32 bytes
+			void Decrypt (const uint8_t * in, size_t len, const uint8_t * iv, uint8_t * out);
 
 		private:
 
-			AESAlignedBuffer<16> m_IV;
-			ECBDecryption m_ECBDecryption;
+			AESKey m_Key;
+			EVP_CIPHER_CTX * m_Ctx;	
 	};
 
 	class TunnelEncryption // with double IV encryption
@@ -279,13 +187,58 @@ namespace crypto
 	};
 
 // AEAD/ChaCha20/Poly1305
-	bool AEADChaCha20Poly1305 (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen, const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len, bool encrypt); // msgLen is len without tag
 
-	void AEADChaCha20Poly1305Encrypt (const std::vector<std::pair<uint8_t *, size_t> >& bufs, const uint8_t * key, const uint8_t * nonce, uint8_t * mac); // encrypt multiple buffers with zero ad
+	class AEADChaCha20Poly1305Encryptor
+	{
+		public:
 
+			AEADChaCha20Poly1305Encryptor ();
+			~AEADChaCha20Poly1305Encryptor ();
+
+			bool Encrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+				const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len); // msgLen is len without tag
+
+			void Encrypt (const std::vector<std::pair<uint8_t *, size_t> >& bufs, const uint8_t * key, const uint8_t * nonce, uint8_t * mac); // encrypt multiple buffers with zero ad
+			
+		private:
+
+			EVP_CIPHER_CTX * m_Ctx;	
+	};	
+
+	class AEADChaCha20Poly1305Decryptor
+	{
+		public:
+
+			AEADChaCha20Poly1305Decryptor ();
+			~AEADChaCha20Poly1305Decryptor ();
+
+			bool Decrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+				const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len); // msgLen is len without tag
+			
+		private:
+
+			EVP_CIPHER_CTX * m_Ctx;	
+	};	
+	
+	bool AEADChaCha20Poly1305 (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+		const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len, bool encrypt); // msgLen is len without tag
+	
 // ChaCha20
 	void ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out);
 
+	class ChaCha20Context
+	{
+		public:
+
+			ChaCha20Context ();
+			~ChaCha20Context ();
+			void operator ()(const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out);
+			
+		private:
+
+			EVP_CIPHER_CTX * m_Ctx;	
+	};
+	
 // HKDF
 
 	void HKDF (const uint8_t * salt, const uint8_t * key, size_t keyLen, const std::string& info, uint8_t * out, size_t outLen = 64); // salt - 32, out - 32 or 64, info <= 32
@@ -307,84 +260,9 @@ namespace crypto
 	void InitNoiseIKState (NoiseSymmetricState& state, const uint8_t * pub); // Noise_IK (ratchets)
 
 // init and terminate
-	void InitCrypto (bool precomputation, bool aesni, bool avx, bool force);
+	void InitCrypto (bool precomputation);
 	void TerminateCrypto ();
 }
 }
 
-// take care about openssl below 1.1.0
-#if LEGACY_OPENSSL
-// define getters and setters introduced in 1.1.0
-inline int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-	{
-		if (d->p) BN_free (d->p);
-		if (d->q) BN_free (d->q);
-		if (d->g) BN_free (d->g);
-		d->p = p; d->q = q; d->g = g; return 1;
-	}
-inline int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
-	{
-		if (d->pub_key) BN_free (d->pub_key);
-		if (d->priv_key) BN_free (d->priv_key);
-		d->pub_key = pub_key; d->priv_key = priv_key; return 1;
-	}
-inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
-	{ *pub_key = d->pub_key; *priv_key = d->priv_key; }
-inline int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-	{
-		if (sig->r) BN_free (sig->r);
-		if (sig->s) BN_free (sig->s);
-		sig->r = r; sig->s = s; return 1;
-	}
-inline void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
-	{ *pr = sig->r; *ps = sig->s; }
-
-inline int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-	{
-		if (sig->r) BN_free (sig->r);
-		if (sig->s) BN_free (sig->s);
-		sig->r = r; sig->s = s; return 1;
-	}
-inline void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
-	{ *pr = sig->r; *ps = sig->s; }
-
-inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
-	{
-		if (r->n) BN_free (r->n);
-		if (r->e) BN_free (r->e);
-		if (r->d) BN_free (r->d);
-		r->n = n; r->e = e; r->d = d; return 1;
-	}
-inline void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
-	{ *n = r->n; *e = r->e; *d = r->d; }
-
-inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-	{
-		if (dh->p) BN_free (dh->p);
-		if (dh->q) BN_free (dh->q);
-		if (dh->g) BN_free (dh->g);
-		dh->p = p; dh->q = q; dh->g = g; return 1;
-	}
-inline int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
-	{
-		if (dh->pub_key) BN_free (dh->pub_key);
-		if (dh->priv_key) BN_free (dh->priv_key);
-		dh->pub_key = pub_key; dh->priv_key = priv_key; return 1;
-	}
-inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
-	{ *pub_key = dh->pub_key; *priv_key = dh->priv_key; }
-
-inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
-	{ return pkey->pkey.rsa; }
-
-inline EVP_MD_CTX *EVP_MD_CTX_new ()
-	{ return EVP_MD_CTX_create(); }
-inline void EVP_MD_CTX_free (EVP_MD_CTX *ctx)
-	{ EVP_MD_CTX_destroy (ctx); }
-
-// ssl
-#define TLS_method TLSv1_method
-
-#endif
-
 #endif

libi2pd/Datagram.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -19,7 +19,7 @@ namespace i2p
 namespace datagram
 {
 	DatagramDestination::DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner, bool gzip):
-		m_Owner (owner), m_Receiver (nullptr), m_RawReceiver (nullptr), m_Gzip (gzip)
+		m_Owner (owner), m_DefaultReceiver (nullptr), m_DefaultRawReceiver (nullptr), m_Gzip (gzip)
 	{
 		if (m_Gzip)
 			m_Deflator.reset (new i2p::data::GzipDeflator);
@@ -104,8 +104,7 @@ namespace datagram
 
 		if (verified)
 		{
-			auto h = identity.GetIdentHash();
-			auto session = ObtainSession(h);
+			auto session = ObtainSession (identity.GetIdentHash());
 			session->Ack();
 			auto r = FindReceiver(toPort);
 			if(r)
@@ -119,19 +118,79 @@ namespace datagram
 
 	void DatagramDestination::HandleRawDatagram (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len)
 	{
-		if (m_RawReceiver)
-			m_RawReceiver (fromPort, toPort, buf, len);
+		auto r = FindRawReceiver(toPort);
+
+		if (r)
+			r (fromPort, toPort, buf, len);
 		else
 			LogPrint (eLogWarning, "DatagramDestination: no receiver for raw datagram");
 	}
 
+	void DatagramDestination::SetReceiver (const Receiver& receiver, uint16_t port)
+	{
+		std::lock_guard<std::mutex> lock(m_ReceiversMutex);
+		m_ReceiversByPorts[port] = receiver;
+		if (!m_DefaultReceiver) {
+			m_DefaultReceiver = receiver;
+			m_DefaultReceiverPort = port;
+		}
+	}
+
+	void DatagramDestination::ResetReceiver (uint16_t port)
+	{
+		std::lock_guard<std::mutex> lock(m_ReceiversMutex);
+		m_ReceiversByPorts.erase (port);
+		if (m_DefaultReceiverPort == port) {
+			m_DefaultReceiver = nullptr;
+			m_DefaultReceiverPort = 0;
+		}
+	}
+
+
+	void DatagramDestination::SetRawReceiver (const RawReceiver& receiver, uint16_t port)
+	{
+		std::lock_guard<std::mutex> lock(m_RawReceiversMutex);
+		m_RawReceiversByPorts[port] = receiver;
+		if (!m_DefaultRawReceiver) {
+			m_DefaultRawReceiver = receiver;
+			m_DefaultRawReceiverPort = port;
+		}
+	}
+
+	void DatagramDestination::ResetRawReceiver (uint16_t port)
+	{
+		std::lock_guard<std::mutex> lock(m_RawReceiversMutex);
+		m_RawReceiversByPorts.erase (port);
+		if (m_DefaultRawReceiverPort == port) {
+			m_DefaultRawReceiver = nullptr;
+			m_DefaultRawReceiverPort = 0;
+		}
+	}
+
+
 	DatagramDestination::Receiver DatagramDestination::FindReceiver(uint16_t port)
 	{
 		std::lock_guard<std::mutex> lock(m_ReceiversMutex);
-		Receiver r = m_Receiver;
+		Receiver r = nullptr;
 		auto itr = m_ReceiversByPorts.find(port);
 		if (itr != m_ReceiversByPorts.end())
 			r = itr->second;
+		else {
+			r = m_DefaultReceiver;
+		}
+		return r;
+	}
+
+	DatagramDestination::RawReceiver DatagramDestination::FindRawReceiver(uint16_t port)
+	{
+		std::lock_guard<std::mutex> lock(m_RawReceiversMutex);
+		RawReceiver r = nullptr;
+		auto itr = m_RawReceiversByPorts.find(port);
+		if (itr != m_RawReceiversByPorts.end())
+			r = itr->second;
+		else {
+			r = m_DefaultRawReceiver;
+		}
 		return r;
 	}
 
@@ -228,8 +287,8 @@ namespace datagram
 
 	DatagramSession::DatagramSession(std::shared_ptr<i2p::client::ClientDestination> localDestination,
 		const i2p::data::IdentHash & remoteIdent) :
-		m_LocalDestination(localDestination),
-		m_RemoteIdent(remoteIdent),
+		m_LocalDestination(localDestination), m_RemoteIdent(remoteIdent),
+		m_LastUse (0), m_LastFlush (0),
 		m_RequestingLS(false)
 	{
 	}
@@ -250,8 +309,12 @@ namespace datagram
 		if (msg || m_SendQueue.empty ())
 			m_SendQueue.push_back(msg);
 		// flush queue right away if full
-		if (!msg || m_SendQueue.size() >= DATAGRAM_SEND_QUEUE_MAX_SIZE)
+		if (!msg || m_SendQueue.size() >= DATAGRAM_SEND_QUEUE_MAX_SIZE || 
+		    m_LastUse > m_LastFlush + DATAGRAM_MAX_FLUSH_INTERVAL)
+		{	
 			FlushSendQueue();
+			m_LastFlush =  m_LastUse;
+		}
 	}
 
 	DatagramSession::Info DatagramSession::GetSessionInfo() const
@@ -284,7 +347,7 @@ namespace datagram
 		if(path)
 			path->updateTime = i2p::util::GetSecondsSinceEpoch ();
 		if (IsRatchets ())
-			SendMsg (nullptr); // send empty message in case if we have some data to send
+			SendMsg (nullptr); // send empty message in case if we don't have some data to send
 	}
 
 	std::shared_ptr<i2p::garlic::GarlicRoutingPath> DatagramSession::GetSharedRoutingPath ()
@@ -317,15 +380,19 @@ namespace datagram
 			if (!found)
 			{
 				m_RoutingSession = m_LocalDestination->GetRoutingSession(m_RemoteLeaseSet, true);
-				if (!m_RoutingSession->GetOwner () || !m_RoutingSession->IsReadyToSend ())
-					m_PendingRoutingSessions.push_back (m_RoutingSession);
+				if (m_RoutingSession)
+				{	
+					m_RoutingSession->SetAckRequestInterval (DATAGRAM_SESSION_ACK_REQUEST_INTERVAL);
+					if (!m_RoutingSession->GetOwner () || !m_RoutingSession->IsReadyToSend ())
+						m_PendingRoutingSessions.push_back (m_RoutingSession);
+				}	
 			}
 		}
 
 		auto path = m_RoutingSession->GetSharedRoutingPath();
-		if (path && m_RoutingSession->IsRatchets () &&
-			m_LastUse > m_RoutingSession->GetLastActivityTimestamp ()*1000 + DATAGRAM_SESSION_PATH_TIMEOUT)
+		if (path && m_RoutingSession->IsRatchets () && m_RoutingSession->CleanupUnconfirmedTags ())
 		{
+			LogPrint (eLogDebug, "Datagram: path reset");
 			m_RoutingSession->SetSharedRoutingPath (nullptr);
 			path = nullptr;
 		}
@@ -353,7 +420,14 @@ namespace datagram
 					auto sz = ls.size();
 					if (sz)
 					{
-						auto idx = rand() % sz;
+						int idx = -1;
+						if (m_LocalDestination)
+						{
+							auto pool = m_LocalDestination->GetTunnelPool ();
+							if (pool)
+								idx = pool->GetRng ()() % sz;
+						}
+						if (idx < 0) idx = rand () % sz;
 						path->remoteLease = ls[idx];
 					}
 					else
@@ -379,7 +453,14 @@ namespace datagram
 				auto sz = ls.size();
 				if (sz)
 				{
-					auto idx = rand() % sz;
+					int idx = -1;
+					if (m_LocalDestination)
+					{
+						auto pool = m_LocalDestination->GetTunnelPool ();
+						if (pool)
+							idx = pool->GetRng ()() % sz;
+					}
+					if (idx < 0) idx = rand () % sz;
 					path->remoteLease = ls[idx];
 				}
 				else

libi2pd/Datagram.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -31,8 +31,6 @@ namespace datagram
 {
 	// milliseconds for max session idle time
 	const uint64_t DATAGRAM_SESSION_MAX_IDLE = 10 * 60 * 1000;
-	// milliseconds for how long we try sticking to a dead routing path before trying to switch
-	const uint64_t DATAGRAM_SESSION_PATH_TIMEOUT = 10 * 1000;
 	// milliseconds interval a routing path is used before switching
 	const uint64_t DATAGRAM_SESSION_PATH_SWITCH_INTERVAL = 20 * 60 * 1000;
 	// milliseconds before lease expire should we try switching leases
@@ -43,6 +41,8 @@ namespace datagram
 	const uint64_t DATAGRAM_SESSION_PATH_MIN_LIFETIME = 5 * 1000;
 	// max 64 messages buffered in send queue for each datagram session
 	const size_t DATAGRAM_SEND_QUEUE_MAX_SIZE = 64;
+	const uint64_t DATAGRAM_MAX_FLUSH_INTERVAL = 5; // in milliseconds
+	const int DATAGRAM_SESSION_ACK_REQUEST_INTERVAL = 5500; // in milliseconds
 
 	class DatagramSession : public std::enable_shared_from_this<DatagramSession>
 	{
@@ -98,7 +98,7 @@ namespace datagram
 			std::shared_ptr<i2p::garlic::GarlicRoutingSession> m_RoutingSession;
 			std::vector<std::shared_ptr<i2p::garlic::GarlicRoutingSession> > m_PendingRoutingSessions;
 			std::vector<std::shared_ptr<I2NPMessage> > m_SendQueue;
-			uint64_t m_LastUse;
+			uint64_t m_LastUse, m_LastFlush; // milliseconds
 			bool m_RequestingLS;
 	};
 
@@ -126,14 +126,12 @@ namespace datagram
 
 			void HandleDataMessagePayload (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len, bool isRaw = false);
 
-			void SetReceiver (const Receiver& receiver) { m_Receiver = receiver; };
-			void ResetReceiver () { m_Receiver = nullptr; };
 
-			void SetReceiver (const Receiver& receiver, uint16_t port) { std::lock_guard<std::mutex> lock(m_ReceiversMutex); m_ReceiversByPorts[port] = receiver; };
-			void ResetReceiver (uint16_t port) { std::lock_guard<std::mutex> lock(m_ReceiversMutex); m_ReceiversByPorts.erase (port); };
+			void SetReceiver (const Receiver& receiver, uint16_t port);
+			void ResetReceiver (uint16_t port);
 
