0.9.0

setup the correct buffer size

.gitignore

@@ -3,6 +3,7 @@ obj/*.o
 router.info
 router.keys
 i2p
+libi2pd.so
 netDb
 
 # Autotools

AddressBook.cpp

@@ -1,23 +1,215 @@
 #include <string.h>
+#include <inttypes.h>
 #include <string>
 #include <map>
+#include <fstream>
+#include <chrono>
+#include <condition_variable>
+#include <boost/filesystem.hpp>
+#include <boost/lexical_cast.hpp>
+#include <cryptopp/osrng.h>
 #include "base64.h"
 #include "util.h"
 #include "Identity.h"
 #include "Log.h"
+#include "NetDb.h"
+#include "ClientContext.h"
 #include "AddressBook.h"
 
-#include <boost/algorithm/string.hpp>
-
 namespace i2p
 {
 namespace client
 {
 
-	AddressBook::AddressBook (): m_IsLoaded (false), m_IsDowloading (false)
+	class AddressBookFilesystemStorage: public AddressBookStorage
+	{
+		public:
+
+			AddressBookFilesystemStorage ();
+			bool GetAddress (const i2p::data::IdentHash& ident, i2p::data::IdentityEx& address) const;
+			void AddAddress (const i2p::data::IdentityEx& address);
+			void RemoveAddress (const i2p::data::IdentHash& ident);
+
+			int Load (std::map<std::string, i2p::data::IdentHash>& addresses);
+			int Save (const std::map<std::string, i2p::data::IdentHash>& addresses);
+
+		private:	
+			
+			boost::filesystem::path GetPath () const { return i2p::util::filesystem::GetDefaultDataDir() / "addressbook"; };
+
+	};
+
+	AddressBookFilesystemStorage::AddressBookFilesystemStorage ()
+	{
+		auto path = GetPath ();
+		if (!boost::filesystem::exists (path))
+		{
+			// Create directory is necessary
+			if (!boost::filesystem::create_directory (path))
+				LogPrint (eLogError, "Failed to create addressbook directory");
+		}
+	}
+
+	bool AddressBookFilesystemStorage::GetAddress (const i2p::data::IdentHash& ident, i2p::data::IdentityEx& address) const
+	{
+		auto filename = GetPath () / (ident.ToBase32() + ".b32");
+		std::ifstream f(filename.c_str (), std::ifstream::binary);
+		if (f.is_open ())	
+		{
+			f.seekg (0,std::ios::end);
+			size_t len = f.tellg ();
+			if (len < i2p::data::DEFAULT_IDENTITY_SIZE)
+			{
+				LogPrint (eLogError, "File ", filename, " is too short. ", len);
+				return false;
+			}
+			f.seekg(0, std::ios::beg);
+			uint8_t * buf = new uint8_t[len];
+			f.read((char *)buf, len);
+			address.FromBuffer (buf, len);
+			delete[] buf;
+			return true;
+		}
+		else
+			return false;
+	}
+
+	void AddressBookFilesystemStorage::AddAddress (const i2p::data::IdentityEx& address)
+	{
+		auto filename = GetPath () / (address.GetIdentHash ().ToBase32() + ".b32");
+		std::ofstream f (filename.c_str (), std::ofstream::binary | std::ofstream::out);
+		if (f.is_open ())	
+		{
+			size_t len = address.GetFullLen ();
+			uint8_t * buf = new uint8_t[len];
+			address.ToBuffer (buf, len);
+			f.write ((char *)buf, len);
+			delete[] buf;
+		}
+		else
+			LogPrint (eLogError, "Can't open file ", filename);	
+	}	
+
+	void AddressBookFilesystemStorage::RemoveAddress (const i2p::data::IdentHash& ident)
+	{
+		auto filename = GetPath () / (ident.ToBase32() + ".b32");
+		if (boost::filesystem::exists (filename))  
+			boost::filesystem::remove (filename);
+	}
+
+	int AddressBookFilesystemStorage::Load (std::map<std::string, i2p::data::IdentHash>& addresses)
+	{
+		int num = 0;	
+		auto filename = GetPath () / "addresses.csv";
+		std::ifstream f (filename.c_str (), std::ofstream::in); // in text mode
+		if (f.is_open ())	
+		{
+			addresses.clear ();
+			while (!f.eof ())
+			{
+				std::string s;
+				getline(f, s);
+				if (!s.length())
+					continue; // skip empty line
+
+				size_t pos = s.find(',');
+				if (pos != std::string::npos)
+				{
+					std::string name = s.substr(0, pos++);
+					std::string addr = s.substr(pos);
+
+					i2p::data::IdentHash ident;
+					ident.FromBase32 (addr);
+					addresses[name] = ident;
+					num++;
+				}		
+			}
+			LogPrint (eLogInfo, num, " addresses loaded");
+		}
+		else
+			LogPrint (eLogWarning, filename, " not found");
+		return num;
+	}
+
+	int AddressBookFilesystemStorage::Save (const std::map<std::string, i2p::data::IdentHash>& addresses)
+	{
+		int num = 0;
+		auto filename = GetPath () / "addresses.csv";
+		std::ofstream f (filename.c_str (), std::ofstream::out); // in text mode
+		if (f.is_open ())	
+		{
+			for (auto it: addresses)
+			{
+				f << it.first << "," << it.second.ToBase32 () << std::endl;
+				num++;
+			}
+			LogPrint (eLogInfo, num, " addresses saved");
+		}
+		else	
+			LogPrint (eLogError, "Can't open file ", filename);	
+		return num;	
+	}	
+
+//---------------------------------------------------------------------
+	AddressBook::AddressBook (): m_Storage (nullptr), m_IsLoaded (false), m_IsDownloading (false), 
+		m_DefaultSubscription (nullptr), m_SubscriptionsUpdateTimer (nullptr)
 	{
 	}
 
+	AddressBook::~AddressBook ()
+	{	
+		Stop ();
+	}
+
+	void AddressBook::Start ()
+	{
+		StartSubscriptions ();
+	}
+	
+	void AddressBook::Stop ()
+	{
+		StopSubscriptions ();
+		if (m_SubscriptionsUpdateTimer)
+		{	
+			delete m_SubscriptionsUpdateTimer;	
+			m_SubscriptionsUpdateTimer = nullptr;
+		}	
+		if (m_IsDownloading)
+		{
+			LogPrint (eLogInfo, "Subscription is downloading. Waiting for temination...");
+			for (int i = 0; i < 30; i++)
+			{
+				if (!m_IsDownloading)
+				{
+					LogPrint (eLogInfo, "Subscription download complete");
+					break;
+				}	
+				std::this_thread::sleep_for (std::chrono::seconds (1)); // wait for 1 seconds
+			}	
+			LogPrint (eLogError, "Subscription download hangs");
+			m_IsDownloading = false;
+		}	
+		if (m_Storage)
+		{
+			m_Storage->Save (m_Addresses);
+			delete m_Storage;
+			m_Storage = nullptr;
+		}
+		if (m_DefaultSubscription)
+		{	
+			delete m_DefaultSubscription;
+			m_DefaultSubscription = nullptr;
+		}	
+		for (auto it: m_Subscriptions)
+			delete it;
+		m_Subscriptions.clear ();	
+	}	
+	
+	AddressBookStorage * AddressBook::CreateStorage ()
+	{
+		return new AddressBookFilesystemStorage ();
+	}	
+
 	bool AddressBook::GetIdentHash (const std::string& address, i2p::data::IdentHash& ident)
 	{
 		auto pos = address.find(".b32.i2p");
@@ -37,9 +229,16 @@ namespace client
 					ident = *identHash;
 					return true;
 				}
+				else
+					return false;
 			}
 		}	
-		return false;
+		// if not .b32 we assume full base64 address
+		i2p::data::IdentityEx dest;
+		if (!dest.FromBase64 (address))
+			return false;
+		ident = dest.GetIdentHash ();
+		return true;
 	}
 	
 	const i2p::data::IdentHash * AddressBook::FindAddress (const std::string& address)
@@ -59,51 +258,66 @@ namespace client
 	{
 		i2p::data::IdentityEx ident;
 		ident.FromBase64 (base64);
+		if (!m_Storage)
+			 m_Storage = CreateStorage ();
+		m_Storage->AddAddress (ident);
 		m_Addresses[address] = ident.GetIdentHash ();
-		LogPrint (address,"->",ident.GetIdentHash ().ToBase32 (), ".b32.i2p added");
+		LogPrint (address,"->", ToAddress(ident.GetIdentHash ()), " added");
 	}
 
-	void AddressBook::LoadHostsFromI2P ()
+	void AddressBook::InsertAddress (const i2p::data::IdentityEx& address)
 	{
-		std::string content;
-		int http_code = i2p::util::http::httpRequestViaI2pProxy("http://udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p/hosts.txt", content);
-		if (http_code == 200)
-		{
-			std::ofstream f_save(i2p::util::filesystem::GetFullPath("hosts.txt").c_str(), std::ofstream::out);
-			if (f_save.is_open())
-			{
-				f_save << content;
-				f_save.close();
-			}
-			else
-				LogPrint("Can't write hosts.txt");
-			m_IsLoaded = false;
-		}	
-		else
-			LogPrint ("Failed to download hosts.txt");
-		m_IsDowloading = false;	
-	
-		return;
+		if (!m_Storage) 
+			m_Storage = CreateStorage ();
+		m_Storage->AddAddress (address);
 	}
 
+	bool AddressBook::GetAddress (const std::string& address, i2p::data::IdentityEx& identity)
+	{
+		if (!m_Storage) 
+			m_Storage = CreateStorage ();
+		i2p::data::IdentHash ident;
+		if (!GetIdentHash (address, ident)) return false;
+		return m_Storage->GetAddress (ident, identity);
+	}	
+
 	void AddressBook::LoadHosts ()
 	{
-		std::ifstream f (i2p::util::filesystem::GetFullPath ("hosts.txt").c_str (), std::ofstream::in); // in text mode
-		if (!f.is_open ())	
+		if (!m_Storage)
+			 m_Storage = CreateStorage ();
+		if (m_Storage->Load (m_Addresses) > 0)
 		{
-			LogPrint ("hosts.txt not found. Try to load...");
-			if (!m_IsDowloading)
-			{
-				m_IsDowloading = true;
-				std::thread load_hosts(&AddressBook::LoadHostsFromI2P, this);
-				load_hosts.detach();
-			}
+			m_IsLoaded = true;
 			return;
 		}
+	
+		// try hosts.txt first
+		std::ifstream f (i2p::util::filesystem::GetFullPath ("hosts.txt").c_str (), std::ofstream::in); // in text mode
+		if (f.is_open ())	
+		{
+			LoadHostsFromStream (f);
+			m_IsLoaded = true;
+		}
+		else
+		{
+			// if not found download it from http://i2p-projekt.i2p/hosts.txt 
+			LogPrint (eLogInfo, "hosts.txt not found. Try to download it from default subscription...");
+			if (!m_IsDownloading)
+			{
+				m_IsDownloading = true;
+				if (!m_DefaultSubscription)
+					m_DefaultSubscription = new AddressBookSubscription (*this, DEFAULT_SUBSCRIPTION_ADDRESS);
+				m_DefaultSubscription->CheckSubscription ();
+			}
+		}	
+		
+	}
+
+	void AddressBook::LoadHostsFromStream (std::istream& f)
+	{
+		std::unique_lock<std::mutex> l(m_AddressBookMutex);
 		int numAddresses = 0;
-
 		std::string s;
-
 		while (!f.eof ())
 		{
 			getline(f, s);
@@ -119,15 +333,240 @@ namespace client
 				std::string addr = s.substr(pos);
 
 				i2p::data::IdentityEx ident;
-				ident.FromBase64(addr);
-				m_Addresses[name] = ident.GetIdentHash ();
-				numAddresses++;
+				if (ident.FromBase64(addr))
+				{	
+					m_Addresses[name] = ident.GetIdentHash ();
+					m_Storage->AddAddress (ident);
+					numAddresses++;
+				}	
+				else
+					LogPrint (eLogError, "Malformed address ", addr, " for ", name);
 			}		
 		}
-		LogPrint (numAddresses, " addresses loaded");
-		m_IsLoaded = true;
+		LogPrint (eLogInfo, numAddresses, " addresses processed");
+		if (numAddresses > 0)
+		{	
+			m_IsLoaded = true;
+			m_Storage->Save (m_Addresses);
+		}	
+	}	
+	
+	void AddressBook::LoadSubscriptions ()
+	{
+		if (!m_Subscriptions.size ())
+		{
+			std::ifstream f (i2p::util::filesystem::GetFullPath ("subscriptions.txt").c_str (), std::ofstream::in); // in text mode
+			if (f.is_open ())
+			{
+				std::string s;
+				while (!f.eof ())
+				{
+					getline(f, s);
+					if (!s.length()) continue; // skip empty line
+					m_Subscriptions.push_back (new AddressBookSubscription (*this, s));
+				}
+				LogPrint (eLogInfo, m_Subscriptions.size (), " subscriptions loaded");
+			}
+			else
+				LogPrint (eLogWarning, "subscriptions.txt not found");
+		}
+		else
+			LogPrint (eLogError, "Subscriptions already loaded");
 	}
 
+	void AddressBook::DownloadComplete (bool success)
+	{
+		m_IsDownloading = false;
+		if (m_SubscriptionsUpdateTimer)
+		{
+			m_SubscriptionsUpdateTimer->expires_from_now (boost::posix_time::minutes(
+				success ? CONTINIOUS_SUBSCRIPTION_UPDATE_TIMEOUT : CONTINIOUS_SUBSCRIPTION_RETRY_TIMEOUT));
+			m_SubscriptionsUpdateTimer->async_wait (std::bind (&AddressBook::HandleSubscriptionsUpdateTimer,
+				this, std::placeholders::_1));
+		}
+	}
+
+	void AddressBook::StartSubscriptions ()
+	{
+		LoadSubscriptions ();
+		if (!m_Subscriptions.size ()) return;	
+
+		auto dest = i2p::client::context.GetSharedLocalDestination ();
+		if (dest)
+		{
+			m_SubscriptionsUpdateTimer = new boost::asio::deadline_timer (dest->GetService ());
+			m_SubscriptionsUpdateTimer->expires_from_now (boost::posix_time::minutes(INITIAL_SUBSCRIPTION_UPDATE_TIMEOUT));
+			m_SubscriptionsUpdateTimer->async_wait (std::bind (&AddressBook::HandleSubscriptionsUpdateTimer,
+				this, std::placeholders::_1));
+		}
+		else
+			LogPrint (eLogError, "Can't start subscriptions: missing shared local destination");
+	}
+
+	void AddressBook::StopSubscriptions ()
+	{
+		if (m_SubscriptionsUpdateTimer)
+			m_SubscriptionsUpdateTimer->cancel ();
+	}
+
+	void AddressBook::HandleSubscriptionsUpdateTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			auto dest = i2p::client::context.GetSharedLocalDestination ();
+			if (!dest) return;
+			if (m_IsLoaded && !m_IsDownloading && dest->IsReady ())
+			{
+				// pick random subscription
+				CryptoPP::AutoSeededRandomPool rnd;
+				auto ind = rnd.GenerateWord32 (0, m_Subscriptions.size() - 1);	
+				m_IsDownloading = true;	
+				m_Subscriptions[ind]->CheckSubscription ();		
+			}
+			else
+			{
+				if (!m_IsLoaded)
+					LoadHosts ();
+				// try it again later
+				m_SubscriptionsUpdateTimer->expires_from_now (boost::posix_time::minutes(INITIAL_SUBSCRIPTION_RETRY_TIMEOUT));
+				m_SubscriptionsUpdateTimer->async_wait (std::bind (&AddressBook::HandleSubscriptionsUpdateTimer,
+					this, std::placeholders::_1));
+			}
+		}
+	}
+
+	AddressBookSubscription::AddressBookSubscription (AddressBook& book, const std::string& link):
+		m_Book (book), m_Link (link)
+	{
+	}
+
+	void AddressBookSubscription::CheckSubscription ()
+	{
+		std::thread load_hosts(&AddressBookSubscription::Request, this);
+		load_hosts.detach(); // TODO: use join
+	}
+
+	void AddressBookSubscription::Request ()
+	{
+		// must be run in separate thread	
+		LogPrint (eLogInfo, "Downloading hosts from ", m_Link, " ETag: ", m_Etag, " Last-Modified: ", m_LastModified);
+		bool success = false;	
+		i2p::util::http::url u (m_Link);
+		i2p::data::IdentHash ident;
+		if (m_Book.GetIdentHash (u.host_, ident))
+		{
+			std::condition_variable newDataReceived;
+			std::mutex newDataReceivedMutex;
+			auto leaseSet = i2p::client::context.GetSharedLocalDestination ()->FindLeaseSet (ident);
+			if (!leaseSet)
+			{
+				bool found = false;
+				std::unique_lock<std::mutex> l(newDataReceivedMutex);
+				i2p::client::context.GetSharedLocalDestination ()->RequestDestination (ident,
+					[&newDataReceived, &found](bool success)
+				    {
+						found = success;
+						newDataReceived.notify_all ();
+					});
+				if (newDataReceived.wait_for (l, std::chrono::seconds (SUBSCRIPTION_REQUEST_TIMEOUT)) == std::cv_status::timeout)
+					LogPrint (eLogError, "Subscription LeseseSet request timeout expired");
+				if (found)
+					leaseSet = i2p::client::context.GetSharedLocalDestination ()->FindLeaseSet (ident);	
+			}
+			if (leaseSet)
+			{
+				std::stringstream request, response;
+				// standard header
+				request << "GET " << u.path_ << " HTTP/1.1\r\nHost: " << u.host_
+				<< "\r\nAccept: */*\r\n" << "User-Agent: Wget/1.11.4\r\n" << "Connection: close\r\n";
+				if (m_Etag.length () > 0) // etag
+					request << i2p::util::http::IF_NONE_MATCH << ": \"" << m_Etag << "\"\r\n";
+				if (m_LastModified.length () > 0) // if-modfief-since
+					request << i2p::util::http::IF_MODIFIED_SINCE << ": " << m_LastModified << "\r\n";
+				request << "\r\n"; // end of header
+				auto stream = i2p::client::context.GetSharedLocalDestination ()->CreateStream (leaseSet, u.port_);
+				stream->Send ((uint8_t *)request.str ().c_str (), request.str ().length ());
+				
+				uint8_t buf[4096];
+				bool end = false;
+				while (!end)
+				{
+					stream->AsyncReceive (boost::asio::buffer (buf, 4096), 
+						[&](const boost::system::error_code& ecode, std::size_t bytes_transferred)
+						{
+							if (bytes_transferred)
+								response.write ((char *)buf, bytes_transferred);
+							if (ecode == boost::asio::error::timed_out || !stream->IsOpen ())
+								end = true;	
+							newDataReceived.notify_all ();
+						},
+						30); // wait for 30 seconds
+					std::unique_lock<std::mutex> l(newDataReceivedMutex);
+					if (newDataReceived.wait_for (l, std::chrono::seconds (SUBSCRIPTION_REQUEST_TIMEOUT)) == std::cv_status::timeout)
+						LogPrint (eLogError, "Subscription timeout expired");
+				}
+				// process remaining buffer
+				while (size_t len = stream->ReadSome (buf, 4096))
+					response.write ((char *)buf, len);
+				
+				// parse response
+				std::string version;
+				response >> version; // HTTP version
+				int status = 0;
+				response >> status; // status
+				if (status == 200) // OK
+				{
+					bool isChunked = false;
+					std::string header, statusMessage;
+					std::getline (response, statusMessage);
+					// read until new line meaning end of header
+					while (!response.eof () && header != "\r")
+					{
+						std::getline (response, header);
+						auto colon = header.find (':');
+						if (colon != std::string::npos)
+						{
+							std::string field = header.substr (0, colon);
+							header.resize (header.length () - 1); // delete \r	
+							if (field == i2p::util::http::ETAG)
+								m_Etag = header.substr (colon + 1);
+							else if (field == i2p::util::http::LAST_MODIFIED)
+								m_LastModified = header.substr (colon + 1);
+							else if (field == i2p::util::http::TRANSFER_ENCODING)
+								isChunked = !header.compare (colon + 1, std::string::npos, "chunked");
+						}	
+					}
+					LogPrint (eLogInfo, m_Link, " ETag: ", m_Etag, " Last-Modified: ", m_LastModified);
+					if (!response.eof ())	
+					{
+						success = true;
+						if (!isChunked)
+							m_Book.LoadHostsFromStream (response);
+						else
+						{
+							// merge chunks
+							std::stringstream merged;
+							i2p::util::http::MergeChunkedResponse (response, merged);
+							m_Book.LoadHostsFromStream (merged);
+						}	
+					}	
+				}
+				else if (status == 304)
+				{	
+					success = true;
+					LogPrint (eLogInfo, "No updates from ", m_Link);
+				}	
+				else
+					LogPrint (eLogWarning, "Adressbook HTTP response ", status);
+			}
+			else
+				LogPrint (eLogError, "Address ", u.host_, " not found");
+		}
+		else
+			LogPrint (eLogError, "Can't resolve ", u.host_);
+		LogPrint (eLogInfo, "Download complete ", success ? "Success" : "Failed");
+		m_Book.DownloadComplete (success);
+	}
 }
 }
 

AddressBook.h

@@ -4,6 +4,10 @@
 #include <string.h>
 #include <string>
 #include <map>
+#include <vector>
+#include <iostream>
+#include <mutex>
+#include <boost/asio.hpp>
 #include "base64.h"
 #include "util.h"
 #include "Identity.h"
@@ -13,22 +17,85 @@ namespace i2p
 {
 namespace client
 {
+	const char DEFAULT_SUBSCRIPTION_ADDRESS[] = "http://udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p/hosts.txt";
+	const int INITIAL_SUBSCRIPTION_UPDATE_TIMEOUT = 3; // in minutes	
+	const int INITIAL_SUBSCRIPTION_RETRY_TIMEOUT = 1; // in minutes			
+	const int CONTINIOUS_SUBSCRIPTION_UPDATE_TIMEOUT = 720; // in minutes (12 hours)			
+	const int CONTINIOUS_SUBSCRIPTION_RETRY_TIMEOUT = 5; // in minutes	
+	const int SUBSCRIPTION_REQUEST_TIMEOUT = 60; //in second
+	
+	inline std::string GetB32Address(const i2p::data::IdentHash& ident) { return ident.ToBase32().append(".b32.i2p"); }
+
+	class AddressBookStorage // interface for storage
+	{
+		public:
+
+			virtual ~AddressBookStorage () {};
+			virtual bool GetAddress (const i2p::data::IdentHash& ident, i2p::data::IdentityEx& address) const = 0;	
+			virtual void AddAddress (const i2p::data::IdentityEx& address) = 0;
+			virtual void RemoveAddress (const i2p::data::IdentHash& ident) = 0;
+		
+			virtual int Load (std::map<std::string, i2p::data::IdentHash>& addresses) = 0;
+			virtual int Save (const std::map<std::string, i2p::data::IdentHash>& addresses) = 0;
+	};			
+
+	class AddressBookSubscription;
 	class AddressBook
 	{
 		public:
 
 			AddressBook ();
+			~AddressBook ();
+			void Start ();
+			void Stop ();
 			bool GetIdentHash (const std::string& address, i2p::data::IdentHash& ident);
+			bool GetAddress (const std::string& address, i2p::data::IdentityEx& identity);
 			const i2p::data::IdentHash * FindAddress (const std::string& address);
 			void InsertAddress (const std::string& address, const std::string& base64); // for jump service
+			void InsertAddress (const i2p::data::IdentityEx& address);
+
+			void LoadHostsFromStream (std::istream& f);
+			void DownloadComplete (bool success);
+			//This method returns the ".b32.i2p" address
+			std::string ToAddress(const i2p::data::IdentHash& ident) { return GetB32Address(ident); }
+			std::string ToAddress(const i2p::data::IdentityEx& ident) { return ToAddress(ident.GetIdentHash ()); }
+		private:
+
+			void StartSubscriptions ();
+			void StopSubscriptions ();
+			
+			AddressBookStorage * CreateStorage ();	
+			void LoadHosts ();
+			void LoadSubscriptions ();
+
+			void HandleSubscriptionsUpdateTimer (const boost::system::error_code& ecode);
+
+		private:	
+
+			std::mutex m_AddressBookMutex;
+			std::map<std::string, i2p::data::IdentHash>  m_Addresses;
+			AddressBookStorage * m_Storage;
+			volatile bool m_IsLoaded, m_IsDownloading;
+			std::vector<AddressBookSubscription *> m_Subscriptions;
+			AddressBookSubscription * m_DefaultSubscription; // in case if we don't know any addresses yet
+			boost::asio::deadline_timer * m_SubscriptionsUpdateTimer;
+	};
+
+	class AddressBookSubscription
+	{
+		public:
+
+			AddressBookSubscription (AddressBook& book, const std::string& link);
+			void CheckSubscription ();
+
+		private:
+
+			void Request ();
 		
 		private:
-	
-			void LoadHosts ();
-			void LoadHostsFromI2P ();
 
-			std::map<std::string, i2p::data::IdentHash>  m_Addresses;
-			bool m_IsLoaded, m_IsDowloading;
+			AddressBook& m_Book;
+			std::string m_Link, m_Etag, m_LastModified;
 	};
 }
 }

BOB.cpp

@@ -0,0 +1,652 @@
+#include <string.h>
+#include <boost/lexical_cast.hpp>
+#include "Log.h"
+#include "ClientContext.h"
+#include "BOB.h"
+
+namespace i2p
+{
+namespace client
+{
+	BOBI2PInboundTunnel::BOBI2PInboundTunnel (int port, std::shared_ptr<ClientDestination> localDestination): 
+		BOBI2PTunnel (localDestination), 
+		m_Acceptor (localDestination->GetService (), boost::asio::ip::tcp::endpoint (boost::asio::ip::tcp::v4(), port))
+	{
+	}
+
+	BOBI2PInboundTunnel::~BOBI2PInboundTunnel ()
+	{
+		Stop ();
+	}
+
+	void BOBI2PInboundTunnel::Start ()
+	{
+		m_Acceptor.listen ();
+		Accept ();
+	}
+
+	void BOBI2PInboundTunnel::Stop ()
+	{
+		m_Acceptor.close();
+		ClearHandlers ();
+	}
+
+	void BOBI2PInboundTunnel::Accept ()
+	{
+		auto receiver = new AddressReceiver ();
+		receiver->socket = new boost::asio::ip::tcp::socket (GetService ());
+		m_Acceptor.async_accept (*receiver->socket, std::bind (&BOBI2PInboundTunnel::HandleAccept, this,
+			std::placeholders::_1, receiver));
+	}	
+
+	void BOBI2PInboundTunnel::HandleAccept (const boost::system::error_code& ecode, AddressReceiver * receiver)
+	{
+		if (!ecode)
+		{
+			Accept ();	
+			ReceiveAddress (receiver);
+		}
+		else
+		{	
+			delete receiver->socket;
+			delete receiver;
+		}	
+	}
+
+	void BOBI2PInboundTunnel::ReceiveAddress (AddressReceiver * receiver)
+	{
+		receiver->socket->async_read_some (boost::asio::buffer(
+		        receiver->buffer + receiver->bufferOffset, 
+				BOB_COMMAND_BUFFER_SIZE - receiver->bufferOffset),                
+			std::bind(&BOBI2PInboundTunnel::HandleReceivedAddress, this, 
+				std::placeholders::_1, std::placeholders::_2, receiver));
+	}
+	
+	void BOBI2PInboundTunnel::HandleReceivedAddress (const boost::system::error_code& ecode, std::size_t bytes_transferred,
+		AddressReceiver * receiver)
+	{
+		if (ecode)
+		{
+			LogPrint ("BOB inbound tunnel read error: ", ecode.message ());
+			delete receiver->socket;
+			delete receiver;
+		}	
+		else
+		{
+			receiver->bufferOffset += bytes_transferred;
+			receiver->buffer[receiver->bufferOffset] = 0;
+			char * eol = strchr (receiver->buffer, '\n');
+			if (eol)
+			{
+				*eol = 0;
+				
+				receiver->data = (uint8_t *)eol + 1;
+				receiver->dataLen = receiver->bufferOffset - (eol - receiver->buffer + 1);
+				i2p::data::IdentHash ident;
+				if (!context.GetAddressBook ().GetIdentHash (receiver->buffer, ident)) 
+				{
+					LogPrint (eLogError, "BOB address ", receiver->buffer, " not found");
+					delete receiver->socket;
+					delete receiver;
+					return;
+				}
+				auto leaseSet = GetLocalDestination ()->FindLeaseSet (ident);
+				if (leaseSet)
+					CreateConnection (receiver, leaseSet);
+				else
+					GetLocalDestination ()->RequestDestination (ident, 
+						std::bind (&BOBI2PInboundTunnel::HandleDestinationRequestComplete,
+						this, std::placeholders::_1, receiver, ident));
+			}
+			else
+			{
+				if (receiver->bufferOffset < BOB_COMMAND_BUFFER_SIZE)
+					ReceiveAddress (receiver);
+				else
+				{	
+					LogPrint ("BOB missing inbound address ");
+					delete receiver->socket;
+					delete receiver;
+				}	
+			}			
+		}
+	}
+
+	void BOBI2PInboundTunnel::HandleDestinationRequestComplete (bool success, AddressReceiver * receiver, i2p::data::IdentHash ident)
+	{
+		if (success)
+		{
+			auto leaseSet = GetLocalDestination ()->FindLeaseSet (ident);
+			if (leaseSet)
+			{
+				CreateConnection (receiver, leaseSet);
+				return;
+			}
+			else
+				LogPrint ("LeaseSet for BOB inbound destination not found");
+		}
+		delete receiver->socket;
+		delete receiver;
+	}	
+
+	void BOBI2PInboundTunnel::CreateConnection (AddressReceiver * receiver, std::shared_ptr<const i2p::data::LeaseSet> leaseSet)
+	{
+		LogPrint ("New BOB inbound connection");
+		auto connection = std::make_shared<I2PTunnelConnection>(this, receiver->socket, leaseSet);
+		AddHandler (connection);
+		connection->I2PConnect (receiver->data, receiver->dataLen);
+		delete receiver;
+	}
+
+	BOBI2POutboundTunnel::BOBI2POutboundTunnel (const std::string& address, int port, 
+		std::shared_ptr<ClientDestination> localDestination, bool quiet): BOBI2PTunnel (localDestination),
+		m_Endpoint (boost::asio::ip::address::from_string (address), port), m_IsQuiet (quiet)
+	{
+	}
+	
+	void BOBI2POutboundTunnel::Start ()
+	{
+		Accept ();
+	}
+
+	void BOBI2POutboundTunnel::Stop ()
+	{
+		ClearHandlers ();
+	}	
+
+	void BOBI2POutboundTunnel::Accept ()
+	{
+		auto localDestination = GetLocalDestination ();	
+		if (localDestination)
+			localDestination->AcceptStreams (std::bind (&BOBI2POutboundTunnel::HandleAccept, this, std::placeholders::_1));
+		else
+			LogPrint ("Local destination not set for server tunnel");
+	}
+
+	void BOBI2POutboundTunnel::HandleAccept (std::shared_ptr<i2p::stream::Stream> stream)
+	{
+		if (stream)
+		{	
+			auto conn = std::make_shared<I2PTunnelConnection> (this, stream, new boost::asio::ip::tcp::socket (GetService ()), m_Endpoint, m_IsQuiet);
+			AddHandler (conn);
+			conn->Connect ();
+		}	
+	}
+
+	BOBDestination::BOBDestination (std::shared_ptr<ClientDestination> localDestination):
+		m_LocalDestination (localDestination), 
+		m_OutboundTunnel (nullptr), m_InboundTunnel (nullptr)
+	{
+	}
+		
+	BOBDestination::~BOBDestination ()
+	{
+		delete m_OutboundTunnel;
+		delete m_InboundTunnel;
+		i2p::client::context.DeleteLocalDestination (m_LocalDestination);
+	}	
+
+	void BOBDestination::Start ()
+	{
+		if (m_OutboundTunnel) m_OutboundTunnel->Start ();
+		if (m_InboundTunnel) m_InboundTunnel->Start ();
+	}
+		
+	void BOBDestination::Stop ()
+	{		
+		StopTunnels ();
+		m_LocalDestination->Stop ();
+	}	
+
+	void BOBDestination::StopTunnels ()
+	{
+		if (m_OutboundTunnel)
+		{	
+			m_OutboundTunnel->Stop ();
+			delete m_OutboundTunnel;
+			m_OutboundTunnel = nullptr;
+		}	
+		if (m_InboundTunnel)
+		{	
+			m_InboundTunnel->Stop ();
+			delete m_InboundTunnel;
+			m_InboundTunnel = nullptr;
+		}	
+	}	
+		
+	void BOBDestination::CreateInboundTunnel (int port)
+	{
+		if (!m_InboundTunnel)
+			m_InboundTunnel = new BOBI2PInboundTunnel (port, m_LocalDestination);
+	}
+		
+	void BOBDestination::CreateOutboundTunnel (const std::string& address, int port, bool quiet)
+	{
+		if (!m_OutboundTunnel)
+			m_OutboundTunnel = new BOBI2POutboundTunnel (address, port, m_LocalDestination, quiet);
+	}	
+		
+	BOBCommandSession::BOBCommandSession (BOBCommandChannel& owner): 
+		m_Owner (owner), m_Socket (m_Owner.GetService ()), m_ReceiveBufferOffset (0),
+		m_IsOpen (true), m_IsQuiet (false), m_InPort (0), m_OutPort (0),
+		m_CurrentDestination (nullptr)
+	{
+	}
+
+	BOBCommandSession::~BOBCommandSession ()
+	{
+	}
+
+	void BOBCommandSession::Terminate ()
+	{
+		m_Socket.close ();
+		m_IsOpen = false;	
+	}
+
+	void BOBCommandSession::Receive ()
+	{
+		m_Socket.async_read_some (boost::asio::buffer(m_ReceiveBuffer + m_ReceiveBufferOffset, BOB_COMMAND_BUFFER_SIZE - m_ReceiveBufferOffset),                
+			std::bind(&BOBCommandSession::HandleReceived, shared_from_this (), 
+			std::placeholders::_1, std::placeholders::_2));
+	}
+
+	void BOBCommandSession::HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred)
+	{
+		if (ecode)
+		{
+			LogPrint ("BOB command channel read error: ", ecode.message ());
+			if (ecode != boost::asio::error::operation_aborted)
+				Terminate ();
+		}	
+		else
+		{	
+			size_t size = m_ReceiveBufferOffset + bytes_transferred; 
+			m_ReceiveBuffer[size] = 0;
+			char * eol = strchr (m_ReceiveBuffer, '\n');
+			if (eol)
+			{
+				*eol = 0;
+				char * operand =  strchr (m_ReceiveBuffer, ' ');
+				if (operand)  
+				{	
+					*operand = 0;
+					operand++;
+				}	
+				else 
+					operand = eol;
+				// process command
+				auto& handlers = m_Owner.GetCommandHandlers ();
+				auto it = handlers.find (m_ReceiveBuffer);
+				if (it != handlers.end ())
+					(this->*(it->second))(operand, eol - operand);
+				else	
+				{
+					LogPrint (eLogError, "BOB unknown command ", m_ReceiveBuffer);
+					SendReplyError ("unknown command");
+				}
+
+				m_ReceiveBufferOffset = size - (eol - m_ReceiveBuffer) - 1;
+				memmove (m_ReceiveBuffer, eol + 1, m_ReceiveBufferOffset);
+			}
+			else
+			{
+				if (size < BOB_COMMAND_BUFFER_SIZE)
+					m_ReceiveBufferOffset = size;
+				else
+				{
+					LogPrint (eLogError, "Malformed input of the BOB command channel");
+					Terminate ();
+				}
+			}	
+		}
+	}
+
+	void BOBCommandSession::Send (size_t len)
+	{
+		boost::asio::async_write (m_Socket, boost::asio::buffer (m_SendBuffer, len), 
+			boost::asio::transfer_all (),
+			std::bind(&BOBCommandSession::HandleSent, shared_from_this (), 
+				std::placeholders::_1, std::placeholders::_2));
+	}
+
+	void BOBCommandSession::HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred)
+	{
+		if (ecode)
+        {
+			LogPrint ("BOB command channel send error: ", ecode.message ());
+			if (ecode != boost::asio::error::operation_aborted)
+				Terminate ();
+		}
+		else
+		{
+			if (m_IsOpen)
+				Receive ();
+			else
+				Terminate ();	
+		}
+	}
+
+	void BOBCommandSession::SendReplyOK (const char * msg)
+	{
+#ifdef _MSC_VER
+		size_t len = sprintf_s (m_SendBuffer, BOB_COMMAND_BUFFER_SIZE, BOB_REPLY_OK, msg);
+#else		
+		size_t len = snprintf (m_SendBuffer, BOB_COMMAND_BUFFER_SIZE, BOB_REPLY_OK, msg);
+#endif
+		Send (len);
+	}
+
+	void BOBCommandSession::SendReplyError (const char * msg)
+	{
+#ifdef _MSC_VER
+		size_t len = sprintf_s (m_SendBuffer, BOB_COMMAND_BUFFER_SIZE, BOB_REPLY_ERROR, msg);
+#else		
+		size_t len = snprintf (m_SendBuffer, BOB_COMMAND_BUFFER_SIZE, BOB_REPLY_ERROR, msg);
+#endif
+		Send (len);	
+	}
+		
+	void BOBCommandSession::SendVersion ()
+	{
+		size_t len = strlen (BOB_VERSION);
+		memcpy (m_SendBuffer, BOB_VERSION, len);
+		Send (len);
+	}
+
+	void BOBCommandSession::SendData (const char * nickname)
+	{
+#ifdef _MSC_VER
+		size_t len = sprintf_s (m_SendBuffer, BOB_COMMAND_BUFFER_SIZE, BOB_DATA, nickname);
+#else		
+		size_t len = snprintf (m_SendBuffer, BOB_COMMAND_BUFFER_SIZE, BOB_DATA, nickname);
+#endif
+		Send (len);			
+	}
+		
+	void BOBCommandSession::ZapCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: zap");
+		Terminate ();
+	}
+
+	void BOBCommandSession::QuitCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: quit");
+		m_IsOpen = false;
+		SendReplyOK ("Bye!");
+	}
+
+	void BOBCommandSession::StartCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: start ", m_Nickname);
+		if (!m_CurrentDestination)
+		{	
+			m_CurrentDestination = new BOBDestination (i2p::client::context.CreateNewLocalDestination (m_Keys, true, &m_Options));
+			m_Owner.AddDestination (m_Nickname, m_CurrentDestination);
+		}	
+		if (m_InPort)
+			m_CurrentDestination->CreateInboundTunnel (m_InPort);
+		if (m_OutPort && !m_Address.empty ())
+			m_CurrentDestination->CreateOutboundTunnel (m_Address, m_OutPort, m_IsQuiet);
+		m_CurrentDestination->Start ();	
+		SendReplyOK ("tunnel starting");	
+	}	
+	
+	void BOBCommandSession::StopCommandHandler (const char * operand, size_t len)
+	{
+		auto dest = m_Owner.FindDestination (m_Nickname);
+		if (dest)
+		{
+			dest->StopTunnels ();
+			SendReplyOK ("tunnel stopping");
+		}
+		else
+			SendReplyError ("tunnel not found");
+	}	
+	
+	void BOBCommandSession::SetNickCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: setnick ", operand);
+		m_Nickname = operand;
+		std::string msg ("Nickname set to ");
+		msg += operand;
+		SendReplyOK (msg.c_str ());
+	}	
+
+	void BOBCommandSession::GetNickCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: getnick ", operand);
+		m_CurrentDestination = m_Owner.FindDestination (operand); 
+		if (m_CurrentDestination)
+		{
+			m_Keys = m_CurrentDestination->GetKeys ();
+			m_Nickname = operand;
+			std::string msg ("Nickname set to ");
+			msg += operand;
+			SendReplyOK (msg.c_str ());
+		}
+		else
+			SendReplyError ("tunnel not found");	
+	}	
+
+	void BOBCommandSession::NewkeysCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: newkeys");
+		m_Keys = i2p::data::PrivateKeys::CreateRandomKeys ();
+		SendReplyOK (m_Keys.GetPublic ().ToBase64 ().c_str ());
+	}	
+
+	void BOBCommandSession::SetkeysCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: setkeys ", operand);
+		m_Keys.FromBase64 (operand);
+		SendReplyOK (m_Keys.GetPublic ().ToBase64 ().c_str ());
+	}
+		
+	void BOBCommandSession::GetkeysCommandHandler (const char * operand, size_t len)
+	{		
+		LogPrint (eLogDebug, "BOB: getkeys");
+		SendReplyOK (m_Keys.ToBase64 ().c_str ());
+	}	
+
+	void BOBCommandSession::GetdestCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: getdest");
+		SendReplyOK (m_Keys.GetPublic ().ToBase64 ().c_str ());
+	}	
+		
+	void BOBCommandSession::OuthostCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: outhost ", operand);
+		m_Address = operand;
+		SendReplyOK ("outhost set");
+	}
+		
+	void BOBCommandSession::OutportCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: outport ", operand);
+		m_OutPort = boost::lexical_cast<int>(operand);
+		SendReplyOK ("outbound port set");
+	}	
+
+	void BOBCommandSession::InhostCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: inhost ", operand);
+		m_Address = operand;
+		SendReplyOK ("inhost set");
+	}
+		
+	void BOBCommandSession::InportCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: inport ", operand);
+		m_InPort = boost::lexical_cast<int>(operand);
+		SendReplyOK ("inbound port set");
+	}		
+
+	void BOBCommandSession::QuietCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: quiet");
+		m_IsQuiet = true;
+		SendReplyOK ("quiet");
+	}	
+	
+	void BOBCommandSession::LookupCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: lookup ", operand);
+		i2p::data::IdentityEx addr;
+		if (!context.GetAddressBook ().GetAddress (operand, addr)) 
+		{
+			SendReplyError ("Address Not found");
+			return;
+		}		
+		SendReplyOK (addr.ToBase64 ().c_str ());
+	}
+
+	void BOBCommandSession::ClearCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: clear");
+		m_Owner.DeleteDestination (m_Nickname);
+		SendReplyOK ("cleared");
+	}	
+
+	void BOBCommandSession::ListCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: list");
+		auto& destinations = m_Owner.GetDestinations ();
+		for (auto it: destinations)
+			SendData (it.first.c_str ());
+		SendReplyOK ("Listing done");
+	}	
+
+	void BOBCommandSession::OptionCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: option ", operand);
+		const char * value = strchr (operand, '=');
+		if (value)
+		{	
+			*(const_cast<char *>(value)) = 0;
+			m_Options[operand] = value + 1; 
+			*(const_cast<char *>(value)) = '=';
+			SendReplyOK ("option");
+		}	
+		else
+			SendReplyError ("malformed");
+	}	
+		
+	BOBCommandChannel::BOBCommandChannel (int port):
+		m_IsRunning (false), m_Thread (nullptr),
+		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v4(), port))
+	{
+		// command -> handler
+		m_CommandHandlers[BOB_COMMAND_ZAP] = &BOBCommandSession::ZapCommandHandler; 
+		m_CommandHandlers[BOB_COMMAND_QUIT] = &BOBCommandSession::QuitCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_START] = &BOBCommandSession::StartCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_STOP] = &BOBCommandSession::StopCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_SETNICK] = &BOBCommandSession::SetNickCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_GETNICK] = &BOBCommandSession::GetNickCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_NEWKEYS] = &BOBCommandSession::NewkeysCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_GETKEYS] = &BOBCommandSession::GetkeysCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_SETKEYS] = &BOBCommandSession::SetkeysCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_GETDEST] = &BOBCommandSession::GetdestCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_OUTHOST] = &BOBCommandSession::OuthostCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_OUTPORT] = &BOBCommandSession::OutportCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_INHOST] = &BOBCommandSession::InhostCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_INPORT] = &BOBCommandSession::InportCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_QUIET] = &BOBCommandSession::QuietCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_LOOKUP] = &BOBCommandSession::LookupCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_CLEAR] = &BOBCommandSession::ClearCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_LIST] = &BOBCommandSession::ListCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_OPTION] = &BOBCommandSession::OptionCommandHandler;
+	}
+
+	BOBCommandChannel::~BOBCommandChannel ()
+	{
+		Stop ();
+		for (auto it: m_Destinations)
+			delete it.second;
+	}
+
+	void BOBCommandChannel::Start ()
+	{
+		Accept ();
+		m_IsRunning = true;
+		m_Thread = new std::thread (std::bind (&BOBCommandChannel::Run, this));
+	}
+
+	void BOBCommandChannel::Stop ()
+	{
+		m_IsRunning = false;
+		for (auto it: m_Destinations)
+			it.second->Stop ();
+		m_Acceptor.cancel ();	
+		m_Service.stop ();
+		if (m_Thread)
+		{	
+			m_Thread->join (); 
+			delete m_Thread;
+			m_Thread = nullptr;
+		}	
+	}
+		
+	void BOBCommandChannel::Run () 
+	{ 
+		while (m_IsRunning)
+		{
+			try
+			{	
+				m_Service.run ();
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "BOB: ", ex.what ());
+			}	
+		}	
+	}
+
+	void BOBCommandChannel::AddDestination (const std::string& name, BOBDestination * dest)
+	{
+		m_Destinations[name] = dest;
+	}	
+
+	void BOBCommandChannel::DeleteDestination (const std::string& name)
+	{
+		auto it = m_Destinations.find (name);
+		if (it != m_Destinations.end ())
+		{
+			it->second->Stop ();
+			delete it->second;
+			m_Destinations.erase (it);
+		}	
+	}	
+		
+	BOBDestination * BOBCommandChannel::FindDestination (const std::string& name)
+	{
+		auto it = m_Destinations.find (name);
+		if (it != m_Destinations.end ())
+			return it->second;
+		return nullptr;	
+	}
+		
+	void BOBCommandChannel::Accept ()
+	{
+		auto newSession = std::make_shared<BOBCommandSession> (*this);
+		m_Acceptor.async_accept (newSession->GetSocket (), std::bind (&BOBCommandChannel::HandleAccept, this,
+			std::placeholders::_1, newSession));
+	}
+
+	void BOBCommandChannel::HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<BOBCommandSession> session)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+			Accept ();
+
+		if (!ecode)
+		{
+			LogPrint (eLogInfo, "New BOB command connection from ", session->GetSocket ().remote_endpoint ());
+			session->SendVersion ();	
+		}
+		else
+			LogPrint (eLogError, "BOB accept error: ",  ecode.message ());
+	}
+}
+}
+

BOB.h

@@ -0,0 +1,236 @@
+#ifndef BOB_H__
+#define BOB_H__
+
+#include <inttypes.h>
+#include <thread>
+#include <memory>
+#include <map>
+#include <string>
+#include <boost/asio.hpp>
+#include "I2PTunnel.h"
+#include "I2PService.h"
+#include "Identity.h"
+#include "LeaseSet.h"
+
+namespace i2p
+{
+namespace client
+{
+	const size_t BOB_COMMAND_BUFFER_SIZE = 1024;
+	const char BOB_COMMAND_ZAP[] = "zap";
+	const char BOB_COMMAND_QUIT[] = "quit";
+	const char BOB_COMMAND_START[] = "start";
+	const char BOB_COMMAND_STOP[] = "stop";	
+	const char BOB_COMMAND_SETNICK[] = "setnick";
+	const char BOB_COMMAND_GETNICK[] = "getnick";		
+	const char BOB_COMMAND_NEWKEYS[] = "newkeys";
+	const char BOB_COMMAND_GETKEYS[] = "getkeys";
+	const char BOB_COMMAND_SETKEYS[] = "setkeys";
+	const char BOB_COMMAND_GETDEST[] = "getdest";
+	const char BOB_COMMAND_OUTHOST[] = "outhost";	
+	const char BOB_COMMAND_OUTPORT[] = "outport";
+	const char BOB_COMMAND_INHOST[] = "inhost";	
+	const char BOB_COMMAND_INPORT[] = "inport";
+	const char BOB_COMMAND_QUIET[] = "quiet";
+	const char BOB_COMMAND_LOOKUP[] = "lookup";	
+	const char BOB_COMMAND_CLEAR[] = "clear";
+	const char BOB_COMMAND_LIST[] = "list";
+	const char BOB_COMMAND_OPTION[] = "option";
+	
+	const char BOB_VERSION[] = "BOB 00.00.10\nOK\n";	
+	const char BOB_REPLY_OK[] = "OK %s\n";
+	const char BOB_REPLY_ERROR[] = "ERROR %s\n";
+	const char BOB_DATA[] = "NICKNAME %s\n";
+
+	class BOBI2PTunnel: public I2PService
+	{
+		public:
+
+			BOBI2PTunnel (std::shared_ptr<ClientDestination> localDestination): 
+				I2PService (localDestination) {};
+
+			virtual void Start () {};
+			virtual void Stop () {};				
+	};	
+	
+	class BOBI2PInboundTunnel: public BOBI2PTunnel
+	{
+			struct AddressReceiver
+			{
+				boost::asio::ip::tcp::socket * socket;
+				char buffer[BOB_COMMAND_BUFFER_SIZE + 1]; // for destination base64 address
+				uint8_t * data; 
+				size_t dataLen, bufferOffset; 
+
+				AddressReceiver (): data (nullptr), dataLen (0), bufferOffset (0) {};
+			};	
+		
+		public:
+
+			BOBI2PInboundTunnel (int port, std::shared_ptr<ClientDestination> localDestination);
+			~BOBI2PInboundTunnel ();
+
+			void Start ();
+			void Stop ();
+
+		private:
+
+			void Accept ();
+			void HandleAccept (const boost::system::error_code& ecode, AddressReceiver * receiver);
+
+			void ReceiveAddress (AddressReceiver * receiver);
+			void HandleReceivedAddress (const boost::system::error_code& ecode, std::size_t bytes_transferred,
+				AddressReceiver * receiver);
+
+			void HandleDestinationRequestComplete (bool success, AddressReceiver * receiver, i2p::data::IdentHash ident);
+
+			void CreateConnection (AddressReceiver * receiver, std::shared_ptr<const i2p::data::LeaseSet> leaseSet);
+
+		private:
+
+			boost::asio::ip::tcp::acceptor m_Acceptor;	
+	};
+
+	class BOBI2POutboundTunnel: public BOBI2PTunnel
+	{
+		public:
+
+			 BOBI2POutboundTunnel (const std::string& address, int port, std::shared_ptr<ClientDestination> localDestination, bool quiet);	
+
+			void Start ();
+			void Stop ();
+
+			void SetQuiet () { m_IsQuiet = true; };
+
+		private:
+
+			void Accept ();
+			void HandleAccept (std::shared_ptr<i2p::stream::Stream> stream);
+
+		private:
+
+			boost::asio::ip::tcp::endpoint m_Endpoint;	
+			bool m_IsQuiet;	
+	};
+
+
+	class BOBDestination
+	{
+		public:
+
+			BOBDestination (std::shared_ptr<ClientDestination> localDestination);
+			~BOBDestination ();
+
+			void Start ();
+			void Stop ();
+			void StopTunnels ();
+			void CreateInboundTunnel (int port);
+			void CreateOutboundTunnel (const std::string& address, int port, bool quiet);
+			const i2p::data::PrivateKeys& GetKeys () const { return m_LocalDestination->GetPrivateKeys (); };
+			
+		private:	
+
+			std::shared_ptr<ClientDestination> m_LocalDestination;
+			BOBI2POutboundTunnel * m_OutboundTunnel;
+			BOBI2PInboundTunnel * m_InboundTunnel;
+	};	
+	
+	class BOBCommandChannel;
+	class BOBCommandSession: public std::enable_shared_from_this<BOBCommandSession>
+	{
+		public:
+
+			BOBCommandSession (BOBCommandChannel& owner);
+			~BOBCommandSession ();	
+			void Terminate ();
+
+			boost::asio::ip::tcp::socket& GetSocket () { return m_Socket; };
+			void SendVersion ();
+
+			// command handlers
+			void ZapCommandHandler (const char * operand, size_t len);
+			void QuitCommandHandler (const char * operand, size_t len);
+			void StartCommandHandler (const char * operand, size_t len);
+			void StopCommandHandler (const char * operand, size_t len);
+			void SetNickCommandHandler (const char * operand, size_t len);
+			void GetNickCommandHandler (const char * operand, size_t len);
+			void NewkeysCommandHandler (const char * operand, size_t len);
+			void SetkeysCommandHandler (const char * operand, size_t len);
+			void GetkeysCommandHandler (const char * operand, size_t len);
+			void GetdestCommandHandler (const char * operand, size_t len);
+			void OuthostCommandHandler (const char * operand, size_t len);
+			void OutportCommandHandler (const char * operand, size_t len);
+			void InhostCommandHandler (const char * operand, size_t len);
+			void InportCommandHandler (const char * operand, size_t len);			
+			void QuietCommandHandler (const char * operand, size_t len);	
+			void LookupCommandHandler (const char * operand, size_t len);
+			void ClearCommandHandler (const char * operand, size_t len);
+			void ListCommandHandler (const char * operand, size_t len);
+			void OptionCommandHandler (const char * operand, size_t len);
+			
+		private:
+
+			void Receive ();
+			void HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred);
+
+			void Send (size_t len);
+			void HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred);
+			void SendReplyOK (const char * msg);
+			void SendReplyError (const char * msg);
+			void SendData (const char * nickname);
+
+		private:
+
+			BOBCommandChannel& m_Owner;
+			boost::asio::ip::tcp::socket m_Socket;
+			char m_ReceiveBuffer[BOB_COMMAND_BUFFER_SIZE + 1], m_SendBuffer[BOB_COMMAND_BUFFER_SIZE + 1];
+			size_t m_ReceiveBufferOffset;
+			bool m_IsOpen, m_IsQuiet;
+			std::string m_Nickname, m_Address;
+			int m_InPort, m_OutPort;
+			i2p::data::PrivateKeys m_Keys;
+			std::map<std::string, std::string> m_Options; 
+			BOBDestination * m_CurrentDestination;
+	};
+	typedef void (BOBCommandSession::*BOBCommandHandler)(const char * operand, size_t len);
+
+	class BOBCommandChannel
+	{
+		public:
+
+			BOBCommandChannel (int port);
+			~BOBCommandChannel ();
+
+			void Start ();
+			void Stop ();
+
+			boost::asio::io_service& GetService () { return m_Service; };
+			void AddDestination (const std::string& name, BOBDestination * dest);
+			void DeleteDestination (const std::string& name);
+			BOBDestination * FindDestination (const std::string& name);
+			
+		private:
+
+			void Run ();
+			void Accept ();
+			void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<BOBCommandSession> session);
+
+		private:
+
+			bool m_IsRunning;
+			std::thread * m_Thread;	
+			boost::asio::io_service m_Service;
+			boost::asio::ip::tcp::acceptor m_Acceptor;
+			std::map<std::string, BOBDestination *> m_Destinations;
+			std::map<std::string, BOBCommandHandler> m_CommandHandlers;
+
+		public:
+
+			const decltype(m_CommandHandlers)& GetCommandHandlers () const { return m_CommandHandlers; };
+			const decltype(m_Destinations)& GetDestinations () const { return m_Destinations; };
+	};	
+}
+}
+
+#endif
+

ClientContext.cpp

@@ -1,5 +1,10 @@
+#include <fstream>
+#include <iostream>
+#include <boost/property_tree/ptree.hpp>
+#include <boost/property_tree/ini_parser.hpp>
 #include "util.h"
 #include "Log.h"
+#include "Identity.h"
 #include "ClientContext.h"
 
 namespace i2p
@@ -9,8 +14,8 @@ namespace client
 	ClientContext context;	
 
 	ClientContext::ClientContext (): m_SharedLocalDestination (nullptr),
-		m_HttpProxy (nullptr), m_SocksProxy (nullptr), m_IrcTunnel (nullptr),
-		m_ServerTunnel (nullptr), m_SamBridge (nullptr)	
+		m_HttpProxy (nullptr), m_SocksProxy (nullptr), m_SamBridge (nullptr), 
+		m_BOBCommandChannel (nullptr), m_I2PControlService (nullptr)
 	{
 	}
 	
@@ -18,48 +23,59 @@ namespace client
 	{
 		delete m_HttpProxy;
 		delete m_SocksProxy;
-		delete m_IrcTunnel;
-		delete m_ServerTunnel;
 		delete m_SamBridge;
+		delete m_BOBCommandChannel;
+		delete m_I2PControlService;
 	}
 	
 	void ClientContext::Start ()
 	{
 		if (!m_SharedLocalDestination)
 		{	
-			m_SharedLocalDestination = new ClientDestination (false, i2p::data::SIGNING_KEY_TYPE_DSA_SHA1); // non-public, DSA
+			m_SharedLocalDestination = CreateNewLocalDestination (); // non-public, DSA
 			m_Destinations[m_SharedLocalDestination->GetIdentity ().GetIdentHash ()] = m_SharedLocalDestination;
 			m_SharedLocalDestination->Start ();
 		}
 
-		m_HttpProxy = new i2p::proxy::HTTPProxy(i2p::util::config::GetArg("-httpproxyport", 4446));
+		std::shared_ptr<ClientDestination> localDestination;	
+		// proxies	
+		std::string proxyKeys = i2p::util::config::GetArg("-proxykeys", "");
+		if (proxyKeys.length () > 0)
+			localDestination = LoadLocalDestination (proxyKeys, false);
+		m_HttpProxy = new i2p::proxy::HTTPProxy(i2p::util::config::GetArg("-httpproxyport", 4446), localDestination);
 		m_HttpProxy->Start();
 		LogPrint("HTTP Proxy started");
-		m_SocksProxy = new i2p::proxy::SOCKSProxy(i2p::util::config::GetArg("-socksproxyport", 4447));
+		m_SocksProxy = new i2p::proxy::SOCKSProxy(i2p::util::config::GetArg("-socksproxyport", 4447), localDestination);
 		m_SocksProxy->Start();
 		LogPrint("SOCKS Proxy Started");
+	
+		// I2P tunnels
 		std::string ircDestination = i2p::util::config::GetArg("-ircdest", "");
 		if (ircDestination.length () > 0) // ircdest is presented
 		{
-			ClientDestination * localDestination = nullptr;
+			localDestination = nullptr;
 			std::string ircKeys = i2p::util::config::GetArg("-irckeys", "");	
 			if (ircKeys.length () > 0)
-				localDestination = i2p::client::context.LoadLocalDestination (ircKeys, false);
-			m_IrcTunnel = new I2PClientTunnel (m_SocksProxy->GetService (), ircDestination,
-				i2p::util::config::GetArg("-ircport", 6668), localDestination);
-			m_IrcTunnel->Start ();
+				localDestination = LoadLocalDestination (ircKeys, false);
+			auto ircPort = i2p::util::config::GetArg("-ircport", 6668);
+			auto ircTunnel = new I2PClientTunnel (ircDestination, ircPort, localDestination);
+			ircTunnel->Start ();
+			m_ClientTunnels.insert (std::make_pair(ircPort, std::unique_ptr<I2PClientTunnel>(ircTunnel)));
 			LogPrint("IRC tunnel started");
 		}	
 		std::string eepKeys = i2p::util::config::GetArg("-eepkeys", "");
 		if (eepKeys.length () > 0) // eepkeys file is presented
 		{
-			auto localDestination = i2p::client::context.LoadLocalDestination (eepKeys, true);
-			m_ServerTunnel = new I2PServerTunnel (m_SocksProxy->GetService (), 
-				i2p::util::config::GetArg("-eephost", "127.0.0.1"), i2p::util::config::GetArg("-eepport", 80),
-				localDestination);
-			m_ServerTunnel->Start ();
+			localDestination = LoadLocalDestination (eepKeys, true);
+			auto serverTunnel = new I2PServerTunnel (i2p::util::config::GetArg("-eephost", "127.0.0.1"),
+ 				i2p::util::config::GetArg("-eepport", 80), localDestination);
+			serverTunnel->Start ();
+			m_ServerTunnels.insert (std::make_pair(localDestination->GetIdentHash (), std::unique_ptr<I2PServerTunnel>(serverTunnel)));
 			LogPrint("Server tunnel started");
 		}
+		ReadTunnels ();
+
+		// SAM
 		int samPort = i2p::util::config::GetArg("-samport", 0);
 		if (samPort)
 		{
@@ -67,6 +83,25 @@ namespace client
 			m_SamBridge->Start ();
 			LogPrint("SAM bridge started");
 		} 
+
+		// BOB
+		int bobPort = i2p::util::config::GetArg("-bobport", 0);
+		if (bobPort)
+		{
+			m_BOBCommandChannel = new BOBCommandChannel (bobPort);
+			m_BOBCommandChannel->Start ();
+			LogPrint("BOB command channel started");
+		} 
+
+		// I2P Control
+		int i2pcontrolPort = i2p::util::config::GetArg("-i2pcontrolport", 0);
+		if (i2pcontrolPort)
+		{
+			m_I2PControlService = new I2PControlService (i2pcontrolPort);
+			m_I2PControlService->Start ();
+			LogPrint("I2PControl started");
+		}
+		m_AddressBook.Start ();
 	}
 		
 	void ClientContext::Stop ()
@@ -74,85 +109,110 @@ namespace client
 		m_HttpProxy->Stop();
 		delete m_HttpProxy;
 		m_HttpProxy = nullptr;
-		LogPrint("HTTP Proxy stoped");
+		LogPrint("HTTP Proxy stopped");
 		m_SocksProxy->Stop();
 		delete m_SocksProxy;
 		m_SocksProxy = nullptr;
-		LogPrint("SOCKS Proxy stoped");
-		if (m_IrcTunnel)
+		LogPrint("SOCKS Proxy stopped");
+		for (auto& it: m_ClientTunnels)
 		{
-			m_IrcTunnel->Stop ();
-			delete m_IrcTunnel; 
-			m_IrcTunnel = nullptr;
-			LogPrint("IRC tunnel stoped");	
+			it.second->Stop ();
+			LogPrint("I2P client tunnel on port ", it.first, " stopped");	
 		}
-		if (m_ServerTunnel)
+		m_ClientTunnels.clear ();	
+		for (auto& it: m_ServerTunnels)
 		{
-			m_ServerTunnel->Stop ();
-			delete m_ServerTunnel; 
-			m_ServerTunnel = nullptr;
-			LogPrint("Server tunnel stoped");	
-		}			
+			it.second->Stop ();
+			LogPrint("I2P server tunnel stopped");	
+		}
+		m_ServerTunnels.clear ();	
 		if (m_SamBridge)
 		{
 			m_SamBridge->Stop ();
 			delete m_SamBridge; 
 			m_SamBridge = nullptr;
-			LogPrint("SAM brdige stoped");	
+			LogPrint("SAM brdige stopped");	
 		}		
-		
-		for (auto it: m_Destinations)
-		{	
-			it.second->Stop ();
-			delete it.second;
-		}		
-		m_Destinations.clear ();
-		m_SharedLocalDestination = 0; // deleted through m_Destination
-	}	
-
-	void ClientContext::LoadLocalDestinations ()
-	{
-		int numDestinations = 0;
-		boost::filesystem::path p (i2p::util::filesystem::GetDataDir());
-		boost::filesystem::directory_iterator end;
-		for (boost::filesystem::directory_iterator it (p); it != end; ++it)
+		if (m_BOBCommandChannel)
 		{
-			if (boost::filesystem::is_regular_file (*it) && it->path ().extension () == ".dat")
-			{
-				auto fullPath =
-#if BOOST_VERSION > 10500
-				it->path().string();
-#else
-				it->path();
-#endif
-				auto localDestination = new ClientDestination (fullPath, true);
-				m_Destinations[localDestination->GetIdentHash ()] = localDestination;
-				numDestinations++;
-			}	
+			m_BOBCommandChannel->Stop ();
+			delete m_BOBCommandChannel; 
+			m_BOBCommandChannel = nullptr;
+			LogPrint("BOB command channel stopped");	
+		}			
+		if (m_I2PControlService)
+		{
+			m_I2PControlService->Stop ();
+			delete m_I2PControlService; 
+			m_I2PControlService = nullptr;
+			LogPrint("I2PControl stopped");	
 		}	
-		if (numDestinations > 0)
-			LogPrint (numDestinations, " local destinations loaded");
+		m_AddressBook.Stop ();		
+		for (auto it: m_Destinations)
+			it.second->Stop ();
+		m_Destinations.clear ();
+		m_SharedLocalDestination = nullptr; 
 	}	
 	
