Merge 6e639f0e6a into 48aaecacce

Signed-off-by: r4sas <r4sas@i2pmail.org>

.github/workflows/build-windows.yml

@@ -133,6 +133,8 @@ jobs:
         git clone https://github.com/msys2/MINGW-packages
         cd MINGW-packages
         git checkout 4cbb366edf2f268ac3146174b40ce38604646fc5 mingw-w64-boost
+        cd mingw-w64-boost
+        sed -i 's/boostorg.jfrog.io\/artifactory\/main/archives.boost.io/' PKGBUILD
 
     # headers
     - name: Get headers package version

ChangeLog

@@ -1,6 +1,29 @@
 # for this file format description,
 # see https://github.com/olivierlacan/keep-a-changelog
 
+## [2.56.0] - 2025-02-11
+### Added
+- Config params for shared local destination
+- AddressBook full addresses cache
+- Decline transit tunnel to duplicated router
+- Recreate tunnels in random order
+### Changed
+- Exclude disk operations from SSU2 and NTCP2 threads
+- Set minimal version for peer test to 0.9.62
+- Send ack requested flag after second SSU2 resend attempt
+- Shorter ECIESx25519 ack request interval for datagram and I2CP sessions
+- Don't change datagram routing path too often if unidirectional data stream
+- Reduce LeaseSet and local RouterInfo publishing confirmation intervals
+- Don't delete buffer of connected routers or if an update received
+- Smaller RouterInfo request timeout if sent directly
+- Persist local RouterInfo in separate thread
+- Don't recalculate and process ranges for every SSU2 Ack block
+- Reseeds list
+### Fixed
+- Termination deadlock if SAM session is active
+- Race condition at tunnel endpoint
+- Inbound tunnel build encryption
+
 ## [2.55.0] - 2024-12-30
 ### Added
 - Support boost 1.87
@@ -62,12 +85,12 @@
 - Handle i2cp.inboundlimit and i2cp.outboundlimit params in I2CP
 - Publish LeaseSet with new timestamp update if tunnel was replaced in the same second
 - Increase max number of generated tags to 800 per tagset
-- Routing path expiration by time instead num attempts 
+- Routing path expiration by time instead num attempts
 - Save timestamp from epoch instead local time to profiles
 - Update introducer's iTag if session to introducer was replaced to new one
 - RTT, window size and number of NACKs calculation for streaming
 - Don't select same peer for tunnel too often
-- Use WinApi for data path UTF-8 conversion for Windows 
+- Use WinApi for data path UTF-8 conversion for Windows
 ### Fixed
 - Jump link crash if address book is disabled
 - Race condition if connect through an introducer

Makefile.bsd

@@ -3,7 +3,7 @@ CXXFLAGS ?= ${CXX_DEBUG} -Wall -Wextra -Wno-unused-parameter -pedantic -Wno-misl
 DEFINES = -D_GLIBCXX_USE_NANOSLEEP=1
 INCFLAGS = -I/usr/include/ -I/usr/local/include/
 LDFLAGS = ${LD_DEBUG} -Wl,-rpath,/usr/local/lib -L/usr/local/lib
-LDLIBS = -lcrypto -lssl -lz -lpthread -lboost_system -lboost_program_options
+LDLIBS = -lssl -lcrypto -lz -lpthread -lboost_system -lboost_program_options
 
 ## NOTE: NEEDED_CXXFLAGS is here so that custom CXXFLAGS can be specified at build time
 ## **without** overwriting the CXXFLAGS which we need in order to build.

Makefile.haiku

@@ -2,7 +2,7 @@ CXX = g++
 CXXFLAGS := -Wall -std=c++17
 INCFLAGS = -I/system/develop/headers
 DEFINES = -D_DEFAULT_SOURCE -D_GNU_SOURCE
-LDLIBS = -lbe -lbsd -lnetwork -lz -lcrypto -lssl -lboost_system -lboost_program_options -lpthread
+LDLIBS = -lbe -lbsd -lnetwork -lz -lssl -lcrypto -lboost_system -lboost_program_options -lpthread
 
 ifeq ($(USE_UPNP),yes)
 	DEFINES += -DUSE_UPNP

Makefile.homebrew

@@ -18,7 +18,7 @@ endif
 	LDLIBS +=  -lpthread -ldl
 else
 	LDFLAGS += -L${SSLROOT}/lib -L${BOOSTROOT}/lib
-	LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_filesystem -lboost_program_options -lpthread
+	LDLIBS = -lz -lssl -lcrypto -lboost_system -lboost_filesystem -lboost_program_options -lpthread
 ifeq ($(USE_UPNP),yes)
 	LDFLAGS += -L${UPNPROOT}/lib
 	LDLIBS += -lminiupnpc

Makefile.linux

@@ -40,7 +40,7 @@ ifeq ($(USE_UPNP),yes)
 endif
 	LDLIBS += -lpthread -ldl
 else
-	LDLIBS += -lcrypto -lssl -lz -lboost_program_options -lpthread -latomic
+	LDLIBS += -lssl -lcrypto -lz -lboost_program_options -lpthread -latomic
 ifeq ($(USE_UPNP),yes)
 	LDLIBS += -lminiupnpc
 endif

Makefile.osx

@@ -7,9 +7,9 @@ LDFLAGS += -Wl,-dead_strip
 LDFLAGS += -Wl,-dead_strip_dylibs
 
 ifeq ($(USE_STATIC),yes)
-	LDLIBS = -lz /usr/local/lib/libcrypto.a /usr/local/lib/libssl.a /usr/local/lib/libboost_system.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread
+	LDLIBS = -lz /usr/local/lib/libssl.a /usr/local/lib/libcrypto.a /usr/local/lib/libboost_system.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread
 else
-	LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_filesystem -lboost_program_options -lpthread
+	LDLIBS = -lz -lssl -lcrypto -lboost_system -lboost_filesystem -lboost_program_options -lpthread
 endif
 
 ifeq ($(USE_UPNP),yes)

build/cmake_modules/GetGitRevisionDescription.cmake

@@ -59,7 +59,7 @@ get_filename_component(_gitdescmoddir ${CMAKE_CURRENT_LIST_FILE} PATH)
 # function returns an empty string via _git_dir_var.
 #
 # Example: Given a path C:/bla/foo/bar and assuming C:/bla/.git exists and
-# neither foo nor bar contain a file/directory .git. This wil return
+# neither foo nor bar contain a file/directory .git. This will return
 # C:/bla/.git
 #
 function(_git_find_closest_git_dir _start_dir _git_dir_var)

contrib/i2pd.conf

@@ -243,7 +243,7 @@ verify = true
 ## Default: reg.i2p at "mainline" I2P Network
 # defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
 ## Optional subscriptions URLs, separated by comma
-# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
+# subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt
 
 [limits]
 ## Maximum active transit sessions (default: 5000)

contrib/i2pd.service

@@ -2,6 +2,7 @@
 Description=I2P Router written in C++
 Documentation=man:i2pd(1) https://i2pd.readthedocs.io/en/latest/
 After=network.target
+Wants=yggdrasil.service
 
 [Service]
 User=i2pd

contrib/rpm/i2pd-git.spec

@@ -1,7 +1,7 @@
 %define git_hash %(git rev-parse HEAD | cut -c -7)
 
 Name:          i2pd-git
-Version:       2.55.0
+Version:       2.56.0
 Release:       git%{git_hash}%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd
@@ -148,6 +148,9 @@ getent passwd i2pd >/dev/null || \
 
 
 %changelog
+* Tue Feb 11 2025 orignal <orignal@i2pmail.org> - 2.56.0
+- update to 2.56.0
+
 * Mon Dec 30 2024 orignal <orignal@i2pmail.org> - 2.55.0
 - update to 2.55.0
 

contrib/rpm/i2pd.spec

@@ -1,5 +1,5 @@
 Name:          i2pd
-Version:       2.55.0
+Version:       2.56.0
 Release:       1%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd-git
@@ -146,6 +146,9 @@ getent passwd i2pd >/dev/null || \
 
 
 %changelog
+* Tue Feb 11 2025 orignal <orignal@i2pmail.org> - 2.56.0
+- update to 2.56.0
+
 * Mon Dec 30 2024 orignal <orignal@i2pmail.org> - 2.55.0
 - update to 2.55.0
 

contrib/tunnels.conf

@@ -5,6 +5,7 @@ port = 6668
 destination = irc.ilita.i2p
 destinationport = 6667
 keys = irc-keys.dat
+i2p.streaming.profile=2
 
 #[IRC-IRC2P]
 #type = client

debian/changelog

@@ -1,3 +1,9 @@
+i2pd (2.56.0-1) unstable; urgency=medium
+
+  * updated to version 2.56.0/0.9.65
+
+ -- orignal <orignal@i2pmail.org>  Tue, 11 Feb 2025 16:00:00 +0000
+
 i2pd (2.55.0-1) unstable; urgency=medium
 
   * updated to version 2.55.0

libi2pd/Blinding.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -152,11 +152,11 @@ namespace data
 			m_BlindedSigType = m_SigType;
 	}
 
-	BlindedPublicKey::BlindedPublicKey (const std::string& b33):
+	BlindedPublicKey::BlindedPublicKey (std::string_view b33):
 		m_SigType (0) // 0 means invalid, we can't blind DSA, set it later
 	{
 		uint8_t addr[40]; // TODO: define length from b33
-		size_t l = i2p::data::Base32ToByteStream (b33.c_str (), b33.length (), addr, 40);
+		size_t l = i2p::data::Base32ToByteStream (b33.data (), b33.length (), addr, 40);
 		if (l < 32)
 		{
 			LogPrint (eLogError, "Blinding: Malformed b33 ", b33);

libi2pd/Blinding.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -11,6 +11,7 @@
 
 #include <inttypes.h>
 #include <string>
+#include <string_view>
 #include <vector>
 #include "Identity.h"
 
@@ -23,7 +24,7 @@ namespace data
 		public:
 
 			BlindedPublicKey (std::shared_ptr<const IdentityEx> identity, bool clientAuth = false);
-			BlindedPublicKey (const std::string& b33); // from b33 without .b32.i2p
+			BlindedPublicKey (std::string_view b33); // from b33 without .b32.i2p
 			std::string ToB33 () const;
 
 			const uint8_t * GetPublicKey () const { return m_PublicKey.data (); };

libi2pd/Config.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -154,6 +154,17 @@ namespace config {
 			("socksproxy.i2p.streaming.profile", value<std::string>()->default_value("1"), "SOCKS Proxy bandwidth usage profile. 1 - bulk(high), 2- interactive(low)")
 		;
 
+		options_description shareddest("Shared local destination options");
+		shareddest.add_options()
+			("shareddest.inbound.length", value<std::string>()->default_value("3"),    "Shared local destination inbound tunnel length")
+			("shareddest.outbound.length", value<std::string>()->default_value("3"),   "Shared local destination outbound tunnel length")
+			("shareddest.inbound.quantity", value<std::string>()->default_value("3"),  "Shared local destination inbound tunnels quantity")
+			("shareddest.outbound.quantity", value<std::string>()->default_value("3"), "Shared local destination outbound tunnels quantity")
+			("shareddest.i2cp.leaseSetType", value<std::string>()->default_value("3"), "Shared local destination's LeaseSet type")
+			("shareddest.i2cp.leaseSetEncType", value<std::string>()->default_value("0,4"), "Shared local destination's LeaseSet encryption type")
+			("shareddest.i2p.streaming.profile", value<std::string>()->default_value("2"), "Shared local destination bandwidth usage profile. 1 - bulk(high), 2- interactive(low)")
+		;	
+		
 		options_description sam("SAM bridge options");
 		sam.add_options()
 			("sam.enabled", value<bool>()->default_value(true),               "Enable or disable SAM Application bridge")
@@ -227,7 +238,7 @@ namespace config {
 				"https://reseed.onion.im/,"
 				"https://i2pseed.creativecowpat.net:8443/,"
 				"https://reseed.i2pgit.org/,"
-				"https://banana.incognet.io/,"
+				"https://coconut.incognet.io/,"
 				"https://reseed-pl.i2pd.xyz/,"
 				"https://www2.mk16.de/,"
 			    "https://i2p.ghativega.in/,"
@@ -341,6 +352,7 @@ namespace config {
 			.add(httpserver)
 			.add(httpproxy)
 			.add(socksproxy)
+			.add(shareddest)
 			.add(sam)
 			.add(bob)
 			.add(i2cp)

libi2pd/Crypto.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -710,19 +710,41 @@ namespace crypto
 	{
 		return AEADChaCha20Poly1305 (m_Ctx, msg, msgLen, ad, adLen, key, nonce, buf, len, false);
 	}
-	
+
-	void ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out)
+	static void ChaCha20 (EVP_CIPHER_CTX *ctx, const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out)
 	{
-		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new ();
 		uint32_t iv[4];
 		iv[0] = htole32 (1); memcpy (iv + 1, nonce, 12); // counter | nonce
 		EVP_EncryptInit_ex(ctx, EVP_chacha20 (), NULL, key, (const uint8_t *)iv);
 		int outlen = 0;
 		EVP_EncryptUpdate(ctx, out, &outlen, msg, msgLen);
 		EVP_EncryptFinal_ex(ctx, NULL, &outlen);
+	}
+	
+	void ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out)
+	{
+		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new ();
+		ChaCha20 (ctx, msg, msgLen, key, nonce, out);
 		EVP_CIPHER_CTX_free (ctx);
 	}
 
+	
+	ChaCha20Context::ChaCha20Context ()
+	{
+		m_Ctx = EVP_CIPHER_CTX_new ();
+	}
+	
+	ChaCha20Context::~ChaCha20Context ()
+	{
+		if (m_Ctx)
+			EVP_CIPHER_CTX_free (m_Ctx);
+	}
+	
+	void ChaCha20Context::operator ()(const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out)
+	{
+		ChaCha20 (m_Ctx, msg, msgLen, key, nonce, out);
+	}	
+	
 	void HKDF (const uint8_t * salt, const uint8_t * key, size_t keyLen, const std::string& info,
 		uint8_t * out, size_t outLen)
 	{

libi2pd/Crypto.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -226,6 +226,19 @@ namespace crypto
 // ChaCha20
 	void ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out);
 
+	class ChaCha20Context
+	{
+		public:
+
+			ChaCha20Context ();
+			~ChaCha20Context ();
+			void operator ()(const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out);
+			
+		private:
+
+			EVP_CIPHER_CTX * m_Ctx;	
+	};
+	
 // HKDF
 
 	void HKDF (const uint8_t * salt, const uint8_t * key, size_t keyLen, const std::string& info, uint8_t * out, size_t outLen = 64); // salt - 32, out - 32 or 64, info <= 32

libi2pd/Datagram.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -104,8 +104,7 @@ namespace datagram
 
 		if (verified)
 		{
-			auto h = identity.GetIdentHash();
+			auto session = ObtainSession (identity.GetIdentHash());
-			auto session = ObtainSession(h);
 			session->Ack();
 			auto r = FindReceiver(toPort);
 			if(r)
@@ -381,15 +380,19 @@ namespace datagram
 			if (!found)
 			{
 				m_RoutingSession = m_LocalDestination->GetRoutingSession(m_RemoteLeaseSet, true);
-				if (!m_RoutingSession->GetOwner () || !m_RoutingSession->IsReadyToSend ())
+				if (m_RoutingSession)
-					m_PendingRoutingSessions.push_back (m_RoutingSession);
+				{	
+					m_RoutingSession->SetAckRequestInterval (DATAGRAM_SESSION_ACK_REQUEST_INTERVAL);
+					if (!m_RoutingSession->GetOwner () || !m_RoutingSession->IsReadyToSend ())
+						m_PendingRoutingSessions.push_back (m_RoutingSession);
+				}	
 			}
 		}
 
 		auto path = m_RoutingSession->GetSharedRoutingPath();
-		if (path && m_RoutingSession->IsRatchets () && (m_RoutingSession->CleanupUnconfirmedTags () ||
+		if (path && m_RoutingSession->IsRatchets () && m_RoutingSession->CleanupUnconfirmedTags ())
-			m_LastUse > m_RoutingSession->GetLastActivityTimestamp ()*1000 + DATAGRAM_SESSION_PATH_TIMEOUT))
 		{
+			LogPrint (eLogDebug, "Datagram: path reset");
 			m_RoutingSession->SetSharedRoutingPath (nullptr);
 			path = nullptr;
 		}

libi2pd/Datagram.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -31,8 +31,6 @@ namespace datagram
 {
 	// milliseconds for max session idle time
 	const uint64_t DATAGRAM_SESSION_MAX_IDLE = 10 * 60 * 1000;
-	// milliseconds for how long we try sticking to a dead routing path before trying to switch
-	const uint64_t DATAGRAM_SESSION_PATH_TIMEOUT = 10 * 1000;
 	// milliseconds interval a routing path is used before switching
 	const uint64_t DATAGRAM_SESSION_PATH_SWITCH_INTERVAL = 20 * 60 * 1000;
 	// milliseconds before lease expire should we try switching leases
@@ -44,6 +42,7 @@ namespace datagram
 	// max 64 messages buffered in send queue for each datagram session
 	const size_t DATAGRAM_SEND_QUEUE_MAX_SIZE = 64;
 	const uint64_t DATAGRAM_MAX_FLUSH_INTERVAL = 5; // in milliseconds
+	const int DATAGRAM_SESSION_ACK_REQUEST_INTERVAL = 5500; // in milliseconds
 
 	class DatagramSession : public std::enable_shared_from_this<DatagramSession>
 	{

libi2pd/Destination.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -195,7 +195,7 @@ namespace client
 			m_IsPublic = itr->second != "true";
 		}
 
-		int inLen, outLen, inQuant, outQuant, numTags, minLatency, maxLatency;
+		int inLen = 0, outLen = 0, inQuant = 0, outQuant = 0, numTags = 0, minLatency = 0, maxLatency = 0;
 		std::map<std::string, int&> intOpts = {
 			{I2CP_PARAM_INBOUND_TUNNEL_LENGTH, inLen},
 			{I2CP_PARAM_OUTBOUND_TUNNEL_LENGTH, outLen},
@@ -597,7 +597,8 @@ namespace client
 			m_ExcludedFloodfills.clear ();
 			m_PublishReplyToken = 0;
 			// schedule verification
-			m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT));
+			m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT +
+				(m_Pool ? m_Pool->GetRng ()() % PUBLISH_VERIFICATION_TIMEOUT_VARIANCE : 0)));
 			m_PublishVerificationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishVerificationTimer,
 			shared_from_this (), std::placeholders::_1));
 		}
@@ -676,8 +677,8 @@ namespace client
 				m_ExcludedFloodfills.clear ();
 				m_PublishReplyToken = 1; // dummy non-zero value
 				// try again after a while
-				LogPrint (eLogInfo, "Destination: Can't publish LeasetSet because destination is not ready. Try publishing again after ", PUBLISH_CONFIRMATION_TIMEOUT, " seconds");
+				LogPrint (eLogInfo, "Destination: Can't publish LeasetSet because destination is not ready. Try publishing again after ", PUBLISH_CONFIRMATION_TIMEOUT, " milliseconds");
-				m_PublishConfirmationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_CONFIRMATION_TIMEOUT));
+				m_PublishConfirmationTimer.expires_from_now (boost::posix_time::milliseconds(PUBLISH_CONFIRMATION_TIMEOUT));
 				m_PublishConfirmationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishConfirmationTimer,
 					shared_from_this (), std::placeholders::_1));
 				return;
@@ -696,7 +697,7 @@ namespace client
 						s->HandlePublishConfirmationTimer (boost::system::error_code());
 					});
 			};
-		m_PublishConfirmationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_CONFIRMATION_TIMEOUT));
+		m_PublishConfirmationTimer.expires_from_now (boost::posix_time::milliseconds(PUBLISH_CONFIRMATION_TIMEOUT));
 		m_PublishConfirmationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishConfirmationTimer,
 			shared_from_this (), std::placeholders::_1));
 		outbound->SendTunnelDataMsgTo (floodfill->GetIdentHash (), 0, msg);
@@ -712,15 +713,15 @@ namespace client
 				m_PublishReplyToken = 0;
 				if (GetIdentity ()->GetCryptoKeyType () == i2p::data::CRYPTO_KEY_TYPE_ELGAMAL)
 				{
-					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " seconds or failed. will try again");
+					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " milliseconds or failed. will try again");
 					Publish ();
 				}
 				else
 				{
-					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " seconds from Java floodfill for crypto type ", (int)GetIdentity ()->GetCryptoKeyType ());
+					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " milliseconds from Java floodfill for crypto type ", (int)GetIdentity ()->GetCryptoKeyType ());
 					// Java floodfill never sends confirmation back for unknown crypto type
 					// assume it successive and try to verify
-					m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT));
+					m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT + PUBLISH_VERIFICATION_TIMEOUT_VARIANCE)); // always max
 					m_PublishVerificationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishVerificationTimer,
 			shared_from_this (), std::placeholders::_1));
 