-			void SetRawReceiver (const RawReceiver& receiver) { m_RawReceiver = receiver; };
-			void ResetRawReceiver () { m_RawReceiver = nullptr; };
+			void SetRawReceiver (const RawReceiver& receiver, uint16_t port);
+			void ResetRawReceiver (uint16_t port);
 
 			std::shared_ptr<DatagramSession::Info> GetInfoForRemote(const i2p::data::IdentHash & remote);
 
@@ -150,20 +148,26 @@ namespace datagram
 			void HandleDatagram (uint16_t fromPort, uint16_t toPort, uint8_t *const& buf, size_t len);
 			void HandleRawDatagram (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
 
-			/** find a receiver by port, if none by port is found try default receiever, otherwise returns nullptr */
 			Receiver FindReceiver(uint16_t port);
+			RawReceiver FindRawReceiver(uint16_t port);
 
 		private:
 
 			std::shared_ptr<i2p::client::ClientDestination> m_Owner;
-			Receiver m_Receiver; // default
-			RawReceiver m_RawReceiver; // default
-			bool m_Gzip; // gzip compression of data messages
+
 			std::mutex m_SessionsMutex;
 			std::map<i2p::data::IdentHash, DatagramSession_ptr > m_Sessions;
-			std::mutex m_ReceiversMutex;
-			std::map<uint16_t, Receiver> m_ReceiversByPorts;
 
+			Receiver m_DefaultReceiver;
+			RawReceiver m_DefaultRawReceiver;
+			uint16_t m_DefaultReceiverPort;
+			uint16_t m_DefaultRawReceiverPort;
+			std::mutex m_ReceiversMutex;
+			std::mutex m_RawReceiversMutex;
+			std::unordered_map<uint16_t, Receiver> m_ReceiversByPorts;
+			std::unordered_map<uint16_t, RawReceiver> m_RawReceiversByPorts;
+
+			bool m_Gzip; // gzip compression of data messages
 			i2p::data::GzipInflator m_Inflator;
 			std::unique_ptr<i2p::data::GzipDeflator> m_Deflator;
 			std::vector<uint8_t> m_From, m_Signature;

libi2pd/Destination.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -23,7 +23,7 @@ namespace i2p
 {
 namespace client
 {
-	LeaseSetDestination::LeaseSetDestination (boost::asio::io_service& service,
+	LeaseSetDestination::LeaseSetDestination (boost::asio::io_context& service,
 		bool isPublic, const std::map<std::string, std::string> * params):
 		m_Service (service), m_IsPublic (isPublic), m_PublishReplyToken (0),
 		m_LastSubmissionTime (0), m_PublishConfirmationTimer (m_Service),
@@ -37,6 +37,7 @@ namespace client
 		int inVar   = DEFAULT_INBOUND_TUNNELS_LENGTH_VARIANCE;
 		int outVar  = DEFAULT_OUTBOUND_TUNNELS_LENGTH_VARIANCE;
 		int numTags = DEFAULT_TAGS_TO_SEND;
+		bool isHighBandwidth = true;
 		std::shared_ptr<std::vector<i2p::data::IdentHash> > explicitPeers;
 		try
 		{
@@ -92,7 +93,7 @@ namespace client
 				it = params->find (I2CP_PARAM_DONT_PUBLISH_LEASESET);
 				if (it != params->end ())
 				{
-					// oveeride isPublic
+					// override isPublic
 					m_IsPublic = (it->second != "true");
 				}
 				it = params->find (I2CP_PARAM_LEASESET_TYPE);
@@ -121,6 +122,9 @@ namespace client
 						m_LeaseSetPrivKey.reset (nullptr);
 					}
 				}
+				it = params->find (I2CP_PARAM_STREAMING_PROFILE);
+				if (it != params->end ())
+					isHighBandwidth = std::stoi (it->second) != STREAMING_PROFILE_INTERACTIVE;
 			}
 		}
 		catch (std::exception & ex)
@@ -128,7 +132,7 @@ namespace client
 			LogPrint(eLogError, "Destination: Unable to parse parameters for destination: ", ex.what());
 		}
 		SetNumTags (numTags);
-		m_Pool = i2p::tunnel::tunnels.CreateTunnelPool (inLen, outLen, inQty, outQty, inVar, outVar);
+		m_Pool = i2p::tunnel::tunnels.CreateTunnelPool (inLen, outLen, inQty, outQty, inVar, outVar, isHighBandwidth);
 		if (explicitPeers)
 			m_Pool->SetExplicitPeers (explicitPeers);
 		if(params)
@@ -164,7 +168,7 @@ namespace client
 		LoadTags ();
 		m_Pool->SetLocalDestination (shared_from_this ());
 		m_Pool->SetActive (true);
-		m_CleanupTimer.expires_from_now (boost::posix_time::minutes (DESTINATION_CLEANUP_TIMEOUT));
+		m_CleanupTimer.expires_from_now (boost::posix_time::seconds (DESTINATION_CLEANUP_TIMEOUT));
 		m_CleanupTimer.async_wait (std::bind (&LeaseSetDestination::HandleCleanupTimer,
 			shared_from_this (), std::placeholders::_1));
 	}
@@ -191,7 +195,7 @@ namespace client
 			m_IsPublic = itr->second != "true";
 		}
 
-		int inLen, outLen, inQuant, outQuant, numTags, minLatency, maxLatency;
+		int inLen = 0, outLen = 0, inQuant = 0, outQuant = 0, numTags = 0, minLatency = 0, maxLatency = 0;
 		std::map<std::string, int&> intOpts = {
 			{I2CP_PARAM_INBOUND_TUNNEL_LENGTH, inLen},
 			{I2CP_PARAM_OUTBOUND_TUNNEL_LENGTH, outLen},
@@ -290,7 +294,7 @@ namespace client
 		if (m_IsPublic)
 		{
 			auto s = shared_from_this ();
-			m_Service.post ([s](void)
+			boost::asio::post (m_Service, [s](void)
 			{
 				s->m_PublishVerificationTimer.cancel ();
 				s->Publish ();
@@ -318,7 +322,7 @@ namespace client
 		memcpy (data.k, key, 32);
 		memcpy (data.t, tag, 32);
 		auto s = shared_from_this ();
-		m_Service.post ([s,data](void)
+		boost::asio::post (m_Service, [s,data](void)
 			{
 				s->AddSessionKey (data.k, data.t);
 			});
@@ -335,7 +339,7 @@ namespace client
 		memcpy (data.k, key, 32);
 		data.t = tag;
 		auto s = shared_from_this ();
-		m_Service.post ([s,data](void)
+		boost::asio::post (m_Service, [s,data](void)
 			{
 				s->AddECIESx25519Key (data.k, data.t);
 			});
@@ -343,13 +347,30 @@ namespace client
 
 	void LeaseSetDestination::ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg)
 	{
-		m_Service.post (std::bind (&LeaseSetDestination::HandleGarlicMessage, shared_from_this (), msg));
+		if (!msg) return;
+		bool empty = false;
+		{
+			std::lock_guard<std::mutex> l(m_IncomingMsgsQueueMutex);
+			empty = m_IncomingMsgsQueue.empty ();
+			m_IncomingMsgsQueue.push_back (msg);
+		}
+		if (empty)
+			boost::asio::post (m_Service, [s = shared_from_this ()]() 
+			{ 
+				std::list<std::shared_ptr<I2NPMessage> > receivedMsgs;
+				{
+					std::lock_guard<std::mutex> l(s->m_IncomingMsgsQueueMutex);
+					s->m_IncomingMsgsQueue.swap (receivedMsgs);
+				}
+			    for (auto& it: receivedMsgs)
+			    	s->HandleGarlicMessage (it);               
+			});
 	}
 
 	void LeaseSetDestination::ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg)
 	{
 		uint32_t msgID = bufbe32toh (msg->GetPayload () + DELIVERY_STATUS_MSGID_OFFSET);
-		m_Service.post (std::bind (&LeaseSetDestination::HandleDeliveryStatusMessage, shared_from_this (), msgID));
+		boost::asio::post (m_Service, std::bind (&LeaseSetDestination::HandleDeliveryStatusMessage, shared_from_this (), msgID));
 	}
 
 	void LeaseSetDestination::HandleI2NPMessage (const uint8_t * buf, size_t len)
@@ -367,9 +388,12 @@ namespace client
 				HandleDataMessage (payload, len);
 			break;
 			case eI2NPDeliveryStatus:
-				// we assume tunnel tests non-encrypted
 				HandleDeliveryStatusMessage (bufbe32toh (payload + DELIVERY_STATUS_MSGID_OFFSET));
 			break;
+			case eI2NPTunnelTest:
+				if (m_Pool)
+					m_Pool->ProcessTunnelTest (bufbe32toh (payload + TUNNEL_TEST_MSGID_OFFSET), bufbe64toh (payload + TUNNEL_TEST_TIMESTAMP_OFFSET));
+			break;
 			case eI2NPDatabaseStore:
 				HandleDatabaseStoreMessage (payload, len);
 			break;
@@ -407,6 +431,7 @@ namespace client
 		}
 		i2p::data::IdentHash key (buf + DATABASE_STORE_KEY_OFFSET);
 		std::shared_ptr<i2p::data::LeaseSet> leaseSet;
+		std::shared_ptr<LeaseSetRequest> request;
 		switch (buf[DATABASE_STORE_TYPE_OFFSET])
 		{
 			case i2p::data::NETDB_STORE_TYPE_LEASESET: // 1
@@ -462,34 +487,59 @@ namespace client
 			case i2p::data::NETDB_STORE_TYPE_ENCRYPTED_LEASESET2: // 5
 			{
 				auto it2 = m_LeaseSetRequests.find (key);
-				if (it2 != m_LeaseSetRequests.end () && it2->second->requestedBlindedKey)
+				if (it2 != m_LeaseSetRequests.end ())
 				{
-					auto ls2 = std::make_shared<i2p::data::LeaseSet2> (buf + offset, len - offset,
-						it2->second->requestedBlindedKey, m_LeaseSetPrivKey ? ((const uint8_t *)*m_LeaseSetPrivKey) : nullptr , GetPreferredCryptoType ());
-					if (ls2->IsValid () && !ls2->IsExpired ())
+					request = it2->second;
+					m_LeaseSetRequests.erase (it2);
+					if (request->requestedBlindedKey)
 					{
-						leaseSet = ls2;
-						std::lock_guard<std::mutex> lock(m_RemoteLeaseSetsMutex);
-						m_RemoteLeaseSets[ls2->GetIdentHash ()] = ls2; // ident is not key
-						m_RemoteLeaseSets[key] = ls2; // also store as key for next lookup
+						auto ls2 = std::make_shared<i2p::data::LeaseSet2> (buf + offset, len - offset,
+							request->requestedBlindedKey, m_LeaseSetPrivKey ? ((const uint8_t *)*m_LeaseSetPrivKey) : nullptr , GetPreferredCryptoType ());
+						if (ls2->IsValid () && !ls2->IsExpired ())
+						{
+							leaseSet = ls2;
+							std::lock_guard<std::mutex> lock(m_RemoteLeaseSetsMutex);
+							m_RemoteLeaseSets[ls2->GetIdentHash ()] = ls2; // ident is not key
+							m_RemoteLeaseSets[key] = ls2; // also store as key for next lookup
+						}
+						else
+							LogPrint (eLogError, "Destination: New remote encrypted LeaseSet2 failed");
 					}
 					else
-						LogPrint (eLogError, "Destination: New remote encrypted LeaseSet2 failed");
+					{
+						// publishing verification doesn't have requestedBlindedKey
+						auto localLeaseSet = GetLeaseSetMt ();
+						if (localLeaseSet->GetStoreHash () == key)
+						{
+							auto ls = std::make_shared<i2p::data::LeaseSet2> (i2p::data::NETDB_STORE_TYPE_ENCRYPTED_LEASESET2,
+								localLeaseSet->GetBuffer (), localLeaseSet->GetBufferLen (), false);
+							leaseSet = ls;
+						}
+						else
+							LogPrint (eLogWarning, "Destination: Encrypted LeaseSet2 received for request without blinded key");
+					}
 				}
 				else
-					LogPrint (eLogInfo, "Destination: Couldn't find request for encrypted LeaseSet2");
+					LogPrint (eLogWarning, "Destination: Couldn't find request for encrypted LeaseSet2");
 				break;
 			}
 			default:
 				LogPrint (eLogError, "Destination: Unexpected client's DatabaseStore type ", buf[DATABASE_STORE_TYPE_OFFSET], ", dropped");
 		}
 
-		auto it1 = m_LeaseSetRequests.find (key);
-		if (it1 != m_LeaseSetRequests.end ())
+		if (!request)
 		{
-			it1->second->requestTimeoutTimer.cancel ();
-			if (it1->second) it1->second->Complete (leaseSet);
-			m_LeaseSetRequests.erase (it1);
+			auto it1 = m_LeaseSetRequests.find (key);
+			if (it1 != m_LeaseSetRequests.end ())
+			{
+				request = it1->second;
+				m_LeaseSetRequests.erase (it1);
+			}
+		}
+		if (request)
+		{
+			request->requestTimeoutTimer.cancel ();
+			request->Complete (leaseSet);
 		}
 	}
 
@@ -502,38 +552,43 @@ namespace client
 		if (it != m_LeaseSetRequests.end ())
 		{
 			auto request = it->second;
-			bool found = false;
-			if (request->excluded.size () < MAX_NUM_FLOODFILLS_PER_REQUEST)
+			for (int i = 0; i < num; i++)
 			{
-				for (int i = 0; i < num; i++)
+				i2p::data::IdentHash peerHash (buf + 33 + i*32);
+				if (!request->excluded.count (peerHash) && !i2p::data::netdb.FindRouter (peerHash))
 				{
-					i2p::data::IdentHash peerHash (buf + 33 + i*32);
-					if (!request->excluded.count (peerHash) && !i2p::data::netdb.FindRouter (peerHash))
-					{
-						LogPrint (eLogInfo, "Destination: Found new floodfill, request it");
-						i2p::data::netdb.RequestDestination (peerHash, nullptr, false); // through exploratory
-					}
-				}
-
-				auto floodfill = i2p::data::netdb.GetClosestFloodfill (key, request->excluded);
-				if (floodfill)
-				{
-					LogPrint (eLogInfo, "Destination: Requesting ", key.ToBase64 (), " at ", floodfill->GetIdentHash ().ToBase64 ());
-					if (SendLeaseSetRequest (key, floodfill, request))
-						found = true;
+					LogPrint (eLogInfo, "Destination: Found new floodfill, request it");
+					i2p::data::netdb.RequestDestination (peerHash, nullptr, false); // through exploratory
 				}
 			}
-			if (!found)
-			{
-				LogPrint (eLogInfo, "Destination: ", key.ToBase64 (), " was not found on ", MAX_NUM_FLOODFILLS_PER_REQUEST, " floodfills");
-				request->Complete (nullptr);
-				m_LeaseSetRequests.erase (key);
-			}
+			SendNextLeaseSetRequest (key, request);
 		}
 		else
 			LogPrint (eLogWarning, "Destination: Request for ", key.ToBase64 (), " not found");
 	}
 