-	ClientDestination * ClientContext::LoadLocalDestination (const std::string& filename, bool isPublic)
+	std::shared_ptr<ClientDestination> ClientContext::LoadLocalDestination (const std::string& filename, bool isPublic)
 	{
-		auto localDestination = new ClientDestination (i2p::util::filesystem::GetFullPath (filename), isPublic);
+		i2p::data::PrivateKeys keys;
+		std::string fullPath = i2p::util::filesystem::GetFullPath (filename);
+		std::ifstream s(fullPath.c_str (), std::ifstream::binary);
+		if (s.is_open ())	
+		{	
+			s.seekg (0, std::ios::end);
+			size_t len = s.tellg();
+			s.seekg (0, std::ios::beg);
+			uint8_t * buf = new uint8_t[len];
+			s.read ((char *)buf, len);
+			keys.FromBuffer (buf, len);
+			delete[] buf;
+			LogPrint ("Local address ", m_AddressBook.ToAddress(keys.GetPublic ().GetIdentHash ()), " loaded");
+		}	
+		else
+		{
+			LogPrint ("Can't open file ", fullPath, " Creating new one");
+			keys = i2p::data::PrivateKeys::CreateRandomKeys (i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256); 
+			std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
+			size_t len = keys.GetFullLen ();
+			uint8_t * buf = new uint8_t[len];
+			len = keys.ToBuffer (buf, len);
+			f.write ((char *)buf, len);
+			delete[] buf;
+			
+			LogPrint ("New private keys file ", fullPath, " for ", m_AddressBook.ToAddress(keys.GetPublic ().GetIdentHash ()), " created");
+		}	
+
+		std::shared_ptr<ClientDestination> localDestination = nullptr;	
 		std::unique_lock<std::mutex> l(m_DestinationsMutex);	
-		m_Destinations[localDestination->GetIdentHash ()] = localDestination;
-		localDestination->Start ();
+		auto it = m_Destinations.find (keys.GetPublic ().GetIdentHash ()); 
+		if (it != m_Destinations.end ())
+		{
+			LogPrint (eLogWarning, "Local destination ",  m_AddressBook.ToAddress(keys.GetPublic ().GetIdentHash ()), " alreday exists");
+			localDestination = it->second;
+		}
+		else
+		{
+			localDestination = std::make_shared<ClientDestination> (keys, isPublic);
+			m_Destinations[localDestination->GetIdentHash ()] = localDestination;
+			localDestination->Start ();
+		}
 		return localDestination;
 	}
 
-	ClientDestination * ClientContext::CreateNewLocalDestination (bool isPublic, i2p::data::SigningKeyType sigType)
+	std::shared_ptr<ClientDestination> ClientContext::CreateNewLocalDestination (bool isPublic, i2p::data::SigningKeyType sigType,
+		const std::map<std::string, std::string> * params)
 	{
-		auto localDestination = new ClientDestination (isPublic, sigType);
+		i2p::data::PrivateKeys keys = i2p::data::PrivateKeys::CreateRandomKeys (sigType);
+		auto localDestination = std::make_shared<ClientDestination> (keys, isPublic, params);
 		std::unique_lock<std::mutex> l(m_DestinationsMutex);
 		m_Destinations[localDestination->GetIdentHash ()] = localDestination;
 		localDestination->Start ();
 		return localDestination;
 	}
 
-	void ClientContext::DeleteLocalDestination (ClientDestination * destination)
+	void ClientContext::DeleteLocalDestination (std::shared_ptr<ClientDestination> destination)
 	{
 		if (!destination) return;
 		auto it = m_Destinations.find (destination->GetIdentHash ());
@@ -164,16 +224,16 @@ namespace client
 				m_Destinations.erase (it);
 			}	
 			d->Stop ();
-			delete d;
 		}
 	}
 
-	ClientDestination * ClientContext::CreateNewLocalDestination (const i2p::data::PrivateKeys& keys, bool isPublic)
+	std::shared_ptr<ClientDestination> ClientContext::CreateNewLocalDestination (const i2p::data::PrivateKeys& keys, bool isPublic,
+		const std::map<std::string, std::string> * params)
 	{
 		auto it = m_Destinations.find (keys.GetPublic ().GetIdentHash ());
 		if (it != m_Destinations.end ())
 		{
-			LogPrint ("Local destination ", keys.GetPublic ().GetIdentHash ().ToBase32 (), ".b32.i2p exists");
+			LogPrint ("Local destination ", m_AddressBook.ToAddress(keys.GetPublic ().GetIdentHash ()), " exists");
 			if (!it->second->IsRunning ())
 			{	
 				it->second->Start ();
@@ -181,19 +241,104 @@ namespace client
 			}	
 			return nullptr;
 		}	
-		auto localDestination = new ClientDestination (keys, isPublic);
+		auto localDestination = std::make_shared<ClientDestination> (keys, isPublic, params);
 		std::unique_lock<std::mutex> l(m_DestinationsMutex);
 		m_Destinations[keys.GetPublic ().GetIdentHash ()] = localDestination;
 		localDestination->Start ();
 		return localDestination;
 	}
 	
-	ClientDestination * ClientContext::FindLocalDestination (const i2p::data::IdentHash& destination) const
+	std::shared_ptr<ClientDestination> ClientContext::FindLocalDestination (const i2p::data::IdentHash& destination) const
 	{
 		auto it = m_Destinations.find (destination);
 		if (it != m_Destinations.end ())
 			return it->second;
 		return nullptr;
 	}	
+
+	void ClientContext::ReadTunnels ()
+	{
+		boost::property_tree::ptree pt;
+		try
+		{
+			boost::property_tree::read_ini (i2p::util::filesystem::GetFullPath (TUNNELS_CONFIG_FILENAME), pt);
+		}
+		catch (std::exception& ex)
+		{
+			LogPrint (eLogWarning, "Can't read ", TUNNELS_CONFIG_FILENAME, ": ", ex.what ());
+			return;
+		}
+			
+		int numClientTunnels = 0, numServerTunnels = 0;
+		for (auto& section: pt)
+		{
+			std::string name = section.first;			
+			try
+			{
+				std::string type = section.second.get<std::string> (I2P_TUNNELS_SECTION_TYPE);
+				if (type == I2P_TUNNELS_SECTION_TYPE_CLIENT)
+				{
+					// mandatory params
+					std::string dest = section.second.get<std::string> (I2P_CLIENT_TUNNEL_DESTINATION);
+					int port = section.second.get<int> (I2P_CLIENT_TUNNEL_PORT);
+					// optional params
+					std::string keys = section.second.get (I2P_CLIENT_TUNNEL_KEYS, "");
+					int destinationPort = section.second.get (I2P_CLIENT_TUNNEL_DESTINATION_PORT, 0);
+
+					std::shared_ptr<ClientDestination> localDestination = nullptr;
+					if (keys.length () > 0)
+						localDestination = LoadLocalDestination (keys, false);
+					auto clientTunnel = new I2PClientTunnel (dest, port, localDestination, destinationPort);
+					if (m_ClientTunnels.insert (std::make_pair (port, std::unique_ptr<I2PClientTunnel>(clientTunnel))).second)
+						clientTunnel->Start ();
+					else
+						LogPrint (eLogError, "I2P client tunnel with port ", port, " already exists");
+					numClientTunnels++;
+				}
+				else if (type == I2P_TUNNELS_SECTION_TYPE_SERVER)
+				{	
+					// mandatory params
+					std::string host = section.second.get<std::string> (I2P_SERVER_TUNNEL_HOST);
+					int port = section.second.get<int> (I2P_SERVER_TUNNEL_PORT);
+					std::string keys = section.second.get<std::string> (I2P_SERVER_TUNNEL_KEYS);
+					// optional params
+					int inPort = section.second.get (I2P_SERVER_TUNNEL_INPORT, 0);
+					std::string accessList = section.second.get (I2P_SERVER_TUNNEL_ACCESS_LIST, "");					
+
+					auto localDestination = LoadLocalDestination (keys, true);
+					auto serverTunnel = new I2PServerTunnel (host, port, localDestination, inPort);
+					if (accessList.length () > 0)
+					{
+						std::set<i2p::data::IdentHash> idents;
+						size_t pos = 0, comma;
+						do
+						{
+							comma = accessList.find (',', pos);
+							i2p::data::IdentHash ident;
+							ident.FromBase32 (accessList.substr (pos, comma != std::string::npos ? comma - pos : std::string::npos));	
+							idents.insert (ident);
+							pos = comma + 1;
+						}
+						while (comma != std::string::npos);
+						serverTunnel->SetAccessList (idents);
+					}
+					if (m_ServerTunnels.insert (std::make_pair (localDestination->GetIdentHash (), std::unique_ptr<I2PServerTunnel>(serverTunnel))).second)
+						serverTunnel->Start ();
+					else
+						LogPrint (eLogError, "I2P server tunnel for destination ",   m_AddressBook.ToAddress(localDestination->GetIdentHash ()), " already exists");	
+					numServerTunnels++;
+				}
+				else
+					LogPrint (eLogWarning, "Unknown section type=", type, " of ", name, " in ", TUNNELS_CONFIG_FILENAME);
+				
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "Can't read tunnel ", name, " params: ", ex.what ());
+			}
+		}	
+		LogPrint (eLogInfo, numClientTunnels, " I2P client tunnels created");
+		LogPrint (eLogInfo, numServerTunnels, " I2P server tunnels created");
+	}	
 }		
 }	

ClientContext.h

@@ -1,18 +1,36 @@
 #ifndef CLIENT_CONTEXT_H__
 #define CLIENT_CONTEXT_H__
 
+#include <map>
 #include <mutex>
+#include <memory>
 #include "Destination.h"
 #include "HTTPProxy.h"
 #include "SOCKS.h"
 #include "I2PTunnel.h"
 #include "SAM.h"
+#include "BOB.h"
 #include "AddressBook.h"
+#include "I2PControl.h"
 
 namespace i2p
 {
 namespace client
 {
+	const char I2P_TUNNELS_SECTION_TYPE[] = "type";
+	const char I2P_TUNNELS_SECTION_TYPE_CLIENT[] = "client";
+	const char I2P_TUNNELS_SECTION_TYPE_SERVER[] = "server";
+	const char I2P_CLIENT_TUNNEL_PORT[] = "port";
+	const char I2P_CLIENT_TUNNEL_DESTINATION[] = "destination";
+	const char I2P_CLIENT_TUNNEL_KEYS[] = "keys";
+	const char I2P_CLIENT_TUNNEL_DESTINATION_PORT[] = "destinationport";	
+	const char I2P_SERVER_TUNNEL_HOST[] = "host";	
+	const char I2P_SERVER_TUNNEL_PORT[] = "port";
+	const char I2P_SERVER_TUNNEL_KEYS[] = "keys";
+	const char I2P_SERVER_TUNNEL_INPORT[] = "inport";
+	const char I2P_SERVER_TUNNEL_ACCESS_LIST[] = "accesslist";		
+	const char TUNNELS_CONFIG_FILENAME[] = "tunnels.cfg";
+
 	class ClientContext
 	{
 		public:
@@ -23,32 +41,37 @@ namespace client
 			void Start ();
 			void Stop ();
 
-			ClientDestination * GetSharedLocalDestination () const { return m_SharedLocalDestination; };
-			ClientDestination * CreateNewLocalDestination (bool isPublic = true, i2p::data::SigningKeyType sigType = i2p::data::SIGNING_KEY_TYPE_DSA_SHA1); // transient
-			ClientDestination * CreateNewLocalDestination (const i2p::data::PrivateKeys& keys, bool isPublic = true);
-			void DeleteLocalDestination (ClientDestination * destination);
-			ClientDestination * FindLocalDestination (const i2p::data::IdentHash& destination) const;		
-			ClientDestination * LoadLocalDestination (const std::string& filename, bool isPublic);
+			std::shared_ptr<ClientDestination> GetSharedLocalDestination () const { return m_SharedLocalDestination; };
+			std::shared_ptr<ClientDestination> CreateNewLocalDestination (bool isPublic = false, i2p::data::SigningKeyType sigType = i2p::data::SIGNING_KEY_TYPE_DSA_SHA1,
+			    const std::map<std::string, std::string> * params = nullptr); // transient
+			std::shared_ptr<ClientDestination> CreateNewLocalDestination (const i2p::data::PrivateKeys& keys, bool isPublic = true, 
+				const std::map<std::string, std::string> * params = nullptr);
+			void DeleteLocalDestination (std::shared_ptr<ClientDestination> destination);
+			std::shared_ptr<ClientDestination> FindLocalDestination (const i2p::data::IdentHash& destination) const;		
+			std::shared_ptr<ClientDestination> LoadLocalDestination (const std::string& filename, bool isPublic);
 
 			AddressBook& GetAddressBook () { return m_AddressBook; };
+			const SAMBridge * GetSAMBridge () const { return m_SamBridge; };
+		
+		private:
 
-		private:	
-
-			void LoadLocalDestinations ();
-			
+			void ReadTunnels ();
+	
 		private:
 
 			std::mutex m_DestinationsMutex;
-			std::map<i2p::data::IdentHash, ClientDestination *> m_Destinations;
-			ClientDestination * m_SharedLocalDestination;	
+			std::map<i2p::data::IdentHash, std::shared_ptr<ClientDestination> > m_Destinations;
+			std::shared_ptr<ClientDestination>  m_SharedLocalDestination;	
 
 			AddressBook m_AddressBook;
 
 			i2p::proxy::HTTPProxy * m_HttpProxy;
 			i2p::proxy::SOCKSProxy * m_SocksProxy;
-			I2PClientTunnel * m_IrcTunnel;
-			I2PServerTunnel * m_ServerTunnel;
+			std::map<int, std::unique_ptr<I2PClientTunnel> > m_ClientTunnels; // port->tunnel
+			std::map<i2p::data::IdentHash, std::unique_ptr<I2PServerTunnel> > m_ServerTunnels; // destination->tunnel
 			SAMBridge * m_SamBridge;
+			BOBCommandChannel * m_BOBCommandChannel;
+			I2PControlService * m_I2PControlService;
 
 		public:
 			// for HTTP

CryptoConst.h

@@ -28,7 +28,10 @@ namespace crypto
 	// DSA
 	#define dsap GetCryptoConstants ().dsap	
 	#define dsaq GetCryptoConstants ().dsaq
-	#define dsag GetCryptoConstants ().dsag		
+	#define dsag GetCryptoConstants ().dsag	
+
+	// RSA
+	const int rsae = 65537;	
 }		
 }	
 

Daemon.cpp

@@ -18,6 +18,11 @@
 #include "HTTPServer.h"
 #include "ClientContext.h"
 
+#ifdef USE_UPNP
+#include "UPnP.h"
+#endif
+
+
 namespace i2p
 {
 	namespace util
@@ -69,11 +74,17 @@ namespace i2p
 			if (host && host[0])
 				i2p::context.UpdateAddress (boost::asio::ip::address::from_string (host));	
 
-			if (i2p::util::config::GetArg("-unreachable", 0))
-				i2p::context.SetUnreachable ();
-
 			i2p::context.SetSupportsV6 (i2p::util::config::GetArg("-v6", 0));
-			
+			i2p::context.SetFloodfill (i2p::util::config::GetArg("-floodfill", 0));
+			auto bandwidth = i2p::util::config::GetArg("-bandwidth", "");
+			if (bandwidth.length () > 0)
+			{
+				if (bandwidth[0] > 'L')
+					i2p::context.SetHighBandwidth ();
+				else
+					i2p::context.SetLowBandwidth ();
+			}	
+
 			LogPrint("CMD parameters:");
 			for (int i = 0; i < argc; ++i)
 				LogPrint(i, "  ", argv[i]);
@@ -89,11 +100,11 @@ namespace i2p
 				if (isDaemon)
 				{
 					std::string logfile_path = IsService () ? "/var/log" : i2p::util::filesystem::GetDataDir().string();
-	#ifndef _WIN32
+#ifndef _WIN32
 					logfile_path.append("/i2pd.log");
-	#else
+#else
 					logfile_path.append("\\i2pd.log");
-	#endif
+#endif
 					StartLog (logfile_path);
 				}
 				else
@@ -111,7 +122,10 @@ namespace i2p
 			LogPrint("Tunnels started");
 			i2p::client::context.Start ();
 			LogPrint("Client started");
-			
+#ifdef USE_UPNP
+            i2p::UPnP::upnpc.Start();
+            LogPrint("UPnP module loaded");
+#endif
 			return true;
 		}
 
@@ -119,15 +133,18 @@ namespace i2p
 		{
 			LogPrint("Shutdown started.");
 			i2p::client::context.Stop();
-			LogPrint("Client stoped");
+			LogPrint("Client stopped");
 			i2p::tunnel::tunnels.Stop();
-			LogPrint("Tunnels stoped");
+			LogPrint("Tunnels stopped");
 			i2p::transport::transports.Stop();
-			LogPrint("Transports stoped");
+			LogPrint("Transports stopped");
 			i2p::data::netdb.Stop();
-			LogPrint("NetDB stoped");
+			LogPrint("NetDB stopped");
 			d.httpServer->Stop();
-			LogPrint("HTTP Server stoped");
+			LogPrint("HTTP Server stopped");
+#ifdef USE_UPNP
+			i2p::UPnP::upnpc.Stop();
+#endif
 			StopLog ();
 
 			delete d.httpServer; d.httpServer = nullptr;

Datagram.cpp

@@ -13,11 +13,11 @@ namespace i2p
 namespace datagram
 {
 	DatagramDestination::DatagramDestination (i2p::client::ClientDestination& owner): 
-		m_Owner (owner) 
+		m_Owner (owner), m_Receiver (nullptr)
 	{
 	}
 
-	void DatagramDestination::SendDatagramTo (const uint8_t * payload, size_t len, const i2p::data::LeaseSet& remote)
+	void DatagramDestination::SendDatagramTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash& ident, uint16_t fromPort, uint16_t toPort)
 	{
 		uint8_t buf[MAX_DATAGRAM_SIZE];
 		auto identityLen = m_Owner.GetIdentity ().ToBuffer (buf, MAX_DATAGRAM_SIZE);
@@ -35,19 +35,35 @@ namespace datagram
 		}
 		else
 			m_Owner.Sign (buf1, len, signature);
-		
-		auto service = m_Owner.GetService ();
-		if (service) 
-			service->post (boost::bind (&DatagramDestination::SendMsg, this, 
-				CreateDataMessage (buf, len + headerLen), remote));
+
+		auto msg = CreateDataMessage (buf, len + headerLen, fromPort, toPort); 
+		auto remote = m_Owner.FindLeaseSet (ident);
+		if (remote)
+			m_Owner.GetService ().post (std::bind (&DatagramDestination::SendMsg, this, msg, remote));
 		else
-			LogPrint ("Failed to send datagram. Destination is not running");
+			m_Owner.RequestDestination (ident, std::bind (&DatagramDestination::HandleLeaseSetRequestComplete, 
+				this, std::placeholders::_1, msg, ident));
 	}
 
-	void DatagramDestination::SendMsg (I2NPMessage * msg, const i2p::data::LeaseSet& remote)
+	void DatagramDestination::HandleLeaseSetRequestComplete (bool success, I2NPMessage * msg, i2p::data::IdentHash ident)
 	{
-		auto leases = remote.GetNonExpiredLeases ();
-		if (!leases.empty ())
+		if (success)
+		{
+			auto remote = m_Owner.FindLeaseSet (ident);
+			if (remote)
+			{
+				SendMsg (msg, remote);
+				return;
+			}	
+		}
+		DeleteI2NPMessage (msg);
+	}	
+		
+	void DatagramDestination::SendMsg (I2NPMessage * msg, std::shared_ptr<const i2p::data::LeaseSet> remote)
+	{
+		auto outboundTunnel = m_Owner.GetTunnelPool ()->GetNextOutboundTunnel ();
+		auto leases = remote->GetNonExpiredLeases ();
+		if (!leases.empty () && outboundTunnel)
 		{
 			std::vector<i2p::tunnel::TunnelMessageBlock> msgs;			
 			uint32_t i = i2p::context.GetRandomNumberGenerator ().GenerateWord32 (0, leases.size () - 1);
@@ -58,16 +74,19 @@ namespace datagram
 					leases[i].tunnelGateway, leases[i].tunnelID,
 					garlic
 				});
-			m_Owner.SendTunnelDataMsgs (msgs);
+			outboundTunnel->SendTunnelDataMsg (msgs);
 		}
 		else
 		{
-			LogPrint ("Failed to send datagram. All leases expired");
+			if (outboundTunnel)
+				LogPrint (eLogWarning, "Failed to send datagram. All leases expired");
+			else
+				LogPrint (eLogWarning, "Failed to send datagram. No outbound tunnels");
 			DeleteI2NPMessage (msg);	
 		}	
 	}
 
-	void DatagramDestination::HandleDatagram (const uint8_t * buf, size_t len)
+	void DatagramDestination::HandleDatagram (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len)
 	{
 		i2p::data::IdentityEx identity;
 		size_t identityLen = identity.FromBuffer (buf, len);
@@ -77,22 +96,25 @@ namespace datagram
 		bool verified = false;
 		if (identity.GetSigningKeyType () == i2p::data::SIGNING_KEY_TYPE_DSA_SHA1)
 		{
-			uint8_t hash[32];	
+			uint8_t hash[32];
 			CryptoPP::SHA256().CalculateDigest (hash, buf + headerLen, len - headerLen);
 			verified = identity.Verify (hash, 32, signature);
-		}
+		}	
 		else	
 			verified = identity.Verify (buf + headerLen, len - headerLen, signature);
 				
 		if (verified)
 		{
-			// TODO: invoke datagram handler
+			if (m_Receiver != nullptr)
+				m_Receiver (identity, fromPort, toPort, buf + headerLen, len -headerLen);
+			else
+				LogPrint (eLogWarning, "Receiver for datagram is not set");	
 		}
 		else
-			LogPrint ("Datagram signature verification failed");	
+			LogPrint (eLogWarning, "Datagram signature verification failed");	
 	}
 
-	void DatagramDestination::HandleDataMessagePayload (const uint8_t * buf, size_t len)
+	void DatagramDestination::HandleDataMessagePayload (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len)
 	{
 		// unzip it
 		CryptoPP::Gunzip decompressor;
@@ -103,14 +125,14 @@ namespace datagram
 		if (uncompressedLen <= MAX_DATAGRAM_SIZE)
 		{
 			decompressor.Get (uncompressed, uncompressedLen);
-			HandleDatagram (uncompressed, uncompressedLen); 
+			HandleDatagram (fromPort, toPort, uncompressed, uncompressedLen); 
 		}
 		else
 			LogPrint ("Received datagram size ", uncompressedLen,  " exceeds max size");
 
 	}
 
-	I2NPMessage * DatagramDestination::CreateDataMessage (const uint8_t * payload, size_t len)
+	I2NPMessage * DatagramDestination::CreateDataMessage (const uint8_t * payload, size_t len, uint16_t fromPort, uint16_t toPort)
 	{
 		I2NPMessage * msg = NewI2NPMessage ();
 		CryptoPP::Gzip compressor; // default level
@@ -118,10 +140,11 @@ namespace datagram
 		compressor.MessageEnd();
 		int size = compressor.MaxRetrievable ();
 		uint8_t * buf = msg->GetPayload ();
-		*(uint32_t *)buf = htobe32 (size); // length
+		htobe32buf (buf, size); // length
 		buf += 4;
 		compressor.Get (buf, size);
-		memset (buf + 4, 0, 4); // source and destination are zeroes
+		htobe16buf (buf + 4, fromPort); // source port
+		htobe16buf (buf + 6, toPort); // destination port 
 		buf[9] = i2p::client::PROTOCOL_TYPE_DATAGRAM; // datagram protocol
 		msg->len += size + 4; 
 		FillI2NPMessageHeader (msg, eI2NPData);

Datagram.h

@@ -2,6 +2,9 @@
 #define DATAGRAM_H__
 
 #include <inttypes.h>
+#include <memory>
+#include <functional>
+#include "Identity.h"
 #include "LeaseSet.h"
 #include "I2NPProtocol.h"
 
@@ -16,23 +19,31 @@ namespace datagram
 	const size_t MAX_DATAGRAM_SIZE = 32768;
 	class DatagramDestination
 	{
+		typedef std::function<void (const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len)> Receiver;
+
 		public:
 
 			DatagramDestination (i2p::client::ClientDestination& owner);
 			~DatagramDestination () {};				
 
-			void SendDatagramTo (const uint8_t * payload, size_t len, const i2p::data::LeaseSet& remote);
-			void HandleDataMessagePayload (const uint8_t * buf, size_t len);
+			void SendDatagramTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash& ident, uint16_t fromPort = 0, uint16_t toPort = 0);
+			void HandleDataMessagePayload (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
+
+			void SetReceiver (const Receiver& receiver) { m_Receiver = receiver; };
+			void ResetReceiver () { m_Receiver = nullptr; };
 
 		private:
 
-			I2NPMessage * CreateDataMessage (const uint8_t * payload, size_t len);
-			void SendMsg (I2NPMessage * msg, const i2p::data::LeaseSet& remote);
-			void HandleDatagram (const uint8_t * buf, size_t len);
+			void HandleLeaseSetRequestComplete (bool success, I2NPMessage * msg, i2p::data::IdentHash ident);
+			
+			I2NPMessage * CreateDataMessage (const uint8_t * payload, size_t len, uint16_t fromPort, uint16_t toPort);
+			void SendMsg (I2NPMessage * msg, std::shared_ptr<const i2p::data::LeaseSet> remote);
+			void HandleDatagram (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
 
 		private:
 
 			i2p::client::ClientDestination& m_Owner;
+			Receiver m_Receiver;
 	};		
 }
 }

Destination.cpp

@@ -1,128 +1,132 @@
-#include <fstream>
 #include <algorithm>
-#include <cryptopp/dh.h>
+#include <cassert>
+#include <boost/lexical_cast.hpp>
 #include "Log.h"
 #include "util.h"
+#include "ElGamal.h"
+#include "Timestamp.h"
 #include "NetDb.h"
+#include "AddressBook.h"
 #include "Destination.h"
 
 namespace i2p
 {
 namespace client
 {
-	ClientDestination::ClientDestination (bool isPublic, i2p::data::SigningKeyType sigType): 
-		m_IsRunning (false), m_Thread (nullptr), m_Service (nullptr), m_Work (nullptr), 
-		m_CurrentOutboundTunnel (nullptr), m_LeaseSet (nullptr), m_IsPublic (isPublic),
-		m_DatagramDestination (nullptr)
-	{		
-		m_Keys = i2p::data::PrivateKeys::CreateRandomKeys (sigType);
-		CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
-		dh.GenerateKeyPair(i2p::context.GetRandomNumberGenerator (), m_EncryptionPrivateKey, m_EncryptionPublicKey);
-		m_Pool = i2p::tunnel::tunnels.CreateTunnelPool (*this, 3); // 3-hops tunnel
-		if (m_IsPublic)
-			LogPrint ("Local address ", GetIdentHash ().ToBase32 (), ".b32.i2p created");
-		m_StreamingDestination = new i2p::stream::StreamingDestination (*this); // TODO:
-	}
-
-	ClientDestination::ClientDestination (const std::string& fullPath, bool isPublic):
-		m_IsRunning (false), m_Thread (nullptr), m_Service (nullptr), m_Work (nullptr),
-		m_CurrentOutboundTunnel (nullptr), m_LeaseSet (nullptr), m_IsPublic (isPublic),
-		m_DatagramDestination (nullptr)
+	ClientDestination::ClientDestination (const i2p::data::PrivateKeys& keys, bool isPublic, 
+			const std::map<std::string, std::string> * params):
+		m_IsRunning (false), m_Thread (nullptr), m_Work (m_Service),	
+		m_Keys (keys), m_LeaseSet (nullptr), m_IsPublic (isPublic), m_PublishReplyToken (0),
+		m_DatagramDestination (nullptr), m_PublishConfirmationTimer (m_Service), m_CleanupTimer (m_Service)
 	{
-		std::ifstream s(fullPath.c_str (), std::ifstream::binary);
-		if (s.is_open ())	
-		{	
-			s.seekg (0, std::ios::end);
-			size_t len = s.tellg();
-			s.seekg (0, std::ios::beg);
-			uint8_t * buf = new uint8_t[len];
-			s.read ((char *)buf, len);
-			m_Keys.FromBuffer (buf, len);
-			delete[] buf;
-			LogPrint ("Local address ", GetIdentHash ().ToBase32 (), ".b32.i2p loaded");
-		}	
-		else
+		i2p::crypto::GenerateElGamalKeyPair(i2p::context.GetRandomNumberGenerator (), m_EncryptionPrivateKey, m_EncryptionPublicKey);
+		int inboundTunnelLen = DEFAULT_INBOUND_TUNNEL_LENGTH;
+		int outboundTunnelLen = DEFAULT_OUTBOUND_TUNNEL_LENGTH;
+		if (params)
 		{
-			LogPrint ("Can't open file ", fullPath, " Creating new one");
-			m_Keys = i2p::data::PrivateKeys::CreateRandomKeys (i2p::data::SIGNING_KEY_TYPE_DSA_SHA1); 
-			std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
-			size_t len = m_Keys.GetFullLen ();
-			uint8_t * buf = new uint8_t[len];
-			len = m_Keys.ToBuffer (buf, len);
-			f.write ((char *)buf, len);
-			delete[] buf;
-			
-			LogPrint ("New private keys file ", fullPath, " for ", m_Keys.GetPublic ().GetIdentHash ().ToBase32 (), ".b32.i2p created");
+			auto it = params->find (I2CP_PARAM_INBOUND_TUNNEL_LENGTH);
+			if (it != params->end ())
+			{	
+				int len = boost::lexical_cast<int>(it->second);
+				if (len > 0)
+				{
+					inboundTunnelLen = len;
+					LogPrint (eLogInfo, "Inbound tunnel length set to ", len);
+				}
+			}	
+			it = params->find (I2CP_PARAM_OUTBOUND_TUNNEL_LENGTH);
+			if (it != params->end ())
+			{
+				int len = boost::lexical_cast<int>(it->second);
+				if (len > 0)
+				{
+					outboundTunnelLen = len;
+					LogPrint (eLogInfo, "Outbound tunnel length set to ", len);
+				}
+			}	
 		}	
-
-		CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
-		dh.GenerateKeyPair(i2p::context.GetRandomNumberGenerator (), m_EncryptionPrivateKey, m_EncryptionPublicKey);
-		m_Pool = i2p::tunnel::tunnels.CreateTunnelPool (*this, 3); // 3-hops tunnel 
-		m_StreamingDestination = new i2p::stream::StreamingDestination (*this); // TODO:
-	}
-
-	ClientDestination::ClientDestination (const i2p::data::PrivateKeys& keys, bool isPublic):
-		m_IsRunning (false), m_Thread (nullptr), m_Service (nullptr), m_Work (nullptr),	
-		m_Keys (keys), m_CurrentOutboundTunnel (nullptr), m_LeaseSet (nullptr), m_IsPublic (isPublic),
-		m_DatagramDestination (nullptr)
-	{
-		CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
-		dh.GenerateKeyPair(i2p::context.GetRandomNumberGenerator (), m_EncryptionPrivateKey, m_EncryptionPublicKey);
-		m_Pool = i2p::tunnel::tunnels.CreateTunnelPool (*this, 3); // 3-hops tunnel 
+		m_Pool = i2p::tunnel::tunnels.CreateTunnelPool (this, inboundTunnelLen, outboundTunnelLen);  
 		if (m_IsPublic)
-			LogPrint ("Local address ", GetIdentHash ().ToBase32 (), ".b32.i2p created");
-		m_StreamingDestination = new i2p::stream::StreamingDestination (*this); // TODO:
+			LogPrint (eLogInfo, "Local address ", i2p::client::GetB32Address(GetIdentHash()), " created");
+		m_StreamingDestination = std::make_shared<i2p::stream::StreamingDestination> (*this); // TODO:
 	}
 
 	ClientDestination::~ClientDestination ()
 	{
-		Stop ();
-		for (auto it: m_RemoteLeaseSets)
+		if (m_IsRunning)	
+			Stop ();
+		for (auto it: m_LeaseSetRequests)
 			delete it.second;
 		if (m_Pool)
 			i2p::tunnel::tunnels.DeleteTunnelPool (m_Pool);		
-		delete m_LeaseSet;
-		delete m_Work;
-		delete m_Service;
-		delete m_StreamingDestination;
-		delete m_DatagramDestination;
+		if (m_DatagramDestination)
+			delete m_DatagramDestination;
 	}	
 
 	void ClientDestination::Run ()
 	{
-		if (m_Service)
-			m_Service->run ();
+		while (m_IsRunning)
+		{
+			try
+			{	
+				m_Service.run ();
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint ("Destination: ", ex.what ());
+			}	
+		}	
 	}	
 
 	void ClientDestination::Start ()
 	{	
-		m_Service = new boost::asio::io_service;
-		m_Work = new boost::asio::io_service::work (*m_Service);
-		m_Pool->SetActive (true);
-		m_IsRunning = true;
-		m_Thread = new std::thread (std::bind (&ClientDestination::Run, this));
-		m_StreamingDestination->Start ();	
+		if (!m_IsRunning)
+		{	
+			m_IsRunning = true;
+			m_Pool->SetLocalDestination (this);
+			m_Pool->SetActive (true);
+			m_Thread = new std::thread (std::bind (&ClientDestination::Run, this));
+			m_StreamingDestination->Start ();	
+			for (auto it: m_StreamingDestinationsByPorts)
+				it.second->Start ();
+			
+			m_CleanupTimer.expires_from_now (boost::posix_time::minutes (DESTINATION_CLEANUP_TIMEOUT));
+			m_CleanupTimer.async_wait (std::bind (&ClientDestination::HandleCleanupTimer,
+				this, std::placeholders::_1));
+		}	
 	}
 		
 	void ClientDestination::Stop ()
 	{	
-		m_StreamingDestination->Stop ();	
-		if (m_Pool)
-			i2p::tunnel::tunnels.StopTunnelPool (m_Pool);
-		m_IsRunning = false;
-		if (m_Service)
-			m_Service->stop ();
-		if (m_Thread)
+		if (m_IsRunning)
 		{	
-			m_Thread->join (); 
-			delete m_Thread;
-			m_Thread = 0;
+			m_CleanupTimer.cancel ();
+			m_IsRunning = false;
+			m_StreamingDestination->Stop ();	
+			for (auto it: m_StreamingDestinationsByPorts)
+				it.second->Stop ();
+			if (m_DatagramDestination)
+			{
+				auto d = m_DatagramDestination;
+				m_DatagramDestination = nullptr;
+				delete d;
+			}	
+			if (m_Pool)
+			{	
+				m_Pool->SetLocalDestination (nullptr);
+				i2p::tunnel::tunnels.StopTunnelPool (m_Pool);
+			}	
+			m_Service.stop ();
+			if (m_Thread)
+			{	
+				m_Thread->join (); 
+				delete m_Thread;
+				m_Thread = 0;
+			}	
 		}	
-		delete m_Work; m_Work = nullptr;
-		delete m_Service; m_Service = nullptr;
 	}	
 
-	const i2p::data::LeaseSet * ClientDestination::FindLeaseSet (const i2p::data::IdentHash& ident)
+	std::shared_ptr<const i2p::data::LeaseSet> ClientDestination::FindLeaseSet (const i2p::data::IdentHash& ident)
 	{
 		auto it = m_RemoteLeaseSets.find (ident);
 		if (it != m_RemoteLeaseSets.end ())
@@ -130,17 +134,13 @@ namespace client
 			if (it->second->HasNonExpiredLeases ())
 				return it->second;
 			else
-			{
-				LogPrint ("All leases of remote LeaseSet expired. Request it");
-				i2p::data::netdb.RequestDestination (ident, true, m_Pool);
-			}	
+				LogPrint ("All leases of remote LeaseSet expired");
 		}	
 		else
 		{	
 			auto ls = i2p::data::netdb.FindLeaseSet (ident);
 			if (ls)
 			{
-				ls = new i2p::data::LeaseSet (*ls);
 				m_RemoteLeaseSets[ident] = ls;			
 				return ls;
 			}	
@@ -169,40 +169,44 @@ namespace client
 		}	
 	}	
 
-	void ClientDestination::SendTunnelDataMsgs (const std::vector<i2p::tunnel::TunnelMessageBlock>& msgs)
+	bool ClientDestination::SubmitSessionKey (const uint8_t * key, const uint8_t * tag)
 	{
-		m_CurrentOutboundTunnel = m_Pool->GetNextOutboundTunnel (m_CurrentOutboundTunnel);
-		if (m_CurrentOutboundTunnel)
-			m_CurrentOutboundTunnel->SendTunnelDataMsg (msgs);
-		else
+		struct
 		{
-			LogPrint ("No outbound tunnels in the pool");
-			for (auto it: msgs)
-				DeleteI2NPMessage (it.data);
-		}
+			uint8_t k[32], t[32];
+		} data;	
+		memcpy (data.k, key, 32);
+		memcpy (data.t, tag, 32);
+		m_Service.post ([this,data](void)
+			{
+				this->AddSessionKey (data.k, data.t);
+			});
+		return true;
 	}
 
 	void ClientDestination::ProcessGarlicMessage (I2NPMessage * msg)
 	{
-		m_Service->post (boost::bind (&ClientDestination::HandleGarlicMessage, this, msg)); 
+		m_Service.post (std::bind (&ClientDestination::HandleGarlicMessage, this, msg)); 
 	}
 
 	void ClientDestination::ProcessDeliveryStatusMessage (I2NPMessage * msg)
 	{
-		m_Service->post (boost::bind (&ClientDestination::HandleDeliveryStatusMessage, this, msg)); 
+		m_Service.post (std::bind (&ClientDestination::HandleDeliveryStatusMessage, this, msg)); 
 	}
 
-	void ClientDestination::HandleI2NPMessage (const uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from)
+	void ClientDestination::HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
-		I2NPHeader * header = (I2NPHeader *)buf;
-		switch (header->typeID)
+		uint8_t typeID = buf[I2NP_HEADER_TYPEID_OFFSET];
+		switch (typeID)
 		{	
 			case eI2NPData:
-				HandleDataMessage (buf + sizeof (I2NPHeader), be16toh (header->size));
+				HandleDataMessage (buf + I2NP_HEADER_SIZE, bufbe16toh (buf + I2NP_HEADER_SIZE_OFFSET));
 			break;
 			case eI2NPDatabaseStore:
-				HandleDatabaseStoreMessage (buf + sizeof (I2NPHeader), be16toh (header->size));
-				i2p::HandleI2NPMessage (CreateI2NPMessage (buf, GetI2NPMessageLength (buf), from)); // TODO: remove
+				HandleDatabaseStoreMessage (buf + I2NP_HEADER_SIZE, bufbe16toh (buf + I2NP_HEADER_SIZE_OFFSET));
+			break;
+			case eI2NPDatabaseSearchReply:
+				HandleDatabaseSearchReplyMessage (buf + I2NP_HEADER_SIZE, bufbe16toh (buf + I2NP_HEADER_SIZE_OFFSET));
 			break;	
 			default:
 				i2p::HandleI2NPMessage (CreateI2NPMessage (buf, GetI2NPMessageLength (buf), from));
@@ -211,27 +215,97 @@ namespace client
 
 	void ClientDestination::HandleDatabaseStoreMessage (const uint8_t * buf, size_t len)
 	{
-		I2NPDatabaseStoreMsg * msg = (I2NPDatabaseStoreMsg *)buf;
-		size_t offset = sizeof (I2NPDatabaseStoreMsg);
-		if (msg->replyToken) // TODO:
-			offset += 36;
-		if (msg->type == 1) // LeaseSet
+		uint32_t replyToken = bufbe32toh (buf + DATABASE_STORE_REPLY_TOKEN_OFFSET);
+		size_t offset = DATABASE_STORE_HEADER_SIZE;
+		if (replyToken) 
 		{
-			LogPrint ("Remote LeaseSet");
-			auto it = m_RemoteLeaseSets.find (msg->key);
+			LogPrint (eLogInfo, "Reply token is ignored for DatabaseStore");
+			offset += 36;
+		}
+		if (buf[DATABASE_STORE_TYPE_OFFSET] == 1) // LeaseSet
+		{
+			LogPrint (eLogDebug, "Remote LeaseSet");
+			auto it = m_RemoteLeaseSets.find (buf + DATABASE_STORE_KEY_OFFSET);
 			if (it != m_RemoteLeaseSets.end ())
 			{
 				it->second->Update (buf + offset, len - offset); 
-				LogPrint ("Remote LeaseSet updated");
+				LogPrint (eLogDebug, "Remote LeaseSet updated");
 			}
 			else
 			{	
-				LogPrint ("New remote LeaseSet added");
-				m_RemoteLeaseSets[msg->key] = new i2p::data::LeaseSet (buf + offset, len - offset);
+				LogPrint (eLogDebug, "New remote LeaseSet added");
+				m_RemoteLeaseSets[buf + DATABASE_STORE_KEY_OFFSET] = std::make_shared<i2p::data::LeaseSet> (buf + offset, len - offset);
 			}	
 		}	
 		else
-			LogPrint ("Unexpected client's DatabaseStore type ", msg->type, ". Dropped");
+			LogPrint (eLogError, "Unexpected client's DatabaseStore type ", buf[DATABASE_STORE_TYPE_OFFSET], ". Dropped");
+		
+		auto it1 = m_LeaseSetRequests.find (buf + DATABASE_STORE_KEY_OFFSET);
+		if (it1 != m_LeaseSetRequests.end ())
+		{
+			it1->second->requestTimeoutTimer.cancel ();
+			if (it1->second->requestComplete) it1->second->requestComplete (true);
+			delete it1->second;
+			m_LeaseSetRequests.erase (it1);
+		}	
+	}
+
+	void ClientDestination::HandleDatabaseSearchReplyMessage (const uint8_t * buf, size_t len)
+	{
+		i2p::data::IdentHash key (buf);
+		int num = buf[32]; // num
+		LogPrint ("DatabaseSearchReply for ", key.ToBase64 (), " num=", num);
+		auto it = m_LeaseSetRequests.find (key);
+		if (it != m_LeaseSetRequests.end ())
+		{
+			LeaseSetRequest * request = it->second;
+			bool found = false;
+			if (request->excluded.size () < MAX_NUM_FLOODFILLS_PER_REQUEST)
+			{	
+				for (int i = 0; i < num; i++)
+				{
+					i2p::data::IdentHash peerHash (buf + 33 + i*32);
+					auto floodfill = i2p::data::netdb.FindRouter (peerHash);
+					if (floodfill)
+					{
+						LogPrint (eLogInfo, "Requesting ", key.ToBase64 (), " at ", peerHash.ToBase64 ());
+						if (SendLeaseSetRequest (key, floodfill, request))
+							found = true;
+					}	
+					else
+					{	
+						LogPrint (eLogInfo, "Found new floodfill. Request it");
+						i2p::data::netdb.RequestDestination (peerHash);
+					}	
+				}
+				if (!found)
+					LogPrint (eLogError, "Suggested floodfills are not presented in netDb"); 
+			}	
+			else
+				LogPrint (eLogInfo, key.ToBase64 (), " was not found on ",  MAX_NUM_FLOODFILLS_PER_REQUEST," floodfills");
+			if (!found)
+			{
+				if (request->requestComplete) request->requestComplete (false);
+				delete request;
+				m_LeaseSetRequests.erase (key);
+			}	
+		}	
+		else	
+			LogPrint ("Request for ", key.ToBase64 (), " not found");
+	}	
+		
+	void ClientDestination::HandleDeliveryStatusMessage (I2NPMessage * msg)
+	{
+		uint32_t msgID = bufbe32toh (msg->GetPayload () + DELIVERY_STATUS_MSGID_OFFSET);
+		if (msgID == m_PublishReplyToken)
+		{
+			LogPrint (eLogDebug, "Publishing confirmed");
+			m_ExcludedFloodfills.clear ();
+			m_PublishReplyToken = 0;
+			i2p::DeleteI2NPMessage (msg);
+		}
+		else
+			i2p::garlic::GarlicDestination::HandleDeliveryStatusMessage (msg);
 	}	
 
 	void ClientDestination::SetLeaseSetUpdated ()
@@ -239,27 +313,81 @@ namespace client
 		i2p::garlic::GarlicDestination::SetLeaseSetUpdated ();	
 		UpdateLeaseSet ();
 		if (m_IsPublic)
-			i2p::data::netdb.PublishLeaseSet (m_LeaseSet, m_Pool);
+			Publish ();
+	}
+		
+	void ClientDestination::Publish ()
+	{	
+		if (!m_LeaseSet || !m_Pool) 
+		{
+			LogPrint (eLogError, "Can't publish non-existing LeaseSet");
+			return;
+		}
+		if (m_PublishReplyToken)
+		{
+			LogPrint (eLogInfo, "Publishing is pending");
+			return;
+		}
+		auto outbound = m_Pool->GetNextOutboundTunnel ();
+		if (!outbound)
+		{
+			LogPrint ("Can't publish LeaseSet. No outbound tunnels");
+			return;
+		}
+		std::set<i2p::data::IdentHash> excluded; 
+		auto floodfill = i2p::data::netdb.GetClosestFloodfill (m_LeaseSet->GetIdentHash (), m_ExcludedFloodfills);	
+		if (!floodfill)
+		{
+			LogPrint ("Can't publish LeaseSet. No more floodfills found");
+			m_ExcludedFloodfills.clear ();
+			return;
+		}	
+		m_ExcludedFloodfills.insert (floodfill->GetIdentHash ());
+		LogPrint (eLogDebug, "Publish LeaseSet of ", GetIdentHash ().ToBase32 ());
+		m_PublishReplyToken = i2p::context.GetRandomNumberGenerator ().GenerateWord32 ();
+		auto msg = WrapMessage (floodfill, i2p::CreateDatabaseStoreMsg (m_LeaseSet, m_PublishReplyToken));			
+		m_PublishConfirmationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_CONFIRMATION_TIMEOUT));
+		m_PublishConfirmationTimer.async_wait (std::bind (&ClientDestination::HandlePublishConfirmationTimer,
+			this, std::placeholders::_1));	
+		outbound->SendTunnelDataMsg (floodfill->GetIdentHash (), 0, msg);	
+	}
+
+	void ClientDestination::HandlePublishConfirmationTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{	
+			if (m_PublishReplyToken)
+			{
+				LogPrint (eLogWarning, "Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT,  "seconds. Try again");
+				m_PublishReplyToken = 0;
+				Publish ();
+			}
+		}
 	}
 
 	void ClientDestination::HandleDataMessage (const uint8_t * buf, size_t len)
 	{
-		uint32_t length = be32toh (*(uint32_t *)buf);
+		uint32_t length = bufbe32toh (buf);
 		buf += 4;
 		// we assume I2CP payload
+		uint16_t fromPort = bufbe16toh (buf + 4), // source
+			toPort = bufbe16toh (buf + 6); // destination 
 		switch (buf[9])
 		{
 			case PROTOCOL_TYPE_STREAMING:
+			{
 				// streaming protocol
-				if (m_StreamingDestination)
-					m_StreamingDestination->HandleDataMessagePayload (buf, length);
+				auto dest = GetStreamingDestination (toPort);
+				if (dest)
+					dest->HandleDataMessagePayload (buf, length);
 				else
 					LogPrint ("Missing streaming destination");
+			}
 			break;
 			case PROTOCOL_TYPE_DATAGRAM:
 				// datagram protocol
 				if (m_DatagramDestination)
-					m_DatagramDestination->HandleDataMessagePayload (buf, length);
+					m_DatagramDestination->HandleDataMessagePayload (fromPort, toPort, buf, length);
 				else
 					LogPrint ("Missing streaming destination");
 			break;
@@ -268,14 +396,51 @@ namespace client
 		}
 	}	
 
-	i2p::stream::Stream * ClientDestination::CreateStream (const i2p::data::LeaseSet& remote, int port)
+	void ClientDestination::CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, int port) {
+		assert(streamRequestComplete);
+		auto leaseSet = FindLeaseSet (dest);
+		if (leaseSet)
+			streamRequestComplete(CreateStream (leaseSet, port));
+		else
+		{
+			RequestDestination (dest,
+				[this, streamRequestComplete, dest, port](bool success)
+				{
+					if (!success)
+						streamRequestComplete (nullptr);
+					else
+					{
+						auto leaseSet = FindLeaseSet (dest);
+						if (leaseSet)
+							streamRequestComplete(CreateStream (leaseSet, port));
+						else
+							streamRequestComplete (nullptr);
+					}
+				});
+		}
+	}
+
+	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port)
 	{
 		if (m_StreamingDestination)
 			return m_StreamingDestination->CreateNewOutgoingStream (remote, port);
-		return nullptr;	
-	}		
+		else
+			return nullptr;
+	}
 
-	void ClientDestination::AcceptStreams (const std::function<void (i2p::stream::Stream *)>& acceptor)
+	std::shared_ptr<i2p::stream::StreamingDestination> ClientDestination::GetStreamingDestination (int port) const 
+	{ 
+		if (port) 
+		{
+			auto it = m_StreamingDestinationsByPorts.find (port);
+			if (it != m_StreamingDestinationsByPorts.end ())
+				return it->second;
+		}	
+		// if port is zero or not found, use default destination
+		return m_StreamingDestination; 
+	}
+		
+	void ClientDestination::AcceptStreams (const i2p::stream::StreamingDestination::Acceptor& acceptor)
 	{
 		if (m_StreamingDestination)
 			m_StreamingDestination->SetAcceptor (acceptor);
@@ -286,7 +451,7 @@ namespace client
 		if (m_StreamingDestination)
 			m_StreamingDestination->ResetAcceptor ();
 	}
-
+		
 	bool ClientDestination::IsAcceptingStreams () const
 	{
 		if (m_StreamingDestination)
@@ -294,10 +459,163 @@ namespace client
 		return false;
 	}	
 
-	void ClientDestination::CreateDatagramDestination ()
+	std::shared_ptr<i2p::stream::StreamingDestination> ClientDestination::CreateStreamingDestination (int port)
+	{
+		auto dest = std::make_shared<i2p::stream::StreamingDestination> (*this, port); 
+		if (port)
+			m_StreamingDestinationsByPorts[port] = dest;
+		else // update default 
+			m_StreamingDestination = dest;
+		return dest;
+	}	
+		
+	i2p::datagram::DatagramDestination * ClientDestination::CreateDatagramDestination ()
 	{
 		if (!m_DatagramDestination)
 			m_DatagramDestination = new i2p::datagram::DatagramDestination (*this);
+		return m_DatagramDestination;	
+	}
+
+	bool ClientDestination::RequestDestination (const i2p::data::IdentHash& dest, RequestComplete requestComplete)
+	{
+		if (!m_Pool || !IsReady ()) 
+		{	
+			if (requestComplete) requestComplete (false);
+			return false;
+		}	
+		m_Service.post (std::bind (&ClientDestination::RequestLeaseSet, this, dest, requestComplete));
+		return true;
+	}
+
+	void ClientDestination::RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete)
+	{
+		std::set<i2p::data::IdentHash> excluded;
+		auto floodfill = i2p::data::netdb.GetClosestFloodfill (dest, excluded);
+		if (floodfill)
+		{
+			LeaseSetRequest * request = new LeaseSetRequest (m_Service);
+			request->requestComplete = requestComplete;
+			auto ret = m_LeaseSetRequests.insert (std::pair<i2p::data::IdentHash, LeaseSetRequest *>(dest,request));
+			if (ret.second) // inserted
+			{
+				if (!SendLeaseSetRequest (dest, floodfill, request))
+				{
+					// request failed
+					if (request->requestComplete) request->requestComplete (false);
+					delete request;
+					m_LeaseSetRequests.erase (dest);
+				}
+			}	
+			else // duplicate
+			{
+				LogPrint (eLogError, "Request of ", dest.ToBase64 (), " is pending already");
+				// TODO: queue up requests
+				if (request->requestComplete) request->requestComplete (false);
+				delete request;
+			}	
+		}	
+		else
+			LogPrint (eLogError, "No floodfills found");	
+	}	
+		
+	bool ClientDestination::SendLeaseSetRequest (const i2p::data::IdentHash& dest, 
+		std::shared_ptr<const i2p::data::RouterInfo>  nextFloodfill, LeaseSetRequest * request)
+	{
+		auto replyTunnel = m_Pool->GetNextInboundTunnel ();
+		if (!replyTunnel) LogPrint (eLogError, "No inbound tunnels found");	
+		
+		auto outboundTunnel = m_Pool->GetNextOutboundTunnel ();
+		if (!outboundTunnel) LogPrint (eLogError, "No outbound tunnels found");		
+			
+		if (replyTunnel && outboundTunnel)
+		{	
+			request->excluded.insert (nextFloodfill->GetIdentHash ());
+			request->requestTime = i2p::util::GetSecondsSinceEpoch ();
+			request->requestTimeoutTimer.cancel ();
+
+			CryptoPP::AutoSeededRandomPool rnd;
+			uint8_t replyKey[32], replyTag[32];
+			rnd.GenerateBlock (replyKey, 32); // random session key 
+			rnd.GenerateBlock (replyTag, 32); // random session tag
+			AddSessionKey (replyKey, replyTag);
+
+			I2NPMessage * msg = WrapMessage (nextFloodfill,
+				CreateLeaseSetDatabaseLookupMsg (dest, request->excluded, 
+					replyTunnel.get (), replyKey, replyTag));
+			outboundTunnel->SendTunnelDataMsg (
+				{
+					i2p::tunnel::TunnelMessageBlock 
+					{ 
+						i2p::tunnel::eDeliveryTypeRouter,
+						nextFloodfill->GetIdentHash (), 0, msg
+					}
+				});	
+			request->requestTimeoutTimer.expires_from_now (boost::posix_time::seconds(LEASESET_REQUEST_TIMEOUT));
+			request->requestTimeoutTimer.async_wait (std::bind (&ClientDestination::HandleRequestTimoutTimer,
+				this, std::placeholders::_1, dest));
+		}	
+		else
+			return false;
+		return true;
+	}	
+
+	void ClientDestination::HandleRequestTimoutTimer (const boost::system::error_code& ecode, const i2p::data::IdentHash& dest)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			auto it = m_LeaseSetRequests.find (dest);
+			if (it != m_LeaseSetRequests.end ())
+			{
+				bool done = false;
+				uint64_t ts = i2p::util::GetSecondsSinceEpoch ();
+				if (ts < it->second->requestTime + MAX_LEASESET_REQUEST_TIMEOUT)
+				{
+					auto floodfill = i2p::data::netdb.GetClosestFloodfill (dest, it->second->excluded);
+					if (floodfill)
+						 done = !SendLeaseSetRequest (dest, floodfill, it->second);
+					else
+						done = true;
+				}
+				else
+				{	
+					LogPrint (eLogInfo, dest.ToBase64 (), " was not found within ",  MAX_LEASESET_REQUEST_TIMEOUT, " seconds");
+					done = true;
+				}
+				
+				if (done)
+				{
+					if (it->second->requestComplete) it->second->requestComplete (false);
+					delete it->second;
+					m_LeaseSetRequests.erase (it);
+				}	
+			}	
+		}	
+	}
+
+	void ClientDestination::HandleCleanupTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			CleanupRoutingSessions ();
+			CleanupRemoteLeaseSets ();
+			m_CleanupTimer.expires_from_now (boost::posix_time::minutes (DESTINATION_CLEANUP_TIMEOUT));
+			m_CleanupTimer.async_wait (std::bind (&ClientDestination::HandleCleanupTimer,
+				this, std::placeholders::_1));
+		}
+	}	
+
+	void ClientDestination::CleanupRemoteLeaseSets ()
+	{
+		for (auto it = m_RemoteLeaseSets.begin (); it != m_RemoteLeaseSets.end ();)
+		{
+			if (!it->second->HasNonExpiredLeases ()) // all leases expired
+			{
+				LogPrint ("Remote LeaseSet ", it->second->GetIdentHash ().ToBase64 (), " expired");
+				it = m_RemoteLeaseSets.erase (it);
+			}	
+			else 
+				it++;
+		}
 	}
 }
 }

Destination.h

@@ -3,11 +3,18 @@
 
 #include <thread>
 #include <mutex>
+#include <memory>
+#include <map>
+#include <set>
+#include <string>
+#include <functional>
+#include <boost/asio.hpp>
 #include "Identity.h"
 #include "TunnelPool.h"
 #include "CryptoConst.h"
 #include "LeaseSet.h"
 #include "Garlic.h"
+#include "NetDb.h"
 #include "Streaming.h"
 #include "Datagram.h"
 
@@ -18,37 +25,61 @@ namespace client
 	const uint8_t PROTOCOL_TYPE_STREAMING = 6;
 	const uint8_t PROTOCOL_TYPE_DATAGRAM = 17;
 	const uint8_t PROTOCOL_TYPE_RAW = 18;	
+	const int PUBLISH_CONFIRMATION_TIMEOUT = 5; // in seconds
+	const int LEASESET_REQUEST_TIMEOUT = 5; // in seconds
+	const int MAX_LEASESET_REQUEST_TIMEOUT = 40; // in seconds
+	const int MAX_NUM_FLOODFILLS_PER_REQUEST = 7;
+	const int DESTINATION_CLEANUP_TIMEOUT = 20; // in minutes 
+	
+	// I2CP
+	const char I2CP_PARAM_INBOUND_TUNNEL_LENGTH[] = "inbound.length";
+	const int DEFAULT_INBOUND_TUNNEL_LENGTH = 3;
+	const char I2CP_PARAM_OUTBOUND_TUNNEL_LENGTH[] = "outbound.length";
+	const int DEFAULT_OUTBOUND_TUNNEL_LENGTH = 3;
+	const int STREAM_REQUEST_TIMEOUT = 60; //in seconds
+
+	typedef std::function<void (std::shared_ptr<i2p::stream::Stream> stream)> StreamRequestComplete;
 
 	class ClientDestination: public i2p::garlic::GarlicDestination
 	{
+		typedef std::function<void (bool success)> RequestComplete;
+		struct LeaseSetRequest
+		{
+			LeaseSetRequest (boost::asio::io_service& service): requestTime (0), requestTimeoutTimer (service) {};
+			std::set<i2p::data::IdentHash> excluded;
+			uint64_t requestTime;
+			boost::asio::deadline_timer requestTimeoutTimer;
+			RequestComplete requestComplete;
+		};	
+		
+		
 		public:
 
-			ClientDestination (bool isPublic, i2p::data::SigningKeyType sigType);
-			ClientDestination (const std::string& fullPath, bool isPublic);
-			ClientDestination (const i2p::data::PrivateKeys& keys, bool isPublic);
+			ClientDestination (const i2p::data::PrivateKeys& keys, bool isPublic, const std::map<std::string, std::string> * params = nullptr);
 			~ClientDestination ();	
 
 			virtual void Start ();
 			virtual void Stop ();
 			bool IsRunning () const { return m_IsRunning; };
-			boost::asio::io_service * GetService () { return m_Service; };
-			i2p::tunnel::TunnelPool * GetTunnelPool () { return m_Pool; }; 
+			boost::asio::io_service& GetService () { return m_Service; };
+			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () { return m_Pool; }; 
 			bool IsReady () const { return m_LeaseSet && m_LeaseSet->HasNonExpiredLeases (); };
-
-			void ResetCurrentOutboundTunnel () { m_CurrentOutboundTunnel = nullptr; };
-			const i2p::data::LeaseSet * FindLeaseSet (const i2p::data::IdentHash& ident);
-			void SendTunnelDataMsgs (const std::vector<i2p::tunnel::TunnelMessageBlock>& msgs);
-
+			std::shared_ptr<const i2p::data::LeaseSet> FindLeaseSet (const i2p::data::IdentHash& ident);
+			bool RequestDestination (const i2p::data::IdentHash& dest, RequestComplete requestComplete = nullptr);
+			
 			// streaming
-			i2p::stream::StreamingDestination * GetStreamingDestination () const { return m_StreamingDestination; };
-			i2p::stream::Stream * CreateStream (const i2p::data::LeaseSet& remote, int port = 0);
-			void AcceptStreams (const std::function<void (i2p::stream::Stream *)>& acceptor);
+			std::shared_ptr<i2p::stream::StreamingDestination> CreateStreamingDestination (int port); // additional
+			std::shared_ptr<i2p::stream::StreamingDestination> GetStreamingDestination (int port = 0) const;
+			// following methods operate with default streaming destination
+			void CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, int port = 0);
+			std::shared_ptr<i2p::stream::Stream> CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port = 0);
+			void AcceptStreams (const i2p::stream::StreamingDestination::Acceptor& acceptor);
 			void StopAcceptingStreams ();
 			bool IsAcceptingStreams () const;
-
+			
 			// datagram
 			i2p::datagram::DatagramDestination * GetDatagramDestination () const { return m_DatagramDestination; };
-			void CreateDatagramDestination ();
+			i2p::datagram::DatagramDestination * CreateDatagramDestination ();
 
 			// implements LocalDestination
 			const i2p::data::PrivateKeys& GetPrivateKeys () const { return m_Keys; };
@@ -57,9 +88,10 @@ namespace client
 			
 			// implements GarlicDestination
 			const i2p::data::LeaseSet * GetLeaseSet ();
-			void HandleI2NPMessage (const uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from);
+			void HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
 