libi2pd/Destination.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -36,8 +36,9 @@ namespace client
 	const uint8_t PROTOCOL_TYPE_STREAMING = 6;
 	const uint8_t PROTOCOL_TYPE_DATAGRAM = 17;
 	const uint8_t PROTOCOL_TYPE_RAW = 18;
-	const int PUBLISH_CONFIRMATION_TIMEOUT = 5; // in seconds
+	const int PUBLISH_CONFIRMATION_TIMEOUT = 1800; // in milliseconds
-	const int PUBLISH_VERIFICATION_TIMEOUT = 10; // in seconds after successful publish
+	const int PUBLISH_VERIFICATION_TIMEOUT = 5; // in seconds after successful publish
+	const int PUBLISH_VERIFICATION_TIMEOUT_VARIANCE = 3; // in seconds
 	const int PUBLISH_MIN_INTERVAL = 20; // in seconds
 	const int PUBLISH_REGULAR_VERIFICATION_INTERNAL = 100; // in seconds periodically
 	const int LEASESET_REQUEST_TIMEOUT = 1600; // in milliseconds

libi2pd/ECIESX25519AEADRatchetSession.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -913,7 +913,7 @@ namespace garlic
 			}
 		}
 		if (!sendAckRequest && !first &&
-		    ((!m_AckRequestMsgID && ts > m_LastAckRequestSendTime + ECIESX25519_ACK_REQUEST_INTERVAL) || // regular request
+		    ((!m_AckRequestMsgID && ts > m_LastAckRequestSendTime + m_AckRequestInterval) || // regular request
 		     (m_AckRequestMsgID && ts > m_LastAckRequestSendTime + LEASESET_CONFIRMATION_TIMEOUT))) // previous request failed. try again
 		{	
 			// not LeaseSet

libi2pd/ECIESX25519AEADRatchetSession.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -33,7 +33,7 @@ namespace garlic
 	const int ECIESX25519_SESSION_CREATE_TIMEOUT = 3; // in seconds, NSR must be send after NS received
 	const int ECIESX25519_SESSION_ESTABLISH_TIMEOUT = 15; // in seconds 
 	const int ECIESX25519_PREVIOUS_TAGSET_EXPIRATION_TIMEOUT = 180; // in seconds
-	const int ECIESX25519_ACK_REQUEST_INTERVAL = 33000; // in milliseconds
+	const int ECIESX25519_DEFAULT_ACK_REQUEST_INTERVAL = 33000; // in milliseconds
 	const int ECIESX25519_ACK_REQUEST_MAX_NUM_ATTEMPTS = 3;
 	const int ECIESX25519_TAGSET_MAX_NUM_TAGS = 8192; // number of tags we request new tagset after
 	const int ECIESX25519_MIN_NUM_GENERATED_TAGS = 24;
@@ -164,7 +164,7 @@ namespace garlic
 			~ECIESX25519AEADRatchetSession ();
 
 			bool HandleNextMessage (uint8_t * buf, size_t len, std::shared_ptr<ReceiveRatchetTagSet> receiveTagset, int index = 0);
-			std::shared_ptr<I2NPMessage> WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg);
+			std::shared_ptr<I2NPMessage> WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg) override;
 			std::shared_ptr<I2NPMessage> WrapOneTimeMessage (std::shared_ptr<const I2NPMessage> msg);
 
 			const uint8_t * GetRemoteStaticKey () const { return m_RemoteStaticKey; }
@@ -180,11 +180,12 @@ namespace garlic
 			bool CanBeRestarted (uint64_t ts) const { return ts > m_SessionCreatedTimestamp + ECIESX25519_RESTART_TIMEOUT; }
 			bool IsInactive (uint64_t ts) const { return ts > m_LastActivityTimestamp + ECIESX25519_INACTIVITY_TIMEOUT && CanBeRestarted (ts); }
 
-			bool IsRatchets () const { return true; };
+			bool IsRatchets () const override { return true; };
-			bool IsReadyToSend () const { return m_State != eSessionStateNewSessionSent; };
+			bool IsReadyToSend () const override { return m_State != eSessionStateNewSessionSent; };
-			bool IsTerminated () const { return m_IsTerminated; }
+			bool IsTerminated () const override { return m_IsTerminated; }
-			uint64_t GetLastActivityTimestamp () const { return m_LastActivityTimestamp; };
+			uint64_t GetLastActivityTimestamp () const override { return m_LastActivityTimestamp; };
-			bool CleanupUnconfirmedTags (); // return true if unaswered Ack requests, called from I2CP
+			void SetAckRequestInterval (int interval) override { m_AckRequestInterval = interval; };
+			bool CleanupUnconfirmedTags () override; // return true if unaswered Ack requests, called from I2CP
 			
 		protected:
 
@@ -192,7 +193,7 @@ namespace garlic
 			void SetNoiseState (const i2p::crypto::NoiseSymmetricState& state) { GetNoiseState () = state; };
 			void CreateNonce (uint64_t seqn, uint8_t * nonce);
 			void HandlePayload (const uint8_t * buf, size_t len, const std::shared_ptr<ReceiveRatchetTagSet>& receiveTagset, int index);
-			bool MessageConfirmed (uint32_t msgID);
+			bool MessageConfirmed (uint32_t msgID) override;
 			
 		private:
 
@@ -235,6 +236,7 @@ namespace garlic
 			uint64_t m_LastAckRequestSendTime = 0; // milliseconds
 			uint32_t m_AckRequestMsgID = 0; 
 			int m_AckRequestNumAttempts = 0;
+			int m_AckRequestInterval = ECIESX25519_DEFAULT_ACK_REQUEST_INTERVAL; // milliseconds
 			
 		public:
 

libi2pd/Garlic.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -116,7 +116,8 @@ namespace garlic
 			virtual bool IsReadyToSend () const { return true; };
 			virtual bool IsTerminated () const { return !GetOwner (); };
 			virtual uint64_t GetLastActivityTimestamp () const { return 0; }; // non-zero for rathets only
-
+			virtual void SetAckRequestInterval (int interval) {}; // in milliseconds, override in ECIESX25519AEADRatchetSession
+			
 			void SetLeaseSetUpdated ()
 			{
 				if (m_LeaseSetUpdateStatus != eLeaseSetDoNotSend) m_LeaseSetUpdateStatus = eLeaseSetUpdated;

libi2pd/Identity.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -27,18 +27,15 @@ namespace data
 
 	size_t Identity::FromBuffer (const uint8_t * buf, size_t len)
 	{
-		if ( len < DEFAULT_IDENTITY_SIZE ) {
+		if (len < DEFAULT_IDENTITY_SIZE) return 0; // buffer too small, don't overflow
-			// buffer too small, don't overflow
+		memcpy (this, buf, DEFAULT_IDENTITY_SIZE);
-			return 0;
-		}
-		memcpy (publicKey, buf, DEFAULT_IDENTITY_SIZE);
 		return DEFAULT_IDENTITY_SIZE;
 	}
 
 	IdentHash Identity::Hash () const
 	{
 		IdentHash hash;
-		SHA256(publicKey, DEFAULT_IDENTITY_SIZE, hash);
+		SHA256((const uint8_t *)this, DEFAULT_IDENTITY_SIZE, hash);
 		return hash;
 	}
 
@@ -262,11 +259,11 @@ namespace data
 		return fullLen;
 	}
 
-	size_t IdentityEx::FromBase64(const std::string& s)
+	size_t IdentityEx::FromBase64(std::string_view s)
 	{
 		const size_t slen = s.length();
 		std::vector<uint8_t> buf(slen); // binary data can't exceed base64
-		const size_t len = Base64ToByteStream (s.c_str(), slen, buf.data(), slen);
+		const size_t len = Base64ToByteStream (s.data(), slen, buf.data(), slen);
 		return FromBuffer (buf.data(), len);
 	}
 
@@ -728,9 +725,7 @@ namespace data
 			case SIGNING_KEY_TYPE_RSA_SHA384_3072:
 			case SIGNING_KEY_TYPE_RSA_SHA512_4096:
 				LogPrint (eLogWarning, "Identity: RSA signature type is not supported. Creating EdDSA");
-#if (__cplusplus >= 201703L) // C++ 17 or higher
 				[[fallthrough]];
-#endif
 				// no break here
 			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
 				i2p::crypto::CreateEDDSA25519RandomKeys (priv, pub);

libi2pd/Identity.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -12,6 +12,7 @@
 #include <inttypes.h>
 #include <string.h>
 #include <string>
+#include <string_view>
 #include <memory>
 #include <vector>
 #include "Base.h"
@@ -99,7 +100,7 @@ namespace data
 
 			size_t FromBuffer (const uint8_t * buf, size_t len);
 			size_t ToBuffer (uint8_t * buf, size_t len) const;
-			size_t FromBase64(const std::string& s);
+			size_t FromBase64(std::string_view s);
 			std::string ToBase64 () const;
 			const Identity& GetStandardIdentity () const { return m_StandardIdentity; };
 

libi2pd/NTCP2.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -819,15 +819,20 @@ namespace transport
 			Terminate ();
 			return;
 		}
-		std::shared_ptr<i2p::data::RouterProfile> profile; // not null if older 
+		
+		bool isOlder = false;
 		if (ri.GetTimestamp () + i2p::data::NETDB_EXPIRATION_TIMEOUT_THRESHOLD*1000LL < ri1->GetTimestamp ())
 		{	
 			// received RouterInfo is older than one in netdb
-			profile = i2p::data::GetRouterProfile (ri1->GetIdentHash ()); // retrieve profile	
+			isOlder = true;
-			if (profile && profile->IsDuplicated ())
+			if (ri1->HasProfile ())
 			{	
-				SendTerminationAndTerminate (eNTCP2Banned);
+				auto profile = i2p::data::GetRouterProfile (ri1->GetIdentHash ()); // retrieve profile	
-				return;
+				if (profile && profile->IsDuplicated ())
+				{	
+					SendTerminationAndTerminate (eNTCP2Banned);
+					return;
+				}	
 			}	
 		}
 		
@@ -844,8 +849,12 @@ namespace transport
 		     memcmp (m_RemoteEndpoint.address ().to_v6 ().to_bytes ().data () + 1, addr->host.to_v6 ().to_bytes ().data () + 1, 7) : // from the same yggdrasil subnet
 		     memcmp (m_RemoteEndpoint.address ().to_v6 ().to_bytes ().data (), addr->host.to_v6 ().to_bytes ().data (), 8)))) // temporary address
 		{
-			if (profile) // older router?
+			if (isOlder) // older router?
-				profile->Duplicated (); // mark router as duplicated in profile
+				i2p::data::UpdateRouterProfile (ri1->GetIdentHash (),
+					[](std::shared_ptr<i2p::data::RouterProfile> profile)
+					{
+						if (profile) profile->Duplicated (); // mark router as duplicated in profile
+					});
 			else
 				LogPrint (eLogInfo, "NTCP2: Host mismatch between published address ", addr->host, " and actual endpoint ", m_RemoteEndpoint.address ());
 			SendTerminationAndTerminate (eNTCP2Banned);

libi2pd/NetDb.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -10,7 +10,6 @@
 #include <fstream>
 #include <vector>
 #include <map>
-#include <random>
 #include <boost/asio.hpp>
 #include <stdexcept>
 
@@ -40,7 +39,7 @@ namespace data
 
 	NetDb::NetDb (): m_IsRunning (false), m_Thread (nullptr), m_Reseeder (nullptr), 
 		m_Storage("netDb", "r", "routerInfo-", "dat"), m_PersistProfiles (true),
-		m_LastExploratorySelectionUpdateTime (0)
+		m_LastExploratorySelectionUpdateTime (0), m_Rng(i2p::util::GetMonotonicMicroseconds () % 1000000LL)
 	{
 	}
 
@@ -119,8 +118,9 @@ namespace data
 		i2p::util::SetThreadName("NetDB");
 
 		uint64_t lastManage = 0;
-		uint64_t lastProfilesCleanup = i2p::util::GetMonotonicMilliseconds (), lastObsoleteProfilesCleanup = lastProfilesCleanup;
+		uint64_t lastProfilesCleanup = i2p::util::GetMonotonicMilliseconds (), 
-		int16_t profilesCleanupVariance = 0, obsoleteProfilesCleanVariance = 0;
+			lastObsoleteProfilesCleanup = lastProfilesCleanup, lastApplyingProfileUpdates = lastProfilesCleanup;
+		int16_t profilesCleanupVariance = 0, obsoleteProfilesCleanVariance = 0, applyingProfileUpdatesVariance = 0;
 
 		std::list<std::shared_ptr<const I2NPMessage> > msgs;
 		while (m_IsRunning)
@@ -181,7 +181,7 @@ namespace data
 							LogPrint (eLogWarning, "NetDb: Can't persist profiles. Profiles are being saved to disk");
 					}	
 					lastProfilesCleanup = mts;
-					profilesCleanupVariance = rand () % i2p::data::PEER_PROFILE_AUTOCLEAN_VARIANCE;
+					profilesCleanupVariance = m_Rng () % i2p::data::PEER_PROFILE_AUTOCLEAN_VARIANCE;
 				}
 
 				if (mts >= lastObsoleteProfilesCleanup + (uint64_t)(i2p::data::PEER_PROFILE_OBSOLETE_PROFILES_CLEAN_TIMEOUT + obsoleteProfilesCleanVariance)*1000)
@@ -197,7 +197,20 @@ namespace data
 					else
 						LogPrint (eLogWarning, "NetDb: Can't delete profiles. Profiles are being deleted from disk");
 					lastObsoleteProfilesCleanup = mts;
-					obsoleteProfilesCleanVariance = rand () % i2p::data::PEER_PROFILE_OBSOLETE_PROFILES_CLEAN_VARIANCE;
+					obsoleteProfilesCleanVariance = m_Rng () % i2p::data::PEER_PROFILE_OBSOLETE_PROFILES_CLEAN_VARIANCE;
+				}	
+				if (mts >= lastApplyingProfileUpdates + i2p::data::PEER_PROFILE_APPLY_POSTPONED_TIMEOUT + applyingProfileUpdatesVariance)
+				{
+					bool isApplying = m_ApplyingProfileUpdates.valid ();
+					if (isApplying && m_ApplyingProfileUpdates.wait_for(std::chrono::seconds(0)) == std::future_status::ready) // still active?
+					{
+						m_ApplyingProfileUpdates.get ();
+						isApplying = false;
+					}	
+					if (!isApplying)
+						m_ApplyingProfileUpdates = i2p::data::FlushPostponedRouterProfileUpdates ();
+					lastApplyingProfileUpdates = mts;
+					applyingProfileUpdatesVariance = m_Rng () % i2p::data::PEER_PROFILE_APPLY_POSTPONED_TIMEOUT_VARIANCE;
 				}	
 			}
 			catch (std::exception& ex)
@@ -281,6 +294,7 @@ namespace data
 			}
 			else
 			{
+				r->CancelBufferToDelete (); // since an update received
 				if (CheckLogLevel (eLogDebug))
 					LogPrint (eLogDebug, "NetDb: RouterInfo is older: ", ident.ToBase64());
 				updated = false;
@@ -557,7 +571,7 @@ namespace data
 		while(n > 0)
 		{
 			std::lock_guard<std::mutex> lock(m_RouterInfosMutex);
-			uint32_t idx = rand () % m_RouterInfos.size ();
+			uint32_t idx = m_Rng () % m_RouterInfos.size ();
 			uint32_t i = 0;
 			for (const auto & it : m_RouterInfos) {
 				if(i >= idx) // are we at the random start point?
@@ -660,15 +674,20 @@ namespace data
 					{
 						std::lock_guard<std::mutex> l(m_RouterInfosMutex); // possible collision between DeleteBuffer and Update
 						buffer = r->CopyBuffer ();
-						r->ScheduleBufferToDelete ();
 					}
+					if (!i2p::transport::transports.IsConnected (ident))
+						r->ScheduleBufferToDelete ();
 					if (buffer)
-						saveToDisk.push_back(std::make_pair(ident.ToBase64 (), buffer));
+						saveToDisk.emplace_back(ident.ToBase64 (), buffer);
 				}
 				r->SetUpdated (false);
 				updatedCount++;
 				continue;
 			}
+			else if (r->GetBuffer () && ts > r->GetTimestamp () + NETDB_MIN_EXPIRATION_TIMEOUT*1000LL)
+				// since update was long time ago we assume that router is not connected anymore
+				r->ScheduleBufferToDelete ();
+			
 			if (r->GetProfile ()->IsUnreachable ())
 				r->SetUnreachable (true);
 			// make router reachable back if too few routers or floodfills
@@ -704,7 +723,7 @@ namespace data
 			{
 				if (r->IsFloodfill ()) deletedFloodfillsCount++;
 				// delete RI file
-				removeFromDisk.push_back (ident.ToBase64());
+				removeFromDisk.emplace_back (ident.ToBase64());
 				deletedCount++;
 				if (total - deletedCount < NETDB_MIN_ROUTERS) checkForExpiration = false;
 			}
@@ -1331,7 +1350,7 @@ namespace data
 			if (eligible.size () > NETDB_MAX_EXPLORATORY_SELECTION_SIZE)
 			{
 				 std::sample (eligible.begin(), eligible.end(), std::back_inserter(m_ExploratorySelection),
-				 	NETDB_MAX_EXPLORATORY_SELECTION_SIZE, std::mt19937(ts));
+				 	NETDB_MAX_EXPLORATORY_SELECTION_SIZE, m_Rng);
 			}	
 			else
 				std::swap (m_ExploratorySelection, eligible);	

libi2pd/NetDb.hpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -16,6 +16,7 @@
 #include <thread>
 #include <mutex>
 #include <future>
+#include <random>
 
 #include "Base.h"
 #include "Gzip.h"
@@ -52,6 +53,7 @@ namespace data
 	const int NETDB_MIN_HIGHBANDWIDTH_VERSION = MAKE_VERSION_NUMBER(0, 9, 58); // 0.9.58
 	const int NETDB_MIN_FLOODFILL_VERSION = MAKE_VERSION_NUMBER(0, 9, 59); // 0.9.59
 	const int NETDB_MIN_SHORT_TUNNEL_BUILD_VERSION = MAKE_VERSION_NUMBER(0, 9, 51); // 0.9.51
+	const int NETDB_MIN_PEER_TEST_VERSION = MAKE_VERSION_NUMBER(0, 9, 62); // 0.9.62
 	const size_t NETDB_MAX_NUM_SEARCH_REPLY_PEER_HASHES = 16;
 	const size_t NETDB_MAX_EXPLORATORY_SELECTION_SIZE = 500;
 	const int NETDB_EXPLORATORY_SELECTION_UPDATE_INTERVAL = 82; // in seconds. for floodfill
@@ -185,10 +187,11 @@ namespace data
 			std::shared_ptr<NetDbRequests> m_Requests;
 
 			bool m_PersistProfiles;
-			std::future<void> m_SavingProfiles, m_DeletingProfiles, m_PersistingRouters;
+			std::future<void> m_SavingProfiles, m_DeletingProfiles, m_ApplyingProfileUpdates, m_PersistingRouters;
 
 			std::vector<std::shared_ptr<const RouterInfo> > m_ExploratorySelection;
 			uint64_t m_LastExploratorySelectionUpdateTime; // in monotonic seconds
+			std::mt19937 m_Rng;
 
 			i2p::util::MemoryPoolMt<RouterInfo::Buffer> m_RouterInfoBuffersPool;
 			i2p::util::MemoryPoolMt<RouterInfo::Address> m_RouterInfoAddressesPool;

libi2pd/NetDbRequests.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -20,8 +20,10 @@ namespace i2p
 namespace data
 {
 	RequestedDestination::RequestedDestination (const IdentHash& destination, bool isExploratory, bool direct):
-		m_Destination (destination), m_IsExploratory (isExploratory), m_IsDirect (direct), m_IsActive (true),
+		m_Destination (destination), m_IsExploratory (isExploratory), m_IsDirect (direct), 
-		m_CreationTime (i2p::util::GetMillisecondsSinceEpoch ()), m_LastRequestTime (0), m_NumAttempts (0)
+		m_IsActive (true), m_IsSentDirectly (false),
+		m_CreationTime (i2p::util::GetMillisecondsSinceEpoch ()), 
+		m_LastRequestTime (0), m_NumAttempts (0)
 	{
 		if (i2p::context.IsFloodfill ())
 			m_ExcludedPeers.insert (i2p::context.GetIdentHash ()); // exclude self if floodfill
@@ -46,6 +48,7 @@ namespace data
 			m_ExcludedPeers.insert (router->GetIdentHash ());
 		m_LastRequestTime = i2p::util::GetMillisecondsSinceEpoch ();
 		m_NumAttempts++;
+		m_IsSentDirectly = false;
 		return msg;
 	}
 
@@ -56,6 +59,7 @@ namespace data
 		m_ExcludedPeers.insert (floodfill);
 		m_NumAttempts++;
 		m_LastRequestTime = i2p::util::GetMillisecondsSinceEpoch ();
+		m_IsSentDirectly = true;
 		return msg;
 	}
 