+	void LeaseSetDestination::SendNextLeaseSetRequest (const i2p::data::IdentHash& key,
+		std::shared_ptr<LeaseSetRequest> request)
+	{
+		bool found = false;
+		if (request->excluded.size () < MAX_NUM_FLOODFILLS_PER_REQUEST)
+		{
+			auto floodfill = i2p::data::netdb.GetClosestFloodfill (key, request->excluded);
+			if (floodfill)
+			{
+				LogPrint (eLogInfo, "Destination: Requesting ", key.ToBase64 (), " at ", floodfill->GetIdentHash ().ToBase64 ());
+				if (SendLeaseSetRequest (key, floodfill, request))
+					found = true;
+			}
+		}
+		if (!found)
+		{
+			LogPrint (eLogInfo, "Destination: ", key.ToBase64 (), " was not found on ", MAX_NUM_FLOODFILLS_PER_REQUEST, " floodfills");
+			request->Complete (nullptr);
+			m_LeaseSetRequests.erase (key);
+		}
+	}
+
 	void LeaseSetDestination::HandleDeliveryStatusMessage (uint32_t msgID)
 	{
 		if (msgID == m_PublishReplyToken)
@@ -542,7 +597,8 @@ namespace client
 			m_ExcludedFloodfills.clear ();
 			m_PublishReplyToken = 0;
 			// schedule verification
-			m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT));
+			m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT +
+				(m_Pool ? m_Pool->GetRng ()() % PUBLISH_VERIFICATION_TIMEOUT_VARIANCE : 0)));
 			m_PublishVerificationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishVerificationTimer,
 			shared_from_this (), std::placeholders::_1));
 		}
@@ -550,9 +606,12 @@ namespace client
 			i2p::garlic::GarlicDestination::HandleDeliveryStatusMessage (msgID);
 	}
 
-	void LeaseSetDestination::SetLeaseSetUpdated ()
+	void LeaseSetDestination::SetLeaseSetUpdated (bool post)
 	{
-		UpdateLeaseSet ();
+		if (post)
+			boost::asio::post (m_Service, [s = shared_from_this ()]() { s->UpdateLeaseSet (); });
+		else
+			UpdateLeaseSet ();
 	}
 
 	void LeaseSetDestination::Publish ()
@@ -578,12 +637,7 @@ namespace client
 				shared_from_this (), std::placeholders::_1));
 			return;
 		}
-		if (!m_Pool->GetInboundTunnels ().size () || !m_Pool->GetOutboundTunnels ().size ())
-		{
-			LogPrint (eLogError, "Destination: Can't publish LeaseSet. Destination is not ready");
-			return;
-		}
-		auto floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetIdentHash (), m_ExcludedFloodfills);
+		auto floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetStoreHash (), m_ExcludedFloodfills);
 		if (!floodfill)
 		{
 			LogPrint (eLogError, "Destination: Can't publish LeaseSet, no more floodfills found");
@@ -594,26 +648,39 @@ namespace client
 		auto inbound = m_Pool->GetNextInboundTunnel (nullptr, floodfill->GetCompatibleTransports (true));
 		if (!outbound || !inbound)
 		{
-			LogPrint (eLogInfo, "Destination: No compatible tunnels with ", floodfill->GetIdentHash ().ToBase64 (), ". Trying another floodfill");
-			m_ExcludedFloodfills.insert (floodfill->GetIdentHash ());
-			floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetIdentHash (), m_ExcludedFloodfills);
-			if (floodfill)
+			if (!m_Pool->GetInboundTunnels ().empty () && !m_Pool->GetOutboundTunnels ().empty ())
 			{
-				outbound = m_Pool->GetNextOutboundTunnel (nullptr, floodfill->GetCompatibleTransports (false));
-				if (outbound)
+				LogPrint (eLogInfo, "Destination: No compatible tunnels with ", floodfill->GetIdentHash ().ToBase64 (), ". Trying another floodfill");
+				m_ExcludedFloodfills.insert (floodfill->GetIdentHash ());
+				floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetStoreHash (), m_ExcludedFloodfills);
+				if (floodfill)
 				{
-					inbound = m_Pool->GetNextInboundTunnel (nullptr, floodfill->GetCompatibleTransports (true));
-					if (!inbound)
-						LogPrint (eLogError, "Destination: Can't publish LeaseSet. No inbound tunnels");
+					outbound = m_Pool->GetNextOutboundTunnel (nullptr, floodfill->GetCompatibleTransports (false));
+					if (outbound)
+					{
+						inbound = m_Pool->GetNextInboundTunnel (nullptr, floodfill->GetCompatibleTransports (true));
+						if (!inbound)
+							LogPrint (eLogError, "Destination: Can't publish LeaseSet. No inbound tunnels");
+					}
+					else
+						LogPrint (eLogError, "Destination: Can't publish LeaseSet. No outbound tunnels");
 				}
 				else
-					LogPrint (eLogError, "Destination: Can't publish LeaseSet. No outbound tunnels");
+					LogPrint (eLogError, "Destination: Can't publish LeaseSet, no more floodfills found");
 			}
 			else
-				LogPrint (eLogError, "Destination: Can't publish LeaseSet, no more floodfills found");
+				LogPrint (eLogDebug, "Destination: No tunnels in pool");
+
 			if (!floodfill || !outbound || !inbound)
 			{
+				// we can't publish now
 				m_ExcludedFloodfills.clear ();
+				m_PublishReplyToken = 1; // dummy non-zero value
+				// try again after a while
+				LogPrint (eLogInfo, "Destination: Can't publish LeasetSet because destination is not ready. Try publishing again after ", PUBLISH_CONFIRMATION_TIMEOUT, " milliseconds");
+				m_PublishConfirmationTimer.expires_from_now (boost::posix_time::milliseconds(PUBLISH_CONFIRMATION_TIMEOUT));
+				m_PublishConfirmationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishConfirmationTimer,
+					shared_from_this (), std::placeholders::_1));
 				return;
 			}
 		}
@@ -621,7 +688,16 @@ namespace client
 		LogPrint (eLogDebug, "Destination: Publish LeaseSet of ", GetIdentHash ().ToBase32 ());
 		RAND_bytes ((uint8_t *)&m_PublishReplyToken, 4);
 		auto msg = WrapMessageForRouter (floodfill, i2p::CreateDatabaseStoreMsg (leaseSet, m_PublishReplyToken, inbound));
-		m_PublishConfirmationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_CONFIRMATION_TIMEOUT));
+		auto s = shared_from_this ();
+		msg->onDrop = [s]()
+			{
+				boost::asio::post (s->GetService (), [s]()
+					{
+						s->m_PublishConfirmationTimer.cancel ();
+						s->HandlePublishConfirmationTimer (boost::system::error_code());
+					});
+			};
+		m_PublishConfirmationTimer.expires_from_now (boost::posix_time::milliseconds(PUBLISH_CONFIRMATION_TIMEOUT));
 		m_PublishConfirmationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishConfirmationTimer,
 			shared_from_this (), std::placeholders::_1));
 		outbound->SendTunnelDataMsgTo (floodfill->GetIdentHash (), 0, msg);
@@ -637,15 +713,15 @@ namespace client
 				m_PublishReplyToken = 0;
 				if (GetIdentity ()->GetCryptoKeyType () == i2p::data::CRYPTO_KEY_TYPE_ELGAMAL)
 				{
-					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " seconds, will try again");
+					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " milliseconds or failed. will try again");
 					Publish ();
 				}
 				else
 				{
-					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " seconds from Java floodfill for crypto type ", (int)GetIdentity ()->GetCryptoKeyType ());
+					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " milliseconds from Java floodfill for crypto type ", (int)GetIdentity ()->GetCryptoKeyType ());
 					// Java floodfill never sends confirmation back for unknown crypto type
 					// assume it successive and try to verify
-					m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT));
+					m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT + PUBLISH_VERIFICATION_TIMEOUT_VARIANCE)); // always max
 					m_PublishVerificationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishVerificationTimer,
 			shared_from_this (), std::placeholders::_1));
 
@@ -700,10 +776,10 @@ namespace client
 		if (!m_Pool || !IsReady ())
 		{
 			if (requestComplete)
-				m_Service.post ([requestComplete](void){requestComplete (nullptr);});
+				boost::asio::post (m_Service, [requestComplete](void){requestComplete (nullptr);});
 			return false;
 		}
-		m_Service.post (std::bind (&LeaseSetDestination::RequestLeaseSet, shared_from_this (), dest, requestComplete, nullptr));
+		boost::asio::post (m_Service, std::bind (&LeaseSetDestination::RequestLeaseSet, shared_from_this (), dest, requestComplete, nullptr));
 		return true;
 	}
 
@@ -712,7 +788,7 @@ namespace client
 		if (!dest || !m_Pool || !IsReady ())
 		{
 			if (requestComplete)
-				m_Service.post ([requestComplete](void){requestComplete (nullptr);});
+				boost::asio::post (m_Service, [requestComplete](void){requestComplete (nullptr);});
 			return false;
 		}
 		auto storeHash = dest->GetStoreHash ();
@@ -720,17 +796,17 @@ namespace client
 		if (leaseSet)
 		{
 			if (requestComplete)
-				m_Service.post ([requestComplete, leaseSet](void){requestComplete (leaseSet);});
+				boost::asio::post (m_Service, [requestComplete, leaseSet](void){requestComplete (leaseSet);});
 			return true;
 		}
-		m_Service.post (std::bind (&LeaseSetDestination::RequestLeaseSet, shared_from_this (), storeHash, requestComplete, dest));
+		boost::asio::post (m_Service, std::bind (&LeaseSetDestination::RequestLeaseSet, shared_from_this (), storeHash, requestComplete, dest));
 		return true;
 	}
 
 	void LeaseSetDestination::CancelDestinationRequest (const i2p::data::IdentHash& dest, bool notify)
 	{
 		auto s = shared_from_this ();
-		m_Service.post ([dest, notify, s](void)
+		boost::asio::post (m_Service, [dest, notify, s](void)
 			{
 				auto it = s->m_LeaseSetRequests.find (dest);
 				if (it != s->m_LeaseSetRequests.end ())
@@ -750,7 +826,7 @@ namespace client
 
 	void LeaseSetDestination::RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> requestedBlindedKey)
 	{
-		std::set<i2p::data::IdentHash> excluded;
+		std::unordered_set<i2p::data::IdentHash> excluded;
 		auto floodfill = i2p::data::netdb.GetClosestFloodfill (dest, excluded);
 		if (floodfill)
 		{
@@ -758,7 +834,7 @@ namespace client
 			request->requestedBlindedKey = requestedBlindedKey; // for encrypted LeaseSet2
 			if (requestComplete)
 				request->requestComplete.push_back (requestComplete);
-			auto ts = i2p::util::GetSecondsSinceEpoch ();
+			auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 			auto ret = m_LeaseSetRequests.insert (std::pair<i2p::data::IdentHash, std::shared_ptr<LeaseSetRequest> >(dest,request));
 			if (ret.second) // inserted
 			{
@@ -822,8 +898,17 @@ namespace client
 				AddECIESx25519Key (replyKey, replyTag);
 			else
 				AddSessionKey (replyKey, replyTag);
-			auto msg = WrapMessageForRouter (nextFloodfill, CreateLeaseSetDatabaseLookupMsg (dest,
-				request->excluded, request->replyTunnel, replyKey, replyTag, isECIES));
+
+			auto msg = WrapMessageForRouter (nextFloodfill,
+				CreateLeaseSetDatabaseLookupMsg (dest, request->excluded, request->replyTunnel, replyKey, replyTag, isECIES));
+			auto s = shared_from_this ();
+			msg->onDrop = [s, dest, request]()
+				{
+					boost::asio::post (s->GetService (), [s, dest, request]()
+						{
+							s->SendNextLeaseSetRequest (dest, request);
+						});
+				};
 			request->outboundTunnel->SendTunnelDataMsgs (
 				{
 					i2p::tunnel::TunnelMessageBlock
@@ -832,7 +917,7 @@ namespace client
 						nextFloodfill->GetIdentHash (), 0, msg
 					}
 				});
-			request->requestTimeoutTimer.expires_from_now (boost::posix_time::seconds(LEASESET_REQUEST_TIMEOUT));
+			request->requestTimeoutTimer.expires_from_now (boost::posix_time::milliseconds(LEASESET_REQUEST_TIMEOUT));
 			request->requestTimeoutTimer.async_wait (std::bind (&LeaseSetDestination::HandleRequestTimoutTimer,
 				shared_from_this (), std::placeholders::_1, dest));
 		}
@@ -849,7 +934,7 @@ namespace client
 			if (it != m_LeaseSetRequests.end ())
 			{
 				bool done = false;
-				uint64_t ts = i2p::util::GetSecondsSinceEpoch ();
+				uint64_t ts = i2p::util::GetMillisecondsSinceEpoch ();
 				if (ts < it->second->requestTime + MAX_LEASESET_REQUEST_TIMEOUT)
 				{
 					auto floodfill = i2p::data::netdb.GetClosestFloodfill (dest, it->second->excluded);
@@ -886,7 +971,8 @@ namespace client
 			CleanupExpiredTags ();
 			CleanupRemoteLeaseSets ();
 			CleanupDestination ();
-			m_CleanupTimer.expires_from_now (boost::posix_time::minutes (DESTINATION_CLEANUP_TIMEOUT));
+			m_CleanupTimer.expires_from_now (boost::posix_time::seconds (DESTINATION_CLEANUP_TIMEOUT +
+				(m_Pool ? m_Pool->GetRng ()() % DESTINATION_CLEANUP_TIMEOUT_VARIANCE : 0)));
 			m_CleanupTimer.async_wait (std::bind (&LeaseSetDestination::HandleCleanupTimer,
 				shared_from_this (), std::placeholders::_1));
 		}
@@ -900,7 +986,7 @@ namespace client
 		{
 			if (it->second->IsEmpty () || ts > it->second->GetExpirationTime ()) // leaseset expired
 			{
-				LogPrint (eLogWarning, "Destination: Remote LeaseSet ", it->second->GetIdentHash ().ToBase64 (), " expired");
+				LogPrint (eLogDebug, "Destination: Remote LeaseSet ", it->second->GetIdentHash ().ToBase64 (), " expired");
 				it = m_RemoteLeaseSets.erase (it);
 			}
 			else
@@ -915,12 +1001,15 @@ namespace client
 		return i2p::data::CRYPTO_KEY_TYPE_ELGAMAL;
 	}
 
-	ClientDestination::ClientDestination (boost::asio::io_service& service, const i2p::data::PrivateKeys& keys,
+	ClientDestination::ClientDestination (boost::asio::io_context& service, const i2p::data::PrivateKeys& keys,
 		bool isPublic, const std::map<std::string, std::string> * params):
 		LeaseSetDestination (service, isPublic, params),
 		m_Keys (keys), m_StreamingAckDelay (DEFAULT_INITIAL_ACK_DELAY),
+		m_StreamingOutboundSpeed (DEFAULT_MAX_OUTBOUND_SPEED),
+		m_StreamingInboundSpeed (DEFAULT_MAX_INBOUND_SPEED),
+		m_StreamingMaxConcurrentStreams (DEFAULT_MAX_CONCURRENT_STREAMS),
 		m_IsStreamingAnswerPings (DEFAULT_ANSWER_PINGS), m_LastPort (0),
-		m_DatagramDestination (nullptr), m_RefCounter (0),
+		m_DatagramDestination (nullptr), m_RefCounter (0), m_LastPublishedTimestamp (0),
 		m_ReadyChecker(service)
 	{
 		if (keys.IsOfflineSignature () && GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_LEASESET)
@@ -951,18 +1040,15 @@ namespace client
 			}
 		}
 		// if no param or valid crypto type use from identity
-		bool isSingleKey = false;
 		if (encryptionKeyTypes.empty ())
-		{
-			isSingleKey = true;
-			encryptionKeyTypes.insert (GetIdentity ()->GetCryptoKeyType ());
-		}
+			encryptionKeyTypes.insert ( { GetIdentity ()->GetCryptoKeyType (),
+				i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD }); // usually 0,4
 
 		for (auto& it: encryptionKeyTypes)
 		{
 			auto encryptionKey = new EncryptionKey (it);
 			if (IsPublic ())
-				PersistTemporaryKeys (encryptionKey, isSingleKey);
+				PersistTemporaryKeys (encryptionKey);
 			else
 				encryptionKey->GenerateKeys ();
 			encryptionKey->CreateDecryptor ();
@@ -987,6 +1073,14 @@ namespace client
 				auto it = params->find (I2CP_PARAM_STREAMING_INITIAL_ACK_DELAY);
 				if (it != params->end ())
 					m_StreamingAckDelay = std::stoi(it->second);
+				it = params->find (I2CP_PARAM_STREAMING_MAX_OUTBOUND_SPEED);
+				if (it != params->end ())
+					m_StreamingOutboundSpeed = std::stoi(it->second);
+				it = params->find (I2CP_PARAM_STREAMING_MAX_INBOUND_SPEED);
+				if (it != params->end ())
+					m_StreamingInboundSpeed = std::stoi(it->second);
+				if (it != params->end ())
+					m_StreamingMaxConcurrentStreams = std::stoi(it->second);
 				it = params->find (I2CP_PARAM_STREAMING_ANSWER_PINGS);
 				if (it != params->end ())
 					m_IsStreamingAnswerPings = std::stoi (it->second); // 1 for true
@@ -1037,7 +1131,6 @@ namespace client
 	void ClientDestination::Stop ()
 	{
 		LogPrint(eLogDebug, "Destination: Stopping destination ", GetIdentHash().ToBase32(), ".b32.i2p");
-		LeaseSetDestination::Stop ();
 		m_ReadyChecker.cancel();
 		LogPrint(eLogDebug, "Destination: -> Stopping Streaming Destination");
 		m_StreamingDestination->Stop ();
@@ -1059,6 +1152,7 @@ namespace client
 			delete m_DatagramDestination;
 			m_DatagramDestination = nullptr;
 		}
+		LeaseSetDestination::Stop ();
 		LogPrint(eLogDebug, "Destination: -> Stopping done");
 	}
 