 			// override GarlicDestination
+			bool SubmitSessionKey (const uint8_t * key, const uint8_t * tag);
 			void ProcessGarlicMessage (I2NPMessage * msg);
 			void ProcessDeliveryStatusMessage (I2NPMessage * msg);	
 			void SetLeaseSetUpdated ();
@@ -71,26 +103,41 @@ namespace client
 				
 			void Run ();			
 			void UpdateLeaseSet ();
-			void HandleDatabaseStoreMessage (const uint8_t * buf, size_t len);			
+			void Publish ();
+			void HandlePublishConfirmationTimer (const boost::system::error_code& ecode);
+			void HandleDatabaseStoreMessage (const uint8_t * buf, size_t len);
+			void HandleDatabaseSearchReplyMessage (const uint8_t * buf, size_t len);
+			void HandleDeliveryStatusMessage (I2NPMessage * msg);		
 
+			void RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete);
+			bool SendLeaseSetRequest (const i2p::data::IdentHash& dest, std::shared_ptr<const i2p::data::RouterInfo>  nextFloodfill, LeaseSetRequest * request);	
+			void HandleRequestTimoutTimer (const boost::system::error_code& ecode, const i2p::data::IdentHash& dest);
+			void HandleCleanupTimer (const boost::system::error_code& ecode);
+			void CleanupRemoteLeaseSets ();
+			
 		private:
 
-			bool m_IsRunning;
+			volatile bool m_IsRunning;
 			std::thread * m_Thread;	
-			boost::asio::io_service * m_Service;
-			boost::asio::io_service::work * m_Work;
+			boost::asio::io_service m_Service;
+			boost::asio::io_service::work m_Work;
 			i2p::data::PrivateKeys m_Keys;
 			uint8_t m_EncryptionPublicKey[256], m_EncryptionPrivateKey[256];
-			std::map<i2p::data::IdentHash, i2p::data::LeaseSet *> m_RemoteLeaseSets;
+			std::map<i2p::data::IdentHash, std::shared_ptr<i2p::data::LeaseSet> > m_RemoteLeaseSets;
+			std::map<i2p::data::IdentHash, LeaseSetRequest *> m_LeaseSetRequests;
 
-			i2p::tunnel::TunnelPool * m_Pool;
-			i2p::tunnel::OutboundTunnel * m_CurrentOutboundTunnel;
+			std::shared_ptr<i2p::tunnel::TunnelPool> m_Pool;
 			i2p::data::LeaseSet * m_LeaseSet;
 			bool m_IsPublic;
-		
-			i2p::stream::StreamingDestination * m_StreamingDestination;
+			uint32_t m_PublishReplyToken;
+			std::set<i2p::data::IdentHash> m_ExcludedFloodfills; // for publishing
+			
+			std::shared_ptr<i2p::stream::StreamingDestination> m_StreamingDestination; // default
+			std::map<uint16_t, std::shared_ptr<i2p::stream::StreamingDestination> > m_StreamingDestinationsByPorts;
 			i2p::datagram::DatagramDestination * m_DatagramDestination;
 	
+			boost::asio::deadline_timer m_PublishConfirmationTimer, m_CleanupTimer;
+
 		public:
 			
 			// for HTTP only

ElGamal.h

@@ -4,6 +4,7 @@
 #include <inttypes.h>
 #include <cryptopp/integer.h>
 #include <cryptopp/osrng.h>
+#include <cryptopp/dh.h>
 #include <cryptopp/sha.h>
 #include "CryptoConst.h"
 #include "Log.h"
@@ -17,10 +18,12 @@ namespace crypto
 	{
 		public:
 
-			ElGamalEncryption (const uint8_t * key):
-				y (key, 256), k (rnd, CryptoPP::Integer::One(), elgp-1),
-				a (a_exp_b_mod_c (elgg, k, elgp)), b1 (a_exp_b_mod_c (y, k, elgp))
+			ElGamalEncryption (const uint8_t * key)
 			{
+				CryptoPP::AutoSeededRandomPool rnd;	
+				CryptoPP::Integer y (key, 256), k (rnd, CryptoPP::Integer::One(), elgp-1);
+				a = a_exp_b_mod_c (elgg, k, elgp);
+				b1 = a_exp_b_mod_c (y, k, elgp);
 			}
 
 			void Encrypt (const uint8_t * data, int len, uint8_t * encrypted, bool zeroPadding = false)
@@ -49,9 +52,7 @@ namespace crypto
 
 		private:
 
-			CryptoPP::AutoSeededRandomPool rnd;	
-			CryptoPP::Integer y, k, a, b1;	
-			bool m_ZeroPadding;	
+			CryptoPP::Integer a, b1;	
 	};
 
 	inline bool ElGamalDecrypt (const uint8_t * key, const uint8_t * encrypted, 
@@ -71,6 +72,17 @@ namespace crypto
 		memcpy (data, m + 33, 222);
 		return true;
 	}	
+
+	inline void GenerateElGamalKeyPair (CryptoPP::RandomNumberGenerator& rnd, uint8_t * priv, uint8_t * pub)
+	{
+#if defined(__x86_64__) || defined(__i386__) || defined(_MSC_VER)	
+		rnd.GenerateBlock (priv, 256);
+		a_exp_b_mod_c (elgg, CryptoPP::Integer (priv, 256), elgp).Encode (pub, 256);
+#else
+		CryptoPP::DH dh (elgp, elgg);
+		dh.GenerateKeyPair(rnd, priv, pub);	
+#endif		
+	}	
 }
 }	
 

Garlic.cpp

@@ -15,9 +15,9 @@ namespace i2p
 namespace garlic
 {
 	GarlicRoutingSession::GarlicRoutingSession (GarlicDestination * owner, 
-	    const i2p::data::RoutingDestination * destination, int numTags):
+	    std::shared_ptr<const i2p::data::RoutingDestination> destination, int numTags):
 		m_Owner (owner), m_Destination (destination), m_NumTags (numTags), 
-		m_LeaseSetUpdated (numTags > 0)
+		m_LeaseSetUpdateStatus (numTags > 0 ? eLeaseSetUpdated : eLeaseSetUpToDate)
 	{
 		// create new session tags and session key
 		m_Rnd.GenerateBlock (m_SessionKey, 32);
@@ -25,7 +25,7 @@ namespace garlic
 	}	
 
 	GarlicRoutingSession::GarlicRoutingSession (const uint8_t * sessionKey, const SessionTag& sessionTag):
-		m_Owner (nullptr), m_Destination (nullptr), m_NumTags (1), m_LeaseSetUpdated (false)
+		m_Owner (nullptr), m_Destination (nullptr), m_NumTags (1), m_LeaseSetUpdateStatus (eLeaseSetUpToDate)
 	{
 		memcpy (m_SessionKey, sessionKey, 32);
 		m_Encryption.SetKey (m_SessionKey);
@@ -51,13 +51,25 @@ namespace garlic
 		}			
 		return tags;	
 	}
-	
+
+	void GarlicRoutingSession::MessageConfirmed (uint32_t msgID)
+	{
+		TagsConfirmed (msgID);
+		if (msgID == m_LeaseSetUpdateMsgID)
+		{	
+			m_LeaseSetUpdateStatus = eLeaseSetUpToDate;
+			LogPrint (eLogInfo, "LeaseSet update confirmed");
+		}	
+		else
+			CleanupExpiredTags ();
+	}	
+		
 	void GarlicRoutingSession::TagsConfirmed (uint32_t msgID) 
 	{ 
-		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
 		auto it = m_UnconfirmedTagsMsgs.find (msgID);	
 		if (it != m_UnconfirmedTagsMsgs.end ())
 		{
+			uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
 			UnconfirmedTags * tags = it->second;
 			if (ts < tags->tagsCreationTime + OUTGOING_TAGS_EXPIRATION_TIMEOUT)
 			{	
@@ -67,22 +79,38 @@ namespace garlic
 			m_UnconfirmedTagsMsgs.erase (it);
 			delete tags;
 		}
+	}
+
+	bool GarlicRoutingSession::CleanupExpiredTags ()
+	{
+		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
+		for (auto it = m_SessionTags.begin (); it != m_SessionTags.end ();)
+		{
+			if (ts >= it->creationTime + OUTGOING_TAGS_EXPIRATION_TIMEOUT)
+				it = m_SessionTags.erase (it);
+			else 
+				it++;
+		}
 		// delete expired unconfirmed tags
 		for (auto it = m_UnconfirmedTagsMsgs.begin (); it != m_UnconfirmedTagsMsgs.end ();)
 		{
 			if (ts >= it->second->tagsCreationTime + OUTGOING_TAGS_EXPIRATION_TIMEOUT)
 			{
+				if (m_Owner)
+					m_Owner->RemoveCreatedSession (it->first);
 				delete it->second;
 				it = m_UnconfirmedTagsMsgs.erase (it);
 			}	
 			else
 				it++;
 		}	
-	}
+		return !m_SessionTags.empty () || m_UnconfirmedTagsMsgs.empty ();
+ 	}
 
 	I2NPMessage * GarlicRoutingSession::WrapSingleMessage (I2NPMessage * msg)
 	{
 		I2NPMessage * m = NewI2NPMessage ();
+		m->Align (12); // in order to get buf aligned to 16 (12 + 4)
 		size_t len = 0;
 		uint8_t * buf = m->GetPayload () + 4; // 4 bytes for length
 
@@ -137,7 +165,7 @@ namespace garlic
 		}	
 		// AES block
 		len += CreateAESBlock (buf, msg);
-		*(uint32_t *)(m->GetPayload ()) = htobe32 (len);
+		htobe32buf (m->GetPayload (), len);
 		m->len += len + 4;
 		FillI2NPMessageHeader (m, eI2NPGarlic);
 		if (msg)
@@ -148,9 +176,9 @@ namespace garlic
 	size_t GarlicRoutingSession::CreateAESBlock (uint8_t * buf, const I2NPMessage * msg)
 	{
 		size_t blockSize = 0;
-		bool createNewTags = m_Owner && ((int)m_SessionTags.size () <= m_NumTags/2);
+		bool createNewTags = m_Owner && m_NumTags && ((int)m_SessionTags.size () <= m_NumTags*2/3);
 		UnconfirmedTags * newTags = createNewTags ? GenerateSessionTags () : nullptr;
-		*(uint16_t *)buf = newTags ? htobe16 (newTags->numTags) : 0; // tag count
+		htobuf16 (buf, newTags ? htobe16 (newTags->numTags) : 0); // tag count
 		blockSize += 2;
 		if (newTags) // session tags recreated
 		{	
@@ -167,7 +195,7 @@ namespace garlic
 		buf[blockSize] = 0; // flag
 		blockSize++;
 		size_t len = CreateGarlicPayload (buf + blockSize, msg, newTags);
-		*payloadSize = htobe32 (len);
+		htobe32buf (payloadSize, len);
 		CryptoPP::SHA256().CalculateDigest(payloadHash, buf + blockSize, len);
 		blockSize += len;
 		size_t rem = blockSize % 16;
@@ -188,22 +216,32 @@ namespace garlic
 
 		if (m_Owner)
 		{	
-			if (newTags) // new session
+			// resubmit non-confirmed LeaseSet
+			if (m_LeaseSetUpdateStatus == eLeaseSetSubmitted && 
+			    i2p::util::GetMillisecondsSinceEpoch () > m_LeaseSetSubmissionTime + LEASET_CONFIRMATION_TIMEOUT)
+					m_LeaseSetUpdateStatus = eLeaseSetUpdated;
+
+			// attach DeviveryStatus if necessary
+			if (newTags || m_LeaseSetUpdateStatus == eLeaseSetUpdated) // new tags created or leaseset updated
 			{
 				// clove is DeliveryStatus 
 				size += CreateDeliveryStatusClove (payload + size, msgID);
 				if (size > 0) // successive?
 				{
 					(*numCloves)++;
-					m_UnconfirmedTagsMsgs[msgID] = newTags;
-					m_Owner->DeliveryStatusSent (this, msgID);
+					if (newTags) // new tags created
+						m_UnconfirmedTagsMsgs[msgID] = newTags;
+					m_Owner->DeliveryStatusSent (shared_from_this (), msgID);
 				}
 				else
 					LogPrint ("DeliveryStatus clove was not created");
 			}	
-			if (m_LeaseSetUpdated) 
+			// attach LeaseSet
+			if (m_LeaseSetUpdateStatus == eLeaseSetUpdated) 
 			{
-				m_LeaseSetUpdated = false;
+				m_LeaseSetUpdateStatus = eLeaseSetSubmitted;
+				m_LeaseSetUpdateMsgID = msgID;
+				m_LeaseSetSubmissionTime = i2p::util::GetMillisecondsSinceEpoch ();
 				// clove if our leaseSet must be attached
 				auto leaseSet = CreateDatabaseStoreMsg (m_Owner->GetLeaseSet ());
 				size += CreateGarlicClove (payload + size, leaseSet, false);
@@ -219,9 +257,9 @@ namespace garlic
 		
 		memset (payload + size, 0, 3); // certificate of message
 		size += 3;
-		*(uint32_t *)(payload + size) = htobe32 (msgID); // MessageID
+		htobe32buf (payload + size, msgID); // MessageID
 		size += 4;
-		*(uint64_t *)(payload + size) = htobe64 (ts); // Expiration of message
+		htobe64buf (payload + size, ts); // Expiration of message
 		size += 8;
 		return size;
 	}	
@@ -245,9 +283,9 @@ namespace garlic
 		
 		memcpy (buf + size, msg->GetBuffer (), msg->GetLength ());
 		size += msg->GetLength ();
-		*(uint32_t *)(buf + size) = htobe32 (m_Rnd.GenerateWord32 ()); // CloveID
+		htobe32buf (buf + size, m_Rnd.GenerateWord32 ()); // CloveID
 		size += 4;
-		*(uint64_t *)(buf + size) = htobe64 (ts); // Expiration of clove
+		htobe64buf (buf + size, ts); // Expiration of clove
 		size += 8;
 		memset (buf + size, 0, 3); // certificate of clove
 		size += 3;
@@ -268,18 +306,28 @@ namespace garlic
 				// hash and tunnelID sequence is reversed for Garlic 
 				memcpy (buf + size, leases[i].tunnelGateway, 32); // To Hash
 				size += 32;
-				*(uint32_t *)(buf + size) = htobe32 (leases[i].tunnelID); // tunnelID
+				htobe32buf (buf + size, leases[i].tunnelID); // tunnelID
 				size += 4; 	
 				// create msg 
 				I2NPMessage * msg = CreateDeliveryStatusMsg (msgID);
+				if (m_Owner)
+				{
+					//encrypt 
+					uint8_t key[32], tag[32];
+					m_Rnd.GenerateBlock (key, 32); // random session key 
+					m_Rnd.GenerateBlock (tag, 32); // random session tag
+					m_Owner->SubmitSessionKey (key, tag);
+					GarlicRoutingSession garlic (key, tag);
+					msg = garlic.WrapSingleMessage (msg);		
+				}
 				memcpy (buf + size, msg->GetBuffer (), msg->GetLength ());
 				size += msg->GetLength ();
 				DeleteI2NPMessage (msg);
 				// fill clove
 				uint64_t ts = i2p::util::GetMillisecondsSinceEpoch () + 5000; // 5 sec
-				*(uint32_t *)(buf + size) = htobe32 (m_Rnd.GenerateWord32 ()); // CloveID
+				htobe32buf (buf + size, m_Rnd.GenerateWord32 ()); // CloveID
 				size += 4;
-				*(uint64_t *)(buf + size) = htobe64 (ts); // Expiration of clove
+				htobe64buf (buf + size, ts); // Expiration of clove
 				size += 8;
 				memset (buf + size, 0, 3); // certificate of clove
 				size += 3;
@@ -295,26 +343,30 @@ namespace garlic
 	
 	GarlicDestination::~GarlicDestination ()
 	{
-		for (auto it: m_Sessions)
-			delete it.second;
-		m_Sessions.clear ();
 	}
 
 	void GarlicDestination::AddSessionKey (const uint8_t * key, const uint8_t * tag)
 	{
 		if (key)
 		{
+			uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
 			auto decryption = std::make_shared<i2p::crypto::CBCDecryption>();
 			decryption->SetKey (key);
-			m_Tags[SessionTag(tag)] = decryption;
+			m_Tags[SessionTag(tag, ts)] = decryption;
 		}
 	}
 
+	bool GarlicDestination::SubmitSessionKey (const uint8_t * key, const uint8_t * tag) 
+	{
+		AddSessionKey (key, tag);
+		return true;
+	}
+
 	void GarlicDestination::HandleGarlicMessage (I2NPMessage * msg)
 	{
 		uint8_t * buf = msg->GetPayload ();
-		uint32_t length = be32toh (*(uint32_t *)buf);
-		buf += 4; // lentgh
+		uint32_t length = bufbe32toh (buf);
+		buf += 4; // length
 		auto it = m_Tags.find (SessionTag(buf));
 		if (it != m_Tags.end ())
 		{
@@ -369,21 +421,27 @@ namespace garlic
 	}	
 
 	void GarlicDestination::HandleAESBlock (uint8_t * buf, size_t len, std::shared_ptr<i2p::crypto::CBCDecryption> decryption,
-		i2p::tunnel::InboundTunnel * from)
+		std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
-		uint16_t tagCount = be16toh (*(uint16_t *)buf);
-		buf += 2;	
+		uint16_t tagCount = bufbe16toh (buf);
+		buf += 2; len -= 2;	
 		if (tagCount > 0)
 		{	
+			if (tagCount*32 > len) 
+			{
+				LogPrint (eLogError, "Tag count ", tagCount, " exceeds length ", len);
+				return ;
+			}	
 			uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
 			for (int i = 0; i < tagCount; i++)
 				m_Tags[SessionTag(buf + i*32, ts)] = decryption;	
 		}	
 		buf += tagCount*32;
-		uint32_t payloadSize = be32toh (*(uint32_t *)buf);
+		len -= tagCount*32;
+		uint32_t payloadSize = bufbe32toh (buf);
 		if (payloadSize > len)
 		{
-			LogPrint ("Unexpected payload size ", payloadSize);
+			LogPrint (eLogError, "Unexpected payload size ", payloadSize);
 			return;
 		}	
 		buf += 4;
@@ -394,9 +452,7 @@ namespace garlic
 		buf++; // flag
 
 		// payload
-		uint8_t hash[32];
-		CryptoPP::SHA256().CalculateDigest(hash, buf, payloadSize);
-		if (memcmp (hash, payloadHash, 32)) // payload hash doesn't match
+		if (!CryptoPP::SHA256().VerifyDigest (payloadHash, buf, payloadSize)) // payload hash doesn't match
 		{
 			LogPrint ("Wrong payload hash");
 			return;
@@ -404,7 +460,7 @@ namespace garlic
 		HandleGarlicPayload (buf, payloadSize, from);
 	}	
 
-	void GarlicDestination::HandleGarlicPayload (uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from)
+	void GarlicDestination::HandleGarlicPayload (uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
 		int numCloves = buf[0];
 		LogPrint (numCloves," cloves");
@@ -438,9 +494,9 @@ namespace garlic
 					// gwHash and gwTunnel sequence is reverted
 					uint8_t * gwHash = buf;
 					buf += 32;
-					uint32_t gwTunnel = be32toh (*(uint32_t *)buf);
+					uint32_t gwTunnel = bufbe32toh (buf);
 					buf += 4;
-					i2p::tunnel::OutboundTunnel * tunnel = nullptr;
+					std::shared_ptr<i2p::tunnel::OutboundTunnel> tunnel;
 					if (from && from->GetTunnelPool ())
 						tunnel = from->GetTunnelPool ()->GetNextOutboundTunnel ();
 					if (tunnel) // we have send it through an outbound tunnel
@@ -466,45 +522,72 @@ namespace garlic
 		}	
 	}	
 	
-	I2NPMessage * GarlicDestination::WrapMessage (const i2p::data::RoutingDestination& destination, 
+	I2NPMessage * GarlicDestination::WrapMessage (std::shared_ptr<const i2p::data::RoutingDestination> destination, 
 		I2NPMessage * msg, bool attachLeaseSet)	
 	{
-		auto session = GetRoutingSession (destination, attachLeaseSet ? 32 : 0); // don't use tag if no LeaseSet
-		return session->WrapSingleMessage (msg);	
+		if (attachLeaseSet) // we should maintain this session
+		{	
+			auto session = GetRoutingSession (destination, 32);  // 32 tags by default
+			return session->WrapSingleMessage (msg);	
+		}
+		else // one time session
+		{
+			GarlicRoutingSession session (this, destination, 0); // don't use tag if no LeaseSet
+			return session.WrapSingleMessage (msg);
+		}	
 	}
 
-	GarlicRoutingSession * GarlicDestination::GetRoutingSession (
-		const i2p::data::RoutingDestination& destination, int numTags)
+	std::shared_ptr<GarlicRoutingSession> GarlicDestination::GetRoutingSession (
+		std::shared_ptr<const i2p::data::RoutingDestination> destination, int numTags)
 	{
-		auto it = m_Sessions.find (destination.GetIdentHash ());
-		GarlicRoutingSession * session = nullptr;
+		auto it = m_Sessions.find (destination->GetIdentHash ());
+		std::shared_ptr<GarlicRoutingSession> session;
 		if (it != m_Sessions.end ())
 			session = it->second;
 		if (!session)
 		{
-			session = new GarlicRoutingSession (this, &destination, numTags); 
+			session = std::make_shared<GarlicRoutingSession> (this, destination, numTags); 
 			std::unique_lock<std::mutex> l(m_SessionsMutex);
-			m_Sessions[destination.GetIdentHash ()] = session;
+			m_Sessions[destination->GetIdentHash ()] = session;
 		}	
 		return session;
 	}	
+	
+	void GarlicDestination::CleanupRoutingSessions ()
+	{
+		std::unique_lock<std::mutex> l(m_SessionsMutex);
+		for (auto it = m_Sessions.begin (); it != m_Sessions.end ();)
+		{
+			if (!it->second->CleanupExpiredTags ())
+			{
+				LogPrint (eLogInfo, "Routing session to ", it->first.ToBase32 (), " deleted");
+				it = m_Sessions.erase (it);
+			}
+			else
+				it++;
+		}
+	}
+	
+	void GarlicDestination::RemoveCreatedSession (uint32_t msgID)
+	{
+		m_CreatedSessions.erase (msgID);
+	}
 
-	void GarlicDestination::DeliveryStatusSent (GarlicRoutingSession * session, uint32_t msgID)
+	void GarlicDestination::DeliveryStatusSent (std::shared_ptr<GarlicRoutingSession> session, uint32_t msgID)
 	{
 		m_CreatedSessions[msgID] = session;
 	}		
 
 	void GarlicDestination::HandleDeliveryStatusMessage (I2NPMessage * msg)
 	{
-		I2NPDeliveryStatusMsg * deliveryStatus = (I2NPDeliveryStatusMsg *)msg->GetPayload ();
-		uint32_t msgID = be32toh (deliveryStatus->msgID);
+		uint32_t msgID = bufbe32toh (msg->GetPayload ());
 		{
 			auto it = m_CreatedSessions.find (msgID);
 			if (it != m_CreatedSessions.end ())			
 			{
-				it->second->TagsConfirmed (msgID);
+				it->second->MessageConfirmed (msgID);
 				m_CreatedSessions.erase (it);
-				LogPrint ("Garlic message ", msgID, " acknowledged");
+				LogPrint (eLogInfo, "Garlic message ", msgID, " acknowledged");
 			}	
 		}
 		DeleteI2NPMessage (msg);	

Garlic.h

@@ -39,6 +39,7 @@ namespace garlic
 
 	const int INCOMING_TAGS_EXPIRATION_TIMEOUT = 960; // 16 minutes			
 	const int OUTGOING_TAGS_EXPIRATION_TIMEOUT = 720; // 12 minutes
+	const int LEASET_CONFIRMATION_TIMEOUT = 4000; // in milliseconds
 	
 	struct SessionTag: public i2p::data::Tag<32> 
 	{
@@ -54,8 +55,15 @@ namespace garlic
 	};
 		
 	class GarlicDestination;
-	class GarlicRoutingSession
+	class GarlicRoutingSession: public std::enable_shared_from_this<GarlicRoutingSession>
 	{
+			enum LeaseSetUpdateStatus
+			{
+				eLeaseSetUpToDate = 0,
+				eLeaseSetUpdated,
+				eLeaseSetSubmitted 
+			};
+		
 			struct UnconfirmedTags
 			{
 				UnconfirmedTags (int n): numTags (n), tagsCreationTime (0) { sessionTags = new SessionTag[numTags]; };
@@ -67,13 +75,14 @@ namespace garlic
 
 		public:
 
-			GarlicRoutingSession (GarlicDestination * owner, const i2p::data::RoutingDestination * destination, int numTags);
+			GarlicRoutingSession (GarlicDestination * owner, std::shared_ptr<const i2p::data::RoutingDestination> destination, int numTags);
 			GarlicRoutingSession (const uint8_t * sessionKey, const SessionTag& sessionTag); // one time encryption
 			~GarlicRoutingSession ();
 			I2NPMessage * WrapSingleMessage (I2NPMessage * msg);
-			void TagsConfirmed (uint32_t msgID);
+			void MessageConfirmed (uint32_t msgID);
+			bool CleanupExpiredTags (); // returns true if something left 
 
-			void SetLeaseSetUpdated () { m_LeaseSetUpdated = true; };
+			void SetLeaseSetUpdated () { m_LeaseSetUpdateStatus = eLeaseSetUpdated; };
 			
 		private:
 
@@ -81,19 +90,23 @@ namespace garlic
 			size_t CreateGarlicPayload (uint8_t * payload, const I2NPMessage * msg, UnconfirmedTags * newTags);
 			size_t CreateGarlicClove (uint8_t * buf, const I2NPMessage * msg, bool isDestination);
 			size_t CreateDeliveryStatusClove (uint8_t * buf, uint32_t msgID);
-			
+
+			void TagsConfirmed (uint32_t msgID);
 			UnconfirmedTags * GenerateSessionTags ();
 
 		private:
 
 			GarlicDestination * m_Owner;
-			const i2p::data::RoutingDestination * m_Destination;
-			uint8_t m_SessionKey[32];
+			std::shared_ptr<const i2p::data::RoutingDestination> m_Destination;
+			i2p::crypto::AESKey m_SessionKey;
 			std::list<SessionTag> m_SessionTags;
 			int m_NumTags;
 			std::map<uint32_t, UnconfirmedTags *> m_UnconfirmedTagsMsgs;	
-			bool m_LeaseSetUpdated;
-
+			
+			LeaseSetUpdateStatus m_LeaseSetUpdateStatus;
+			uint32_t m_LeaseSetUpdateMsgID;
+			uint64_t m_LeaseSetSubmissionTime; // in milliseconds
+			
 			i2p::crypto::CBCEncryption m_Encryption;
 			CryptoPP::AutoSeededRandomPool m_Rnd;
 	};	
@@ -105,19 +118,22 @@ namespace garlic
 			GarlicDestination (): m_LastTagsCleanupTime (0) {};
 			~GarlicDestination ();
 
-			GarlicRoutingSession * GetRoutingSession (const i2p::data::RoutingDestination& destination, int numTags);	
-			I2NPMessage * WrapMessage (const i2p::data::RoutingDestination& destination, 
+			std::shared_ptr<GarlicRoutingSession> GetRoutingSession (std::shared_ptr<const i2p::data::RoutingDestination> destination, int numTags);	
+			void CleanupRoutingSessions ();
+			void RemoveCreatedSession (uint32_t msgID);
+			I2NPMessage * WrapMessage (std::shared_ptr<const i2p::data::RoutingDestination> destination, 
 			    I2NPMessage * msg, bool attachLeaseSet = false);
 
 			void AddSessionKey (const uint8_t * key, const uint8_t * tag); // one tag
-			void DeliveryStatusSent (GarlicRoutingSession * session, uint32_t msgID);
+			virtual bool SubmitSessionKey (const uint8_t * key, const uint8_t * tag); // from different thread
+			void DeliveryStatusSent (std::shared_ptr<GarlicRoutingSession> session, uint32_t msgID);
 			
 			virtual void ProcessGarlicMessage (I2NPMessage * msg);
 			virtual void ProcessDeliveryStatusMessage (I2NPMessage * msg);			
 			virtual void SetLeaseSetUpdated ();
 			
 			virtual const i2p::data::LeaseSet * GetLeaseSet () = 0; // TODO
-			virtual void HandleI2NPMessage (const uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from) = 0;
+			virtual void HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from) = 0;
 			
 		protected:
 
@@ -127,19 +143,19 @@ namespace garlic
 		private:
 
 			void HandleAESBlock (uint8_t * buf, size_t len, std::shared_ptr<i2p::crypto::CBCDecryption> decryption, 
-				i2p::tunnel::InboundTunnel * from);
-			void HandleGarlicPayload (uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from);
+				std::shared_ptr<i2p::tunnel::InboundTunnel> from);
+			void HandleGarlicPayload (uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
 
 		private:
 			
 			// outgoing sessions
 			std::mutex m_SessionsMutex;
-			std::map<i2p::data::IdentHash, GarlicRoutingSession *> m_Sessions;
+			std::map<i2p::data::IdentHash, std::shared_ptr<GarlicRoutingSession> > m_Sessions;
 			// incoming
 			std::map<SessionTag, std::shared_ptr<i2p::crypto::CBCDecryption>> m_Tags;
 			uint32_t m_LastTagsCleanupTime;
 			// DeliveryStatus
-			std::map<uint32_t, GarlicRoutingSession *> m_CreatedSessions; // msgID -> session
+			std::map<uint32_t, std::shared_ptr<GarlicRoutingSession> > m_CreatedSessions; // msgID -> session
 	};	
 }	
 }

HTTPProxy.cpp

@@ -1,87 +1,299 @@
+#include <cstring>
+#include <cassert>
 #include <boost/lexical_cast.hpp>
 #include <boost/regex.hpp>
-
-#include "ClientContext.h"
+#include <string>
+#include <atomic>
 #include "HTTPProxy.h"
+#include "util.h"
+#include "Identity.h"
+#include "Streaming.h"
+#include "Destination.h"
+#include "ClientContext.h"
+#include "I2PEndian.h"
+#include "I2PTunnel.h"
 
 namespace i2p
 {
 namespace proxy
 {
-	void HTTPProxyConnection::parseHeaders(const std::string& h, std::vector<header>& hm) {
-		std::string str (h);
-		std::string::size_type idx;
-		std::string t;
-		int i = 0;
-		while( (idx=str.find ("\r\n")) != std::string::npos) {
-			t=str.substr (0,idx);
-			str.erase (0,idx+2);
-			if (t == "")
-				break;
-			idx=t.find(": ");
-			if (idx == std::string::npos)
+	static const size_t http_buffer_size = 8192;
+	class HTTPProxyHandler: public i2p::client::I2PServiceHandler, public std::enable_shared_from_this<HTTPProxyHandler> 
+	{
+		private:
+			enum state 
 			{
-				std::cout << "Bad header line: " << t << std::endl;
-				break;
-			}
-			LogPrint ("Name: ", t.substr (0,idx), " Value: ", t.substr (idx+2));
-			hm[i].name = t.substr (0,idx);
-			hm[i].value = t.substr (idx+2);
-			i++;
+				GET_METHOD,
+				GET_HOSTNAME,
+				GET_HTTPV,
+				GET_HTTPVNL, //TODO: fallback to finding HOst: header if needed
+				DONE
+			};
+
+			void EnterState(state nstate);
+			bool HandleData(uint8_t *http_buff, std::size_t len);
+			void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered);
+			void Terminate();
+			void AsyncSockRead();
+			void HTTPRequestFailed(/*std::string message*/);
+			void ExtractRequest();
+			bool ValidateHTTPRequest();
+			void HandleJumpServices();
+			bool CreateHTTPRequest(uint8_t *http_buff, std::size_t len);
+			void SentHTTPFailed(const boost::system::error_code & ecode);
+			void HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream);
+
+			uint8_t m_http_buff[http_buffer_size];
+			boost::asio::ip::tcp::socket * m_sock;
+			std::string m_request; //Data left to be sent
+			std::string m_url; //URL
+			std::string m_method; //Method
+			std::string m_version; //HTTP version
+			std::string m_address; //Address
+			std::string m_path; //Path
+			int m_port; //Port
+			state m_state;//Parsing state
+
+		public:
+
+			HTTPProxyHandler(HTTPProxyServer * parent, boost::asio::ip::tcp::socket * sock) : 
+				I2PServiceHandler(parent), m_sock(sock)
+				{ EnterState(GET_METHOD); }
+			~HTTPProxyHandler() { Terminate(); }
+			void Handle () { AsyncSockRead(); }
+	};
+
+	void HTTPProxyHandler::AsyncSockRead()
+	{
+		LogPrint(eLogDebug,"--- HTTP Proxy async sock read");
+		if(m_sock) {
+			m_sock->async_receive(boost::asio::buffer(m_http_buff, http_buffer_size),
+						std::bind(&HTTPProxyHandler::HandleSockRecv, shared_from_this(),
+								std::placeholders::_1, std::placeholders::_2));
+		} else {
+			LogPrint(eLogError,"--- HTTP Proxy no socket for read");
 		}
 	}
 
-	void HTTPProxyConnection::ExtractRequest(request& r)
+	void HTTPProxyHandler::Terminate() {
+		if (Kill()) return;
+		if (m_sock) {
+			LogPrint(eLogDebug,"--- HTTP Proxy close sock");
+			m_sock->close();
+			delete m_sock;
+			m_sock = nullptr;
+		}
+		Done(shared_from_this());
+	}
+
+	/* All hope is lost beyond this point */
+	//TODO: handle this apropriately
+	void HTTPProxyHandler::HTTPRequestFailed(/*HTTPProxyHandler::errTypes error*/)
 	{
-		std::string requestString = m_Buffer;
-		int idx=requestString.find(" ");
-		std::string method = requestString.substr(0,idx);
-		requestString = requestString.substr(idx+1);
-		idx=requestString.find(" ");
-		std::string requestUrl = requestString.substr(0,idx);
-		LogPrint("method is: ", method, "\nRequest is: ", requestUrl);
+		std::string response = "HTTP/1.0 500 Internal Server Error\r\nContent-type: text/html\r\nContent-length: 0\r\n";
+		boost::asio::async_write(*m_sock, boost::asio::buffer(response,response.size()),
+					 std::bind(&HTTPProxyHandler::SentHTTPFailed, shared_from_this(), std::placeholders::_1));
+	}
+
+	void HTTPProxyHandler::EnterState(HTTPProxyHandler::state nstate) 
+	{
+		m_state = nstate;
+	}
+
+	void HTTPProxyHandler::ExtractRequest()
+	{
+		LogPrint(eLogDebug,"--- HTTP Proxy method is: ", m_method, "\nRequest is: ", m_url);
 		std::string server="";
 		std::string port="80";
 		boost::regex rHTTP("http://(.*?)(:(\\d+))?(/.*)");
 		boost::smatch m;
 		std::string path;
-		if(boost::regex_search(requestUrl, m, rHTTP, boost::match_extra)) {
+		if(boost::regex_search(m_url, m, rHTTP, boost::match_extra)) 
+		{
 			server=m[1].str();
-			if(m[2].str() != "") {
-				port=m[3].str();
-			}
+			if (m[2].str() != "")  port=m[3].str();
 			path=m[4].str();
 		}
-		LogPrint("server is: ",server, " port is: ", port, "\n path is: ",path);
-		r.uri = path;
-		r.method = method;
-		r.host = server;
-		r.port = boost::lexical_cast<int>(port);
+		LogPrint(eLogDebug,"--- HTTP Proxy server is: ",server, " port is: ", port, "\n path is: ",path);
+		m_address = server;
+		m_port = boost::lexical_cast<int>(port);
+		m_path = path;
 	}
 
-
-	void HTTPProxyConnection::RunRequest()
+	bool HTTPProxyHandler::ValidateHTTPRequest() 
 	{
-		request r;
-		ExtractRequest(r);
-		parseHeaders(m_Buffer, r.headers);
-		size_t addressHelperPos = r.uri.find ("i2paddresshelper");
-		if (addressHelperPos != std::string::npos)
+		if ( m_version != "HTTP/1.0" && m_version != "HTTP/1.1" ) 
 		{
-			// jump service
-			size_t addressPos = r.uri.find ("=", addressHelperPos);
-			if (addressPos != std::string::npos)
+			LogPrint(eLogError,"--- HTTP Proxy unsupported version: ", m_version);
+			HTTPRequestFailed(); //TODO: send right stuff
+			return false;
+		}
+		return true;
+	}
+
+	void HTTPProxyHandler::HandleJumpServices() 
+	{
+		static const char * helpermark1 = "?i2paddresshelper=";
+		static const char * helpermark2 = "&i2paddresshelper=";
+		size_t addressHelperPos1 = m_path.rfind (helpermark1);
+		size_t addressHelperPos2 = m_path.rfind (helpermark2);
+		size_t addressHelperPos;
+		if (addressHelperPos1 == std::string::npos)
+		{
+			if (addressHelperPos2 == std::string::npos)
+				return; //Not a jump service
+			else
+				addressHelperPos = addressHelperPos2;
+		}
+		else
+		{
+			if (addressHelperPos2 == std::string::npos)
+				addressHelperPos = addressHelperPos1;
+			else if ( addressHelperPos1 > addressHelperPos2 )
+				addressHelperPos = addressHelperPos1;
+			else
+				addressHelperPos = addressHelperPos2;
+		}
+		auto base64 = m_path.substr (addressHelperPos + strlen(helpermark1));
+		base64 = i2p::util::http::urlDecode(base64); //Some of the symbols may be urlencoded
+		LogPrint (eLogDebug,"Jump service for ", m_address, " found at ", base64, ". Inserting to address book");
+		//TODO: this is very dangerous and broken. We should ask the user before doing anything see http://pastethis.i2p/raw/pn5fL4YNJL7OSWj3Sc6N/
+		//TODO: we could redirect the user again to avoid dirtiness in the browser
+		i2p::client::context.GetAddressBook ().InsertAddress (m_address, base64);
+		m_path.erase(addressHelperPos);
+	}
+
+	bool HTTPProxyHandler::CreateHTTPRequest(uint8_t *http_buff, std::size_t len) 
+	{
+		ExtractRequest(); //TODO: parse earlier
+		if (!ValidateHTTPRequest()) return false;
+		HandleJumpServices();
+		m_request = m_method;
+		m_request.push_back(' ');
+		m_request += m_path;
+		m_request.push_back(' ');
+		m_request += m_version;
+		m_request.push_back('\r');
+		m_request.push_back('\n');
+		m_request.append("Connection: close\r\n");
+		m_request.append(reinterpret_cast<const char *>(http_buff),len);
+		return true;
+	}
+
+	bool HTTPProxyHandler::HandleData(uint8_t *http_buff, std::size_t len)
+	{
+		assert(len); // This should always be called with a least a byte left to parse
+		while (len > 0) 
+		{
+			//TODO: fallback to finding HOst: header if needed
+			switch (m_state) 
 			{
-				LogPrint ("Jump service for ", r.host, " found. Inserting to address book");
-				auto base64 = r.uri.substr (addressPos + 1);
-				i2p::client::context.GetAddressBook ().InsertAddress (r.host, base64);
+				case GET_METHOD:
+					switch (*http_buff) 
+					{
+						case ' ': EnterState(GET_HOSTNAME); break;
+						default: m_method.push_back(*http_buff); break;
+					}
+				break;
+				case GET_HOSTNAME:
+					switch (*http_buff) 
+					{
+						case ' ': EnterState(GET_HTTPV); break;
+						default: m_url.push_back(*http_buff); break;
+					}
+				break;
+				case GET_HTTPV:
+					switch (*http_buff) 
+					{
+						case '\r': EnterState(GET_HTTPVNL); break;
+						default: m_version.push_back(*http_buff); break;
+					}
+				break;
+				case GET_HTTPVNL:
+					switch (*http_buff) 
+					{
+						case '\n': EnterState(DONE); break;
+						default:
+							LogPrint(eLogError,"--- HTTP Proxy rejected invalid request ending with: ", ((int)*http_buff));
+							HTTPRequestFailed(); //TODO: add correct code
+							return false;
+					}
+				break;
+				default:
+					LogPrint(eLogError,"--- HTTP Proxy invalid state: ", m_state);
+					HTTPRequestFailed(); //TODO: add correct code 500
+					return false;
 			}
-		}			
+			http_buff++;
+			len--;
+			if (m_state == DONE)
+				return CreateHTTPRequest(http_buff,len);
+		}
+		return true;
+	}
+
+	void HTTPProxyHandler::HandleSockRecv(const boost::system::error_code & ecode, std::size_t len)
+	{
+		LogPrint(eLogDebug,"--- HTTP Proxy sock recv: ", len);
+		if(ecode) 
+		{
+			LogPrint(eLogWarning," --- HTTP Proxy sock recv got error: ", ecode);
+                        Terminate();
+			return;
+		}
+
+		if (HandleData(m_http_buff, len)) 
+		{
+			if (m_state == DONE) 
+			{
+				LogPrint(eLogInfo,"--- HTTP Proxy requested: ", m_url);
+				GetOwner()->CreateStream (std::bind (&HTTPProxyHandler::HandleStreamRequestComplete,
+						shared_from_this(), std::placeholders::_1), m_address, m_port);
+			} 
+			else 
+				AsyncSockRead();
+		}
+
+	}
+
+	void HTTPProxyHandler::SentHTTPFailed(const boost::system::error_code & ecode)
+	{
+		if (!ecode)
+			Terminate();
+		else 
+		{
+			LogPrint (eLogError,"--- HTTP Proxy Closing socket after sending failure because: ", ecode.message ());
+			Terminate();
+		}
+	}
+
+	void HTTPProxyHandler::HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream)
+	{
+		if (stream) 
+		{
+			if (Kill()) return;
+			LogPrint (eLogInfo,"--- HTTP Proxy New I2PTunnel connection");
+			auto connection = std::make_shared<i2p::client::I2PTunnelConnection>(GetOwner(), m_sock, stream);
+			GetOwner()->AddHandler (connection);
+			connection->I2PConnect (reinterpret_cast<const uint8_t*>(m_request.data()), m_request.size());
+			Done(shared_from_this());
+		} 
+		else 
+		{
+			LogPrint (eLogError,"--- HTTP Proxy Issue when creating the stream, check the previous warnings for more info.");
+			HTTPRequestFailed(); // TODO: Send correct error message host unreachable
+		}
+	}
+
+	HTTPProxyServer::HTTPProxyServer(int port, std::shared_ptr<i2p::client::ClientDestination> localDestination): 
+		TCPIPAcceptor(port, localDestination ? localDestination : i2p::client::context.GetSharedLocalDestination ()) 
+	{
+	}
 	
-		LogPrint("Requesting ", r.host, ":", r.port, " with path ", r.uri, " and method ", r.method);
-		SendToAddress (r.host, r.port,  m_Buffer, m_BufferLen);
+	std::shared_ptr<i2p::client::I2PServiceHandler> HTTPProxyServer::CreateHandler(boost::asio::ip::tcp::socket * socket)
+	{
+		return std::make_shared<HTTPProxyHandler> (this, socket);
 	}
 
 }
 }
-

HTTPProxy.h

@@ -1,42 +1,32 @@
 #ifndef HTTP_PROXY_H__
 #define HTTP_PROXY_H__
 
-#include <sstream>
-#include <thread>
+#include <memory>
+#include <set>
 #include <boost/asio.hpp>
-#include <boost/array.hpp>
-
-#include "HTTPServer.h"
+#include <mutex>
+#include "I2PService.h"
+#include "Destination.h"
 
 namespace i2p
 {
 namespace proxy
 {
-	class HTTPProxyConnection : public i2p::util::HTTPConnection
+	class HTTPProxyServer: public i2p::client::TCPIPAcceptor
 	{
 		public:
-			HTTPProxyConnection (boost::asio::ip::tcp::socket * socket): HTTPConnection(socket) { };
+
+			HTTPProxyServer(int port, std::shared_ptr<i2p::client::ClientDestination> localDestination = nullptr);
+			~HTTPProxyServer() {};
 
 		protected:
-			void RunRequest();
-			void parseHeaders(const std::string& h, std::vector<header>& hm);
-			void ExtractRequest(request& r);
+			// Implements TCPIPAcceptor
+			std::shared_ptr<i2p::client::I2PServiceHandler> CreateHandler(boost::asio::ip::tcp::socket * socket);
+			const char* GetName() { return "HTTP Proxy"; }
 	};
 
-	class HTTPProxy : public i2p::util::HTTPServer
-	{
-		public:
-			HTTPProxy (int port): HTTPServer(port) {};
-
-		private:
-			void CreateConnection(boost::asio::ip::tcp::socket * m_NewSocket)
-			{
-				new HTTPProxyConnection(m_NewSocket);
-			}
-	};
+	typedef HTTPProxyServer HTTPProxy;
 }
 }
 
 #endif
-
-

HTTPServer.cpp

@@ -1,5 +1,6 @@
 #include <boost/bind.hpp>
 #include <boost/lexical_cast.hpp>
+#include <boost/date_time/posix_time/posix_time.hpp>
 #include "base64.h"
 #include "Log.h"
 #include "Tunnel.h"
@@ -469,6 +470,9 @@ namespace util
 	const char HTTP_COMMAND_LOCAL_DESTINATIONS[] = "local_destinations";
 	const char HTTP_COMMAND_LOCAL_DESTINATION[] = "local_destination";
 	const char HTTP_PARAM_BASE32_ADDRESS[] = "b32";
+	const char HTTP_COMMAND_SAM_SESSIONS[] = "sam_sessions";
+	const char HTTP_COMMAND_SAM_SESSION[] = "sam_session";
+	const char HTTP_PARAM_SAM_SESSION_ID[] = "id";
 	
 	namespace misc_strings
 	{
@@ -485,17 +489,17 @@ namespace util
 		{
 			switch (status)
 			{
-				case 105: buffers.push_back(boost::asio::buffer("HTTP/1.0 105 Name Not Resolved\r\n")); break;
-				case 200: buffers.push_back(boost::asio::buffer("HTTP/1.0 200 OK\r\n")); break;
-				case 400: buffers.push_back(boost::asio::buffer("HTTP/1.0 400 Bad Request\r\n")); break;
-				case 404: buffers.push_back(boost::asio::buffer("HTTP/1.0 404 Not Found\r\n")); break;
-				case 408: buffers.push_back(boost::asio::buffer("HTTP/1.0 408 Request Timeout\r\n")); break;
-				case 500: buffers.push_back(boost::asio::buffer("HTTP/1.0 500 Internal Server Error\r\n")); break;
-				case 502: buffers.push_back(boost::asio::buffer("HTTP/1.0 502 Bad Gateway\r\n")); break;
-				case 503: buffers.push_back(boost::asio::buffer("HTTP/1.0 503 Not Implemented\r\n")); break;
-				case 504: buffers.push_back(boost::asio::buffer("HTTP/1.0 504 Gateway Timeout\r\n")); break;
+				case 105: buffers.push_back(boost::asio::buffer("HTTP/1.1 105 Name Not Resolved\r\n")); break;
+				case 200: buffers.push_back(boost::asio::buffer("HTTP/1.1 200 OK\r\n")); break;
+				case 400: buffers.push_back(boost::asio::buffer("HTTP/1.1 400 Bad Request\r\n")); break;
+				case 404: buffers.push_back(boost::asio::buffer("HTTP/1.1 404 Not Found\r\n")); break;
+				case 408: buffers.push_back(boost::asio::buffer("HTTP/1.1 408 Request Timeout\r\n")); break;
+				case 500: buffers.push_back(boost::asio::buffer("HTTP/1.1 500 Internal Server Error\r\n")); break;
+				case 502: buffers.push_back(boost::asio::buffer("HTTP/1.1 502 Bad Gateway\r\n")); break;
+				case 503: buffers.push_back(boost::asio::buffer("HTTP/1.1 503 Not Implemented\r\n")); break;
+				case 504: buffers.push_back(boost::asio::buffer("HTTP/1.1 504 Gateway Timeout\r\n")); break;
 				default:
-					buffers.push_back(boost::asio::buffer("HTTP/1.0 200 OK\r\n"));
+					buffers.push_back(boost::asio::buffer("HTTP/1.1 200 OK\r\n"));
 			}
 
 			for (std::size_t i = 0; i < headers.size(); ++i)
@@ -514,14 +518,16 @@ namespace util
 
 	void HTTPConnection::Terminate ()
 	{
-		if (m_Stream)
-		{
-			m_Stream->Close ();
-			i2p::stream::DeleteStream (m_Stream);
-			m_Stream = nullptr;
-		}
+		if (!m_Stream) return;
 		m_Socket->close ();
-		//delete this;
+		m_Stream->Close ();
+			
+		m_Socket->get_io_service ().post ([=](void)
+			{
+				m_Stream.reset ();
+				m_Stream = nullptr;
+				// delete this
+			});
 	}
 
 	void HTTPConnection::Receive ()
@@ -602,7 +608,11 @@ namespace util
 	void HTTPConnection::HandleWriteReply (const boost::system::error_code& ecode)
 	{
 		if (ecode != boost::asio::error::operation_aborted)
+		{
+			boost::system::error_code ignored_ec;
+			m_Socket->shutdown(boost::asio::ip::tcp::socket::shutdown_both, ignored_ec);
 			Terminate ();
+		}	
 	}
 
 	void HTTPConnection::HandleWrite (const boost::system::error_code& ecode)
@@ -636,9 +646,26 @@ namespace util
 
 	void HTTPConnection::FillContent (std::stringstream& s)
 	{
-		s << "<h2>Welcome to the Webconsole!</h2><br><br>";
-		s << "<b>Data path:</b> " << i2p::util::filesystem::GetDataDir().string() << "<br>" << "<br>";
-		s << "<b>Our external address:</b>" << "<br>";
+		s << "<h2>Welcome to the Webconsole!</h2><br>";
+		s << "<b>Uptime:</b> " << boost::posix_time::to_simple_string (
+			boost::posix_time::time_duration (boost::posix_time::seconds (
+			i2p::context.GetUptime ()))) << "<br>";
+		s << "<b>Status:</b> ";
+		switch (i2p::context.GetStatus ())
+		{
+			case eRouterStatusOK: s << "OK"; break;
+			case eRouterStatusTesting: s << "Testing"; break;
+			case eRouterStatusFirewalled: s << "Firewalled"; break; 
+			default: s << "Unknown";
+		} 
+		s << "<br>";
+		s << "<b>Tunnel creation success rate:</b> " << i2p::tunnel::tunnels.GetTunnelCreationSuccessRate () << "%<br>";
+		s << "<b>Received:</b> " << i2p::transport::transports.GetTotalReceivedBytes ()/1000 << "K";
+		s << " (" << i2p::transport::transports.GetInBandwidth () <<" Bps)<br>";
+		s << "<b>Sent:</b> " << i2p::transport::transports.GetTotalSentBytes ()/1000 << "K";
+		s << " (" << i2p::transport::transports.GetOutBandwidth () <<" Bps)<br>";
+		s << "<b>Data path:</b> " << i2p::util::filesystem::GetDataDir().string() << "<br><br>";
+		s << "<b>Our external address:</b>" << "<br>" ;
 		for (auto& address : i2p::context.GetRouterInfo().GetAddresses())
 		{
 			switch (address.transportStyle)
@@ -667,7 +694,10 @@ namespace util
 		s << "<br><b><a href=/?" << HTTP_COMMAND_LOCAL_DESTINATIONS << ">Local destinations</a></b>";
 		s << "<br><b><a href=/?" << HTTP_COMMAND_TUNNELS << ">Tunnels</a></b>";
 		s << "<br><b><a href=/?" << HTTP_COMMAND_TRANSIT_TUNNELS << ">Transit tunnels</a></b>";
-		s << "<br><b><a href=/?" << HTTP_COMMAND_TRANSPORTS << ">Transports</a></b><br>";
+		s << "<br><b><a href=/?" << HTTP_COMMAND_TRANSPORTS << ">Transports</a></b>";
+		if (i2p::client::context.GetSAMBridge ())
+			s << "<br><b><a href=/?" << HTTP_COMMAND_SAM_SESSIONS << ">SAM sessions</a></b>";
+		s << "<br>";
 		
 		if (i2p::context.AcceptsTunnels ())
 			s << "<br><b><a href=/?" << HTTP_COMMAND_STOP_ACCEPTING_TUNNELS << ">Stop accepting tunnels</a></b><br>";
@@ -700,26 +730,39 @@ namespace util
 			auto b32 = params[HTTP_PARAM_BASE32_ADDRESS];
 			ShowLocalDestination (b32, s);
 		}	
+		else if (cmd == HTTP_COMMAND_SAM_SESSIONS)
+			ShowSAMSessions (s);
+		else if (cmd == HTTP_COMMAND_SAM_SESSION)
+		{
+			std::map<std::string, std::string> params;
+			ExtractParams (command.substr (paramsPos), params);
+			auto id = params[HTTP_PARAM_SAM_SESSION_ID];
+			ShowSAMSession (id, s);
+		}	
 	}	
 
 	void HTTPConnection::ShowTransports (std::stringstream& s)
 	{
-		s << "NTCP<br>";
-		for (auto it: i2p::transport::transports.GetNTCPSessions ())
-		{
-			if (it.second && it.second->IsEstablished ())
+		auto ntcpServer = i2p::transport::transports.GetNTCPServer (); 
+		if (ntcpServer)
+		{	
+			s << "NTCP<br>";
+			for (auto it: ntcpServer->GetNTCPSessions ())
 			{
-				// incoming connection doesn't have remote RI
-				bool outgoing = it.second->GetRemoteRouter ();
-				if (outgoing) s << "-->";
-				s << it.second->GetRemoteIdentity ().GetIdentHash ().ToBase64 ().substr (0, 4) <<  ": "
-					<< it.second->GetSocket ().remote_endpoint().address ().to_string ();
-				if (!outgoing) s << "-->";
-				s << " [" << it.second->GetNumSentBytes () << ":" << it.second->GetNumReceivedBytes () << "]";
-				s << "<br>";
+				if (it.second && it.second->IsEstablished ())
+				{
+					// incoming connection doesn't have remote RI
+					auto outgoing = it.second->GetRemoteRouter ();
+					if (outgoing) s << "-->";
+					s << it.second->GetRemoteIdentity ().GetIdentHash ().ToBase64 ().substr (0, 4) <<  ": "
+						<< it.second->GetSocket ().remote_endpoint().address ().to_string ();
+					if (!outgoing) s << "-->";
+					s << " [" << it.second->GetNumSentBytes () << ":" << it.second->GetNumReceivedBytes () << "]";
+					s << "<br>";
+				}
+				s << std::endl;
 			}
-			s << std::endl;
-		}
+		}	
 		auto ssuServer = i2p::transport::transports.GetSSUServer ();
 		if (ssuServer)
 		{
@@ -727,12 +770,14 @@ namespace util
 			for (auto it: ssuServer->GetSessions ())
 			{
 				// incoming connections don't have remote router
-				bool outgoing = it.second->GetRemoteRouter ();
+				auto outgoing = it.second->GetRemoteRouter ();
 				auto endpoint = it.second->GetRemoteEndpoint ();
 				if (outgoing) s << "-->";
 				s << endpoint.address ().to_string () << ":" << endpoint.port ();
 				if (!outgoing) s << "-->";
 				s << " [" << it.second->GetNumSentBytes () << ":" << it.second->GetNumReceivedBytes () << "]";
+				if (it.second->GetRelayTag ())
+					s << " [itag:" << it.second->GetRelayTag () << "]";
 				s << "<br>";
 				s << std::endl;
 			}
@@ -741,11 +786,11 @@ namespace util
 	
 	void HTTPConnection::ShowTunnels (std::stringstream& s)
 	{
+		s << "Queue size:" << i2p::tunnel::tunnels.GetQueueSize () << "<br>";
+
 		for (auto it: i2p::tunnel::tunnels.GetOutboundTunnels ())
 		{
 			it->GetTunnelConfig ()->Print (s);
-			if (it->GetTunnelPool () && !it->GetTunnelPool ()->IsExploratory ())
-				s << " " << "Pool";
 			auto state = it->GetState ();
 			if (state == i2p::tunnel::eTunnelStateFailed)
 				s << " " << "Failed";
@@ -758,8 +803,6 @@ namespace util
 		for (auto it: i2p::tunnel::tunnels.GetInboundTunnels ())
 		{
 			it.second->GetTunnelConfig ()->Print (s);
-			if (it.second->GetTunnelPool () && !it.second->GetTunnelPool ()->IsExploratory ())
-				s << " " << "Pool";
 			auto state = it.second->GetState ();
 			if (state == i2p::tunnel::eTunnelStateFailed)
 				s << " " << "Failed";
@@ -791,7 +834,7 @@ namespace util
 			std::string b32 = it.first.ToBase32 (); 
 			s << "<a href=/?" << HTTP_COMMAND_LOCAL_DESTINATION;
 			s << "&" << HTTP_PARAM_BASE32_ADDRESS << "=" << b32 << ">"; 
-			s << b32 << ".b32.i2p</a><br>" << std::endl;
+			s << i2p::client::context.GetAddressBook ().ToAddress(it.second->GetIdentHash()) << "</a><br>" << std::endl;
 		}
 	}	
 
@@ -802,6 +845,7 @@ namespace util
 		auto dest = i2p::client::context.FindLocalDestination (ident);
 		if (dest)
 		{
+			s << "<b>Base64:</b><br>" << dest->GetIdentity ().ToBase64 () << "<br><br>";
 			s << "<b>LeaseSets:</b> <i>" << dest->GetNumRemoteLeaseSets () << "</i><br>";
 			auto pool = dest->GetTunnelPool ();
 			if (pool)
@@ -810,24 +854,81 @@ namespace util
 				for (auto it: pool->GetOutboundTunnels ())
 				{
 					it->GetTunnelConfig ()->Print (s);
+					auto state = it->GetState ();
+					if (state == i2p::tunnel::eTunnelStateFailed)
+						s << " " << "Failed";
+					else if (state == i2p::tunnel::eTunnelStateExpiring)
+						s << " " << "Exp";
 					s << "<br>" << std::endl;
 				}
 				for (auto it: pool->GetInboundTunnels ())
 				{
 					it->GetTunnelConfig ()->Print (s);
+					auto state = it->GetState ();
+					if (state == i2p::tunnel::eTunnelStateFailed)
+						s << " " << "Failed";
+					else if (state == i2p::tunnel::eTunnelStateExpiring)
+						s << " " << "Exp";
 					s << "<br>" << std::endl;
 				}
 			}	
 			s << "<br><b>Streams:</b><br>";
 			for (auto it: dest->GetStreamingDestination ()->GetStreams ())
 			{	
-				s << it.first << "->" << it.second->GetRemoteIdentity ().GetIdentHash ().ToBase32 () << ".b32.i2p ";
+				s << it.first << "->" << i2p::client::context.GetAddressBook ().ToAddress(it.second->GetRemoteIdentity ()) << " ";
 				s << " [" << it.second->GetNumSentBytes () << ":" << it.second->GetNumReceivedBytes () << "]";
 				s << " [out:" << it.second->GetSendQueueSize () << "][in:" << it.second->GetReceiveQueueSize () << "]";
+				s << "[buf:" << it.second->GetSendBufferSize () << "]";
+				s << "[RTT:" << it.second->GetRTT () << "]"; 
 				s << "<br>"<< std::endl; 
 			}	
 		}	
 	}	
+
+	void HTTPConnection::ShowSAMSessions (std::stringstream& s)
+	{
+		auto sam = i2p::client::context.GetSAMBridge ();
+		if (sam)
+		{	
+			for (auto& it: sam->GetSessions ())
+			{
+				s << "<a href=/?" << HTTP_COMMAND_SAM_SESSION;
+				s << "&" << HTTP_PARAM_SAM_SESSION_ID << "=" << it.first << ">";
+				s << it.first << "</a><br>" << std::endl;
+			}	
+		}	
+	}	
+
+	void HTTPConnection::ShowSAMSession (const std::string& id, std::stringstream& s)
+	{
+		auto sam = i2p::client::context.GetSAMBridge ();
+		if (sam)
+		{
+			auto session = sam->FindSession (id);
+			if (session)
+			{
+				for (auto it: session->sockets)
+				{
+					switch (it->GetSocketType ())
+					{
+						case i2p::client::eSAMSocketTypeSession:
+							s << "session";
+						break;	
+						case i2p::client::eSAMSocketTypeStream:
+							s << "stream";
+						break;	
+						case i2p::client::eSAMSocketTypeAcceptor:
+							s << "acceptor";
+						break;
+						default:
+							s << "unknown";
+					}
+					s << " [" << it->GetSocket ().remote_endpoint() << "]";
+					s << "<br>" << std::endl;
+				}	
+			}
+		}	
+	}	
 	
 	void HTTPConnection::StartAcceptingTunnels (std::stringstream& s)
 	{
@@ -863,10 +964,12 @@ namespace util
 			SendToDestination (leaseSet, port, buf, len);
 		else
 		{
-			i2p::data::netdb.RequestDestination (destination, true, i2p::client::context.GetSharedLocalDestination ()->GetTunnelPool ());
+			memcpy (m_Buffer, buf, len);
+			m_BufferLen = len;
+			i2p::client::context.GetSharedLocalDestination ()->RequestDestination (destination);
 			m_Timer.expires_from_now (boost::posix_time::seconds(HTTP_DESTINATION_REQUEST_TIMEOUT));
 			m_Timer.async_wait (boost::bind (&HTTPConnection::HandleDestinationRequestTimeout,
-				this, boost::asio::placeholders::error, destination, port, buf, len));
+				this, boost::asio::placeholders::error, destination, port, m_Buffer, m_BufferLen));
 		}
 	}
 	
@@ -884,10 +987,10 @@ namespace util
 		}
 	}	
 	
-	void HTTPConnection::SendToDestination (const i2p::data::LeaseSet * remote, int port, const char * buf, size_t len)
+	void HTTPConnection::SendToDestination (std::shared_ptr<const i2p::data::LeaseSet> remote, int port, const char * buf, size_t len)
 	{
 		if (!m_Stream)
-			m_Stream = i2p::client::context.GetSharedLocalDestination ()->CreateStream (*remote, port);
+			m_Stream = i2p::client::context.GetSharedLocalDestination ()->CreateStream (remote, port);
 		if (m_Stream)
 		{
 			m_Stream->Send ((uint8_t *)buf, len);