@@ -222,7 +226,8 @@ namespace data
 					bool done = false;
 					if (ts < dest->GetCreationTime () + MAX_REQUEST_TIME)
 					{
-						if (ts > dest->GetLastRequestTime () + MIN_REQUEST_TIME) // try next floodfill if no response after min interval
+						if (ts > dest->GetLastRequestTime () + (dest->IsSentDirectly () ? MIN_DIRECT_REQUEST_TIME : MIN_REQUEST_TIME)) 
+						// try next floodfill if no response after min interval
 							done = !SendNextRequest (dest);
 					}
 					else // request is expired

libi2pd/NetDbRequests.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -28,6 +28,7 @@ namespace data
 	const uint64_t MANAGE_REQUESTS_INTERVAL_VARIANCE = 300; // in milliseconds
 	const uint64_t MIN_REQUEST_TIME = 1200; // in milliseconds
 	const uint64_t MAX_REQUEST_TIME = MAX_NUM_REQUEST_ATTEMPTS * (MIN_REQUEST_TIME + MANAGE_REQUESTS_INTERVAL + MANAGE_REQUESTS_INTERVAL_VARIANCE);
+	const uint64_t MIN_DIRECT_REQUEST_TIME = 600; // in milliseconds
 	const uint64_t EXPLORATORY_REQUEST_INTERVAL = 55; // in seconds
 	const uint64_t EXPLORATORY_REQUEST_INTERVAL_VARIANCE = 170; // in seconds 
 	const uint64_t DISCOVERED_REQUEST_INTERVAL = 360; // in milliseconds
@@ -52,6 +53,7 @@ namespace data
 			bool IsExploratory () const { return m_IsExploratory; };
 			bool IsDirect () const { return m_IsDirect; };
 			bool IsActive () const { return m_IsActive; };
+			bool IsSentDirectly () const { return m_IsSentDirectly; };
 			bool IsExcluded (const IdentHash& ident) const;
 			uint64_t GetCreationTime () const { return m_CreationTime; };
 			uint64_t GetLastRequestTime () const { return m_LastRequestTime; };
@@ -70,7 +72,7 @@ namespace data
 		private:
 
 			IdentHash m_Destination;
-			bool m_IsExploratory, m_IsDirect, m_IsActive;
+			bool m_IsExploratory, m_IsDirect, m_IsActive, m_IsSentDirectly;
 			std::unordered_set<IdentHash> m_ExcludedPeers;
 			uint64_t m_CreationTime, m_LastRequestTime; // in milliseconds
 			std::list<RequestComplete> m_RequestComplete;

libi2pd/Profiling.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -27,13 +27,15 @@ namespace data
 	static i2p::fs::HashedStorage g_ProfilesStorage("peerProfiles", "p", "profile-", "txt");
 	static std::unordered_map<i2p::data::IdentHash, std::shared_ptr<RouterProfile> > g_Profiles;
 	static std::mutex g_ProfilesMutex;
-
+	static std::list<std::pair<i2p::data::IdentHash, std::function<void (std::shared_ptr<RouterProfile>)> > > g_PostponedUpdates;
+	static std::mutex g_PostponedUpdatesMutex;
+	
 	RouterProfile::RouterProfile ():
 		m_IsUpdated (false), m_LastDeclineTime (0), m_LastUnreachableTime (0),
-		m_LastUpdateTime (i2p::util::GetSecondsSinceEpoch ()), 
+		m_LastUpdateTime (i2p::util::GetSecondsSinceEpoch ()), m_LastAccessTime (0),
-		m_NumTunnelsAgreed (0), m_NumTunnelsDeclined (0), m_NumTunnelsNonReplied (0),
+		m_LastPersistTime (0), m_NumTunnelsAgreed (0), m_NumTunnelsDeclined (0),
-		m_NumTimesTaken (0), m_NumTimesRejected (0), m_HasConnected (false),
+		m_NumTunnelsNonReplied (0),m_NumTimesTaken (0), m_NumTimesRejected (0),
-		m_IsDuplicated (false)
+		m_HasConnected (false), m_IsDuplicated (false)
 	{
 	}
 
@@ -78,6 +80,7 @@ namespace data
 
 	void RouterProfile::Load (const IdentHash& identHash)
 	{
+		m_IsUpdated = false;
 		std::string ident = identHash.ToBase64 ();
 		std::string path = g_ProfilesStorage.Path(ident);
 		boost::property_tree::ptree pt;
@@ -255,30 +258,42 @@ namespace data
 			std::unique_lock<std::mutex> l(g_ProfilesMutex);
 			auto it = g_Profiles.find (identHash);
 			if (it != g_Profiles.end ())
+			{
+				it->second->SetLastAccessTime (i2p::util::GetSecondsSinceEpoch ());
 				return it->second;
+			}	
 		}
 		auto profile = netdb.NewRouterProfile ();
 		profile->Load (identHash); // if possible
-		std::unique_lock<std::mutex> l(g_ProfilesMutex);
+		std::lock_guard<std::mutex> l(g_ProfilesMutex);
 		g_Profiles.emplace (identHash, profile);
 		return profile;
 	}
 
 	bool IsRouterBanned (const IdentHash& identHash)
 	{
-		std::unique_lock<std::mutex> l(g_ProfilesMutex);
+		std::lock_guard<std::mutex> l(g_ProfilesMutex);
 		auto it = g_Profiles.find (identHash);
 		if (it != g_Profiles.end ())
 			return it->second->IsUnreachable ();
 		return false;
 	}	
+
+	bool IsRouterDuplicated (const IdentHash& identHash)
+	{
+		std::lock_guard<std::mutex> l(g_ProfilesMutex);
+		auto it = g_Profiles.find (identHash);
+		if (it != g_Profiles.end ())
+			return it->second->IsDuplicated ();
+		return false;
+	}	
 		
 	void InitProfilesStorage ()
 	{
 		g_ProfilesStorage.SetPlace(i2p::fs::GetDataDir());
 		g_ProfilesStorage.Init(i2p::data::GetBase64SubstitutionTable(), 64);
 	}
-
+		
 	static void SaveProfilesToDisk (std::list<std::pair<i2p::data::IdentHash, std::shared_ptr<RouterProfile> > >&& profiles)
 	{
 		for (auto& it: profiles)
@@ -290,15 +305,17 @@ namespace data
 		auto ts = i2p::util::GetSecondsSinceEpoch ();
 		std::list<std::pair<i2p::data::IdentHash, std::shared_ptr<RouterProfile> > > tmp;
 		{
-			std::unique_lock<std::mutex> l(g_ProfilesMutex);
+			std::lock_guard<std::mutex> l(g_ProfilesMutex);
 			for (auto it = g_Profiles.begin (); it != g_Profiles.end ();)
 			{
-				if (ts - it->second->GetLastUpdateTime () > PEER_PROFILE_PERSIST_INTERVAL)
+				if (it->second->IsUpdated () && ts > it->second->GetLastPersistTime () + PEER_PROFILE_PERSIST_INTERVAL)
 				{
-					if (it->second->IsUpdated ())
+					tmp.push_back (std::make_pair (it->first, it->second));
-						tmp.push_back (std::make_pair (it->first, it->second));
+					it->second->SetLastPersistTime (ts);
+					it->second->SetUpdated (false);
+				}	
+				if (!it->second->IsUpdated () && ts > std::max (it->second->GetLastUpdateTime (), it->second->GetLastAccessTime ()) + PEER_PROFILE_PERSIST_INTERVAL)
 					it = g_Profiles.erase (it);
-				}
 				else
 					it++;
 			}
@@ -312,7 +329,7 @@ namespace data
 	{
 		std::unordered_map<i2p::data::IdentHash, std::shared_ptr<RouterProfile> > tmp;
 		{
-			std::unique_lock<std::mutex> l(g_ProfilesMutex);
+			std::lock_guard<std::mutex> l(g_ProfilesMutex);
 			std::swap (tmp, g_Profiles);
 		}
 		auto ts = i2p::util::GetSecondsSinceEpoch ();
@@ -347,7 +364,7 @@ namespace data
 	{
 		{
 			auto ts = i2p::util::GetSecondsSinceEpoch ();
-			std::unique_lock<std::mutex> l(g_ProfilesMutex);
+			std::lock_guard<std::mutex> l(g_ProfilesMutex);
 			for (auto it = g_Profiles.begin (); it != g_Profiles.end ();)
 			{
 				if (ts - it->second->GetLastUpdateTime () >= PEER_PROFILE_EXPIRATION_TIMEOUT)
@@ -359,5 +376,47 @@ namespace data
 
 		return std::async (std::launch::async, DeleteFilesFromDisk);
 	}
+
+	bool UpdateRouterProfile (const IdentHash& identHash, std::function<void (std::shared_ptr<RouterProfile>)> update)
+	{
+		if (!update) return true;
+		std::shared_ptr<RouterProfile> profile;
+		{
+			std::lock_guard<std::mutex> l(g_ProfilesMutex);
+			auto it = g_Profiles.find (identHash);
+			if (it != g_Profiles.end ())
+				profile = it->second;
+		}
+		if (profile)
+		{
+			update (profile);
+			return true;
+		}	
+		// postpone
+		std::lock_guard<std::mutex> l(g_PostponedUpdatesMutex);
+		g_PostponedUpdates.emplace_back (identHash, update);
+		return false;
+	}	
+
+	static void ApplyPostponedUpdates (std::list<std::pair<i2p::data::IdentHash, std::function<void (std::shared_ptr<RouterProfile>)> > >&& updates)
+	{
+		for (const auto& [ident, update] : updates)
+		{
+			auto profile = GetRouterProfile (ident);
+			update (profile);
+		}	
+	}	
+		
+	std::future<void> FlushPostponedRouterProfileUpdates ()
+	{
+		if (g_PostponedUpdates.empty ()) return std::future<void>();
+
+		std::list<std::pair<i2p::data::IdentHash, std::function<void (std::shared_ptr<RouterProfile>)> > > updates;
+		{
+			std::lock_guard<std::mutex> l(g_PostponedUpdatesMutex);
+			g_PostponedUpdates.swap (updates);
+		}		
+		return std::async (std::launch::async, ApplyPostponedUpdates, std::move (updates));	
+	}	
 }
 }

libi2pd/Profiling.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -11,6 +11,7 @@
 
 #include <memory>
 #include <future>
+#include <functional>
 #include <boost/asio.hpp>
 #include "Identity.h"
 
@@ -44,6 +45,8 @@ namespace data
 	const int PEER_PROFILE_UNREACHABLE_INTERVAL = 480; // in seconds (8 minutes)
 	const int PEER_PROFILE_USEFUL_THRESHOLD = 3;
 	const int PEER_PROFILE_ALWAYS_DECLINING_NUM = 5; // num declines in row to consider always declined
+	const int PEER_PROFILE_APPLY_POSTPONED_TIMEOUT = 2100; // in milliseconds	
+	const int PEER_PROFILE_APPLY_POSTPONED_TIMEOUT_VARIANCE = 500; // in milliseconds	
 	
 	class RouterProfile
 	{
@@ -67,6 +70,11 @@ namespace data
 
 			uint64_t GetLastUpdateTime () const { return m_LastUpdateTime; };
 			bool IsUpdated () const { return m_IsUpdated; };
+			void SetUpdated (bool updated) { m_IsUpdated = updated; }
+			uint64_t GetLastAccessTime () const { return m_LastAccessTime; };
+			void SetLastAccessTime (uint64_t ts) { m_LastAccessTime = ts; };
+			uint64_t GetLastPersistTime () const { return m_LastPersistTime; };
+			void SetLastPersistTime (uint64_t ts) { m_LastPersistTime = ts; };
 			
 			bool IsUseful() const;
 			bool IsDuplicated () const { return m_IsDuplicated; };
@@ -88,7 +96,8 @@ namespace data
 		private:
 
 			bool m_IsUpdated;
-			uint64_t m_LastDeclineTime, m_LastUnreachableTime, m_LastUpdateTime; // in seconds
+			uint64_t m_LastDeclineTime, m_LastUnreachableTime, m_LastUpdateTime, 
+				m_LastAccessTime, m_LastPersistTime; // in seconds
 			// participation
 			uint32_t m_NumTunnelsAgreed;
 			uint32_t m_NumTunnelsDeclined;
@@ -104,10 +113,13 @@ namespace data
 
 	std::shared_ptr<RouterProfile> GetRouterProfile (const IdentHash& identHash);
 	bool IsRouterBanned (const IdentHash& identHash); // check only existing profiles
+	bool IsRouterDuplicated (const IdentHash& identHash); // check only existing profiles
 	void InitProfilesStorage ();
 	std::future<void> DeleteObsoleteProfiles ();
 	void SaveProfiles ();
 	std::future<void> PersistProfiles ();
+	bool UpdateRouterProfile (const IdentHash& identHash, std::function<void (std::shared_ptr<RouterProfile>)> update); // return true if updated immediately, and false if postponed
+	std::future<void> FlushPostponedRouterProfileUpdates ();
 }
 }
 

libi2pd/RouterContext.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -33,13 +33,14 @@ namespace i2p
 		m_ShareRatio (100), m_Status (eRouterStatusUnknown), m_StatusV6 (eRouterStatusUnknown),
 		m_Error (eRouterErrorNone), m_ErrorV6 (eRouterErrorNone),
 		m_Testing (false), m_TestingV6 (false), m_NetID (I2PD_NET_ID),
-		m_PublishReplyToken (0), m_IsHiddenMode (false)
+		m_PublishReplyToken (0), m_IsHiddenMode (false), 
+		m_Rng(i2p::util::GetMonotonicMicroseconds () % 1000000LL), m_IsSaving (false)
 	{
 	}
 
 	void RouterContext::Init ()
 	{
-		srand (i2p::util::GetMillisecondsSinceEpoch () % 1000);
+		srand (m_Rng () % 1000);
 		m_StartupTime = i2p::util::GetMonotonicSeconds ();
 
 		if (!Load ())
@@ -76,7 +77,7 @@ namespace i2p
 				m_CongestionUpdateTimer->cancel ();
 			m_Service->Stop ();
 			CleanUp (); // GarlicDestination
-		}	
+		}
 	}	
 
 	std::shared_ptr<i2p::data::RouterInfo::Buffer> RouterContext::CopyRouterInfoBuffer () const
@@ -253,11 +254,36 @@ namespace i2p
 
 	void RouterContext::UpdateRouterInfo ()
 	{
+		std::shared_ptr<i2p::data::RouterInfo::Buffer> buffer;
 		{
 			std::lock_guard<std::mutex> l(m_RouterInfoMutex);
 			m_RouterInfo.CreateBuffer (m_Keys);
+			buffer = m_RouterInfo.CopyBuffer ();
 		}
-		m_RouterInfo.SaveToFile (i2p::fs::DataDirPath (ROUTER_INFO));
+		{
+			// update save buffer to latest
+			std::lock_guard<std::mutex> l(m_SaveBufferMutex);
+			m_SaveBuffer = buffer;
+		}
+		bool isSaving = false;
+		if (m_IsSaving.compare_exchange_strong (isSaving, true)) // try to save only if not being saved
+		{	
+			auto savingRouterInfo = std::async (std::launch::async, [this]() 
+				{
+					std::shared_ptr<i2p::data::RouterInfo::Buffer> buffer;
+					while (m_SaveBuffer)
+					{
+						{
+							std::lock_guard<std::mutex> l(m_SaveBufferMutex);
+							buffer = m_SaveBuffer;
+							m_SaveBuffer = nullptr;
+						}
+						if (buffer)
+							i2p::data::RouterInfo::SaveToFile (i2p::fs::DataDirPath (ROUTER_INFO), buffer);
+					}	
+					m_IsSaving = false;
+				});
+		}	
 		m_LastUpdateTime = i2p::util::GetSecondsSinceEpoch ();
 	}
 
@@ -1359,7 +1385,7 @@ namespace i2p
 		{	
 			m_PublishTimer->cancel ();
 			m_PublishTimer->expires_from_now (boost::posix_time::seconds(ROUTER_INFO_PUBLISH_INTERVAL + 
-				rand () % ROUTER_INFO_PUBLISH_INTERVAL_VARIANCE));
+				m_Rng () % ROUTER_INFO_PUBLISH_INTERVAL_VARIANCE));
 			m_PublishTimer->async_wait (std::bind (&RouterContext::HandlePublishTimer,
 				this, std::placeholders::_1));
 		}	
@@ -1434,7 +1460,7 @@ namespace i2p
 						i2p::garlic::WrapECIESX25519MessageForRouter (msg, floodfill->GetIdentity ()->GetEncryptionPublicKey ()));
 				}	
 				else
-					LogPrint (eLogInfo, "Router: Can't publish our RouterInfo. No tunnles. Try again in ", ROUTER_INFO_CONFIRMATION_TIMEOUT, " seconds");
+					LogPrint (eLogInfo, "Router: Can't publish our RouterInfo. No tunnels. Try again in ", ROUTER_INFO_CONFIRMATION_TIMEOUT, " milliseconds");
 			}
 			m_PublishExcluded.insert (floodfill->GetIdentHash ());
 			m_PublishReplyToken = replyToken;
@@ -1448,7 +1474,7 @@ namespace i2p
 		if (m_PublishTimer)
 		{
 			m_PublishTimer->cancel ();
-			m_PublishTimer->expires_from_now (boost::posix_time::seconds(ROUTER_INFO_CONFIRMATION_TIMEOUT));
+			m_PublishTimer->expires_from_now (boost::posix_time::milliseconds(ROUTER_INFO_CONFIRMATION_TIMEOUT));
 			m_PublishTimer->async_wait (std::bind (&RouterContext::HandlePublishResendTimer,
 				this, std::placeholders::_1));
 		}	
@@ -1471,7 +1497,8 @@ namespace i2p
 		if (m_CongestionUpdateTimer)
 		{	
 			m_CongestionUpdateTimer->cancel ();
-			m_CongestionUpdateTimer->expires_from_now (boost::posix_time::seconds(ROUTER_INFO_CONGESTION_UPDATE_INTERVAL));
+			m_CongestionUpdateTimer->expires_from_now (boost::posix_time::seconds(
+				ROUTER_INFO_CONGESTION_UPDATE_INTERVAL + m_Rng () % ROUTER_INFO_CONGESTION_UPDATE_INTERVAL_VARIANCE));
 			m_CongestionUpdateTimer->async_wait (std::bind (&RouterContext::HandleCongestionUpdateTimer,
 				this, std::placeholders::_1));
 		}	

libi2pd/RouterContext.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -12,6 +12,7 @@
 #include <inttypes.h>
 #include <string>
 #include <memory>
+#include <random>
 #include <unordered_set>
 #include <boost/asio.hpp>
 #include "Identity.h"
@@ -34,9 +35,10 @@ namespace garlic
 	const int ROUTER_INFO_PUBLISH_INTERVAL = 39*60; // in seconds
 	const int ROUTER_INFO_INITIAL_PUBLISH_INTERVAL = 10; // in seconds
 	const int ROUTER_INFO_PUBLISH_INTERVAL_VARIANCE = 105;// in seconds
-	const int ROUTER_INFO_CONFIRMATION_TIMEOUT = 5; // in seconds
+	const int ROUTER_INFO_CONFIRMATION_TIMEOUT = 1600; // in milliseconds
 	const int ROUTER_INFO_MAX_PUBLISH_EXCLUDED_FLOODFILLS = 15;
-	const int ROUTER_INFO_CONGESTION_UPDATE_INTERVAL = 12*60; // in seconds
+	const int ROUTER_INFO_CONGESTION_UPDATE_INTERVAL = 11*60; // in seconds
+	const int ROUTER_INFO_CONGESTION_UPDATE_INTERVAL_VARIANCE = 130; // in seconds 
 	const int ROUTER_INFO_CLEANUP_INTERVAL = 102; // in seconds
 
 	enum RouterStatus
@@ -263,6 +265,10 @@ namespace garlic
 			uint32_t m_PublishReplyToken;
 			bool m_IsHiddenMode; // not publish
 			mutable std::mutex m_RouterInfoMutex;
+			std::mt19937 m_Rng;
+			std::shared_ptr<i2p::data::RouterInfo::Buffer> m_SaveBuffer;
+			std::mutex m_SaveBufferMutex; // TODO: make m_SaveBuffer atomic
+			std::atomic<bool> m_IsSaving;
 	};
 
 	extern RouterContext context;

libi2pd/RouterInfo.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -486,6 +486,15 @@ namespace data
 					}
 					ch++;
 				}
+				if (m_Version < NETDB_MIN_PEER_TEST_VERSION && (m_SupportedTransports & (eSSU2V4 | eSSU2V6)))
+				{
+					auto addresses = GetAddresses ();
+					if (addresses)
+					{
+						if ((*addresses)[eSSU2V4Idx]) (*addresses)[eSSU2V4Idx]->caps &= ~eSSUTesting;
+						if ((*addresses)[eSSU2V6Idx]) (*addresses)[eSSU2V6Idx]->caps &= ~eSSUTesting;
+					}	
+				}	
 			}
 			// check netId
 			else if (!strcmp (key, ROUTER_INFO_PROPERTY_NETID))
@@ -1136,12 +1145,12 @@ namespace data
 		