@@ -1122,7 +1216,7 @@ namespace client
 		if (leaseSet)
 		{
 			auto stream = CreateStream (leaseSet, port);
-			GetService ().post ([streamRequestComplete, stream]()
+			boost::asio::post (GetService (), [streamRequestComplete, stream]()
 				{
 					streamRequestComplete(stream);
 				});
@@ -1315,12 +1409,11 @@ namespace client
 		return ret;
 	}
 
-	void ClientDestination::PersistTemporaryKeys (EncryptionKey * keys, bool isSingleKey)
+	void ClientDestination::PersistTemporaryKeys (EncryptionKey * keys)
 	{
 		if (!keys) return;
 		std::string ident = GetIdentHash().ToBase32();
-		std::string path  = i2p::fs::DataDirPath("destinations",
-			isSingleKey ? (ident + ".dat") : (ident + "." + std::to_string (keys->keyType) + ".dat"));
+		std::string path  = i2p::fs::DataDirPath("destinations", ident + "." + std::to_string (keys->keyType) + ".dat");
 		std::ifstream f(path, std::ifstream::binary);
 
 		if (f) {
@@ -1366,12 +1459,19 @@ namespace client
 			if (m_StandardEncryptionKey)
 				keySections.push_back ({m_StandardEncryptionKey->keyType, (uint16_t)m_StandardEncryptionKey->decryptor->GetPublicKeyLen (), m_StandardEncryptionKey->pub} );
 
+			auto publishedTimestamp = i2p::util::GetSecondsSinceEpoch ();
+			if (publishedTimestamp <= m_LastPublishedTimestamp)
+			{
+				LogPrint (eLogDebug, "Destination: LeaseSet update at the same second");
+				publishedTimestamp++; // force newer timestamp
+			}
 			bool isPublishedEncrypted = GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_ENCRYPTED_LEASESET2;
 			auto ls2 = std::make_shared<i2p::data::LocalLeaseSet2> (i2p::data::NETDB_STORE_TYPE_STANDARD_LEASESET2,
-				m_Keys, keySections, tunnels, IsPublic (), isPublishedEncrypted);
+				m_Keys, keySections, tunnels, IsPublic (), publishedTimestamp, isPublishedEncrypted);
 			if (isPublishedEncrypted) // encrypt if type 5
 				ls2 = std::make_shared<i2p::data::LocalEncryptedLeaseSet2> (ls2, m_Keys, GetAuthType (), m_AuthKeys);
 			leaseSet = ls2;
+			m_LastPublishedTimestamp = publishedTimestamp;
 		}
 		SetLeaseSet (leaseSet);
 	}
@@ -1436,6 +1536,8 @@ namespace client
 		RunnableService ("Destination"),
 		ClientDestination (GetIOService (), keys, isPublic, params)
 	{
+		if (!GetNickname ().empty ())
+			RunnableService::SetName (GetNickname ());
 	}
 
 	RunnableClientDestination::~RunnableClientDestination ()

libi2pd/Destination.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -15,7 +15,7 @@
 #include <memory>
 #include <map>
 #include <unordered_map>
-#include <set>
+#include <unordered_set>
 #include <string>
 #include <functional>
 #include <boost/asio.hpp>
@@ -36,13 +36,15 @@ namespace client
 	const uint8_t PROTOCOL_TYPE_STREAMING = 6;
 	const uint8_t PROTOCOL_TYPE_DATAGRAM = 17;
 	const uint8_t PROTOCOL_TYPE_RAW = 18;
-	const int PUBLISH_CONFIRMATION_TIMEOUT = 5; // in seconds
-	const int PUBLISH_VERIFICATION_TIMEOUT = 10; // in seconds after successful publish
+	const int PUBLISH_CONFIRMATION_TIMEOUT = 1800; // in milliseconds
+	const int PUBLISH_VERIFICATION_TIMEOUT = 5; // in seconds after successful publish
+	const int PUBLISH_VERIFICATION_TIMEOUT_VARIANCE = 3; // in seconds
 	const int PUBLISH_MIN_INTERVAL = 20; // in seconds
 	const int PUBLISH_REGULAR_VERIFICATION_INTERNAL = 100; // in seconds periodically
-	const int LEASESET_REQUEST_TIMEOUT = 5; // in seconds
-	const int MAX_LEASESET_REQUEST_TIMEOUT = 40; // in seconds
-	const int DESTINATION_CLEANUP_TIMEOUT = 3; // in minutes
+	const int LEASESET_REQUEST_TIMEOUT = 1600; // in milliseconds
+	const int MAX_LEASESET_REQUEST_TIMEOUT = 12000; // in milliseconds
+	const int DESTINATION_CLEANUP_TIMEOUT = 44; // in seconds
+	const int DESTINATION_CLEANUP_TIMEOUT_VARIANCE = 30; // in seconds
 	const unsigned int MAX_NUM_FLOODFILLS_PER_REQUEST = 7;
 
 	// I2CP
@@ -84,9 +86,19 @@ namespace client
 	// streaming
 	const char I2CP_PARAM_STREAMING_INITIAL_ACK_DELAY[] = "i2p.streaming.initialAckDelay";
 	const int DEFAULT_INITIAL_ACK_DELAY = 200; // milliseconds
+	const char I2CP_PARAM_STREAMING_MAX_OUTBOUND_SPEED[] = "i2p.streaming.maxOutboundSpeed"; // bytes/sec
+	const int DEFAULT_MAX_OUTBOUND_SPEED = 1730000000; // no more than 1.73 Gbytes/s
+	const char I2CP_PARAM_STREAMING_MAX_INBOUND_SPEED[] = "i2p.streaming.maxInboundSpeed"; // bytes/sec
+	const int DEFAULT_MAX_INBOUND_SPEED = 1730000000; // no more than 1.73 Gbytes/s
 	const char I2CP_PARAM_STREAMING_ANSWER_PINGS[] = "i2p.streaming.answerPings";
 	const int DEFAULT_ANSWER_PINGS = true;
-
+	const char I2CP_PARAM_STREAMING_PROFILE[] = "i2p.streaming.profile";
+	const int STREAMING_PROFILE_BULK = 1; // high bandwidth
+	const int STREAMING_PROFILE_INTERACTIVE = 2; // low bandwidth
+	const int DEFAULT_STREAMING_PROFILE = STREAMING_PROFILE_BULK;
+	const char I2CP_PARAM_STREAMING_MAX_CONCURRENT_STREAMS[] = "i2p.streaming.maxConcurrentStreams";
+	const int DEFAULT_MAX_CONCURRENT_STREAMS = 2048;
+	
 	typedef std::function<void (std::shared_ptr<i2p::stream::Stream> stream)> StreamRequestComplete;
 
 	class LeaseSetDestination: public i2p::garlic::GarlicDestination,
@@ -96,8 +108,8 @@ namespace client
 		// leaseSet = nullptr means not found
 		struct LeaseSetRequest
 		{
-			LeaseSetRequest (boost::asio::io_service& service): requestTime (0), requestTimeoutTimer (service) {};
-			std::set<i2p::data::IdentHash> excluded;
+			LeaseSetRequest (boost::asio::io_context& service): requestTime (0), requestTimeoutTimer (service) {};
+			std::unordered_set<i2p::data::IdentHash> excluded;
 			uint64_t requestTime;
 			boost::asio::deadline_timer requestTimeoutTimer;
 			std::list<RequestComplete> requestComplete;
@@ -114,10 +126,10 @@ namespace client
 
 		public:
 
-			LeaseSetDestination (boost::asio::io_service& service, bool isPublic, const std::map<std::string, std::string> * params = nullptr);
+			LeaseSetDestination (boost::asio::io_context& service, bool isPublic, const std::map<std::string, std::string> * params = nullptr);
 			~LeaseSetDestination ();
 			const std::string& GetNickname () const { return m_Nickname; };
-			boost::asio::io_service& GetService () { return m_Service; };
+			auto& GetService () { return m_Service; };
 
 			virtual void Start ();
 			virtual void Stop ();
@@ -134,15 +146,15 @@ namespace client
 			void CancelDestinationRequestWithEncryptedLeaseSet (std::shared_ptr<const i2p::data::BlindedPublicKey> dest, bool notify = true);
 
 			// implements GarlicDestination
-			std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSet ();
-			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () const { return m_Pool; }
+			std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSet () override;
+			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () const override { return m_Pool; }
 
 			// override GarlicDestination
-			bool SubmitSessionKey (const uint8_t * key, const uint8_t * tag);
-			void SubmitECIESx25519Key (const uint8_t * key, uint64_t tag);
-			void ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg);
-			void ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);
-			void SetLeaseSetUpdated ();
+			bool SubmitSessionKey (const uint8_t * key, const uint8_t * tag) override;
+			void SubmitECIESx25519Key (const uint8_t * key, uint64_t tag) override;
+			void ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg) override;
+			void ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg) override;
+			void SetLeaseSetUpdated (bool post) override;
 
 			bool IsPublic () const { return m_IsPublic; };
 			void SetPublic (bool pub) { m_IsPublic = pub; };
@@ -150,8 +162,8 @@ namespace client
 		protected:
 
 			// implements GarlicDestination
-			void HandleI2NPMessage (const uint8_t * buf, size_t len);
-			bool HandleCloveI2NPMessage (I2NPMessageType typeID, const uint8_t * payload, size_t len, uint32_t msgID);
+			void HandleI2NPMessage (const uint8_t * buf, size_t len) override;
+			bool HandleCloveI2NPMessage (I2NPMessageType typeID, const uint8_t * payload, size_t len, uint32_t msgID) override;
 
 			void SetLeaseSet (std::shared_ptr<const i2p::data::LocalLeaseSet> newLeaseSet);
 			int GetLeaseSetType () const { return m_LeaseSetType; };
@@ -176,6 +188,7 @@ namespace client
 
 			void RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> requestedBlindedKey = nullptr);
 			bool SendLeaseSetRequest (const i2p::data::IdentHash& dest, std::shared_ptr<const i2p::data::RouterInfo> nextFloodfill, std::shared_ptr<LeaseSetRequest> request);
+			void SendNextLeaseSetRequest (const i2p::data::IdentHash& key, std::shared_ptr<LeaseSetRequest> request);
 			void HandleRequestTimoutTimer (const boost::system::error_code& ecode, const i2p::data::IdentHash& dest);
 			void HandleCleanupTimer (const boost::system::error_code& ecode);
 			void CleanupRemoteLeaseSets ();
@@ -183,18 +196,21 @@ namespace client
 
 		private:
 
-			boost::asio::io_service& m_Service;
+			boost::asio::io_context& m_Service;
 			mutable std::mutex m_RemoteLeaseSetsMutex;
 			std::unordered_map<i2p::data::IdentHash, std::shared_ptr<i2p::data::LeaseSet> > m_RemoteLeaseSets;
 			std::unordered_map<i2p::data::IdentHash, std::shared_ptr<LeaseSetRequest> > m_LeaseSetRequests;
 
+			std::list<std::shared_ptr<I2NPMessage> > m_IncomingMsgsQueue;
+			mutable std::mutex m_IncomingMsgsQueueMutex;
+			
 			std::shared_ptr<i2p::tunnel::TunnelPool> m_Pool;
 			std::mutex m_LeaseSetMutex;
 			std::shared_ptr<const i2p::data::LocalLeaseSet> m_LeaseSet;
 			bool m_IsPublic;
 			uint32_t m_PublishReplyToken;
 			uint64_t m_LastSubmissionTime; // in seconds
-			std::set<i2p::data::IdentHash> m_ExcludedFloodfills; // for publishing
+			std::unordered_set<i2p::data::IdentHash> m_ExcludedFloodfills; // for publishing
 
 			boost::asio::deadline_timer m_PublishConfirmationTimer, m_PublishVerificationTimer,
 				m_PublishDelayTimer, m_CleanupTimer;
@@ -226,7 +242,7 @@ namespace client
 
 		public:
 
-			ClientDestination (boost::asio::io_service& service, const i2p::data::PrivateKeys& keys,
+			ClientDestination (boost::asio::io_context& service, const i2p::data::PrivateKeys& keys,
 				bool isPublic, const std::map<std::string, std::string> * params = nullptr);
 			~ClientDestination ();
 
@@ -258,6 +274,9 @@ namespace client
 			bool IsAcceptingStreams () const;
 			void AcceptOnce (const i2p::stream::StreamingDestination::Acceptor& acceptor);
 			int GetStreamingAckDelay () const { return m_StreamingAckDelay; }
+			int GetStreamingOutboundSpeed () const { return m_StreamingOutboundSpeed; }
+			int GetStreamingInboundSpeed () const { return m_StreamingInboundSpeed; }
+			int GetStreamingMaxConcurrentStreams () const { return m_StreamingMaxConcurrentStreams; }
 			bool IsStreamingAnswerPings () const { return m_IsStreamingAnswerPings; }
 
 			// datagram
@@ -282,7 +301,7 @@ namespace client
 			std::shared_ptr<ClientDestination> GetSharedFromThis () {
 				return std::static_pointer_cast<ClientDestination>(shared_from_this ());
 			}
-			void PersistTemporaryKeys (EncryptionKey * keys, bool isSingleKey);
+			void PersistTemporaryKeys (EncryptionKey * keys);
 			void ReadAuthKey (const std::string& group, const std::map<std::string, std::string> * params);
 
 			template<typename Dest>
@@ -294,13 +313,14 @@ namespace client
 			std::unique_ptr<EncryptionKey> m_StandardEncryptionKey;
 			std::unique_ptr<EncryptionKey> m_ECIESx25519EncryptionKey;
 
-			int m_StreamingAckDelay;
+			int m_StreamingAckDelay,m_StreamingOutboundSpeed, m_StreamingInboundSpeed, m_StreamingMaxConcurrentStreams;
 			bool m_IsStreamingAnswerPings;
 			std::shared_ptr<i2p::stream::StreamingDestination> m_StreamingDestination; // default
 			std::map<uint16_t, std::shared_ptr<i2p::stream::StreamingDestination> > m_StreamingDestinationsByPorts;
 			std::shared_ptr<i2p::stream::StreamingDestination> m_LastStreamingDestination; uint16_t m_LastPort; // for server tunnels
 			i2p::datagram::DatagramDestination * m_DatagramDestination;
 			int m_RefCounter; // how many clients(tunnels) use this destination
+			uint64_t m_LastPublishedTimestamp;
 
 			boost::asio::deadline_timer m_ReadyChecker;
 

libi2pd/ECIESX25519AEADRatchetSession.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -117,6 +117,12 @@ namespace garlic
 		return session->HandleNextMessage (buf, len, shared_from_this (), index);
 	}
 