HTTPServer.h

@@ -3,6 +3,7 @@
 
 #include <sstream>
 #include <thread>
+#include <memory>
 #include <boost/asio.hpp>
 #include <boost/array.hpp>
 #include "LeaseSet.h"
@@ -68,6 +69,8 @@ namespace util
 			void ShowTransitTunnels (std::stringstream& s);
 			void ShowLocalDestinations (std::stringstream& s);
 			void ShowLocalDestination (const std::string& b32, std::stringstream& s);
+			void ShowSAMSessions (std::stringstream& s);
+			void ShowSAMSession (const std::string& id, std::stringstream& s);
 			void StartAcceptingTunnels (std::stringstream& s);
 			void StopAcceptingTunnels (std::stringstream& s);
 			void FillContent (std::stringstream& s);
@@ -79,7 +82,7 @@ namespace util
 
 			boost::asio::ip::tcp::socket * m_Socket;
 			boost::asio::deadline_timer m_Timer;
-			i2p::stream::Stream * m_Stream;
+			std::shared_ptr<i2p::stream::Stream> m_Stream;
 			char m_Buffer[HTTP_CONNECTION_BUFFER_SIZE + 1], m_StreamBuffer[HTTP_CONNECTION_BUFFER_SIZE + 1];
 			size_t m_BufferLen;
 			request m_Request;
@@ -92,7 +95,7 @@ namespace util
 			void SendToAddress (const std::string& address, int port, const char * buf, size_t len);
 			void HandleDestinationRequestTimeout (const boost::system::error_code& ecode, 
 				i2p::data::IdentHash destination, int port, const char * buf, size_t len);
-			void SendToDestination (const i2p::data::LeaseSet * remote, int port, const char * buf, size_t len);
+			void SendToDestination (std::shared_ptr<const i2p::data::LeaseSet> remote, int port, const char * buf, size_t len);
 
 		public:
 

I2NPProtocol.cpp

@@ -1,7 +1,6 @@
 #include <string.h>
 #include <atomic>
 #include "I2PEndian.h"
-#include <cryptopp/sha.h>
 #include <cryptopp/gzip.h>
 #include "ElGamal.h"
 #include "Timestamp.h"
@@ -40,31 +39,26 @@ namespace i2p
 	static std::atomic<uint32_t> I2NPmsgID(0); // TODO: create class
 	void FillI2NPMessageHeader (I2NPMessage * msg, I2NPMessageType msgType, uint32_t replyMsgID)
 	{
-		I2NPHeader * header = msg->GetHeader ();
-		header->typeID = msgType;
+		msg->SetTypeID (msgType);
 		if (replyMsgID) // for tunnel creation
-			header->msgID = htobe32 (replyMsgID); 
+			msg->SetMsgID (replyMsgID); 
 		else
 		{	
-			header->msgID = htobe32 (I2NPmsgID);
+			msg->SetMsgID (I2NPmsgID);
 			I2NPmsgID++;
 		}	
-		header->expiration = htobe64 (i2p::util::GetMillisecondsSinceEpoch () + 5000); // TODO: 5 secs is a magic number
-		int len = msg->GetLength () - sizeof (I2NPHeader);
-		header->size = htobe16 (len);
-		uint8_t hash[32];
-		CryptoPP::SHA256().CalculateDigest(hash, msg->GetPayload (), len);
-		header->chks = hash[0];
-	}	
-
+		msg->SetExpiration (i2p::util::GetMillisecondsSinceEpoch () + 5000); // TODO: 5 secs is a magic number
+		msg->UpdateSize ();
+		msg->UpdateChks ();
+	}		
+	
 	void RenewI2NPMessageHeader (I2NPMessage * msg)
 	{
 		if (msg)
 		{
-			I2NPHeader * header = msg->GetHeader ();
-			header->msgID = htobe32 (I2NPmsgID);
+			msg->SetMsgID (I2NPmsgID);
 			I2NPmsgID++;
-			header->expiration = htobe64 (i2p::util::GetMillisecondsSinceEpoch () + 5000); 		
+			msg->SetExpiration (i2p::util::GetMillisecondsSinceEpoch () + 5000); 		
 		}
 	}
 
@@ -77,7 +71,7 @@ namespace i2p
 		return msg;
 	}	
 
-	I2NPMessage * CreateI2NPMessage (const uint8_t * buf, int len, i2p::tunnel::InboundTunnel * from)
+	I2NPMessage * CreateI2NPMessage (const uint8_t * buf, int len, std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
 		I2NPMessage * msg = NewI2NPMessage ();
 		memcpy (msg->GetBuffer (), buf, len);
@@ -88,102 +82,120 @@ namespace i2p
 	
 	I2NPMessage * CreateDeliveryStatusMsg (uint32_t msgID)
 	{
-		I2NPDeliveryStatusMsg msg;
+		I2NPMessage * m = NewI2NPShortMessage ();
+		uint8_t * buf = m->GetPayload ();
 		if (msgID)
 		{
-			msg.msgID = htobe32 (msgID);
-			msg.timestamp = htobe64 (i2p::util::GetMillisecondsSinceEpoch ());
+			htobe32buf (buf + DELIVERY_STATUS_MSGID_OFFSET, msgID);
+			htobe64buf (buf + DELIVERY_STATUS_TIMESTAMP_OFFSET, i2p::util::GetMillisecondsSinceEpoch ());
 		}
 		else // for SSU establishment
 		{
-			msg.msgID = htobe32 (i2p::context.GetRandomNumberGenerator ().GenerateWord32 ());
-			msg.timestamp = htobe64 (2); // netID = 2
- 		}
-		return CreateI2NPMessage (eI2NPDeliveryStatus, (uint8_t *)&msg, sizeof (msg));
+			htobe32buf (buf + DELIVERY_STATUS_MSGID_OFFSET, i2p::context.GetRandomNumberGenerator ().GenerateWord32 ());
+			htobe64buf (buf + DELIVERY_STATUS_TIMESTAMP_OFFSET, 2); // netID = 2
+		}	
+		m->len += DELIVERY_STATUS_SIZE;
+		FillI2NPMessageHeader (m, eI2NPDeliveryStatus);
+		return m;
 	}
 
-	I2NPMessage * CreateDatabaseLookupMsg (const uint8_t * key, const uint8_t * from, 
-		uint32_t replyTunnelID, bool exploratory, std::set<i2p::data::IdentHash> * excludedPeers,
-	    bool encryption, i2p::tunnel::TunnelPool * pool)
+	I2NPMessage * CreateRouterInfoDatabaseLookupMsg (const uint8_t * key, const uint8_t * from, 
+		uint32_t replyTunnelID, bool exploratory, std::set<i2p::data::IdentHash> * excludedPeers)
 	{
-		I2NPMessage * m = NewI2NPMessage ();
+		I2NPMessage * m = NewI2NPShortMessage ();
 		uint8_t * buf = m->GetPayload ();
 		memcpy (buf, key, 32); // key
 		buf += 32;
 		memcpy (buf, from, 32); // from
 		buf += 32;
+		uint8_t flag = exploratory ? DATABASE_LOOKUP_TYPE_EXPLORATORY_LOOKUP : DATABASE_LOOKUP_TYPE_ROUTERINFO_LOOKUP; 
 		if (replyTunnelID)
 		{
-			*buf = encryption ? 0x03: 0x01; // set delivery flag
-			*(uint32_t *)(buf+1) = htobe32 (replyTunnelID);
+			*buf = flag | DATABASE_LOOKUP_DELIVERY_FLAG; // set delivery flag
+			htobe32buf (buf+1, replyTunnelID);
 			buf += 5;
 		}
 		else
 		{	
-			encryption = false; // encryption can we set for tunnels only
-			*buf = 0; // flag
+			*buf = flag; // flag
 			buf++;
 		}	
-		
-		if (exploratory)
+				
+		if (excludedPeers)
 		{
-			*(uint16_t *)buf = htobe16 (1); // one exlude record
+			int cnt = excludedPeers->size ();
+			htobe16buf (buf, cnt);
 			buf += 2;
-			// reply with non-floodfill routers only
-			memset (buf, 0, 32);
-			buf += 32;
+			for (auto& it: *excludedPeers)
+			{
+				memcpy (buf, it, 32);
+				buf += 32;
+			}	
 		}
 		else
-		{
-			if (excludedPeers)
-			{
-				int cnt = excludedPeers->size ();
-				*(uint16_t *)buf = htobe16 (cnt);
-				buf += 2;
-				for (auto& it: *excludedPeers)
-				{
-					memcpy (buf, it, 32);
-					buf += 32;
-				}	
-			}
-			else
-			{	
-				// nothing to exclude
-				*(uint16_t *)buf = htobe16 (0);
-				buf += 2;
-			}	
-		}	
-		if (encryption)
-		{
-			// session key and tag for reply
-			auto& rnd = i2p::context.GetRandomNumberGenerator ();
-			rnd.GenerateBlock (buf, 32); // key
-			buf[32] = 1; // 1 tag
-			rnd.GenerateBlock (buf + 33, 32); // tag
-			if (pool)
-				pool->GetGarlicDestination ().AddSessionKey (buf, buf + 33); // introduce new key-tag to garlic engine
-			else
-				LogPrint ("Destination for encrypteed reply not specified");
-			buf += 65;
-		}	
+		{	
+			// nothing to exclude
+			htobuf16 (buf, 0);
+			buf += 2;
+		}		
+		
 		m->len += (buf - m->GetPayload ()); 
 		FillI2NPMessageHeader (m, eI2NPDatabaseLookup);
 		return m; 
 	}	
 
+	I2NPMessage * CreateLeaseSetDatabaseLookupMsg (const i2p::data::IdentHash& dest, 
+		const std::set<i2p::data::IdentHash>& excludedFloodfills,
+		const i2p::tunnel::InboundTunnel * replyTunnel, const uint8_t * replyKey, const uint8_t * replyTag)
+	{
+		I2NPMessage * m = NewI2NPShortMessage ();
+		uint8_t * buf = m->GetPayload ();
+		memcpy (buf, dest, 32); // key
+		buf += 32;
+		memcpy (buf, replyTunnel->GetNextIdentHash (), 32); // reply tunnel GW
+		buf += 32;
+		*buf = DATABASE_LOOKUP_DELIVERY_FLAG | DATABASE_LOOKUP_ENCYPTION_FLAG | DATABASE_LOOKUP_TYPE_LEASESET_LOOKUP; // flags 
+		htobe32buf (buf + 1, replyTunnel->GetNextTunnelID ()); // reply tunnel ID
+		buf += 5;
+		
+		// excluded
+		int cnt = excludedFloodfills.size ();
+		htobe16buf (buf, cnt);
+		buf += 2;
+		if (cnt > 0)
+		{
+			for (auto& it: excludedFloodfills)
+			{
+				memcpy (buf, it, 32);
+				buf += 32;
+			}
+		}	
+		// encryption
+		memcpy (buf, replyKey, 32);
+		buf[32] = 1; // 1 tag
+		memcpy (buf + 33, replyTag, 32);
+		buf += 65;
+
+		m->len += (buf - m->GetPayload ()); 
+		FillI2NPMessageHeader (m, eI2NPDatabaseLookup);
+		return m; 		  			
+	}		
+			
+	
+
 	I2NPMessage * CreateDatabaseSearchReply (const i2p::data::IdentHash& ident, 
-		const i2p::data::RouterInfo * floodfill)
+		 std::vector<i2p::data::IdentHash> routers)
 	{
 		I2NPMessage * m = NewI2NPShortMessage ();
 		uint8_t * buf = m->GetPayload ();
 		size_t len = 0;
 		memcpy (buf, ident, 32);
 		len += 32;
-		buf[len] = floodfill ? 1 : 0; // 1 router for now
+		buf[len] = routers.size (); 
 		len++;
-		if (floodfill)
+		for (auto it: routers)
 		{
-			memcpy (buf + len, floodfill->GetIdentHash (), 32);
+			memcpy (buf + len, it, 32);
 			len += 32;
 		}	
 		memcpy (buf + len, i2p::context.GetRouterInfo ().GetIdentHash (), 32);
@@ -193,28 +205,36 @@ namespace i2p
 		return m; 
 	}	
 	
-	I2NPMessage * CreateDatabaseStoreMsg (const i2p::data::RouterInfo * router)
+	I2NPMessage * CreateDatabaseStoreMsg (const i2p::data::RouterInfo * router, uint32_t replyToken)
 	{
 		if (!router) // we send own RouterInfo
 			router = &context.GetRouterInfo ();
 
 		I2NPMessage * m = NewI2NPShortMessage ();
-		I2NPDatabaseStoreMsg * msg = (I2NPDatabaseStoreMsg *)m->GetPayload ();		
+		uint8_t * payload = m->GetPayload ();		
+
+		memcpy (payload + DATABASE_STORE_KEY_OFFSET, router->GetIdentHash (), 32);
+		payload[DATABASE_STORE_TYPE_OFFSET] = 0; // RouterInfo
+		htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, replyToken);
+		uint8_t * buf = payload + DATABASE_STORE_HEADER_SIZE;
+		if (replyToken)
+		{
+			memset (buf, 0, 4); // zero tunnelID means direct reply
+			buf += 4;
+			memcpy (buf, router->GetIdentHash (), 32);
+			buf += 32;
+		}		
 
-		memcpy (msg->key, router->GetIdentHash (), 32);
-		msg->type = 0;
-		msg->replyToken = 0;
-		
 		CryptoPP::Gzip compressor;
 		compressor.Put (router->GetBuffer (), router->GetBufferLen ());
 		compressor.MessageEnd();
 		auto size = compressor.MaxRetrievable ();
-		uint8_t * buf = m->GetPayload () + sizeof (I2NPDatabaseStoreMsg);
-		*(uint16_t *)buf = htobe16 (size); // size
+		htobe16buf (buf, size); // size
 		buf += 2;
 		// TODO: check if size doesn't exceed buffer
 		compressor.Get (buf, size); 
-		m->len += sizeof (I2NPDatabaseStoreMsg) + 2 + size; // payload size
+		buf += size;
+		m->len += (buf - payload); // payload size
 		FillI2NPMessageHeader (m, eI2NPDatabaseStore);
 		
 		return m;
@@ -225,23 +245,22 @@ namespace i2p
 		if (!leaseSet) return nullptr;
 		I2NPMessage * m = NewI2NPShortMessage ();
 		uint8_t * payload = m->GetPayload ();	
-		I2NPDatabaseStoreMsg * msg = (I2NPDatabaseStoreMsg *)payload;
-		memcpy (msg->key, leaseSet->GetIdentHash (), 32);
-		msg->type = 1; // LeaseSet
-		msg->replyToken = htobe32 (replyToken);
-		size_t size = sizeof (I2NPDatabaseStoreMsg);
+		memcpy (payload + DATABASE_STORE_KEY_OFFSET, leaseSet->GetIdentHash (), 32);
+		payload[DATABASE_STORE_TYPE_OFFSET] = 1; // LeaseSet
+		htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, replyToken);
+		size_t size = DATABASE_STORE_HEADER_SIZE;
 		if (replyToken)
 		{
 			auto leases = leaseSet->GetNonExpiredLeases ();
 			if (leases.size () > 0)
 			{
-				*(uint32_t *)(payload + size) = htobe32 (leases[0].tunnelID);
+				htobe32buf (payload + size, leases[0].tunnelID);
 				size += 4; // reply tunnelID
 				memcpy (payload + size, leases[0].tunnelGateway, 32);
 				size += 32; // reply tunnel gateway
 			}
 			else
-				msg->replyToken = 0;
+				htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, 0);
 		}
 		memcpy (payload + size, leaseSet->GetBuffer (), leaseSet->GetBufferLen ());
 		size += leaseSet->GetBufferLen ();
@@ -249,73 +268,48 @@ namespace i2p
 		FillI2NPMessageHeader (m, eI2NPDatabaseStore);
 		return m;
 	}
-
-	I2NPBuildRequestRecordClearText CreateBuildRequestRecord (
-		const uint8_t * ourIdent, uint32_t receiveTunnelID, 
-	    const uint8_t * nextIdent, uint32_t nextTunnelID, 
-	    const uint8_t * layerKey,const uint8_t * ivKey,                                                                 
-	    const uint8_t * replyKey, const uint8_t * replyIV, uint32_t nextMessageID,
-	          bool isGateway, bool isEndpoint)
-	{
-		I2NPBuildRequestRecordClearText clearText;	
-		clearText.receiveTunnel = htobe32 (receiveTunnelID); 		
-		clearText.nextTunnel = htobe32(nextTunnelID);
-		memcpy (clearText.layerKey, layerKey, 32);
-		memcpy (clearText.ivKey, ivKey, 32);
-		memcpy (clearText.replyKey, replyKey, 32);
-		memcpy (clearText.replyIV, replyIV, 16);
-		clearText.flag = 0;
-		if (isGateway) clearText.flag |= 0x80;
-		if (isEndpoint) clearText.flag |= 0x40;
-		memcpy (clearText.ourIdent, ourIdent, 32);
-		memcpy (clearText.nextIdent, nextIdent, 32);
-		clearText.requestTime = htobe32 (i2p::util::GetHoursSinceEpoch ()); 
-		clearText.nextMessageID = htobe32(nextMessageID);
-		return clearText;
-	}	
-
-	void EncryptBuildRequestRecord (const i2p::data::RouterInfo& router, 
-		const I2NPBuildRequestRecordClearText& clearText,
-	    I2NPBuildRequestRecordElGamalEncrypted& record)
-	{
-		router.GetElGamalEncryption ()->Encrypt ((uint8_t *)&clearText, sizeof(clearText), record.encrypted);
-		memcpy (record.toPeer, (const uint8_t *)router.GetIdentHash (), 16);
-	}	
 	
-	bool HandleBuildRequestRecords (int num, I2NPBuildRequestRecordElGamalEncrypted * records, I2NPBuildRequestRecordClearText& clearText)
+	bool HandleBuildRequestRecords (int num, uint8_t * records, uint8_t * clearText)
 	{
 		for (int i = 0; i < num; i++)
 		{	
-			if (!memcmp (records[i].toPeer, (const uint8_t *)i2p::context.GetRouterInfo ().GetIdentHash (), 16))
+			uint8_t * record = records + i*TUNNEL_BUILD_RECORD_SIZE;
+			if (!memcmp (record + BUILD_REQUEST_RECORD_TO_PEER_OFFSET, (const uint8_t *)i2p::context.GetRouterInfo ().GetIdentHash (), 16))
 			{	
 				LogPrint ("Record ",i," is ours");	
 			
-				i2p::crypto::ElGamalDecrypt (i2p::context.GetEncryptionPrivateKey (), records[i].encrypted, (uint8_t *)&clearText);
-				// replace record to reply
-				I2NPBuildResponseRecord * reply = (I2NPBuildResponseRecord *)(records + i);				
-				if (i2p::context.AcceptsTunnels ())
+				i2p::crypto::ElGamalDecrypt (i2p::context.GetEncryptionPrivateKey (), record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET, clearText);
+				// replace record to reply			
+				if (i2p::context.AcceptsTunnels () && 
+					i2p::tunnel::tunnels.GetTransitTunnels ().size () <= MAX_NUM_TRANSIT_TUNNELS &&
+					!i2p::transport::transports.IsBandwidthExceeded ())
 				{	
 					i2p::tunnel::TransitTunnel * transitTunnel = 
 						i2p::tunnel::CreateTransitTunnel (
-							be32toh (clearText.receiveTunnel), 
-							clearText.nextIdent, be32toh (clearText.nextTunnel),
-							clearText.layerKey, clearText.ivKey, 
-							clearText.flag & 0x80, clearText.flag & 0x40);
+							bufbe32toh (clearText + BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET), 
+							clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, 
+						    bufbe32toh (clearText + BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
+							clearText + BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET, 
+						    clearText + BUILD_REQUEST_RECORD_IV_KEY_OFFSET, 
+							clearText[BUILD_REQUEST_RECORD_FLAG_OFFSET] & 0x80, 
+						    clearText[BUILD_REQUEST_RECORD_FLAG_OFFSET ] & 0x40);
 					i2p::tunnel::tunnels.AddTransitTunnel (transitTunnel);
-					reply->ret = 0;
+					record[BUILD_RESPONSE_RECORD_RET_OFFSET] = 0;
 				}
 				else
-					reply->ret = 30; // always reject with bandwidth reason (30)
+					record[BUILD_RESPONSE_RECORD_RET_OFFSET] = 30; // always reject with bandwidth reason (30)
 				
 				//TODO: fill filler
-				CryptoPP::SHA256().CalculateDigest(reply->hash, reply->padding, sizeof (reply->padding) + 1); // + 1 byte of ret
+				CryptoPP::SHA256().CalculateDigest(record + BUILD_RESPONSE_RECORD_HASH_OFFSET, 
+					record + BUILD_RESPONSE_RECORD_PADDING_OFFSET, BUILD_RESPONSE_RECORD_PADDING_SIZE + 1); // + 1 byte of ret
 				// encrypt reply
 				i2p::crypto::CBCEncryption encryption;
 				for (int j = 0; j < num; j++)
 				{
-					encryption.SetKey (clearText.replyKey);
-					encryption.SetIV (clearText.replyIV);
-					encryption.Encrypt((uint8_t *)(records + j), sizeof (records[j]), (uint8_t *)(records + j)); 
+					encryption.SetKey (clearText + BUILD_REQUEST_RECORD_REPLY_KEY_OFFSET);
+					encryption.SetIV (clearText + BUILD_REQUEST_RECORD_REPLY_IV_OFFSET);
+					uint8_t * reply = records + j*TUNNEL_BUILD_RECORD_SIZE;
+					encryption.Encrypt(reply, TUNNEL_BUILD_RECORD_SIZE, reply); 
 				}
 				return true;
 			}	
@@ -328,7 +322,7 @@ namespace i2p
 		int num = buf[0];
 		LogPrint ("VariableTunnelBuild ", num, " records");
 
-		i2p::tunnel::Tunnel * tunnel =  i2p::tunnel::tunnels.GetPendingTunnel (replyMsgID);
+		auto tunnel =  i2p::tunnel::tunnels.GetPendingInboundTunnel (replyMsgID);
 		if (tunnel)
 		{
 			// endpoint of inbound tunnel
@@ -337,7 +331,7 @@ namespace i2p
 			{
 				LogPrint ("Inbound tunnel ", tunnel->GetTunnelID (), " has been created");
 				tunnel->SetState (i2p::tunnel::eTunnelStateEstablished);	
-				i2p::tunnel::tunnels.AddInboundTunnel (static_cast<i2p::tunnel::InboundTunnel *>(tunnel));
+				i2p::tunnel::tunnels.AddInboundTunnel (tunnel);
 			}
 			else
 			{
@@ -347,48 +341,49 @@ namespace i2p
 		}
 		else
 		{
-			I2NPBuildRequestRecordElGamalEncrypted * records = (I2NPBuildRequestRecordElGamalEncrypted *)(buf+1); 
-			I2NPBuildRequestRecordClearText clearText;	
-			if (HandleBuildRequestRecords (num, records, clearText))
+			uint8_t clearText[BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE];	
+			if (HandleBuildRequestRecords (num, buf + 1, clearText))
 			{
-				if (clearText.flag & 0x40) // we are endpoint of outboud tunnel
+				if (clearText[BUILD_REQUEST_RECORD_FLAG_OFFSET] & 0x40) // we are endpoint of outboud tunnel
 				{
 					// so we send it to reply tunnel 
-					transports.SendMessage (clearText.nextIdent, 
-						CreateTunnelGatewayMsg (be32toh (clearText.nextTunnel),
+					transports.SendMessage (clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, 
+						CreateTunnelGatewayMsg (bufbe32toh (clearText + BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
 							eI2NPVariableTunnelBuildReply, buf, len, 
-						    be32toh (clearText.nextMessageID)));                         
+						    bufbe32toh (clearText + BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET)));                         
 				}	
 				else	
-					transports.SendMessage (clearText.nextIdent, 
-						CreateI2NPMessage (eI2NPVariableTunnelBuild, buf, len, be32toh (clearText.nextMessageID)));
+					transports.SendMessage (clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, 
+						CreateI2NPMessage (eI2NPVariableTunnelBuild, buf, len, 
+							bufbe32toh (clearText + BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET)));
 			}	
 		}	
 	}
 
 	void HandleTunnelBuildMsg (uint8_t * buf, size_t len)
 	{
-		I2NPBuildRequestRecordClearText clearText;	
-		if (HandleBuildRequestRecords (NUM_TUNNEL_BUILD_RECORDS, (I2NPBuildRequestRecordElGamalEncrypted *)buf, clearText))
+		uint8_t clearText[BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE];	
+		if (HandleBuildRequestRecords (NUM_TUNNEL_BUILD_RECORDS, buf, clearText))
 		{
-			if (clearText.flag & 0x40) // we are endpoint of outbound tunnel
+			if (clearText[BUILD_REQUEST_RECORD_FLAG_OFFSET] & 0x40) // we are endpoint of outbound tunnel
 			{
 				// so we send it to reply tunnel 
-				transports.SendMessage (clearText.nextIdent, 
-					CreateTunnelGatewayMsg (be32toh (clearText.nextTunnel),
+				transports.SendMessage (clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, 
+					CreateTunnelGatewayMsg (bufbe32toh (clearText + BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
 						eI2NPTunnelBuildReply, buf, len, 
-					    be32toh (clearText.nextMessageID)));                         
+					    bufbe32toh (clearText + BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET)));                         
 			}	
 			else	
-				transports.SendMessage (clearText.nextIdent, 
-					CreateI2NPMessage (eI2NPTunnelBuild, buf, len, be32toh (clearText.nextMessageID)));
+				transports.SendMessage (clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, 
+					CreateI2NPMessage (eI2NPTunnelBuild, buf, len, 
+						bufbe32toh (clearText + BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET)));
 		} 
 	}
 
 	void HandleVariableTunnelBuildReplyMsg (uint32_t replyMsgID, uint8_t * buf, size_t len)
 	{	
 		LogPrint ("VariableTunnelBuildReplyMsg replyMsgID=", replyMsgID);
-		i2p::tunnel::Tunnel * tunnel = i2p::tunnel::tunnels.GetPendingTunnel (replyMsgID);
+		auto tunnel = i2p::tunnel::tunnels.GetPendingOutboundTunnel (replyMsgID);
 		if (tunnel)
 		{	
 			// reply for outbound tunnel
@@ -396,7 +391,7 @@ namespace i2p
 			{	
 				LogPrint ("Outbound tunnel ", tunnel->GetTunnelID (), " has been created");
 				tunnel->SetState (i2p::tunnel::eTunnelStateEstablished);	
-				i2p::tunnel::tunnels.AddOutboundTunnel (static_cast<i2p::tunnel::OutboundTunnel *>(tunnel));
+				i2p::tunnel::tunnels.AddOutboundTunnel (tunnel);
 			}	
 			else
 			{
@@ -411,7 +406,7 @@ namespace i2p
 
 	I2NPMessage * CreateTunnelDataMsg (const uint8_t * buf)
 	{
-		I2NPMessage * msg = NewI2NPMessage ();
+		I2NPMessage * msg = NewI2NPShortMessage ();
 		memcpy (msg->GetPayload (), buf, i2p::tunnel::TUNNEL_DATA_MSG_SIZE);
 		msg->len += i2p::tunnel::TUNNEL_DATA_MSG_SIZE; 
 		FillI2NPMessageHeader (msg, eI2NPTunnelData);
@@ -420,9 +415,9 @@ namespace i2p
 
 	I2NPMessage * CreateTunnelDataMsg (uint32_t tunnelID, const uint8_t * payload)	
 	{
-		I2NPMessage * msg = NewI2NPMessage ();
+		I2NPMessage * msg = NewI2NPShortMessage ();
 		memcpy (msg->GetPayload () + 4, payload, i2p::tunnel::TUNNEL_DATA_MSG_SIZE - 4);
-		*(uint32_t *)(msg->GetPayload ()) = htobe32 (tunnelID);
+		htobe32buf (msg->GetPayload (), tunnelID);
 		msg->len += i2p::tunnel::TUNNEL_DATA_MSG_SIZE; 
 		FillI2NPMessageHeader (msg, eI2NPTunnelData);
 		return msg;
@@ -431,26 +426,26 @@ namespace i2p
 	I2NPMessage * CreateTunnelGatewayMsg (uint32_t tunnelID, const uint8_t * buf, size_t len)
 	{
 		I2NPMessage * msg = NewI2NPMessage (len);
-		TunnelGatewayHeader * header = (TunnelGatewayHeader *)msg->GetPayload ();
-		header->tunnelID = htobe32 (tunnelID);
-		header->length = htobe16 (len);
-		memcpy (msg->GetPayload () + sizeof (TunnelGatewayHeader), buf, len);
-		msg->len += sizeof (TunnelGatewayHeader) + len;
+		uint8_t * payload = msg->GetPayload ();
+		htobe32buf (payload + TUNNEL_GATEWAY_HEADER_TUNNELID_OFFSET, tunnelID);
+		htobe16buf (payload + TUNNEL_GATEWAY_HEADER_LENGTH_OFFSET, len);
+		memcpy (payload + TUNNEL_GATEWAY_HEADER_SIZE, buf, len);
+		msg->len += TUNNEL_GATEWAY_HEADER_SIZE + len;
 		FillI2NPMessageHeader (msg, eI2NPTunnelGateway);
 		return msg;
 	}	
 
 	I2NPMessage * CreateTunnelGatewayMsg (uint32_t tunnelID, I2NPMessage * msg)
 	{
-		if (msg->offset >= sizeof (I2NPHeader) + sizeof (TunnelGatewayHeader))
+		if (msg->offset >= I2NP_HEADER_SIZE + TUNNEL_GATEWAY_HEADER_SIZE)
 		{
 			// message is capable to be used without copying
-			TunnelGatewayHeader * header = (TunnelGatewayHeader *)(msg->GetBuffer () - sizeof (TunnelGatewayHeader));
-			header->tunnelID = htobe32 (tunnelID);
+			uint8_t * payload = msg->GetBuffer () - TUNNEL_GATEWAY_HEADER_SIZE;
+			htobe32buf (payload + TUNNEL_GATEWAY_HEADER_TUNNELID_OFFSET, tunnelID);
 			int len = msg->GetLength ();
-			header->length = htobe16 (len);
-			msg->offset -= (sizeof (I2NPHeader) + sizeof (TunnelGatewayHeader));
-			msg->len = msg->offset + sizeof (I2NPHeader) + sizeof (TunnelGatewayHeader) +len;
+			htobe16buf (payload + TUNNEL_GATEWAY_HEADER_LENGTH_OFFSET, len);
+			msg->offset -= (I2NP_HEADER_SIZE + TUNNEL_GATEWAY_HEADER_SIZE);
+			msg->len = msg->offset + I2NP_HEADER_SIZE + TUNNEL_GATEWAY_HEADER_SIZE +len;
 			FillI2NPMessageHeader (msg, eI2NPTunnelGateway);
 			return msg;
 		}
@@ -466,7 +461,7 @@ namespace i2p
 		const uint8_t * buf, size_t len, uint32_t replyMsgID)
 	{
 		I2NPMessage * msg = NewI2NPMessage (len);
-		size_t gatewayMsgOffset = sizeof (I2NPHeader) + sizeof (TunnelGatewayHeader);
+		size_t gatewayMsgOffset = I2NP_HEADER_SIZE + TUNNEL_GATEWAY_HEADER_SIZE;
 		msg->offset += gatewayMsgOffset;
 		msg->len += gatewayMsgOffset;
 		memcpy (msg->GetPayload (), buf, len);
@@ -474,56 +469,27 @@ namespace i2p
 		FillI2NPMessageHeader (msg, msgType, replyMsgID); // create content message
 		len = msg->GetLength ();
 		msg->offset -= gatewayMsgOffset;
-		TunnelGatewayHeader * header = (TunnelGatewayHeader *)msg->GetPayload ();
-		header->tunnelID = htobe32 (tunnelID);
-		header->length = htobe16 (len);
+		uint8_t * payload = msg->GetPayload ();
+		htobe32buf (payload + TUNNEL_GATEWAY_HEADER_TUNNELID_OFFSET, tunnelID);
+		htobe16buf (payload + TUNNEL_GATEWAY_HEADER_LENGTH_OFFSET, len);
 		FillI2NPMessageHeader (msg, eI2NPTunnelGateway); // gateway message
 		return msg;
 	}	
-	
-	void HandleTunnelGatewayMsg (I2NPMessage * msg)
-	{		
-		TunnelGatewayHeader * header = (TunnelGatewayHeader *)msg->GetPayload ();
-		uint32_t tunnelID = be32toh(header->tunnelID);
-		uint16_t len = be16toh(header->length);
-		// we make payload as new I2NP message to send
-		msg->offset += sizeof (I2NPHeader) + sizeof (TunnelGatewayHeader);
-		msg->len = msg->offset + len;
-		LogPrint ("TunnelGateway of ", (int)len, " bytes for tunnel ", (unsigned int)tunnelID, ". Msg type ", (int)msg->GetHeader()->typeID);
-		if (msg->GetHeader()->typeID == eI2NPDatabaseStore ||
-		    msg->GetHeader()->typeID == eI2NPDatabaseSearchReply)
-		{
-			// transit DatabaseStore my contain new/updated RI 
-			// or DatabaseSearchReply with new routers
-			auto ds = NewI2NPMessage ();
-			*ds = *msg;
-			i2p::data::netdb.PostI2NPMsg (ds);
-		}	
-		i2p::tunnel::TransitTunnel * tunnel =  i2p::tunnel::tunnels.GetTransitTunnel (tunnelID);
-		if (tunnel)
-			tunnel->SendTunnelDataMsg (msg);
-		else
-		{	
-			LogPrint ("Tunnel ", (unsigned int)tunnelID, " not found");
-			i2p::DeleteI2NPMessage (msg);
-		}	
-	}	
 
 	size_t GetI2NPMessageLength (const uint8_t * msg)
 	{
-		I2NPHeader * header = (I2NPHeader *)msg;
-		return be16toh (header->size) + sizeof (I2NPHeader);
+		return bufbe16toh (msg + I2NP_HEADER_SIZE_OFFSET) + I2NP_HEADER_SIZE;
 	}	
 	
 	void HandleI2NPMessage (uint8_t * msg, size_t len)
 	{
-		I2NPHeader * header = (I2NPHeader *)msg;
-		uint32_t msgID = be32toh (header->msgID);	
-		LogPrint ("I2NP msg received len=", len,", type=", (int)header->typeID, ", msgID=", (unsigned int)msgID);
+		uint8_t typeID = msg[I2NP_HEADER_TYPEID_OFFSET];
+		uint32_t msgID = bufbe32toh (msg + I2NP_HEADER_MSGID_OFFSET);	
+		LogPrint ("I2NP msg received len=", len,", type=", (int)typeID, ", msgID=", (unsigned int)msgID);
 
-		uint8_t * buf = msg + sizeof (I2NPHeader);
-		int size = be16toh (header->size);
-		switch (header->typeID)
+		uint8_t * buf = msg + I2NP_HEADER_SIZE;
+		int size = bufbe16toh (msg + I2NP_HEADER_SIZE_OFFSET);
+		switch (typeID)
 		{	
 			case eI2NPVariableTunnelBuild:
 				LogPrint ("VariableTunnelBuild");
@@ -542,7 +508,7 @@ namespace i2p
 				// TODO:
 			break;	
 			default:
-				LogPrint ("Unexpected message ", (int)header->typeID);
+				LogPrint ("Unexpected message ", (int)typeID);
 		}	
 	}
 
@@ -550,7 +516,7 @@ namespace i2p
 	{
 		if (msg)
 		{	
-			switch (msg->GetHeader ()->typeID)
+			switch (msg->GetTypeID ())
 			{	
 				case eI2NPTunnelData:
 					LogPrint ("TunnelData");
@@ -558,12 +524,20 @@ namespace i2p
 				break;	
 				case eI2NPTunnelGateway:
 					LogPrint ("TunnelGateway");
-					HandleTunnelGatewayMsg (msg);
+					i2p::tunnel::tunnels.PostTunnelData (msg);
 				break;
 				case eI2NPGarlic:
 					LogPrint ("Garlic");
-					if (msg->from && msg->from->GetTunnelPool ())
-						msg->from->GetTunnelPool ()->GetGarlicDestination ().ProcessGarlicMessage (msg);
+					if (msg->from)
+					{
+						if (msg->from->GetTunnelPool ())
+							msg->from->GetTunnelPool ()->ProcessGarlicMessage (msg);
+						else
+						{
+							LogPrint (eLogInfo, "Local destination for garlic doesn't exist anymore");
+							DeleteI2NPMessage (msg);
+						}	
+					}
 					else
 						i2p::context.ProcessGarlicMessage (msg); 
 				break;
@@ -580,10 +554,54 @@ namespace i2p
 					else
 						i2p::context.ProcessDeliveryStatusMessage (msg);
 				break;	
+				case eI2NPVariableTunnelBuild:		
+				case eI2NPVariableTunnelBuildReply:
+				case eI2NPTunnelBuild:
+				case eI2NPTunnelBuildReply:	
+					// forward to tunnel thread
+					i2p::tunnel::tunnels.PostTunnelData (msg);
+				break;	
 				default:
 					HandleI2NPMessage (msg->GetBuffer (), msg->GetLength ());
 					DeleteI2NPMessage (msg);
 			}	
 		}	
 	}	
+
+	I2NPMessagesHandler::~I2NPMessagesHandler ()
+	{
+		Flush ();
+	}
+	
+	void I2NPMessagesHandler::PutNextMessage (I2NPMessage * msg)
+	{
+		if (msg)
+		{
+			switch (msg->GetTypeID ())
+			{	
+				case eI2NPTunnelData:
+					m_TunnelMsgs.push_back (msg);
+				break;
+				case eI2NPTunnelGateway:	
+					m_TunnelGatewayMsgs.push_back (msg);
+				break;	
+				default:
+					HandleI2NPMessage (msg);
+			}		
+		}	
+	}
+	
+	void I2NPMessagesHandler::Flush ()
+	{
+		if (!m_TunnelMsgs.empty ())
+		{	
+			i2p::tunnel::tunnels.PostTunnelData (m_TunnelMsgs);
+			m_TunnelMsgs.clear ();
+		}	
+		if (!m_TunnelGatewayMsgs.empty ())
+		{	
+			i2p::tunnel::tunnels.PostTunnelData (m_TunnelGatewayMsgs);
+			m_TunnelGatewayMsgs.clear ();
+		}	
+	}	
 }

I2NPProtocol.h

@@ -2,81 +2,73 @@
 #define I2NP_PROTOCOL_H__
 
 #include <inttypes.h>
-#include <set>
 #include <string.h>
+#include <set>
+#include <memory>
+#include <cryptopp/sha.h>
 #include "I2PEndian.h"
+#include "Identity.h"
 #include "RouterInfo.h"
 #include "LeaseSet.h"
 
 namespace i2p
-{
-#pragma pack (1)
+{	
+	// I2NP header
+	const size_t I2NP_HEADER_TYPEID_OFFSET = 0;
+	const size_t I2NP_HEADER_MSGID_OFFSET = I2NP_HEADER_TYPEID_OFFSET + 1;
+	const size_t I2NP_HEADER_EXPIRATION_OFFSET = I2NP_HEADER_MSGID_OFFSET + 4;
+	const size_t I2NP_HEADER_SIZE_OFFSET = I2NP_HEADER_EXPIRATION_OFFSET + 8;
+	const size_t I2NP_HEADER_CHKS_OFFSET = I2NP_HEADER_SIZE_OFFSET + 2;
+	const size_t I2NP_HEADER_SIZE = I2NP_HEADER_CHKS_OFFSET + 1;
 
-	struct I2NPHeader
-	{
-		uint8_t typeID;
-		uint32_t msgID;
-		uint64_t expiration;
-		uint16_t size;
-		uint8_t chks;
-	};	
-
-	struct I2NPHeaderShort
-	{
-		uint8_t typeID;
-		uint32_t shortExpiration;
-	};	
-
-	struct I2NPDatabaseStoreMsg
-	{
-		uint8_t key[32];
-		uint8_t type;
-		uint32_t replyToken;	
-	};
-
-	struct I2NPDeliveryStatusMsg
-	{
-		uint32_t msgID;
-		uint64_t timestamp;
-	};
+	// I2NP short header
+	const size_t I2NP_SHORT_HEADER_TYPEID_OFFSET = 0;
+	const size_t I2NP_SHORT_HEADER_EXPIRATION_OFFSET = I2NP_SHORT_HEADER_TYPEID_OFFSET + 1;
+	const size_t I2NP_SHORT_HEADER_SIZE = I2NP_SHORT_HEADER_EXPIRATION_OFFSET + 4;
 	
-	struct I2NPBuildRequestRecordClearText
-	{
-		uint32_t receiveTunnel;
-		uint8_t ourIdent[32];
-		uint32_t nextTunnel;
-		uint8_t nextIdent[32];
-		uint8_t layerKey[32];
-		uint8_t ivKey[32];
-		uint8_t replyKey[32];
-		uint8_t replyIV[16];
-		uint8_t flag;
-		uint32_t requestTime;
-		uint32_t nextMessageID;	
-		uint8_t filler[29];
-	};
+	// Tunnel Gateway header
+	const size_t TUNNEL_GATEWAY_HEADER_TUNNELID_OFFSET = 0;
+	const size_t TUNNEL_GATEWAY_HEADER_LENGTH_OFFSET = TUNNEL_GATEWAY_HEADER_TUNNELID_OFFSET + 4;
+	const size_t TUNNEL_GATEWAY_HEADER_SIZE = TUNNEL_GATEWAY_HEADER_LENGTH_OFFSET + 2;
 
-	struct I2NPBuildResponseRecord
-	{
-		uint8_t hash[32];
-		uint8_t padding[495];
-		uint8_t ret;
-	};	
+	// DeliveryStatus	
+	const size_t DELIVERY_STATUS_MSGID_OFFSET = 0;
+	const size_t DELIVERY_STATUS_TIMESTAMP_OFFSET = DELIVERY_STATUS_MSGID_OFFSET + 4;
+	const size_t DELIVERY_STATUS_SIZE = DELIVERY_STATUS_TIMESTAMP_OFFSET + 8;
+
+	// DatabaseStore
+	const size_t DATABASE_STORE_KEY_OFFSET = 0;
+	const size_t DATABASE_STORE_TYPE_OFFSET = DATABASE_STORE_KEY_OFFSET + 32;
+	const size_t DATABASE_STORE_REPLY_TOKEN_OFFSET = DATABASE_STORE_TYPE_OFFSET + 1;
+	const size_t DATABASE_STORE_HEADER_SIZE = DATABASE_STORE_REPLY_TOKEN_OFFSET + 4;
+
+	// TunnelBuild	
+	const size_t TUNNEL_BUILD_RECORD_SIZE = 528;
+
+	//BuildRequestRecordClearText
+	const size_t BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET = 0;
+	const size_t BUILD_REQUEST_RECORD_OUR_IDENT_OFFSET = BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET + 4;
+	const size_t BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET = BUILD_REQUEST_RECORD_OUR_IDENT_OFFSET + 32;
+	const size_t BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET = BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET + 4;
+	const size_t BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET = BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET + 32;
+	const size_t BUILD_REQUEST_RECORD_IV_KEY_OFFSET = BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET + 32;
+	const size_t BUILD_REQUEST_RECORD_REPLY_KEY_OFFSET = BUILD_REQUEST_RECORD_IV_KEY_OFFSET + 32;
+	const size_t BUILD_REQUEST_RECORD_REPLY_IV_OFFSET = BUILD_REQUEST_RECORD_REPLY_KEY_OFFSET + 32;
+	const size_t BUILD_REQUEST_RECORD_FLAG_OFFSET = BUILD_REQUEST_RECORD_REPLY_IV_OFFSET + 16;
+	const size_t BUILD_REQUEST_RECORD_REQUEST_TIME_OFFSET = BUILD_REQUEST_RECORD_FLAG_OFFSET + 1;
+	const size_t BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET = BUILD_REQUEST_RECORD_REQUEST_TIME_OFFSET + 4;
+	const size_t BUILD_REQUEST_RECORD_PADDING_OFFSET = BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET + 4;
+	const size_t BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE = 222;
 	
-	struct I2NPBuildRequestRecordElGamalEncrypted
-	{
-		uint8_t toPeer[16];
-		uint8_t encrypted[512];
-	};
-
-	struct TunnelGatewayHeader
-	{
-		uint32_t tunnelID;
-		uint16_t length;
-	};		
-
+	// BuildRequestRecordEncrypted	
+	const size_t BUILD_REQUEST_RECORD_TO_PEER_OFFSET = 0;
+	const size_t BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET = BUILD_REQUEST_RECORD_TO_PEER_OFFSET + 16;
 	
-#pragma pack ()	
+	// BuildResponseRecord
+	const size_t BUILD_RESPONSE_RECORD_HASH_OFFSET = 0;
+	const size_t BUILD_RESPONSE_RECORD_PADDING_OFFSET = 32;
+	const size_t BUILD_RESPONSE_RECORD_PADDING_SIZE = 495;
+	const size_t BUILD_RESPONSE_RECORD_RET_OFFSET = BUILD_RESPONSE_RECORD_PADDING_OFFSET + BUILD_RESPONSE_RECORD_PADDING_SIZE;
 
 	enum I2NPMessageType
 	{
@@ -96,6 +88,17 @@ namespace i2p
 
 	const int NUM_TUNNEL_BUILD_RECORDS = 8;	
 
+	// DatabaseLookup flags
+	const uint8_t DATABASE_LOOKUP_DELIVERY_FLAG = 0x01;
+	const uint8_t DATABASE_LOOKUP_ENCYPTION_FLAG = 0x02;	
+	const uint8_t DATABASE_LOOKUP_TYPE_FLAGS_MASK = 0x0C;
+	const uint8_t DATABASE_LOOKUP_TYPE_NORMAL_LOOKUP = 0;
+	const uint8_t DATABASE_LOOKUP_TYPE_LEASESET_LOOKUP = 0x04; // 0100
+	const uint8_t DATABASE_LOOKUP_TYPE_ROUTERINFO_LOOKUP = 0x08; // 1000			
+	const uint8_t DATABASE_LOOKUP_TYPE_EXPLORATORY_LOOKUP = 0x0C; // 1100
+
+	const int MAX_NUM_TRANSIT_TUNNELS = 2500;
+
 namespace tunnel
 {		
 	class InboundTunnel;
@@ -103,21 +106,53 @@ namespace tunnel
 }
 
 	const size_t I2NP_MAX_MESSAGE_SIZE = 32768; 
-	const size_t I2NP_MAX_SHORT_MESSAGE_SIZE = 2400; 
+	const size_t I2NP_MAX_SHORT_MESSAGE_SIZE = 4096; 
 	struct I2NPMessage
 	{	
 		uint8_t * buf;	
 		size_t len, offset, maxLen;
-		i2p::tunnel::InboundTunnel * from;
+		std::shared_ptr<i2p::tunnel::InboundTunnel> from;
 		
-		I2NPMessage (): buf (nullptr),len (sizeof (I2NPHeader) + 2), 
-			offset(2), maxLen (0), from (nullptr) {}; 
-		// reserve 2 bytes for NTCP header
-		I2NPHeader * GetHeader () { return (I2NPHeader *)GetBuffer (); };
-		uint8_t * GetPayload () { return GetBuffer () + sizeof(I2NPHeader); };
+		I2NPMessage (): buf (nullptr),len (I2NP_HEADER_SIZE + 2), 
+			offset(2), maxLen (0), from (nullptr) {};  // reserve 2 bytes for NTCP header
+	
+		// header accessors
+		uint8_t * GetHeader () { return GetBuffer (); };
+		const uint8_t * GetHeader () const { return GetBuffer (); };
+		void SetTypeID (uint8_t typeID) { GetHeader ()[I2NP_HEADER_TYPEID_OFFSET] = typeID; };
+		uint8_t GetTypeID () const { return GetHeader ()[I2NP_HEADER_TYPEID_OFFSET]; };
+		void SetMsgID (uint32_t msgID) { htobe32buf (GetHeader () + I2NP_HEADER_MSGID_OFFSET, msgID); };
+		uint32_t GetMsgID () const { return bufbe32toh (GetHeader () + I2NP_HEADER_MSGID_OFFSET); };
+		void SetExpiration (uint64_t expiration) { htobe64buf (GetHeader () + I2NP_HEADER_EXPIRATION_OFFSET, expiration); };
+		uint64_t GetExpiration () const { return bufbe64toh (GetHeader () + I2NP_HEADER_EXPIRATION_OFFSET); };
+		void SetSize (uint16_t size) { htobe16buf (GetHeader () + I2NP_HEADER_SIZE_OFFSET, size); };
+		uint16_t GetSize () const { return bufbe16toh (GetHeader () + I2NP_HEADER_SIZE_OFFSET); };
+		void UpdateSize () { SetSize (GetPayloadLength ()); };	
+		void SetChks (uint8_t chks) { GetHeader ()[I2NP_HEADER_CHKS_OFFSET] = chks; };
+		void UpdateChks () 
+		{
+			uint8_t hash[32];
+			CryptoPP::SHA256().CalculateDigest(hash, GetPayload (), GetPayloadLength ());
+			GetHeader ()[I2NP_HEADER_CHKS_OFFSET] = hash[0];
+		}	
+		
+		// payload
+		uint8_t * GetPayload () { return GetBuffer () + I2NP_HEADER_SIZE; };
 		uint8_t * GetBuffer () { return buf + offset; };
 		const uint8_t * GetBuffer () const { return buf + offset; };
-		size_t GetLength () const { return len - offset; };
+		size_t GetLength () const { return len - offset; };	
+		size_t GetPayloadLength () const { return GetLength () - I2NP_HEADER_SIZE; };	
+			
+		void Align (size_t alignment) 
+		{
+			if (len + alignment > maxLen) return;
+			size_t rem = ((size_t)GetBuffer ()) % alignment;
+			if (rem)
+			{
+				offset += (alignment - rem);
+				len += (alignment - rem);
+			}	
+		}
 
 		I2NPMessage& operator=(const I2NPMessage& other)
 		{
@@ -128,25 +163,25 @@ namespace tunnel
 		}	
 
 		// for SSU only
-		uint8_t * GetSSUHeader () { return buf + offset + sizeof(I2NPHeader) - sizeof(I2NPHeaderShort); };	
+		uint8_t * GetSSUHeader () { return buf + offset + I2NP_HEADER_SIZE - I2NP_SHORT_HEADER_SIZE; };	
 		void FromSSU (uint32_t msgID) // we have received SSU message and convert it to regular
 		{
-			I2NPHeaderShort ssu = *(I2NPHeaderShort *)GetSSUHeader ();
-			I2NPHeader * header = GetHeader ();
-			header->typeID = ssu.typeID;
-			header->msgID = htobe32 (msgID);
-			header->expiration = htobe64 (be32toh (ssu.shortExpiration)*1000LL);
-			header->size = htobe16 (len - offset - sizeof (I2NPHeader));
-			header->chks = 0;
+			const uint8_t * ssu = GetSSUHeader ();
+			GetHeader ()[I2NP_HEADER_TYPEID_OFFSET] = ssu[I2NP_SHORT_HEADER_TYPEID_OFFSET]; // typeid
+			SetMsgID (msgID);
+			SetExpiration (bufbe32toh (ssu + I2NP_SHORT_HEADER_EXPIRATION_OFFSET)*1000LL);
+			SetSize (len - offset - I2NP_HEADER_SIZE);
+			SetChks (0);
 		}
 		uint32_t ToSSU () // return msgID
 		{
-			I2NPHeader header = *GetHeader ();
-			I2NPHeaderShort * ssu = (I2NPHeaderShort *)GetSSUHeader ();
-			ssu->typeID = header.typeID;
-			ssu->shortExpiration = htobe32 (be64toh (header.expiration)/1000LL); 
-			len = offset + sizeof (I2NPHeaderShort) + be16toh (header.size);
-			return be32toh (header.msgID);
+			uint8_t header[I2NP_HEADER_SIZE];
+			memcpy (header, GetHeader (), I2NP_HEADER_SIZE);
+			uint8_t * ssu = GetSSUHeader ();
+			ssu[I2NP_SHORT_HEADER_TYPEID_OFFSET] = header[I2NP_HEADER_TYPEID_OFFSET]; // typeid
+			htobe32buf (ssu + I2NP_SHORT_HEADER_EXPIRATION_OFFSET, bufbe64toh (header + I2NP_HEADER_EXPIRATION_OFFSET)/1000LL);
+			len = offset + I2NP_SHORT_HEADER_SIZE + bufbe16toh (header + I2NP_HEADER_SIZE_OFFSET);
+			return bufbe32toh (header + I2NP_HEADER_MSGID_OFFSET);
 		}	
 	};	
 
@@ -154,7 +189,7 @@ namespace tunnel
 	struct I2NPMessageBuffer: public I2NPMessage
 	{
 		I2NPMessageBuffer () { buf = m_Buffer; maxLen = sz; };
-		uint8_t m_Buffer[sz];
+		uint8_t m_Buffer[sz + 16];
 	};
 
 	I2NPMessage * NewI2NPMessage ();
@@ -164,29 +199,20 @@ namespace tunnel
 	void FillI2NPMessageHeader (I2NPMessage * msg, I2NPMessageType msgType, uint32_t replyMsgID = 0);
 	void RenewI2NPMessageHeader (I2NPMessage * msg);
 	I2NPMessage * CreateI2NPMessage (I2NPMessageType msgType, const uint8_t * buf, int len, uint32_t replyMsgID = 0);	
-	I2NPMessage * CreateI2NPMessage (const uint8_t * buf, int len, i2p::tunnel::InboundTunnel * from = nullptr);
+	I2NPMessage * CreateI2NPMessage (const uint8_t * buf, int len, std::shared_ptr<i2p::tunnel::InboundTunnel> from = nullptr);
 	
 	I2NPMessage * CreateDeliveryStatusMsg (uint32_t msgID);
-	I2NPMessage * CreateDatabaseLookupMsg (const uint8_t * key, const uint8_t * from, 
-		uint32_t replyTunnelID, bool exploratory = false, 
-	    std::set<i2p::data::IdentHash> * excludedPeers = nullptr, bool encryption = false,
-	    i2p::tunnel::TunnelPool * pool = nullptr);
-	I2NPMessage * CreateDatabaseSearchReply (const i2p::data::IdentHash& ident, const i2p::data::RouterInfo * floodfill);
+	I2NPMessage * CreateRouterInfoDatabaseLookupMsg (const uint8_t * key, const uint8_t * from, 
+		uint32_t replyTunnelID, bool exploratory = false, std::set<i2p::data::IdentHash> * excludedPeers = nullptr);
+	I2NPMessage * CreateLeaseSetDatabaseLookupMsg (const i2p::data::IdentHash& dest, 
+		const std::set<i2p::data::IdentHash>& excludedFloodfills,
+		const i2p::tunnel::InboundTunnel * replyTunnel, const uint8_t * replyKey, const uint8_t * replyTag);
+	I2NPMessage * CreateDatabaseSearchReply (const i2p::data::IdentHash& ident, std::vector<i2p::data::IdentHash> routers);
 	
-	I2NPMessage * CreateDatabaseStoreMsg (const i2p::data::RouterInfo * router = nullptr);
+	I2NPMessage * CreateDatabaseStoreMsg (const i2p::data::RouterInfo * router = nullptr, uint32_t replyToken = 0);
 	I2NPMessage * CreateDatabaseStoreMsg (const i2p::data::LeaseSet * leaseSet, uint32_t replyToken = 0);		
-
-	I2NPBuildRequestRecordClearText CreateBuildRequestRecord (
-		const uint8_t * ourIdent, uint32_t receiveTunnelID, 
-	    const uint8_t * nextIdent, uint32_t nextTunnelID, 
-	    const uint8_t * layerKey,const uint8_t * ivKey,                                                                 
-	    const uint8_t * replyKey, const uint8_t * replyIV, uint32_t nextMessageID,
-	          bool isGateway, bool isEndpoint);
-	void EncryptBuildRequestRecord (const i2p::data::RouterInfo& router, 
-		const I2NPBuildRequestRecordClearText& clearText,
-	    I2NPBuildRequestRecordElGamalEncrypted& record);
-	
-	bool HandleBuildRequestRecords (int num, I2NPBuildRequestRecordElGamalEncrypted * records, I2NPBuildRequestRecordClearText& clearText);
+		
+	bool HandleBuildRequestRecords (int num, uint8_t * records, uint8_t * clearText);
 	void HandleVariableTunnelBuildMsg (uint32_t replyMsgID, uint8_t * buf, size_t len);
 	void HandleVariableTunnelBuildReplyMsg (uint32_t replyMsgID, uint8_t * buf, size_t len);
 	void HandleTunnelBuildMsg (uint8_t * buf, size_t len);	
@@ -194,7 +220,6 @@ namespace tunnel
 	I2NPMessage * CreateTunnelDataMsg (const uint8_t * buf);	
 	I2NPMessage * CreateTunnelDataMsg (uint32_t tunnelID, const uint8_t * payload);		
 	
-	void HandleTunnelGatewayMsg (I2NPMessage * msg);
 	I2NPMessage * CreateTunnelGatewayMsg (uint32_t tunnelID, const uint8_t * buf, size_t len);
 	I2NPMessage * CreateTunnelGatewayMsg (uint32_t tunnelID, I2NPMessageType msgType, 
 		const uint8_t * buf, size_t len, uint32_t replyMsgID = 0);
@@ -203,6 +228,19 @@ namespace tunnel
 	size_t GetI2NPMessageLength (const uint8_t * msg);
 	void HandleI2NPMessage (uint8_t * msg, size_t len);
 	void HandleI2NPMessage (I2NPMessage * msg);
+
+	class I2NPMessagesHandler
+	{
+		public:
+
+			~I2NPMessagesHandler ();
+			void PutNextMessage (I2NPMessage * msg);
+			void Flush ();
+			
+		private:
+
+			std::vector<I2NPMessage *> m_TunnelMsgs, m_TunnelGatewayMsgs;
+	};
 }	
 