 	void RouterInfo::UpdateBuffer (const uint8_t * buf, size_t len)
 	{
+		m_IsBufferScheduledToDelete = false;
 		if (!m_Buffer)
 			m_Buffer = NewBuffer ();
 		if (len > m_Buffer->size ()) len = m_Buffer->size ();
 		memcpy (m_Buffer->data (), buf, len);
 		m_Buffer->SetBufferLen (len);
-		m_IsBufferScheduledToDelete = false;
 	}
 
 	std::shared_ptr<RouterInfo::Buffer> RouterInfo::CopyBuffer () const

libi2pd/RouterInfo.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -294,6 +294,7 @@ namespace data
 			std::shared_ptr<Buffer> GetSharedBuffer () const { return m_Buffer; };	
 			std::shared_ptr<Buffer> CopyBuffer () const;
 			void ScheduleBufferToDelete () { m_IsBufferScheduledToDelete = true; };
+			void CancelBufferToDelete () { m_IsBufferScheduledToDelete = false; };
 			bool IsBufferScheduledToDelete () const { return m_IsBufferScheduledToDelete; };
 
 			bool IsUpdated () const { return m_IsUpdated; };

libi2pd/SSU2.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2024, The PurpleI2P Project
+* Copyright (c) 2022-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -890,7 +890,7 @@ namespace transport
 			}
 
 			auto session = std::make_shared<SSU2Session> (*this, router, address);
-			if (!isValidEndpoint && router->GetProfile ()->HasLastEndpoint (address->IsV4 ()))
+			if (!isValidEndpoint && router->HasProfile () && router->GetProfile ()->HasLastEndpoint (address->IsV4 ()))
 			{
 				// router doesn't publish endpoint, but we connected before and hole punch might be alive
 				auto ep = router->GetProfile ()->GetLastEndpoint ();
@@ -1251,18 +1251,21 @@ namespace transport
 		}
 		uint64_t token;
 		RAND_bytes ((uint8_t *)&token, 8);
-		m_IncomingTokens.emplace (ep, std::make_pair (token, uint32_t(ts + SSU2_TOKEN_EXPIRATION_TIMEOUT)));
+		if (!token) token = 1; // token can't be zero
+		m_IncomingTokens.try_emplace (ep, token, uint32_t(ts + SSU2_TOKEN_EXPIRATION_TIMEOUT));
 		return token;
 	}
 
 	std::pair<uint64_t, uint32_t> SSU2Server::NewIncomingToken (const boost::asio::ip::udp::endpoint& ep)
 	{
-		m_IncomingTokens.erase (ep); // drop previous
 		uint64_t token;
 		RAND_bytes ((uint8_t *)&token, 8);
-		auto ret = std::make_pair (token, uint32_t(i2p::util::GetSecondsSinceEpoch () + SSU2_NEXT_TOKEN_EXPIRATION_TIMEOUT));
+		if (!token) token = 1; // token can't be zero
-		m_IncomingTokens.emplace (ep, ret);
+		uint32_t expires = i2p::util::GetSecondsSinceEpoch () + SSU2_NEXT_TOKEN_EXPIRATION_TIMEOUT;
-		return ret;
+		auto [it, inserted] = m_IncomingTokens.try_emplace (ep, token, expires);
+		if (!inserted)
+			it->second = { token, expires }; // override
+		return it->second;
 	}
 
 	std::vector<std::shared_ptr<SSU2Session> > SSU2Server::FindIntroducers (int maxNumIntroducers,
@@ -1527,6 +1530,11 @@ namespace transport
 	{
 		return m_Decryptor.Decrypt (msg, msgLen, ad, adLen, key, nonce, buf, len);
 	}
+
+	void SSU2Server::ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out)
+	{
+		m_ChaCha20 (msg, msgLen, key, nonce, out);
+	}	
 		
 	void SSU2Server::SendThroughProxy (const uint8_t * header, size_t headerLen, const uint8_t * headerX, size_t headerXLen,
 		const uint8_t * payload, size_t payloadLen, const boost::asio::ip::udp::endpoint& to)

libi2pd/SSU2.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2024, The PurpleI2P Project
+* Copyright (c) 2022-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -86,6 +86,7 @@ namespace transport
 				const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len); 
 			bool AEADChaCha20Poly1305Decrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
 				const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len); 
+			void ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out);
 			bool IsMaxNumIntroducers (bool v4) const { return (v4 ? m_Introducers.size () : m_IntroducersV6.size ()) >= SSU2_MAX_NUM_INTRODUCERS; }
 			bool IsSyncClockFromPeers () const { return m_IsSyncClockFromPeers; };
 			void AdjustTimeOffset (int64_t offset, std::shared_ptr<const i2p::data::IdentityEx> from);
@@ -206,6 +207,7 @@ namespace transport
 			mutable std::mutex m_ReceivedPacketsQueueMutex;
 			i2p::crypto::AEADChaCha20Poly1305Encryptor m_Encryptor;
 			i2p::crypto::AEADChaCha20Poly1305Decryptor m_Decryptor;
+			i2p::crypto::ChaCha20Context m_ChaCha20;
 		
 			// proxy
 			bool m_IsThroughProxy;

libi2pd/SSU2OutOfSession.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2024, The PurpleI2P Project
+* Copyright (c) 2024-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -46,7 +46,7 @@ namespace transport
 		}
 		uint8_t nonce[12] = {0};
 		uint64_t headerX[2]; // sourceConnID, token
-		i2p::crypto::ChaCha20 (buf + 16, 16, i2p::context.GetSSU2IntroKey (), nonce, (uint8_t *)headerX);
+		GetServer ().ChaCha20 (buf + 16, 16, i2p::context.GetSSU2IntroKey (), nonce, (uint8_t *)headerX);
 		SetDestConnID (headerX[0]);
 		// decrypt and handle payload
 		uint8_t * payload = buf + 32;
@@ -183,7 +183,7 @@ namespace transport
 		header.ll[0] ^= CreateHeaderMask (addr->i, payload + (payloadSize - 24));
 		header.ll[1] ^= CreateHeaderMask (addr->i, payload + (payloadSize - 12));
 		memset (n, 0, 12);
-		i2p::crypto::ChaCha20 (h + 16, 16, addr->i, n, h + 16);
+		GetServer ().ChaCha20 (h + 16, 16, addr->i, n, h + 16);
 		// send
 		GetServer ().Send (header.buf, 16, h + 16, 16, payload, payloadSize, GetRemoteEndpoint ());
 		UpdateNumSentBytes (payloadSize + 32);
@@ -305,7 +305,7 @@ namespace transport
 		header.ll[0] ^= CreateHeaderMask (addr->i, payload + (payloadSize - 24));
 		header.ll[1] ^= CreateHeaderMask (addr->i, payload + (payloadSize - 12));
 		memset (n, 0, 12);
-		i2p::crypto::ChaCha20 (h + 16, 16, addr->i, n, h + 16);
+		GetServer ().ChaCha20 (h + 16, 16, addr->i, n, h + 16);
 		// send
 		GetServer ().Send (header.buf, 16, h + 16, 16, payload, payloadSize, ep);
 		UpdateNumSentBytes (payloadSize + 32);

libi2pd/SSU2Session.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2024, The PurpleI2P Project
+* Copyright (c) 2022-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -92,7 +92,7 @@ namespace transport
 		m_RTO (SSU2_INITIAL_RTO), m_RelayTag (0),m_ConnectTimer (server.GetService ()), 
 		m_TerminationReason (eSSU2TerminationReasonNormalClose),
 		m_MaxPayloadSize (SSU2_MIN_PACKET_SIZE - IPV6_HEADER_SIZE - UDP_HEADER_SIZE - 32), // min size
-		m_LastResendTime (0), m_LastResendAttemptTime (0)
+		m_LastResendTime (0), m_LastResendAttemptTime (0), m_NumRanges (0)
 	{
 		if (noise)	
 			m_NoiseState.reset (new i2p::crypto::NoiseSymmetricState);
@@ -623,7 +623,8 @@ namespace transport
 				}
 				else
 				{
-					uint32_t packetNum = SendData (it->second->payload, it->second->payloadSize);
+					uint32_t packetNum = SendData (it->second->payload, it->second->payloadSize, 
+						it->second->numResends > 1 ? SSU2_FLAG_IMMEDIATE_ACK_REQUESTED : 0);
 					it->second->numResends++;
 					it->second->sendTime = ts;
 					resentPackets.emplace (packetNum, it->second);
@@ -682,7 +683,7 @@ namespace transport
 				}
 				const uint8_t nonce[12] = {0};
 				uint64_t headerX[2];
-				i2p::crypto::ChaCha20 (buf + 16, 16, i2p::context.GetSSU2IntroKey (), nonce, (uint8_t *)headerX);
+				m_Server.ChaCha20 (buf + 16, 16, i2p::context.GetSSU2IntroKey (), nonce, (uint8_t *)headerX);
 				LogPrint (eLogWarning, "SSU2: Unexpected PeerTest message SourceConnID=", connID, " DestConnID=", headerX[0]);
 				break;
 			}
@@ -748,7 +749,7 @@ namespace transport
 		payloadSize += 16;
 		header.ll[0] ^= CreateHeaderMask (m_Address->i, payload + (payloadSize - 24));
 		header.ll[1] ^= CreateHeaderMask (m_Address->i, payload + (payloadSize - 12));
-		i2p::crypto::ChaCha20 (headerX, 48, m_Address->i, nonce, headerX);
+		m_Server.ChaCha20 (headerX, 48, m_Address->i, nonce, headerX);
 		m_NoiseState->MixHash (payload, payloadSize); // h = SHA256(h || encrypted payload from Session Request) for SessionCreated
 		m_SentHandshakePacket->payloadSize = payloadSize;
 		// send
@@ -775,7 +776,7 @@ namespace transport
 		}
 		const uint8_t nonce[12] = {0};
 		uint8_t headerX[48];
-		i2p::crypto::ChaCha20 (buf + 16, 48, i2p::context.GetSSU2IntroKey (), nonce, headerX);
+		m_Server.ChaCha20 (buf + 16, 48, i2p::context.GetSSU2IntroKey (), nonce, headerX);
 		memcpy (&m_DestConnID, headerX, 8);
 		uint64_t token;
 		memcpy (&token, headerX + 8, 8);
@@ -874,7 +875,7 @@ namespace transport
 		m_NoiseState->MixHash (payload, payloadSize); // h = SHA256(h || encrypted Noise payload from Session Created)
 		header.ll[0] ^= CreateHeaderMask (i2p::context.GetSSU2IntroKey (), payload + (payloadSize - 24));
 		header.ll[1] ^= CreateHeaderMask (kh2, payload + (payloadSize - 12));
-		i2p::crypto::ChaCha20 (headerX, 48, kh2, nonce, headerX);
+		m_Server.ChaCha20 (headerX, 48, kh2, nonce, headerX);
 		m_State = eSSU2SessionStateSessionCreatedSent;
 		m_SentHandshakePacket->payloadSize = payloadSize;
 		// send
@@ -902,7 +903,7 @@ namespace transport
 		m_HandshakeInterval = i2p::util::GetMillisecondsSinceEpoch () - m_HandshakeInterval;
 		const uint8_t nonce[12] = {0};
 		uint8_t headerX[48];
-		i2p::crypto::ChaCha20 (buf + 16, 48, kh2, nonce, headerX);
+		m_Server.ChaCha20 (buf + 16, 48, kh2, nonce, headerX);
 		// KDF for SessionCreated
 		m_NoiseState->MixHash ( { {header.buf, 16}, {headerX, 16} } ); // h = SHA256(h || header)
 		m_NoiseState->MixHash (headerX + 16, 32); // h = SHA256(h || bepk);
@@ -1178,13 +1179,18 @@ namespace transport
 			LogPrint (eLogError, "SSU2: Couldn't update RouterInfo from SessionConfirmed in netdb");
 			return false;
 		}
-		std::shared_ptr<i2p::data::RouterProfile> profile; // not null if older 
+		
+		bool isOlder = false;
 		if (ri->GetTimestamp () + i2p::data::NETDB_EXPIRATION_TIMEOUT_THRESHOLD*1000LL < ri1->GetTimestamp ())
 		{	
 			// received RouterInfo is older than one in netdb
-			profile = i2p::data::GetRouterProfile (ri->GetIdentHash ()); // retrieve profile	
+			isOlder = true;
-			if (profile && profile->IsDuplicated ())
+			if (ri->HasProfile ())
-				return false;
+			{	
+				auto profile = i2p::data::GetRouterProfile (ri->GetIdentHash ()); // retrieve profile	
+				if (profile && profile->IsDuplicated ())
+					return false;
+			}	
 		}	
 		ri = ri1;
 		
@@ -1198,15 +1204,28 @@ namespace transport
 		    (!m_RemoteEndpoint.address ().is_v6 () ||
 			 memcmp (m_RemoteEndpoint.address ().to_v6 ().to_bytes ().data (), m_Address->host.to_v6 ().to_bytes ().data (), 8))) // temporary address
 		{
-			if (profile) // older router?
+			if (isOlder) // older router?
-				profile->Duplicated (); // mark router as duplicated in profile
+				i2p::data::UpdateRouterProfile (ri->GetIdentHash (),
+					[](std::shared_ptr<i2p::data::RouterProfile> profile)
+					{
+						if (profile) profile->Duplicated (); // mark router as duplicated in profile
+					});
 			else	
 				LogPrint (eLogInfo, "SSU2: Host mismatch between published address ", m_Address->host,
 					" and actual endpoint ", m_RemoteEndpoint.address (), " from ", i2p::data::GetIdentHashAbbreviation (ri->GetIdentHash ()));
 			return false;
 		}
 		if (!m_Address->published)
-			ri->GetProfile ()->SetLastEndpoint (m_RemoteEndpoint);
+		{	
+			if (ri->HasProfile ())	
+				ri->GetProfile ()->SetLastEndpoint (m_RemoteEndpoint);
+			else
+				i2p::data::UpdateRouterProfile (ri->GetIdentHash (), 
+					[ep = m_RemoteEndpoint](std::shared_ptr<i2p::data::RouterProfile> profile)
+				    {
+						if (profile) profile->SetLastEndpoint (ep);
+					});	
+		}	
 		SetRemoteIdentity (ri->GetRouterIdentity ());
 		AdjustMaxPayloadSize ();
 		m_Server.AddSessionByRouterHash (shared_from_this ()); // we know remote router now
@@ -1264,7 +1283,7 @@ namespace transport
 		header.ll[0] ^= CreateHeaderMask (m_Address->i, payload + (payloadSize - 24));
 		header.ll[1] ^= CreateHeaderMask (m_Address->i, payload + (payloadSize - 12));
 		memset (nonce, 0, 12);
-		i2p::crypto::ChaCha20 (h + 16, 16, m_Address->i, nonce, h + 16);
+		m_Server.ChaCha20 (h + 16, 16, m_Address->i, nonce, h + 16);
 		// send
 		if (m_Server.AddPendingOutgoingSession (shared_from_this ()))
 			m_Server.Send (header.buf, 16, h + 16, 16, payload, payloadSize, m_RemoteEndpoint);
@@ -1286,7 +1305,7 @@ namespace transport
 		uint8_t nonce[12] = {0};
 		uint8_t h[32];
 		memcpy (h, header.buf, 16);
-		i2p::crypto::ChaCha20 (buf + 16, 16, i2p::context.GetSSU2IntroKey (), nonce, h + 16);
+		m_Server.ChaCha20 (buf + 16, 16, i2p::context.GetSSU2IntroKey (), nonce, h + 16);
 		memcpy (&m_DestConnID, h + 16, 8);
 		// decrypt
 		CreateNonce (be32toh (header.h.packetNum), nonce);
@@ -1338,7 +1357,7 @@ namespace transport
 		header.ll[0] ^= CreateHeaderMask (i2p::context.GetSSU2IntroKey (), payload + (payloadSize - 24));
 		header.ll[1] ^= CreateHeaderMask (i2p::context.GetSSU2IntroKey (), payload + (payloadSize - 12));
 		memset (nonce, 0, 12);
-		i2p::crypto::ChaCha20 (h + 16, 16, i2p::context.GetSSU2IntroKey (), nonce, h + 16);
+		m_Server.ChaCha20 (h + 16, 16, i2p::context.GetSSU2IntroKey (), nonce, h + 16);
 		// send
 		m_Server.Send (header.buf, 16, h + 16, 16, payload, payloadSize, m_RemoteEndpoint);
 	}
@@ -1362,7 +1381,7 @@ namespace transport
 		}
 		uint8_t nonce[12] = {0};
 		uint64_t headerX[2]; // sourceConnID, token
-		i2p::crypto::ChaCha20 (buf + 16, 16, m_Address->i, nonce, (uint8_t *)headerX);
+		m_Server.ChaCha20 (buf + 16, 16, m_Address->i, nonce, (uint8_t *)headerX);
 		uint64_t token = headerX[1];
 		if (token)
 			m_Server.UpdateOutgoingToken (m_RemoteEndpoint, token, i2p::util::GetSecondsSinceEpoch () + SSU2_TOKEN_EXPIRATION_TIMEOUT);
@@ -1411,7 +1430,7 @@ namespace transport
 		}
 		uint8_t nonce[12] = {0};
 		uint64_t headerX[2]; // sourceConnID, token
-		i2p::crypto::ChaCha20 (buf + 16, 16, i2p::context.GetSSU2IntroKey (), nonce, (uint8_t *)headerX);
+		m_Server.ChaCha20 (buf + 16, 16, i2p::context.GetSSU2IntroKey (), nonce, (uint8_t *)headerX);
 		m_DestConnID = headerX[0];
 		// decrypt and handle payload
 		uint8_t * payload = buf + 32;
@@ -1744,6 +1763,7 @@ namespace transport
 		HandleAckRange (firstPacketNum, ackThrough, i2p::util::GetMillisecondsSinceEpoch ()); // acnt
 		// ranges
 		len -= 5;
+		if (!len || m_SentPackets.empty ()) return; // don't handle ranges if nothing to acknowledge
 		const uint8_t * ranges = buf + 5;
 		while (len > 0 && firstPacketNum && ackThrough - firstPacketNum < SSU2_MAX_NUM_ACK_PACKETS)
 		{
@@ -2624,17 +2644,17 @@ namespace transport
 	size_t SSU2Session::CreateAckBlock (uint8_t * buf, size_t len)
 	{
 		if (len < 8) return 0;
-		int maxNumRanges = (len - 8) >> 1;
-		if (maxNumRanges > SSU2_MAX_NUM_ACK_RANGES) maxNumRanges = SSU2_MAX_NUM_ACK_RANGES;
 		buf[0] = eSSU2BlkAck;
 		uint32_t ackThrough = m_OutOfSequencePackets.empty () ? m_ReceivePacketNum : *m_OutOfSequencePackets.rbegin ();
 		htobe32buf (buf + 3, ackThrough); // Ack Through
 		uint16_t acnt = 0;
-		int numRanges = 0;
 		if (ackThrough)
 		{
 			if (m_OutOfSequencePackets.empty ())
+			{	
 				acnt = std::min ((int)ackThrough, SSU2_MAX_NUM_ACNT); // no gaps
+				m_NumRanges = 0;
+			}	
 			else
 			{
 				auto it = m_OutOfSequencePackets.rbegin (); it++; // prev packet num
@@ -2647,87 +2667,96 @@ namespace transport
 						it++;
 				}
 				// ranges
-				uint32_t lastNum = ackThrough - acnt;
+				if (!m_NumRanges)
-				if (acnt > SSU2_MAX_NUM_ACNT)
+				{	
-				{
+					int maxNumRanges = (len - 8) >> 1;
-					auto d = std::div (acnt - SSU2_MAX_NUM_ACNT, SSU2_MAX_NUM_ACNT);
+					if (maxNumRanges > SSU2_MAX_NUM_ACK_RANGES) maxNumRanges = SSU2_MAX_NUM_ACK_RANGES;
-					acnt = SSU2_MAX_NUM_ACNT;
+					int numRanges = 0;
-					if (d.quot > maxNumRanges)
+					uint32_t lastNum = ackThrough - acnt;
+					if (acnt > SSU2_MAX_NUM_ACNT)
 					{
-						d.quot = maxNumRanges;
+						auto d = std::div (acnt - SSU2_MAX_NUM_ACNT, SSU2_MAX_NUM_ACNT);
-						d.rem = 0;
+						acnt = SSU2_MAX_NUM_ACNT;
-					}
+						if (d.quot > maxNumRanges)
-					// Acks only ranges for acnt
-					for (int i = 0; i < d.quot; i++)
-					{
-						buf[8 + numRanges*2] = 0; buf[8 + numRanges*2 + 1] = SSU2_MAX_NUM_ACNT; // NACKs 0, Acks 255
-						numRanges++;
-					}
-					if (d.rem > 0)
-					{
-						buf[8 + numRanges*2] = 0; buf[8 + numRanges*2 + 1] = d.rem;
-						numRanges++;
-					}
-				}
-				int numPackets = acnt + numRanges*SSU2_MAX_NUM_ACNT;
-				while (it != m_OutOfSequencePackets.rend () &&
-					numRanges < maxNumRanges && numPackets < SSU2_MAX_NUM_ACK_PACKETS)
-				{
-					if (lastNum - (*it) > SSU2_MAX_NUM_ACNT)
-					{
-						// NACKs only ranges
-						if (lastNum > (*it) + SSU2_MAX_NUM_ACNT*(maxNumRanges - numRanges)) break; // too many NACKs
-						while (lastNum - (*it) > SSU2_MAX_NUM_ACNT)
 						{
-							buf[8 + numRanges*2] = SSU2_MAX_NUM_ACNT; buf[8 + numRanges*2 + 1] = 0; // NACKs 255, Acks 0
+							d.quot = maxNumRanges;
-							lastNum -= SSU2_MAX_NUM_ACNT;
+							d.rem = 0;
+						}
+						// Acks only ranges for acnt
+						for (int i = 0; i < d.quot; i++)
+						{
+							m_Ranges[numRanges*2] = 0; m_Ranges[numRanges*2 + 1] = SSU2_MAX_NUM_ACNT; // NACKs 0, Acks 255
+							numRanges++;
+						}
+						if (d.rem > 0)
+						{
+							m_Ranges[numRanges*2] = 0; m_Ranges[numRanges*2 + 1] = d.rem;
 							numRanges++;
-							numPackets += SSU2_MAX_NUM_ACNT;
 						}
 					}
-					// NACKs and Acks ranges
+					int numPackets = acnt + numRanges*SSU2_MAX_NUM_ACNT;
-					buf[8 + numRanges*2] = lastNum - (*it) - 1; // NACKs
+					while (it != m_OutOfSequencePackets.rend () &&
-					numPackets += buf[8 + numRanges*2];
+						numRanges < maxNumRanges && numPackets < SSU2_MAX_NUM_ACK_PACKETS)
-					lastNum = *it; it++;
-					int numAcks = 1;
-					while (it != m_OutOfSequencePackets.rend () && lastNum > 0 && *it == lastNum - 1)
 					{
-						numAcks++; lastNum--;
+						if (lastNum - (*it) > SSU2_MAX_NUM_ACNT)
-						it++;
+						{
-					}
+							// NACKs only ranges
-					while (numAcks > SSU2_MAX_NUM_ACNT)
+							if (lastNum > (*it) + SSU2_MAX_NUM_ACNT*(maxNumRanges - numRanges)) break; // too many NACKs
-					{
+							while (lastNum - (*it) > SSU2_MAX_NUM_ACNT)
-						// Acks only ranges
+							{
-						buf[8 + numRanges*2 + 1] = SSU2_MAX_NUM_ACNT; // Acks 255
+								m_Ranges[numRanges*2] = SSU2_MAX_NUM_ACNT; m_Ranges[numRanges*2 + 1] = 0; // NACKs 255, Acks 0
-						numAcks -= SSU2_MAX_NUM_ACNT;
+								lastNum -= SSU2_MAX_NUM_ACNT;
-						numRanges++;
+								numRanges++;
-						numPackets += SSU2_MAX_NUM_ACNT;
+								numPackets += SSU2_MAX_NUM_ACNT;
-						buf[8 + numRanges*2] = 0; // NACKs 0
+							}
-						if (numRanges >= maxNumRanges || numPackets >= SSU2_MAX_NUM_ACK_PACKETS) break;
+						}
-					}
+						// NACKs and Acks ranges
-					if (numAcks > SSU2_MAX_NUM_ACNT) numAcks = SSU2_MAX_NUM_ACNT;
+						m_Ranges[numRanges*2] = lastNum - (*it) - 1; // NACKs
-					buf[8 + numRanges*2 + 1] = (uint8_t)numAcks; // Acks
+						numPackets += m_Ranges[numRanges*2];
-					numPackets += numAcks;
+						lastNum = *it; it++;
-					numRanges++;
+						int numAcks = 1;
-				}
+						while (it != m_OutOfSequencePackets.rend () && lastNum > 0 && *it == lastNum - 1)
-				if (it == m_OutOfSequencePackets.rend () &&
+						{
-					numRanges < maxNumRanges && numPackets < SSU2_MAX_NUM_ACK_PACKETS)
+							numAcks++; lastNum--;
-				{
+							it++;
-					// add range between out-of-sequence and received
+						}
-					int nacks = *m_OutOfSequencePackets.begin () - m_ReceivePacketNum - 1;
+						while (numAcks > SSU2_MAX_NUM_ACNT)
-					if (nacks > 0)
+						{
-					{
+							// Acks only ranges
-						if (nacks > SSU2_MAX_NUM_ACNT) nacks = SSU2_MAX_NUM_ACNT;
+							m_Ranges[numRanges*2 + 1] = SSU2_MAX_NUM_ACNT; // Acks 255
-						buf[8 + numRanges*2] = nacks;
+							numAcks -= SSU2_MAX_NUM_ACNT;
-						buf[8 + numRanges*2 + 1] = std::min ((int)m_ReceivePacketNum + 1, SSU2_MAX_NUM_ACNT);
+							numRanges++;
+							numPackets += SSU2_MAX_NUM_ACNT;
+							m_Ranges[numRanges*2] = 0; // NACKs 0
+							if (numRanges >= maxNumRanges || numPackets >= SSU2_MAX_NUM_ACK_PACKETS) break;
+						}
+						if (numAcks > SSU2_MAX_NUM_ACNT) numAcks = SSU2_MAX_NUM_ACNT;
+						m_Ranges[numRanges*2 + 1] = (uint8_t)numAcks; // Acks
+						numPackets += numAcks;
 						numRanges++;
 					}
-				}
+					if (it == m_OutOfSequencePackets.rend () &&
+						numRanges < maxNumRanges && numPackets < SSU2_MAX_NUM_ACK_PACKETS)
+					{
+						// add range between out-of-sequence and received
+						int nacks = *m_OutOfSequencePackets.begin () - m_ReceivePacketNum - 1;
+						if (nacks > 0)
+						{
+							if (nacks > SSU2_MAX_NUM_ACNT) nacks = SSU2_MAX_NUM_ACNT;
+							m_Ranges[numRanges*2] = nacks;
+							m_Ranges[numRanges*2 + 1] = std::min ((int)m_ReceivePacketNum + 1, SSU2_MAX_NUM_ACNT);
+							numRanges++;
+						}
+					}
+					m_NumRanges = numRanges;
+				}	
+				if (m_NumRanges)
+					memcpy (buf + 8, m_Ranges, m_NumRanges*2);
 			}
 		}
 		buf[7] = (uint8_t)acnt; // acnt
-		htobe16buf (buf + 1, 5 + numRanges*2);
+		htobe16buf (buf + 1, 5 + m_NumRanges*2);
-		return 8 + numRanges*2;
+		return 8 + m_NumRanges*2;
 	}
 