+	bool ReceiveRatchetTagSet::IsSessionTerminated () const 
+	{ 
+		return !m_Session || m_Session->IsTerminated (); 
+	}
+
+	
 	SymmetricKeyTagSet::SymmetricKeyTagSet (GarlicDestination * destination, const uint8_t * key):
 		ReceiveRatchetTagSet (nullptr), m_Destination (destination)
 	{
@@ -223,6 +229,29 @@ namespace garlic
 		tagsetNsr->NextSessionTagRatchet ();
 	}
 
+	bool ECIESX25519AEADRatchetSession::MessageConfirmed (uint32_t msgID)
+	{
+		auto ret = GarlicRoutingSession::MessageConfirmed (msgID); // LeaseSet
+		if (m_AckRequestMsgID && m_AckRequestMsgID == msgID)
+		{
+			m_AckRequestMsgID = 0;
+			m_AckRequestNumAttempts = 0;
+			ret = true;
+		}	
+		return ret;
+	}	
+
+	bool ECIESX25519AEADRatchetSession::CleanupUnconfirmedTags ()
+	{
+		if (m_AckRequestMsgID && m_AckRequestNumAttempts > ECIESX25519_ACK_REQUEST_MAX_NUM_ATTEMPTS)
+		{
+			m_AckRequestMsgID = 0;
+			m_AckRequestNumAttempts = 0;
+			return true;	
+		}
+		return false;
+	}	
+		
 	bool ECIESX25519AEADRatchetSession::HandleNewIncomingSession (const uint8_t * buf, size_t len)
 	{
 		if (!GetOwner ()) return false;
@@ -327,8 +356,9 @@ namespace garlic
 					auto offset1 = offset;
 					for (auto i = 0; i < numAcks; i++)
 					{
-						offset1 += 2; // tagsetid
-						MessageConfirmed (bufbe16toh (buf + offset1)); offset1 += 2; // N
+						uint32_t tagsetid = bufbe16toh (buf + offset1); offset1 += 2; // tagsetid
+						uint16_t n = bufbe16toh (buf + offset1); offset1 += 2; // N
+						MessageConfirmed ((tagsetid << 16) + n); // msgid = (tagsetid << 16) + N
 					}
 					break;
 				}
@@ -391,7 +421,6 @@ namespace garlic
 		{
 			uint16_t keyID = bufbe16toh (buf); buf += 2; // keyID
 			bool newKey = flag & ECIESX25519_NEXT_KEY_REQUEST_REVERSE_KEY_FLAG;
-			m_SendReverseKey = true;
 			if (!m_NextReceiveRatchet)
 				m_NextReceiveRatchet.reset (new DHRatchet ());
 			else
@@ -403,15 +432,14 @@ namespace garlic
 				}
 				m_NextReceiveRatchet->keyID = keyID;
 			}
-			int tagsetID = 2*keyID;
 			if (newKey)
 			{
 				m_NextReceiveRatchet->key = i2p::transport::transports.GetNextX25519KeysPair ();
 				m_NextReceiveRatchet->newKey = true;
-				tagsetID++;
 			}
 			else
 				m_NextReceiveRatchet->newKey = false;
+			auto tagsetID = m_NextReceiveRatchet->GetReceiveTagSetID ();
 			if (flag & ECIESX25519_NEXT_KEY_KEY_PRESENT_FLAG)
 				memcpy (m_NextReceiveRatchet->remote, buf, 32);
 
@@ -425,7 +453,9 @@ namespace garlic
 			GenerateMoreReceiveTags (newTagset, (GetOwner () && GetOwner ()->GetNumRatchetInboundTags () > 0) ?
 				GetOwner ()->GetNumRatchetInboundTags () : ECIESX25519_MAX_NUM_GENERATED_TAGS);
 			receiveTagset->Expire ();
+			
 			LogPrint (eLogDebug, "Garlic: Next receive tagset ", tagsetID, " created");
+			m_SendReverseKey = true;
 		}
 	}
 
@@ -695,6 +725,8 @@ namespace garlic
 
 	bool ECIESX25519AEADRatchetSession::NewExistingSessionMessage (const uint8_t * payload, size_t len, uint8_t * out, size_t outLen)
 	{
+		auto owner = GetOwner ();
+		if (!owner) return false;
 		uint8_t nonce[12];
 		auto index = m_SendTagset->GetNextIndex ();
 		CreateNonce (index, nonce); // tag's index
@@ -702,8 +734,7 @@ namespace garlic
 		if (!tag)
 		{
 			LogPrint (eLogError, "Garlic: Can't create new ECIES-X25519-AEAD-Ratchet tag for send tagset");
-			if (GetOwner ())
-				GetOwner ()->RemoveECIESx25519Session (m_RemoteStaticKey);
+			owner->RemoveECIESx25519Session (m_RemoteStaticKey);
 			return false;
 		}
 		memcpy (out, &tag, 8);
@@ -711,7 +742,7 @@ namespace garlic
 		// ciphertext = ENCRYPT(k, n, payload, ad)
 		uint8_t key[32];
 		m_SendTagset->GetSymmKey (index, key);
-		if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len, out, 8, key, nonce, out + 8, outLen - 8, true)) // encrypt
+		if (!owner->AEADChaCha20Poly1305Encrypt (payload, len, out, 8, key, nonce, out + 8, outLen - 8))
 		{
 			LogPrint (eLogWarning, "Garlic: Payload section AEAD encryption failed");
 			return false;
@@ -730,33 +761,35 @@ namespace garlic
 		uint8_t * payload = buf + 8;
 		uint8_t key[32];
 		receiveTagset->GetSymmKey (index, key);
-		if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len - 16, buf, 8, key, nonce, payload, len - 16, false)) // decrypt
+		auto owner = GetOwner ();
+		if (!owner) return true; // drop message
+		
+		if (!owner->AEADChaCha20Poly1305Decrypt (payload, len - 16, buf, 8, key, nonce, payload, len - 16))
 		{
 			LogPrint (eLogWarning, "Garlic: Payload section AEAD decryption failed");
 			return false;
 		}
 		HandlePayload (payload, len - 16, receiveTagset, index);
-		if (GetOwner ())
+		
+		int moreTags = 0;
+		if (owner->GetNumRatchetInboundTags () > 0) // override in settings?
 		{
-			int moreTags = 0;
-			if (GetOwner ()->GetNumRatchetInboundTags () > 0) // override in settings?
-			{
-				if (receiveTagset->GetNextIndex () - index < GetOwner ()->GetNumRatchetInboundTags ()/2)
-					moreTags = GetOwner ()->GetNumRatchetInboundTags ();
-				index -= GetOwner ()->GetNumRatchetInboundTags (); // trim behind
-			}
-			else
-			{
-				moreTags = ECIESX25519_MIN_NUM_GENERATED_TAGS + (index >> 2); // N/4
-				if (moreTags > ECIESX25519_MAX_NUM_GENERATED_TAGS) moreTags = ECIESX25519_MAX_NUM_GENERATED_TAGS;
-				moreTags -= (receiveTagset->GetNextIndex () - index);
-				index -= ECIESX25519_MAX_NUM_GENERATED_TAGS; // trim behind
-			}
-			if (moreTags > 0)
-				GenerateMoreReceiveTags (receiveTagset, moreTags);
-			if (index > 0)
-				receiveTagset->SetTrimBehind (index);
+			if (receiveTagset->GetNextIndex () - index < owner->GetNumRatchetInboundTags ()/2)
+				moreTags = owner->GetNumRatchetInboundTags ();
+			index -= owner->GetNumRatchetInboundTags (); // trim behind
 		}
+		else
+		{
+			moreTags = (receiveTagset->GetTagSetID () > 0) ? ECIESX25519_MAX_NUM_GENERATED_TAGS : // for non first tagset
+				(ECIESX25519_MIN_NUM_GENERATED_TAGS + (index >> 1)); // N/2
+			if (moreTags > ECIESX25519_MAX_NUM_GENERATED_TAGS) moreTags = ECIESX25519_MAX_NUM_GENERATED_TAGS;
+			moreTags -= (receiveTagset->GetNextIndex () - index);
+			index -= ECIESX25519_MAX_NUM_GENERATED_TAGS; // trim behind
+		}
+		if (moreTags > 0)
+			GenerateMoreReceiveTags (receiveTagset, moreTags);
+		if (index > 0)
+			receiveTagset->SetTrimBehind (index);
 		return true;
 	}
 
@@ -770,10 +803,10 @@ namespace garlic
 				m_State = eSessionStateEstablished;
 				m_NSRSendTagset = nullptr;
 				m_EphemeralKeys = nullptr;
-#if (__cplusplus >= 201703L) // C++ 17 or higher
 				[[fallthrough]];
-#endif
 			case eSessionStateEstablished:
+				if (m_SendReverseKey && receiveTagset->GetTagSetID () == m_NextReceiveRatchet->GetReceiveTagSetID ())
+					m_SendReverseKey = false; // tag received on new tagset	
 				if (receiveTagset->IsNS ())
 				{
 					// our of sequence NSR
@@ -851,13 +884,14 @@ namespace garlic
 	{
 		uint64_t ts = i2p::util::GetMillisecondsSinceEpoch ();
 		size_t payloadLen = 0;
+		bool sendAckRequest = false;
 		if (first) payloadLen += 7;// datatime
 		if (msg)
 		{
 			payloadLen += msg->GetPayloadLength () + 13;
 			if (m_Destination) payloadLen += 32;
 		}
-		if (GetLeaseSetUpdateStatus () == eLeaseSetSubmitted && ts > GetLeaseSetSubmissionTime () + LEASET_CONFIRMATION_TIMEOUT)
+		if (GetLeaseSetUpdateStatus () == eLeaseSetSubmitted && ts > GetLeaseSetSubmissionTime () + LEASESET_CONFIRMATION_TIMEOUT)
 		{
 			// resubmit non-confirmed LeaseSet
 			SetLeaseSetUpdateStatus (eLeaseSetUpdated);
@@ -869,13 +903,28 @@ namespace garlic
 			payloadLen += leaseSet->GetBufferLen () + DATABASE_STORE_HEADER_SIZE + 13;
 			if (!first)
 			{
-				// ack request
+				// ack request for LeaseSet
+				m_AckRequestMsgID = m_SendTagset->GetMsgID ();
+				sendAckRequest = true;
+				// update LeaseSet status
 				SetLeaseSetUpdateStatus (eLeaseSetSubmitted);
-				SetLeaseSetUpdateMsgID (m_SendTagset->GetNextIndex ());
+				SetLeaseSetUpdateMsgID (m_AckRequestMsgID);
 				SetLeaseSetSubmissionTime (ts);
-				payloadLen += 4;
 			}
 		}
+		if (!sendAckRequest && !first &&
+		    ((!m_AckRequestMsgID && ts > m_LastAckRequestSendTime + m_AckRequestInterval) || // regular request
+		     (m_AckRequestMsgID && ts > m_LastAckRequestSendTime + LEASESET_CONFIRMATION_TIMEOUT))) // previous request failed. try again
+		{	
+			// not LeaseSet
+			m_AckRequestMsgID = m_SendTagset->GetMsgID ();
+			if (m_AckRequestMsgID)
+			{	
+				m_AckRequestNumAttempts++;
+				sendAckRequest = true;
+			}	
+		}	
+		if (sendAckRequest) payloadLen += 4;
 		if (m_AckRequests.size () > 0)
 			payloadLen += m_AckRequests.size ()*4 + 3;
 		if (m_SendReverseKey)
@@ -927,16 +976,15 @@ namespace garlic
 			}
 			// LeaseSet
 			if (leaseSet)
-			{
 				offset += CreateLeaseSetClove (leaseSet, ts, payload + offset, payloadLen - offset);
-				if (!first)
-				{
-					// ack request
-					payload[offset] = eECIESx25519BlkAckRequest; offset++;
-					htobe16buf (payload + offset, 1); offset += 2;
-					payload[offset] = 0; offset++; // flags
-				}
-			}
+			// ack request
+			if (sendAckRequest)
+			{
+				payload[offset] = eECIESx25519BlkAckRequest; offset++;
+				htobe16buf (payload + offset, 1); offset += 2;
+				payload[offset] = 0; offset++; // flags
+				m_LastAckRequestSendTime = ts;
+			}	
 			// msg
 			if (msg)
 				offset += CreateGarlicClove (msg, payload + offset, payloadLen - offset);
@@ -971,7 +1019,6 @@ namespace garlic
 					memcpy (payload + offset, m_NextReceiveRatchet->key->GetPublicKey (), 32);
 					offset += 32; // public key
 				}
-				m_SendReverseKey = false;
 			}
 			if (m_SendForwardKey)
 			{
@@ -1067,6 +1114,8 @@ namespace garlic
 	bool ECIESX25519AEADRatchetSession::CheckExpired (uint64_t ts)
 	{
 		CleanupUnconfirmedLeaseSet (ts);
+		if (!m_Destination && ts > m_LastActivityTimestamp + ECIESX25519_SESSION_CREATE_TIMEOUT) return true; // m_LastActivityTimestamp is NS receive time 
+		if (m_State != eSessionStateEstablished && m_SessionCreatedTimestamp && ts > m_SessionCreatedTimestamp + ECIESX25519_SESSION_ESTABLISH_TIMEOUT) return true; 
 		return ts > m_LastActivityTimestamp + ECIESX25519_RECEIVE_EXPIRATION_TIMEOUT && // seconds
 			ts*1000 > m_LastSentTimestamp + ECIESX25519_SEND_EXPIRATION_TIMEOUT*1000; // milliseconds
 	}
@@ -1148,7 +1197,7 @@ namespace garlic
 		return len;
 	}
 
-	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag)
+	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<I2NPMessage> msg, const uint8_t * key, uint64_t tag)
 	{
 		auto m = NewI2NPMessage ((msg ? msg->GetPayloadLength () : 0) + 128);
 		m->Align (12); // in order to get buf aligned to 16 (12 + 4)
@@ -1168,10 +1217,16 @@ namespace garlic
 		htobe32buf (m->GetPayload (), offset);
 		m->len += offset + 4;
 		m->FillI2NPMessageHeader (eI2NPGarlic);
+		if (msg->onDrop)
+		{
+			// move onDrop to the wrapping I2NP messages
+			m->onDrop = msg->onDrop;
+			msg->onDrop = nullptr;
+		}
 		return m;
 	}
 