 #endif

I2PControl.cpp

@@ -0,0 +1,416 @@
+// There is bug in boost 1.49 with gcc 4.7 coming with Debian Wheezy
+#define GCC47_BOOST149 ((BOOST_VERSION == 104900) && (__GNUC__ == 4) && (__GNUC_MINOR__ == 7))
+
+#include "I2PControl.h"
+#include <sstream>
+#include <boost/lexical_cast.hpp>
+#include <boost/date_time/local_time/local_time.hpp>
+#include <boost/date_time/posix_time/posix_time.hpp>
+#if !GCC47_BOOST149
+#include <boost/property_tree/json_parser.hpp>
+#endif
+#include "Log.h"
+#include "NetDb.h"
+#include "RouterContext.h"
+#include "Daemon.h"
+#include "Tunnel.h"
+#include "Timestamp.h"
+#include "Transports.h"
+#include "version.h"
+
+namespace i2p
+{
+namespace client
+{
+	I2PControlService::I2PControlService (int port):
+		m_Password (I2P_CONTROL_DEFAULT_PASSWORD), m_IsRunning (false), m_Thread (nullptr),
+		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v4(), port)),
+		m_ShutdownTimer (m_Service)
+	{
+		m_MethodHandlers[I2P_CONTROL_METHOD_AUTHENTICATE] = &I2PControlService::AuthenticateHandler; 
+		m_MethodHandlers[I2P_CONTROL_METHOD_ECHO] = &I2PControlService::EchoHandler; 
+		m_MethodHandlers[I2P_CONTROL_METHOD_I2PCONTROL] = &I2PControlService::I2PControlHandler; 
+		m_MethodHandlers[I2P_CONTROL_METHOD_ROUTER_INFO] = &I2PControlService::RouterInfoHandler; 
+		m_MethodHandlers[I2P_CONTROL_METHOD_ROUTER_MANAGER] = &I2PControlService::RouterManagerHandler; 
+		m_MethodHandlers[I2P_CONTROL_METHOD_NETWORK_SETTING] = &I2PControlService::NetworkSettingHandler; 
+
+		// RouterInfo
+		m_RouterInfoHandlers[I2P_CONTROL_ROUTER_INFO_UPTIME] = &I2PControlService::UptimeHandler;
+		m_RouterInfoHandlers[I2P_CONTROL_ROUTER_INFO_VERSION] = &I2PControlService::VersionHandler;
+		m_RouterInfoHandlers[I2P_CONTROL_ROUTER_INFO_STATUS] = &I2PControlService::StatusHandler;
+		m_RouterInfoHandlers[I2P_CONTROL_ROUTER_INFO_NETDB_KNOWNPEERS] = &I2PControlService::NetDbKnownPeersHandler;
+		m_RouterInfoHandlers[I2P_CONTROL_ROUTER_INFO_NETDB_ACTIVEPEERS] = &I2PControlService::NetDbActivePeersHandler;
+		m_RouterInfoHandlers[I2P_CONTROL_ROUTER_INFO_NET_STATUS] = &I2PControlService::NetStatusHandler;
+		m_RouterInfoHandlers[I2P_CONTROL_ROUTER_INFO_TUNNELS_PARTICIPATING] = &I2PControlService::TunnelsParticipatingHandler;
+		m_RouterInfoHandlers[I2P_CONTROL_ROUTER_INFO_BW_IB_1S] = &I2PControlService::InboundBandwidth1S ;
+		m_RouterInfoHandlers[I2P_CONTROL_ROUTER_INFO_BW_OB_1S] = &I2PControlService::OutboundBandwidth1S ;
+
+		// RouterManager	
+		m_RouterManagerHandlers[I2P_CONTROL_ROUTER_MANAGER_SHUTDOWN] = &I2PControlService::ShutdownHandler; 
+		m_RouterManagerHandlers[I2P_CONTROL_ROUTER_MANAGER_SHUTDOWN_GRACEFUL] = &I2PControlService::ShutdownGracefulHandler;
+		m_RouterManagerHandlers[I2P_CONTROL_ROUTER_MANAGER_RESEED] = &I2PControlService::ReseedHandler;
+	}
+
+	I2PControlService::~I2PControlService ()
+	{
+		Stop ();
+	}
+
+	void I2PControlService::Start ()
+	{
+		if (!m_IsRunning)
+		{
+			Accept ();
+			m_IsRunning = true;
+			m_Thread = new std::thread (std::bind (&I2PControlService::Run, this));
+		}
+	}
+
+	void I2PControlService::Stop ()
+	{
+		if (m_IsRunning)
+		{
+			m_IsRunning = false;
+			m_Acceptor.cancel ();	
+			m_Service.stop ();
+			if (m_Thread)
+			{	
+				m_Thread->join (); 
+				delete m_Thread;
+				m_Thread = nullptr;
+			}	
+		}
+	}
+
+	void I2PControlService::Run () 
+	{ 
+		while (m_IsRunning)
+		{
+			try
+			{	
+				m_Service.run ();
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "I2PControl: ", ex.what ());
+			}	
+		}	
+	}
+
+	void I2PControlService::Accept ()
+	{
+		auto newSocket = std::make_shared<boost::asio::ip::tcp::socket> (m_Service);
+		m_Acceptor.async_accept (*newSocket, std::bind (&I2PControlService::HandleAccept, this,
+			std::placeholders::_1, newSocket));
+	}
+
+	void I2PControlService::HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<boost::asio::ip::tcp::socket> socket)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+			Accept ();
+
+		if (!ecode)
+		{
+			LogPrint (eLogInfo, "New I2PControl request from ", socket->remote_endpoint ());
+			std::this_thread::sleep_for (std::chrono::milliseconds(5));
+			ReadRequest (socket);	
+		}
+		else
+			LogPrint (eLogError, "I2PControl accept error: ",  ecode.message ());
+	}
+
+	void I2PControlService::ReadRequest (std::shared_ptr<boost::asio::ip::tcp::socket> socket)
+	{
+		auto request = std::make_shared<I2PControlBuffer>();
+		socket->async_read_some (
+#if BOOST_VERSION >= 104900
+			boost::asio::buffer (*request),  
+#else
+			boost::asio::buffer (request->data (), request->size ()), 
+#endif              
+			std::bind(&I2PControlService::HandleRequestReceived, this, 
+			std::placeholders::_1, std::placeholders::_2, socket, request));
+	}
+
+	void I2PControlService::HandleRequestReceived (const boost::system::error_code& ecode,
+ 		size_t bytes_transferred, std::shared_ptr<boost::asio::ip::tcp::socket> socket, 
+		std::shared_ptr<I2PControlBuffer> buf)
+	{
+		if (ecode)
+		{
+			LogPrint (eLogError, "I2PControl read error: ", ecode.message ());
+		}
+		else
+		{
+			try
+			{
+				bool isHtml = !memcmp (buf->data (), "POST", 4);
+				std::stringstream ss;
+				ss.write (buf->data (), bytes_transferred);
+				if (isHtml)
+				{
+					std::string header;
+					while (!ss.eof () && header != "\r")
+						std::getline(ss, header);
+					if (ss.eof ())
+					{
+						LogPrint (eLogError, "Malformed I2PControl request. HTTP header expected");
+						return; // TODO:
+					}
+				}
+#if GCC47_BOOST149
+				LogPrint (eLogError, "json_read is not supported due bug in boost 1.49 with gcc 4.7");
+#else
+				boost::property_tree::ptree pt;
+				boost::property_tree::read_json (ss, pt);
+
+				std::string method = pt.get<std::string>(I2P_CONTROL_PROPERTY_METHOD);
+				auto it = m_MethodHandlers.find (method);
+				if (it != m_MethodHandlers.end ())
+				{
+					std::ostringstream response;
+					response << "{\"id\":" << pt.get<std::string>(I2P_CONTROL_PROPERTY_ID) << ",\"result\":{";					
+
+					(this->*(it->second))(pt.get_child (I2P_CONTROL_PROPERTY_PARAMS), response);
+					response << "},\"jsonrpc\":\"2.0\"}";
+					SendResponse (socket, buf, response, isHtml);
+				}	
+				else
+					LogPrint (eLogWarning, "Unknown I2PControl method ", method);
+#endif
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "I2PControl handle request: ", ex.what ());
+			}
+			catch (...)
+			{
+				LogPrint (eLogError, "I2PControl handle request unknown exception");
+			}
+		}
+	}
+
+	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, int value) const
+	{
+		ss << "\"" << name << "\":" << value;
+	} 
+
+	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, const std::string& value) const
+	{
+		ss << "\"" << name << "\":";	
+		if (value.length () > 0)
+			ss << "\"" << value << "\"";
+		else
+			ss << "null";
+	} 
+		
+	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, double value) const
+	{
+		ss << "\"" << name << "\":" << std::fixed << std::setprecision(2) << value;
+	}	
+
+	void I2PControlService::SendResponse (std::shared_ptr<boost::asio::ip::tcp::socket> socket,
+		std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml)
+	{
+		size_t len = response.str ().length (), offset = 0;
+		if (isHtml)
+		{
+			std::ostringstream header;
+			header << "HTTP/1.1 200 OK\r\n";
+			header << "Connection: close\r\n";
+			header << "Content-Length: " << boost::lexical_cast<std::string>(len) << "\r\n";
+			header << "Content-Type: application/json\r\n";
+			header << "Date: ";
+			auto facet = new boost::local_time::local_time_facet ("%a, %d %b %Y %H:%M:%S GMT");
+			header.imbue(std::locale (header.getloc(), facet));
+			header << boost::posix_time::second_clock::local_time() << "\r\n"; 
+			header << "\r\n";
+			offset = header.str ().size ();
+			memcpy (buf->data (), header.str ().c_str (), offset);
+		}	
+		memcpy (buf->data () + offset, response.str ().c_str (), len);
+		boost::asio::async_write (*socket, boost::asio::buffer (buf->data (), offset + len), 
+			boost::asio::transfer_all (),
+			std::bind(&I2PControlService::HandleResponseSent, this, 
+				std::placeholders::_1, std::placeholders::_2, socket, buf));
+	}
+
+	void I2PControlService::HandleResponseSent (const boost::system::error_code& ecode, std::size_t bytes_transferred,
+		std::shared_ptr<boost::asio::ip::tcp::socket> socket, std::shared_ptr<I2PControlBuffer> buf)
+	{
+		if (ecode)
+			LogPrint (eLogError, "I2PControl write error: ", ecode.message ());
+		socket->close ();
+	}
+
+// handlers
+
+	void I2PControlService::AuthenticateHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		int api = params.get<int> (I2P_CONTROL_PARAM_API);
+		auto password = params.get<std::string> (I2P_CONTROL_PARAM_PASSWORD);
+		LogPrint (eLogDebug, "I2PControl Authenticate API=", api, " Password=", password);
+		if (password != m_Password)
+			LogPrint (eLogError, "I2PControl Authenticate Invalid password ", password, " expected ", m_Password);
+		InsertParam (results, I2P_CONTROL_PARAM_API, api);
+		results << ",";
+		std::string token = boost::lexical_cast<std::string>(i2p::util::GetSecondsSinceEpoch ());
+		m_Tokens.insert (token);	
+		InsertParam (results, I2P_CONTROL_PARAM_TOKEN, token);
+	}	
+
+	void I2PControlService::EchoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		auto echo = params.get<std::string> (I2P_CONTROL_PARAM_ECHO);
+		LogPrint (eLogDebug, "I2PControl Echo Echo=", echo);
+		InsertParam (results, I2P_CONTROL_PARAM_RESULT, echo);	
+	}
+
+
+// I2PControl
+
+	void I2PControlService::I2PControlHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		LogPrint (eLogDebug, "I2PControl I2PControl");
+		for (auto& it: params)
+		{
+			LogPrint (eLogDebug, it.first);
+			auto it1 = m_I2PControlHandlers.find (it.first);
+			if (it1 != m_I2PControlHandlers.end ())
+				(this->*(it1->second))(it.second.data ());	
+			else
+				LogPrint (eLogError, "I2PControl NetworkSetting unknown request ", it.first);			
+		}	
+	}
+
+// RouterInfo
+
+	void I2PControlService::RouterInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		LogPrint (eLogDebug, "I2PControl RouterInfo");
+		for (auto it = params.begin (); it != params.end (); it++)
+		{
+			if (it != params.begin ()) results << ",";	
+			LogPrint (eLogDebug, it->first);
+			auto it1 = m_RouterInfoHandlers.find (it->first);
+			if (it1 != m_RouterInfoHandlers.end ())
+				(this->*(it1->second))(results);	
+			else
+				LogPrint (eLogError, "I2PControl RouterInfo unknown request ", it->first);
+		}
+	}
+
+	void I2PControlService::UptimeHandler (std::ostringstream& results)
+	{
+		InsertParam (results, I2P_CONTROL_ROUTER_INFO_UPTIME, (int)i2p::context.GetUptime ()*1000);	
+	}
+
+	void I2PControlService::VersionHandler (std::ostringstream& results)
+	{
+		InsertParam (results, I2P_CONTROL_ROUTER_INFO_VERSION, VERSION);	
+	}	
+
+	void I2PControlService::StatusHandler (std::ostringstream& results)
+	{
+		InsertParam (results, I2P_CONTROL_ROUTER_INFO_STATUS, "???"); // TODO:
+	}
+		
+	void I2PControlService::NetDbKnownPeersHandler (std::ostringstream& results)
+	{
+		InsertParam (results, I2P_CONTROL_ROUTER_INFO_NETDB_KNOWNPEERS, i2p::data::netdb.GetNumRouters ());	
+	}
+
+	void I2PControlService::NetDbActivePeersHandler (std::ostringstream& results)
+	{
+		InsertParam (results, I2P_CONTROL_ROUTER_INFO_NETDB_ACTIVEPEERS, (int)i2p::transport::transports.GetPeers ().size ());	
+	}
+
+	void I2PControlService::NetStatusHandler (std::ostringstream& results)
+	{
+		InsertParam (results, I2P_CONTROL_ROUTER_INFO_NET_STATUS, (int)i2p::context.GetStatus ());
+	}
+
+	void I2PControlService::TunnelsParticipatingHandler (std::ostringstream& results)
+	{
+		InsertParam (results, I2P_CONTROL_ROUTER_INFO_TUNNELS_PARTICIPATING, (int)i2p::tunnel::tunnels.GetTransitTunnels ().size ());
+	}
+
+	void I2PControlService::InboundBandwidth1S (std::ostringstream& results)
+	{
+		InsertParam (results, I2P_CONTROL_ROUTER_INFO_BW_IB_1S, (double)i2p::transport::transports.GetInBandwidth ());
+	}
+
+	void I2PControlService::OutboundBandwidth1S (std::ostringstream& results)
+	{
+		InsertParam (results, I2P_CONTROL_ROUTER_INFO_BW_OB_1S, (double)i2p::transport::transports.GetOutBandwidth ());
+	}
+
+// RouterManager
+	
+	void I2PControlService::RouterManagerHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		LogPrint (eLogDebug, "I2PControl RouterManager");
+		for (auto it = params.begin (); it != params.end (); it++)
+		{
+			if (it != params.begin ()) results << ",";	
+			LogPrint (eLogDebug, it->first);
+			auto it1 = m_RouterManagerHandlers.find (it->first);
+			if (it1 != m_RouterManagerHandlers.end ())
+				(this->*(it1->second))(results);	
+			else
+				LogPrint (eLogError, "I2PControl RouterManager unknown request ", it->first);			
+		}
+	}	
+
+
+	void I2PControlService::ShutdownHandler (std::ostringstream& results)	
+	{
+		LogPrint (eLogInfo, "Shutdown requested");
+		InsertParam (results, I2P_CONTROL_ROUTER_MANAGER_SHUTDOWN, "");
+		m_ShutdownTimer.expires_from_now (boost::posix_time::seconds(1)); // 1 second to make sure response has been sent
+		m_ShutdownTimer.async_wait (
+			[](const boost::system::error_code& ecode)
+		    {
+				Daemon.running = 0; 
+			});
+	}
+
+	void I2PControlService::ShutdownGracefulHandler (std::ostringstream& results)
+	{
+		i2p::context.SetAcceptsTunnels (false);
+		int timeout = i2p::tunnel::tunnels.GetTransitTunnelsExpirationTimeout ();
+		LogPrint (eLogInfo, "Graceful shutdown requested. Will shutdown after ", timeout, " seconds");
+		InsertParam (results, I2P_CONTROL_ROUTER_MANAGER_SHUTDOWN_GRACEFUL, "");
+		m_ShutdownTimer.expires_from_now (boost::posix_time::seconds(timeout + 1)); // + 1 second
+		m_ShutdownTimer.async_wait (
+			[](const boost::system::error_code& ecode)
+		    {
+				Daemon.running = 0; 
+			});
+	}
+
+	void I2PControlService::ReseedHandler (std::ostringstream& results)
+	{
+		LogPrint (eLogInfo, "Reseed requested");
+		InsertParam (results, I2P_CONTROL_ROUTER_MANAGER_SHUTDOWN, "");	
+		i2p::data::netdb.Reseed ();
+	}
+
+// network setting
+	void I2PControlService::NetworkSettingHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		LogPrint (eLogDebug, "I2PControl NetworkSetting");
+		for (auto it = params.begin (); it != params.end (); it++)
+		{
+			if (it != params.begin ()) results << ",";	
+			LogPrint (eLogDebug, it->first);
+			auto it1 = m_NetworkSettingHandlers.find (it->first);
+			if (it1 != m_NetworkSettingHandlers.end ())
+				(this->*(it1->second))(it->second.data (), results);	
+			else
+				LogPrint (eLogError, "I2PControl NetworkSetting unknown request ", it->first);			
+		}
+	}
+
+}
+}

I2PControl.h

@@ -0,0 +1,149 @@
+#ifndef I2P_CONTROL_H__
+#define I2P_CONTROL_H__
+
+#include <inttypes.h>
+#include <thread>
+#include <memory>
+#include <array>
+#include <string>
+#include <sstream>
+#include <map>
+#include <set>
+#include <boost/asio.hpp>
+#include <boost/property_tree/ptree.hpp>
+
+namespace i2p
+{
+namespace client
+{
+	const size_t I2P_CONTROL_MAX_REQUEST_SIZE = 1024;
+	typedef std::array<char, I2P_CONTROL_MAX_REQUEST_SIZE> I2PControlBuffer;		
+
+	const char I2P_CONTROL_DEFAULT_PASSWORD[] = "itoopie";	
+
+	const char I2P_CONTROL_PROPERTY_ID[] = "id";
+	const char I2P_CONTROL_PROPERTY_METHOD[] = "method";
+	const char I2P_CONTROL_PROPERTY_PARAMS[] = "params";
+	const char I2P_CONTROL_PROPERTY_RESULT[] = "result";
+
+	// methods	
+	const char I2P_CONTROL_METHOD_AUTHENTICATE[] = "Authenticate";
+	const char I2P_CONTROL_METHOD_ECHO[] = "Echo";
+	const char I2P_CONTROL_METHOD_I2PCONTROL[] = "I2PControl";		
+	const char I2P_CONTROL_METHOD_ROUTER_INFO[] = "RouterInfo";	
+	const char I2P_CONTROL_METHOD_ROUTER_MANAGER[] = "RouterManager";	
+	const char I2P_CONTROL_METHOD_NETWORK_SETTING[] = "NetworkSetting";	
+
+	// params
+	const char I2P_CONTROL_PARAM_API[] = "API";			
+	const char I2P_CONTROL_PARAM_PASSWORD[] = "Password";	
+	const char I2P_CONTROL_PARAM_TOKEN[] = "Token";	
+	const char I2P_CONTROL_PARAM_ECHO[] = "Echo";	
+	const char I2P_CONTROL_PARAM_RESULT[] = "Result";	
+
+	// I2PControl
+	const char I2P_CONTROL_I2PCONTROL_ADDRESS[] = "i2pcontrol.address";		
+	const char I2P_CONTROL_I2PCONTROL_PASSWORD[] = "i2pcontrol.password";
+	const char I2P_CONTROL_I2PCONTROL_PORT[] = "i2pcontrol.port";		
+
+	// RouterInfo requests
+	const char I2P_CONTROL_ROUTER_INFO_UPTIME[] = "i2p.router.uptime";
+	const char I2P_CONTROL_ROUTER_INFO_VERSION[] = "i2p.router.version";
+	const char I2P_CONTROL_ROUTER_INFO_STATUS[] = "i2p.router.status";	
+	const char I2P_CONTROL_ROUTER_INFO_NETDB_KNOWNPEERS[] = "i2p.router.netdb.knownpeers";
+	const char I2P_CONTROL_ROUTER_INFO_NETDB_ACTIVEPEERS[] = "i2p.router.netdb.activepeers";
+	const char I2P_CONTROL_ROUTER_INFO_NET_STATUS[] = "i2p.router.net.status";	
+	const char I2P_CONTROL_ROUTER_INFO_TUNNELS_PARTICIPATING[] = "i2p.router.net.tunnels.participating";
+	const char I2P_CONTROL_ROUTER_INFO_BW_IB_1S[] = "i2p.router.net.bw.inbound.1s";			
+	const char I2P_CONTROL_ROUTER_INFO_BW_OB_1S[] = "i2p.router.net.bw.outbound.1s";		
+
+	// RouterManager requests
+	const char I2P_CONTROL_ROUTER_MANAGER_SHUTDOWN[] = "Shutdown";
+	const char I2P_CONTROL_ROUTER_MANAGER_SHUTDOWN_GRACEFUL[] = "ShutdownGraceful";
+	const char I2P_CONTROL_ROUTER_MANAGER_RESEED[] = "Reseed";		
+
+	class I2PControlService
+	{
+		public:
+
+			I2PControlService (int port);
+			~I2PControlService ();
+
+			void Start ();
+			void Stop ();
+
+		private:
+
+			void Run ();
+			void Accept ();
+			void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<boost::asio::ip::tcp::socket> socket);	
+			void ReadRequest (std::shared_ptr<boost::asio::ip::tcp::socket> socket);
+			void HandleRequestReceived (const boost::system::error_code& ecode, size_t bytes_transferred, 
+				std::shared_ptr<boost::asio::ip::tcp::socket> socket, std::shared_ptr<I2PControlBuffer> buf);
+			void SendResponse (std::shared_ptr<boost::asio::ip::tcp::socket> socket,
+				std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml);
+			void HandleResponseSent (const boost::system::error_code& ecode, std::size_t bytes_transferred,
+				std::shared_ptr<boost::asio::ip::tcp::socket> socket, std::shared_ptr<I2PControlBuffer> buf);
+
+		private:
+
+			void InsertParam (std::ostringstream& ss, const std::string& name, int value) const;
+			void InsertParam (std::ostringstream& ss, const std::string& name, double value) const;
+			void InsertParam (std::ostringstream& ss, const std::string& name, const std::string& value) const;
+
+			// methods
+			typedef void (I2PControlService::*MethodHandler)(const boost::property_tree::ptree& params, std::ostringstream& results);
+
+			void AuthenticateHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void EchoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void I2PControlHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void RouterInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void RouterManagerHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void NetworkSettingHandler (const boost::property_tree::ptree& params, std::ostringstream& results);			
+
+			// I2PControl
+			typedef void (I2PControlService::*I2PControlRequestHandler)(const std::string& value);
+
+			// RouterInfo
+			typedef void (I2PControlService::*RouterInfoRequestHandler)(std::ostringstream& results);
+			void UptimeHandler (std::ostringstream& results);
+			void VersionHandler (std::ostringstream& results);
+			void StatusHandler (std::ostringstream& results);
+			void NetDbKnownPeersHandler (std::ostringstream& results);
+			void NetDbActivePeersHandler (std::ostringstream& results);	
+			void NetStatusHandler (std::ostringstream& results);		
+			void TunnelsParticipatingHandler (std::ostringstream& results);
+			void InboundBandwidth1S (std::ostringstream& results);
+			void OutboundBandwidth1S (std::ostringstream& results);
+
+			// RouterManager
+			typedef void (I2PControlService::*RouterManagerRequestHandler)(std::ostringstream& results);
+			void ShutdownHandler (std::ostringstream& results);
+			void ShutdownGracefulHandler (std::ostringstream& results);
+			void ReseedHandler (std::ostringstream& results);
+
+			// NetworkSetting
+			typedef void (I2PControlService::*NetworkSettingRequestHandler)(const std::string& value, std::ostringstream& results);	
+
+		private:
+
+			std::string m_Password;
+			bool m_IsRunning;
+			std::thread * m_Thread;	
+
+			boost::asio::io_service m_Service;
+			boost::asio::ip::tcp::acceptor m_Acceptor;
+			boost::asio::deadline_timer m_ShutdownTimer;
+			std::set<std::string> m_Tokens;
+			
+			std::map<std::string, MethodHandler> m_MethodHandlers;
+			std::map<std::string, I2PControlRequestHandler> m_I2PControlHandlers;
+			std::map<std::string, RouterInfoRequestHandler> m_RouterInfoHandlers;
+			std::map<std::string, RouterManagerRequestHandler> m_RouterManagerHandlers;
+			std::map<std::string, NetworkSettingRequestHandler> m_NetworkSettingHandlers;
+	};
+}
+}
+
+#endif
+

I2PEndian.cpp

@@ -5,6 +5,7 @@
 
 #include "LittleBigEndian.h"
 
+#ifdef NEEDS_LOCAL_ENDIAN
 uint16_t htobe16(uint16_t int16)
 {
 	BigEndian<uint16_t> u16(int16);
@@ -40,6 +41,7 @@ uint64_t be64toh(uint64_t big64)
 	LittleEndian<uint64_t> u64(big64);
 	return u64.raw_value;
 }
+#endif
 
 /* it can be used in Windows 8
 #include <Winsock2.h>

I2PEndian.h

@@ -1,5 +1,7 @@
 #ifndef I2PENDIAN_H__
 #define I2PENDIAN_H__
+#include <inttypes.h>
+#include <string.h>
 
 #if defined(__linux__) || defined(__FreeBSD_kernel__)
 #include <endian.h>
@@ -25,6 +27,7 @@
 #define le64toh(x) OSSwapLittleToHostInt64(x)
 
 #else
+#define NEEDS_LOCAL_ENDIAN
 #include <cstdint>
 uint16_t htobe16(uint16_t int16);
 uint32_t htobe32(uint32_t int32);
@@ -34,7 +37,83 @@ uint16_t be16toh(uint16_t big16);
 uint32_t be32toh(uint32_t big32);
 uint64_t be64toh(uint64_t big64);
 
+// assume LittleEndine
+#define htole16
+#define htole32
+#define htole64
+#define le16toh
+#define le32toh
+#define le64toh
+
 #endif
 
+inline uint16_t buf16toh(const void *buf)
+{
+	uint16_t b16;
+	memcpy(&b16, buf, sizeof(uint16_t));
+	return b16;
+}
+
+inline uint32_t buf32toh(const void *buf)
+{
+	uint32_t b32;
+	memcpy(&b32, buf, sizeof(uint32_t));
+	return b32;
+}
+
+inline uint64_t buf64toh(const void *buf)
+{
+	uint64_t b64;
+	memcpy(&b64, buf, sizeof(uint64_t));
+	return b64;
+}
+
+inline uint16_t bufbe16toh(const void *buf)
+{
+	return be16toh(buf16toh(buf));
+}
+
+inline uint32_t bufbe32toh(const void *buf)
+{
+	return be32toh(buf32toh(buf));
+}
+
+inline uint64_t bufbe64toh(const void *buf)
+{
+	return be64toh(buf64toh(buf));
+}
+
+inline void htobuf16(void *buf, uint16_t b16)
+{
+	memcpy(buf, &b16, sizeof(uint16_t));
+}
+
+inline void htobuf32(void *buf, uint32_t b32)
+{
+	memcpy(buf, &b32, sizeof(uint32_t));
+}
+
+inline void htobuf64(void *buf, uint64_t b64)
+{
+	memcpy(buf, &b64, sizeof(uint64_t));
+}
+
+inline void htobe16buf(void *buf, uint16_t big16)
+{
+	htobuf16(buf, htobe16(big16));
+}
+
+inline void htobe32buf(void *buf, uint32_t big32)
+{
+	htobuf32(buf, htobe32(big32));
+}
+
+inline void htobe64buf(void *buf, uint64_t big64)
+{
+	htobuf64(buf, htobe64(big64));
+}
+
+
+
 #endif // I2PENDIAN_H__
 

I2PService.cpp

@@ -0,0 +1,80 @@
+#include "Destination.h"
+#include "Identity.h"
+#include "ClientContext.h"
+#include "I2PService.h"
+
+
+namespace i2p
+{
+namespace client
+{
+	static const i2p::data::SigningKeyType I2P_SERVICE_DEFAULT_KEY_TYPE = i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256;
+
+	I2PService::I2PService (std::shared_ptr<ClientDestination> localDestination):
+		m_LocalDestination (localDestination ? localDestination :
+					i2p::client::context.CreateNewLocalDestination (false, I2P_SERVICE_DEFAULT_KEY_TYPE))
+	{
+	}
+	
+	I2PService::I2PService (i2p::data::SigningKeyType kt):
+		m_LocalDestination (i2p::client::context.CreateNewLocalDestination (false, kt))
+	{
+	}
+	
+	void I2PService::CreateStream (StreamRequestComplete streamRequestComplete, const std::string& dest, int port) {
+		assert(streamRequestComplete);
+		i2p::data::IdentHash identHash;
+		if (i2p::client::context.GetAddressBook ().GetIdentHash (dest, identHash))
+			m_LocalDestination->CreateStream (streamRequestComplete, identHash, port);
+		else
+		{
+			LogPrint (eLogWarning, "Remote destination ", dest, " not found");
+			streamRequestComplete (nullptr);
+		}
+	}
+
+	void TCPIPAcceptor::Start ()
+	{
+		m_Acceptor.listen ();
+		Accept ();
+	}
+
+	void TCPIPAcceptor::Stop ()
+	{
+		m_Acceptor.close();
+		m_Timer.cancel ();
+		ClearHandlers();
+	}
+
+	void TCPIPAcceptor::Accept ()
+	{
+		auto newSocket = new boost::asio::ip::tcp::socket (GetService ());
+		m_Acceptor.async_accept (*newSocket, std::bind (&TCPIPAcceptor::HandleAccept, this,
+			std::placeholders::_1, newSocket));
+	}
+
+	void TCPIPAcceptor::HandleAccept (const boost::system::error_code& ecode, boost::asio::ip::tcp::socket * socket)
+	{
+		if (!ecode)
+		{
+			LogPrint(eLogDebug,"--- ",GetName()," accepted");
+			auto handler = CreateHandler(socket);
+			if (handler) {
+				AddHandler(handler);
+				handler->Handle();
+			} else {
+				socket->close();
+				delete socket;
+			}
+			Accept();
+		}
+		else
+		{
+			if (ecode != boost::asio::error::operation_aborted)
+				LogPrint (eLogError,"--- ",GetName()," Closing socket on accept because: ", ecode.message ());
+			delete socket;
+		}
+	}
+
+}
+}

I2PService.h

@@ -0,0 +1,109 @@
+#ifndef I2PSERVICE_H__
+#define I2PSERVICE_H__
+
+#include <atomic>
+#include <mutex>
+#include <unordered_set>
+#include <memory>
+#include <boost/asio.hpp>
+#include "Destination.h"
+#include "Identity.h"
+
+namespace i2p
+{
+namespace client
+{
+	class I2PServiceHandler;
+	class I2PService
+	{
+		public:
+			I2PService (std::shared_ptr<ClientDestination> localDestination  = nullptr);
+			I2PService (i2p::data::SigningKeyType kt);
+			virtual ~I2PService () { ClearHandlers (); }
+
+			inline void AddHandler (std::shared_ptr<I2PServiceHandler> conn)
+			{
+				std::unique_lock<std::mutex> l(m_HandlersMutex);
+				m_Handlers.insert(conn);
+			}
+			inline void RemoveHandler (std::shared_ptr<I2PServiceHandler> conn)
+			{
+				std::unique_lock<std::mutex> l(m_HandlersMutex);
+				m_Handlers.erase(conn);
+			}
+			inline void ClearHandlers ()
+			{
+				std::unique_lock<std::mutex> l(m_HandlersMutex);
+				m_Handlers.clear();
+			}
+
+			inline std::shared_ptr<ClientDestination> GetLocalDestination () { return m_LocalDestination; }
+			inline void SetLocalDestination (std::shared_ptr<ClientDestination> dest) { m_LocalDestination = dest; }
+			void CreateStream (StreamRequestComplete streamRequestComplete, const std::string& dest, int port = 0);
+
+			inline boost::asio::io_service& GetService () { return m_LocalDestination->GetService (); }
+
+			virtual void Start () = 0;
+			virtual void Stop () = 0;
+
+			virtual const char* GetName() { return "Generic I2P Service"; }
+		private:
+
+			std::shared_ptr<ClientDestination> m_LocalDestination;
+			std::unordered_set<std::shared_ptr<I2PServiceHandler> > m_Handlers;
+			std::mutex m_HandlersMutex;
+	};
+
+	/*Simple interface for I2PHandlers, allows detection of finalization amongst other things */
+	class I2PServiceHandler
+	{
+		public:
+			I2PServiceHandler(I2PService * parent) : m_Service(parent), m_Dead(false) { }
+			virtual ~I2PServiceHandler() { }
+			//If you override this make sure you call it from the children
+			virtual void Handle() {}; //Start handling the socket
+		protected:
+			// Call when terminating or handing over to avoid race conditions
+			inline bool Kill () { return m_Dead.exchange(true); }
+			// Call to know if the handler is dead
+			inline bool Dead () { return m_Dead; }
+			// Call when done to clean up (make sure Kill is called first)
+			inline void Done (std::shared_ptr<I2PServiceHandler> me) { if(m_Service) m_Service->RemoveHandler(me); }
+			// Call to talk with the owner
+			inline I2PService * GetOwner() { return m_Service; }
+		private:
+			I2PService *m_Service;
+			std::atomic<bool> m_Dead; //To avoid cleaning up multiple times
+	};
+
+	/* TODO: support IPv6 too */
+	//This is a service that listens for connections on the IP network and interacts with I2P
+	class TCPIPAcceptor: public I2PService
+	{
+		public:
+			TCPIPAcceptor (int port, std::shared_ptr<ClientDestination> localDestination = nullptr) :
+				I2PService(localDestination),
+				m_Acceptor (GetService (), boost::asio::ip::tcp::endpoint (boost::asio::ip::tcp::v4(), port)),
+				m_Timer (GetService ()) {}
+			TCPIPAcceptor (int port, i2p::data::SigningKeyType kt) :
+				I2PService(kt),
+				m_Acceptor (GetService (), boost::asio::ip::tcp::endpoint (boost::asio::ip::tcp::v4(), port)),
+				m_Timer (GetService ()) {}
+			virtual ~TCPIPAcceptor () { TCPIPAcceptor::Stop(); }
+			//If you override this make sure you call it from the children
+			void Start ();
+			//If you override this make sure you call it from the children
+			void Stop ();
+		protected:
+			virtual std::shared_ptr<I2PServiceHandler> CreateHandler(boost::asio::ip::tcp::socket * socket) = 0;
+			virtual const char* GetName() { return "Generic TCP/IP accepting daemon"; }
+		private:
+			void Accept();
+			void HandleAccept(const boost::system::error_code& ecode, boost::asio::ip::tcp::socket * socket);
+			boost::asio::ip::tcp::acceptor m_Acceptor;
+			boost::asio::deadline_timer m_Timer;
+	};
+}
+}
+
+#endif

I2PTunnel.cpp

@@ -1,7 +1,6 @@
-#include <boost/bind.hpp>
+#include <cassert>
 #include "base64.h"
 #include "Log.h"
-#include "NetDb.h"
 #include "Destination.h"
 #include "ClientContext.h"
 #include "I2PTunnel.h"
@@ -10,55 +9,75 @@ namespace i2p
 {
 namespace client
 {
-	I2PTunnelConnection::I2PTunnelConnection (I2PTunnel * owner, 
-	    boost::asio::ip::tcp::socket * socket, const i2p::data::LeaseSet * leaseSet): 
-		m_Socket (socket), m_Owner (owner) 
+	I2PTunnelConnection::I2PTunnelConnection (I2PService * owner, boost::asio::ip::tcp::socket * socket,
+		std::shared_ptr<const i2p::data::LeaseSet> leaseSet, int port): 
+		I2PServiceHandler(owner), m_Socket (socket), m_RemoteEndpoint (socket->remote_endpoint ()),
+		m_IsQuiet (true)
 	{
-		m_Stream = m_Owner->GetLocalDestination ()->CreateStream (*leaseSet);
-		m_Stream->Send (m_Buffer, 0); // connect
-		StreamReceive ();
-		Receive ();
+		m_Stream = GetOwner()->GetLocalDestination ()->CreateStream (leaseSet, port);
 	}	
 
-	I2PTunnelConnection::I2PTunnelConnection (I2PTunnel * owner, i2p::stream::Stream * stream,  
-	    boost::asio::ip::tcp::socket * socket, const boost::asio::ip::tcp::endpoint& target):
-		m_Socket (socket), m_Stream (stream), m_Owner (owner)
+	I2PTunnelConnection::I2PTunnelConnection (I2PService * owner,
+	    boost::asio::ip::tcp::socket * socket, std::shared_ptr<i2p::stream::Stream> stream):
+		I2PServiceHandler(owner), m_Socket (socket), m_Stream (stream),
+		m_RemoteEndpoint (socket->remote_endpoint ()), m_IsQuiet (true)
+	{
+	}
+
+	I2PTunnelConnection::I2PTunnelConnection (I2PService * owner, std::shared_ptr<i2p::stream::Stream> stream,
+	    boost::asio::ip::tcp::socket * socket, const boost::asio::ip::tcp::endpoint& target, bool quiet):
+		I2PServiceHandler(owner), m_Socket (socket), m_Stream (stream),
+		m_RemoteEndpoint (target), m_IsQuiet (quiet)
 	{
-		if (m_Socket)
-			m_Socket->async_connect (target, boost::bind (&I2PTunnelConnection::HandleConnect,
-				this, boost::asio::placeholders::error));
 	}
 
 	I2PTunnelConnection::~I2PTunnelConnection ()
 	{
-		delete m_Socket;
 	}	
 
+	void I2PTunnelConnection::I2PConnect (const uint8_t * msg, size_t len)
+	{
+		if (m_Stream)
+		{
+			if (msg)
+				m_Stream->Send (msg, len); // connect and send
+			else	
+				m_Stream->Send (m_Buffer, 0); // connect
+		}
+		StreamReceive ();
+		Receive ();
+	}
+		
+	void I2PTunnelConnection::Connect ()
+	{
+		if (m_Socket)
+			m_Socket->async_connect (m_RemoteEndpoint, std::bind (&I2PTunnelConnection::HandleConnect,
+				shared_from_this (), std::placeholders::_1));
+	}	
+		
 	void I2PTunnelConnection::Terminate ()
-	{	
+	{
+		if (Kill()) return;
 		if (m_Stream)
 		{
 			m_Stream->Close ();
-			i2p::stream::DeleteStream (m_Stream);
-			m_Stream = nullptr;
+			m_Stream.reset ();
 		}	
 		m_Socket->close ();
-		if (m_Owner)
-			m_Owner->RemoveConnection (this);
-		//delete this;	
+		Done(shared_from_this ());
 	}			
 
 	void I2PTunnelConnection::Receive ()
 	{
 		m_Socket->async_read_some (boost::asio::buffer(m_Buffer, I2P_TUNNEL_CONNECTION_BUFFER_SIZE),                
-			boost::bind(&I2PTunnelConnection::HandleReceived, this, 
-			boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred));
+			std::bind(&I2PTunnelConnection::HandleReceived, shared_from_this (), 
+			std::placeholders::_1, std::placeholders::_2));
 	}	
 	
 	void I2PTunnelConnection::HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred)
 	{
 		if (ecode)
-        {
+		{
 			LogPrint ("I2PTunnel read error: ", ecode.message ());
 			if (ecode != boost::asio::error::operation_aborted)
 				Terminate ();
@@ -87,8 +106,8 @@ namespace client
 	{
 		if (m_Stream)
 			m_Stream->AsyncReceive (boost::asio::buffer (m_StreamBuffer, I2P_TUNNEL_CONNECTION_BUFFER_SIZE),
-				boost::bind (&I2PTunnelConnection::HandleStreamReceive, this,
-					boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred),
+				std::bind (&I2PTunnelConnection::HandleStreamReceive, shared_from_this (),
+					std::placeholders::_1, std::placeholders::_2),
 				I2P_TUNNEL_CONNECTION_MAX_IDLE);
 	}	
 
@@ -103,7 +122,7 @@ namespace client
 		else
 		{
 			boost::asio::async_write (*m_Socket, boost::asio::buffer (m_StreamBuffer, bytes_transferred),
-        		boost::bind (&I2PTunnelConnection::HandleWrite, this, boost::asio::placeholders::error));
+        		std::bind (&I2PTunnelConnection::HandleWrite, shared_from_this (), std::placeholders::_1));
 		}
 	}
 
@@ -112,148 +131,125 @@ namespace client
 		if (ecode)
 		{
 			LogPrint ("I2PTunnel connect error: ", ecode.message ());
-			if (ecode != boost::asio::error::operation_aborted)
-			{
-				if (m_Stream) m_Stream->Close ();
-				i2p::stream::DeleteStream (m_Stream);
-				m_Stream = nullptr;
-			}	
+			Terminate ();
 		}
 		else
 		{
 			LogPrint ("I2PTunnel connected");
-			StreamReceive ();
+			if (m_IsQuiet)
+				StreamReceive ();
+			else
+			{
+				// send destination first like received from I2P
+				std::string dest = m_Stream->GetRemoteIdentity ().ToBase64 ();
+				dest += "\n";
+				memcpy (m_StreamBuffer, dest.c_str (), dest.size ());
+				HandleStreamReceive (boost::system::error_code (), dest.size ());
+			}	
 			Receive ();	
 		}
 	}
 
-	void I2PTunnel::AddConnection (I2PTunnelConnection * conn)
+	/* This handler tries to stablish a connection with the desired server and dies if it fails to do so */
+	class I2PClientTunnelHandler: public I2PServiceHandler, public std::enable_shared_from_this<I2PClientTunnelHandler>
 	{
-		m_Connections.insert (conn);
-	}
-		
-	void I2PTunnel::RemoveConnection (I2PTunnelConnection * conn)
-	{
-		m_Connections.erase (conn);
-	}	
-	
-	void I2PTunnel::ClearConnections ()
-	{
-		for (auto it: m_Connections)
-			delete it;
-		m_Connections.clear ();
-	}	
-		
-	I2PClientTunnel::I2PClientTunnel (boost::asio::io_service& service, const std::string& destination, 
-		int port, ClientDestination * localDestination): 
-		I2PTunnel (service, localDestination ? localDestination : 
-			i2p::client::context.CreateNewLocalDestination (false, i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256)), 
-		m_Acceptor (service, boost::asio::ip::tcp::endpoint (boost::asio::ip::tcp::v4(), port)),
-		m_Timer (service), m_Destination (destination), m_DestinationIdentHash (nullptr), 
-		m_RemoteLeaseSet (nullptr)
-	{
-	}	
+		public:
+			I2PClientTunnelHandler (I2PClientTunnel * parent, i2p::data::IdentHash destination,
+				int destinationPort, boost::asio::ip::tcp::socket * socket):
+				I2PServiceHandler(parent), m_DestinationIdentHash(destination), 
+				m_DestinationPort (destinationPort), m_Socket(socket) {};
+			void Handle();
+			void Terminate();
+		private:
+			void HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream);
+			i2p::data::IdentHash m_DestinationIdentHash;
+			int m_DestinationPort;
+			boost::asio::ip::tcp::socket * m_Socket;
+	};
 
-	I2PClientTunnel::~I2PClientTunnel ()
+	void I2PClientTunnelHandler::Handle()
 	{
-		Stop ();
+		GetOwner()->GetLocalDestination ()->CreateStream ( 
+			std::bind (&I2PClientTunnelHandler::HandleStreamRequestComplete, shared_from_this(), std::placeholders::_1), 
+			m_DestinationIdentHash, m_DestinationPort);
 	}
-	
+
+	void I2PClientTunnelHandler::HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream)
+	{
+		if (stream)
+		{
+			if (Kill()) return;
+			LogPrint (eLogInfo,"New I2PTunnel connection");
+			auto connection = std::make_shared<I2PTunnelConnection>(GetOwner(), m_Socket, stream);
+			GetOwner()->AddHandler (connection);
+			connection->I2PConnect ();
+			Done(shared_from_this());
+		}
+		else
+		{
+			LogPrint (eLogError,"I2P Client Tunnel Issue when creating the stream, check the previous warnings for more info.");
+			Terminate();
+		}
+	}
+
+	void I2PClientTunnelHandler::Terminate()
+	{
+		if (Kill()) return;
+		if (m_Socket)
+		{
+			m_Socket->close();
+			delete m_Socket;
+			m_Socket = nullptr;
+		}
+		Done(shared_from_this());
+	}
+
+	I2PClientTunnel::I2PClientTunnel (const std::string& destination, int port, std::shared_ptr<ClientDestination> localDestination, int destinationPort): 
+		TCPIPAcceptor (port,localDestination), m_Destination (destination), m_DestinationIdentHash (nullptr), m_DestinationPort (destinationPort)
+	{}	
+
 	void I2PClientTunnel::Start ()
 	{
-		i2p::data::IdentHash identHash;
-		if (i2p::client::context.GetAddressBook ().GetIdentHash (m_Destination, identHash))
-			m_DestinationIdentHash = new i2p::data::IdentHash (identHash);	
-		if (!m_DestinationIdentHash)
-			LogPrint ("I2PTunnel unknown destination ", m_Destination);
-		m_Acceptor.listen ();
-		Accept ();
+		TCPIPAcceptor::Start ();
+		GetIdentHash();
 	}
 
 	void I2PClientTunnel::Stop ()
 	{
-		m_Acceptor.close();
-		m_Timer.cancel ();
-		ClearConnections ();
+		TCPIPAcceptor::Stop();
+		auto *originalIdentHash = m_DestinationIdentHash;
 		m_DestinationIdentHash = nullptr;
+		delete originalIdentHash;
 	}
 
-	void I2PClientTunnel::Accept ()
+	/* HACK: maybe we should create a caching IdentHash provider in AddressBook */
+	const i2p::data::IdentHash * I2PClientTunnel::GetIdentHash ()
 	{
-		auto newSocket = new boost::asio::ip::tcp::socket (GetService ());
-		m_Acceptor.async_accept (*newSocket, boost::bind (&I2PClientTunnel::HandleAccept, this,
-			boost::asio::placeholders::error, newSocket));
-	}	
-
-	void I2PClientTunnel::HandleAccept (const boost::system::error_code& ecode, boost::asio::ip::tcp::socket * socket)
-	{
-		if (!ecode)
+		if (!m_DestinationIdentHash)
 		{
-			if (!m_DestinationIdentHash)
-			{
-				i2p::data::IdentHash identHash;
-				if (i2p::client::context.GetAddressBook ().GetIdentHash (m_Destination, identHash))
-					m_DestinationIdentHash = new i2p::data::IdentHash (identHash);
-			}	
-			if (m_DestinationIdentHash)
-			{
-				// try to get a LeaseSet
-				m_RemoteLeaseSet = GetLocalDestination ()->FindLeaseSet (*m_DestinationIdentHash);
-				if (m_RemoteLeaseSet && m_RemoteLeaseSet->HasNonExpiredLeases ())
-					CreateConnection (socket);
-				else
-				{
-					i2p::data::netdb.RequestDestination (*m_DestinationIdentHash, true, GetLocalDestination ()->GetTunnelPool ());
-					m_Timer.expires_from_now (boost::posix_time::seconds (I2P_TUNNEL_DESTINATION_REQUEST_TIMEOUT));
-					m_Timer.async_wait (boost::bind (&I2PClientTunnel::HandleDestinationRequestTimer,
-						this, boost::asio::placeholders::error, socket));
-				}
-			}	
+			i2p::data::IdentHash identHash;
+			if (i2p::client::context.GetAddressBook ().GetIdentHash (m_Destination, identHash))
+				m_DestinationIdentHash = new i2p::data::IdentHash (identHash);
 			else
-			{
-				LogPrint ("Remote destination ", m_Destination, " not found");
-				delete socket;
-			}	
-				
-			Accept ();
+				LogPrint (eLogWarning,"Remote destination ", m_Destination, " not found");
 		}
+		return m_DestinationIdentHash;
+	}
+
+	std::shared_ptr<I2PServiceHandler> I2PClientTunnel::CreateHandler(boost::asio::ip::tcp::socket * socket)
+	{
+		const i2p::data::IdentHash *identHash = GetIdentHash();
+		if (identHash)
+			return  std::make_shared<I2PClientTunnelHandler>(this, *identHash, m_DestinationPort, socket);
 		else
-			delete socket;
+			return nullptr;
 	}
 
-	void I2PClientTunnel::HandleDestinationRequestTimer (const boost::system::error_code& ecode, boost::asio::ip::tcp::socket * socket)
-	{
-		if (ecode != boost::asio::error::operation_aborted)
-		{
-			if (m_DestinationIdentHash)
-			{
-				m_RemoteLeaseSet = GetLocalDestination ()->FindLeaseSet (*m_DestinationIdentHash);
-				CreateConnection (socket);
-				return;
-			}
-		}
-		delete socket;	
-	}
-
-	void I2PClientTunnel::CreateConnection (boost::asio::ip::tcp::socket * socket)
-	{
-		if (m_RemoteLeaseSet) // leaseSet found
-		{	
-			LogPrint ("New I2PTunnel connection");
-			auto connection = new I2PTunnelConnection (this, socket, m_RemoteLeaseSet);
-			AddConnection (connection);
-		}
-		else
-		{
-			LogPrint ("LeaseSet for I2PTunnel destination not found");
-			delete socket;
-		}	
-	}
-
-	I2PServerTunnel::I2PServerTunnel (boost::asio::io_service& service, const std::string& address, int port, 
-		ClientDestination * localDestination): I2PTunnel (service, localDestination),
-		m_Endpoint (boost::asio::ip::address::from_string (address), port)
+	I2PServerTunnel::I2PServerTunnel (const std::string& address, int port, 
+	    std::shared_ptr<ClientDestination> localDestination, int inport): 
+		I2PService (localDestination), m_Endpoint (boost::asio::ip::address::from_string (address), port),  m_IsAccessList (false)
 	{
+		m_PortDestination = localDestination->CreateStreamingDestination (inport > 0 ? inport : port);
 	}
 	
 	void I2PServerTunnel::Start ()
@@ -263,22 +259,47 @@ namespace client
 
 	void I2PServerTunnel::Stop ()
 	{
-		ClearConnections ();
+		ClearHandlers ();
 	}	
 
+	void I2PServerTunnel::SetAccessList (const std::set<i2p::data::IdentHash>& accessList)
+	{
+		m_AccessList = accessList;
+		m_IsAccessList = true;		
+	}
+
 	void I2PServerTunnel::Accept ()
 	{
+		if (m_PortDestination)
+			m_PortDestination->SetAcceptor (std::bind (&I2PServerTunnel::HandleAccept, this, std::placeholders::_1));
+
 		auto localDestination = GetLocalDestination ();	
 		if (localDestination)
-			localDestination->AcceptStreams (std::bind (&I2PServerTunnel::HandleAccept, this, std::placeholders::_1));
+		{
+			if (!localDestination->IsAcceptingStreams ()) // set it as default if not set yet
+				localDestination->AcceptStreams (std::bind (&I2PServerTunnel::HandleAccept, this, std::placeholders::_1));
+		}
 		else
 			LogPrint ("Local destination not set for server tunnel");
 	}
 
-	void I2PServerTunnel::HandleAccept (i2p::stream::Stream * stream)
+	void I2PServerTunnel::HandleAccept (std::shared_ptr<i2p::stream::Stream> stream)
 	{
 		if (stream)
-			new I2PTunnelConnection (this, stream, new boost::asio::ip::tcp::socket (GetService ()), m_Endpoint);
+		{	
+			if (m_IsAccessList)
+			{
+				if (!m_AccessList.count (stream->GetRemoteIdentity ().GetIdentHash ()))
+				{
+					LogPrint (eLogWarning, "Address ", stream->GetRemoteIdentity ().GetIdentHash ().ToBase32 (), " is not in white list. Incoming connection dropped");
+					stream->Close ();
+					return;
+				}
+			}
+			auto conn = std::make_shared<I2PTunnelConnection> (this, stream, new boost::asio::ip::tcp::socket (GetService ()), m_Endpoint);
+			AddHandler (conn);
+			conn->Connect ();
+		}	
 	}
 }		
 }	

I2PTunnel.h

@@ -4,10 +4,12 @@
 #include <inttypes.h>
 #include <string>
 #include <set>
+#include <memory>
 #include <boost/asio.hpp>
 #include "Identity.h"
 #include "Destination.h"
 #include "Streaming.h"
+#include "I2PService.h"
 
 namespace i2p
 {
@@ -17,17 +19,21 @@ namespace client
 	const int I2P_TUNNEL_CONNECTION_MAX_IDLE = 3600; // in seconds	
 	const int I2P_TUNNEL_DESTINATION_REQUEST_TIMEOUT = 10; // in seconds
 
-	class I2PTunnel;
-	class I2PTunnelConnection
+
+	class I2PTunnelConnection: public I2PServiceHandler, public std::enable_shared_from_this<I2PTunnelConnection>
 	{
 		public:
 
-			I2PTunnelConnection (I2PTunnel * owner, boost::asio::ip::tcp::socket * socket,
-				const i2p::data::LeaseSet * leaseSet);
-			I2PTunnelConnection (I2PTunnel * owner, i2p::stream::Stream * stream,  boost::asio::ip::tcp::socket * socket, 
-				const boost::asio::ip::tcp::endpoint& target); 
+			I2PTunnelConnection (I2PService * owner, boost::asio::ip::tcp::socket * socket,
+				std::shared_ptr<const i2p::data::LeaseSet> leaseSet, int port = 0); // to I2P
+			I2PTunnelConnection (I2PService * owner, boost::asio::ip::tcp::socket * socket,
+				std::shared_ptr<i2p::stream::Stream> stream); // to I2P using simplified API :)
+			I2PTunnelConnection (I2PService * owner, std::shared_ptr<i2p::stream::Stream> stream,  boost::asio::ip::tcp::socket * socket, 
+				const boost::asio::ip::tcp::endpoint& target, bool quiet = true); // from I2P
 			~I2PTunnelConnection ();
-
+			void I2PConnect (const uint8_t * msg = nullptr, size_t len = 0);
+			void Connect ();
+			
 		private:
 
 			void Terminate ();	
@@ -43,81 +49,62 @@ namespace client
 		private:
 
 			uint8_t m_Buffer[I2P_TUNNEL_CONNECTION_BUFFER_SIZE], m_StreamBuffer[I2P_TUNNEL_CONNECTION_BUFFER_SIZE];
-			boost::asio::ip::tcp::socket * m_Socket;
-			i2p::stream::Stream * m_Stream;
-			I2PTunnel * m_Owner;
-	};	
+			std::unique_ptr<boost::asio::ip::tcp::socket> m_Socket;
+			std::shared_ptr<i2p::stream::Stream> m_Stream;
+			boost::asio::ip::tcp::endpoint m_RemoteEndpoint;
+			bool m_IsQuiet; // don't send destination
+	};
 
-	class I2PTunnel
+	class I2PClientTunnel: public TCPIPAcceptor
 	{
+		protected:
+
+			// Implements TCPIPAcceptor
+			std::shared_ptr<I2PServiceHandler> CreateHandler(boost::asio::ip::tcp::socket * socket);
+			const char* GetName() { return "I2P Client Tunnel"; }
+
 		public:
 
-			I2PTunnel (boost::asio::io_service& service, ClientDestination * localDestination): 
-				m_Service (service), m_LocalDestination (localDestination) {};
-			virtual ~I2PTunnel () { ClearConnections (); }; 
-
-			void AddConnection (I2PTunnelConnection * conn);
-			void RemoveConnection (I2PTunnelConnection * conn);	
-			void ClearConnections ();
-			ClientDestination * GetLocalDestination () { return m_LocalDestination; };
-			void SetLocalDestination (ClientDestination * dest) { m_LocalDestination = dest; }; 			
-
-			boost::asio::io_service& GetService () { return m_Service; };
-			
-		private:
-
-			boost::asio::io_service& m_Service;
-			ClientDestination * m_LocalDestination;
-			std::set<I2PTunnelConnection *> m_Connections;
-	};	
-	
-	class I2PClientTunnel: public I2PTunnel
-	{
-		public:
-
-			I2PClientTunnel (boost::asio::io_service& service, const std::string& destination, int port,
-				ClientDestination * localDestination = nullptr);
-			~I2PClientTunnel ();				
+			I2PClientTunnel (const std::string& destination, int port, std::shared_ptr<ClientDestination> localDestination, int destinationPort = 0);
+			~I2PClientTunnel () {}
 	
 			void Start ();
 			void Stop ();
 
 		private:
 
-			void Accept ();
-			void HandleAccept (const boost::system::error_code& ecode, boost::asio::ip::tcp::socket * socket);
-			void HandleDestinationRequestTimer (const boost::system::error_code& ecode, boost::asio::ip::tcp::socket * socket);
-			void CreateConnection (boost::asio::ip::tcp::socket * socket);				
+			const i2p::data::IdentHash * GetIdentHash ();
 
-		private:
-
-			boost::asio::ip::tcp::acceptor m_Acceptor;
-			boost::asio::deadline_timer m_Timer;
 			std::string m_Destination;
 			const i2p::data::IdentHash * m_DestinationIdentHash;
-			const i2p::data::LeaseSet * m_RemoteLeaseSet;
+			int m_DestinationPort;	
 	};	
 
-	class I2PServerTunnel: public I2PTunnel
+	class I2PServerTunnel: public I2PService
 	{
 		public:
 
-			I2PServerTunnel (boost::asio::io_service& service, const std::string& address, int port, 
-				ClientDestination * localDestination);	
+			I2PServerTunnel (const std::string& address, int port, 
+				std::shared_ptr<ClientDestination> localDestination, int inport = 0);	
 
 			void Start ();
 			void Stop ();
 
+			void SetAccessList (const std::set<i2p::data::IdentHash>& accessList); 
+
 		private:
 
 			void Accept ();
-			void HandleAccept (i2p::stream::Stream * stream);
+			void HandleAccept (std::shared_ptr<i2p::stream::Stream> stream);
 
 		private:
 
-			boost::asio::ip::tcp::endpoint m_Endpoint;		
+			boost::asio::ip::tcp::endpoint m_Endpoint;	
+			std::shared_ptr<i2p::stream::StreamingDestination> m_PortDestination;
+			std::set<i2p::data::IdentHash> m_AccessList;
+			bool m_IsAccessList;			
 	};
-}		
+}
 }	
 
 #endif

Identity.cpp

@@ -5,6 +5,7 @@
 #include <cryptopp/dsa.h>
 #include "base64.h"
 #include "CryptoConst.h"
+#include "ElGamal.h"
 #include "RouterContext.h"
 #include "Identity.h"
 #include "I2PEndian.h"
@@ -42,18 +43,79 @@ namespace data
 	IdentityEx::IdentityEx(const uint8_t * publicKey, const uint8_t * signingKey, SigningKeyType type)
 	{	
 		memcpy (m_StandardIdentity.publicKey, publicKey, sizeof (m_StandardIdentity.publicKey));
-		if (type == SIGNING_KEY_TYPE_ECDSA_SHA256_P256)
+		if (type != SIGNING_KEY_TYPE_DSA_SHA1)
 		{
-			memcpy (m_StandardIdentity.signingKey + 64, signingKey, 64);
+			size_t excessLen = 0;
+			uint8_t * excessBuf = nullptr;
+			switch (type)
+			{
+				case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
+				{	
+					size_t padding =  128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
+					i2p::context.GetRandomNumberGenerator ().GenerateBlock (m_StandardIdentity.signingKey, padding);
+					memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP256_KEY_LENGTH);
+					break;
+				}
+				case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
+				{	
+					size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96
+					i2p::context.GetRandomNumberGenerator ().GenerateBlock (m_StandardIdentity.signingKey, padding);
+					memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP384_KEY_LENGTH);
+					break;
+				}	
+				case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
+				{
+					memcpy (m_StandardIdentity.signingKey, signingKey, 128);
+					excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132 - 128
+					excessBuf = new uint8_t[excessLen];
+					memcpy (excessBuf, signingKey + 128, excessLen);
+					break;
+				}	
+				case SIGNING_KEY_TYPE_RSA_SHA256_2048:
+				{
+					memcpy (m_StandardIdentity.signingKey, signingKey, 128);
+					excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256 - 128
+					excessBuf = new uint8_t[excessLen];
+					memcpy (excessBuf, signingKey + 128, excessLen);
+					break;
+				}	
+				case SIGNING_KEY_TYPE_RSA_SHA384_3072:
+				{
+					memcpy (m_StandardIdentity.signingKey, signingKey, 128);
+					excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384 - 128
+					excessBuf = new uint8_t[excessLen];
+					memcpy (excessBuf, signingKey + 128, excessLen);
+					break;
+				}	
+				case SIGNING_KEY_TYPE_RSA_SHA512_4096:
+				{
+					memcpy (m_StandardIdentity.signingKey, signingKey, 128);
+					excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512 - 128
+					excessBuf = new uint8_t[excessLen];
+					memcpy (excessBuf, signingKey + 128, excessLen);
+					break;
+				}		
+				default:
+					LogPrint ("Signing key type ", (int)type, " is not supported");
+			}	
+			m_ExtendedLen = 4 + excessLen; // 4 bytes extra + excess length
+			// fill certificate
 			m_StandardIdentity.certificate.type = CERTIFICATE_TYPE_KEY;
-			m_ExtendedLen = 4; // 4 bytes extra
-			m_StandardIdentity.certificate.length = htobe16 (4); 
+			m_StandardIdentity.certificate.length = htobe16 (m_ExtendedLen); 
+			// fill extended buffer
 			m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
-			*(uint16_t *)m_ExtendedBuffer = htobe16 (SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
-			*(uint16_t *)(m_ExtendedBuffer + 2) = htobe16 (CRYPTO_KEY_TYPE_ELGAMAL);
-			uint8_t buf[DEFAULT_IDENTITY_SIZE + 4];
-			ToBuffer (buf, DEFAULT_IDENTITY_SIZE + 4);
+			htobe16buf (m_ExtendedBuffer, type);
+			htobe16buf (m_ExtendedBuffer + 2, CRYPTO_KEY_TYPE_ELGAMAL);
+			if (excessLen && excessBuf)
+			{
+				memcpy (m_ExtendedBuffer + 4, excessBuf, excessLen);
+				delete[] excessBuf;
+			}	
+			// calculate ident hash
+			uint8_t * buf = new uint8_t[GetFullLen ()];
+			ToBuffer (buf, GetFullLen ());
 			CryptoPP::SHA256().CalculateDigest(m_IdentHash, buf, GetFullLen ());
+			delete[] buf;
 		}
 		else // DSA-SHA1
 		{
@@ -100,7 +162,7 @@ namespace data
 			m_ExtendedBuffer = nullptr;
 		
 		delete m_Verifier;
-		CreateVerifier ();
+		m_Verifier = nullptr;
 		
 		return *this;
 	}	
@@ -115,21 +177,34 @@ namespace data
 		m_ExtendedLen = 0;
 
 		delete m_Verifier;
-		CreateVerifier ();
+		m_Verifier = nullptr;
 		
 		return *this;
 	}	
 		
 	size_t IdentityEx::FromBuffer (const uint8_t * buf, size_t len)
 	{
+		if (len < DEFAULT_IDENTITY_SIZE)
+		{
+			LogPrint (eLogError, "Identity buffer length ", len, " is too small");
+			return 0;
+		}	
 		memcpy (&m_StandardIdentity, buf, DEFAULT_IDENTITY_SIZE);
 
 		delete[] m_ExtendedBuffer;
 		if (m_StandardIdentity.certificate.length)
 		{
 			m_ExtendedLen = be16toh (m_StandardIdentity.certificate.length);
-			m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
-			memcpy (m_ExtendedBuffer, buf + DEFAULT_IDENTITY_SIZE, m_ExtendedLen);
+			if (m_ExtendedLen + DEFAULT_IDENTITY_SIZE <= len)
+			{	
+				m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
+				memcpy (m_ExtendedBuffer, buf + DEFAULT_IDENTITY_SIZE, m_ExtendedLen);
+			}	
+			else
+			{
+				LogPrint (eLogError, "Certificate length ", m_ExtendedLen, " exceeds buffer length ", len - DEFAULT_IDENTITY_SIZE);
+				return 0;
+			}	
 		}		
 		else
 		{
@@ -139,7 +214,7 @@ namespace data
 		CryptoPP::SHA256().CalculateDigest(m_IdentHash, buf, GetFullLen ());
 		
 		delete m_Verifier;
-		CreateVerifier ();
+		m_Verifier = nullptr;
 		
 		return GetFullLen ();
 	}	
@@ -154,26 +229,47 @@ namespace data
 
 	size_t IdentityEx::FromBase64(const std::string& s)
 	{
-		uint8_t buf[512];
-		auto len = Base64ToByteStream (s.c_str(), s.length(), buf, 512);
+		uint8_t buf[1024];
+		auto len = Base64ToByteStream (s.c_str(), s.length(), buf, 1024);
 		return FromBuffer (buf, len);
 	}	
-		
+	
+	std::string IdentityEx::ToBase64 () const
+	{
+		uint8_t buf[1024];
+		char str[1536];
+		size_t l = ToBuffer (buf, 1024);
+		size_t l1 = i2p::data::ByteStreamToBase64 (buf, l, str, 1536);
+		str[l1] = 0;
+		return std::string (str);
+	}
+	
 	size_t IdentityEx::GetSigningPublicKeyLen () const
 	{
-		if (m_Verifier)
+		if (!m_Verifier) CreateVerifier ();
+		if (m_Verifier)	
 			return m_Verifier->GetPublicKeyLen ();
 		return 128;
 	}	
 
+	size_t IdentityEx::GetSigningPrivateKeyLen () const
+	{
+		if (!m_Verifier) CreateVerifier ();
+		if (m_Verifier)	
+			return m_Verifier->GetPrivateKeyLen ();
+		return GetSignatureLen ()/2;
+	}	
+		
 	size_t IdentityEx::GetSignatureLen () const
-	{		
+	{	
+		if (!m_Verifier) CreateVerifier ();	
 		if (m_Verifier)
 			return m_Verifier->GetSignatureLen ();
 		return 40;
 	}	
 	bool IdentityEx::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const 
 	{
+		if (!m_Verifier) CreateVerifier ();
 		if (m_Verifier)
 			return m_Verifier->Verify (buf, len, signature);
 		return false;
@@ -182,11 +278,18 @@ namespace data
 	SigningKeyType IdentityEx::GetSigningKeyType () const
 	{
 		if (m_StandardIdentity.certificate.type == CERTIFICATE_TYPE_KEY && m_ExtendedBuffer)				
-			return be16toh (*(const uint16_t *)m_ExtendedBuffer); // signing key
+			return bufbe16toh (m_ExtendedBuffer); // signing key
 		return SIGNING_KEY_TYPE_DSA_SHA1;
 	}	
+
+	CryptoKeyType IdentityEx::GetCryptoKeyType () const
+	{
+		if (m_StandardIdentity.certificate.type == CERTIFICATE_TYPE_KEY && m_ExtendedBuffer)				
+			return bufbe16toh (m_ExtendedBuffer + 2); // crypto key
+		return CRYPTO_KEY_TYPE_ELGAMAL;
+	}	
 		