 	size_t SSU2Session::CreatePaddingBlock (uint8_t * buf, size_t len, size_t minSize)
@@ -2961,11 +2990,17 @@ namespace transport
 					}
 					m_OutOfSequencePackets.erase (m_OutOfSequencePackets.begin (), it);
 				}
+				m_NumRanges = 0; // recalculate ranges when create next Ack
 			}
 			m_ReceivePacketNum = packetNum;
 		}
 		else
+		{
+			if (m_NumRanges && (m_OutOfSequencePackets.empty () ||
+				packetNum != (*m_OutOfSequencePackets.rbegin ()) + 1))
+				m_NumRanges = 0; // reset ranges if received packet is not next
 			m_OutOfSequencePackets.insert (packetNum);
+		}	
 		return true;
 	}
 

libi2pd/SSU2Session.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2024, The PurpleI2P Project
+* Copyright (c) 2022-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -397,6 +397,8 @@ namespace transport
 			std::unique_ptr<i2p::data::IdentHash> m_PathChallenge;
 			std::unordered_map<uint32_t, uint32_t> m_ReceivedI2NPMsgIDs; // msgID -> timestamp in seconds
 			uint64_t m_LastResendTime, m_LastResendAttemptTime; // in milliseconds
+			int m_NumRanges;
+			uint8_t m_Ranges[SSU2_MAX_NUM_ACK_RANGES*2]; // ranges sent with previous Ack if any
 	};
 	
 	inline uint64_t CreateHeaderMask (const uint8_t * kh, const uint8_t * nonce)

libi2pd/Tag.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -12,10 +12,14 @@
 #include <boost/static_assert.hpp>
 #include <string.h>
 #include <openssl/rand.h>
+#include <string>
+#include <string_view>
 #include "Base.h"
 
-namespace i2p {
+namespace i2p 
-namespace data {
+{
+namespace data 
+{
 	template<size_t sz>
 	class Tag
 	{
@@ -70,14 +74,14 @@ namespace data {
 				return std::string (str, str + l);
 			}
 
-			size_t FromBase32 (const std::string& s)
+			size_t FromBase32 (std::string_view s)
 			{
-				return i2p::data::Base32ToByteStream (s.c_str (), s.length (), m_Buf, sz);
+				return i2p::data::Base32ToByteStream (s.data (), s.length (), m_Buf, sz);
 			}
 
-			size_t FromBase64 (const std::string& s)
+			size_t FromBase64 (std::string_view s)
 			{
-				return i2p::data::Base64ToByteStream (s.c_str (), s.length (), m_Buf, sz);
+				return i2p::data::Base64ToByteStream (s.data (), s.length (), m_Buf, sz);
 			}
 
 			uint8_t GetBit (int i) const

libi2pd/TransitTunnel.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -101,13 +101,13 @@ namespace tunnel
 		TunnelMessageBlock block;
 		block.deliveryType = eDeliveryTypeLocal;
 		block.data = msg;
-		std::unique_lock<std::mutex> l(m_SendMutex);
+		std::lock_guard<std::mutex> l(m_SendMutex);
 		m_Gateway.PutTunnelDataMsg (block);
 	}
 
 	void TransitTunnelGateway::FlushTunnelDataMsgs ()
 	{
-		std::unique_lock<std::mutex> l(m_SendMutex);
+		std::lock_guard<std::mutex> l(m_SendMutex);
 		m_Gateway.SendBuffer ();
 	}
 
@@ -130,14 +130,22 @@ namespace tunnel
 		EncryptTunnelMsg (tunnelMsg, newMsg);
 
 		LogPrint (eLogDebug, "TransitTunnel: handle msg for endpoint ", GetTunnelID ());
+		std::lock_guard<std::mutex> l(m_HandleMutex);
 		m_Endpoint.HandleDecryptedTunnelDataMsg (newMsg);
 	}
 
 	void TransitTunnelEndpoint::FlushTunnelDataMsgs ()
 	{
+		std::lock_guard<std::mutex> l(m_HandleMutex);
 		m_Endpoint.FlushI2NPMsgs ();
 	}	
 
+	void TransitTunnelEndpoint::Cleanup ()
+	{ 
+		std::lock_guard<std::mutex> l(m_HandleMutex);
+		m_Endpoint.Cleanup ();
+	}	
+		
 	std::string TransitTunnelEndpoint::GetNextPeerName () const
 	{ 
 		auto hash = m_Endpoint.GetCurrentHash ();
@@ -180,7 +188,7 @@ namespace tunnel
 	}
 
 	TransitTunnels::TransitTunnels ():
-		m_IsRunning (false)
+		m_IsRunning (false), m_Rng(i2p::util::GetMonotonicMicroseconds ()%1000000LL)
 	{
 	}
 		
@@ -320,19 +328,44 @@ namespace tunnel
 				// check if we accept this tunnel
 				std::shared_ptr<i2p::tunnel::TransitTunnel> transitTunnel;
 				uint8_t retCode = 0;
-				if (!i2p::context.AcceptsTunnels () || i2p::context.GetCongestionLevel (false) >= CONGESTION_LEVEL_FULL)
+				if (i2p::context.AcceptsTunnels ())
+				{
+					auto congestionLevel = i2p::context.GetCongestionLevel (false);
+					if (congestionLevel < CONGESTION_LEVEL_FULL)
+					{	
+						if (congestionLevel >= CONGESTION_LEVEL_MEDIUM)
+						{	
+							// random reject depending on congestion level
+							int level = m_Rng () % (CONGESTION_LEVEL_FULL - CONGESTION_LEVEL_MEDIUM) + CONGESTION_LEVEL_MEDIUM;
+							if (congestionLevel > level)
+								retCode = 30;
+						}	
+					}	
+					else
+						retCode = 30;
+				}	
+				else	
 					retCode = 30;
+				
 				if (!retCode)
 				{
-					// create new transit tunnel
+					i2p::data::IdentHash nextIdent(clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET);
-					transitTunnel = i2p::tunnel::CreateTransitTunnel (
+					bool isEndpoint = clearText[SHORT_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG;
-						bufbe32toh (clearText + SHORT_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET),
+					if (isEndpoint || !i2p::data::IsRouterDuplicated (nextIdent))
-						clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET,
+					{	
-						bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
+						// create new transit tunnel
-						layerKey, ivKey,
+						transitTunnel = CreateTransitTunnel (
-						clearText[SHORT_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_GATEWAY_FLAG,
+							bufbe32toh (clearText + SHORT_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET),
-						clearText[SHORT_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG);
+							nextIdent,
-					if (!AddTransitTunnel (transitTunnel))
+							bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
+							layerKey, ivKey,
+							clearText[SHORT_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_GATEWAY_FLAG,
+							isEndpoint);
+						if (!AddTransitTunnel (transitTunnel))
+							retCode = 30;
+					}
+					else
+						// decline tunnel going to duplicated router 
 						retCode = 30;
 				}
 
@@ -444,7 +477,7 @@ namespace tunnel
 						if (congestionLevel < CONGESTION_LEVEL_FULL)
 						{
 							// random reject depending on congestion level
-							int level = i2p::tunnel::tunnels.GetRng ()() % (CONGESTION_LEVEL_FULL - CONGESTION_LEVEL_MEDIUM) + CONGESTION_LEVEL_MEDIUM;
+							int level = m_Rng () % (CONGESTION_LEVEL_FULL - CONGESTION_LEVEL_MEDIUM) + CONGESTION_LEVEL_MEDIUM;
 							if (congestionLevel > level)
 								accept = false;
 						}	
@@ -452,23 +485,32 @@ namespace tunnel
 							accept = false;
 					}	
 				}	
-				// replace record to reply
+					
 				if (accept)
 				{
-					auto transitTunnel = i2p::tunnel::CreateTransitTunnel (
+					i2p::data::IdentHash nextIdent(clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET);
-							bufbe32toh (clearText + ECIES_BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET),
+					bool isEndpoint = clearText[ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG;
-							clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET,
+					if (isEndpoint || !i2p::data::IsRouterDuplicated (nextIdent))
-							bufbe32toh (clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
+					{	
-							clearText + ECIES_BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET,
+						auto transitTunnel = CreateTransitTunnel (
-							clearText + ECIES_BUILD_REQUEST_RECORD_IV_KEY_OFFSET,
+								bufbe32toh (clearText + ECIES_BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET),
-							clearText[ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_GATEWAY_FLAG,
+								nextIdent,
-							clearText[ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG);
+								bufbe32toh (clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
-					if (!AddTransitTunnel (transitTunnel))
+								clearText + ECIES_BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET,
+								clearText + ECIES_BUILD_REQUEST_RECORD_IV_KEY_OFFSET,
+								clearText[ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_GATEWAY_FLAG,
+								isEndpoint);
+						if (!AddTransitTunnel (transitTunnel))
+							retCode = 30;
+					}	
+					else
+						// decline tunnel going to duplicated router 
 						retCode = 30;
 				}
 				else
 					retCode = 30; // always reject with bandwidth reason (30)
 
+				// replace record to reply
 				memset (record + ECIES_BUILD_RESPONSE_RECORD_OPTIONS_OFFSET, 0, 2); // no options
 				record[ECIES_BUILD_RESPONSE_RECORD_RET_OFFSET] = retCode;
 				// encrypt reply

libi2pd/TransitTunnel.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -100,7 +100,7 @@ namespace tunnel
 				TransitTunnel (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey),
 				m_Endpoint (false) {}; // transit endpoint is always outbound
 
-			void Cleanup () override { m_Endpoint.Cleanup (); }
+			void Cleanup () override;
 		
 			void HandleTunnelDataMsg (std::shared_ptr<i2p::I2NPMessage>&& tunnelMsg) override;
 			void FlushTunnelDataMsgs () override;
@@ -109,6 +109,7 @@ namespace tunnel
 			
 		private:
 
+			std::mutex m_HandleMutex;
 			TunnelEndpoint m_Endpoint;
 	};
 
@@ -151,6 +152,7 @@ namespace tunnel
 			std::unique_ptr<std::thread> m_Thread;
 			std::list<std::shared_ptr<TransitTunnel> > m_TransitTunnels;
 			i2p::util::Queue<std::shared_ptr<I2NPMessage> > m_TunnelBuildMsgQueue;
+			std::mt19937 m_Rng;
 			
 		public:
 

libi2pd/Transports.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -160,7 +160,8 @@ namespace transport
 		m_TotalSentBytes (0), m_TotalReceivedBytes (0), m_TotalTransitTransmittedBytes (0),
 		m_InBandwidth (0), m_OutBandwidth (0), m_TransitBandwidth (0),
 		m_InBandwidth15s (0), m_OutBandwidth15s (0), m_TransitBandwidth15s (0),
-		m_InBandwidth5m (0), m_OutBandwidth5m (0), m_TransitBandwidth5m (0)
+		m_InBandwidth5m (0), m_OutBandwidth5m (0), m_TransitBandwidth5m (0),
+		m_Rng(i2p::util::GetMonotonicMicroseconds () % 1000000LL)
 	{
 	}
 
@@ -338,7 +339,7 @@ namespace transport
 
 		if (m_IsNAT)
 		{
-			m_PeerTestTimer->expires_from_now (boost::posix_time::minutes(PEER_TEST_INTERVAL));
+			m_PeerTestTimer->expires_from_now (boost::posix_time::seconds(PEER_TEST_INTERVAL + m_Rng() % PEER_TEST_INTERVAL_VARIANCE));
 			m_PeerTestTimer->async_wait (std::bind (&Transports::HandlePeerTestTimer, this, std::placeholders::_1));
 		}
 	}
@@ -560,7 +561,14 @@ namespace transport
 	bool Transports::ConnectToPeer (const i2p::data::IdentHash& ident, std::shared_ptr<Peer> peer)
 	{
 		if (!peer->router) // reconnect
-			peer->SetRouter (netdb.FindRouter (ident)); // try to get new one from netdb
+		{	
+			auto r = netdb.FindRouter (ident); // try to get new one from netdb
+			if (r)
+			{	
+				peer->SetRouter (r); 
+				r->CancelBufferToDelete ();
+			}	
+		}	
 		if (peer->router) // we have RI already
 		{
 			if (peer->priority.empty ())
@@ -647,7 +655,7 @@ namespace transport
 		return true;
 	}
 