-	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<const I2NPMessage> msg, const uint8_t * routerPublicKey)
+	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<I2NPMessage> msg, const uint8_t * routerPublicKey)
 	{
 		// Noise_N, we are Alice, routerPublicKey is Bob's
 		i2p::crypto::NoiseSymmetricState noiseState;
@@ -1205,6 +1260,12 @@ namespace garlic
 		htobe32buf (m->GetPayload (), offset);
 		m->len += offset + 4;
 		m->FillI2NPMessageHeader (eI2NPGarlic);
+		if (msg->onDrop)
+		{
+			// move onDrop to the wrapping I2NP messages
+			m->onDrop = msg->onDrop;
+			msg->onDrop = nullptr;
+		}	
 		return m;
 	}
 }

libi2pd/ECIESX25519AEADRatchetSession.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -30,10 +30,14 @@ namespace garlic
 	const int ECIESX25519_SEND_INACTIVITY_TIMEOUT = 5000; // number of milliseconds we can send empty(pyaload only) packet after
 	const int ECIESX25519_SEND_EXPIRATION_TIMEOUT = 480; // in seconds
 	const int ECIESX25519_RECEIVE_EXPIRATION_TIMEOUT = 600; // in seconds
-	const int ECIESX25519_PREVIOUS_TAGSET_EXPIRATION_TIMEOUT = 180; // 180
+	const int ECIESX25519_SESSION_CREATE_TIMEOUT = 3; // in seconds, NSR must be send after NS received
+	const int ECIESX25519_SESSION_ESTABLISH_TIMEOUT = 15; // in seconds 
+	const int ECIESX25519_PREVIOUS_TAGSET_EXPIRATION_TIMEOUT = 180; // in seconds
+	const int ECIESX25519_DEFAULT_ACK_REQUEST_INTERVAL = 33000; // in milliseconds
+	const int ECIESX25519_ACK_REQUEST_MAX_NUM_ATTEMPTS = 3;
 	const int ECIESX25519_TAGSET_MAX_NUM_TAGS = 8192; // number of tags we request new tagset after
 	const int ECIESX25519_MIN_NUM_GENERATED_TAGS = 24;
-	const int ECIESX25519_MAX_NUM_GENERATED_TAGS = 320;
+	const int ECIESX25519_MAX_NUM_GENERATED_TAGS = 800;
 	const int ECIESX25519_NSR_NUM_GENERATED_TAGS = 12;
 
 	const size_t ECIESX25519_OPTIMAL_PAYLOAD_SIZE = 1912; // 1912 = 1956 /* to fit 2 tunnel messages */
@@ -57,6 +61,8 @@ namespace garlic
 			int GetTagSetID () const { return m_TagSetID; };
 			void SetTagSetID (int tagsetID) { m_TagSetID = tagsetID; };
 
+			uint32_t GetMsgID () const { return (m_TagSetID << 16) + m_NextIndex; }; // (tagsetid << 16) + N
+			
 		private:
 
 			i2p::data::Tag<64> m_SessionTagKeyData;
@@ -86,7 +92,8 @@ namespace garlic
 
 			virtual bool IsIndexExpired (int index) const;
 			virtual bool HandleNextMessage (uint8_t * buf, size_t len, int index);
-
+			virtual bool IsSessionTerminated () const;
+			
 		private:
 
 			int m_TrimBehindIndex = 0;
@@ -101,9 +108,10 @@ namespace garlic
 
 			SymmetricKeyTagSet (GarlicDestination * destination, const uint8_t * key);
 
-			bool IsIndexExpired (int index) const { return false; };
-			bool HandleNextMessage (uint8_t * buf, size_t len, int index);
-
+			bool IsIndexExpired (int index) const override { return false; };
+			bool HandleNextMessage (uint8_t * buf, size_t len, int index) override;
+			bool IsSessionTerminated () const override { return false; }
+			
 		private:
 
 			GarlicDestination * m_Destination;
@@ -147,6 +155,7 @@ namespace garlic
 			std::shared_ptr<i2p::crypto::X25519Keys> key;
 			uint8_t remote[32]; // last remote public key
 			bool newKey = true;
+			int GetReceiveTagSetID () const { return newKey ? (2*keyID + 1) : 2*keyID; }
 		};
 
 		public:
@@ -155,14 +164,14 @@ namespace garlic
 			~ECIESX25519AEADRatchetSession ();
 
 			bool HandleNextMessage (uint8_t * buf, size_t len, std::shared_ptr<ReceiveRatchetTagSet> receiveTagset, int index = 0);
-			std::shared_ptr<I2NPMessage> WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg);
+			std::shared_ptr<I2NPMessage> WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg) override;
 			std::shared_ptr<I2NPMessage> WrapOneTimeMessage (std::shared_ptr<const I2NPMessage> msg);
 
 			const uint8_t * GetRemoteStaticKey () const { return m_RemoteStaticKey; }
 			void SetRemoteStaticKey (const uint8_t * key) { memcpy (m_RemoteStaticKey, key, 32); }
 
 			void Terminate () { m_IsTerminated = true; }
-			void SetDestination (const i2p::data::IdentHash& dest) // TODO:
+			void SetDestination (const i2p::data::IdentHash& dest)
 			{
 				if (!m_Destination) m_Destination.reset (new i2p::data::IdentHash (dest));
 			}
@@ -171,18 +180,21 @@ namespace garlic
 			bool CanBeRestarted (uint64_t ts) const { return ts > m_SessionCreatedTimestamp + ECIESX25519_RESTART_TIMEOUT; }
 			bool IsInactive (uint64_t ts) const { return ts > m_LastActivityTimestamp + ECIESX25519_INACTIVITY_TIMEOUT && CanBeRestarted (ts); }
 
-			bool IsRatchets () const { return true; };
-			bool IsReadyToSend () const { return m_State != eSessionStateNewSessionSent; };
-			bool IsTerminated () const { return m_IsTerminated; }
-			uint64_t GetLastActivityTimestamp () const { return m_LastActivityTimestamp; };
-
+			bool IsRatchets () const override { return true; };
+			bool IsReadyToSend () const override { return m_State != eSessionStateNewSessionSent; };
+			bool IsTerminated () const override { return m_IsTerminated; }
+			uint64_t GetLastActivityTimestamp () const override { return m_LastActivityTimestamp; };
+			void SetAckRequestInterval (int interval) override { m_AckRequestInterval = interval; };
+			bool CleanupUnconfirmedTags () override; // return true if unaswered Ack requests, called from I2CP
+			
 		protected:
 
 			i2p::crypto::NoiseSymmetricState& GetNoiseState () { return *this; };
 			void SetNoiseState (const i2p::crypto::NoiseSymmetricState& state) { GetNoiseState () = state; };
 			void CreateNonce (uint64_t seqn, uint8_t * nonce);
 			void HandlePayload (const uint8_t * buf, size_t len, const std::shared_ptr<ReceiveRatchetTagSet>& receiveTagset, int index);
-
+			bool MessageConfirmed (uint32_t msgID) override;
+			
 		private:
 
 			bool GenerateEphemeralKeysAndEncode (uint8_t * buf); // buf is 32 bytes
@@ -215,12 +227,17 @@ namespace garlic
 			uint64_t m_SessionCreatedTimestamp = 0, m_LastActivityTimestamp = 0, // incoming (in seconds)
 				m_LastSentTimestamp = 0; // in milliseconds
 			std::shared_ptr<RatchetTagSet> m_SendTagset, m_NSRSendTagset;
-			std::unique_ptr<i2p::data::IdentHash> m_Destination;// TODO: might not need it
-			std::list<std::pair<uint16_t, int> > m_AckRequests; // (tagsetid, index)
+			std::unique_ptr<i2p::data::IdentHash> m_Destination;// must be set for NS if outgoing and NSR if incoming
+			std::list<std::pair<uint16_t, int> > m_AckRequests; // incoming (tagsetid, index)
 			bool m_SendReverseKey = false, m_SendForwardKey = false, m_IsTerminated = false;
 			std::unique_ptr<DHRatchet> m_NextReceiveRatchet, m_NextSendRatchet;
 			uint8_t m_PaddingSizes[32], m_NextPaddingSize;
 
+			uint64_t m_LastAckRequestSendTime = 0; // milliseconds
+			uint32_t m_AckRequestMsgID = 0; 
+			int m_AckRequestNumAttempts = 0;
+			int m_AckRequestInterval = ECIESX25519_DEFAULT_ACK_REQUEST_INTERVAL; // milliseconds
+			
 		public:
 
 			// for HTTP only
@@ -245,8 +262,8 @@ namespace garlic
 			i2p::crypto::NoiseSymmetricState m_CurrentNoiseState;
 	};
 
-	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag);
-	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<const I2NPMessage> msg, const uint8_t * routerPublicKey);
+	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<I2NPMessage> msg, const uint8_t * key, uint64_t tag);
+	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<I2NPMessage> msg, const uint8_t * routerPublicKey);
 }
 }
 

libi2pd/Ed25519.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -457,86 +457,6 @@ namespace crypto
 		}
 	}
 
-#if !OPENSSL_X25519
-	BIGNUM * Ed25519::ScalarMul (const BIGNUM * u, const BIGNUM * k, BN_CTX * ctx) const
-	{
-		BN_CTX_start (ctx);
-		auto x1 = BN_CTX_get (ctx); BN_copy (x1, u);
-		auto x2 = BN_CTX_get (ctx); BN_one (x2);
-		auto z2 = BN_CTX_get (ctx); BN_zero (z2);
-		auto x3 = BN_CTX_get (ctx); BN_copy (x3, u);
-		auto z3 = BN_CTX_get (ctx); BN_one (z3);
-		auto c121666 = BN_CTX_get (ctx); BN_set_word (c121666, 121666);
-		auto tmp0 = BN_CTX_get (ctx); auto tmp1 = BN_CTX_get (ctx);
-		unsigned int swap = 0;
-		auto bits = BN_num_bits (k);
-		while(bits)
-		{
-			--bits;
-			auto k_t = BN_is_bit_set(k, bits) ? 1 : 0;
-			swap ^= k_t;
-			if (swap)
-			{
-				std::swap (x2, x3);
-				std::swap (z2, z3);
-			}
-			swap = k_t;
-			BN_mod_sub(tmp0, x3, z3, q, ctx);
-			BN_mod_sub(tmp1, x2, z2, q, ctx);
-			BN_mod_add(x2, x2, z2, q, ctx);
-			BN_mod_add(z2, x3, z3, q, ctx);
-			BN_mod_mul(z3, tmp0, x2, q, ctx);
-			BN_mod_mul(z2, z2, tmp1, q, ctx);
-			BN_mod_sqr(tmp0, tmp1, q, ctx);
-			BN_mod_sqr(tmp1, x2, q, ctx);
-			BN_mod_add(x3, z3, z2, q, ctx);
-			BN_mod_sub(z2, z3, z2, q, ctx);
-			BN_mod_mul(x2, tmp1, tmp0, q, ctx);
-			BN_mod_sub(tmp1, tmp1, tmp0, q, ctx);
-			BN_mod_sqr(z2, z2, q, ctx);
-			BN_mod_mul(z3, tmp1, c121666, q, ctx);
-			BN_mod_sqr(x3, x3, q, ctx);
-			BN_mod_add(tmp0, tmp0, z3, q, ctx);
-			BN_mod_mul(z3, x1, z2, q, ctx);
-			BN_mod_mul(z2, tmp1, tmp0, q, ctx);
-		}
-		if (swap)
-		{
-			std::swap (x2, x3);
-			std::swap (z2, z3);
-		}
-		BN_mod_inverse (z2, z2, q, ctx);
-		BIGNUM * res = BN_new (); // not from ctx
-		BN_mod_mul(res, x2, z2, q, ctx);
-		BN_CTX_end (ctx);
-		return res;
-	}
-
-	void Ed25519::ScalarMul (const uint8_t * p, const uint8_t * e, uint8_t * buf, BN_CTX * ctx) const
-	{
-		BIGNUM * p1 = DecodeBN<32> (p);
-		uint8_t k[32];
-		memcpy (k, e, 32);
-		k[0] &= 248; k[31] &= 127; k[31] |= 64;
-		BIGNUM * n = DecodeBN<32> (k);
-		BIGNUM * q1 = ScalarMul (p1, n, ctx);
-		EncodeBN (q1, buf, 32);
-		BN_free (p1); BN_free (n); BN_free (q1);
-	}
-
-	void Ed25519::ScalarMulB (const uint8_t * e, uint8_t * buf, BN_CTX * ctx) const
-	{
-		BIGNUM *p1 = BN_new (); BN_set_word (p1, 9);
-		uint8_t k[32];
-		memcpy (k, e, 32);
-		k[0] &= 248; k[31] &= 127; k[31] |= 64;
-		BIGNUM * n = DecodeBN<32> (k);
-		BIGNUM * q1 = ScalarMul (p1, n, ctx);
-		EncodeBN (q1, buf, 32);
-		BN_free (p1); BN_free (n); BN_free (q1);
-	}
-#endif
-
 	void Ed25519::BlindPublicKey (const uint8_t * pub, const uint8_t * seed, uint8_t * blinded)
 	{
 		BN_CTX * ctx = BN_CTX_new ();

libi2pd/Ed25519.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -84,10 +84,7 @@ namespace crypto
 			EDDSAPoint GeneratePublicKey (const uint8_t * expandedPrivateKey, BN_CTX * ctx) const;
 			EDDSAPoint DecodePublicKey (const uint8_t * buf, BN_CTX * ctx) const;
 			void EncodePublicKey (const EDDSAPoint& publicKey, uint8_t * buf, BN_CTX * ctx) const;
-#if !OPENSSL_X25519
-			void ScalarMul (const uint8_t * p, const uint8_t * e, uint8_t * buf, BN_CTX * ctx) const; // p is point, e is number for x25519
-			void ScalarMulB (const uint8_t * e, uint8_t * buf, BN_CTX * ctx) const;
-#endif
+
 			void BlindPublicKey (const uint8_t * pub, const uint8_t * seed, uint8_t * blinded); // for encrypted LeaseSet2, pub - 32, seed - 64, blinded - 32
 			void BlindPrivateKey (const uint8_t * priv, const uint8_t * seed, uint8_t * blindedPriv, uint8_t * blindedPub); // for encrypted LeaseSet2, pub - 32, seed - 64, blinded - 32
 
@@ -115,11 +112,6 @@ namespace crypto
 			BIGNUM * DecodeBN (const uint8_t * buf) const;
 			void EncodeBN (const BIGNUM * bn, uint8_t * buf, size_t len) const;
 
-#if !OPENSSL_X25519
-			// for x25519
-			BIGNUM * ScalarMul (const BIGNUM * p, const BIGNUM * e, BN_CTX * ctx) const;
-#endif
-
 		private:
 
 			BIGNUM * q, * l, * d, * I;

libi2pd/FS.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -7,7 +7,13 @@
 */
 
 #include <algorithm>
-#include <boost/filesystem.hpp>
+
+#if defined(MAC_OSX)
+#if !STD_FILESYSTEM
+#include <boost/system/system_error.hpp>
+#endif
+#include <TargetConditionals.h>
+#endif
 
 #ifdef _WIN32
 #include <shlobj.h>
@@ -20,6 +26,14 @@
 #include "Log.h"
 #include "Garlic.h"
 
+#if STD_FILESYSTEM
+#include <filesystem>
+namespace fs_lib = std::filesystem;
+#else
+#include <boost/filesystem.hpp>
+namespace fs_lib = boost::filesystem;
+#endif
+
 namespace i2p {
 namespace fs {
 	std::string appName = "i2pd";
@@ -49,11 +63,17 @@ namespace fs {
 
 	const std::string GetUTF8DataDir () {
 #ifdef _WIN32
-		boost::filesystem::wpath path (dataDir);
-		auto loc = boost::filesystem::path::imbue(std::locale( std::locale(), new std::codecvt_utf8_utf16<wchar_t>() ) ); // convert path to UTF-8
-		auto dataDirUTF8 = path.string();
-		boost::filesystem::path::imbue(loc); // Return locale settings back
-		return dataDirUTF8;
+		int size = MultiByteToWideChar(CP_ACP, 0,
+			dataDir.c_str(), dataDir.size(), nullptr, 0);
+		std::wstring utf16Str(size, L'\0');
+		MultiByteToWideChar(CP_ACP, 0,
+			dataDir.c_str(), dataDir.size(), &utf16Str[0], size);
+		int utf8Size = WideCharToMultiByte(CP_UTF8, 0,
+			utf16Str.c_str(), utf16Str.size(), nullptr, 0, nullptr, nullptr);
+		std::string utf8Str(utf8Size, '\0');
+		WideCharToMultiByte(CP_UTF8, 0,
+			utf16Str.c_str(), utf16Str.size(), &utf8Str[0], utf8Size, nullptr, nullptr);
+		return utf8Str;
 #else
 		return dataDir; // linux, osx, android uses UTF-8 by default
 #endif
@@ -82,7 +102,11 @@ namespace fs {
 			}
 			else
 			{
-				dataDir = boost::filesystem::wpath(commonAppData).string() + "\\" + appName;
+#if ((BOOST_VERSION >= 108500) || STD_FILESYSTEM)
+				dataDir = fs_lib::path(commonAppData).string() + "\\" + appName;
+#else
+				dataDir = fs_lib::wpath(commonAppData).string() + "\\" + appName;
+#endif
 			}
 #else
 			dataDir = "/var/lib/" + appName;
@@ -107,10 +131,14 @@ namespace fs {
 		}
 		else
 		{
-			auto execPath = boost::filesystem::wpath(localAppData).parent_path();
+#if ((BOOST_VERSION >= 108500) || STD_FILESYSTEM)
+			auto execPath = fs_lib::path(localAppData).parent_path();
+#else
+			auto execPath = fs_lib::wpath(localAppData).parent_path();
+#endif
 