-	void IdentityEx::CreateVerifier () 
+	void IdentityEx::CreateVerifier () const 
 	{
 		auto keyType = GetSigningKeyType ();
 		switch (keyType)
@@ -195,19 +298,72 @@ namespace data
 				m_Verifier = new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey);
 			break;
 			case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
-				m_Verifier = new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + 64);
-			break;	
+			{	
+				size_t padding =  128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
+				m_Verifier = new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding);
+				break;
+			}	
+			case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
+			{	
+				size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96
+				m_Verifier = new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding);
+				break;
+			}	
+			case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
+			{	
+				uint8_t signingKey[i2p::crypto::ECDSAP521_KEY_LENGTH];
+				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
+				size_t excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132- 128
+				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
+				m_Verifier = new i2p::crypto::ECDSAP521Verifier (signingKey);
+				break;
+			}		
+			case SIGNING_KEY_TYPE_RSA_SHA256_2048:
+			{	
+				uint8_t signingKey[i2p::crypto::RSASHA2562048_KEY_LENGTH];
+				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
+				size_t excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256- 128
+				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
+				m_Verifier = new i2p::crypto:: RSASHA2562048Verifier (signingKey);
+				break;
+			}	
+			case SIGNING_KEY_TYPE_RSA_SHA384_3072:
+			{	
+				uint8_t signingKey[i2p::crypto::RSASHA3843072_KEY_LENGTH];
+				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
+				size_t excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384- 128
+				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
+				m_Verifier = new i2p::crypto:: RSASHA3843072Verifier (signingKey);
+				break;
+			}	
+			case SIGNING_KEY_TYPE_RSA_SHA512_4096:
+			{	
+				uint8_t signingKey[i2p::crypto::RSASHA5124096_KEY_LENGTH];
+				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
+				size_t excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512- 128
+				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
+				m_Verifier = new i2p::crypto:: RSASHA5124096Verifier (signingKey);
+				break;
+			}		
 			default:
 				LogPrint ("Signing key type ", (int)keyType, " is not supported");
 		}			
 	}	
 	
+	void IdentityEx::DropVerifier ()
+	{
+		auto verifier = m_Verifier;
+		m_Verifier = nullptr; // TODO: make this atomic
+		delete verifier;
+	}
+
 	PrivateKeys& PrivateKeys::operator=(const Keys& keys)
 	{
 		m_Public = Identity (keys);
 		memcpy (m_PrivateKey, keys.privateKey, 256); // 256 
-		memcpy (m_SigningPrivateKey, keys.signingPrivateKey, 20); // 20 - DSA
+		memcpy (m_SigningPrivateKey, keys.signingPrivateKey, m_Public.GetSigningPrivateKeyLen ());
 		delete m_Signer;
+		m_Signer = nullptr;
 		CreateSigner ();
 		return *this;
 	}
@@ -216,8 +372,9 @@ namespace data
 	{		
 		m_Public = other.m_Public;
 		memcpy (m_PrivateKey, other.m_PrivateKey, 256); // 256 
-		memcpy (m_SigningPrivateKey, other.m_SigningPrivateKey, 128); // 128
+		memcpy (m_SigningPrivateKey, other.m_SigningPrivateKey, m_Public.GetSigningPrivateKeyLen ()); 
 		delete m_Signer;
+		m_Signer = nullptr;
 		CreateSigner ();
 		return *this;
 	}	
@@ -227,10 +384,11 @@ namespace data
 		size_t ret = m_Public.FromBuffer (buf, len);
 		memcpy (m_PrivateKey, buf + ret, 256); // private key always 256
 		ret += 256;
-		size_t signingPrivateKeySize = m_Public.GetSignatureLen ()/2; // 20 for DSA
+		size_t signingPrivateKeySize = m_Public.GetSigningPrivateKeyLen ();
 		memcpy (m_SigningPrivateKey, buf + ret, signingPrivateKeySize); 
 		ret += signingPrivateKeySize;
 		delete m_Signer;
+		m_Signer = nullptr;
 		CreateSigner ();
 		return ret;
 	}
@@ -240,12 +398,34 @@ namespace data
 		size_t ret = m_Public.ToBuffer (buf, len);
 		memcpy (buf + ret, m_PrivateKey, 256); // private key always 256
 		ret += 256;
-		size_t signingPrivateKeySize = m_Public.GetSignatureLen ()/2; // 20 for DSA
+		size_t signingPrivateKeySize = m_Public.GetSigningPrivateKeyLen (); 
 		memcpy (buf + ret, m_SigningPrivateKey, signingPrivateKeySize); 
 		ret += signingPrivateKeySize;
 		return ret;
 	}	
 
+	size_t PrivateKeys::FromBase64(const std::string& s)
+	{
+		uint8_t * buf = new uint8_t[s.length ()];
+		size_t l = i2p::data::Base64ToByteStream (s.c_str (), s.length (), buf, s.length ());
+		size_t ret = FromBuffer (buf, l);
+		delete[] buf;
+		return ret;
+	}	
+	
+	std::string PrivateKeys::ToBase64 () const
+	{
+		uint8_t * buf = new uint8_t[GetFullLen ()];
+		char * str = new char[GetFullLen ()*2];
+		size_t l = ToBuffer (buf, GetFullLen ());
+		size_t l1 = i2p::data::ByteStreamToBase64 (buf, l, str, GetFullLen ()*2);
+		str[l1] = 0;
+		delete[] buf;
+		std::string ret(str);
+		delete[] str;
+		return ret;
+	}
+
 	void PrivateKeys::Sign (const uint8_t * buf, int len, uint8_t * signature) const
 	{
 		if (m_Signer)
@@ -254,26 +434,73 @@ namespace data
 
 	void PrivateKeys::CreateSigner ()
 	{
-		if (m_Public.GetSigningKeyType () == SIGNING_KEY_TYPE_ECDSA_SHA256_P256)
-			m_Signer = new i2p::crypto::ECDSAP256Signer (m_SigningPrivateKey);
-		else
-			m_Signer = new i2p::crypto::DSASigner (m_SigningPrivateKey);
+		switch (m_Public.GetSigningKeyType ())
+		{	
+			case SIGNING_KEY_TYPE_DSA_SHA1:
+				m_Signer = new i2p::crypto::DSASigner (m_SigningPrivateKey);
+			break;	
+			case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
+				m_Signer = new i2p::crypto::ECDSAP256Signer (m_SigningPrivateKey);
+			break;
+			case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
+				m_Signer = new i2p::crypto::ECDSAP384Signer (m_SigningPrivateKey);
+			break;	
+			case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
+				m_Signer = new i2p::crypto::ECDSAP521Signer (m_SigningPrivateKey);
+			break;	
+			case SIGNING_KEY_TYPE_RSA_SHA256_2048:
+				m_Signer = new i2p::crypto::RSASHA2562048Signer (m_SigningPrivateKey);
+			break;
+			case SIGNING_KEY_TYPE_RSA_SHA384_3072:
+				m_Signer = new i2p::crypto::RSASHA3843072Signer (m_SigningPrivateKey);
+			break;
+			case SIGNING_KEY_TYPE_RSA_SHA512_4096:
+				m_Signer = new i2p::crypto::RSASHA5124096Signer (m_SigningPrivateKey);
+			break;	
+			default:
+				LogPrint ("Signing key type ", (int)m_Public.GetSigningKeyType (), " is not supported");
+		}
 	}	
 		
 	PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type)
 	{
-		if (type == SIGNING_KEY_TYPE_ECDSA_SHA256_P256)
+		if (type != SIGNING_KEY_TYPE_DSA_SHA1)
 		{
 			PrivateKeys keys;
 			auto& rnd = i2p::context.GetRandomNumberGenerator ();
+			// signature
+			uint8_t signingPublicKey[512]; // signing public key is 512 bytes max 
+			switch (type)
+			{	
+				case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
+					i2p::crypto::CreateECDSAP256RandomKeys (rnd, keys.m_SigningPrivateKey, signingPublicKey);
+				break;	
+				case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
+					i2p::crypto::CreateECDSAP384RandomKeys (rnd, keys.m_SigningPrivateKey, signingPublicKey);	
+				break;
+				case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
+					i2p::crypto::CreateECDSAP521RandomKeys (rnd, keys.m_SigningPrivateKey, signingPublicKey);	
+				break;	
+				case SIGNING_KEY_TYPE_RSA_SHA256_2048:
+					i2p::crypto::CreateRSARandomKeys (rnd, i2p::crypto::RSASHA2562048_KEY_LENGTH, keys.m_SigningPrivateKey, signingPublicKey);	
+				break;
+				case SIGNING_KEY_TYPE_RSA_SHA384_3072:
+					i2p::crypto::CreateRSARandomKeys (rnd, i2p::crypto::RSASHA3843072_KEY_LENGTH, keys.m_SigningPrivateKey, signingPublicKey);	
+				break;
+				case SIGNING_KEY_TYPE_RSA_SHA512_4096:
+					i2p::crypto::CreateRSARandomKeys (rnd, i2p::crypto::RSASHA5124096_KEY_LENGTH, keys.m_SigningPrivateKey, signingPublicKey);	
+				break;	
+				default:
+					LogPrint ("Signing key type ", (int)type, " is not supported. Create DSA-SHA1");
+					return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
+			}	
 			// encryption
 			uint8_t publicKey[256];
 			CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
 			dh.GenerateKeyPair(rnd, keys.m_PrivateKey, publicKey);
-			// signature
-			uint8_t signingPublicKey[64];
-			i2p::crypto::CreateECDSAP256RandomKeys (rnd, keys.m_SigningPrivateKey, signingPublicKey);
-			keys.m_Public = IdentityEx (publicKey, signingPublicKey, SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
+			// identity
+			keys.m_Public = IdentityEx (publicKey, signingPublicKey, type);
+
 			keys.CreateSigner ();
 			return keys;
 		}	
@@ -285,8 +512,7 @@ namespace data
 		Keys keys;		
 		auto& rnd = i2p::context.GetRandomNumberGenerator ();
 		// encryption
-		CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
-		dh.GenerateKeyPair(rnd, keys.privateKey, keys.publicKey);
+		i2p::crypto::GenerateElGamalKeyPair(rnd, keys.privateKey, keys.publicKey);
 		// signing
 		i2p::crypto::CreateDSARandomKeys (rnd, keys.signingPrivateKey, keys.signingKey);	
 		return keys;

Identity.h

@@ -56,6 +56,11 @@ namespace data
 				return std::string (str);
 			}	
 
+			void FromBase32 (const std::string& s)
+			{
+				i2p::data::Base32ToByteStream (s.c_str (), s.length (), m_Buf, sz);
+			}
+
 		private:
 
 			union // 8 bytes alignment
@@ -102,11 +107,17 @@ namespace data
 	Keys CreateRandomKeys ();
 	
 	const size_t DEFAULT_IDENTITY_SIZE = sizeof (Identity); // 387 bytes
-
+	
 	const uint16_t CRYPTO_KEY_TYPE_ELGAMAL = 0;
 	const uint16_t SIGNING_KEY_TYPE_DSA_SHA1 = 0;
 	const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA256_P256 = 1;
+	const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA384_P384 = 2;
+	const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA512_P521 = 3;
+	const uint16_t SIGNING_KEY_TYPE_RSA_SHA256_2048 = 4;
+	const uint16_t SIGNING_KEY_TYPE_RSA_SHA384_3072 = 5;
+	const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6;
 	typedef uint16_t SigningKeyType;
+	typedef uint16_t CryptoKeyType;	
 	
 	class IdentityEx
 	{
@@ -121,26 +132,30 @@ namespace data
 			IdentityEx& operator=(const IdentityEx& other);
 			IdentityEx& operator=(const Identity& standard);
 
-			size_t FromBase64(const std::string& s);
 			size_t FromBuffer (const uint8_t * buf, size_t len);
 			size_t ToBuffer (uint8_t * buf, size_t len) const;
+			size_t FromBase64(const std::string& s);
+			std::string ToBase64 () const;
 			const Identity& GetStandardIdentity () const { return m_StandardIdentity; };
 			const IdentHash& GetIdentHash () const { return m_IdentHash; };
 			size_t GetFullLen () const { return m_ExtendedLen + DEFAULT_IDENTITY_SIZE; };
 			size_t GetSigningPublicKeyLen () const;
+			size_t GetSigningPrivateKeyLen () const;
 			size_t GetSignatureLen () const;
 			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
 			SigningKeyType GetSigningKeyType () const;
-			
+			CryptoKeyType GetCryptoKeyType () const;
+			void DropVerifier (); // to save memory			
+
 		private:
 
-			void CreateVerifier ();
+			void CreateVerifier () const;
 			
 		private:
 
 			Identity m_StandardIdentity;
 			IdentHash m_IdentHash;
-			i2p::crypto::Verifier * m_Verifier;
+			mutable i2p::crypto::Verifier * m_Verifier; 
 			size_t m_ExtendedLen;
 			uint8_t * m_ExtendedBuffer;
 	};	
@@ -161,10 +176,13 @@ namespace data
 			const uint8_t * GetSigningPrivateKey () const { return m_SigningPrivateKey; };
 			void Sign (const uint8_t * buf, int len, uint8_t * signature) const;
 
-			size_t GetFullLen () const { return m_Public.GetFullLen () + 256 + m_Public.GetSignatureLen ()/2; };			
+			size_t GetFullLen () const { return m_Public.GetFullLen () + 256 + m_Public.GetSigningPrivateKeyLen (); }; 		
 			size_t FromBuffer (const uint8_t * buf, size_t len);
 			size_t ToBuffer (uint8_t * buf, size_t len) const;
 
+			size_t FromBase64(const std::string& s);
+			std::string ToBase64 () const;
+
 			static PrivateKeys CreateRandomKeys (SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1);
 	
 		private:
@@ -175,7 +193,7 @@ namespace data
 
 			IdentityEx m_Public;
 			uint8_t m_PrivateKey[256];
-			uint8_t m_SigningPrivateKey[128]; // assume private key doesn't exceed 128 bytes
+			uint8_t m_SigningPrivateKey[1024]; // assume private key doesn't exceed 1024 bytes
 			i2p::crypto::Signer * m_Signer;
 	};
 

LICENSE

@@ -1,339 +1,27 @@
-GNU GENERAL PUBLIC LICENSE
-                       Version 2, June 1991
+Copyright (c) 2013-2015, The PurpleI2P Project
 
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
+All rights reserved.
 
-                            Preamble
+Redistribution and use in source and binary forms, with or without modification, are
+permitted provided that the following conditions are met:
 
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
-your programs, too.
+1. Redistributions of source code must retain the above copyright notice, this list of
+conditions and the following disclaimer.
 
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
+2. Redistributions in binary form must reproduce the above copyright notice, this list of
+conditions and the following disclaimer in the documentation and/or other materials
+provided with the distribution.
 
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
+3. Neither the name of the copyright holder nor the names of its contributors may be used
+to endorse or promote products derived from this software without specific prior written
+permission.
 
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-                            NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    i2p router for Linux written on C++
-    Copyright (C) 2013  orignal
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  {signature of Ty Coon}, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

LeaseSet.cpp

@@ -1,5 +1,7 @@
+#include <string.h>
 #include "I2PEndian.h"
 #include <cryptopp/dsa.h>
+#include <cryptopp/osrng.h>
 #include "CryptoConst.h"
 #include "Log.h"
 #include "Timestamp.h"
@@ -22,30 +24,39 @@ namespace data
 	LeaseSet::LeaseSet (const i2p::tunnel::TunnelPool& pool)
 	{	
 		// header
-		const i2p::data::LocalDestination& localDestination = pool.GetLocalDestination ();
-		m_BufferLen = localDestination.GetIdentity ().ToBuffer (m_Buffer, MAX_LS_BUFFER_SIZE);
-		memcpy (m_Buffer + m_BufferLen, localDestination.GetEncryptionPublicKey (), 256);
+		const i2p::data::LocalDestination * localDestination = pool.GetLocalDestination ();
+		if (!localDestination)
+		{
+			m_BufferLen = 0;
+			LogPrint (eLogError, "Destination for local LeaseSet doesn't exist");
+			return;
+		}	
+		m_BufferLen = localDestination->GetIdentity ().ToBuffer (m_Buffer, MAX_LS_BUFFER_SIZE);
+		memcpy (m_Buffer + m_BufferLen, localDestination->GetEncryptionPublicKey (), 256);
 		m_BufferLen += 256;
-		auto signingKeyLen = localDestination.GetIdentity ().GetSigningPublicKeyLen ();
+		auto signingKeyLen = localDestination->GetIdentity ().GetSigningPublicKeyLen ();
 		memset (m_Buffer + m_BufferLen, 0, signingKeyLen);
 		m_BufferLen += signingKeyLen;
 		auto tunnels = pool.GetInboundTunnels (5); // 5 tunnels maximum
 		m_Buffer[m_BufferLen] = tunnels.size (); // num leases
 		m_BufferLen++;
 		// leases
+		CryptoPP::AutoSeededRandomPool rnd;	
 		for (auto it: tunnels)
 		{	
-			Lease * lease = (Lease *)(m_Buffer + m_BufferLen);
-			memcpy (lease->tunnelGateway, it->GetNextIdentHash (), 32);
-			lease->tunnelID = htobe32 (it->GetNextTunnelID ());
-			uint64_t ts = it->GetCreationTime () + i2p::tunnel::TUNNEL_EXPIRATION_TIMEOUT - 60; // 1 minute before expiration
+			memcpy (m_Buffer + m_BufferLen, it->GetNextIdentHash (), 32);
+			m_BufferLen += 32; // gateway id
+			htobe32buf (m_Buffer + m_BufferLen, it->GetNextTunnelID ());
+			m_BufferLen += 4; // tunnel id
+			uint64_t ts = it->GetCreationTime () + i2p::tunnel::TUNNEL_EXPIRATION_TIMEOUT - i2p::tunnel::TUNNEL_EXPIRATION_THRESHOLD; // 1 minute before expiration
 			ts *= 1000; // in milliseconds
-			lease->endDate = htobe64 (ts);
-			m_BufferLen += sizeof (Lease);
-		}	
+			ts += rnd.GenerateWord32 (0, 5); // + random milliseconds
+			htobe64buf (m_Buffer + m_BufferLen, ts);
+			m_BufferLen += 8; // end date
+		}
 		// signature
-		localDestination.Sign (m_Buffer, m_BufferLen, m_Buffer + m_BufferLen);
-		m_BufferLen += localDestination.GetIdentity ().GetSignatureLen (); 
+		localDestination->Sign (m_Buffer, m_BufferLen, m_Buffer + m_BufferLen);
+		m_BufferLen += localDestination->GetIdentity ().GetSignatureLen (); 
 		LogPrint ("Local LeaseSet of ", tunnels.size (), " leases created");
 
 		ReadFromBuffer ();
@@ -73,11 +84,14 @@ namespace data
 		const uint8_t * leases = m_Buffer + size;
 		for (int i = 0; i < num; i++)
 		{
-			Lease lease = *(Lease *)leases;
-			lease.tunnelID = be32toh (lease.tunnelID);
-			lease.endDate = be64toh (lease.endDate);
+			Lease lease;
+			lease.tunnelGateway = leases;
+			leases += 32; // gateway
+			lease.tunnelID = bufbe32toh (leases);
+			leases += 4; // tunnel ID
+			lease.endDate = bufbe64toh (leases);
+			leases += 8; // end date
 			m_Leases.push_back (lease);
-			leases += sizeof (Lease);
 
 			// check if lease's gateway is in our netDb
 			if (!netdb.FindRouter (lease.tunnelGateway))
@@ -93,13 +107,18 @@ namespace data
 			LogPrint ("LeaseSet verification failed");
 	}				
 	
-	const std::vector<Lease> LeaseSet::GetNonExpiredLeases () const
+	const std::vector<Lease> LeaseSet::GetNonExpiredLeases (bool withThreshold) const
 	{
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 		std::vector<Lease> leases;
 		for (auto& it: m_Leases)
-			if (ts < it.endDate)
+		{
+			auto endDate = it.endDate;
+			if (!withThreshold)
+				endDate -= i2p::tunnel::TUNNEL_EXPIRATION_THRESHOLD*1000;
+			if (ts < endDate)
 				leases.push_back (it);
+		}	
 		return leases;	
 	}	
 

LeaseSet.h

@@ -16,12 +16,9 @@ namespace tunnel
 
 namespace data
 {	
-	
-#pragma pack(1)
-
 	struct Lease
 	{
-		uint8_t tunnelGateway[32];
+		IdentHash tunnelGateway;
 		uint32_t tunnelID;
 		uint64_t endDate;
 
@@ -33,10 +30,8 @@ namespace data
 				return tunnelID < other.tunnelID; 
 		}	
 	};	
-	
-#pragma pack()	
 
-	const int MAX_LS_BUFFER_SIZE = 2048;	
+	const int MAX_LS_BUFFER_SIZE = 3072;	
 	class LeaseSet: public RoutingDestination
 	{
 		public:
@@ -54,7 +49,7 @@ namespace data
 			// implements RoutingDestination
 			const IdentHash& GetIdentHash () const { return m_Identity.GetIdentHash (); };
 			const std::vector<Lease>& GetLeases () const { return m_Leases; };
-			const std::vector<Lease> GetNonExpiredLeases () const;
+			const std::vector<Lease> GetNonExpiredLeases (bool withThreshold = true) const;
 			bool HasExpiredLeases () const;
 			bool HasNonExpiredLeases () const;
 			const uint8_t * GetEncryptionPublicKey () const { return m_EncryptionKey; };

Log.cpp

@@ -20,19 +20,24 @@ void LogMsg::Process()
 
 void Log::Flush ()
 {
-	if (m_LogFile)
-		m_LogFile->flush();
+	if (m_LogStream)
+		m_LogStream->flush();
 }
 
 void Log::SetLogFile (const std::string& fullFilePath)
 {
-	if (m_LogFile) delete m_LogFile;
-	m_LogFile = new std::ofstream (fullFilePath, std::ofstream::out | std::ofstream::binary | std::ofstream::trunc);
-	if (m_LogFile->is_open ())
-		LogPrint("Logging to file ",  fullFilePath, " enabled.");
-	else
+	auto logFile = new std::ofstream (fullFilePath, std::ofstream::out | std::ofstream::binary | std::ofstream::trunc);
+	if (logFile->is_open ())
 	{
-		delete m_LogFile;
-		m_LogFile = nullptr;
-	}
+		SetLogStream (logFile);
+		LogPrint("Logging to file ",  fullFilePath, " enabled.");
+	}	
+	else
+		delete logFile;
+}
+
+void Log::SetLogStream (std::ostream * logStream)
+{
+	if (m_LogStream) delete m_LogStream;	
+	m_LogStream = logStream;
 }

Log.h

@@ -32,11 +32,12 @@ class Log: public i2p::util::MsgQueue<LogMsg>
 {
 	public:
 
-		Log (): m_LogFile (nullptr) { SetOnEmpty (std::bind (&Log::Flush, this)); };
-		~Log () { delete m_LogFile; };
+		Log (): m_LogStream (nullptr) { SetOnEmpty (std::bind (&Log::Flush, this)); };
+		~Log () { delete m_LogStream; };
 
 		void SetLogFile (const std::string& fullFilePath);
-		std::ofstream * GetLogFile () const { return m_LogFile; };	
+		void SetLogStream (std::ostream * logStream);
+		std::ostream * GetLogStream () const { return m_LogStream; };	
 
 	private:
 
@@ -44,7 +45,7 @@ class Log: public i2p::util::MsgQueue<LogMsg>
 
 	private:
 		
-		std::ofstream * m_LogFile;
+		std::ostream * m_LogStream;
 };
 
 extern Log * g_Log;
@@ -59,6 +60,16 @@ inline void StartLog (const std::string& fullFilePath)
 	}	
 }
 
+inline void StartLog (std::ostream * s)
+{
+	if (!g_Log)
+	{	
+		g_Log = new Log ();
+		if (s)
+			g_Log->SetLogStream (s);
+	}	
+}
+
 inline void StopLog ()
 {
 	if (g_Log)
@@ -84,7 +95,7 @@ void LogPrint (std::stringstream& s, TValue arg, TArgs... args)
 template<typename... TArgs>
 void LogPrint (LogLevel level, TArgs... args) 
 {
-	LogMsg * msg = (g_Log && g_Log->GetLogFile ()) ? new LogMsg (*g_Log->GetLogFile (), level) : 
+	LogMsg * msg = (g_Log && g_Log->GetLogStream ()) ? new LogMsg (*g_Log->GetLogStream (), level) : 
 		new LogMsg (std::cout, level);
 	LogPrint (msg->s, args...);
 	msg->s << std::endl;

Makefile

@@ -1,29 +1,73 @@
 UNAME := $(shell uname -s)
+SHLIB := libi2pd.so
+I2PD  := i2p
+GREP := fgrep
+DEPS := obj/make.dep
+
+include filelist.mk
+
+USE_AESNI  := yes
+USE_STATIC := no
 
 ifeq ($(UNAME),Darwin)
+	DAEMON_SRC += DaemonLinux.cpp
 	include Makefile.osx
-else ifeq ($(UNAME), FreeBSD)
+else ifeq ($(shell echo $(UNAME) | $(GREP) -c FreeBSD),1)
+	DAEMON_SRC += DaemonLinux.cpp
 	include Makefile.bsd
-else
+else ifeq ($(UNAME),Linux)
+	DAEMON_SRC += DaemonLinux.cpp
 	include Makefile.linux
+else # win32
+	DAEMON_SRC += DaemonWin32.cpp
 endif
 
-all: obj i2p
+all: mk_build_dir $(SHLIB) $(I2PD)
 
-i2p: $(OBJECTS:obj/%=obj/%)
-	$(CXX) -o $@ $^ $(LDFLAGS) $(LIBS)
-
-.SUFFIXES:
-.SUFFIXES:	.c .cc .C .cpp .o
-
-obj/%.o : %.cpp
-	$(CXX) -o $@ $< -c $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) $(CPU_FLAGS)
-
-obj:
+mk_build_dir:
 	mkdir -p obj
 
+api: $(SHLIB)
+
+## NOTE: The NEEDED_CXXFLAGS are here so that CXXFLAGS can be specified at build time
+## **without** overwriting the CXXFLAGS which we need in order to build.
+## For example, when adding 'hardening flags' to the build
+## (e.g. -fstack-protector-strong -Wformat -Werror=format-security), we do not want to remove
+## -std=c++11. If you want to remove this variable please do so in a way that allows setting
+## custom FLAGS to work at build-time.
+
+deps:
+	@mkdir -p obj
+	$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) -MM *.cpp > $(DEPS)
+	@sed -i -e '/\.o:/ s/^/obj\//' $(DEPS)
+
+obj/%.o : %.cpp
+	@mkdir -p obj
+	$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) $(CPU_FLAGS) -c -o $@ $<
+
+# '-' is 'ignore if missing' on first run
+-include $(DEPS)
+
+$(I2PD):  $(patsubst %.cpp,obj/%.o,$(DAEMON_SRC))
+	$(CXX) -o $@ $^ $(LDLIBS) $(LDFLAGS)
+
+$(SHLIB): $(patsubst %.cpp,obj/%.o,$(LIB_SRC))
+ifneq ($(USE_STATIC),yes)
+	$(CXX) $(LDFLAGS) $(LDLIBS) -shared -o $@ $^
+endif
+
 clean:
-	rm -fr obj i2p
+	rm -rf obj
+	$(RM) $(I2PD) $(SHLIB)
+
+LATEST_TAG=$(shell git describe --tags --abbrev=0 master)
+dist:
+	git archive --format=tar.gz -9 --worktree-attributes \
+	    --prefix=i2pd_$(LATEST_TAG)/ $(LATEST_TAG) -o i2pd_$(LATEST_TAG).tar.gz
 
 .PHONY: all
 .PHONY: clean
+.PHONY: deps
+.PHONY: dist
+.PHONY: api
+.PHONY: mk_build_dir

Makefile.bsd

@@ -1,7 +1,12 @@
 CXX = g++
 CXXFLAGS = -O2
+## NOTE: NEEDED_CXXFLAGS is here so that custom CXXFLAGS can be specified at build time
+## **without** overwriting the CXXFLAGS which we need in order to build.
+## For example, when adding 'hardening flags' to the build
+## (e.g. -fstack-protector-strong -Wformat -Werror=format-security), we do not want to remove
+## -std=c++11. If you want to remove this variable please do so in a way that allows setting
+## custom FLAGS to work at build-time.
 NEEDED_CXXFLAGS = -std=c++11
-include filelist.mk
 INCFLAGS = -I/usr/include/ -I/usr/local/include/
-LDFLAGS = -Wl,-rpath,/usr/local/lib -L/usr/local/lib -lcryptopp -lboost_system -lboost_date_time -lboost_filesystem -lboost_regex -lboost_program_options -lpthread
-LIBS =
+LDFLAGS = -Wl,-rpath,/usr/local/lib -L/usr/local/lib
+LDLIBS = -lcryptopp -lboost_system -lboost_date_time -lboost_filesystem -lboost_regex -lboost_program_options -lpthread

Makefile.linux

@@ -1,32 +1,55 @@
 CXXFLAGS = -g -Wall
+INCFLAGS =
+
+## NOTE: The NEEDED_CXXFLAGS are here so that custom CXXFLAGS can be specified at build time
+## **without** overwriting the CXXFLAGS which we need in order to build.
+## For example, when adding 'hardening flags' to the build
+## (e.g. -fstack-protector-strong -Wformat -Werror=format-security), we do not want to remove
+## -std=c++11. If you want to remove this variable please do so in a way that allows setting
+## custom FLAGS to work at build-time.
+
+# detect proper flag for c++11 support by gcc
 CXXVER := $(shell $(CXX) -dumpversion)
-
-FGREP = fgrep
-IS_64 := $(shell $(CXX) -dumpmachine 2>&1 | $(FGREP) -c "64")
-
 ifeq ($(shell expr match ${CXXVER} "4\.[0-9][0-9]"),4) # >= 4.10
-NEEDED_CXXFLAGS += -std=c++11
+	NEEDED_CXXFLAGS += -std=c++11
 else ifeq ($(shell expr match ${CXXVER} "4\.[7-9]"),3) # >= 4.7
-NEEDED_CXXFLAGS += -std=c++11
+	NEEDED_CXXFLAGS += -std=c++11
 else ifeq ($(shell expr match ${CXXVER} "4\.6"),3) # = 4.6
-NEEDED_CXXFLAGS += -std=c++0x
+	NEEDED_CXXFLAGS += -std=c++0x
 else ifeq ($(shell expr match $(CXX) 'clang'),5)
-NEEDED_CXXFLAGS += -std=c++11
+	NEEDED_CXXFLAGS += -std=c++11
 else # not supported
-$(error Compiler too old)
+	$(error Compiler too old)
 endif
 
+NEEDED_CXXFLAGS += -fPIC
 
-include filelist.mk
-INCFLAGS =
-LDFLAGS = -lcryptopp -lboost_system -lboost_date_time -lboost_filesystem -lboost_regex -lboost_program_options -lpthread
-LIBS =
+ifeq ($(USE_STATIC),yes)
+  LIBDIR := /usr/lib
+  LDLIBS  = $(LIBDIR)/libboost_system.a
+  LDLIBS += $(LIBDIR)/libboost_date_time.a
+  LDLIBS += $(LIBDIR)/libboost_filesystem.a
+  LDLIBS += $(LIBDIR)/libboost_regex.a
+  LDLIBS += $(LIBDIR)/libboost_program_options.a
+  LDLIBS += $(LIBDIR)/libcryptopp.a
+  LDLIBS += -lpthread -static-libstdc++ -static-libgcc
+  USE_AESNI := no
+else
+  LDLIBS = -lcryptopp -lboost_system -lboost_date_time -lboost_filesystem -lboost_regex -lboost_program_options -lpthread
+endif
 
+# UPNP Support (miniupnpc 1.5 or 1.6)
+ifeq ($(USE_UPNP),1)
+  LDFLAGS += -ldl
+  CXXFLAGS += -DUSE_UPNP
+endif
 
+IS_64 := $(shell $(CXX) -dumpmachine 2>&1 | $(GREP) -c "64")
+ifeq ($(USE_AESNI),yes)
 ifeq ($(IS_64),1)
 #check if AES-NI is supported by CPU
 ifneq ($(shell grep -c aes /proc/cpuinfo),0)
 	CPU_FLAGS = -maes -DAESNI
 endif
 endif
-
+endif

Makefile.osx

@@ -1,17 +1,25 @@
 CXX = clang++
-CXXFLAGS = -g -Wall -std=c++11 -lstdc++ -I/usr/local/include
-include filelist.mk
-INCFLAGS = -DCRYPTOPP_DISABLE_ASM
-LDFLAGS = -Wl,-rpath,/usr/local/lib -L/usr/local/lib -lcryptopp -lboost_system -lboost_date_time -lboost_filesystem -lboost_regex -lboost_program_options -lpthread
-LIBS =
+CXXFLAGS = -g -Wall -std=c++11 -DCRYPTOPP_DISABLE_ASM -DMAC_OSX
+#CXXFLAGS = -g -O2 -Wall -std=c++11 -DCRYPTOPP_DISABLE_ASM
+INCFLAGS = -I/usr/local/include
+LDFLAGS = -Wl,-rpath,/usr/local/lib -L/usr/local/lib
+LDLIBS = -lcryptopp -lboost_system -lboost_date_time -lboost_filesystem -lboost_regex -lboost_program_options -lpthread
+
+ifeq ($(USE_UPNP),1)
+  LDFLAGS += -ldl
+  CXXFLAGS += -DUSE_UPNP
+endif
 
 # OSX Notes
 # http://www.hutsby.net/2011/08/macs-with-aes-ni.html
 # Seems like all recent Mac's have AES-NI, after firmware upgrade 2.2
 # Found no good way to detect it from command line. TODO: Might be some osx sysinfo magic
-CXXFLAGS += -maes -DAESNI
-
-# Apple Mac OSX
-UNAME_S := $(shell uname -s)
-ifeq ($(UNAME_S),Darwin)
+ifeq ($(USE_AESNI),yes)
+  CXXFLAGS += -maes -DAESNI
 endif
+
+# Disabled, since it will be the default make rule. I think its better
+# to define the default rule in Makefile and not Makefile.<ostype> - torkel
+#install: all
+#	test -d ${PREFIX} || mkdir -p ${PREFIX}/
+#	cp -r i2p ${PREFIX}/

NTCPSession.h

@@ -2,7 +2,10 @@
 #define NTCP_SESSION_H__
 
 #include <inttypes.h>
-#include <list>
+#include <map>
+#include <memory>
+#include <thread>
+#include <mutex>
 #include <boost/asio.hpp>
 #include <cryptopp/modes.h>
 #include <cryptopp/aes.h>
@@ -35,35 +38,24 @@ namespace transport
 			uint8_t filler[12];
 		} encrypted;	
 	};	
-
-	struct NTCPPhase3
-	{
-		uint16_t size;
-		i2p::data::Identity ident;
-		uint32_t timestamp; 
-		uint8_t padding[15];
-		uint8_t signature[40];
-	};
-
-
-	struct NTCPPhase4
-	{
-		uint8_t signature[40];
-		uint8_t padding[8];
-	};
 	
 #pragma pack()	
 
 	const size_t NTCP_MAX_MESSAGE_SIZE = 16384; 
-	const size_t NTCP_BUFFER_SIZE = 1040; // fits one tunnel message (1028)
+	const size_t NTCP_BUFFER_SIZE = 4160; // fits 4 tunnel messages (4*1028)
 	const int NTCP_TERMINATION_TIMEOUT = 120; // 2 minutes
+	const size_t NTCP_DEFAULT_PHASE3_SIZE = 2/*size*/ + i2p::data::DEFAULT_IDENTITY_SIZE/*387*/ + 4/*ts*/ + 15/*padding*/ + 40/*signature*/; // 448 	
+	const int NTCP_BAN_EXPIRATION_TIMEOUT = 70; // in second
 
-	class NTCPSession: public TransportSession
+	class NTCPServer;
+	class NTCPSession: public TransportSession, public std::enable_shared_from_this<NTCPSession>
 	{
 		public:
 
-			NTCPSession (boost::asio::io_service& service, const i2p::data::RouterInfo * in_RemoteRouter = nullptr);
+			NTCPSession (NTCPServer& server, std::shared_ptr<const i2p::data::RouterInfo> in_RemoteRouter = nullptr);
 			~NTCPSession ();
+			void Terminate ();
+			void Done ();
 
 			boost::asio::ip::tcp::socket& GetSocket () { return m_Socket; };
 			bool IsEstablished () const { return m_IsEstablished; };
@@ -71,20 +63,17 @@ namespace transport
 			void ClientLogin ();
 			void ServerLogin ();
 			void SendI2NPMessage (I2NPMessage * msg);
-
-			size_t GetNumSentBytes () const { return m_NumSentBytes; };
-			size_t GetNumReceivedBytes () const { return m_NumReceivedBytes; };
-			
-		protected:
-
-			void Terminate ();
-			virtual void Connected ();
-			void SendTimeSyncMessage ();
-			void SetIsEstablished (bool isEstablished) { m_IsEstablished = isEstablished; }
+			void SendI2NPMessages (const std::vector<I2NPMessage *>& msgs);
 			
 		private:
 
-			void CreateAESKey (uint8_t * pubKey, uint8_t * aesKey);
+			void PostI2NPMessage (I2NPMessage * msg);
+			void PostI2NPMessages (std::vector<I2NPMessage *> msgs);
+			void Connected ();
+			void SendTimeSyncMessage ();
+			void SetIsEstablished (bool isEstablished) { m_IsEstablished = isEstablished; }
+
+			void CreateAESKey (uint8_t * pubKey, i2p::crypto::AESKey& key);
 				
 			// client
 			void SendPhase3 ();
@@ -95,10 +84,12 @@ namespace transport
 
 			//server
 			void SendPhase2 ();
-			void SendPhase4 (uint32_t tsB);
+			void SendPhase4 (uint32_t tsA, uint32_t tsB);
 			void HandlePhase1Received (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 			void HandlePhase2Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB);
 			void HandlePhase3Received (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB);
+			void HandlePhase3ExtraReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB, size_t paddingLen);
+			void HandlePhase3 (uint32_t tsB, size_t paddingLen);
 			void HandlePhase4Sent (const boost::system::error_code& ecode,  std::size_t bytes_transferred);
 			
 			// common
@@ -107,18 +98,21 @@ namespace transport
 			bool DecryptNextBlock (const uint8_t * encrypted);	
 		
 			void Send (i2p::I2NPMessage * msg);
-			void HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, i2p::I2NPMessage * msg);
-
-
+			boost::asio::const_buffers_1 CreateMsgBuffer (I2NPMessage * msg);
+			void Send (const std::vector<I2NPMessage *>& msgs);
+			void HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, std::vector<I2NPMessage *> msgs);
+			
+			
 			// timer
 			void ScheduleTermination ();
 			void HandleTerminationTimer (const boost::system::error_code& ecode);
 			
 		private:
 
+			NTCPServer& m_Server;
 			boost::asio::ip::tcp::socket m_Socket;
 			boost::asio::deadline_timer m_TerminationTimer;
-			bool m_IsEstablished;
+			bool m_IsEstablished, m_IsTerminated;
 			
 			i2p::crypto::CBCDecryption m_Decryption;
 			i2p::crypto::CBCEncryption m_Encryption;
@@ -128,46 +122,64 @@ namespace transport
 			{	
 				NTCPPhase1 phase1;
 				NTCPPhase2 phase2;
-				NTCPPhase3 phase3;
-				NTCPPhase4 phase4;
 			} * m_Establisher;	
 			
-			uint8_t m_ReceiveBuffer[NTCP_BUFFER_SIZE + 16], m_TimeSyncBuffer[16];
+			i2p::crypto::AESAlignedBuffer<NTCP_BUFFER_SIZE + 16> m_ReceiveBuffer;
+			i2p::crypto::AESAlignedBuffer<16> m_TimeSyncBuffer;
 			int m_ReceiveBufferOffset; 
 
 			i2p::I2NPMessage * m_NextMessage;
-			std::list<i2p::I2NPMessage *> m_DelayedMessages;
 			size_t m_NextMessageOffset;
+			i2p::I2NPMessagesHandler m_Handler;
 
-			size_t m_NumSentBytes, m_NumReceivedBytes;
+			bool m_IsSending;
+			std::vector<I2NPMessage *> m_SendQueue;
+			
+			boost::asio::ip::address m_ConnectedFrom; // for ban
 	};	
 
-	class NTCPClient: public NTCPSession
+	// TODO: move to NTCP.h/.cpp
+	class NTCPServer
 	{
 		public:
 
-			NTCPClient (boost::asio::io_service& service, const boost::asio::ip::address& address, int port, const i2p::data::RouterInfo& in_RouterInfo);
+			NTCPServer (int port);
+			~NTCPServer ();
 
-		private:
+			void Start ();
+			void Stop ();
 
-			void Connect ();
-			void HandleConnect (const boost::system::error_code& ecode);
+			void AddNTCPSession (std::shared_ptr<NTCPSession> session);
+			void RemoveNTCPSession (std::shared_ptr<NTCPSession> session);
+			std::shared_ptr<NTCPSession> FindNTCPSession (const i2p::data::IdentHash& ident);
+			void Connect (const boost::asio::ip::address& address, int port, std::shared_ptr<NTCPSession> conn);
 			
+			boost::asio::io_service& GetService () { return m_Service; };
+			void Ban (const boost::asio::ip::address& addr);			
+
 		private:
 
-			boost::asio::ip::tcp::endpoint m_Endpoint;
-	};	
+			void Run ();
+			void HandleAccept (std::shared_ptr<NTCPSession> conn, const boost::system::error_code& error);
+			void HandleAcceptV6 (std::shared_ptr<NTCPSession> conn, const boost::system::error_code& error);
+
+			void HandleConnect (const boost::system::error_code& ecode, std::shared_ptr<NTCPSession> conn);
+			
+		private:	
+
+			bool m_IsRunning;
+			std::thread * m_Thread;	
+			boost::asio::io_service m_Service;
+			boost::asio::io_service::work m_Work;
+			boost::asio::ip::tcp::acceptor * m_NTCPAcceptor, * m_NTCPV6Acceptor;
+			std::mutex m_NTCPSessionsMutex;
+			std::map<i2p::data::IdentHash, std::shared_ptr<NTCPSession> > m_NTCPSessions;
+			std::map<boost::asio::ip::address, uint32_t> m_BanList; // IP -> ban expiration time in seconds
 
-	class NTCPServerConnection: public NTCPSession
-	{
 		public:
 
-			NTCPServerConnection (boost::asio::io_service& service): 
-				NTCPSession (service) {};
-			
-		protected:
-
-			virtual void Connected ();
+			// for HTTP/I2PControl
+			const decltype(m_NTCPSessions)& GetNTCPSessions () const { return m_NTCPSessions; };
 	};	
 }	
 }	

NetDb.h

@@ -4,7 +4,7 @@
 #include <inttypes.h>
 #include <set>
 #include <map>
-#include <vector>
+#include <list>
 #include <string>
 #include <thread>
 #include <mutex>
@@ -15,41 +15,44 @@
 #include "LeaseSet.h"
 #include "Tunnel.h"
 #include "TunnelPool.h"
+#include "Reseed.h"
 
 namespace i2p
 {
 namespace data
 {		
 	class RequestedDestination
-	{
+	{	
 		public:
 
-			RequestedDestination (const IdentHash& destination, bool isLeaseSet, 
-			    bool isExploratory = false, i2p::tunnel::TunnelPool * pool = nullptr):
-				m_Destination (destination), m_IsLeaseSet (isLeaseSet), m_IsExploratory (isExploratory), 
-				m_Pool (pool), m_LastRouter (nullptr), m_CreationTime (0) {};
-			
+			typedef std::function<void (std::shared_ptr<RouterInfo>)> RequestComplete;
+
+			RequestedDestination (const IdentHash& destination, bool isExploratory = false):
+				m_Destination (destination), m_IsExploratory (isExploratory), m_CreationTime (0) {};
+			~RequestedDestination () { if (m_RequestComplete) m_RequestComplete (nullptr); };			
+
 			const IdentHash& GetDestination () const { return m_Destination; };
 			int GetNumExcludedPeers () const { return m_ExcludedPeers.size (); };
 			const std::set<IdentHash>& GetExcludedPeers () { return m_ExcludedPeers; };
 			void ClearExcludedPeers ();
-			const RouterInfo * GetLastRouter () const { return m_LastRouter; };
-			i2p::tunnel::TunnelPool * GetTunnelPool () { return m_Pool; };
 			bool IsExploratory () const { return m_IsExploratory; };
-			bool IsLeaseSet () const { return m_IsLeaseSet; };
 			bool IsExcluded (const IdentHash& ident) const { return m_ExcludedPeers.count (ident); };
 			uint64_t GetCreationTime () const { return m_CreationTime; };
-			I2NPMessage * CreateRequestMessage (const RouterInfo * router, const i2p::tunnel::InboundTunnel * replyTunnel);
+			I2NPMessage * CreateRequestMessage (std::shared_ptr<const RouterInfo>, std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel);
 			I2NPMessage * CreateRequestMessage (const IdentHash& floodfill);
-						
+			
+			void SetRequestComplete (const RequestComplete& requestComplete) { m_RequestComplete = requestComplete; };
+			bool IsRequestComplete () const { return m_RequestComplete != nullptr; };
+			void Success (std::shared_ptr<RouterInfo> r);
+			void Fail ();
+			
 		private:
 
 			IdentHash m_Destination;
-			bool m_IsLeaseSet, m_IsExploratory;
-			i2p::tunnel::TunnelPool * m_Pool;
+			bool m_IsExploratory;
 			std::set<IdentHash> m_ExcludedPeers;
-			const RouterInfo * m_LastRouter;
 			uint64_t m_CreationTime;
+			RequestComplete m_RequestComplete;
 	};	
 	
 	class NetDb
@@ -62,27 +65,32 @@ namespace data
 			void Start ();
 			void Stop ();
 			
+			void AddRouterInfo (const uint8_t * buf, int len);
 			void AddRouterInfo (const IdentHash& ident, const uint8_t * buf, int len);
-			void AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len, i2p::tunnel::InboundTunnel * from);
-			RouterInfo * FindRouter (const IdentHash& ident) const;
-			LeaseSet * FindLeaseSet (const IdentHash& destination) const;
+			void AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
+			std::shared_ptr<RouterInfo> FindRouter (const IdentHash& ident) const;
+			std::shared_ptr<LeaseSet> FindLeaseSet (const IdentHash& destination) const;
 
-			void PublishLeaseSet (const LeaseSet * leaseSet, i2p::tunnel::TunnelPool * pool);
-			void RequestDestination (const IdentHash& destination, bool isLeaseSet = false, 
-				i2p::tunnel::TunnelPool * pool = nullptr);			
+			void RequestDestination (const IdentHash& destination, RequestedDestination::RequestComplete requestComplete = nullptr);			
 			
 			void HandleDatabaseStoreMsg (I2NPMessage * msg);
 			void HandleDatabaseSearchReplyMsg (I2NPMessage * msg);
 			void HandleDatabaseLookupMsg (I2NPMessage * msg);			
 
-			const RouterInfo * GetRandomRouter () const;
-			const RouterInfo * GetRandomRouter (const RouterInfo * compatibleWith) const;
-			const RouterInfo * GetHighBandwidthRandomRouter (const RouterInfo * compatibleWith) const;
+			std::shared_ptr<const RouterInfo> GetRandomRouter () const;
+			std::shared_ptr<const RouterInfo> GetRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith) const;
+			std::shared_ptr<const RouterInfo> GetHighBandwidthRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith) const;
+			std::shared_ptr<const RouterInfo> GetRandomPeerTestRouter () const;
+			std::shared_ptr<const RouterInfo> GetRandomIntroducer () const;
+			std::shared_ptr<const RouterInfo> GetClosestFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded) const;
+			std::shared_ptr<const RouterInfo> GetClosestNonFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded) const;
 			void SetUnreachable (const IdentHash& ident, bool unreachable);			
 
 			void PostI2NPMsg (I2NPMessage * msg);
 
-			// for web interface
+			void Reseed ();
+
+			// for web interface and stats
 			int GetNumRouters () const { return m_RouterInfos.size (); };
 			int GetNumFloodfills () const { return m_Floodfills.size (); };
 			int GetNumLeaseSets () const { return m_LeaseSets.size (); };
@@ -93,33 +101,30 @@ namespace data
 			void Load (const char * directory);
 			void SaveUpdated (const char * directory);
 			void Run (); // exploratory thread
-			void Explore (int numDestinations);
+			void Explore (int numDestinations);	
 			void Publish ();
-			const RouterInfo * GetClosestFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded) const;
 			void ManageLeaseSets ();
-
-			RequestedDestination * CreateRequestedDestination (const IdentHash& dest, 
-				bool isLeaseSet, bool isExploratory = false, i2p::tunnel::TunnelPool * pool = nullptr);
-			bool DeleteRequestedDestination (const IdentHash& dest); // returns true if found
-			void DeleteRequestedDestination (RequestedDestination * dest);
+			void ManageRequests ();
 
 			template<typename Filter>
-			const RouterInfo * GetRandomRouter (Filter filter) const;	
+			std::shared_ptr<const RouterInfo> GetRandomRouter (Filter filter) const;	
 		
 		private:
 
-			std::map<IdentHash, LeaseSet *> m_LeaseSets;
-			std::map<IdentHash, RouterInfo *> m_RouterInfos;
+			std::map<IdentHash, std::shared_ptr<LeaseSet> > m_LeaseSets;
+			mutable std::mutex m_RouterInfosMutex;
+			std::map<IdentHash, std::shared_ptr<RouterInfo> > m_RouterInfos;
 			mutable std::mutex m_FloodfillsMutex;
-			std::vector<RouterInfo *> m_Floodfills;
+			std::list<std::shared_ptr<RouterInfo> > m_Floodfills;
 			std::mutex m_RequestedDestinationsMutex;
-			std::map<IdentHash, RequestedDestination *> m_RequestedDestinations;
+			std::map<IdentHash, std::unique_ptr<RequestedDestination> > m_RequestedDestinations;
 			
 			bool m_IsRunning;
-			int m_ReseedRetries;
 			std::thread * m_Thread;	
 			i2p::util::Queue<I2NPMessage> m_Queue; // of I2NPDatabaseStoreMsg
 
+			Reseeder * m_Reseeder;
+
 			static const char m_NetDbPath[];
 	};
 

Profiling.cpp

@@ -0,0 +1,128 @@
+#include <boost/filesystem.hpp>
+#include <boost/property_tree/ptree.hpp>
+#include <boost/property_tree/ini_parser.hpp>
+#include "base64.h"
+#include "util.h"
+#include "Profiling.h"
+
+namespace i2p
+{
+namespace data
+{
+	RouterProfile::RouterProfile (const IdentHash& identHash):
+		m_IdentHash (identHash), m_LastUpdateTime (boost::posix_time::second_clock::local_time()),
+		m_NumTunnelsAgreed (0), m_NumTunnelsDeclined (0),
+		m_NumTunnelsNonReplied (0)
+	{
+	}
+
+	void RouterProfile::UpdateTime ()
+	{
+		m_LastUpdateTime = boost::posix_time::second_clock::local_time();
+	}	
+		
+	void RouterProfile::Save ()
+	{
+		// fill sections
+		boost::property_tree::ptree participation;
+		participation.put (PEER_PROFILE_PARTICIPATION_AGREED, m_NumTunnelsAgreed);
+		participation.put (PEER_PROFILE_PARTICIPATION_DECLINED, m_NumTunnelsDeclined);
+		participation.put (PEER_PROFILE_PARTICIPATION_NON_REPLIED, m_NumTunnelsNonReplied);
+		// fill property tree
+		boost::property_tree::ptree pt;
+		pt.put (PEER_PROFILE_LAST_UPDATE_TIME, boost::posix_time::to_simple_string (m_LastUpdateTime));
+		pt.put_child (PEER_PROFILE_SECTION_PARTICIPATION, participation);
+		
+		// save to file
+		auto path = i2p::util::filesystem::GetDefaultDataDir() / PEER_PROFILES_DIRECTORY;
+		if (!boost::filesystem::exists (path))
+		{
+			// Create directory is necessary
+			if (!boost::filesystem::create_directory (path))
+			{	
+				LogPrint (eLogError, "Failed to create directory ", path);
+				return;
+			}			
+			const char * chars = GetBase64SubstitutionTable (); // 64 bytes
+			for (int i = 0; i < 64; i++)
+			{
+				auto path1 = path / (std::string ("p") + chars[i]);
+				if (!boost::filesystem::create_directory (path1)) 
+				{
+					LogPrint (eLogError, "Failed to create directory ", path1);
+					return;
+				}			
+			}				
+		}
+		std::string base64 = m_IdentHash.ToBase64 ();
+		path = path / (std::string ("p") + base64[0]);
+		auto filename = path / (std::string (PEER_PROFILE_PREFIX) + base64 + ".txt");
+		try
+		{
+			boost::property_tree::write_ini (filename.string (), pt);
+		}
+		catch (std::exception& ex)
+		{
+			LogPrint (eLogError, "Can't write ", filename, ": ", ex.what ());
+		}
+	}	
+
+	void RouterProfile::Load ()
+	{
+		std::string base64 = m_IdentHash.ToBase64 ();
+		auto path = i2p::util::filesystem::GetDefaultDataDir() / PEER_PROFILES_DIRECTORY;
+		path /= std::string ("p") + base64[0];
+		auto filename = path / (std::string (PEER_PROFILE_PREFIX) + base64 + ".txt");
+		if (boost::filesystem::exists (filename))
+		{	
+			boost::property_tree::ptree pt;
+			try
+			{
+				boost::property_tree::read_ini (filename.string (), pt);
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "Can't read ", filename, ": ", ex.what ());
+				return;
+			}
+			try
+			{	
+				auto t = pt.get (PEER_PROFILE_LAST_UPDATE_TIME, "");
+				if (t.length () > 0)
+					m_LastUpdateTime = boost::posix_time::time_from_string (t);
+				// read participations
+				auto participations = pt.get_child (PEER_PROFILE_SECTION_PARTICIPATION);
+				m_NumTunnelsAgreed = participations.get (PEER_PROFILE_PARTICIPATION_AGREED, 0);
+				m_NumTunnelsDeclined = participations.get (PEER_PROFILE_PARTICIPATION_DECLINED, 0);
+				m_NumTunnelsNonReplied = participations.get (PEER_PROFILE_PARTICIPATION_NON_REPLIED, 0);
+			}	
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "Can't read profile ", base64, " :", ex.what ());
+			}	
+		}	
+	}	
+		
+	void RouterProfile::TunnelBuildResponse (uint8_t ret)
+	{
+		if (ret > 0)
+			m_NumTunnelsDeclined++;
+		else
+			m_NumTunnelsAgreed++;
+		UpdateTime ();
+	}	
+
+	void RouterProfile::TunnelNonReplied ()
+	{
+		m_NumTunnelsNonReplied++;
+		UpdateTime ();
+	}	
+		
+	std::shared_ptr<RouterProfile> GetRouterProfile (const IdentHash& identHash)
+	{
+		auto profile = std::make_shared<RouterProfile> (identHash);
+		profile->Load (); // if possible
+		return profile;
+	}		
+}		
+}	

Profiling.h

@@ -0,0 +1,54 @@
+#ifndef PROFILING_H__
+#define PROFILING_H__
+
+#include <memory>
+#include <boost/date_time/posix_time/posix_time.hpp>
+#include "Identity.h"
+
+namespace i2p
+{
+namespace data
+{	
+	const char PEER_PROFILES_DIRECTORY[] = "peerProfiles";
+	const char PEER_PROFILE_PREFIX[] = "profile-";
+	// sections
+	const char PEER_PROFILE_SECTION_PARTICIPATION[] = "participation";
+	// params	
+	const char PEER_PROFILE_LAST_UPDATE_TIME[] = "lastupdatetime";
+	const char PEER_PROFILE_PARTICIPATION_AGREED[] = "agreed";
+	const char PEER_PROFILE_PARTICIPATION_DECLINED[] = "declined";
+	const char PEER_PROFILE_PARTICIPATION_NON_REPLIED[] = "nonreplied";	
+	
+	class RouterProfile
+	{
+		public:
+
+			RouterProfile (const IdentHash& identHash);
+			
+			void Save ();
+			void Load ();
+
+			bool IsBad () const { return !m_NumTunnelsAgreed && m_NumTunnelsDeclined >= 5; };
+			
+			void TunnelBuildResponse (uint8_t ret);
+			void TunnelNonReplied ();
+
+		private:
+
+			void UpdateTime ();
+			
+		private:	
+
+			IdentHash m_IdentHash;
+			boost::posix_time::ptime m_LastUpdateTime;
+			// participation
+			uint32_t m_NumTunnelsAgreed;
+			uint32_t m_NumTunnelsDeclined;	
+			uint32_t m_NumTunnelsNonReplied;
+	};	
+
+	std::shared_ptr<RouterProfile> GetRouterProfile (const IdentHash& identHash); 
+}		
+}	
+
+#endif

Queue.h

@@ -2,6 +2,7 @@
 #define QUEUE_H__
 
 #include <queue>
+#include <vector>
 #include <mutex>
 #include <thread>
 #include <condition_variable>
@@ -23,6 +24,17 @@ namespace util
 				m_NonEmpty.notify_one ();
 			}
 
+			void Put (const std::vector<Element *>& vec)
+			{
+				if (!vec.empty ())
+				{	
+					std::unique_lock<std::mutex>  l(m_QueueMutex);
+					for (auto it: vec)
+						m_Queue.push (it);	
+					m_NonEmpty.notify_one ();
+				}	
+			}
+			
 			Element * GetNext ()
 			{
 				std::unique_lock<std::mutex> l(m_QueueMutex);
@@ -64,7 +76,13 @@ namespace util
 				std::unique_lock<std::mutex> l(m_QueueMutex);
 				return m_Queue.empty ();
 			}
-			
+
+			int GetSize () 
+			{
+				std::unique_lock<std::mutex> l(m_QueueMutex);
+				return m_Queue.size ();
+			}			
+
 			void WakeUp () { m_NonEmpty.notify_all (); };
 
 			Element * Get ()
@@ -142,8 +160,8 @@ namespace util
 		private:
 			
 			volatile bool m_IsRunning;
-			std::thread m_Thread;	
 			OnEmpty m_OnEmpty;
+			std::thread m_Thread;	
 	};	
 }		
 }	

README.md

@@ -1,21 +1,41 @@
 i2pd
 ====
 
-i2p router for Linux written on C++
+I2P router written in C++
 
-Requires gcc 4.6 and higher, boost 1.46 and higher, crypto++
+License
+-------
 
-on Windows
+This project is licensed under the BSD 3-clause license, which can be found in the file
+LICENSE in the root of the project source code.
+
+Requirements for Linux/FreeBSD/OSX
+----------------------------------
+
+GCC 4.6 or newer, Boost 1.46 or newer, crypto++. Clang can be used instead of
+GCC.
+
+Requirements for Windows
+------------------------
+
+VS2013 (known to work with 12.0.21005.1 or newer), Boost 1.46 or newer,
+crypto++ 5.62. See Win32/README-Build.txt for instructions on how to build i2pd
+and its dependencies.
+
+Downloads
+------------
+
+Official binary releases could be found at:
+http://download.i2p.io/purplei2p/i2pd/releases/
 
-Requires msvs2013 (require Visual C++ Compiler November 2013 CTP update), boost 1.46 and higher, crypto++
 
 Build Statuses
 ---------------
 
-- Linux x64      - [![Build Status](https://jenkins.nordcloud.no/buildStatus/icon?job=i2pd-linux)](https://jenkins.nordcloud.no/job/i2pd-linux/)
-- Linux ARM      - Too be added
-- Mac OS X       - Too be added
-- Microsoft VC13 - Too be added
+- Linux x64      - [![Build Status](https://jenkins.greyhat.no/buildStatus/icon?job=i2pd-linux)](https://jenkins.nordcloud.no/job/i2pd-linux/)
+- Linux ARM      - To be added
+- Mac OS X       - Got it working, but not well tested. (Only works with clang, not GCC.)
+- Microsoft VC13 - To be added
 
 
 Testing
@@ -23,14 +43,14 @@ Testing
 
 First, build it.
 
+On Ubuntu/Debian based
+* sudo apt-get install libboost-dev libboost-filesystem-dev libboost-program-options-dev libboost-regex-dev libcrypto++-dev libboost-date-time-dev
 * $ cd i2pd
 * $ make
 
-Next, find out your public ip. (find it for example at http://www.whatismyip.com/)
+Then, run it:
 
-Then, run it with:
-
-$ ./i2p --host=YOUR_PUBLIC_IP
+$ ./i2p
 
 The client should now reseed by itself.
 
@@ -41,24 +61,64 @@ This should resulting in for example:
 http://localhost:7070/4oes3rlgrpbkmzv4lqcfili23h3cvpwslqcfjlk6vvguxyggspwa.b32.i2p
 
 
-Options
--------
+Cmdline options
+---------------
 
-* --host=               - The external IP
+* --host=               - The external IP (deprecated). 
 * --port=               - The port to listen on
 * --httpport=           - The http port to listen on
 * --log=                - Enable or disable logging to file. 1 for yes, 0 for no.
 * --daemon=             - Enable or disable daemon mode. 1 for yes, 0 for no.
 * --service=            - 1 if uses system folders (/var/run/i2pd.pid, /var/log/i2pd.log, /var/lib/i2pd).
-* --unreachable=        - 1 if router is declared as unreachable and works through introducers.
-* --v6=        			- 1 if supports communication through ipv6, off by default
+* --v6=                 - 1 if supports communication through ipv6, off by default
+* --floodfill=          - 1 if router is floodfill, off by default
+* --bandwidth=          - L if bandwidth is limited to 32Kbs/sec, O if not. Always O if floodfill, otherwise L by default.
 * --httpproxyport=      - The port to listen on (HTTP Proxy)
 * --socksproxyport=     - The port to listen on (SOCKS Proxy)
-* --ircport=      		- The local port of IRC tunnel to listen on. 6668 by default
-* --ircdest=      		- I2P destination address of IRC server. For example irc.postman.i2p
-* --irckeys=      		- optional keys file for local destination
-* --eepkeys=      		- File name containing destination keys. For example privKeys.dat
-* --eephost=      		- Address incoming trafic forward to. 127.0.0.1 by default
-* --eepport=      		- Port incoming trafic forward to. 80 by default
-* --samport=      		- Port of SAM bridge. Usually 7656. SAM is off if not specified
+* --proxykeys=          - optional keys file for proxy's local destination
+* --ircport=            - The local port of IRC tunnel to listen on. 6668 by default
+* --ircdest=            - I2P destination address of IRC server. For example irc.postman.i2p
+* --irckeys=            - optional keys file for tunnel's local destination 
+* --eepkeys=            - File name containing destination keys, for example privKeys.dat.
+                          The file will be created if it does not already exist (issue #110).
+* --eephost=            - Address incoming trafic forward to. 127.0.0.1 by default
+* --eepport=            - Port incoming trafic forward to. 80 by default
+* --samport=            - Port of SAM bridge. Usually 7656. SAM is off if not specified
+* --bobport=            - Port of BOB command channel. Usually 2827. BOB is off if not specified
+* --i2pcontrolport=     - Port of I2P control service. Usually 7650. I2PControl is off if not specified
+* --conf=               - Config file (default: ~/.i2pd/i2p.conf or /var/lib/i2pd/i2p.conf)
+                          This parameter will be silently ignored if the specified config file does not exist.
+                          Options specified on the command line take precedence over those in the config file.
 