-	void Transports::SetPriority (std::shared_ptr<Peer> peer) const
+	void Transports::SetPriority (std::shared_ptr<Peer> peer)
 	{
 		static const std::vector<i2p::data::RouterInfo::SupportedTransports>
 			ntcp2Priority =
@@ -673,7 +681,7 @@ namespace transport
 		peer->numAttempts = 0;
 		peer->priority.clear ();
 		bool isReal = peer->router->GetProfile ()->IsReal (); 
-		bool ssu2 = isReal ? (rand () & 1) : false; // try NTCP2 if router is not confirmed real
+		bool ssu2 = isReal ? (m_Rng () & 1) : false; // try NTCP2 if router is not confirmed real
 		const auto& priority = ssu2 ? ssu2Priority : ntcp2Priority;
 		if (directTransports)
 		{	
@@ -701,7 +709,8 @@ namespace transport
 			// try recently connected SSU2 if any
 			auto supportedTransports = context.GetRouterInfo ().GetCompatibleTransports (false) &
 				peer->router->GetCompatibleTransports (false);
-			if (supportedTransports & (i2p::data::RouterInfo::eSSU2V4 | i2p::data::RouterInfo::eSSU2V6))
+			if ((supportedTransports & (i2p::data::RouterInfo::eSSU2V4 | i2p::data::RouterInfo::eSSU2V6)) &&
+			    peer->router->HasProfile ())
 			{
 				auto ep = peer->router->GetProfile ()->GetLastEndpoint ();
 				if (!ep.address ().is_unspecified () && ep.port ())
@@ -791,7 +800,7 @@ namespace transport
 					}	
 					else
 					{
-						testDelay += PEER_TEST_DELAY_INTERVAL + rand() % PEER_TEST_DELAY_INTERVAL_VARIANCE;
+						testDelay += PEER_TEST_DELAY_INTERVAL + m_Rng() % PEER_TEST_DELAY_INTERVAL_VARIANCE;
 						if (m_Service)
 						{	
 							auto delayTimer = std::make_shared<boost::asio::deadline_timer>(*m_Service);
@@ -829,7 +838,7 @@ namespace transport
 					}	
 					else
 					{
-						testDelay += PEER_TEST_DELAY_INTERVAL + rand() % PEER_TEST_DELAY_INTERVAL_VARIANCE;
+						testDelay += PEER_TEST_DELAY_INTERVAL + m_Rng() % PEER_TEST_DELAY_INTERVAL_VARIANCE;
 						if (m_Service)
 						{	
 							auto delayTimer = std::make_shared<boost::asio::deadline_timer>(*m_Service);
@@ -886,7 +895,11 @@ namespace transport
 					auto transport = peer->priority[peer->numAttempts-1];
 					if (transport == i2p::data::RouterInfo::eNTCP2V4 || 
 						transport == i2p::data::RouterInfo::eNTCP2V6 || transport == i2p::data::RouterInfo::eNTCP2V6Mesh)
-						peer->router->GetProfile ()->Connected (); // outgoing NTCP2 connection if always real
+							i2p::data::UpdateRouterProfile (ident,
+								[](std::shared_ptr<i2p::data::RouterProfile> profile)
+								{
+									if (profile) profile->Connected (); // outgoing NTCP2 connection if always real
+								});
 					i2p::data::netdb.SetUnreachable (ident, false); // clear unreachable 
 				}		
 				peer->numAttempts = 0;
@@ -921,7 +934,11 @@ namespace transport
 					session->SendI2NPMessages (msgs); // send DatabaseStore
 				}	
 				auto r = i2p::data::netdb.FindRouter (ident); // router should be in netdb after SessionConfirmed
-				if (r) r->GetProfile ()->Connected ();
+				i2p::data::UpdateRouterProfile (ident,
+					[](std::shared_ptr<i2p::data::RouterProfile> profile)
+					{
+						if (profile) profile->Connected ();
+					});
 				auto ts = i2p::util::GetSecondsSinceEpoch ();
 				auto peer = std::make_shared<Peer>(r, ts);
 				peer->sessions.push_back (session);
@@ -955,8 +972,13 @@ namespace transport
 					}
 					else
 					{
-						std::lock_guard<std::mutex> l(m_PeersMutex);
+						{
-						m_Peers.erase (it);
+							std::lock_guard<std::mutex> l(m_PeersMutex);
+							m_Peers.erase (it);
+						}
+						// delete buffer of just disconnected router 
+						auto r = i2p::data::netdb.FindRouter (ident);
+						if (r && !r->IsUpdated ()) r->ScheduleBufferToDelete ();
 					}
 				}
 			}
@@ -1006,7 +1028,7 @@ namespace transport
 						if (session)
 							session->SendLocalRouterInfo (true);
 						it->second->nextRouterInfoUpdateTime = ts + PEER_ROUTER_INFO_UPDATE_INTERVAL +
-							rand () % PEER_ROUTER_INFO_UPDATE_INTERVAL_VARIANCE;
+							m_Rng() % PEER_ROUTER_INFO_UPDATE_INTERVAL_VARIANCE;
 					}
 					++it;
 				}
@@ -1020,7 +1042,7 @@ namespace transport
 			// if still testing or unknown, repeat peer test
 			if (ipv4Testing || ipv6Testing)
 				PeerTest (ipv4Testing, ipv6Testing);
-			m_PeerCleanupTimer->expires_from_now (boost::posix_time::seconds(3 * SESSION_CREATION_TIMEOUT));
+			m_PeerCleanupTimer->expires_from_now (boost::posix_time::seconds(2 * SESSION_CREATION_TIMEOUT + m_Rng() % SESSION_CREATION_TIMEOUT));
 			m_PeerCleanupTimer->async_wait (std::bind (&Transports::HandlePeerCleanupTimer, this, std::placeholders::_1));
 		}
 	}
@@ -1030,7 +1052,7 @@ namespace transport
 		if (ecode != boost::asio::error::operation_aborted)
 		{
 			PeerTest ();
-			m_PeerTestTimer->expires_from_now (boost::posix_time::minutes(PEER_TEST_INTERVAL));
+			m_PeerTestTimer->expires_from_now (boost::posix_time::seconds(PEER_TEST_INTERVAL + m_Rng() % PEER_TEST_INTERVAL_VARIANCE));
 			m_PeerTestTimer->async_wait (std::bind (&Transports::HandlePeerTestTimer, this, std::placeholders::_1));
 		}
 	}
@@ -1177,7 +1199,7 @@ namespace transport
 	}
 
 	/** XXX: if routes are not restricted this dies */
-	std::shared_ptr<const i2p::data::RouterInfo> Transports::GetRestrictedPeer() const
+	std::shared_ptr<const i2p::data::RouterInfo> Transports::GetRestrictedPeer()
 	{
 		{
 			std::lock_guard<std::mutex> l(m_FamilyMutex);
@@ -1186,7 +1208,7 @@ namespace transport
 			if(sz > 1)
 			{
 				auto it = m_TrustedFamilies.begin ();
-				std::advance(it, rand() % sz);
+				std::advance(it, m_Rng() % sz);
 				fam = *it;
 			}
 			else if (sz == 1)
@@ -1204,7 +1226,7 @@ namespace transport
 				if(sz == 1)
 					return i2p::data::netdb.FindRouter(m_TrustedRouters[0]);
 				auto it = m_TrustedRouters.begin();
-				std::advance(it, rand() % sz);
+				std::advance(it, m_Rng() % sz);
 				return i2p::data::netdb.FindRouter(*it);
 			}
 		}

libi2pd/Transports.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -20,6 +20,7 @@
 #include <string>
 #include <memory>
 #include <atomic>
+#include <random>
 #include <boost/asio.hpp>
 #include "TransportSession.h"
 #include "SSU2.h"
@@ -106,7 +107,8 @@ namespace transport
 	};
 
 	const uint64_t SESSION_CREATION_TIMEOUT = 15; // in seconds
-	const int PEER_TEST_INTERVAL = 71; // in minutes
+	const int PEER_TEST_INTERVAL = 68*60; // in seconds
+	const int PEER_TEST_INTERVAL_VARIANCE = 3*60; // in seconds
 	const int PEER_TEST_DELAY_INTERVAL = 20; // in milliseconds
 	const int PEER_TEST_DELAY_INTERVAL_VARIANCE = 30; // in milliseconds
 	const int MAX_NUM_DELAYED_MESSAGES = 150;
@@ -168,7 +170,7 @@ namespace transport
 			std::shared_ptr<const i2p::data::RouterInfo> GetRandomPeer (bool isHighBandwidth) const;
 
 			/** get a trusted first hop for restricted routes */
-			std::shared_ptr<const i2p::data::RouterInfo> GetRestrictedPeer() const;
+			std::shared_ptr<const i2p::data::RouterInfo> GetRestrictedPeer();
 			/** do we want to use restricted routes? */
 			bool RoutesRestricted() const;
 			/** restrict routes to use only these router families for first hops */
@@ -191,7 +193,7 @@ namespace transport
 			void HandleRequestComplete (std::shared_ptr<const i2p::data::RouterInfo> r, i2p::data::IdentHash ident);
 			std::shared_ptr<TransportSession> PostMessages (const i2p::data::IdentHash& ident, std::list<std::shared_ptr<i2p::I2NPMessage> >& msgs);
 			bool ConnectToPeer (const i2p::data::IdentHash& ident, std::shared_ptr<Peer> peer);
-			void SetPriority (std::shared_ptr<Peer> peer) const;
+			void SetPriority (std::shared_ptr<Peer> peer);
 			void HandlePeerCleanupTimer (const boost::system::error_code& ecode);
 			void HandlePeerTestTimer (const boost::system::error_code& ecode);
 			void HandleUpdateBandwidthTimer (const boost::system::error_code& ecode);
@@ -239,6 +241,7 @@ namespace transport
 			mutable std::mutex m_TrustedRoutersMutex;
 
 			i2p::I2NPMessagesHandler m_LoopbackHandler;
+			std::mt19937 m_Rng;
 
 		public:
 

libi2pd/Tunnel.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -103,7 +103,7 @@ namespace tunnel
 			if (m_Config->IsShort ())
 			{
 				auto ident = m_Config->GetFirstHop () ? m_Config->GetFirstHop ()->ident : nullptr;
-				if (ident && ident->GetIdentHash () != outboundTunnel->GetNextIdentHash ()) // don't encrypt if IBGW = OBEP
+				if (ident && ident->GetIdentHash () != outboundTunnel->GetEndpointIdentHash ()) // don't encrypt if IBGW = OBEP
 				{
 					auto msg1 = i2p::garlic::WrapECIESX25519MessageForRouter (msg, ident->GetEncryptionPublicKey ());
 					if (msg1) msg = msg1;
@@ -179,9 +179,12 @@ namespace tunnel
 		{
 			uint8_t ret = hop->GetRetCode (msg + 1);
 			LogPrint (eLogDebug, "Tunnel: Build response ret code=", (int)ret);
-			auto profile = i2p::data::netdb.FindRouterProfile (hop->ident->GetIdentHash ());
+			if (hop->ident)
-			if (profile)
+				i2p::data::UpdateRouterProfile (hop->ident->GetIdentHash (),
-				profile->TunnelBuildResponse (ret);
+					[ret](std::shared_ptr<i2p::data::RouterProfile> profile)
+					{
+						if (profile) profile->TunnelBuildResponse (ret);
+					});
 			if (ret)
 				// if any of participants declined the tunnel is not established
 				established = false;
@@ -278,6 +281,21 @@ namespace tunnel
 		m_Endpoint.HandleDecryptedTunnelDataMsg (msg);
 	}
 
+	bool InboundTunnel::Recreate ()
+	{
+		if (!IsRecreated ())
+		{
+			auto pool = GetTunnelPool ();
+			if (pool)
+			{
+				SetRecreated (true);
+				pool->RecreateInboundTunnel (std::static_pointer_cast<InboundTunnel>(shared_from_this ()));
+				return true;
+			}	
+		}
+		return false;
+	}	
+		
 	ZeroHopsInboundTunnel::ZeroHopsInboundTunnel ():
 		InboundTunnel (std::make_shared<ZeroHopsTunnelConfig> ()),
 		m_NumReceivedBytes (0)
@@ -297,22 +315,28 @@ namespace tunnel
 	void OutboundTunnel::SendTunnelDataMsgTo (const uint8_t * gwHash, uint32_t gwTunnel, std::shared_ptr<i2p::I2NPMessage> msg)
 	{
 		TunnelMessageBlock block;
+		block.tunnelID = 0; // Initialize tunnelID to a default value
+	
 		if (gwHash)
 		{
 			block.hash = gwHash;
 			if (gwTunnel)
 			{
 				block.deliveryType = eDeliveryTypeTunnel;
-				block.tunnelID = gwTunnel;
+				block.tunnelID = gwTunnel; // Set tunnelID only if gwTunnel is non-zero
 			}
 			else
+			{
 				block.deliveryType = eDeliveryTypeRouter;
+			}
 		}
 		else
+		{
 			block.deliveryType = eDeliveryTypeLocal;
+		}
+	
 		block.data = msg;
-
+		SendTunnelDataMsgs({block});
-		SendTunnelDataMsgs ({block});
 	}
 
 	void OutboundTunnel::SendTunnelDataMsgs (const std::vector<TunnelMessageBlock>& msgs)
@@ -328,6 +352,21 @@ namespace tunnel
 		LogPrint (eLogError, "Tunnel: Incoming message for outbound tunnel ", GetTunnelID ());
 	}
 
+	bool OutboundTunnel::Recreate ()
+	{
+		if (!IsRecreated ())
+		{
+			auto pool = GetTunnelPool ();
+			if (pool)
+			{
+				SetRecreated (true);
+				pool->RecreateOutboundTunnel (std::static_pointer_cast<OutboundTunnel>(shared_from_this ()));
+				return true;
+			}	
+		}
+		return false;
+	}
+		
 	ZeroHopsOutboundTunnel::ZeroHopsOutboundTunnel ():
 		OutboundTunnel (std::make_shared<ZeroHopsTunnelConfig> ()),
 		m_NumSentBytes (0)
@@ -434,7 +473,7 @@ namespace tunnel
 	std::shared_ptr<OutboundTunnel> Tunnels::GetNextOutboundTunnel ()
 	{
 		if (m_OutboundTunnels.empty ()) return nullptr;
-		uint32_t ind = rand () % m_OutboundTunnels.size (), i = 0;
+		uint32_t ind = m_Rng () % m_OutboundTunnels.size (), i = 0;
 		std::shared_ptr<OutboundTunnel> tunnel;
 		for (const auto& it: m_OutboundTunnels)
 		{
@@ -711,8 +750,17 @@ namespace tunnel
 	void Tunnels::ManageTunnels (uint64_t ts)
 	{
 		ManagePendingTunnels (ts);
-		ManageInboundTunnels (ts);
+		std::vector<std::shared_ptr<Tunnel> > tunnelsToRecreate;
-		ManageOutboundTunnels (ts);
+		ManageInboundTunnels (ts, tunnelsToRecreate);
+		ManageOutboundTunnels (ts, tunnelsToRecreate);
+		// rec-create in random order
+		if (!tunnelsToRecreate.empty ())
+		{	
+			if (tunnelsToRecreate.size () > 1)
+				std::shuffle (tunnelsToRecreate.begin(), tunnelsToRecreate.end(), m_Rng);
+			for (auto& it: tunnelsToRecreate)
+				it->Recreate ();
+		}	
 	}
 
 	void Tunnels::ManagePendingTunnels (uint64_t ts)
@@ -743,11 +791,11 @@ namespace tunnel
 							while (hop)
 							{
 								if (hop->ident)
-								{
+									i2p::data::UpdateRouterProfile (hop->ident->GetIdentHash (),
-									auto profile = i2p::data::netdb.FindRouterProfile (hop->ident->GetIdentHash ());
+										[](std::shared_ptr<i2p::data::RouterProfile> profile)
-									if (profile)
+				    					{
-										profile->TunnelNonReplied ();
+											if (profile) profile->TunnelNonReplied ();
-								}
+										});
 								hop = hop->next;
 							}
 						}
@@ -775,7 +823,7 @@ namespace tunnel
 		}
 	}
 
-	void Tunnels::ManageOutboundTunnels (uint64_t ts)
+	void Tunnels::ManageOutboundTunnels (uint64_t ts, std::vector<std::shared_ptr<Tunnel> >& toRecreate)
 	{
 		for (auto it = m_OutboundTunnels.begin (); it != m_OutboundTunnels.end ();)
 		{
@@ -799,10 +847,7 @@ namespace tunnel
 						auto pool = tunnel->GetTunnelPool ();
 						// let it die if the tunnel pool has been reconfigured and this is old
 						if (pool && tunnel->GetNumHops() == pool->GetNumOutboundHops())
-						{
+							toRecreate.push_back (tunnel);
-							tunnel->SetRecreated (true);
-							pool->RecreateOutboundTunnel (tunnel);
-						}
 					}
 					if (ts + TUNNEL_EXPIRATION_THRESHOLD > tunnel->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT)
 						tunnel->SetState (eTunnelStateExpiring);
@@ -827,7 +872,7 @@ namespace tunnel
 		}
 	}
 
-	void Tunnels::ManageInboundTunnels (uint64_t ts)
+	void Tunnels::ManageInboundTunnels (uint64_t ts, std::vector<std::shared_ptr<Tunnel> >& toRecreate)
 	{
 		for (auto it = m_InboundTunnels.begin (); it != m_InboundTunnels.end ();)
 		{
@@ -851,10 +896,7 @@ namespace tunnel
 						auto pool = tunnel->GetTunnelPool ();
 						// let it die if the tunnel pool was reconfigured and has different number of hops
 						if (pool && tunnel->GetNumHops() == pool->GetNumInboundHops())
-						{
+							toRecreate.push_back (tunnel);
-							tunnel->SetRecreated (true);
-							pool->RecreateInboundTunnel (tunnel);
-						}
 					}
 
 					if (ts + TUNNEL_EXPIRATION_THRESHOLD > tunnel->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT)

libi2pd/Tunnel.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -99,6 +99,7 @@ namespace tunnel
 			void SetRecreated (bool recreated) { m_IsRecreated = recreated; };
 			int GetNumHops () const { return m_Hops.size (); };
 			virtual bool IsInbound() const = 0;
+			virtual bool Recreate () = 0;
 
 			std::shared_ptr<TunnelPool> GetTunnelPool () const { return m_Pool; };
 			void SetTunnelPool (std::shared_ptr<TunnelPool> pool) { m_Pool = pool; };
@@ -150,6 +151,7 @@ namespace tunnel
 			void HandleTunnelDataMsg (std::shared_ptr<i2p::I2NPMessage>&& tunnelMsg) override;
 
 			bool IsInbound() const override { return false; }
+			bool Recreate () override;
 
 		private:
 
@@ -166,6 +168,7 @@ namespace tunnel
 			void HandleTunnelDataMsg (std::shared_ptr<I2NPMessage>&& msg) override;
 			virtual size_t GetNumReceivedBytes () const { return m_Endpoint.GetNumReceivedBytes (); };
 			bool IsInbound() const override { return true; }
+			bool Recreate () override;
 
 			// override TunnelBase
 			void Cleanup () override { m_Endpoint.Cleanup (); };
@@ -245,8 +248,6 @@ namespace tunnel
 			void SetMaxNumTransitTunnels (uint32_t maxNumTransitTunnels);
 			uint32_t GetMaxNumTransitTunnels () const { return m_MaxNumTransitTunnels; };
 			int GetCongestionLevel() const { return m_MaxNumTransitTunnels ? CONGESTION_LEVEL_FULL * m_TransitTunnels.GetNumTransitTunnels () / m_MaxNumTransitTunnels : CONGESTION_LEVEL_FULL; }
-
-			std::mt19937& GetRng () { return m_Rng; };
 			
 		private:
 
@@ -264,8 +265,8 @@ namespace tunnel
 			
 			void Run ();
 			void ManageTunnels (uint64_t ts);
-			void ManageOutboundTunnels (uint64_t ts);
+			void ManageOutboundTunnels (uint64_t ts, std::vector<std::shared_ptr<Tunnel> >& toRecreate);
-			void ManageInboundTunnels (uint64_t ts);
+			void ManageInboundTunnels (uint64_t ts, std::vector<std::shared_ptr<Tunnel> >& toRecreate);
 			void ManagePendingTunnels (uint64_t ts);
 			template<class PendingTunnels>
 			void ManagePendingTunnels (PendingTunnels& pendingTunnels, uint64_t ts);

libi2pd/TunnelEndpoint.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -258,9 +258,8 @@ namespace tunnel
 	void TunnelEndpoint::AddOutOfSequenceFragment (uint32_t msgID, uint8_t fragmentNum,
 		bool isLastFragment, const uint8_t * fragment, size_t size)
 	{
-		std::unique_ptr<Fragment> f(new Fragment (isLastFragment, i2p::util::GetMillisecondsSinceEpoch (), size));
+		if (!m_OutOfSequenceFragments.try_emplace ((uint64_t)msgID << 32 | fragmentNum, 
-		memcpy (f->data.data (), fragment, size);
+			isLastFragment, i2p::util::GetMillisecondsSinceEpoch (), fragment, size).second)
-		if (!m_OutOfSequenceFragments.emplace ((uint64_t)msgID << 32 | fragmentNum, std::move (f)).second)
 			LogPrint (eLogInfo, "TunnelMessage: Duplicate out-of-sequence fragment ", fragmentNum, " of message ", msgID);
 	}
 
@@ -290,7 +289,7 @@ namespace tunnel
 		if (it != m_OutOfSequenceFragments.end ())
 		{
 			LogPrint (eLogDebug, "TunnelMessage: Out-of-sequence fragment ", (int)msg.nextFragmentNum, " of message ", msgID, " found");
-			size_t size = it->second->data.size ();
+			size_t size = it->second.data.size ();
 			if (msg.data->len + size > msg.data->maxLen)
 			{
 				LogPrint (eLogWarning, "TunnelMessage: Tunnel endpoint I2NP message size ", msg.data->maxLen, " is not enough");
@@ -298,9 +297,9 @@ namespace tunnel
 				*newMsg = *(msg.data);
 				msg.data = newMsg;
 			}
-			if (msg.data->Concat (it->second->data.data (), size) < size) // concatenate out-of-sync fragment	
+			if (msg.data->Concat (it->second.data.data (), size) < size) // concatenate out-of-sync fragment	
 				LogPrint (eLogError, "TunnelMessage: Tunnel endpoint I2NP buffer overflow ", msg.data->maxLen);
-			if (it->second->isLastFragment)
+			if (it->second.isLastFragment)
 				// message complete
 				msg.nextFragmentNum = 0;
 			else
@@ -349,7 +348,7 @@ namespace tunnel
 		// out-of-sequence fragments
 		for (auto it = m_OutOfSequenceFragments.begin (); it != m_OutOfSequenceFragments.end ();)
 		{
-			if (ts > it->second->receiveTime + i2p::I2NP_MESSAGE_EXPIRATION_TIMEOUT)
+			if (ts > it->second.receiveTime + i2p::I2NP_MESSAGE_EXPIRATION_TIMEOUT)
 				it = m_OutOfSequenceFragments.erase (it);
 			else
 				++it;

libi2pd/TunnelEndpoint.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -32,7 +32,8 @@ namespace tunnel
 
 		struct Fragment
 		{
-			Fragment (bool last, uint64_t t, size_t size): isLastFragment (last), receiveTime (t), data (size) {};
+			Fragment (bool last, uint64_t t, const uint8_t * buf, size_t size): 
+				isLastFragment (last), receiveTime (t), data (size) { memcpy (data.data(), buf, size); };
 			bool isLastFragment;
 			uint64_t receiveTime; // milliseconds since epoch
 			std::vector<uint8_t> data;
@@ -48,7 +49,7 @@ namespace tunnel
 			void HandleDecryptedTunnelDataMsg (std::shared_ptr<I2NPMessage> msg);
 			void FlushI2NPMsgs (); 
 