 			// if config file exists in .exe's folder use it
-			if(boost::filesystem::exists(execPath/"i2pd.conf")) // TODO: magic string
+			if(fs_lib::exists(execPath/"i2pd.conf")) // TODO: magic string
 			{
 				dataDir = execPath.string ();
 			} else // otherwise %appdata%
@@ -126,7 +154,11 @@ namespace fs {
 				}
 				else
 				{
-					dataDir = boost::filesystem::wpath(localAppData).string() + "\\" + appName;
+#if ((BOOST_VERSION >= 108500) || STD_FILESYSTEM)
+					dataDir = fs_lib::path(localAppData).string() + "\\" + appName;
+#else
+					dataDir = fs_lib::wpath(localAppData).string() + "\\" + appName;
+#endif
 				}
 			}
 		}
@@ -136,11 +168,19 @@ namespace fs {
 		dataDir = (home != NULL && strlen(home) > 0) ? home : "";
 		dataDir += "/Library/Application Support/" + appName;
 		return;
+#elif defined(__HAIKU__)
+		char *home = getenv("HOME");
+		if (home != NULL && strlen(home) > 0) {
+			dataDir = std::string(home) + "/config/settings/" + appName;
+		} else {
+			dataDir = "/tmp/" + appName;
+		}
+		return;
 #else /* other unix */
 #if defined(ANDROID)
 		const char * ext = getenv("EXTERNAL_STORAGE");
 		if (!ext) ext = "/sdcard";
-		if (boost::filesystem::exists(ext))
+		if (fs_lib::exists(ext))
 		{
 			dataDir = std::string (ext) + "/" + appName;
 			return;
@@ -173,16 +213,16 @@ namespace fs {
 	}
 
 	bool Init() {
-		if (!boost::filesystem::exists(dataDir))
-			boost::filesystem::create_directory(dataDir);
+		if (!fs_lib::exists(dataDir))
+			fs_lib::create_directory(dataDir);
 
 		std::string destinations = DataDirPath("destinations");
-		if (!boost::filesystem::exists(destinations))
-			boost::filesystem::create_directory(destinations);
+		if (!fs_lib::exists(destinations))
+			fs_lib::create_directory(destinations);
 
 		std::string tags = DataDirPath("tags");
-		if (!boost::filesystem::exists(tags))
-			boost::filesystem::create_directory(tags);
+		if (!fs_lib::exists(tags))
+			fs_lib::create_directory(tags);
 		else
 			i2p::garlic::CleanUpTagsFiles ();
 
@@ -190,13 +230,13 @@ namespace fs {
 	}
 
 	bool ReadDir(const std::string & path, std::vector<std::string> & files) {
-		if (!boost::filesystem::exists(path))
+		if (!fs_lib::exists(path))
 			return false;
-		boost::filesystem::directory_iterator it(path);
-		boost::filesystem::directory_iterator end;
+		fs_lib::directory_iterator it(path);
+		fs_lib::directory_iterator end;
 
 		for ( ; it != end; it++) {
-			if (!boost::filesystem::is_regular_file(it->status()))
+			if (!fs_lib::is_regular_file(it->status()))
 				continue;
 			files.push_back(it->path().string());
 		}
@@ -205,29 +245,42 @@ namespace fs {
 	}
 
 	bool Exists(const std::string & path) {
-		return boost::filesystem::exists(path);
+		return fs_lib::exists(path);
 	}
 
 	uint32_t GetLastUpdateTime (const std::string & path)
 	{
-		if (!boost::filesystem::exists(path))
+		if (!fs_lib::exists(path))
 			return 0;
+#if STD_FILESYSTEM
+		std::error_code ec;
+		auto t = std::filesystem::last_write_time (path, ec);
+		if (ec) return 0;
+/*#if __cplusplus >= 202002L // C++ 20 or higher
+		const auto sctp = std::chrono::clock_cast<std::chrono::system_clock>(t);
+#else	*/	// TODO: wait until implemented
+		const auto sctp = std::chrono::time_point_cast<std::chrono::system_clock::duration>(
+		    t - decltype(t)::clock::now() + std::chrono::system_clock::now());
+/*#endif */
+		return std::chrono::system_clock::to_time_t(sctp);
+#else
 		boost::system::error_code ec;
 		auto t = boost::filesystem::last_write_time (path, ec);
 		return ec ? 0 : t;
+#endif
 	}
 
 	bool Remove(const std::string & path) {
-		if (!boost::filesystem::exists(path))
+		if (!fs_lib::exists(path))
 			return false;
-		return boost::filesystem::remove(path);
+		return fs_lib::remove(path);
 	}
 
 	bool CreateDirectory (const std::string& path)
 	{
-		if (boost::filesystem::exists(path) && boost::filesystem::is_directory (boost::filesystem::status (path)))
+		if (fs_lib::exists(path) && fs_lib::is_directory (fs_lib::status (path)))
 			return true;
-		return boost::filesystem::create_directory(path);
+		return fs_lib::create_directory(path);
 	}
 
 	void HashedStorage::SetPlace(const std::string &path) {
@@ -235,16 +288,30 @@ namespace fs {
 	}
 
 	bool HashedStorage::Init(const char * chars, size_t count) {
-		if (!boost::filesystem::exists(root)) {
-			boost::filesystem::create_directories(root);
+		if (!fs_lib::exists(root)) {
+			fs_lib::create_directories(root);
 		}
 
 		for (size_t i = 0; i < count; i++) {
 			auto p = root + i2p::fs::dirSep + prefix1 + chars[i];
-			if (boost::filesystem::exists(p))
+			if (fs_lib::exists(p))
 				continue;
-			if (boost::filesystem::create_directory(p))
+#if TARGET_OS_SIMULATOR
+			// ios simulator fs says it is case sensitive, but it is not
+			boost::system::error_code ec;
+			if (fs_lib::create_directory(p, ec))
+				continue;
+			switch (ec.value()) {
+				case boost::system::errc::file_exists:
+				case boost::system::errc::success:
+					continue;
+				default:
+					throw boost::system::system_error( ec, __func__ );
+			}
+#else
+			if (fs_lib::create_directory(p))
 				continue; /* ^ throws exception on failure */
+#endif
 			return false;
 		}
 		return true;
@@ -265,9 +332,9 @@ namespace fs {
 
 	void HashedStorage::Remove(const std::string & ident) {
 		std::string path = Path(ident);
-		if (!boost::filesystem::exists(path))
+		if (!fs_lib::exists(path))
 			return;
-		boost::filesystem::remove(path);
+		fs_lib::remove(path);
 	}
 
 	void HashedStorage::Traverse(std::vector<std::string> & files) {
@@ -278,12 +345,12 @@ namespace fs {
 
 	void HashedStorage::Iterate(FilenameVisitor v)
 	{
-		boost::filesystem::path p(root);
-		boost::filesystem::recursive_directory_iterator it(p);
-		boost::filesystem::recursive_directory_iterator end;
+		fs_lib::path p(root);
+		fs_lib::recursive_directory_iterator it(p);
+		fs_lib::recursive_directory_iterator end;
 
 		for ( ; it != end; it++) {
-			if (!boost::filesystem::is_regular_file( it->status() ))
+			if (!fs_lib::is_regular_file( it->status() ))
 				continue;
 			const std::string & t = it->path().string();
 			v(t);

libi2pd/FS.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -15,6 +15,16 @@
 #include <sstream>
 #include <functional>
 
+#ifndef STD_FILESYSTEM
+#	if (_WIN32 && __GNUG__) // MinGW GCC somehow incorrectly converts paths
+#		define STD_FILESYSTEM 0
+#	elif (!TARGET_OS_SIMULATOR && __has_include(<filesystem>)) // supports std::filesystem
+#		define STD_FILESYSTEM 1
+#	else
+#		define STD_FILESYSTEM 0
+#	endif
+#endif
+
 namespace i2p {
 namespace fs {
 	extern std::string dirSep;

libi2pd/Family.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -7,7 +7,6 @@
 */
 
 #include <string.h>
-#include <openssl/evp.h>
 #include <openssl/ssl.h>
 #include "Crypto.h"
 #include "FS.h"
@@ -25,6 +24,8 @@ namespace data
 
 	Families::~Families ()
 	{
+		for (auto it : m_SigningKeys)
+			if (it.second.first) EVP_PKEY_free (it.second.first);
 	}
 
 	void Families::LoadCertificate (const std::string& filename)
@@ -47,48 +48,16 @@ namespace data
 					cn += 3;
 					char * family = strstr (cn, ".family");
 					if (family) family[0] = 0;
-				}
-				auto pkey = X509_get_pubkey (cert);
-				int keyType = EVP_PKEY_base_id (pkey);
-				switch (keyType)
-				{
-					case EVP_PKEY_DSA:
-						// TODO:
-					break;
-					case EVP_PKEY_EC:
-					{
-						EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);
-						if (ecKey)
+					auto pkey = X509_get_pubkey (cert);
+					if (pkey)
+					{	
+						if (!m_SigningKeys.emplace (cn, std::make_pair(pkey, (int)m_SigningKeys.size () + 1)).second)
 						{
-							auto group = EC_KEY_get0_group (ecKey);
-							if (group)
-							{
-								int curve = EC_GROUP_get_curve_name (group);
-								if (curve == NID_X9_62_prime256v1)
-								{
-									uint8_t signingKey[64];
-									BIGNUM * x = BN_new(), * y = BN_new();
-									EC_POINT_get_affine_coordinates_GFp (group,
-										EC_KEY_get0_public_key (ecKey), x, y, NULL);
-									i2p::crypto::bn2buf (x, signingKey, 32);
-									i2p::crypto::bn2buf (y, signingKey + 32, 32);
-									BN_free (x); BN_free (y);
-									verifier = std::make_shared<i2p::crypto::ECDSAP256Verifier>();
-									verifier->SetPublicKey (signingKey);
-								}
-								else
-									LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
-							}
-							EC_KEY_free (ecKey);
-						}
-						break;
-					}
-					default:
-						LogPrint (eLogWarning, "Family: Certificate key type ", keyType, " is not supported");
+							EVP_PKEY_free (pkey);
+							LogPrint (eLogError, "Family: Duplicated family name ", cn);
+						}	
+					}	
 				}
-				EVP_PKEY_free (pkey);
-				if (verifier && cn)
-					m_SigningKeys.emplace (cn, std::make_pair(verifier, (int)m_SigningKeys.size () + 1));
 			}
 			SSL_free (ssl);
 		}
@@ -121,23 +90,31 @@ namespace data
 	}
 
 	bool Families::VerifyFamily (const std::string& family, const IdentHash& ident,
-		const char * signature, const char * key) const
+		std::string_view signature, const char * key) const
 	{
 		uint8_t buf[100], signatureBuf[64];
-		size_t len = family.length (), signatureLen = strlen (signature);
+		size_t len = family.length ();
 		if (len + 32 > 100)
 		{
 			LogPrint (eLogError, "Family: ", family, " is too long");
 			return false;
 		}
-
-		memcpy (buf, family.c_str (), len);
-		memcpy (buf + len, (const uint8_t *)ident, 32);
-		len += 32;
-		Base64ToByteStream (signature, signatureLen, signatureBuf, 64);
 		auto it = m_SigningKeys.find (family);
-		if (it != m_SigningKeys.end ())
-			return it->second.first->Verify (buf, len, signatureBuf);
+		if (it != m_SigningKeys.end () && it->second.first)
+		{	
+			memcpy (buf, family.c_str (), len);
+			memcpy (buf + len, (const uint8_t *)ident, 32);
+			len += 32;
+			auto signatureBufLen = Base64ToByteStream (signature.data (), signature.length (), signatureBuf, 64);
+			if (signatureBufLen)
+			{
+				EVP_MD_CTX * ctx = EVP_MD_CTX_create ();
+				EVP_DigestVerifyInit (ctx, NULL, NULL, NULL, it->second.first);
+				auto ret = EVP_DigestVerify (ctx, signatureBuf, signatureBufLen, buf, len);
+				EVP_MD_CTX_destroy (ctx);
+				return ret;
+			}	
+		}	
 		// TODO: process key
 		return true;
 	}

libi2pd/Family.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -11,8 +11,9 @@
 
 #include <map>
 #include <string>
+#include <string_view>
 #include <memory>
-#include "Signature.h"
+#include <openssl/evp.h>
 #include "Identity.h"
 
 namespace i2p
@@ -28,7 +29,7 @@ namespace data
 			~Families ();
 			void LoadCertificates ();
 			bool VerifyFamily (const std::string& family, const IdentHash& ident,
-				const char * signature, const char * key = nullptr) const;
+				std::string_view signature, const char * key = nullptr) const;
 			FamilyID GetFamilyID (const std::string& family) const;
 
 		private:
@@ -37,7 +38,7 @@ namespace data
 
 		private:
 
-			std::map<std::string, std::pair<std::shared_ptr<i2p::crypto::Verifier>, FamilyID> > m_SigningKeys; // family -> (verifier, id)
+			std::map<std::string, std::pair<EVP_PKEY *, FamilyID> > m_SigningKeys; // family -> (verification pkey, id)
 	};
 
 	std::string CreateFamilySignature (const std::string& family, const IdentHash& ident);

libi2pd/Garlic.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -45,22 +45,17 @@ namespace garlic
 	{
 		if (!m_SharedRoutingPath) return nullptr;
 		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
-		if (m_SharedRoutingPath->numTimesUsed >= ROUTING_PATH_MAX_NUM_TIMES_USED ||
-			!m_SharedRoutingPath->outboundTunnel->IsEstablished () ||
+		if (!m_SharedRoutingPath->outboundTunnel->IsEstablished () ||
 			ts*1000LL > m_SharedRoutingPath->remoteLease->endDate ||
 			ts > m_SharedRoutingPath->updateTime + ROUTING_PATH_EXPIRATION_TIMEOUT)
 				m_SharedRoutingPath = nullptr;
-		if (m_SharedRoutingPath) m_SharedRoutingPath->numTimesUsed++;
 		return m_SharedRoutingPath;
 	}
 
 	void GarlicRoutingSession::SetSharedRoutingPath (std::shared_ptr<GarlicRoutingPath> path)
 	{
 		if (path && path->outboundTunnel && path->remoteLease)
-		{
 			path->updateTime = i2p::util::GetSecondsSinceEpoch ();
-			path->numTimesUsed = 0;
-		}
 		else
 			path = nullptr;
 		m_SharedRoutingPath = path;
@@ -80,7 +75,7 @@ namespace garlic
 
 	void GarlicRoutingSession::CleanupUnconfirmedLeaseSet (uint64_t ts)
 	{
-		if (m_LeaseSetUpdateMsgID && ts*1000LL > m_LeaseSetSubmissionTime + LEASET_CONFIRMATION_TIMEOUT)
+		if (m_LeaseSetUpdateMsgID && ts*1000LL > m_LeaseSetSubmissionTime + LEASESET_CONFIRMATION_TIMEOUT)
 		{
 			if (GetOwner ())
 				GetOwner ()->RemoveDeliveryStatusSession (m_LeaseSetUpdateMsgID);
@@ -165,7 +160,7 @@ namespace garlic
 			uint8_t iv[32]; // IV is first 16 bytes
 			SHA256(elGamal.preIV, 32, iv);
 			m_Destination->Encrypt ((uint8_t *)&elGamal, buf);
-			m_Encryption.SetIV (iv);
+			m_IV = iv;
 			buf += 514;
 			len += 514;
 		}
@@ -175,7 +170,7 @@ namespace garlic
 			memcpy (buf, tag, 32);
 			uint8_t iv[32]; // IV is first 16 bytes
 			SHA256(tag, 32, iv);
-			m_Encryption.SetIV (iv);
+			m_IV = iv;
 			buf += 32;
 			len += 32;
 		}
@@ -215,7 +210,7 @@ namespace garlic
 		size_t rem = blockSize % 16;
 		if (rem)
 			blockSize += (16-rem); //padding
-		m_Encryption.Encrypt(buf, blockSize, buf);
+		m_Encryption.Encrypt(buf, blockSize, m_IV, buf);
 		return blockSize;
 	}
 