+Config files
+------------
+
+INI-like, syntax is the following : <key> = <value>.
+All command-line parameters are allowed as keys, for example:
+
+i2p.conf:
+
+	log = 1
+	v6 = 0
+	ircdest = irc.postman.i2p
+
+tunnels.cfg (filename of this config is subject of change):
+
+	 ; outgoing tunnel, to remote service    
+	[tunnel1]  
+	type = client      ; mandatory   
+	port = <integer>   ; mandatory, bind our side of tunnel to this local port  
+	keys = <filename>  ; optional  
+	destination     = <ident>    ; mandatory  
+	destinationport = <integer>  ; optional, port of remote i2p service  
+	   
+	 ; incoming tunnel, for local service(s)   
+	[tunnel2]   
+	type = server      ; mandatory   
+	host = <ident>     ; mandatory, hostname of our i2p service   
+	keys = <filename>  ; mandatory, hostname keys   
+	port = <integer>   ; mandatory, forward incoming connections from i2p to this port      
+	inport = <integer> ; optional, i2p service port   
+	accesslist = <ident>[,<ident>] ; optional, comma-separated list of i2p idents, allowed to connect to service  
+
+Note: '<ident>' type is a string like <hostname.i2p> or <abracadabra.b32.i2p>  

Reseed.cpp

@@ -1,9 +1,20 @@
-#include <iostream>
+#include <string.h>
 #include <fstream>
+#include <sstream>
 #include <boost/regex.hpp>
 #include <boost/filesystem.hpp>
+#include <boost/lexical_cast.hpp>
+#include <cryptopp/asn.h>
+#include <cryptopp/base64.h>
+#include <cryptopp/crc.h>
+#include <cryptopp/hmac.h>
+#include <cryptopp/zinflate.h>
+#include "I2PEndian.h"
 #include "Reseed.h"
 #include "Log.h"
+#include "Identity.h"
+#include "CryptoConst.h"
+#include "NetDb.h"
 #include "util.h"
 
 
@@ -13,34 +24,29 @@ namespace data
 {
 
 	static std::vector<std::string> httpReseedHostList = {
-				"http://193.150.121.66/netDb/",
-				"http://netdb.i2p2.no/",
-				"http://reseed.i2p-projekt.de/",
-				"http://cowpuncher.drollette.com/netdb/",
+				// "http://193.150.121.66/netDb/",  // unstable
+				// "http://us.reseed.i2p2.no/",     // misconfigured, not serving reseed data
+				// "http://jp.reseed.i2p2.no/",     // Really outdated RIs
+				"http://netdb.i2p2.no/",            // only SU3 (v2) support
 				"http://i2p.mooo.com/netDb/",
-				"http://reseed.info/",
 				"http://uk.reseed.i2p2.no/",
-				"http://us.reseed.i2p2.no/",
-				"http://jp.reseed.i2p2.no/",
-				"http://i2p-netdb.innovatio.no/",
-				"http://ieb9oopo.mooo.com"
+				"http://i2p-netdb.innovatio.no/"
 			};
 
 	//TODO: Remember to add custom port support. Not all serves on 443
 	static std::vector<std::string> httpsReseedHostList = {
-				"https://193.150.121.66/netDb/",
-				"https://netdb.i2p2.no/",
-				"https://reseed.i2p-projekt.de/",
-				"https://cowpuncher.drollette.com/netdb/",
-				"https://i2p.mooo.com/netDb/",
-				"https://reseed.info/",
-				"https://i2p-netdb.innovatio.no/",
-				"https://ieb9oopo.mooo.com/",
-				"https://ssl.webpack.de/ivae2he9.sg4.e-plaza.de/" // Only HTTPS and SU3 (v2) support
+				// "https://193.150.121.66/netDb/",  // unstable
+				// "https://i2p-netdb.innovatio.no/",// Vuln to POODLE
+				"https://netdb.i2p2.no/",            // Only SU3 (v2) support
+				"https://reseed.i2p-projekt.de/",    // Only HTTPS
+				"https://cowpuncher.drollette.com/netdb/",  // Only HTTPS and SU3 (v2) support -- will move to a new location
+				// following hosts are fine but don't support AES256 
+				/*"https://i2p.mooo.com/netDb/",
+				"https://link.mx24.eu/",             // Only HTTPS and SU3 (v2) support
+				"https://i2pseed.zarrenspry.info/",  // Only HTTPS and SU3 (v2) support
+				"https://ieb9oopo.mooo.com/"         // Only HTTPS and SU3 (v2) support*/
 			};
 	
-	//TODO: Implement v2 reseeding. Lightweight zip library is needed.
-	//TODO: Implement SU3, utils.
 	Reseeder::Reseeder()
 	{
 	}
@@ -51,17 +57,9 @@ namespace data
 
 	bool Reseeder::reseedNow()
 	{
+		// This method is deprecated
 		try
 		{
-			// Seems like the best place to try to intercept with SSL
-			/*ssl_server = true;
-			try {
-				// SSL
-			}
-			catch (std::exception& e)
-			{
-				LogPrint("Exception in SSL: ", e.what());
-			}*/
 			std::string reseedHost = httpReseedHostList[(rand() % httpReseedHostList.size())];
 			LogPrint("Reseeding from ", reseedHost);
 			std::string content = i2p::util::http::httpRequest(reseedHost);
@@ -119,6 +117,708 @@ namespace data
 		return false;
 	}	
 
+	int Reseeder::ReseedNowSU3 ()
+	{
+		CryptoPP::AutoSeededRandomPool rnd;
+		auto ind = rnd.GenerateWord32 (0, httpReseedHostList.size() - 1 +  httpsReseedHostList.size () - 1);
+		std::string reseedHost = (ind < httpReseedHostList.size()) ? httpReseedHostList[ind] : 
+			httpsReseedHostList[ind - httpReseedHostList.size()]; 
+		return ReseedFromSU3 (reseedHost, ind >= httpReseedHostList.size());
+	}
+
+	int Reseeder::ReseedFromSU3 (const std::string& host, bool https)
+	{
+		std::string url = host + "i2pseeds.su3";
+		LogPrint (eLogInfo, "Dowloading SU3 from ", host);
+		std::string su3 = https ? HttpsRequest (url) : i2p::util::http::httpRequest (url);
+		if (su3.length () > 0)
+		{
+			std::stringstream s(su3);
+			return ProcessSU3Stream (s);
+		}
+		else
+		{
+			LogPrint (eLogWarning, "SU3 download failed");
+			return 0;
+		}
+	}
+	
+	int Reseeder::ProcessSU3File (const char * filename)
+	{
+		std::ifstream s(filename, std::ifstream::binary);
+		if (s.is_open ())	
+			return ProcessSU3Stream (s);
+		else
+		{
+			LogPrint (eLogError, "Can't open file ", filename);
+			return 0;
+		}
+	}
+
+	const char SU3_MAGIC_NUMBER[]="I2Psu3";	
+	const uint32_t ZIP_HEADER_SIGNATURE = 0x04034B50;
+	const uint32_t ZIP_CENTRAL_DIRECTORY_HEADER_SIGNATURE = 0x02014B50;	
+	const uint16_t ZIP_BIT_FLAG_DATA_DESCRIPTOR = 0x0008;	
+	int Reseeder::ProcessSU3Stream (std::istream& s)
+	{
+		char magicNumber[7];
+		s.read (magicNumber, 7); // magic number and zero byte 6
+		if (strcmp (magicNumber, SU3_MAGIC_NUMBER))
+		{
+			LogPrint (eLogError, "Unexpected SU3 magic number");	
+			return 0;
+		}			
+		s.seekg (1, std::ios::cur); // su3 file format version
+		SigningKeyType signatureType;
+		s.read ((char *)&signatureType, 2);  // signature type
+		signatureType = be16toh (signatureType);
+		uint16_t signatureLength;
+		s.read ((char *)&signatureLength, 2);  // signature length
+		signatureLength = be16toh (signatureLength);
+		s.seekg (1, std::ios::cur); // unused
+		uint8_t versionLength;
+		s.read ((char *)&versionLength, 1);  // version length	
+		s.seekg (1, std::ios::cur); // unused
+		uint8_t signerIDLength;
+		s.read ((char *)&signerIDLength, 1);  // signer ID length	
+		uint64_t contentLength;
+		s.read ((char *)&contentLength, 8);  // content length	
+		contentLength = be64toh (contentLength);
+		s.seekg (1, std::ios::cur); // unused
+		uint8_t fileType;
+		s.read ((char *)&fileType, 1);  // file type	
+		if (fileType != 0x00) //  zip file
+		{
+			LogPrint (eLogError, "Can't handle file type ", (int)fileType);	
+			return 0;
+		}
+		s.seekg (1, std::ios::cur); // unused
+		uint8_t contentType;
+		s.read ((char *)&contentType, 1);  // content type	
+		if (contentType != 0x03) // reseed data
+		{
+			LogPrint (eLogError, "Unexpected content type ", (int)contentType);	
+			return 0;
+		}
+		s.seekg (12, std::ios::cur); // unused
+
+		s.seekg (versionLength, std::ios::cur); // skip version
+		char signerID[256];
+		s.read (signerID, signerIDLength); // signerID
+		signerID[signerIDLength] = 0;
+		
+		//try to verify signature
+		auto it = m_SigningKeys.find (signerID);
+		if (it != m_SigningKeys.end ())
+		{
+			// TODO: implement all signature types
+			if (signatureType == SIGNING_KEY_TYPE_RSA_SHA512_4096)
+			{
+				size_t pos = s.tellg ();
+				size_t tbsLen = pos + contentLength;
+				uint8_t * tbs = new uint8_t[tbsLen];
+				s.seekg (0, std::ios::beg);
+				s.read ((char *)tbs, tbsLen);
+				uint8_t * signature = new uint8_t[signatureLength];
+				s.read ((char *)signature, signatureLength);
+				// RSA-raw
+				i2p::crypto::RSASHA5124096RawVerifier verifier(it->second);
+				verifier.Update (tbs, tbsLen);
+				if (!verifier.Verify (signature))
+					LogPrint (eLogWarning, "SU3 signature verification failed");
+				delete[] signature;
+				delete[] tbs;
+				s.seekg (pos, std::ios::beg);
+			}
+			else
+				LogPrint (eLogWarning, "Signature type ", signatureType, " is not supported");
+		}
+		else
+			LogPrint (eLogWarning, "Certificate for ", signerID, " not loaded");
+		
+		// handle content
+		int numFiles = 0;
+		size_t contentPos = s.tellg ();
+		while (!s.eof ())
+		{	
+			uint32_t signature;
+			s.read ((char *)&signature, 4);
+			signature = le32toh (signature);
+			if (signature == ZIP_HEADER_SIGNATURE)
+			{
+				// next local file
+				s.seekg (2, std::ios::cur); // version
+				uint16_t bitFlag;
+				s.read ((char *)&bitFlag, 2);	
+				bitFlag = le16toh (bitFlag);
+				uint16_t compressionMethod;
+				s.read ((char *)&compressionMethod, 2);	
+				compressionMethod = le16toh (compressionMethod);
+				s.seekg (4, std::ios::cur); // skip fields we don't care about
+				uint32_t compressedSize, uncompressedSize; 
+				uint8_t crc32[4];
+				s.read ((char *)crc32, 4);	
+				s.read ((char *)&compressedSize, 4);	
+				compressedSize = le32toh (compressedSize);	
+				s.read ((char *)&uncompressedSize, 4);
+				uncompressedSize = le32toh (uncompressedSize);	
+				uint16_t fileNameLength, extraFieldLength; 
+				s.read ((char *)&fileNameLength, 2);	
+				fileNameLength = le16toh (fileNameLength);
+				s.read ((char *)&extraFieldLength, 2);
+				extraFieldLength = le16toh (extraFieldLength);
+				char localFileName[255];
+				s.read (localFileName, fileNameLength);
+				localFileName[fileNameLength] = 0;
+				s.seekg (extraFieldLength, std::ios::cur);
+				// take care about data desriptor if presented
+				if (bitFlag & ZIP_BIT_FLAG_DATA_DESCRIPTOR)
+				{
+					size_t pos = s.tellg ();
+					if (!FindZipDataDescriptor (s))
+					{
+						LogPrint (eLogError, "SU3 archive data descriptor not found");
+						return numFiles;
+					}								
+	
+					s.read ((char *)crc32, 4);	
+					s.read ((char *)&compressedSize, 4);	
+					compressedSize = le32toh (compressedSize) + 4; // ??? we must consider signature as part of compressed data
+					s.read ((char *)&uncompressedSize, 4);
+					uncompressedSize = le32toh (uncompressedSize);	
+
+					// now we know compressed and uncompressed size
+					s.seekg (pos, std::ios::beg); // back to compressed data
+				}
+
+				LogPrint (eLogDebug, "Proccessing file ", localFileName, " ", compressedSize, " bytes");
+				if (!compressedSize)
+				{
+					LogPrint (eLogWarning, "Unexpected size 0. Skipped");
+					continue;
+				}	
+				
+				uint8_t * compressed = new uint8_t[compressedSize];
+				s.read ((char *)compressed, compressedSize);
+				if (compressionMethod) // we assume Deflate
+				{
+					CryptoPP::Inflator decompressor;
+					decompressor.Put (compressed, compressedSize);	
+					decompressor.MessageEnd();
+					if (decompressor.MaxRetrievable () <= uncompressedSize)
+					{
+						uint8_t * uncompressed = new uint8_t[uncompressedSize];	
+						decompressor.Get (uncompressed, uncompressedSize);	
+						if (CryptoPP::CRC32().VerifyDigest (crc32, uncompressed, uncompressedSize))
+						{
+							i2p::data::netdb.AddRouterInfo (uncompressed, uncompressedSize);
+							numFiles++;
+						}
+						else
+							LogPrint (eLogError, "CRC32 verification failed");
+						delete[] uncompressed;
+					}
+					else
+						LogPrint (eLogError, "Actual uncompressed size ", decompressor.MaxRetrievable (), " exceed ", uncompressedSize, " from header");
+				}	
+				else // no compression
+				{
+					i2p::data::netdb.AddRouterInfo (compressed, compressedSize);
+					numFiles++;
+				}	
+				delete[] compressed;
+				if (bitFlag & ZIP_BIT_FLAG_DATA_DESCRIPTOR)
+					s.seekg (12, std::ios::cur); // skip data descriptor section if presented (12 = 16 - 4)
+			}
+			else
+			{
+				if (signature != ZIP_CENTRAL_DIRECTORY_HEADER_SIGNATURE)
+					LogPrint (eLogWarning, "Missing zip central directory header");
+				break; // no more files
+			}
+			size_t end = s.tellg ();
+			if (end - contentPos >= contentLength)
+				break; // we are beyond contentLength
+		}
+		return numFiles;
+	}
+
+	const uint8_t ZIP_DATA_DESCRIPTOR_SIGNATURE[] = { 0x50, 0x4B, 0x07, 0x08 };	
+	bool Reseeder::FindZipDataDescriptor (std::istream& s)
+	{
+		size_t nextInd = 0;	
+		while (!s.eof ())
+		{
+			uint8_t nextByte;
+			s.read ((char *)&nextByte, 1);
+			if (nextByte == ZIP_DATA_DESCRIPTOR_SIGNATURE[nextInd])	
+			{
+				nextInd++;
+				if (nextInd >= sizeof (ZIP_DATA_DESCRIPTOR_SIGNATURE))
+					return true;
+			}
+			else
+				nextInd = 0;
+		}
+		return false;
+	}
+
+	const char CERTIFICATE_HEADER[] = "-----BEGIN CERTIFICATE-----";
+	const char CERTIFICATE_FOOTER[] = "-----END CERTIFICATE-----";
+	void Reseeder::LoadCertificate (const std::string& filename)
+	{
+		std::ifstream s(filename, std::ifstream::binary);
+		if (s.is_open ())	
+		{
+			s.seekg (0, std::ios::end);
+			size_t len = s.tellg ();
+			s.seekg (0, std::ios::beg);
+			char buf[2048];
+			s.read (buf, len);
+			std::string cert (buf, len);
+			// assume file in pem format
+			auto pos1 = cert.find (CERTIFICATE_HEADER);	
+			auto pos2 = cert.find (CERTIFICATE_FOOTER);	
+			if (pos1 == std::string::npos || pos2 == std::string::npos)
+			{
+				LogPrint (eLogError, "Malformed certificate file");
+				return;
+			}	
+			pos1 += strlen (CERTIFICATE_HEADER);
+			pos2 -= pos1;
+			std::string base64 = cert.substr (pos1, pos2);
+
+			CryptoPP::ByteQueue queue;
+			CryptoPP::Base64Decoder decoder; // regular base64 rather than I2P 
+			decoder.Attach (new CryptoPP::Redirector (queue));
+			decoder.Put ((const uint8_t *)base64.data(), base64.length());
+			decoder.MessageEnd ();
+			
+			LoadCertificate (queue);
+		}
+		else
+			LogPrint (eLogError, "Can't open certificate file ", filename);
+	}
+
+	std::string Reseeder::LoadCertificate (CryptoPP::ByteQueue& queue)
+	{
+		// extract X.509
+		CryptoPP::BERSequenceDecoder x509Cert (queue);
+		CryptoPP::BERSequenceDecoder tbsCert (x509Cert);
+		// version
+		uint32_t ver;
+		CryptoPP::BERGeneralDecoder context (tbsCert, CryptoPP::CONTEXT_SPECIFIC | CryptoPP::CONSTRUCTED);
+		CryptoPP::BERDecodeUnsigned<uint32_t>(context, ver, CryptoPP::INTEGER);
+		// serial
+		CryptoPP::Integer serial;
+   		serial.BERDecode(tbsCert);	
+		// signature
+		CryptoPP::BERSequenceDecoder signature (tbsCert);
+   		signature.SkipAll();
+		
+		// issuer
+		std::string name;
+		CryptoPP::BERSequenceDecoder issuer (tbsCert);
+		{
+			CryptoPP::BERSetDecoder c (issuer);	c.SkipAll();
+			CryptoPP::BERSetDecoder st (issuer); st.SkipAll();
+			CryptoPP::BERSetDecoder l (issuer); l.SkipAll();
+			CryptoPP::BERSetDecoder o (issuer); o.SkipAll();
+			CryptoPP::BERSetDecoder ou (issuer); ou.SkipAll();
+			CryptoPP::BERSetDecoder cn (issuer);
+			{		
+				CryptoPP::BERSequenceDecoder attributes (cn);
+				{			
+					CryptoPP::BERGeneralDecoder ident(attributes, CryptoPP::OBJECT_IDENTIFIER);
+					ident.SkipAll ();
+					CryptoPP::BERDecodeTextString (attributes, name, CryptoPP::UTF8_STRING);
+				}	
+			}	
+		}	
+   		issuer.SkipAll();
+		// validity
+		CryptoPP::BERSequenceDecoder validity (tbsCert);
+   		validity.SkipAll();
+		// subject
+		CryptoPP::BERSequenceDecoder subject (tbsCert);
+   		subject.SkipAll();
+		// public key
+		CryptoPP::BERSequenceDecoder publicKey (tbsCert);
+		{			
+			CryptoPP::BERSequenceDecoder ident (publicKey);
+			ident.SkipAll ();
+			CryptoPP::BERGeneralDecoder key (publicKey, CryptoPP::BIT_STRING);
+			key.Skip (1); // FIXME: probably bug in crypto++
+			CryptoPP::BERSequenceDecoder keyPair (key);
+			CryptoPP::Integer n;
+   			n.BERDecode (keyPair);
+			if (name.length () > 0) 
+			{	
+				PublicKey value;
+				n.Encode (value, 512);
+				m_SigningKeys[name] = value;
+			}		
+			else
+				LogPrint (eLogWarning, "Unknown issuer. Skipped");
+		}	
+   		publicKey.SkipAll();
+		
+		tbsCert.SkipAll();
+		x509Cert.SkipAll();
+		return name;
+	}	
+	
+	void Reseeder::LoadCertificates ()
+	{
+		boost::filesystem::path reseedDir = i2p::util::filesystem::GetCertificatesDir() / "reseed";
+		
+		if (!boost::filesystem::exists (reseedDir))
+		{
+			LogPrint (eLogWarning, "Reseed certificates not loaded. ", reseedDir, " doesn't exist");
+			return;
+		}
+
+		int numCertificates = 0;
+		boost::filesystem::directory_iterator end; // empty
+		for (boost::filesystem::directory_iterator it (reseedDir); it != end; ++it)
+		{
+			if (boost::filesystem::is_regular_file (it->status()) && it->path ().extension () == ".crt")
+			{	
+				LoadCertificate (it->path ().string ());
+				numCertificates++;
+			}	
+		}	
+		LogPrint (eLogInfo, numCertificates, " certificates loaded");
+	}	
+
+	std::string Reseeder::HttpsRequest (const std::string& address)
+	{
+		i2p::util::http::url u(address);
+		TlsSession session (u.host_, 443);
+		
+		// send request		
+		std::stringstream ss;
+		ss << "GET " << u.path_ << " HTTP/1.1\r\nHost: " << u.host_
+		<< "\r\nAccept: */*\r\n" << "User-Agent: Wget/1.11.4\r\n" << "Connection: close\r\n\r\n";	
+		session.Send ((uint8_t *)ss.str ().c_str (), ss.str ().length ());
+
+		// read response
+		std::stringstream rs;
+		while (session.Receive (rs))
+			;
+		return i2p::util::http::GetHttpContent (rs);
+	}	
+
+	TlsSession::TlsSession (const std::string& host, int port):
+		m_Seqn (0)
+	{
+		m_Site.connect(host, boost::lexical_cast<std::string>(port));
+		if (m_Site.good ())
+		{
+			Handshake ();
+		}
+		else
+			LogPrint (eLogError, "Can't connect to ", host, ":", port);
+	}	
+	
+	void TlsSession::Handshake ()
+	{
+		static uint8_t clientHello[] = 
+		{
+			0x16, // handshake
+			0x03, 0x03, // version (TLS 1.2)
+			0x00, 0x2F, // length of handshake
+			// handshake
+			0x01, // handshake type (client hello)
+			0x00, 0x00, 0x2B, // length of handshake payload 
+			// client hello
+			0x03, 0x03, // highest version supported (TLS 1.2)
+			0x45, 0xFA, 0x01, 0x19, 0x74, 0x55, 0x18, 0x36, 
+			0x42, 0x05, 0xC1, 0xDD, 0x4A, 0x21, 0x80, 0x80, 
+			0xEC, 0x37, 0x11, 0x93, 0x16, 0xF4, 0x66, 0x00, 
+			0x12, 0x67, 0xAB, 0xBA, 0xFF, 0x29, 0x13, 0x9E, // 32 random bytes
+			0x00, // session id length
+			0x00, 0x02, // chiper suites length
+			0x00, 0x3D, // RSA_WITH_AES_256_CBC_SHA256
+			0x01, // compression methods length
+			0x00,  // no compression
+			0x00, 0x00 // extensions length
+		};	
+
+		static uint8_t changeCipherSpecs[] =
+		{
+			0x14, // change cipher specs
+			0x03, 0x03, // version (TLS 1.2)
+			0x00, 0x01, // length
+			0x01 // type
+		};
+
+		static uint8_t finished[] =
+		{
+			0x16, // handshake
+			0x03, 0x03, // version (TLS 1.2)
+			0x00, 0x50, // length of handshake (80 bytes)
+			// handshake (encrypted)
+			// unencrypted context
+			//  0x14 handshake type (finished)
+			// 0x00, 0x00, 0x0C  length of handshake payload 
+			// 12 bytes of verified data
+		};
+	
+		// send ClientHello
+		m_Site.write ((char *)clientHello, sizeof (clientHello));
+		m_FinishedHash.Update (clientHello + 5, sizeof (clientHello) - 5);
+		// read ServerHello
+		uint8_t type;
+		m_Site.read ((char *)&type, 1); 
+		uint16_t version;
+		m_Site.read ((char *)&version, 2); 
+		uint16_t length;
+		m_Site.read ((char *)&length, 2); 
+		length = be16toh (length);
+		char * serverHello = new char[length];
+		m_Site.read (serverHello, length);
+		m_FinishedHash.Update ((uint8_t *)serverHello, length);
+		uint8_t serverRandom[32];
+		if (serverHello[0] == 0x02) // handshake type server hello
+			memcpy (serverRandom, serverHello + 6, 32);
+		else
+			LogPrint (eLogError, "Unexpected handshake type ", (int)serverHello[0]);
+		delete[] serverHello;
+		// read Certificate
+		m_Site.read ((char *)&type, 1); 
+		m_Site.read ((char *)&version, 2); 
+		m_Site.read ((char *)&length, 2); 
+		length = be16toh (length);
+		char * certificate = new char[length];
+		m_Site.read (certificate, length);
+		m_FinishedHash.Update ((uint8_t *)certificate, length);
+		CryptoPP::RSA::PublicKey publicKey;
+		// 0 - handshake type
+		// 1 - 3 - handshake payload length
+		// 4 - 6 - length of array of certificates
+		// 7 - 9 - length of certificate
+		if (certificate[0] == 0x0B) // handshake type certificate
+			publicKey = ExtractPublicKey ((uint8_t *)certificate + 10, length - 10);
+		else
+			LogPrint (eLogError, "Unexpected handshake type ", (int)certificate[0]);
+		delete[] certificate;
+		// read ServerHelloDone
+		m_Site.read ((char *)&type, 1); 
+		m_Site.read ((char *)&version, 2); 
+		m_Site.read ((char *)&length, 2); 
+		length = be16toh (length);
+		char * serverHelloDone = new char[length];
+		m_Site.read (serverHelloDone, length);
+		m_FinishedHash.Update ((uint8_t *)serverHelloDone, length);
+		if (serverHelloDone[0] != 0x0E) // handshake type hello done
+			LogPrint (eLogError, "Unexpected handshake type ", (int)serverHelloDone[0]);
+		delete[] serverHelloDone;
+		// our turn now
+		// generate secret key
+		uint8_t secret[48]; 
+		secret[0] = 3; secret[1] = 3; // version
+		m_Rnd.GenerateBlock (secret + 2, 46); // 46 random bytes
+		// encrypt RSA
+ 		CryptoPP::RSAES_PKCS1v15_Encryptor encryptor(publicKey);
+		size_t encryptedLen = encryptor.CiphertextLength (48); // number of bytes for encrypted 48 bytes, usually 256 (2048 bits key)
+		uint8_t * encrypted = new uint8_t[encryptedLen + 2]; // + 2 bytes for length
+		htobe16buf (encrypted, encryptedLen); // first two bytes means length 
+		encryptor.Encrypt (m_Rnd, secret, 48, encrypted + 2);
+		// send ClientKeyExchange
+		// 0x10 - handshake type "client key exchange"
+		SendHandshakeMsg (0x10, encrypted, encryptedLen + 2);
+		delete[] encrypted;
+		// send ChangeCipherSpecs
+		m_Site.write ((char *)changeCipherSpecs, sizeof (changeCipherSpecs));
+		// calculate master secret
+		uint8_t masterSecret[48], random[64];
+		memcpy (random, clientHello + 11, 32);
+		memcpy (random + 32, serverRandom, 32);
+		PRF (secret, "master secret", random, 64, 48, masterSecret);
+		// expand master secret			
+		uint8_t keys[128]; // clientMACKey(32), serverMACKey(32), clientKey(32), serverKey(32)
+		memcpy (random, serverRandom, 32);
+		memcpy (random + 32, clientHello + 11, 32);
+		PRF (masterSecret, "key expansion", random, 64, 128, keys); 
+		memcpy (m_MacKey, keys, 32);
+		m_Encryption.SetKey (keys + 64);
+		m_Decryption.SetKey (keys + 96);
+
+		// send finished
+		uint8_t finishedHashDigest[32], finishedPayload[40], encryptedPayload[80];
+		finishedPayload[0] = 0x14; // handshake type (finished)
+		finishedPayload[1] = 0; finishedPayload[2] = 0; finishedPayload[3] = 0x0C; // 12 bytes
+		m_FinishedHash.Final (finishedHashDigest);
+		PRF (masterSecret, "client finished", finishedHashDigest, 32, 12, finishedPayload + 4);
+		uint8_t mac[32];
+		CalculateMAC (0x16, finishedPayload, 16, mac);
+		Encrypt (finishedPayload, 16, mac, encryptedPayload);
+		m_Site.write ((char *)finished, sizeof (finished));
+		m_Site.write ((char *)encryptedPayload, 80);
+		// read ChangeCipherSpecs
+		uint8_t changeCipherSpecs1[6];
+		m_Site.read ((char *)changeCipherSpecs1, 6);
+		// read finished
+		m_Site.read ((char *)&type, 1); 
+		m_Site.read ((char *)&version, 2); 
+		m_Site.read ((char *)&length, 2); 
+		length = be16toh (length);
+		char * finished1 = new char[length];
+		m_Site.read (finished1, length);
+		delete[] finished1;
+	}
+
+	void TlsSession::SendHandshakeMsg (uint8_t handshakeType, uint8_t * data, size_t len)
+	{
+		uint8_t handshakeHeader[9];
+		handshakeHeader[0] = 0x16; // handshake
+ 		handshakeHeader[1] = 0x03; handshakeHeader[2] = 0x03; // version is always TLS 1.2 (3,3) 
+		htobe16buf (handshakeHeader + 3, len + 4); // length of payload
+		//payload starts
+		handshakeHeader[5] = handshakeType; // handshake type
+		handshakeHeader[6] = 0; // highest byte of payload length is always zero
+		htobe16buf (handshakeHeader + 7, len); // length of data
+		m_Site.write ((char *)handshakeHeader, 9);
+		m_FinishedHash.Update (handshakeHeader + 5, 4); // only payload counts
+		m_Site.write ((char *)data, len);
+		m_FinishedHash.Update (data, len);
+	}
+
+	void TlsSession::PRF (const uint8_t * secret, const char * label, const uint8_t * random, size_t randomLen,
+		size_t len, uint8_t * buf)
+	{
+		// secret is assumed 48 bytes	
+		// random is not more than 64 bytes
+ 		CryptoPP::HMAC<CryptoPP::SHA256> hmac (secret, 48);	
+		uint8_t seed[96]; size_t seedLen;
+		seedLen = strlen (label);	
+		memcpy (seed, label, seedLen);
+		memcpy (seed + seedLen, random, randomLen);
+		seedLen += randomLen;
+
+		size_t offset = 0;
+		uint8_t a[128];
+		hmac.CalculateDigest (a, seed, seedLen);
+		while (offset < len)
+		{
+			memcpy (a + 32, seed, seedLen);
+			hmac.CalculateDigest (buf + offset, a, seedLen + 32);
+			offset += 32;
+			hmac.CalculateDigest (a, a, 32);
+		}
+	}
+
+	size_t TlsSession::Encrypt (const uint8_t * in, size_t len, const uint8_t * mac, uint8_t * out)
+	{
+		size_t size = 0;
+		m_Rnd.GenerateBlock (out, 16); // iv
+		size += 16;
+		m_Encryption.SetIV (out);
+		memcpy (out + size, in, len);
+		size += len;
+		memcpy (out + size, mac, 32);
+		size += 32;	
+		uint8_t paddingSize = len + 1;
+		paddingSize &= 0x0F;  // %16
+		if (paddingSize > 0) paddingSize = 16 - paddingSize;
+		memset (out + size, paddingSize, paddingSize + 1); // paddind and last byte are equal to padding size
+		size += paddingSize + 1;
+		m_Encryption.Encrypt (out + 16, size - 16, out + 16);
+		return size;	
+	}
+
+	size_t TlsSession::Decrypt (uint8_t * buf, size_t len)
+	{
+		m_Decryption.SetIV (buf);
+		m_Decryption.Decrypt (buf + 16, len - 16, buf + 16);
+		return len - 48 - buf[len -1] - 1; // IV(16), mac(32) and padding
+	}
+
+	void TlsSession::CalculateMAC (uint8_t type, const uint8_t * buf, size_t len, uint8_t * mac)
+	{
+		uint8_t header[13]; // seqn (8) + type (1) + version (2) + length (2)
+		htobe64buf (header, m_Seqn);
+		header[8] = type; header[9] = 3; header[10] = 3; // 3,3 means TLS 1.2 
+		htobe16buf (header + 11, len);
+		CryptoPP::HMAC<CryptoPP::SHA256> hmac (m_MacKey, 32);	
+		hmac.Update (header, 13);
+		hmac.Update (buf, len);
+		hmac.Final (mac);	
+		m_Seqn++;
+	}
+
+	CryptoPP::RSA::PublicKey TlsSession::ExtractPublicKey (const uint8_t * certificate, size_t len)
+	{
+		CryptoPP::ByteQueue queue;
+		queue.Put (certificate, len);	
+		queue.MessageEnd ();
+		// extract X.509
+		CryptoPP::BERSequenceDecoder x509Cert (queue);
+		CryptoPP::BERSequenceDecoder tbsCert (x509Cert);
+		// version
+		uint32_t ver;
+		CryptoPP::BERGeneralDecoder context (tbsCert, CryptoPP::CONTEXT_SPECIFIC | CryptoPP::CONSTRUCTED);
+		CryptoPP::BERDecodeUnsigned<uint32_t>(context, ver, CryptoPP::INTEGER);
+		// serial
+		CryptoPP::Integer serial;
+   		serial.BERDecode(tbsCert);	
+		// signature
+		CryptoPP::BERSequenceDecoder signature (tbsCert);
+   		signature.SkipAll();
+		// issuer
+		CryptoPP::BERSequenceDecoder issuer (tbsCert);
+   		issuer.SkipAll();
+		// validity
+		CryptoPP::BERSequenceDecoder validity (tbsCert);
+   		validity.SkipAll();
+		// subject
+		CryptoPP::BERSequenceDecoder subject (tbsCert);
+   		subject.SkipAll();
+		// public key
+		CryptoPP::BERSequenceDecoder publicKey (tbsCert);			
+		CryptoPP::BERSequenceDecoder ident (publicKey);
+		ident.SkipAll ();
+		CryptoPP::BERGeneralDecoder key (publicKey, CryptoPP::BIT_STRING);
+		key.Skip (1); // FIXME: probably bug in crypto++
+		CryptoPP::BERSequenceDecoder keyPair (key);
+		CryptoPP::Integer n, e;
+		n.BERDecode (keyPair);
+		e.BERDecode (keyPair);
+
+		CryptoPP::RSA::PublicKey ret; 
+		ret.Initialize (n, e);
+		return ret;
+	}		
+
+	void TlsSession::Send (const uint8_t * buf, size_t len)
+	{
+		uint8_t * out = new uint8_t[len + 64 + 5]; // 64 = 32 mac + 16 iv + upto 16 padding, 5 = header
+		out[0] = 0x17; // application data
+		out[1] = 0x03; out[2] = 0x03; // version
+		uint8_t mac[32];
+		CalculateMAC (0x17, buf, len, mac);
+		size_t encryptedLen = Encrypt (buf, len, mac, out + 5);
+		htobe16buf (out + 3, encryptedLen);
+		m_Site.write ((char *)out, encryptedLen + 5);
+		delete[] out;
+	}
+
+	bool TlsSession::Receive (std::ostream& rs)
+	{
+		if (m_Site.eof ()) return false;
+		uint8_t type; uint16_t version, length;
+		m_Site.read ((char *)&type, 1); 
+		m_Site.read ((char *)&version, 2); 
+		m_Site.read ((char *)&length, 2); 
+		length = be16toh (length);
+		uint8_t * buf = new uint8_t[length];
+		m_Site.read ((char *)buf, length);
+		size_t decryptedLen = Decrypt (buf, length);
+		rs.write ((char *)buf + 16, decryptedLen);
+		delete[] buf;
+		return true;
+	}
 }
 }
 

Reseed.h

@@ -1,8 +1,15 @@
 #ifndef RESEED_H
 #define RESEED_H
 
+#include <iostream>
 #include <string>
 #include <vector>
+#include <map>
+#include <cryptopp/osrng.h>
+#include <cryptopp/rsa.h>
+#include <boost/asio.hpp>
+#include "Identity.h"
+#include "aes.h"
 
 namespace i2p
 {
@@ -11,13 +18,65 @@ namespace data
 
 	class Reseeder
 	{
+		typedef Tag<512> PublicKey;	
+		
 		public:
+		
 			Reseeder();
 			~Reseeder();
-			bool reseedNow();
+			bool reseedNow(); // depreacted
+			int ReseedNowSU3 ();
+
+			void LoadCertificates ();
+			
+		private:
+
+			void LoadCertificate (const std::string& filename);
+			std::string LoadCertificate (CryptoPP::ByteQueue& queue); // returns issuer's name
+			
+			int ReseedFromSU3 (const std::string& host, bool https = false);
+			int ProcessSU3File (const char * filename);	
+			int ProcessSU3Stream (std::istream& s);	
+
+			bool FindZipDataDescriptor (std::istream& s);
+			
+			std::string HttpsRequest (const std::string& address);
+
+		private:	
+
+			std::map<std::string, PublicKey> m_SigningKeys;
 	};
 
+	class TlsSession
+	{
+		public:
+
+			TlsSession (const std::string& host, int port);
+			void Send (const uint8_t * buf, size_t len);
+			bool Receive (std::ostream& rs);
+
+		private:
+
+			void Handshake ();
+			void SendHandshakeMsg (uint8_t handshakeType, uint8_t * data, size_t len);
+			CryptoPP::RSA::PublicKey ExtractPublicKey (const uint8_t * certificate, size_t len);
+			void PRF (const uint8_t * secret, const char * label, const uint8_t * random, size_t randomLen,
+				size_t len, uint8_t * buf);
+			void CalculateMAC (uint8_t type, const uint8_t * buf, size_t len, uint8_t * mac);
+			size_t Encrypt (const uint8_t * in, size_t len, const uint8_t * mac, uint8_t * out);
+			size_t Decrypt (uint8_t * buf, size_t len); // pyaload is buf + 16		
+
+		private:
+
+			uint64_t m_Seqn;
+			boost::asio::ip::tcp::iostream m_Site;
+			CryptoPP::SHA256 m_FinishedHash;
+			CryptoPP::AutoSeededRandomPool m_Rnd;
+			i2p::crypto::CBCEncryption m_Encryption;
+			i2p::crypto::CBCDecryption m_Decryption; 
+			uint8_t m_MacKey[32]; // client	
+	};
 }
 }
 
-#endif
+#endif

RouterContext.cpp

@@ -1,10 +1,12 @@
 #include <fstream>
 #include <cryptopp/dh.h>
 #include <cryptopp/dsa.h>
+#include <boost/lexical_cast.hpp>
 #include "CryptoConst.h"
 #include "RouterContext.h"
 #include "Timestamp.h"
 #include "I2NPProtocol.h"
+#include "NetDb.h"
 #include "util.h"
 #include "version.h"
 
@@ -13,12 +15,14 @@ namespace i2p
 	RouterContext context;
 
 	RouterContext::RouterContext ():
-		m_LastUpdateTime (0), m_IsUnreachable (false), m_AcceptsTunnels (true)
+		m_LastUpdateTime (0), m_AcceptsTunnels (true), m_IsFloodfill (false), 
+		m_StartupTime (0), m_Status (eRouterStatusOK )
 	{
 	}
 
 	void RouterContext::Init ()
 	{
+		m_StartupTime = i2p::util::GetSecondsSinceEpoch ();
 		if (!Load ())
 			CreateNewRouter ();
 		UpdateRouterInfo ();
@@ -34,7 +38,7 @@ namespace i2p
 	void RouterContext::NewRouterInfo ()
 	{
 		i2p::data::RouterInfo routerInfo;
-		routerInfo.SetRouterIdentity (GetIdentity ().GetStandardIdentity ());
+		routerInfo.SetRouterIdentity (GetIdentity ());
 		int port = i2p::util::config::GetArg("-port", 0);
 		if (!port)
 			port = m_Rnd.GenerateWord32 (9111, 30777); // I2P network ports range
@@ -107,9 +111,46 @@ namespace i2p
 			UpdateRouterInfo ();
 	}	
 	
+	void RouterContext::SetFloodfill (bool floodfill)
+	{
+		m_IsFloodfill = floodfill;
+		if (floodfill)
+			m_RouterInfo.SetCaps (m_RouterInfo.GetCaps () | i2p::data::RouterInfo::eFloodfill);
+		else
+		{
+			m_RouterInfo.SetCaps (m_RouterInfo.GetCaps () & ~i2p::data::RouterInfo::eFloodfill);
+			// we don't publish number of routers and leaseset for non-floodfill
+			m_RouterInfo.DeleteProperty (ROUTER_INFO_PROPERTY_LEASESETS);
+			m_RouterInfo.DeleteProperty (ROUTER_INFO_PROPERTY_ROUTERS);
+		}
+		UpdateRouterInfo ();
+	}
+
+	void RouterContext::SetHighBandwidth ()
+	{
+		if (!m_RouterInfo.IsHighBandwidth ())
+		{
+			m_RouterInfo.SetCaps (m_RouterInfo.GetCaps () | i2p::data::RouterInfo::eHighBandwidth);
+			UpdateRouterInfo ();
+		}
+	}
+
+	void RouterContext::SetLowBandwidth ()
+	{
+		if (m_RouterInfo.IsHighBandwidth ())
+		{
+			m_RouterInfo.SetCaps (m_RouterInfo.GetCaps () & ~i2p::data::RouterInfo::eHighBandwidth);
+			UpdateRouterInfo ();
+		}
+	}
+
+	bool RouterContext::IsUnreachable () const
+	{
+		return m_RouterInfo.GetCaps () & i2p::data::RouterInfo::eUnreachable;
+	}	
+		
 	void RouterContext::SetUnreachable ()
 	{
-		m_IsUnreachable = true;	
 		// set caps
 		m_RouterInfo.SetCaps (i2p::data::RouterInfo::eUnreachable | i2p::data::RouterInfo::eSSUTesting); // LU, B
 		// remove NTCP address
@@ -125,11 +166,41 @@ namespace i2p
 		// delete previous introducers
 		for (auto& addr : addresses)
 			addr.introducers.clear ();
-		
+	
 		// update
 		UpdateRouterInfo ();
 	}
 
+	void RouterContext::SetReachable ()
+	{
+		// update caps
+		uint8_t caps = m_RouterInfo.GetCaps ();
+		caps &= ~i2p::data::RouterInfo::eUnreachable;
+		caps |= i2p::data::RouterInfo::eReachable;
+		caps |= i2p::data::RouterInfo::eSSUIntroducer;
+		if (m_IsFloodfill)
+			caps |= i2p::data::RouterInfo::eFloodfill;
+		m_RouterInfo.SetCaps (caps);
+		
+		// insert NTCP back
+		auto& addresses = m_RouterInfo.GetAddresses ();
+		for (size_t i = 0; i < addresses.size (); i++)
+		{
+			if (addresses[i].transportStyle == i2p::data::RouterInfo::eTransportSSU)
+			{
+				// insert NTCP address with host/port form SSU
+				m_RouterInfo.AddNTCPAddress (addresses[i].host.to_string ().c_str (), addresses[i].port);
+				break;
+			}
+		}		
+		// delete previous introducers
+		for (auto& addr : addresses)
+			addr.introducers.clear ();
+		
+		// update
+		UpdateRouterInfo ();
+	}	
+		
 	void RouterContext::SetSupportsV6 (bool supportsV6)
 	{
 		if (supportsV6)
@@ -162,12 +233,29 @@ namespace i2p
 		{
 			// create new address
 			m_RouterInfo.AddNTCPAddress (host.to_string ().c_str (), port);
-			m_RouterInfo.AddSSUAddress (host.to_string ().c_str (), port, GetIdentHash (), 1472); // TODO
+			auto mtu = i2p::util::net::GetMTU (host);
+			if (mtu)
+			{	
+				LogPrint ("Our v6 MTU=", mtu);
+				if (mtu > 1472) mtu = 1472; 
+			}	
+			m_RouterInfo.AddSSUAddress (host.to_string ().c_str (), port, GetIdentHash (), mtu ? mtu : 1472); // TODO
 			updated = true;
 		}
 		if (updated)
 			UpdateRouterInfo ();
 	}
+
+	void RouterContext::UpdateStats ()
+	{
+		if (m_IsFloodfill)
+		{
+			// update routers and leasesets
+			m_RouterInfo.SetProperty (ROUTER_INFO_PROPERTY_LEASESETS, boost::lexical_cast<std::string>(i2p::data::netdb.GetNumLeaseSets ()));
+			m_RouterInfo.SetProperty (ROUTER_INFO_PROPERTY_ROUTERS, boost::lexical_cast<std::string>(i2p::data::netdb.GetNumRouters ()));
+			UpdateRouterInfo (); 
+		}
+	}
 		
 	bool RouterContext::Load ()
 	{
@@ -182,6 +270,9 @@ namespace i2p
 		m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
 		m_RouterInfo.SetProperty ("coreVersion", I2P_VERSION);
 		m_RouterInfo.SetProperty ("router.version", I2P_VERSION);
+
+		if (IsUnreachable ())
+			SetReachable (); // we assume reachable until we discover firewall through peer tests
 		
 		return true;
 	}
@@ -198,8 +289,13 @@ namespace i2p
 		fk.write ((char *)&keys, sizeof (keys));	
 	}
 
-	void RouterContext::HandleI2NPMessage (const uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from)
+	void RouterContext::HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
 		i2p::HandleI2NPMessage (CreateI2NPMessage (buf, GetI2NPMessageLength (buf), from));
+	}
+
+	uint32_t RouterContext::GetUptime () const
+	{
+		return i2p::util::GetSecondsSinceEpoch () - m_StartupTime;
 	}	
 }

RouterContext.h

@@ -3,6 +3,7 @@
 
 #include <inttypes.h>
 #include <string>
+#include <memory>
 #include <boost/asio.hpp>
 #include <cryptopp/dsa.h>
 #include <cryptopp/osrng.h>
@@ -16,6 +17,16 @@ namespace i2p
 	const char ROUTER_KEYS[] = "router.keys";	
 	const int ROUTER_INFO_UPDATE_INTERVAL = 1800; // 30 minutes
 	
+	const char ROUTER_INFO_PROPERTY_LEASESETS[] = "netdb.knownLeaseSets";
+	const char ROUTER_INFO_PROPERTY_ROUTERS[] = "netdb.knownRouters";		
+
+	enum RouterStatus
+	{
+		eRouterStatusOK = 0,
+		eRouterStatusTesting = 1,
+		eRouterStatusFirewalled = 2
+	};	
+
 	class RouterContext: public i2p::garlic::GarlicDestination 
 	{
 		public:
@@ -24,19 +35,35 @@ namespace i2p
 			void Init ();
 
 			i2p::data::RouterInfo& GetRouterInfo () { return m_RouterInfo; };
+			std::shared_ptr<const i2p::data::RouterInfo> GetSharedRouterInfo () const 
+			{ 
+				return std::shared_ptr<const i2p::data::RouterInfo> (&m_RouterInfo, 
+					[](const i2p::data::RouterInfo *) {});
+			}
 			CryptoPP::RandomNumberGenerator& GetRandomNumberGenerator () { return m_Rnd; };	
+			uint32_t GetUptime () const;
+			uint32_t GetStartupTime () const { return m_StartupTime; };
+			uint64_t GetLastUpdateTime () const { return m_LastUpdateTime; };
+			RouterStatus GetStatus () const { return m_Status; };
+			void SetStatus (RouterStatus status) { m_Status = status; };
 
 			void UpdatePort (int port); // called from Daemon
 			void UpdateAddress (const boost::asio::ip::address& host);	// called from SSU or Daemon
 			bool AddIntroducer (const i2p::data::RouterInfo& routerInfo, uint32_t tag);
 			void RemoveIntroducer (const boost::asio::ip::udp::endpoint& e);
-			bool IsUnreachable () const { return m_IsUnreachable; };
-			void SetUnreachable ();				
+			bool IsUnreachable () const;
+			void SetUnreachable ();		
+			void SetReachable ();
+			bool IsFloodfill () const { return m_IsFloodfill; };	
+			void SetFloodfill (bool floodfill);	
+			void SetHighBandwidth ();
+			void SetLowBandwidth ();
 			bool AcceptsTunnels () const { return m_AcceptsTunnels; };
 			void SetAcceptsTunnels (bool acceptsTunnels) { m_AcceptsTunnels = acceptsTunnels; };
 			bool SupportsV6 () const { return m_RouterInfo.IsV6 (); };
 			void SetSupportsV6 (bool supportsV6);
-			void UpdateNTCPV6Address (const boost::asio::ip::address& host); // called from NTCP session				
+			void UpdateNTCPV6Address (const boost::asio::ip::address& host); // called from NTCP session		
+			void UpdateStats ();		
 
 			// implements LocalDestination
 			const i2p::data::PrivateKeys& GetPrivateKeys () const { return m_Keys; };
@@ -46,7 +73,7 @@ namespace i2p
 
 			// implements GarlicDestination
 			const i2p::data::LeaseSet * GetLeaseSet () { return nullptr; };
-			void HandleI2NPMessage (const uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from);
+			void HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
 			
 		private:
 
@@ -62,7 +89,9 @@ namespace i2p
 			i2p::data::PrivateKeys m_Keys; 
 			CryptoPP::AutoSeededRandomPool m_Rnd;
 			uint64_t m_LastUpdateTime;
-			bool m_IsUnreachable, m_AcceptsTunnels;
+			bool m_AcceptsTunnels, m_IsFloodfill;
+			uint64_t m_StartupTime; // in seconds since epoch
+			RouterStatus m_Status;
 	};
 
 	extern RouterContext context;

RouterInfo.cpp

@@ -55,10 +55,9 @@ namespace data
 		// don't delete buffer until save to file
 	}	
 		
-	void RouterInfo::SetRouterIdentity (const Identity& identity)
+	void RouterInfo::SetRouterIdentity (const IdentityEx& identity)
 	{	
 		m_RouterIdentity = identity;
-		m_IdentHash = m_RouterIdentity.Hash ();
 		m_Timestamp = i2p::util::GetMillisecondsSinceEpoch ();
 	}
 	
@@ -95,31 +94,24 @@ namespace data
 
 	void RouterInfo::ReadFromBuffer (bool verifySignature)
 	{
-		std::stringstream str (std::string ((char *)m_Buffer, m_BufferLen));
+		size_t identityLen = m_RouterIdentity.FromBuffer (m_Buffer, m_BufferLen);
+		std::stringstream str (std::string ((char *)m_Buffer + identityLen, m_BufferLen - identityLen));
 		ReadFromStream (str);
 		if (verifySignature)
 		{	
 			// verify signature
-			CryptoPP::DSA::PublicKey pubKey;
-			pubKey.Initialize (i2p::crypto::dsap, i2p::crypto::dsaq, i2p::crypto::dsag, CryptoPP::Integer (m_RouterIdentity.signingKey, 128));
-			CryptoPP::DSA::Verifier verifier (pubKey);
-			int l = m_BufferLen - 40;
-			if (!verifier.VerifyMessage ((uint8_t *)m_Buffer, l, (uint8_t *)m_Buffer + l, 40))
+			int l = m_BufferLen - m_RouterIdentity.GetSignatureLen ();
+			if (!m_RouterIdentity.Verify ((uint8_t *)m_Buffer, l, (uint8_t *)m_Buffer + l))
 			{	
-				LogPrint (eLogError, "signature verification failed");
+				LogPrint (eLogError, "signature verification failed");	
+				m_IsUnreachable = true;
 			}
+			m_RouterIdentity.DropVerifier ();
 		}	
 	}	
 	
 	void RouterInfo::ReadFromStream (std::istream& s)
 	{
-		s.read ((char *)&m_RouterIdentity, DEFAULT_IDENTITY_SIZE);
-		if (m_RouterIdentity.certificate.type != CERTIFICATE_TYPE_NULL)
-		{
-			LogPrint (eLogError, "Certificate type ", m_RouterIdentity.certificate.type, " is not supported");
-			SetUnreachable (true);
-			return;
-		}
 		s.read ((char *)&m_Timestamp, sizeof (m_Timestamp));
 		m_Timestamp = be64toh (m_Timestamp);
 		// read addresses
@@ -158,9 +150,17 @@ namespace data
 					address.host = boost::asio::ip::address::from_string (value, ecode);
 					if (ecode)
 					{	
-						// TODO: we should try to resolve address here
-						LogPrint (eLogWarning, "Unexpected address ", value);
-						isValidAddress = false;
+						if (address.transportStyle == eTransportNTCP)
+						{
+							m_SupportedTransports |= eNTCPV4; // TODO:
+							address.addressString = value;
+						}
+						else
+						{	
+							// TODO: resolve address for SSU
+							LogPrint (eLogWarning, "Unexpected SSU address ", value);
+							isValidAddress = false;
+						}	
 					}	
 					else
 					{
@@ -232,8 +232,6 @@ namespace data
 			if (!strcmp (key, "caps"))
 				ExtractCaps (value);
 		}		
-		
-		CryptoPP::SHA256().CalculateDigest(m_IdentHash, (uint8_t *)&m_RouterIdentity, sizeof (m_RouterIdentity));
 
 		if (!m_SupportedTransports || !m_Addresses.size() || (UsesIntroducer () && !introducers))
 			SetUnreachable (true);
@@ -278,8 +276,13 @@ namespace data
 	void RouterInfo::UpdateCapsProperty ()
 	{	
 		std::string caps;
-		caps += (m_Caps & eHighBandwidth) ? CAPS_FLAG_HIGH_BANDWIDTH1 : CAPS_FLAG_LOW_BANDWIDTH2; // bandwidth
-		if (m_Caps & eFloodfill) caps += CAPS_FLAG_FLOODFILL; // floodfill
+		if (m_Caps & eFloodfill) 
+		{
+			caps += CAPS_FLAG_HIGH_BANDWIDTH3; // highest bandwidth
+			caps += CAPS_FLAG_FLOODFILL; // floodfill  
+		}	
+		else
+			caps += (m_Caps & eHighBandwidth) ? CAPS_FLAG_HIGH_BANDWIDTH3 : CAPS_FLAG_LOW_BANDWIDTH2; // bandwidth		
 		if (m_Caps & eHidden) caps += CAPS_FLAG_HIDDEN; // hidden
 		if (m_Caps & eReachable) caps += CAPS_FLAG_REACHABLE; // reachable
 		if (m_Caps & eUnreachable) caps += CAPS_FLAG_UNREACHABLE; // unreachable
@@ -545,18 +548,15 @@ namespace data
 		ExtractCaps (caps);
 	}	
 		
-	void RouterInfo::SetProperty (const char * key, const char * value)
+	void RouterInfo::SetProperty (const std::string& key, const std::string& value)
 	{
 		m_Properties[key] = value;
 	}	
 
-	const char * RouterInfo::GetProperty (const char * key) const
+	void RouterInfo::DeleteProperty (const std::string& key)
 	{
-		auto it = m_Properties.find (key);
-		if (it != m_Properties.end ())
-			return it->second.c_str ();
-		return 0;
-	}	
+		m_Properties.erase (key);
+	}
 
 	bool RouterInfo::IsFloodfill () const
 	{
@@ -652,5 +652,12 @@ namespace data
 		}	
 		return nullptr;
 	}	
+
+	std::shared_ptr<RouterProfile> RouterInfo::GetProfile () const 
+	{
+		if (!m_Profile)
+			m_Profile = GetRouterProfile (GetIdentHash ());
+		return m_Profile;
+	}	
 }
 }

RouterInfo.h

@@ -8,6 +8,7 @@
 #include <iostream>
 #include <boost/asio.hpp>
 #include "Identity.h"
+#include "Profiling.h"
 
 namespace i2p
 {
@@ -69,6 +70,7 @@ namespace data
 			{
 				TransportStyle transportStyle;
 				boost::asio::ip::address host;
+				std::string addressString;
 				int port, mtu;
 				uint64_t date;
 				uint8_t cost;
@@ -90,10 +92,10 @@ namespace data
 			RouterInfo (const uint8_t * buf, int len);
 			~RouterInfo ();
 			
-			const Identity& GetRouterIdentity () const { return m_RouterIdentity; };
-			void SetRouterIdentity (const Identity& identity);
-			std::string GetIdentHashBase64 () const { return m_IdentHash.ToBase64 (); };
-			std::string GetIdentHashAbbreviation () const { return m_IdentHash.ToBase64 ().substr (0, 4); };
+			const IdentityEx& GetRouterIdentity () const { return m_RouterIdentity; };
+			void SetRouterIdentity (const IdentityEx& identity);
+			std::string GetIdentHashBase64 () const { return GetIdentHash ().ToBase64 (); };
+			std::string GetIdentHashAbbreviation () const { return GetIdentHash ().ToBase64 ().substr (0, 4); };
 			uint64_t GetTimestamp () const { return m_Timestamp; };
 			std::vector<Address>& GetAddresses () { return m_Addresses; };
 			const Address * GetNTCPAddress (bool v4only = true) const;
@@ -104,8 +106,9 @@ namespace data
 			void AddSSUAddress (const char * host, int port, const uint8_t * key, int mtu = 0);
 			bool AddIntroducer (const Address * address, uint32_t tag);
 			bool RemoveIntroducer (const boost::asio::ip::udp::endpoint& e);
-			void SetProperty (const char * key, const char * value);
-			const char * GetProperty (const char * key) const;
+			void SetProperty (const std::string& key, const std::string& value); // called from RouterContext only
+			void DeleteProperty (const std::string& key); // called from RouterContext only
+			void ClearProperties () { m_Properties.clear (); };
 			bool IsFloodfill () const;
 			bool IsNTCP (bool v4only = true) const;
 			bool IsSSU (bool v4only = true) const;
@@ -117,6 +120,7 @@ namespace data
 			bool IsIntroducer () const { return m_Caps & eSSUIntroducer; };
 			bool IsPeerTesting () const { return m_Caps & eSSUTesting; };
 			bool IsHidden () const { return m_Caps & eHidden; };
+			bool IsHighBandwidth () const { return m_Caps & RouterInfo::eHighBandwidth; };
 
 			uint8_t GetCaps () const { return m_Caps; };	
 			void SetCaps (uint8_t caps);
@@ -134,12 +138,15 @@ namespace data
 			void SetUpdated (bool updated) { m_IsUpdated = updated; }; 
 			void SaveToFile (const std::string& fullPath);
 
+			std::shared_ptr<RouterProfile> GetProfile () const;
+			void SaveProfile () { if (m_Profile) m_Profile->Save (); };
+			
 			void Update (const uint8_t * buf, int len);
 			void DeleteBuffer () { delete m_Buffer; m_Buffer = nullptr; };
 			
 			// implements RoutingDestination
-			const IdentHash& GetIdentHash () const { return m_IdentHash; };
-			const uint8_t * GetEncryptionPublicKey () const { return m_RouterIdentity.publicKey; };
+			const IdentHash& GetIdentHash () const { return m_RouterIdentity.GetIdentHash (); };
+			const uint8_t * GetEncryptionPublicKey () const { return m_RouterIdentity.GetStandardIdentity ().publicKey; };
 			bool IsDestination () const { return false; };
 
 			
@@ -159,8 +166,7 @@ namespace data
 		private:
 
 			std::string m_FullPath;
-			Identity m_RouterIdentity;
-			IdentHash m_IdentHash;
+			IdentityEx m_RouterIdentity;
 			uint8_t * m_Buffer;
 			int m_BufferLen;
 			uint64_t m_Timestamp;
@@ -168,6 +174,7 @@ namespace data
 			std::map<std::string, std::string> m_Properties;
 			bool m_IsUpdated, m_IsUnreachable;
 			uint8_t m_SupportedTransports, m_Caps;
+			mutable std::shared_ptr<RouterProfile> m_Profile;
 	};	
 }	
 }

SAM.cpp

@@ -3,11 +3,10 @@
 #ifdef _MSC_VER
 #include <stdlib.h>
 #endif
-#include <boost/bind.hpp>
+#include <boost/lexical_cast.hpp>
 #include "base64.h"
 #include "Identity.h"
 #include "Log.h"
-#include "NetDb.h"
 #include "Destination.h"
 #include "ClientContext.h"
 #include "SAM.h"
@@ -18,29 +17,29 @@ namespace client
 {
 	SAMSocket::SAMSocket (SAMBridge& owner): 
 		m_Owner (owner), m_Socket (m_Owner.GetService ()), m_Timer (m_Owner.GetService ()),
-		m_SocketType (eSAMSocketTypeUnknown), m_IsSilent (false), m_Stream (nullptr),
-		m_Session (nullptr)
+		m_BufferOffset (0), m_SocketType (eSAMSocketTypeUnknown), m_IsSilent (false), 
+		m_Stream (nullptr), m_Session (nullptr)
 	{
 	}
 
 	SAMSocket::~SAMSocket ()
 	{
-		if (m_Stream)
-		{
-			m_Stream->Close ();
-			i2p::stream::DeleteStream (m_Stream);
-			m_Stream = nullptr;
-		}
+		Terminate ();
 	}	
 