-			const i2p::data::IdentHash * GetCurrentHash () const; // return null if not avaiable
+			const i2p::data::IdentHash * GetCurrentHash () const; // return null if not available
 			const std::unique_ptr<TunnelTransportSender>& GetSender () const { return m_Sender; };
 		
 		private:
@@ -67,7 +68,7 @@ namespace tunnel
 		private:
 
 			std::unordered_map<uint32_t, TunnelMessageBlockEx> m_IncompleteMessages;
-			std::unordered_map<uint64_t, std::unique_ptr<Fragment> > m_OutOfSequenceFragments; // ((msgID << 8) + fragment#)->fragment
+			std::unordered_map<uint64_t, Fragment> m_OutOfSequenceFragments; // ((msgID << 8) + fragment#)->fragment
 			bool m_IsInbound;
 			size_t m_NumReceivedBytes;
 			TunnelMessageBlockEx m_CurrentMessage;

libi2pd/TunnelPool.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -560,7 +560,7 @@ namespace tunnel
 				i2p::data::netdb.GetRandomRouter (prevHop, reverse, endpoint, false);
 			if (hop)
 			{
-				if (!hop->GetProfile ()->IsBad ())
+				if (!hop->HasProfile () || !hop->GetProfile ()->IsBad ())
 					break;
 			}
 			else if (tryClient)
@@ -588,7 +588,7 @@ namespace tunnel
 			(inbound && i2p::transport::transports.GetNumPeers () > 25))
 		{
 			auto r = i2p::transport::transports.GetRandomPeer (m_IsHighBandwidth && !i2p::context.IsLimitedConnectivity ());
-			if (r && r->IsECIES () && !r->GetProfile ()->IsBad () &&
+			if (r && r->IsECIES () && (!r->HasProfile () || !r->GetProfile ()->IsBad ()) &&
 				(numHops > 1 || (r->IsV4 () && (!inbound || r->IsPublished (true))))) // first inbound must be published ipv4
 			{
 				prevHop = r;

libi2pd/version.h

@@ -18,7 +18,7 @@
 #define MAKE_VERSION_NUMBER(a,b,c) ((a*100+b)*100+c)
 
 #define I2PD_VERSION_MAJOR 2
-#define I2PD_VERSION_MINOR 55
+#define I2PD_VERSION_MINOR 56
 #define I2PD_VERSION_MICRO 0
 #define I2PD_VERSION_PATCH 0
 #ifdef GITVER
@@ -33,7 +33,7 @@
 
 #define I2P_VERSION_MAJOR 0
 #define I2P_VERSION_MINOR 9
-#define I2P_VERSION_MICRO 64
+#define I2P_VERSION_MICRO 65
 #define I2P_VERSION_PATCH 0
 #define I2P_VERSION MAKE_VERSION(I2P_VERSION_MAJOR, I2P_VERSION_MINOR, I2P_VERSION_MICRO)
 #define I2P_VERSION_NUMBER MAKE_VERSION_NUMBER(I2P_VERSION_MAJOR, I2P_VERSION_MINOR, I2P_VERSION_MICRO)

libi2pd_client/AddressBook.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -9,7 +9,7 @@
 #include <string.h>
 #include <inttypes.h>
 #include <string>
-#include <map>
+#include <unordered_map>
 #include <fstream>
 #include <chrono>
 #include <condition_variable>
@@ -17,6 +17,7 @@
 #include <boost/algorithm/string.hpp>
 #include "Base.h"
 #include "util.h"
+#include "Timestamp.h"
 #include "Identity.h"
 #include "FS.h"
 #include "Log.h"
@@ -49,22 +50,23 @@ namespace client
 				if (m_IsPersist)
 					i2p::config::GetOption("addressbook.hostsfile", m_HostsFile);
 			}
-			std::shared_ptr<const i2p::data::IdentityEx> GetAddress (const i2p::data::IdentHash& ident) const;
+			std::shared_ptr<const i2p::data::IdentityEx> GetAddress (const i2p::data::IdentHash& ident) override;
-			void AddAddress (std::shared_ptr<const i2p::data::IdentityEx> address);
+			void AddAddress (std::shared_ptr<const i2p::data::IdentityEx> address) override;
-			void RemoveAddress (const i2p::data::IdentHash& ident);
+			void RemoveAddress (const i2p::data::IdentHash& ident) override;
+			void CleanUpCache () override;
 
-			bool Init ();
+			bool Init () override;
-			int Load (std::map<std::string, std::shared_ptr<Address> > & addresses);
+			int Load (Addresses& addresses) override;
-			int LoadLocal (std::map<std::string, std::shared_ptr<Address> >& addresses);
+			int LoadLocal (Addresses& addresses) override;
-			int Save (const std::map<std::string, std::shared_ptr<Address> >& addresses);
+			int Save (const Addresses& addresses) override;
-
-			void SaveEtag (const i2p::data::IdentHash& subsciption, const std::string& etag, const std::string& lastModified);
-			bool GetEtag (const i2p::data::IdentHash& subscription, std::string& etag, std::string& lastModified);
-			void ResetEtags ();
 
+			void SaveEtag (const i2p::data::IdentHash& subsciption, const std::string& etag, const std::string& lastModified) override;
+			bool GetEtag (const i2p::data::IdentHash& subscription, std::string& etag, std::string& lastModified) override;
+			void ResetEtags () override;
+		
 		private:
 
-			int LoadFromFile (const std::string& filename, std::map<std::string, std::shared_ptr<Address> >& addresses); // returns -1 if can't open file, otherwise number of records
+			int LoadFromFile (const std::string& filename, Addresses& addresses); // returns -1 if can't open file, otherwise number of records
 
 		private:
 
@@ -72,6 +74,8 @@ namespace client
 			std::string etagsPath, indexPath, localPath;
 			bool m_IsPersist;
 			std::string m_HostsFile; // file to dump hosts.txt, empty if not used
+			std::unordered_map<i2p::data::IdentHash, std::pair<std::vector<uint8_t>, uint64_t> > m_FullAddressCache; // ident hash -> (full ident buffer, last access timestamp) 
+			std::mutex m_FullAddressCacheMutex;
 	};
 
 	bool AddressBookFilesystemStorage::Init()
@@ -92,8 +96,19 @@ namespace client
 		return false;
 	}
 
-	std::shared_ptr<const i2p::data::IdentityEx> AddressBookFilesystemStorage::GetAddress (const i2p::data::IdentHash& ident) const
+	std::shared_ptr<const i2p::data::IdentityEx> AddressBookFilesystemStorage::GetAddress (const i2p::data::IdentHash& ident)
 	{
+		auto ts = i2p::util::GetMonotonicSeconds ();
+		{
+			std::lock_guard<std::mutex> l(m_FullAddressCacheMutex);
+			auto it = m_FullAddressCache.find (ident);
+			if (it != m_FullAddressCache.end ())
+			{
+				it->second.second = ts;
+				return std::make_shared<i2p::data::IdentityEx>(it->second.first.data (), it->second.first.size ());
+			}	
+		}
+	
 		if (!m_IsPersist)
 		{
 			LogPrint(eLogDebug, "Addressbook: Persistence is disabled");
@@ -101,48 +116,72 @@ namespace client
 		}
 		std::string filename = storage.Path(ident.ToBase32());
 		std::ifstream f(filename, std::ifstream::binary);
-		if (!f.is_open ()) {
+		if (!f.is_open ()) 
+		{
 			LogPrint(eLogDebug, "Addressbook: Requested, but not found: ", filename);
 			return nullptr;
 		}
 
 		f.seekg (0,std::ios::end);
 		size_t len = f.tellg ();
-		if (len < i2p::data::DEFAULT_IDENTITY_SIZE) {
+		if (len < i2p::data::DEFAULT_IDENTITY_SIZE) 
+		{
 			LogPrint (eLogError, "Addressbook: File ", filename, " is too short: ", len);
 			return nullptr;
 		}
 		f.seekg(0, std::ios::beg);
-		uint8_t * buf = new uint8_t[len];
+		std::vector<uint8_t> buf(len);
-		f.read((char *)buf, len);
+		f.read((char *)buf.data (), len);
-		auto address = std::make_shared<i2p::data::IdentityEx>(buf, len);
+		if (!f)
-		delete[] buf;
+		{
-		return address;
+			LogPrint (eLogError, "Addressbook: Couldn't read ", filename);
+			return nullptr;
+		}	
+		{
+			std::lock_guard<std::mutex> l(m_FullAddressCacheMutex);
+			m_FullAddressCache.try_emplace (ident, buf, ts);
+		}	
+		return std::make_shared<i2p::data::IdentityEx>(buf.data (), len);
 	}
 
 	void AddressBookFilesystemStorage::AddAddress (std::shared_ptr<const i2p::data::IdentityEx> address)
 	{
-		if (!m_IsPersist) return;
+		if (!address) return;
-		std::string path = storage.Path( address->GetIdentHash().ToBase32() );
-		std::ofstream f (path, std::ofstream::binary | std::ofstream::out);
-		if (!f.is_open ())	{
-			LogPrint (eLogError, "Addressbook: Can't open file ", path);
-			return;
-		}
 		size_t len = address->GetFullLen ();
-		uint8_t * buf = new uint8_t[len];
+		std::vector<uint8_t> buf;
-		address->ToBuffer (buf, len);
+		if (!len) return; // invalid address
-		f.write ((char *)buf, len);
+		{
-		delete[] buf;
+			std::lock_guard<std::mutex> l(m_FullAddressCacheMutex);
+			auto [it, inserted] = m_FullAddressCache.try_emplace (address->GetIdentHash(), len, i2p::util::GetMonotonicSeconds ());
+			if (inserted)
+				address->ToBuffer (it->second.first.data (), len);
+			if (m_IsPersist)
+				buf = it->second.first;
+		}
+		if (m_IsPersist && !buf.empty ())
+		{
+			std::string path = storage.Path(address->GetIdentHash().ToBase32());
+			std::ofstream f (path, std::ofstream::binary | std::ofstream::out);
+			if (!f.is_open ())	
+			{
+				LogPrint (eLogError, "Addressbook: Can't open file ", path);
+				return;
+			}
+			f.write ((const char *)buf.data (), len);
+		}	
 	}
 
 	void AddressBookFilesystemStorage::RemoveAddress (const i2p::data::IdentHash& ident)
 	{
+		{
+			std::lock_guard<std::mutex> l(m_FullAddressCacheMutex);
+			m_FullAddressCache.erase (ident);
+		}
 		if (!m_IsPersist) return;
 		storage.Remove( ident.ToBase32() );
 	}
 
-	int AddressBookFilesystemStorage::LoadFromFile (const std::string& filename, std::map<std::string, std::shared_ptr<Address> >& addresses)
+	int AddressBookFilesystemStorage::LoadFromFile (const std::string& filename, Addresses& addresses)
 	{
 		int num = 0;
 		std::ifstream f (filename, std::ifstream::in); // in text mode
@@ -168,7 +207,7 @@ namespace client
 		return num;
 	}
 
-	int AddressBookFilesystemStorage::Load (std::map<std::string, std::shared_ptr<Address> >& addresses)
+	int AddressBookFilesystemStorage::Load (Addresses& addresses)
 	{
 		int num = LoadFromFile (indexPath, addresses);
 		if (num < 0)
@@ -182,7 +221,7 @@ namespace client
 		return num;
 	}
 
-	int AddressBookFilesystemStorage::LoadLocal (std::map<std::string, std::shared_ptr<Address> >& addresses)
+	int AddressBookFilesystemStorage::LoadLocal (Addresses& addresses)
 	{
 		int num = LoadFromFile (localPath, addresses);
 		if (num < 0) return 0;
@@ -190,7 +229,7 @@ namespace client
 		return num;
 	}
 
-	int AddressBookFilesystemStorage::Save (const std::map<std::string, std::shared_ptr<Address> >& addresses)
+	int AddressBookFilesystemStorage::Save (const Addresses& addresses)
 	{
 		if (addresses.empty())
 		{
@@ -281,9 +320,22 @@ namespace client
 		}
 	}
 
+	void AddressBookFilesystemStorage::CleanUpCache ()
+	{
+		auto ts = i2p::util::GetMonotonicSeconds ();
+		std::lock_guard<std::mutex> l(m_FullAddressCacheMutex);
+		for (auto it = m_FullAddressCache.begin (); it != m_FullAddressCache.end ();)
+		{
+			if (ts > it->second.second + ADDRESS_CACHE_EXPIRATION_TIMEOUT)
+				it = m_FullAddressCache.erase (it);
+			else
+				it++;
+		}	
+	}	
+	
 //---------------------------------------------------------------------
 
-	Address::Address (const std::string& b32):
+	Address::Address (std::string_view b32):
 		addressType (eAddressInvalid)
 	{
 		if (b32.length () <= B33_ADDRESS_THRESHOLD)
@@ -327,6 +379,7 @@ namespace client
 			LoadHosts (); /* try storage, then hosts.txt, then download */
 			StartSubscriptions ();
 			StartLookups ();
+			ScheduleCacheUpdate ();
 		}
 	}
 
@@ -341,9 +394,14 @@ namespace client
 		StopSubscriptions ();
 		if (m_SubscriptionsUpdateTimer)
 		{
-			delete m_SubscriptionsUpdateTimer;
+			m_SubscriptionsUpdateTimer->cancel ();
 			m_SubscriptionsUpdateTimer = nullptr;
 		}
+		if (m_AddressCacheUpdateTimer)
+		{
+			m_AddressCacheUpdateTimer->cancel ();
+			m_AddressCacheUpdateTimer = nullptr;
+		}	
 		bool isDownloading = m_Downloading.valid ();
 		if (isDownloading)
 		{
@@ -377,7 +435,7 @@ namespace client
 		m_Subscriptions.clear ();
 	}
 
-	std::shared_ptr<const Address> AddressBook::GetAddress (const std::string& address)
+	std::shared_ptr<const Address> AddressBook::GetAddress (std::string_view address)
 	{
 		auto pos = address.find(".b32.i2p");
 		if (pos != std::string::npos)
@@ -404,7 +462,7 @@ namespace client
 		return std::make_shared<const Address>(dest.GetIdentHash ());
 	}
 
-	std::shared_ptr<const Address> AddressBook::FindAddress (const std::string& address)
+	std::shared_ptr<const Address> AddressBook::FindAddress (std::string_view address)
 	{
 		auto it = m_Addresses.find (address);
 		if (it != m_Addresses.end ())
@@ -609,7 +667,7 @@ namespace client
 	void AddressBook::LoadLocal ()
 	{
 		if (!m_Storage) return;
-		std::map<std::string, std::shared_ptr<Address>> localAddresses;
+		AddressBookStorage::Addresses localAddresses;
 		m_Storage->LoadLocal (localAddresses);
 		for (const auto& it: localAddresses)
 		{
@@ -682,7 +740,7 @@ namespace client
 		auto dest = i2p::client::context.GetSharedLocalDestination ();
 		if (dest)
 		{
-			m_SubscriptionsUpdateTimer = new boost::asio::deadline_timer (dest->GetService ());
+			m_SubscriptionsUpdateTimer = std::make_unique<boost::asio::deadline_timer>(dest->GetService ());
 			m_SubscriptionsUpdateTimer->expires_from_now (boost::posix_time::minutes(INITIAL_SUBSCRIPTION_UPDATE_TIMEOUT));
 			m_SubscriptionsUpdateTimer->async_wait (std::bind (&AddressBook::HandleSubscriptionsUpdateTimer,
 				this, std::placeholders::_1));
@@ -766,7 +824,7 @@ namespace client
 		}
 	}
 
-	void AddressBook::LookupAddress (const std::string& address)
+	void AddressBook::LookupAddress (std::string_view address)
 	{
 		std::shared_ptr<const Address> addr;
 		auto dot = address.find ('.');
@@ -796,7 +854,7 @@ namespace client
 				memset (buf, 0, 4);
 				htobe32buf (buf + 4, nonce);
 				buf[8] = address.length ();
-				memcpy (buf + 9, address.c_str (), address.length ());
+				memcpy (buf + 9, address.data (), address.length ());
 				datagram->SendDatagramTo (buf, len, addr->identHash, ADDRESS_RESPONSE_DATAGRAM_PORT, ADDRESS_RESOLVER_DATAGRAM_PORT);
 				delete[] buf;
 			}
@@ -833,6 +891,29 @@ namespace client
 		}
 	}
 
+	void AddressBook::ScheduleCacheUpdate ()
+	{
+		if (!m_AddressCacheUpdateTimer)
+		{
+			auto dest = i2p::client::context.GetSharedLocalDestination ();
+			if(dest)
+				m_AddressCacheUpdateTimer = std::make_unique<boost::asio::deadline_timer>(dest->GetService ());
+		}	
+		if (m_AddressCacheUpdateTimer)
+		{	
+			m_AddressCacheUpdateTimer->expires_from_now (boost::posix_time::seconds(ADDRESS_CACHE_UPDATE_INTERVAL ));
+			m_AddressCacheUpdateTimer->async_wait (
+				[this](const boost::system::error_code& ecode) 
+				{
+					if (ecode != boost::asio::error::operation_aborted)
+					{
+						if (m_Storage) m_Storage->CleanUpCache ();
+						ScheduleCacheUpdate ();
+					}	
+				});
+		}	
+	}	
+		
 	AddressBookSubscription::AddressBookSubscription (AddressBook& book, std::string_view link):
 		m_Book (book), m_Link (link)
 	{

libi2pd_client/AddressBook.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -34,7 +34,9 @@ namespace client
 	const int CONTINIOUS_SUBSCRIPTION_UPDATE_TIMEOUT = 720; // in minutes (12 hours)
 	const int CONTINIOUS_SUBSCRIPTION_RETRY_TIMEOUT = 5; // in minutes
 	const int CONTINIOUS_SUBSCRIPTION_MAX_NUM_RETRIES = 10; // then update timeout
-	const int SUBSCRIPTION_REQUEST_TIMEOUT = 120; //in second
+	const int SUBSCRIPTION_REQUEST_TIMEOUT = 120; //in seconds
+	const int ADDRESS_CACHE_EXPIRATION_TIMEOUT = 710; // in seconds
+	const int ADDRESS_CACHE_UPDATE_INTERVAL = 76; // in seconds
 
 	const uint16_t ADDRESS_RESOLVER_DATAGRAM_PORT = 53;
 	const uint16_t ADDRESS_RESPONSE_DATAGRAM_PORT = 54;
@@ -47,7 +49,7 @@ namespace client
 		i2p::data::IdentHash identHash;
 		std::shared_ptr<i2p::data::BlindedPublicKey> blindedPublicKey;
 
-		Address (const std::string& b32);
+		Address (std::string_view b32);
 		Address (const i2p::data::IdentHash& hash);
 		bool IsIdentHash () const { return addressType == eAddressIndentHash; };
 		bool IsValid () const { return addressType != eAddressInvalid; };
@@ -59,15 +61,18 @@ namespace client
 	{
 		public:
 