@@ -232,7 +227,7 @@ namespace garlic
 		if (GetOwner ())
 		{
 			// resubmit non-confirmed LeaseSet
-			if (GetLeaseSetUpdateStatus () == eLeaseSetSubmitted && ts > GetLeaseSetSubmissionTime () + LEASET_CONFIRMATION_TIMEOUT)
+			if (GetLeaseSetUpdateStatus () == eLeaseSetSubmitted && ts > GetLeaseSetSubmissionTime () + LEASESET_CONFIRMATION_TIMEOUT)
 			{
 				SetLeaseSetUpdateStatus (eLeaseSetUpdated);
 				SetSharedRoutingPath (nullptr); // invalidate path since leaseset was not confirmed
@@ -431,7 +426,8 @@ namespace garlic
 	}
 
 	GarlicDestination::GarlicDestination (): m_NumTags (32), // 32 tags by default
-		m_PayloadBuffer (nullptr), m_NumRatchetInboundTags (0) // 0 means standard
+		m_PayloadBuffer (nullptr), m_LastIncomingSessionTimestamp (0), 
+		m_NumRatchetInboundTags (0) // 0 means standard
 	{
 	}
 
@@ -518,8 +514,7 @@ namespace garlic
 				{
 					uint8_t iv[32]; // IV is first 16 bytes
 					SHA256(buf, 32, iv);
-					decryption->SetIV (iv);
-					decryption->Decrypt (buf + 32, length - 32, buf + 32);
+					decryption->Decrypt (buf + 32, length - 32, iv, buf + 32);
 					HandleAESBlock (buf + 32, length - 32, decryption, msg->from);
 					found = true;
 				}
@@ -537,43 +532,23 @@ namespace garlic
 					auto decryption = std::make_shared<AESDecryption>(elGamal.sessionKey);
 					uint8_t iv[32]; // IV is first 16 bytes
 					SHA256(elGamal.preIV, 32, iv);
-					decryption->SetIV (iv);
-					decryption->Decrypt(buf + 514, length - 514, buf + 514);
+					decryption->Decrypt(buf + 514, length - 514, iv, buf + 514);
 					HandleAESBlock (buf + 514, length - 514, decryption, msg->from);
 				}
 				else if (SupportsEncryptionType (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD))
 				{
 					// otherwise ECIESx25519
-					auto session = std::make_shared<ECIESX25519AEADRatchetSession> (this, false); // incoming
-					if (!session->HandleNextMessage (buf, length, nullptr, 0))
-					{
-						// try to generate more tags for last tagset
-						if (m_LastTagset && (m_LastTagset->GetNextIndex () - m_LastTagset->GetTrimBehind () < 3*ECIESX25519_MAX_NUM_GENERATED_TAGS))
-						{
-							uint64_t missingTag; memcpy (&missingTag, buf, 8);
-							auto maxTags = std::max (m_NumRatchetInboundTags, ECIESX25519_MAX_NUM_GENERATED_TAGS);
-							LogPrint (eLogWarning, "Garlic: Trying to generate more ECIES-X25519-AEAD-Ratchet tags");
-							for (int i = 0; i < maxTags; i++)
-							{
-								auto nextTag = AddECIESx25519SessionNextTag (m_LastTagset);
-								if (!nextTag)
-								{
-									LogPrint (eLogError, "Garlic: Can't create new ECIES-X25519-AEAD-Ratchet tag for last tagset");
-									break;
-								}
-								if (nextTag == missingTag)
-								{
-									LogPrint (eLogDebug, "Garlic: Missing ECIES-X25519-AEAD-Ratchet tag was generated");
-									if (m_LastTagset->HandleNextMessage (buf, length, m_ECIESx25519Tags[nextTag].index))
-										found = true;
-									break;
-								}
-							}
-							if (!found) m_LastTagset = nullptr;
-						}
-						if (!found)
+					auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+					if (ts > m_LastIncomingSessionTimestamp + INCOMING_SESSIONS_MINIMAL_INTERVAL) 
+					{	
+						auto session = std::make_shared<ECIESX25519AEADRatchetSession> (this, false); // incoming
+						if (session->HandleNextMessage (buf, length, nullptr, 0))
+							m_LastIncomingSessionTimestamp = ts;
+						else
 							LogPrint (eLogError, "Garlic: Can't handle ECIES-X25519-AEAD-Ratchet message");
 					}
+					else
+						LogPrint (eLogWarning, "Garlic: Incoming sessions come too often");
 				}
 				else
 					LogPrint (eLogError, "Garlic: Failed to decrypt message");
@@ -588,9 +563,7 @@ namespace garlic
 		auto it = m_ECIESx25519Tags.find (tag);
 		if (it != m_ECIESx25519Tags.end ())
 		{
-			if (it->second.tagset && it->second.tagset->HandleNextMessage (buf, len, it->second.index))
-				m_LastTagset = it->second.tagset;
-			else
+			if (!it->second.tagset || !it->second.tagset->HandleNextMessage (buf, len, it->second.index))
 				LogPrint (eLogError, "Garlic: Can't handle ECIES-X25519-AEAD-Ratchet message");
 			m_ECIESx25519Tags.erase (it);
 			return true;
@@ -771,7 +744,8 @@ namespace garlic
 	}
 
 	std::shared_ptr<GarlicRoutingSession> GarlicDestination::GetRoutingSession (
-		std::shared_ptr<const i2p::data::RoutingDestination> destination, bool attachLeaseSet)
+		std::shared_ptr<const i2p::data::RoutingDestination> destination, bool attachLeaseSet,
+	    bool requestNewIfNotFound)
 	{
 		if (destination->GetEncryptionType () == i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD &&
 			SupportsEncryptionType (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD))
@@ -786,16 +760,17 @@ namespace garlic
 				if (session->IsInactive (i2p::util::GetSecondsSinceEpoch ()))
 				{
 					LogPrint (eLogDebug, "Garlic: Session restarted");
+					requestNewIfNotFound = true; // it's not a new session
 					session = nullptr;
 				}
 			}
-			if (!session)
+			if (!session && requestNewIfNotFound)
 			{
 				session = std::make_shared<ECIESX25519AEADRatchetSession> (this, true);
 				session->SetRemoteStaticKey (staticKey);
 			}
-			if (destination->IsDestination ())
-				session->SetDestination (destination->GetIdentHash ()); // TODO: remove
+			if (session && destination->IsDestination ())
+				session->SetDestination (destination->GetIdentHash ()); // NS or NSR
 			return session;
 		}
 		else
@@ -887,8 +862,7 @@ namespace garlic
 			}
 			else
 			{
-				auto session = it->second.tagset->GetSession ();
-				if (!session || session->IsTerminated())
+				if (it->second.tagset->IsSessionTerminated ())
 				{
 					it = m_ECIESx25519Tags.erase (it);
 					numExpiredTags++;
@@ -899,8 +873,6 @@ namespace garlic
 		}
 		if (numExpiredTags > 0)
 			LogPrint (eLogDebug, "Garlic: ", numExpiredTags, " ECIESx25519 tags expired for ", GetIdentHash().ToBase64 ());
-		if (m_LastTagset && m_LastTagset->IsExpired (ts))
-			m_LastTagset = nullptr;
 	}
 
 	void GarlicDestination::RemoveDeliveryStatusSession (uint32_t msgID)
@@ -934,7 +906,7 @@ namespace garlic
 		}
 	}
 
-	void GarlicDestination::SetLeaseSetUpdated ()
+	void GarlicDestination::SetLeaseSetUpdated (bool post)
 	{
 		{
 			std::unique_lock<std::mutex> l(m_SessionsMutex);
@@ -1037,9 +1009,7 @@ namespace garlic
 			case eGarlicDeliveryTypeDestination:
 				LogPrint (eLogDebug, "Garlic: Type destination");
 				buf += 32; // TODO: check destination
-#if (__cplusplus >= 201703L) // C++ 17 or higher
 				[[fallthrough]];
-#endif
 				// no break here
 			case eGarlicDeliveryTypeLocal:
 			{
@@ -1133,5 +1103,17 @@ namespace garlic
 			m_PayloadBuffer = new uint8_t[I2NP_MAX_MESSAGE_SIZE];
 		return m_PayloadBuffer;
 	}
+
+	bool GarlicDestination::AEADChaCha20Poly1305Encrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+		const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len)
+	{
+		return m_Encryptor.Encrypt (msg, msgLen, ad, adLen, key, nonce, buf, len);
+	}
+		
+	bool GarlicDestination::AEADChaCha20Poly1305Decrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+		const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len)
+	{
+		return m_Decryptor.Decrypt (msg, msgLen, ad, adLen, key, nonce, buf, len);
+	}	
 }
 }

libi2pd/Garlic.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -50,9 +50,9 @@ namespace garlic
 	const int INCOMING_TAGS_EXPIRATION_TIMEOUT = 960; // 16 minutes
 	const int OUTGOING_TAGS_EXPIRATION_TIMEOUT = 720; // 12 minutes
 	const int OUTGOING_TAGS_CONFIRMATION_TIMEOUT = 10; // 10 seconds
-	const int LEASET_CONFIRMATION_TIMEOUT = 4000; // in milliseconds
-	const int ROUTING_PATH_EXPIRATION_TIMEOUT = 30; // 30 seconds
-	const int ROUTING_PATH_MAX_NUM_TIMES_USED = 100; // how many times might be used
+	const int LEASESET_CONFIRMATION_TIMEOUT = 4000; // in milliseconds
+	const int ROUTING_PATH_EXPIRATION_TIMEOUT = 120; // in seconds
+	const int INCOMING_SESSIONS_MINIMAL_INTERVAL = 200; // in milliseconds
 
 	struct SessionTag: public i2p::data::Tag<32>
 	{
@@ -89,7 +89,6 @@ namespace garlic
 		std::shared_ptr<const i2p::data::Lease> remoteLease;
 		int rtt; // RTT
 		uint32_t updateTime; // seconds since epoch
-		int numTimesUsed;
 	};
 
 	class GarlicDestination;
@@ -111,13 +110,14 @@ namespace garlic
 			GarlicRoutingSession ();
 			virtual ~GarlicRoutingSession ();
 			virtual std::shared_ptr<I2NPMessage> WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg) = 0;
-			virtual bool CleanupUnconfirmedTags () { return false; }; // for I2CP, override in ElGamalAESSession
+			virtual bool CleanupUnconfirmedTags () { return false; }; // for I2CP, override in ElGamalAESSession and ECIESX25519AEADRatchetSession
 			virtual bool MessageConfirmed (uint32_t msgID);
 			virtual bool IsRatchets () const { return false; };
 			virtual bool IsReadyToSend () const { return true; };
 			virtual bool IsTerminated () const { return !GetOwner (); };
 			virtual uint64_t GetLastActivityTimestamp () const { return 0; }; // non-zero for rathets only
-
+			virtual void SetAckRequestInterval (int interval) {}; // in milliseconds, override in ECIESX25519AEADRatchetSession
+			
 			void SetLeaseSetUpdated ()
 			{
 				if (m_LeaseSetUpdateStatus != eLeaseSetDoNotSend) m_LeaseSetUpdateStatus = eLeaseSetUpdated;
@@ -206,6 +206,7 @@ namespace garlic
 			std::map<uint32_t, std::unique_ptr<UnconfirmedTags> > m_UnconfirmedTagsMsgs; // msgID->tags
 
 			i2p::crypto::CBCEncryption m_Encryption;
+			i2p::data::Tag<16> m_IV;
 
 		public:
 
@@ -221,7 +222,7 @@ namespace garlic
 	struct ECIESX25519AEADRatchetIndexTagset
 	{
 		int index;
-		ReceiveRatchetTagSetPtr tagset;
+		ReceiveRatchetTagSetPtr tagset; // null if used
 	};
 
 	class GarlicDestination: public i2p::data::LocalDestination
@@ -236,11 +237,17 @@ namespace garlic
 			int GetNumTags () const { return m_NumTags; };
 			void SetNumRatchetInboundTags (int numTags) { m_NumRatchetInboundTags = numTags; };
 			int GetNumRatchetInboundTags () const { return m_NumRatchetInboundTags; };
-			std::shared_ptr<GarlicRoutingSession> GetRoutingSession (std::shared_ptr<const i2p::data::RoutingDestination> destination, bool attachLeaseSet);
+			std::shared_ptr<GarlicRoutingSession> GetRoutingSession (std::shared_ptr<const i2p::data::RoutingDestination> destination,
+				bool attachLeaseSet, bool requestNewIfNotFound = true);
 			void CleanupExpiredTags ();
 			void RemoveDeliveryStatusSession (uint32_t msgID);
 			std::shared_ptr<I2NPMessage> WrapMessageForRouter (std::shared_ptr<const i2p::data::RouterInfo> router,
 				std::shared_ptr<I2NPMessage> msg);
+			
+			bool AEADChaCha20Poly1305Encrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+				const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len); 
+			bool AEADChaCha20Poly1305Decrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+				const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len); 
 
 			void AddSessionKey (const uint8_t * key, const uint8_t * tag); // one tag
 			void AddECIESx25519Key (const uint8_t * key, uint64_t tag); // one tag
@@ -255,7 +262,7 @@ namespace garlic
 
 			virtual void ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg);
 			virtual void ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);
-			virtual void SetLeaseSetUpdated ();
+			virtual void SetLeaseSetUpdated (bool post = false);
 
 			virtual std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSet () = 0; // TODO
 			virtual std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () const = 0;
@@ -286,15 +293,18 @@ namespace garlic
 			std::unordered_map<i2p::data::IdentHash, ElGamalAESSessionPtr> m_Sessions;
 			std::unordered_map<i2p::data::Tag<32>, ECIESX25519AEADRatchetSessionPtr> m_ECIESx25519Sessions; // static key -> session
 			uint8_t * m_PayloadBuffer; // for ECIESX25519AEADRatchet
+			uint64_t m_LastIncomingSessionTimestamp; // in milliseconds
 			// incoming
 			int m_NumRatchetInboundTags;
 			std::unordered_map<SessionTag, std::shared_ptr<AESDecryption>, std::hash<i2p::data::Tag<32> > > m_Tags;
 			std::unordered_map<uint64_t, ECIESX25519AEADRatchetIndexTagset> m_ECIESx25519Tags; // session tag -> session
-			ReceiveRatchetTagSetPtr m_LastTagset; // tagset last message came for
 			// DeliveryStatus
 			std::mutex m_DeliveryStatusSessionsMutex;
 			std::unordered_map<uint32_t, GarlicRoutingSessionPtr> m_DeliveryStatusSessions; // msgID -> session
-
+			// encryption
+			i2p::crypto::AEADChaCha20Poly1305Encryptor m_Encryptor;
+			i2p::crypto::AEADChaCha20Poly1305Decryptor m_Decryptor;
+			
 		public:
 
 			// for HTTP only