+			typedef std::map<std::string, std::shared_ptr<Address>, std::less<> > Addresses;
+			
 			virtual ~AddressBookStorage () {};
-			virtual std::shared_ptr<const i2p::data::IdentityEx> GetAddress (const i2p::data::IdentHash& ident) const = 0;
+			virtual std::shared_ptr<const i2p::data::IdentityEx> GetAddress (const i2p::data::IdentHash& ident) = 0;
 			virtual void AddAddress (std::shared_ptr<const i2p::data::IdentityEx> address) = 0;
 			virtual void RemoveAddress (const i2p::data::IdentHash& ident) = 0;
+			virtual void CleanUpCache () = 0;
 
 			virtual bool Init () = 0;
-			virtual int Load (std::map<std::string, std::shared_ptr<Address> >& addresses) = 0;
+			virtual int Load (Addresses& addresses) = 0;
-			virtual int LoadLocal (std::map<std::string, std::shared_ptr<Address> >& addresses) = 0;
+			virtual int LoadLocal (Addresses& addresses) = 0;
-			virtual int Save (const std::map<std::string, std::shared_ptr<Address> >& addresses) = 0;
+			virtual int Save (const Addresses& addresses) = 0;
 
 			virtual void SaveEtag (const i2p::data::IdentHash& subscription, const std::string& etag, const std::string& lastModified) = 0;
 			virtual bool GetEtag (const i2p::data::IdentHash& subscription, std::string& etag, std::string& lastModified) = 0;
@@ -79,16 +84,16 @@ namespace client
 	class AddressBook
 	{
 		public:
-
+			
 			AddressBook ();
 			~AddressBook ();
 			void Start ();
 			void StartResolvers ();
 			void Stop ();
-			std::shared_ptr<const Address> GetAddress (const std::string& address);
+			std::shared_ptr<const Address> GetAddress (std::string_view address);
 			std::shared_ptr<const i2p::data::IdentityEx> GetFullAddress (const std::string& address);
-			std::shared_ptr<const Address> FindAddress (const std::string& address);
+			std::shared_ptr<const Address> FindAddress (std::string_view address);
-			void LookupAddress (const std::string& address);
+			void LookupAddress (std::string_view address);
 			void InsertAddress (const std::string& address, const std::string& jump); // for jump links
 			void InsertFullAddress (std::shared_ptr<const i2p::data::IdentityEx> address);
 
@@ -118,10 +123,12 @@ namespace client
 			void StopLookups ();
 			void HandleLookupResponse (const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
 
+			void ScheduleCacheUpdate ();
+			
 		private:
 
 			std::mutex m_AddressBookMutex;
-			std::map<std::string, std::shared_ptr<Address> > m_Addresses;
+			AddressBookStorage::Addresses m_Addresses;
 			std::map<i2p::data::IdentHash, std::shared_ptr<AddressResolver> > m_Resolvers; // local destination->resolver
 			std::mutex m_LookupsMutex;
 			std::map<uint32_t, std::string> m_Lookups; // nonce -> address
@@ -131,7 +138,7 @@ namespace client
 			int m_NumRetries;
 			std::vector<std::shared_ptr<AddressBookSubscription> > m_Subscriptions;
 			std::shared_ptr<AddressBookSubscription> m_DefaultSubscription; // in case if we don't know any addresses yet
-			boost::asio::deadline_timer * m_SubscriptionsUpdateTimer;
+			std::unique_ptr<boost::asio::deadline_timer> m_SubscriptionsUpdateTimer, m_AddressCacheUpdateTimer;
 			bool m_IsEnabled;
 	};
 

libi2pd_client/ClientContext.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -297,7 +297,7 @@ namespace client
 		}
 		else
 		{
-			LogPrint (eLogCritical, "Clients: Can't open file ", fullPath, " Creating new one with signature type ", sigType, " crypto type ", cryptoType);
+			LogPrint (eLogInfo, "Clients: Can't open file ", fullPath, " Creating new one with signature type ", sigType, " crypto type ", cryptoType);
 			keys = i2p::data::PrivateKeys::CreateRandomKeys (sigType, cryptoType, true);
 			std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
 			size_t len = keys.GetFullLen ();
@@ -416,15 +416,10 @@ namespace client
 
 	void ClientContext::CreateNewSharedLocalDestination ()
 	{
-		std::map<std::string, std::string> params
+		std::map<std::string, std::string> params;
-		{
+		ReadI2CPOptionsFromConfig ("shareddest.", params);
-			{ I2CP_PARAM_INBOUND_TUNNELS_QUANTITY, "3" },
+		params[I2CP_PARAM_OUTBOUND_NICKNAME] = "SharedDest";
-			{ I2CP_PARAM_OUTBOUND_TUNNELS_QUANTITY, "3" },
+		
-			{ I2CP_PARAM_LEASESET_TYPE, "3" },
-			{ I2CP_PARAM_LEASESET_ENCRYPTION_TYPE, "0,4" },
-			{ I2CP_PARAM_OUTBOUND_NICKNAME, "SharedDest" },
-			{ I2CP_PARAM_STREAMING_PROFILE, "2" }
-		};
 		m_SharedLocalDestination = CreateNewLocalDestination (false, i2p::data::SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519,
 			i2p::data::CRYPTO_KEY_TYPE_ELGAMAL, &params); // non-public, EDDSA
 		m_SharedLocalDestination->Acquire ();
@@ -876,7 +871,7 @@ namespace client
 
 				}
 				else
-					LogPrint (eLogWarning, "Clients: Unknown section type = ", type, " of ", name, " in ", tunConf);
+					LogPrint (eLogError, "Clients: Unknown section type = ", type, " of ", name, " in ", tunConf);
 			}
 			catch (std::exception& ex)
 			{

libi2pd_client/HTTPProxy.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -60,7 +60,7 @@ namespace proxy {
 		"</head>\r\n"
 	;
 
-	static bool str_rmatch(std::string & str, const char *suffix) 
+	static bool str_rmatch(std::string_view str, const char *suffix) 
 	{
 		auto pos = str.rfind (suffix);
 		if (pos == std::string::npos)
@@ -84,16 +84,16 @@ namespace proxy {
 			void SentHTTPFailed(const boost::system::error_code & ecode);
 			void HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream);
 			/* error helpers */
-			void GenericProxyError(const std::string& title, const std::string& description);
+			void GenericProxyError(std::string_view title, std::string_view description);
-			void GenericProxyInfo(const std::string& title, const std::string& description);
+			void GenericProxyInfo(std::string_view title, std::string_view description);
-			void HostNotFound(const std::string& host);
+			void HostNotFound(std::string_view host);
-			void SendProxyError(const std::string& content);
+			void SendProxyError(std::string_view content);
 			void SendRedirect(const std::string& address);
 
 			void ForwardToUpstreamProxy();
 			void HandleUpstreamHTTPProxyConnect(const boost::system::error_code & ec);
 			void HandleUpstreamSocksProxyConnect(const boost::system::error_code & ec);
-			void HTTPConnect(const std::string & host, uint16_t port);
+			void HTTPConnect(std::string_view host, uint16_t port);
 			void HandleHTTPConnectStreamRequestComplete(std::shared_ptr<i2p::stream::Stream> stream);
 
 			typedef std::function<void(boost::asio::ip::tcp::endpoint)> ProxyResolvedHandler;
@@ -162,23 +162,23 @@ namespace proxy {
 		Done(shared_from_this());
 	}
 
-	void HTTPReqHandler::GenericProxyError(const std::string& title, const std::string& description) {
+	void HTTPReqHandler::GenericProxyError(std::string_view title, std::string_view description) 
+	{
 		std::stringstream ss;
 		ss << "<h1>" << tr("Proxy error") << ": " << title << "</h1>\r\n";
 		ss << "<p>" << description << "</p>\r\n";
-		std::string content = ss.str();
+		SendProxyError(ss.str ());
-		SendProxyError(content);
 	}
 
-	void HTTPReqHandler::GenericProxyInfo(const std::string& title, const std::string& description) {
+	void HTTPReqHandler::GenericProxyInfo(std::string_view title, std::string_view description) 
+	{
 		std::stringstream ss;
 		ss << "<h1>" << tr("Proxy info") << ": " << title << "</h1>\r\n";
 		ss << "<p>" << description << "</p>\r\n";
-		std::string content = ss.str();
+		SendProxyError(ss.str ());
-		SendProxyError(content);
 	}
 
-	void HTTPReqHandler::HostNotFound(const std::string& host) 
+	void HTTPReqHandler::HostNotFound(std::string_view host) 
 	{
 		std::stringstream ss;
 		ss << "<h1>" << tr("Proxy error: Host not found") << "</h1>\r\n"
@@ -192,11 +192,10 @@ namespace proxy {
 				ss << "  <li><a href=\"" << js->second << host << "\">" << js->first << "</a></li>\r\n";
 		}
 		ss << "</ul>\r\n";
-		std::string content = ss.str();
+		SendProxyError(ss.str ());
-		SendProxyError(content);
 	}
 
-	void HTTPReqHandler::SendProxyError(const std::string& content)
+	void HTTPReqHandler::SendProxyError(std::string_view content)
 	{
 		i2p::http::HTTPRes res;
 		res.code = 500;
@@ -473,7 +472,7 @@ namespace proxy {
 			if (dest_host != "")
 			{
 				/* absolute url, replace 'Host' header */
-				std::string h = dest_host;
+				std::string h (dest_host);
 				if (dest_port != 0 && dest_port != 80)
 					h += ":" + std::to_string(dest_port);
 				m_ClientRequest.UpdateHeader("Host", h);
@@ -513,7 +512,7 @@ namespace proxy {
 					GenericProxyError(tr("Outproxy failure"), tr("Bad outproxy settings"));
 			} else {
 				LogPrint (eLogWarning, "HTTPProxy: Outproxy failure for ", dest_host, ": no outproxy enabled");
-				std::stringstream ss; ss << tr("Host %s is not inside I2P network, but outproxy is not enabled", dest_host.c_str());
+				std::stringstream ss; ss << tr("Host %s is not inside I2P network, but outproxy is not enabled", dest_host.c_str ());
 				GenericProxyError(tr("Outproxy failure"), ss.str());
 			}
 			return true;
@@ -653,11 +652,10 @@ namespace proxy {
 		Terminate();
 	}
 
-	void HTTPReqHandler::HTTPConnect(const std::string & host, uint16_t port)
+	void HTTPReqHandler::HTTPConnect(std::string_view host, uint16_t port)
 	{
 		LogPrint(eLogDebug, "HTTPProxy: CONNECT ",host, ":", port);
-		std::string hostname(host);
+		if(str_rmatch(host, ".i2p"))
-		if(str_rmatch(hostname, ".i2p"))
 			GetOwner()->CreateStream (std::bind (&HTTPReqHandler::HandleHTTPConnectStreamRequestComplete,
 				shared_from_this(), std::placeholders::_1), host, port);
 		else

libi2pd_client/I2CP.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -29,13 +29,15 @@ namespace client
 	    const std::map<std::string, std::string>& params):
 		LeaseSetDestination (service, isPublic, &params),
 		m_Owner (owner), m_Identity (identity), m_EncryptionKeyType (m_Identity->GetCryptoKeyType ()),
-		m_IsCreatingLeaseSet (false), m_IsSameThread (isSameThread), m_LeaseSetCreationTimer (service)
+		m_IsCreatingLeaseSet (false), m_IsSameThread (isSameThread), 
+		m_LeaseSetCreationTimer (service), m_ReadinessCheckTimer (service)
 	{
 	}
 
 	void I2CPDestination::Stop ()
 	{
 		m_LeaseSetCreationTimer.cancel ();
+		m_ReadinessCheckTimer.cancel ();
 		LeaseSetDestination::Stop ();
 		m_Owner = nullptr;
 	}
@@ -88,7 +90,7 @@ namespace client
 
 	void I2CPDestination::CreateNewLeaseSet (const std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> >& tunnels)
 	{
-		boost::asio::post (GetService (), std::bind (&I2CPDestination::PostCreateNewLeaseSet, this, tunnels));
+		boost::asio::post (GetService (), std::bind (&I2CPDestination::PostCreateNewLeaseSet, GetSharedFromThis (), tunnels));
 	}
 
 	void I2CPDestination::PostCreateNewLeaseSet (std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels)
@@ -98,6 +100,20 @@ namespace client
 			LogPrint (eLogInfo, "I2CP: LeaseSet is being created");
 			return;
 		}
+		m_ReadinessCheckTimer.cancel ();
+		auto pool = GetTunnelPool ();
+		if (!pool || pool->GetOutboundTunnels ().empty ())
+		{
+			// try again later
+			m_ReadinessCheckTimer.expires_from_now (boost::posix_time::seconds(I2CP_DESTINATION_READINESS_CHECK_INTERVAL));
+			m_ReadinessCheckTimer.async_wait(
+				[s=GetSharedFromThis (), tunnels=std::move(tunnels)](const boost::system::error_code& ecode)
+			    {
+					if (ecode != boost::asio::error::operation_aborted)
+						s->PostCreateNewLeaseSet (tunnels);
+				});	
+			return;
+		}	
 		uint8_t priv[256] = {0};
 		i2p::data::LocalLeaseSet ls (m_Identity, priv, tunnels); // we don't care about encryption key, we need leases only
 		m_LeaseSetExpirationTime = ls.GetExpirationTime ();
@@ -555,20 +571,20 @@ namespace client
 			m_IsSending = false;
 	}
 
-	std::string I2CPSession::ExtractString (const uint8_t * buf, size_t len)
+	std::string_view I2CPSession::ExtractString (const uint8_t * buf, size_t len)
 	{
 		uint8_t l = buf[0];
 		if (l > len) l = len;
-		return std::string ((const char *)(buf + 1), l);
+		return { (const char *)(buf + 1), l };
 	}
 
-	size_t I2CPSession::PutString (uint8_t * buf, size_t len, const std::string& str)
+	size_t I2CPSession::PutString (uint8_t * buf, size_t len, std::string_view str)
 	{
 		auto l = str.length ();
 		if (l + 1 >= len) l = len - 1;
 		if (l > 255) l = 255; // 1 byte max
 		buf[0] = l;
-		memcpy (buf + 1, str.c_str (), l);
+		memcpy (buf + 1, str.data (), l);
 		return l + 1;
 	}
 
@@ -578,7 +594,7 @@ namespace client
 		size_t offset = 0;
 		while (offset < len)
 		{
-			std::string param = ExtractString (buf + offset, len - offset);
+			auto param = ExtractString (buf + offset, len - offset);
 			offset += param.length () + 1;
 			if (buf[offset] != '=')
 			{
@@ -587,7 +603,7 @@ namespace client
 			}
 			offset++;
 
-			std::string value = ExtractString (buf + offset, len - offset);
+			auto value = ExtractString (buf + offset, len - offset);
 			offset += value.length () + 1;
 			if (buf[offset] != ';')
 			{
@@ -595,7 +611,7 @@ namespace client
 				break;
 			}
 			offset++;
-			mapping.insert (std::make_pair (param, value));
+			mapping.emplace (param, value);
 		}
 	}
 
@@ -764,6 +780,7 @@ namespace client
 	void I2CPSession::AddRoutingSession (const i2p::data::IdentHash& signingKey, std::shared_ptr<i2p::garlic::GarlicRoutingSession> remoteSession)
 	{
 		if (!remoteSession) return;
+		remoteSession->SetAckRequestInterval (I2CP_SESSION_ACK_REQUEST_INTERVAL);
 		std::lock_guard<std::mutex> l(m_RoutingSessionsMutex);
 		m_RoutingSessions[signingKey] = remoteSession;
 	}
@@ -1110,12 +1127,12 @@ namespace client
 	void I2CPServer::Stop ()
 	{
 		m_Acceptor.cancel ();
-		{
+		
-			auto sessions = m_Sessions;
+		decltype(m_Sessions) sessions;
-			for (auto& it: sessions)
+		m_Sessions.swap (sessions);
-				it.second->Stop ();
+		for (auto& it: sessions)
-		}
+			it.second->Stop ();
-		m_Sessions.clear ();
+		
 		StopIOService ();
 	}
 

libi2pd_client/I2CP.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -11,6 +11,7 @@
 
 #include <inttypes.h>
 #include <string>
+#include <string_view>
 #include <memory>
 #include <mutex>
 #include <thread>
@@ -30,6 +31,8 @@ namespace client
 	const size_t I2CP_MAX_MESSAGE_LENGTH = 65535;
 	const size_t I2CP_MAX_SEND_QUEUE_SIZE = 1024*1024; // in bytes, 1M
 	const int I2CP_LEASESET_CREATION_TIMEOUT = 10; // in seconds
+	const int I2CP_DESTINATION_READINESS_CHECK_INTERVAL = 5; // in seconds
+	const int I2CP_SESSION_ACK_REQUEST_INTERVAL = 12100; // in milliseconds
 
 	const size_t I2CP_HEADER_LENGTH_OFFSET = 0;
 	const size_t I2CP_HEADER_TYPE_OFFSET = I2CP_HEADER_LENGTH_OFFSET + 4;
@@ -129,7 +132,7 @@ namespace client
 			uint8_t m_ECIESx25519PrivateKey[32];
 			uint64_t m_LeaseSetExpirationTime;
 			bool m_IsCreatingLeaseSet, m_IsSameThread;
-			boost::asio::deadline_timer m_LeaseSetCreationTimer;
+			boost::asio::deadline_timer m_LeaseSetCreationTimer, m_ReadinessCheckTimer;
 			i2p::util::MemoryPoolMt<I2NPMessageBuffer<I2NP_MAX_MESSAGE_SIZE> > m_I2NPMsgsPool;
 	};
 
@@ -191,8 +194,8 @@ namespace client
 
 			void HandleI2CPMessageSent (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 
-			std::string ExtractString (const uint8_t * buf, size_t len);
+			std::string_view ExtractString (const uint8_t * buf, size_t len);
-			size_t PutString (uint8_t * buf, size_t len, const std::string& str);
+			size_t PutString (uint8_t * buf, size_t len, std::string_view str);
 			void ExtractMapping (const uint8_t * buf, size_t len, std::map<std::string, std::string>& mapping);
 			void SendSessionStatusMessage (I2CPSessionStatus status);
 			void SendHostReplyMessage (uint32_t requestID, std::shared_ptr<const i2p::data::IdentityEx> identity);

libi2pd_client/I2PService.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -107,7 +107,7 @@ namespace client
 			m_ReadyTimerTriggered = false;
 	}
 
-	void I2PService::CreateStream (StreamRequestComplete streamRequestComplete, const std::string& dest, uint16_t port) {
+	void I2PService::CreateStream (StreamRequestComplete streamRequestComplete, std::string_view dest, uint16_t port) {
 		assert(streamRequestComplete);
 		auto address = i2p::client::context.GetAddressBook ().GetAddress (dest);
 		if (address)

libi2pd_client/I2PService.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -59,7 +59,7 @@ namespace client
 				if (dest) dest->Acquire ();
 				m_LocalDestination = dest;
 			}
-			void CreateStream (StreamRequestComplete streamRequestComplete, const std::string& dest, uint16_t port = 0);
+			void CreateStream (StreamRequestComplete streamRequestComplete, std::string_view dest, uint16_t port = 0);
 			void CreateStream(StreamRequestComplete complete, std::shared_ptr<const Address> address, uint16_t port);
 			auto& GetService () { return m_LocalDestination->GetService (); }
 

libi2pd_client/SAM.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2024, The PurpleI2P Project
+* Copyright (c) 2013-2025, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -1350,12 +1350,14 @@ namespace client
 			LogPrint (eLogError, "SAM: Runtime exception: ", ex.what ());
 		}
 
+		decltype(m_Sessions) sessions;
 		{
 			std::unique_lock<std::mutex> l(m_SessionsMutex);
-			for (auto& it: m_Sessions)
+			m_Sessions.swap (sessions);
-				it.second->Close ();
+		}	
-			m_Sessions.clear ();
+		for (auto& it: sessions)
-		}
+			it.second->Close ();
+		
 		StopIOService ();
 	}
 

tests/test-aeadchacha20poly1305.cpp

@@ -43,18 +43,20 @@ uint8_t encrypted[114] =
 int main ()
 {
 	uint8_t buf[114+16];
+    i2p::crypto::AEADChaCha20Poly1305Encryptor encryptor;
 	// test encryption
-	i2p::crypto::AEADChaCha20Poly1305 ((uint8_t *)text, 114, ad, 12, key, nonce, buf, 114 + 16, true);
+	encryptor.Encrypt ((uint8_t *)text, 114, ad, 12, key, nonce, buf, 114 + 16);
 	assert (memcmp (buf, encrypted, 114) == 0);
 	assert (memcmp (buf + 114, tag, 16) == 0);
 	// test decryption
 	uint8_t buf1[114];
-	assert (i2p::crypto::AEADChaCha20Poly1305 (buf, 114, ad, 12, key, nonce, buf1, 114, false));
+    i2p::crypto::AEADChaCha20Poly1305Decryptor decryptor;
+	assert (decryptor.Decrypt (buf, 114, ad, 12, key, nonce, buf1, 114));
 	assert (memcmp (buf1, text, 114) == 0);
 	// test encryption of multiple buffers
 	memcpy (buf, text, 114);
 	std::vector<std::pair<uint8_t*, std::size_t> > bufs{ std::make_pair (buf, 20), std::make_pair (buf + 20, 10), std::make_pair (buf + 30, 70), std::make_pair (buf + 100, 14) };
-	i2p::crypto::AEADChaCha20Poly1305Encrypt (bufs, key, nonce, buf + 114);
+	encryptor.Encrypt (bufs, key, nonce, buf + 114);
-	i2p::crypto::AEADChaCha20Poly1305 (buf, 114, nullptr, 0, key, nonce, buf1, 114, false);
+	decryptor.Decrypt (buf, 114, nullptr, 0, key, nonce, buf1, 114);
 	assert (memcmp (buf1, text, 114) == 0);
 }