-	void SAMSocket::Terminate ()
+	void SAMSocket::CloseStream ()
 	{
 		if (m_Stream)
-		{
+		{	
 			m_Stream->Close ();
-			i2p::stream::DeleteStream (m_Stream);
-			m_Stream = nullptr;
-		}
+			m_Stream.reset ();
+		}	
+	}	
+		
+	void SAMSocket::Terminate ()
+	{
+		CloseStream ();
+		
 		switch (m_SocketType)
 		{
 			case eSAMSocketTypeSession:
@@ -49,14 +48,14 @@ namespace client
 			case eSAMSocketTypeStream:
 			{
 				if (m_Session)
-					m_Session->sockets.remove (this);
+					m_Session->sockets.remove (shared_from_this ());
 				break;
 			}
 			case eSAMSocketTypeAcceptor:
 			{
 				if (m_Session)
 				{
-					m_Session->sockets.remove (this);
+					m_Session->sockets.remove (shared_from_this ());
 					m_Session->localDestination->StopAcceptingStreams ();
 				}
 				break;
@@ -64,15 +63,15 @@ namespace client
 			default:
 				;
 		}
+		m_SocketType = eSAMSocketTypeTerminated;
 		m_Socket.close ();
-	//	delete this;
 	}
 
 	void SAMSocket::ReceiveHandshake ()
 	{
 		m_Socket.async_read_some (boost::asio::buffer(m_Buffer, SAM_SOCKET_BUFFER_SIZE),                
-			boost::bind(&SAMSocket::HandleHandshakeReceived, this, 
-			boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred));
+			std::bind(&SAMSocket::HandleHandshakeReceived, shared_from_this (), 
+			std::placeholders::_1, std::placeholders::_2));
 	}
 
 	void SAMSocket::HandleHandshakeReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred)
@@ -87,12 +86,41 @@ namespace client
 		{	
 			m_Buffer[bytes_transferred] = 0;
 			LogPrint ("SAM handshake ", m_Buffer);
-			if (!memcmp (m_Buffer, SAM_HANDSHAKE, strlen (SAM_HANDSHAKE)))
+			char * separator = strchr (m_Buffer, ' ');
+			if (separator)
 			{
-				// TODO: check version
-				boost::asio::async_write (m_Socket, boost::asio::buffer (SAM_HANDSHAKE_REPLY, strlen (SAM_HANDSHAKE_REPLY)), boost::asio::transfer_all (),
-        			boost::bind(&SAMSocket::HandleHandshakeReplySent, this, 
-					boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred));
+				separator = strchr (separator + 1, ' ');	
+				if (separator) 
+					*separator = 0;
+			}
+
+			if (!strcmp (m_Buffer, SAM_HANDSHAKE))
+			{
+				std::string version("3.0");
+				// try to find MIN and MAX, 3.0 if not found
+				if (separator)
+				{
+					separator++;
+					std::map<std::string, std::string> params;
+					ExtractParams (separator, params);
+					auto it = params.find (SAM_PARAM_MAX);
+					// TODO: check MIN as well
+					if (it != params.end ())
+						version = it->second;
+				}
+				if (version[0] == '3') // we support v3 (3.0 and 3.1) only
+				{
+#ifdef _MSC_VER
+					size_t l = sprintf_s (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_HANDSHAKE_REPLY, version.c_str ());
+#else		
+					size_t l = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_HANDSHAKE_REPLY, version.c_str ());
+#endif
+					boost::asio::async_write (m_Socket, boost::asio::buffer (m_Buffer, l), boost::asio::transfer_all (),
+        				std::bind(&SAMSocket::HandleHandshakeReplySent, shared_from_this (), 
+						std::placeholders::_1, std::placeholders::_2));
+				}	
+				else
+					SendMessageReply (SAM_HANDSHAKE_I2P_ERROR, strlen (SAM_HANDSHAKE_I2P_ERROR), true);
 			}
 			else
 			{
@@ -113,17 +141,17 @@ namespace client
 		else
 		{
 			m_Socket.async_read_some (boost::asio::buffer(m_Buffer, SAM_SOCKET_BUFFER_SIZE),                
-				boost::bind(&SAMSocket::HandleMessage, this, 
-				boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred));	
+				std::bind(&SAMSocket::HandleMessage, shared_from_this (), 
+				std::placeholders::_1, std::placeholders::_2));	
 		}	
 	}
 
 	void SAMSocket::SendMessageReply (const char * msg, size_t len, bool close)
 	{
-		if (!m_IsSilent || m_SocketType == eSAMSocketTypeAcceptor) 
+		if (!m_IsSilent) 
 			boost::asio::async_write (m_Socket, boost::asio::buffer (msg, len), boost::asio::transfer_all (),
-				boost::bind(&SAMSocket::HandleMessageReplySent, this, 
-				boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred, close));
+				std::bind(&SAMSocket::HandleMessageReplySent, shared_from_this (), 
+				std::placeholders::_1, std::placeholders::_2, close));
 		else
 		{
 			if (close)
@@ -160,8 +188,10 @@ namespace client
 		}
 		else
 		{
+			bytes_transferred += m_BufferOffset;
+			m_BufferOffset = 0;
 			m_Buffer[bytes_transferred] = 0;
-			char * eol = strchr (m_Buffer, '\n');
+			char * eol = (char *)memchr (m_Buffer, '\n', bytes_transferred);
 			if (eol)
 			{
 				*eol = 0;
@@ -184,22 +214,43 @@ namespace client
 						ProcessDestGenerate ();
 					else if (!strcmp (m_Buffer, SAM_NAMING_LOOKUP))
 						ProcessNamingLookup (separator + 1, bytes_transferred - (separator - m_Buffer) - 1);
+					else if (!strcmp (m_Buffer, SAM_DATAGRAM_SEND))
+					{
+						size_t len = bytes_transferred - (separator - m_Buffer) - 1;
+						size_t processed = ProcessDatagramSend (separator + 1, len, eol + 1);
+						if (processed < len)
+						{
+							m_BufferOffset = len - processed;
+							if (processed > 0)
+								memmove (m_Buffer, separator + 1 + processed, m_BufferOffset);
+							else
+							{
+								// restore string back
+								*separator = ' ';
+								*eol = '\n';
+							}
+						}	
+						// since it's SAM v1 reply is not expected
+						Receive ();
+					}
 					else		
 					{	
-						LogPrint ("SAM unexpected message ", m_Buffer);		
+						LogPrint (eLogError, "SAM unexpected message ", m_Buffer);		
 						Terminate ();
 					}
 				}
 				else
 				{
-					LogPrint ("SAM malformed message ", m_Buffer);
+					LogPrint (eLogError, "SAM malformed message ", m_Buffer);
 					Terminate ();
 				}
 			}
 			else
 			{	
-				LogPrint ("SAM malformed message ", m_Buffer);
-				Terminate ();
+				LogPrint (eLogWarning, "SAM incomplete message ", bytes_transferred);
+				m_BufferOffset = bytes_transferred;
+				// try to receive remaining message
+				Receive ();
 			}
 		}
 	}
@@ -208,32 +259,37 @@ namespace client
 	{
 		LogPrint ("SAM session create: ", buf);
 		std::map<std::string, std::string> params;
-		ExtractParams (buf, len, params);
+		ExtractParams (buf, params);
 		std::string& style = params[SAM_PARAM_STYLE]; 
 		std::string& id = params[SAM_PARAM_ID];
 		std::string& destination = params[SAM_PARAM_DESTINATION];
-		m_ID = id;
+		m_ID = id; 
 		if (m_Owner.FindSession (id))
 		{
 			// session exists
 			SendMessageReply (SAM_SESSION_CREATE_DUPLICATED_ID, strlen(SAM_SESSION_CREATE_DUPLICATED_ID), true);
 			return;
 		}
-		m_Session = m_Owner.CreateSession (id, destination == SAM_VALUE_TRANSIENT ? "" : destination); 
+
+		// create destination	
+		m_Session = m_Owner.CreateSession (id, destination == SAM_VALUE_TRANSIENT ? "" : destination, &params); 
 		if (m_Session)
 		{
 			m_SocketType = eSAMSocketTypeSession;
-			if (m_Session->localDestination->IsReady ())
+			if (style == SAM_VALUE_DATAGRAM)
 			{
-				if (style == SAM_VALUE_DATAGRAM)
-					m_Session->localDestination->CreateDatagramDestination ();
-				SendSessionCreateReplyOk ();
+				auto dest = m_Session->localDestination->CreateDatagramDestination ();
+				dest->SetReceiver (std::bind (&SAMSocket::HandleI2PDatagramReceive, shared_from_this (), 
+					std::placeholders::_1, std::placeholders::_2, std::placeholders::_3, std::placeholders::_4, std::placeholders::_5));
 			}
+
+			if (m_Session->localDestination->IsReady ())
+				SendSessionCreateReplyOk ();
 			else
 			{
 				m_Timer.expires_from_now (boost::posix_time::seconds(SAM_SESSION_READINESS_CHECK_INTERVAL));
-				m_Timer.async_wait (boost::bind (&SAMSocket::HandleSessionReadinessCheckTimer,
-					this, boost::asio::placeholders::error));	
+				m_Timer.async_wait (std::bind (&SAMSocket::HandleSessionReadinessCheckTimer,
+					shared_from_this (), std::placeholders::_1));	
 			}
 		}
 		else
@@ -249,8 +305,8 @@ namespace client
 			else
 			{
 				m_Timer.expires_from_now (boost::posix_time::seconds(SAM_SESSION_READINESS_CHECK_INTERVAL));
-				m_Timer.async_wait (boost::bind (&SAMSocket::HandleSessionReadinessCheckTimer,
-					this, boost::asio::placeholders::error));
+				m_Timer.async_wait (std::bind (&SAMSocket::HandleSessionReadinessCheckTimer,
+					shared_from_this (), std::placeholders::_1));
 			}	
 		}
 	}
@@ -272,9 +328,9 @@ namespace client
 
 	void SAMSocket::ProcessStreamConnect (char * buf, size_t len)
 	{
-		LogPrint ("SAM stream connect: ", buf);
+		LogPrint (eLogDebug, "SAM stream connect: ", buf);
 		std::map<std::string, std::string> params;
-		ExtractParams (buf, len, params);
+		ExtractParams (buf, params);
 		std::string& id = params[SAM_PARAM_ID];
 		std::string& destination = params[SAM_PARAM_DESTINATION];
 		std::string& silent = params[SAM_PARAM_SILENT];
@@ -283,75 +339,52 @@ namespace client
 		m_Session = m_Owner.FindSession (id);
 		if (m_Session)
 		{
-			uint8_t ident[1024];
-			size_t l = i2p::data::Base64ToByteStream (destination.c_str (), destination.length (), ident, 1024);
 			i2p::data::IdentityEx dest;
-			dest.FromBuffer (ident, l);
-			auto leaseSet = i2p::data::netdb.FindLeaseSet (dest.GetIdentHash ());
+			dest.FromBase64 (destination);
+			context.GetAddressBook ().InsertAddress (dest);
+			auto leaseSet = m_Session->localDestination->FindLeaseSet (dest.GetIdentHash ());
 			if (leaseSet)
-				Connect (*leaseSet);
+				Connect (leaseSet);
 			else
 			{
-				i2p::data::netdb.RequestDestination (dest.GetIdentHash (), true, m_Session->localDestination->GetTunnelPool ());
-				m_Timer.expires_from_now (boost::posix_time::seconds(SAM_CONNECT_TIMEOUT));
-				m_Timer.async_wait (boost::bind (&SAMSocket::HandleStreamDestinationRequestTimer,
-					this, boost::asio::placeholders::error, dest.GetIdentHash ()));	
+				m_Session->localDestination->RequestDestination (dest.GetIdentHash (), 
+					std::bind (&SAMSocket::HandleConnectLeaseSetRequestComplete,
+					shared_from_this (), std::placeholders::_1, dest.GetIdentHash ()));	
 			}
 		}
 		else	
 			SendMessageReply (SAM_STREAM_STATUS_INVALID_ID, strlen(SAM_STREAM_STATUS_INVALID_ID), true);		
 	}
 
-	void SAMSocket::Connect (const i2p::data::LeaseSet& remote)
+	void SAMSocket::Connect (std::shared_ptr<const i2p::data::LeaseSet> remote)
 	{
 		m_SocketType = eSAMSocketTypeStream;
-		m_Session->sockets.push_back (this);
+		m_Session->sockets.push_back (shared_from_this ());
 		m_Stream = m_Session->localDestination->CreateStream (remote);
 		m_Stream->Send ((uint8_t *)m_Buffer, 0); // connect
 		I2PReceive ();			
 		SendMessageReply (SAM_STREAM_STATUS_OK, strlen(SAM_STREAM_STATUS_OK), false);
 	}
 
-	void SAMSocket::HandleStreamDestinationRequestTimer (const boost::system::error_code& ecode, i2p::data::IdentHash ident)
+	void SAMSocket::HandleConnectLeaseSetRequestComplete (bool success, i2p::data::IdentHash ident)
 	{
-		if (!ecode) // timeout expired
+		std::shared_ptr<const i2p::data::LeaseSet> leaseSet;
+		if (success) 
+			leaseSet = m_Session->localDestination->FindLeaseSet (ident);
+		if (leaseSet)
+			Connect (leaseSet);
+		else
 		{
-			auto leaseSet = m_Session->localDestination->FindLeaseSet (ident);
-			if (leaseSet)
-				Connect (*leaseSet);
-			else
-			{
-				LogPrint ("SAM destination to connect not found");
-				SendMessageReply (SAM_STREAM_STATUS_CANT_REACH_PEER, strlen(SAM_STREAM_STATUS_CANT_REACH_PEER), true);
-			}
-		}
-	}
-
-	void SAMSocket::HandleNamingLookupDestinationRequestTimer (const boost::system::error_code& ecode, i2p::data::IdentHash ident)
-	{
-		if (!ecode) // timeout expired
-		{
-			auto leaseSet = m_Session->localDestination->FindLeaseSet (ident);
-			if (leaseSet)
-				SendNamingLookupReply (leaseSet);
-			else
-			{
-				LogPrint ("SAM name destination not found");
-#ifdef _MSC_VER
-				size_t len = sprintf_s (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_NAMING_REPLY_KEY_NOT_FOUND, (ident.ToBase32 () + ".b32.i2p").c_str ());
-#else
-				size_t len = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_NAMING_REPLY_KEY_NOT_FOUND, (ident.ToBase32 () + ".b32.i2p").c_str ());
-#endif
-				SendMessageReply (m_Buffer, len, false);
-			}
+			LogPrint ("SAM destination to connect not found");
+			SendMessageReply (SAM_STREAM_STATUS_CANT_REACH_PEER, strlen(SAM_STREAM_STATUS_CANT_REACH_PEER), true);
 		}
 	}
 
 	void SAMSocket::ProcessStreamAccept (char * buf, size_t len)
 	{
-		LogPrint ("SAM stream accept: ", buf);
+		LogPrint (eLogDebug, "SAM stream accept: ", buf);
 		std::map<std::string, std::string> params;
-		ExtractParams (buf, len, params);
+		ExtractParams (buf, params);
 		std::string& id = params[SAM_PARAM_ID];
 		std::string& silent = params[SAM_PARAM_SILENT];
 		if (silent == SAM_VALUE_TRUE) m_IsSilent = true;	
@@ -362,8 +395,8 @@ namespace client
 			if (!m_Session->localDestination->IsAcceptingStreams ())
 			{
 				m_SocketType = eSAMSocketTypeAcceptor;
-				m_Session->sockets.push_back (this);
-				m_Session->localDestination->AcceptStreams (std::bind (&SAMSocket::HandleI2PAccept, this, std::placeholders::_1));
+				m_Session->sockets.push_back (shared_from_this ());
+				m_Session->localDestination->AcceptStreams (std::bind (&SAMSocket::HandleI2PAccept, shared_from_this (), std::placeholders::_1));
 				SendMessageReply (SAM_STREAM_STATUS_OK, strlen(SAM_STREAM_STATUS_OK), false);
 			}
 			else
@@ -373,56 +406,77 @@ namespace client
 			SendMessageReply (SAM_STREAM_STATUS_INVALID_ID, strlen(SAM_STREAM_STATUS_INVALID_ID), true);
 	}
 
+	size_t SAMSocket::ProcessDatagramSend (char * buf, size_t len, const char * data)
+	{
+		LogPrint (eLogDebug, "SAM datagram send: ", buf, " ", len);
+		std::map<std::string, std::string> params;
+		ExtractParams (buf, params);
+		size_t size = boost::lexical_cast<int>(params[SAM_PARAM_SIZE]), offset = data - buf;
+		if (offset + size <= len)
+		{	
+			if (m_Session)
+			{	
+				auto d = m_Session->localDestination->GetDatagramDestination ();
+				if (d)
+				{
+					i2p::data::IdentityEx dest;
+					dest.FromBase64 (params[SAM_PARAM_DESTINATION]);
+					d->SendDatagramTo ((const uint8_t *)data, size, dest.GetIdentHash ());
+				}
+				else
+					LogPrint (eLogError, "SAM missing datagram destination");
+			}
+			else
+				LogPrint (eLogError, "SAM session is not created from DATAGRAM SEND");
+		}	
+		else
+		{
+			LogPrint (eLogWarning, "SAM sent datagram size ", size, " exceeds buffer ", len - offset);
+			return 0; // try to receive more
+		}	
+		return offset + size;
+	}	
+		
 	void SAMSocket::ProcessDestGenerate ()
 	{
-		LogPrint ("SAM dest generate");
-		auto localDestination = i2p::client::context.CreateNewLocalDestination ();
-		if (localDestination)
-		{
-			uint8_t buf[1024];
-			char priv[1024], pub[1024];
-			size_t l = localDestination->GetPrivateKeys ().ToBuffer (buf, 1024);
-			size_t l1 = i2p::data::ByteStreamToBase64 (buf, l, priv, 1024);
-			priv[l1] = 0;
-
-			l = localDestination->GetIdentity ().ToBuffer (buf, 1024);
-			l1 = i2p::data::ByteStreamToBase64 (buf, l, pub, 1024);
-			pub[l1] = 0;
+		LogPrint (eLogDebug, "SAM dest generate");
+		auto keys = i2p::data::PrivateKeys::CreateRandomKeys ();
 #ifdef _MSC_VER
-			size_t len = sprintf_s (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_DEST_REPLY, pub, priv);	
+		size_t len = sprintf_s (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_DEST_REPLY, 
+			keys.GetPublic ().ToBase64 ().c_str (), keys.ToBase64 ().c_str ());	
 #else			                        
-			size_t len = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_DEST_REPLY, pub, priv);
+		size_t len = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_DEST_REPLY, 
+		    keys.GetPublic ().ToBase64 ().c_str (), keys.ToBase64 ().c_str ());
 #endif
-			SendMessageReply (m_Buffer, len, true);
-		}
-		else
-			SendMessageReply (SAM_DEST_REPLY_I2P_ERROR, strlen(SAM_DEST_REPLY_I2P_ERROR), true);
+		SendMessageReply (m_Buffer, len, false);
 	}
 
 	void SAMSocket::ProcessNamingLookup (char * buf, size_t len)
 	{
-		LogPrint ("SAM naming lookup: ", buf);
+		LogPrint (eLogDebug, "SAM naming lookup: ", buf);
 		std::map<std::string, std::string> params;
-		ExtractParams (buf, len, params);
+		ExtractParams (buf, params);
 		std::string& name = params[SAM_PARAM_NAME];
+		i2p::data::IdentityEx identity;
 		i2p::data::IdentHash ident;
 		if (name == "ME")
-			SendNamingLookupReply (nullptr);
-		else if (m_Session && context.GetAddressBook ().GetIdentHash (name, ident))
+			SendNamingLookupReply (m_Session->localDestination->GetIdentity ());
+		else if (context.GetAddressBook ().GetAddress (name, identity))
+			SendNamingLookupReply (identity);
+		else if (m_Session && m_Session->localDestination &&
+			context.GetAddressBook ().GetIdentHash (name, ident))
 		{
 			auto leaseSet = m_Session->localDestination->FindLeaseSet (ident);
 			if (leaseSet)
-				SendNamingLookupReply (leaseSet);
+				SendNamingLookupReply (leaseSet->GetIdentity ());
 			else
-			{
-				i2p::data::netdb.RequestDestination (ident, true, m_Session->localDestination->GetTunnelPool ());
-				m_Timer.expires_from_now (boost::posix_time::seconds(SAM_NAMING_LOOKUP_TIMEOUT));
-				m_Timer.async_wait (boost::bind (&SAMSocket::HandleNamingLookupDestinationRequestTimer,
-					this, boost::asio::placeholders::error, ident));
-			}	
-		}
-		else
+				m_Session->localDestination->RequestDestination (ident, 
+					std::bind (&SAMSocket::HandleNamingLookupLeaseSetRequestComplete,
+					shared_from_this (), std::placeholders::_1, ident));	
+		}	
+		else 
 		{
+			LogPrint ("SAM naming failed. Unknown address ", name);
 #ifdef _MSC_VER
 			size_t len = sprintf_s (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_NAMING_REPLY_INVALID_KEY, name.c_str());
 #else				
@@ -432,23 +486,42 @@ namespace client
 		}
 	}	
 
-	void SAMSocket::SendNamingLookupReply (const i2p::data::LeaseSet * leaseSet)
+	void  SAMSocket::HandleNamingLookupLeaseSetRequestComplete (bool success, i2p::data::IdentHash ident)
 	{
-		uint8_t buf[1024];
-		char pub[1024];
-		const i2p::data::IdentityEx& identity = leaseSet ? leaseSet->GetIdentity () : m_Session->localDestination->GetIdentity ();
-		size_t l = identity.ToBuffer (buf, 1024);
-		size_t l1 = i2p::data::ByteStreamToBase64 (buf, l, pub, 1024);
-		pub[l1] = 0;
+		std::shared_ptr<const i2p::data::LeaseSet> leaseSet;
+		if (success) 
+			leaseSet = m_Session->localDestination->FindLeaseSet (ident);
+		if (leaseSet)
+		{	
+			context.GetAddressBook ().InsertAddress (leaseSet->GetIdentity ());
+			SendNamingLookupReply (leaseSet->GetIdentity ());
+		}	
+		else
+		{
+			LogPrint (eLogInfo, "SAM naming lookup failed. LeaseSet for ", ident.ToBase32 (), " not found");
 #ifdef _MSC_VER
-		size_t l2 = sprintf_s (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_NAMING_REPLY, pub); 	
-#else			
-		size_t l2 = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_NAMING_REPLY, pub);
+			size_t len = sprintf_s (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_NAMING_REPLY_INVALID_KEY, 
+				context.GetAddressBook ().ToAddress (ident).c_str());
+#else				
+			size_t len = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_NAMING_REPLY_INVALID_KEY,
+				context.GetAddressBook ().ToAddress (ident).c_str());
 #endif
-		SendMessageReply (m_Buffer, l2, false);
+			SendMessageReply (m_Buffer, len, false);
+		}
+	}	
+		
+	void SAMSocket::SendNamingLookupReply (const i2p::data::IdentityEx& identity)
+	{
+		auto base64 = identity.ToBase64 ();
+#ifdef _MSC_VER
+		size_t l = sprintf_s (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_NAMING_REPLY, base64.c_str ()); 	
+#else			
+		size_t l = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_NAMING_REPLY, base64.c_str ());
+#endif
+		SendMessageReply (m_Buffer, l, false);
 	}
 
-	void SAMSocket::ExtractParams (char * buf, size_t len, std::map<std::string, std::string>& params)
+	void SAMSocket::ExtractParams (char * buf, std::map<std::string, std::string>& params)
 	{
 		char * separator;	
 		do
@@ -469,9 +542,15 @@ namespace client
 
 	void SAMSocket::Receive ()
 	{
-		m_Socket.async_read_some (boost::asio::buffer(m_Buffer, SAM_SOCKET_BUFFER_SIZE),                
-			boost::bind((m_SocketType == eSAMSocketTypeSession) ? &SAMSocket::HandleMessage : &SAMSocket::HandleReceived,
-			this, boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred));
+		if (m_BufferOffset >= SAM_SOCKET_BUFFER_SIZE)
+		{
+			LogPrint (eLogError, "Buffer is full. Terminate");
+			Terminate ();
+			return;
+		}
+		m_Socket.async_read_some (boost::asio::buffer(m_Buffer + m_BufferOffset, SAM_SOCKET_BUFFER_SIZE - m_BufferOffset),                
+			std::bind((m_SocketType == eSAMSocketTypeStream) ? &SAMSocket::HandleReceived : &SAMSocket::HandleMessage,
+			shared_from_this (), std::placeholders::_1, std::placeholders::_2));
 	}
 
 	void SAMSocket::HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred)
@@ -494,8 +573,8 @@ namespace client
 	{
 		if (m_Stream)
 			m_Stream->AsyncReceive (boost::asio::buffer (m_StreamBuffer, SAM_SOCKET_BUFFER_SIZE),
-				boost::bind (&SAMSocket::HandleI2PReceive, this,
-					boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred),
+				std::bind (&SAMSocket::HandleI2PReceive, shared_from_this (),
+					std::placeholders::_1, std::placeholders::_2),
 				SAM_SOCKET_CONNECTION_MAX_IDLE);
 	}	
 
@@ -510,7 +589,7 @@ namespace client
 		else
 		{
 			boost::asio::async_write (m_Socket, boost::asio::buffer (m_StreamBuffer, bytes_transferred),
-        		boost::bind (&SAMSocket::HandleWriteI2PData, this, boost::asio::placeholders::error));
+        		std::bind (&SAMSocket::HandleWriteI2PData, shared_from_this (), std::placeholders::_1));
 		}
 	}
 
@@ -526,40 +605,85 @@ namespace client
 			I2PReceive ();
 	}
 
-	void SAMSocket::HandleI2PAccept (i2p::stream::Stream * stream)
+	void SAMSocket::HandleI2PAccept (std::shared_ptr<i2p::stream::Stream> stream)
 	{
 		if (stream)
 		{
 			LogPrint ("SAM incoming I2P connection for session ", m_ID);
 			m_Stream = stream;
+			context.GetAddressBook ().InsertAddress (stream->GetRemoteIdentity ());
 			auto session = m_Owner.FindSession (m_ID);
 			if (session)	
 				session->localDestination->StopAcceptingStreams ();	
+			m_SocketType = eSAMSocketTypeStream;
 			if (!m_IsSilent)
 			{
 				// send remote peer address
 				uint8_t ident[1024];
 				size_t l = stream->GetRemoteIdentity ().ToBuffer (ident, 1024);
-				size_t l1 = i2p::data::ByteStreamToBase64 (ident, l, m_Buffer, SAM_SOCKET_BUFFER_SIZE);
-				m_Buffer[l1] = '\n';
-				SendMessageReply (m_Buffer, l1 + 1, false);
+				size_t l1 = i2p::data::ByteStreamToBase64 (ident, l, (char *)m_StreamBuffer, SAM_SOCKET_BUFFER_SIZE);
+				m_StreamBuffer[l1] = '\n';
+				HandleI2PReceive (boost::system::error_code (), l1 +1); // we send identity like it has been received from stream
 			}	
-			I2PReceive ();
+			else
+				I2PReceive ();
 		}
+		else
+			LogPrint (eLogInfo, "SAM I2P acceptor has been reset");
 	}	
 
+	void SAMSocket::HandleI2PDatagramReceive (const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len)
+	{
+		LogPrint (eLogDebug, "SAM datagram received ", len);
+		auto base64 = from.ToBase64 ();
+#ifdef _MSC_VER
+		size_t l = sprintf_s ((char *)m_StreamBuffer, SAM_SOCKET_BUFFER_SIZE, SAM_DATAGRAM_RECEIVED, base64.c_str (), len); 	
+#else			
+		size_t l = snprintf ((char *)m_StreamBuffer, SAM_SOCKET_BUFFER_SIZE, SAM_DATAGRAM_RECEIVED, base64.c_str (), len); 	
+#endif
+		if (len < SAM_SOCKET_BUFFER_SIZE - l)	
+		{	
+			memcpy (m_StreamBuffer + l, buf, len);
+			boost::asio::async_write (m_Socket, boost::asio::buffer (m_StreamBuffer, len + l),
+        		std::bind (&SAMSocket::HandleWriteI2PData, shared_from_this (), std::placeholders::_1));
+		}
+		else
+			LogPrint (eLogWarning, "SAM received datagram size ", len," exceeds buffer");
+	}
+
+	SAMSession::SAMSession (std::shared_ptr<ClientDestination> dest):
+		localDestination (dest)
+	{
+	}
+		
+	SAMSession::~SAMSession ()
+	{
+		for (auto it: sockets)
+			it->SetSocketType (eSAMSocketTypeTerminated);
+		i2p::client::context.DeleteLocalDestination (localDestination);
+	}
+
+	void SAMSession::CloseStreams ()
+	{
+		for (auto it: sockets)
+		{	
+			it->CloseStream ();
+			it->SetSocketType (eSAMSocketTypeTerminated);
+		}	
+		sockets.clear ();
+	}
+
 	SAMBridge::SAMBridge (int port):
 		m_IsRunning (false), m_Thread (nullptr),
 		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v4(), port)),
-		m_DatagramEndpoint (boost::asio::ip::udp::v4 (), port-1), m_DatagramSocket (m_Service, m_DatagramEndpoint),
-		m_NewSocket (nullptr)
+		m_DatagramEndpoint (boost::asio::ip::udp::v4 (), port-1), m_DatagramSocket (m_Service, m_DatagramEndpoint)
 	{
 	}
 
 	SAMBridge::~SAMBridge ()
 	{
-		Stop ();
-		delete m_NewSocket;
+		if (m_IsRunning)
+			Stop ();
 	}	
 
 	void SAMBridge::Start ()
@@ -573,6 +697,10 @@ namespace client
 	void SAMBridge::Stop ()
 	{
 		m_IsRunning = false;
+		m_Acceptor.cancel ();
+		for (auto it: m_Sessions)
+			delete it.second;
+		m_Sessions.clear ();
 		m_Service.stop ();
 		if (m_Thread)
 		{	
@@ -599,52 +727,62 @@ namespace client
 
 	void SAMBridge::Accept ()
 	{
-		m_NewSocket = new SAMSocket (*this);
-		m_Acceptor.async_accept (m_NewSocket->GetSocket (), boost::bind (&SAMBridge::HandleAccept, this,
-			boost::asio::placeholders::error));
+		auto newSocket = std::make_shared<SAMSocket> (*this);
+		m_Acceptor.async_accept (newSocket->GetSocket (), std::bind (&SAMBridge::HandleAccept, this,
+			std::placeholders::_1, newSocket));
 	}
 
-	void SAMBridge::HandleAccept(const boost::system::error_code& ecode)
+	void SAMBridge::HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<SAMSocket> socket)
 	{
 		if (!ecode)
 		{
-			LogPrint ("New SAM connection from ", m_NewSocket->GetSocket ().remote_endpoint ());
-			m_NewSocket->ReceiveHandshake ();		
+			boost::system::error_code ec;
+			auto ep = socket->GetSocket ().remote_endpoint (ec);
+			if (!ec)
+			{	
+				LogPrint ("New SAM connection from ", ep);
+				socket->ReceiveHandshake ();
+			}
+			else
+				LogPrint (eLogError, "SAM connection from error ", ec.message ());
 		}
 		else
-		{
 			LogPrint ("SAM accept error: ",  ecode.message ());
-			delete m_NewSocket;
-			m_NewSocket = nullptr;	
-		}
 
 		if (ecode != boost::asio::error::operation_aborted)
 			Accept ();
 	}
 
-	SAMSession * SAMBridge::CreateSession (const std::string& id, const std::string& destination)
+	SAMSession * SAMBridge::CreateSession (const std::string& id, const std::string& destination, 
+		const std::map<std::string, std::string> * params)
 	{
-		ClientDestination * localDestination = nullptr; 
+		std::shared_ptr<ClientDestination> localDestination = nullptr; 
 		if (destination != "")
 		{
-			uint8_t * buf = new uint8_t[destination.length ()];
-			size_t l = i2p::data::Base64ToByteStream (destination.c_str (), destination.length (), buf, destination.length ());
 			i2p::data::PrivateKeys keys;
-			keys.FromBuffer (buf, l);
-			delete[] buf;
-			localDestination = i2p::client::context.CreateNewLocalDestination (keys);
+			keys.FromBase64 (destination);
+			localDestination = i2p::client::context.CreateNewLocalDestination (keys, true, params);
 		}
 		else // transient
-			localDestination = i2p::client::context.CreateNewLocalDestination (); 
+		{
+			// extract signature type
+			i2p::data::SigningKeyType signatureType = i2p::data::SIGNING_KEY_TYPE_DSA_SHA1;
+			if (params)
+			{
+				auto it = params->find (SAM_PARAM_SIGNATURE_TYPE);
+				if (it != params->end ())
+					// TODO: extract string values	
+					signatureType = boost::lexical_cast<int> (it->second);
+			}
+			localDestination = i2p::client::context.CreateNewLocalDestination (true, signatureType, params); 
+		}
 		if (localDestination)
 		{
-			SAMSession session;
-			session.localDestination = localDestination;
 			std::unique_lock<std::mutex> l(m_SessionsMutex);
-			auto ret = m_Sessions.insert (std::pair<std::string, SAMSession>(id, session));
+			auto ret = m_Sessions.insert (std::pair<std::string, SAMSession *>(id, new SAMSession (localDestination)));
 			if (!ret.second)
 				LogPrint ("Session ", id, " already exists");
-			return &(ret.first->second);
+			return ret.first->second;
 		}
 		return nullptr;
 	}
@@ -655,20 +793,20 @@ namespace client
 		auto it = m_Sessions.find (id);
 		if (it != m_Sessions.end ())
 		{
-			for (auto it1 : it->second.sockets)
-				delete it1;
-			it->second.sockets.clear ();
-			it->second.localDestination->Stop ();
+			auto session = it->second;
+			session->localDestination->StopAcceptingStreams ();
+			session->CloseStreams ();
 			m_Sessions.erase (it);
+			delete session;
 		}
 	}
 
-	SAMSession * SAMBridge::FindSession (const std::string& id)
+	SAMSession * SAMBridge::FindSession (const std::string& id) const
 	{
 		std::unique_lock<std::mutex> l(m_SessionsMutex);
 		auto it = m_Sessions.find (id);
 		if (it != m_Sessions.end ())
-			return &it->second;
+			return it->second;
 		return nullptr;
 	}
 
@@ -677,7 +815,7 @@ namespace client
 		m_DatagramSocket.async_receive_from (
 			boost::asio::buffer (m_DatagramReceiveBuffer, i2p::datagram::MAX_DATAGRAM_SIZE), 
 			m_SenderEndpoint,
-			boost::bind (&SAMBridge::HandleReceivedDatagram, this, boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred)); 
+			std::bind (&SAMBridge::HandleReceivedDatagram, this, std::placeholders::_1, std::placeholders::_2)); 
 	}
 
 	void SAMBridge::HandleReceivedDatagram (const boost::system::error_code& ecode, std::size_t bytes_transferred)
@@ -700,20 +838,10 @@ namespace client
 					auto session = FindSession (sessionID);
 					if (session)
 					{	
-						uint8_t ident[1024];
-						size_t l = i2p::data::Base64ToByteStream (destination, strlen(destination), ident, 1024);
 						i2p::data::IdentityEx dest;
-						dest.FromBuffer (ident, l);
-						auto leaseSet = i2p::data::netdb.FindLeaseSet (dest.GetIdentHash ());
-						if (leaseSet)
-							session->localDestination->GetDatagramDestination ()->
-								SendDatagramTo ((uint8_t *)eol, payloadLen, *leaseSet);
-						else
-						{
-							LogPrint ("SAM datagram destination not found");
-							i2p::data::netdb.RequestDestination (dest.GetIdentHash (), true, 
-								session->localDestination->GetTunnelPool ());
-						}	
+						dest.FromBase64 (destination);
+						session->localDestination->GetDatagramDestination ()->
+							SendDatagramTo ((uint8_t *)eol, payloadLen, dest.GetIdentHash ());
 					}	
 					else
 						LogPrint ("Session ", sessionID, " not found");

SAM.h

@@ -7,6 +7,7 @@
 #include <list>
 #include <thread>
 #include <mutex>
+#include <memory>
 #include <boost/asio.hpp>
 #include "Identity.h"
 #include "LeaseSet.h"
@@ -17,13 +18,12 @@ namespace i2p
 {
 namespace client
 {
-	const size_t SAM_SOCKET_BUFFER_SIZE = 4096;
-	const int SAM_SOCKET_CONNECTION_MAX_IDLE = 3600; // in seconds	
-	const int SAM_CONNECT_TIMEOUT = 5; // in seconds
-	const int SAM_NAMING_LOOKUP_TIMEOUT = 5; // in seconds
+	const size_t SAM_SOCKET_BUFFER_SIZE = 8192;
+	const int SAM_SOCKET_CONNECTION_MAX_IDLE = 3600; // in seconds
 	const int SAM_SESSION_READINESS_CHECK_INTERVAL = 20; // in seconds	
 	const char SAM_HANDSHAKE[] = "HELLO VERSION";
-	const char SAM_HANDSHAKE_REPLY[] = "HELLO REPLY RESULT=OK VERSION=3.0\n";
+	const char SAM_HANDSHAKE_REPLY[] = "HELLO REPLY RESULT=OK VERSION=%s\n";
+	const char SAM_HANDSHAKE_I2P_ERROR[] = "HELLO REPLY RESULT=I2P_ERROR\n";	
 	const char SAM_SESSION_CREATE[] = "SESSION CREATE";
 	const char SAM_SESSION_CREATE_REPLY_OK[] = "SESSION STATUS RESULT=OK DESTINATION=%s\n";
 	const char SAM_SESSION_CREATE_DUPLICATED_ID[] = "SESSION STATUS RESULT=DUPLICATED_ID\n";
@@ -34,18 +34,24 @@ namespace client
 	const char SAM_STREAM_STATUS_CANT_REACH_PEER[] = "STREAM STATUS RESULT=CANT_REACH_PEER\n";
 	const char SAM_STREAM_STATUS_I2P_ERROR[] = "STREAM STATUS RESULT=I2P_ERROR\n";
 	const char SAM_STREAM_ACCEPT[] = "STREAM ACCEPT";	
+	const char SAM_DATAGRAM_SEND[] = "DATAGRAM SEND";
 	const char SAM_DEST_GENERATE[] = "DEST GENERATE";
 	const char SAM_DEST_REPLY[] = "DEST REPLY PUB=%s PRIV=%s\n";	
 	const char SAM_DEST_REPLY_I2P_ERROR[] = "DEST REPLY RESULT=I2P_ERROR\n";
 	const char SAM_NAMING_LOOKUP[] = "NAMING LOOKUP";
 	const char SAM_NAMING_REPLY[] = "NAMING REPLY RESULT=OK NAME=ME VALUE=%s\n";
+	const char SAM_DATAGRAM_RECEIVED[] = "DATAGRAM RECEIVED DESTINATION=%s SIZE=%lu\n";	
 	const char SAM_NAMING_REPLY_INVALID_KEY[] = "NAMING REPLY RESULT=INVALID_KEY NAME=%s\n";
-	const char SAM_NAMING_REPLY_KEY_NOT_FOUND[] = "NAMING REPLY RESULT=INVALID_KEY_NOT_FOUND NAME=%s\n";		
+	const char SAM_NAMING_REPLY_KEY_NOT_FOUND[] = "NAMING REPLY RESULT=INVALID_KEY_NOT_FOUND NAME=%s\n";
+	const char SAM_PARAM_MIN[] = "MIN";	
+	const char SAM_PARAM_MAX[] = "MAX";				
 	const char SAM_PARAM_STYLE[] = "STYLE";		
 	const char SAM_PARAM_ID[] = "ID";	
 	const char SAM_PARAM_SILENT[] = "SILENT";
 	const char SAM_PARAM_DESTINATION[] = "DESTINATION";	
-	const char SAM_PARAM_NAME[] = "NAME";		
+	const char SAM_PARAM_NAME[] = "NAME";
+	const char SAM_PARAM_SIGNATURE_TYPE[] = "SIGNATURE_TYPE";	
+	const char SAM_PARAM_SIZE[] = "SIZE";
 	const char SAM_VALUE_TRANSIENT[] = "TRANSIENT";	
 	const char SAM_VALUE_STREAM[] = "STREAM";
 	const char SAM_VALUE_DATAGRAM[] = "DATAGRAM";
@@ -58,24 +64,28 @@ namespace client
 		eSAMSocketTypeUnknown,
 		eSAMSocketTypeSession,
 		eSAMSocketTypeStream,
-		eSAMSocketTypeAcceptor	
+		eSAMSocketTypeAcceptor,
+		eSAMSocketTypeTerminated
 	};
 
 	class SAMBridge;
-	class SAMSession;
-	class SAMSocket
+	struct SAMSession;
+	class SAMSocket: public std::enable_shared_from_this<SAMSocket>
 	{
 		public:
 
 			SAMSocket (SAMBridge& owner);
 			~SAMSocket ();			
+			void CloseStream (); // TODO: implement it better	
 
 			boost::asio::ip::tcp::socket& GetSocket () { return m_Socket; };
 			void ReceiveHandshake ();
+			void SetSocketType (SAMSocketType socketType) { m_SocketType = socketType; };
+			SAMSocketType GetSocketType () const { return m_SocketType; };
 
 		private:
 
-			void Terminate ();
+			void Terminate ();	
 			void HandleHandshakeReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 			void HandleHandshakeReplySent (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 			void HandleMessage (const boost::system::error_code& ecode, std::size_t bytes_transferred);
@@ -86,20 +96,22 @@ namespace client
 
 			void I2PReceive ();	
 			void HandleI2PReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
-			void HandleI2PAccept (i2p::stream::Stream * stream);
+			void HandleI2PAccept (std::shared_ptr<i2p::stream::Stream> stream);
 			void HandleWriteI2PData (const boost::system::error_code& ecode);
+			void HandleI2PDatagramReceive (const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
 
 			void ProcessSessionCreate (char * buf, size_t len);
 			void ProcessStreamConnect (char * buf, size_t len);
 			void ProcessStreamAccept (char * buf, size_t len);
 			void ProcessDestGenerate ();
 			void ProcessNamingLookup (char * buf, size_t len);
-			void ExtractParams (char * buf, size_t len, std::map<std::string, std::string>& params);
+			size_t ProcessDatagramSend (char * buf, size_t len, const char * data); // from SAM 1.0	
+			void ExtractParams (char * buf, std::map<std::string, std::string>& params);
 
-			void Connect (const i2p::data::LeaseSet& remote);
-			void HandleStreamDestinationRequestTimer (const boost::system::error_code& ecode, i2p::data::IdentHash ident);
-			void HandleNamingLookupDestinationRequestTimer (const boost::system::error_code& ecode, i2p::data::IdentHash ident);
-			void SendNamingLookupReply (const i2p::data::LeaseSet * leaseSet);
+			void Connect (std::shared_ptr<const i2p::data::LeaseSet> remote);
+			void HandleConnectLeaseSetRequestComplete (bool success, i2p::data::IdentHash ident);
+			void SendNamingLookupReply (const i2p::data::IdentityEx& identity);
+			void HandleNamingLookupLeaseSetRequestComplete (bool success, i2p::data::IdentHash ident);
 			void HandleSessionReadinessCheckTimer (const boost::system::error_code& ecode);
 			void SendSessionCreateReplyOk ();
 
@@ -109,18 +121,24 @@ namespace client
 			boost::asio::ip::tcp::socket m_Socket;
 			boost::asio::deadline_timer m_Timer;
 			char m_Buffer[SAM_SOCKET_BUFFER_SIZE + 1];
+			size_t m_BufferOffset;
 			uint8_t m_StreamBuffer[SAM_SOCKET_BUFFER_SIZE];
 			SAMSocketType m_SocketType;
 			std::string m_ID; // nickname
 			bool m_IsSilent;
-			i2p::stream::Stream * m_Stream;
+			std::shared_ptr<i2p::stream::Stream> m_Stream;
 			SAMSession * m_Session;
 	};	
 
 	struct SAMSession
 	{
-		ClientDestination * localDestination;
-		std::list<SAMSocket *> sockets;
+		std::shared_ptr<ClientDestination> localDestination;
+		std::list<std::shared_ptr<SAMSocket> > sockets;
+		
+		SAMSession (std::shared_ptr<ClientDestination> dest);		
+		~SAMSession ();
+
+		void CloseStreams ();
 	};
 
 	class SAMBridge
@@ -134,16 +152,17 @@ namespace client
 			void Stop ();
 			
 			boost::asio::io_service& GetService () { return m_Service; };
-			SAMSession * CreateSession (const std::string& id, const std::string& destination = ""); // empty string  means transient
+			SAMSession * CreateSession (const std::string& id, const std::string& destination, // empty string  means transient
+				const std::map<std::string, std::string> * params);
 			void CloseSession (const std::string& id);
-			SAMSession * FindSession (const std::string& id);
+			SAMSession * FindSession (const std::string& id) const;
 
 		private:
 
 			void Run ();
 
 			void Accept ();
-			void HandleAccept(const boost::system::error_code& ecode);
+			void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<SAMSocket> socket);
 
 			void ReceiveDatagram ();
 			void HandleReceivedDatagram (const boost::system::error_code& ecode, std::size_t bytes_transferred);
@@ -156,10 +175,14 @@ namespace client
 			boost::asio::ip::tcp::acceptor m_Acceptor;
 			boost::asio::ip::udp::endpoint m_DatagramEndpoint, m_SenderEndpoint;
 			boost::asio::ip::udp::socket m_DatagramSocket;
-			SAMSocket * m_NewSocket;
-			std::mutex m_SessionsMutex;
-			std::map<std::string, SAMSession> m_Sessions;
+			mutable std::mutex m_SessionsMutex;
+			std::map<std::string, SAMSession *> m_Sessions;
 			uint8_t m_DatagramReceiveBuffer[i2p::datagram::MAX_DATAGRAM_SIZE+1];
+
+		public:
+
+			// for HTTP
+			const decltype(m_Sessions)& GetSessions () const { return m_Sessions; };
 	};		
 }
 }

SOCKS.cpp

@@ -1,284 +1,575 @@
+#include <cstring>
+#include <cassert>
+#include <string>
+#include <atomic>
 #include "SOCKS.h"
 #include "Identity.h"
-#include "NetDb.h"
+#include "Streaming.h"
 #include "Destination.h"
 #include "ClientContext.h"
-#include <cstring>
-#include <stdexcept>
-#include <boost/date_time/posix_time/posix_time.hpp>
-#include <boost/bind.hpp>
+#include "I2PEndian.h"
+#include "I2PTunnel.h"
 
 namespace i2p
 {
 namespace proxy
 {
-	const uint8_t socks_leaseset_timeout = 10;
-	const uint8_t socks_timeout = 60;
-		
-	void SOCKS4AHandler::AsyncSockRead()
+	static const size_t socks_buffer_size = 8192;
+	static const size_t max_socks_hostname_size = 255; // Limit for socks5 and bad idea to traverse
+
+	struct SOCKSDnsAddress 
 	{
-		LogPrint("--- socks4a async sock read");
-		if(m_sock) {
-			if (m_state == INITIAL) {
-				m_sock->async_receive(boost::asio::buffer(m_sock_buff, socks_buffer_size),
-						      boost::bind(&SOCKS4AHandler::HandleSockRecv, this,
-								  boost::asio::placeholders::error,
-								  boost::asio::placeholders::bytes_transferred));
-			} else { 
-				m_sock->async_receive(boost::asio::buffer(m_sock_buff, socks_buffer_size),
-						      boost::bind(&SOCKS4AHandler::HandleSockForward, this,
-								  boost::asio::placeholders::error,
-								  boost::asio::placeholders::bytes_transferred));
-			}
-		} else {
-			LogPrint("--- socks4a no socket for read");
+		uint8_t size;
+		char value[max_socks_hostname_size];
+		void FromString (std::string str) 
+		{
+			size = str.length();
+			if (str.length() > max_socks_hostname_size) size = max_socks_hostname_size;
+			memcpy(value,str.c_str(),size);
 		}
-	}
-	
-	void SOCKS4AHandler::AsyncStreamRead()
+		std::string ToString() { return std::string(value, size); }
+		void push_back (char c) { value[size++] = c; }
+	};
+
+	class SOCKSServer;
+	class SOCKSHandler: public i2p::client::I2PServiceHandler, public std::enable_shared_from_this<SOCKSHandler> 
 	{
-		
-		LogPrint("--- socks4a async stream read");
-		if (m_stream) {
-			m_stream->AsyncReceive(
-				boost::asio::buffer(m_stream_buff, socks_buffer_size),
-				boost::bind(&SOCKS4AHandler::HandleStreamRecv, this,
-					    boost::asio::placeholders::error, 
-					    boost::asio::placeholders::bytes_transferred), socks_timeout);
-		} else {
-			LogPrint("--- socks4a no stream for read");
-		}
+		private:
+			enum state 
+			{
+				GET_SOCKSV,
+				GET_COMMAND,
+				GET_PORT,
+				GET_IPV4,
+				GET4_IDENT,
+				GET4A_HOST,
+				GET5_AUTHNUM,
+				GET5_AUTH,
+				GET5_REQUESTV,
+				GET5_GETRSV,
+				GET5_GETADDRTYPE,
+				GET5_IPV6,
+				GET5_HOST_SIZE,
+				GET5_HOST,
+				DONE
+			};
+			enum authMethods 
+			{
+				AUTH_NONE = 0, //No authentication, skip to next step
+				AUTH_GSSAPI = 1, //GSSAPI authentication
+				AUTH_USERPASSWD = 2, //Username and password
+				AUTH_UNACCEPTABLE = 0xff //No acceptable method found
+			};
+			enum addrTypes 
+			{
+				ADDR_IPV4 = 1, //IPv4 address (4 octets)
+				ADDR_DNS = 3, // DNS name (up to 255 octets)
+				ADDR_IPV6 = 4 //IPV6 address (16 octets)
+			};
+			enum errTypes 
+			{
+				SOCKS5_OK = 0, // No error for SOCKS5
+				SOCKS5_GEN_FAIL = 1, // General server failure
+				SOCKS5_RULE_DENIED = 2, // Connection disallowed by ruleset
+				SOCKS5_NET_UNREACH = 3, // Network unreachable
+				SOCKS5_HOST_UNREACH = 4, // Host unreachable
+				SOCKS5_CONN_REFUSED = 5, // Connection refused by the peer
+				SOCKS5_TTL_EXPIRED = 6, // TTL Expired
+				SOCKS5_CMD_UNSUP = 7, // Command unsuported
+				SOCKS5_ADDR_UNSUP = 8, // Address type unsuported
+				SOCKS4_OK = 90, // No error for SOCKS4
+				SOCKS4_FAIL = 91, // Failed establishing connecting or not allowed
+				SOCKS4_IDENTD_MISSING = 92, // Couldn't connect to the identd server
+				SOCKS4_IDENTD_DIFFER = 93 // The ID reported by the application and by identd differ
+			};
+			enum cmdTypes 
+			{
+				CMD_CONNECT = 1, // TCP Connect
+				CMD_BIND = 2, // TCP Bind
+				CMD_UDP = 3 // UDP associate
+			};
+			enum socksVersions 
+			{
+				SOCKS4 = 4, // SOCKS4
+				SOCKS5 = 5 // SOCKS5
+			};
+			union address 
+			{
+				uint32_t ip;
+				SOCKSDnsAddress dns;
+				uint8_t ipv6[16];
+			};
+
+			void EnterState(state nstate, uint8_t parseleft = 1);
+			bool HandleData(uint8_t *sock_buff, std::size_t len);
+			bool ValidateSOCKSRequest();
+			void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered);
+			void Terminate();
+			void AsyncSockRead();
+			boost::asio::const_buffers_1 GenerateSOCKS5SelectAuth(authMethods method);
+			boost::asio::const_buffers_1 GenerateSOCKS4Response(errTypes error, uint32_t ip, uint16_t port);
+			boost::asio::const_buffers_1 GenerateSOCKS5Response(errTypes error, addrTypes type, const address &addr, uint16_t port);
+			bool Socks5ChooseAuth();
+			void SocksRequestFailed(errTypes error);
+			void SocksRequestSuccess();
+			void SentSocksFailed(const boost::system::error_code & ecode);
+			void SentSocksDone(const boost::system::error_code & ecode);
+			void SentSocksResponse(const boost::system::error_code & ecode);
+			void HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream);
+
+			uint8_t m_sock_buff[socks_buffer_size];
+			boost::asio::ip::tcp::socket * m_sock;
+			std::shared_ptr<i2p::stream::Stream> m_stream;
+			uint8_t *m_remaining_data; //Data left to be sent
+			uint8_t m_response[7+max_socks_hostname_size];
+			address m_address; //Address
+			std::size_t m_remaining_data_len; //Size of the data left to be sent
+			uint32_t m_4aip; //Used in 4a requests
+			uint16_t m_port;
+			uint8_t m_command;
+			uint8_t m_parseleft; //Octets left to parse
+			authMethods m_authchosen; //Authentication chosen
+			addrTypes m_addrtype; //Address type chosen
+			socksVersions m_socksv; //Socks version
+			cmdTypes m_cmd; // Command requested
+			state m_state;
+
+		public:
+			SOCKSHandler(SOCKSServer * parent, boost::asio::ip::tcp::socket * sock) :
+				I2PServiceHandler(parent), m_sock(sock), m_stream(nullptr),
+				m_authchosen(AUTH_UNACCEPTABLE), m_addrtype(ADDR_IPV4)
+				{ m_address.ip = 0; EnterState(GET_SOCKSV); }
+			~SOCKSHandler() { Terminate(); }
+			void Handle() { AsyncSockRead(); }
+	};
+
+	void SOCKSHandler::AsyncSockRead()
+	{
+		LogPrint(eLogDebug,"--- SOCKS async sock read");
+		if(m_sock)
+			m_sock->async_receive(boost::asio::buffer(m_sock_buff, socks_buffer_size),
+						std::bind(&SOCKSHandler::HandleSockRecv, shared_from_this(),
+								std::placeholders::_1, std::placeholders::_2));
+		else 
+			LogPrint(eLogError,"--- SOCKS no socket for read");
 	}
 
-        void SOCKS4AHandler::Terminate() {
-                CloseStream();
-                CloseSock();
-                delete this; // ew
-        }
-	
-	void SOCKS4AHandler::SocksFailed()
+	void SOCKSHandler::Terminate() 
 	{
-		LogPrint("--- socks4a failed");
-		m_sock->send(boost::asio::buffer("\x00\x5b 12345"));
-		Terminate();
-	}
-	
-	void SOCKS4AHandler::CloseSock()
-	{
-		if (m_sock) {
-			LogPrint("--- socks4a close sock");
+		if (Kill()) return;
+		if (m_sock) 
+		{
+			LogPrint(eLogDebug,"--- SOCKS close sock");
 			m_sock->close();
 			delete m_sock;
 			m_sock = nullptr;
 		}
+		if (m_stream) 
+		{
+			LogPrint(eLogDebug,"--- SOCKS close stream");
+			m_stream.reset ();
+		}
+		Done(shared_from_this());
 	}
 
-	void SOCKS4AHandler::CloseStream()
+	boost::asio::const_buffers_1 SOCKSHandler::GenerateSOCKS4Response(SOCKSHandler::errTypes error, uint32_t ip, uint16_t port)
 	{
-		if (m_stream) {
-			LogPrint("--- socks4a close stream");
-			delete m_stream;
-			m_stream = nullptr;
+		assert(error >= SOCKS4_OK);
+		m_response[0] = '\x00'; //Version
+		m_response[1] = error; //Response code
+		htobe16buf(m_response+2,port); //Port
+		htobe32buf(m_response+4,ip); //IP
+		return boost::asio::const_buffers_1(m_response,8);
+	}
+
+	boost::asio::const_buffers_1 SOCKSHandler::GenerateSOCKS5Response(SOCKSHandler::errTypes error, SOCKSHandler::addrTypes type, const SOCKSHandler::address &addr, uint16_t port)
+	{
+		size_t size = 6;
+		assert(error <= SOCKS5_ADDR_UNSUP);
+		m_response[0] = '\x05'; //Version
+		m_response[1] = error; //Response code
+		m_response[2] = '\x00'; //RSV
+		m_response[3] = type; //Address type
+		switch (type) 
+		{
+			case ADDR_IPV4:
+				size = 10;
+				htobe32buf(m_response+4,addr.ip);
+				break;
+			case ADDR_IPV6:
+				size = 22;
+				memcpy(m_response+4,addr.ipv6, 16);
+				break;
+			case ADDR_DNS:
+				size = 7+addr.dns.size;
+				m_response[4] = addr.dns.size;
+				memcpy(m_response+5,addr.dns.value, addr.dns.size);
+				break;
+		}
+		htobe16buf(m_response+size-2,port); //Port
+		return boost::asio::const_buffers_1(m_response,size);
+	}
+
+	bool SOCKSHandler::Socks5ChooseAuth()
+	{
+		m_response[0] = '\x05'; //Version
+		m_response[1] = m_authchosen; //Response code
+		boost::asio::const_buffers_1 response(m_response,2);
+		if (m_authchosen == AUTH_UNACCEPTABLE) 
+		{
+			LogPrint(eLogWarning,"--- SOCKS5 authentication negotiation failed");
+			boost::asio::async_write(*m_sock, response, std::bind(&SOCKSHandler::SentSocksFailed,
+									      shared_from_this(), std::placeholders::_1));
+			return false;
+		} 
+		else 
+		{
+			LogPrint(eLogDebug,"--- SOCKS5 choosing authentication method: ", m_authchosen);
+			boost::asio::async_write(*m_sock, response, std::bind(&SOCKSHandler::SentSocksResponse,
+									      shared_from_this(), std::placeholders::_1));
+			return true;
 		}
 	}
 
-	const size_t socks_hostname_size = 1024;
-	const size_t socks_ident_size = 1024;
-	const size_t destb32_len = 52;
-	
-	void SOCKS4AHandler::HandleSockForward(const boost::system::error_code & ecode, std::size_t len)
+	/* All hope is lost beyond this point */
+	void SOCKSHandler::SocksRequestFailed(SOCKSHandler::errTypes error)
 	{
-		if(ecode) {
-			LogPrint("--- socks4a forward got error: ", ecode);
-			Terminate();
-			return;
+		boost::asio::const_buffers_1 response(nullptr,0);
+		assert(error != SOCKS4_OK && error != SOCKS5_OK);
+		switch (m_socksv) 
+		{
+			case SOCKS4:
+				LogPrint(eLogWarning,"--- SOCKS4 failed: ", error);
+				if (error < SOCKS4_OK) error = SOCKS4_FAIL; //Transparently map SOCKS5 errors
+				response = GenerateSOCKS4Response(error, m_4aip, m_port);
+			break;
+			case SOCKS5:
+				LogPrint(eLogWarning,"--- SOCKS5 failed: ", error);
+				response = GenerateSOCKS5Response(error, m_addrtype, m_address, m_port);
+			break;
 		}
-		
-		LogPrint("--- socks4a sock forward: ", len);
-		m_stream->Send(m_sock_buff, len);
+		boost::asio::async_write(*m_sock, response, std::bind(&SOCKSHandler::SentSocksFailed,
+								      shared_from_this(), std::placeholders::_1));
 	}
 
-	void SOCKS4AHandler::HandleSockRecv(const boost::system::error_code & ecode, std::size_t len)
+	void SOCKSHandler::SocksRequestSuccess()
 	{
-		LogPrint("--- socks4a sock recv: ", len);
-		
-		if(ecode) {
-			LogPrint(" --- sock recv got error: ", ecode);
-                        Terminate();
+		boost::asio::const_buffers_1 response(nullptr,0);
+		//TODO: this should depend on things like the command type and callbacks may change
+		switch (m_socksv) 
+		{
+			case SOCKS4:
+				LogPrint(eLogInfo,"--- SOCKS4 connection success");
+				response = GenerateSOCKS4Response(SOCKS4_OK, m_4aip, m_port);
+			break;
+			case SOCKS5:
+				LogPrint(eLogInfo,"--- SOCKS5 connection success");
+				auto s = i2p::client::context.GetAddressBook().ToAddress(GetOwner()->GetLocalDestination()->GetIdentHash());
+				address ad; ad.dns.FromString(s);
+				//HACK only 16 bits passed in port as SOCKS5 doesn't allow for more
+				response = GenerateSOCKS5Response(SOCKS5_OK, ADDR_DNS, ad, m_stream->GetRecvStreamID());
+			break;
+		}
+		boost::asio::async_write(*m_sock, response, std::bind(&SOCKSHandler::SentSocksDone,
+								      shared_from_this(), std::placeholders::_1));
+	}
+
+	void SOCKSHandler::EnterState(SOCKSHandler::state nstate, uint8_t parseleft) {
+		switch (nstate) 
+		{
+			case GET_PORT: parseleft = 2; break;
+			case GET_IPV4: m_addrtype = ADDR_IPV4; m_address.ip = 0; parseleft = 4; break;
+			case GET4_IDENT: m_4aip = m_address.ip; break;
+			case GET4A_HOST:
+			case GET5_HOST: m_addrtype = ADDR_DNS; m_address.dns.size = 0; break;
+			case GET5_IPV6: m_addrtype = ADDR_IPV6; parseleft = 16; break;
+			default:;
+		}
+		m_parseleft = parseleft;
+		m_state = nstate;
+	}
+
+	bool SOCKSHandler::ValidateSOCKSRequest() 
+	{
+		if ( m_cmd != CMD_CONNECT ) 
+		{
+			//TODO: we need to support binds and other shit!
+			LogPrint(eLogError,"--- SOCKS unsupported command: ", m_cmd);
+			SocksRequestFailed(SOCKS5_CMD_UNSUP);
+			return false;
+		}
+		//TODO: we may want to support other address types!
+		if ( m_addrtype != ADDR_DNS ) 
+		{
+			switch (m_socksv) 
+			{
+				case SOCKS5:
+					LogPrint(eLogError,"--- SOCKS5 unsupported address type: ", m_addrtype);
+				break;
+				case SOCKS4:
+					LogPrint(eLogError,"--- SOCKS4a rejected because it's actually SOCKS4");
+				break;
+			}
+			SocksRequestFailed(SOCKS5_ADDR_UNSUP);
+			return false;
+		}
+		//TODO: we may want to support other domains
+		if(m_addrtype == ADDR_DNS && m_address.dns.ToString().find(".i2p") == std::string::npos) 
+		{
+			LogPrint(eLogError,"--- SOCKS invalid hostname: ", m_address.dns.ToString());
+			SocksRequestFailed(SOCKS5_ADDR_UNSUP);
+			return false;
+		}
+		return true;
+	}
+
+	bool SOCKSHandler::HandleData(uint8_t *sock_buff, std::size_t len)
+	{
+		assert(len); // This should always be called with a least a byte left to parse
+		while (len > 0) 
+		{
+			switch (m_state) 
+			{
+				case GET_SOCKSV:
+					m_socksv = (SOCKSHandler::socksVersions) *sock_buff;
+					switch (*sock_buff) 
+					{
+						case SOCKS4:
+							EnterState(GET_COMMAND); //Initialize the parser at the right position
+						break;
+						case SOCKS5:
+							EnterState(GET5_AUTHNUM); //Initialize the parser at the right position
+						break;
+						default:
+							LogPrint(eLogError,"--- SOCKS rejected invalid version: ", ((int)*sock_buff));
+							Terminate();
+							return false;
+					}
+				break;
+				case GET5_AUTHNUM:
+					EnterState(GET5_AUTH, *sock_buff);
+				break;
+				case GET5_AUTH:
+					m_parseleft --;
+					if (*sock_buff == AUTH_NONE)
+						m_authchosen = AUTH_NONE;
+					if ( m_parseleft == 0 ) 
+					{
+						if (!Socks5ChooseAuth()) return false;
+						EnterState(GET5_REQUESTV);
+					}
+				break;
+				case GET_COMMAND:
+					switch (*sock_buff) 
+					{
+						case CMD_CONNECT:
+						case CMD_BIND:
+						break;
+						case CMD_UDP:
+							if (m_socksv == SOCKS5) break;
+						default:
+							LogPrint(eLogError,"--- SOCKS invalid command: ", ((int)*sock_buff));
+							SocksRequestFailed(SOCKS5_GEN_FAIL);
+							return false;
+					}
+					m_cmd = (SOCKSHandler::cmdTypes)*sock_buff;
+					switch (m_socksv) 
+					{
+						case SOCKS5: EnterState(GET5_GETRSV); break;
+						case SOCKS4: EnterState(GET_PORT); break;
+					}
+				break;
+				case GET_PORT:
+					m_port = (m_port << 8)|((uint16_t)*sock_buff);
+					m_parseleft--;
+					if (m_parseleft == 0) 
+					{
+						switch (m_socksv) 
+						{
+							case SOCKS5: EnterState(DONE); break;
+							case SOCKS4: EnterState(GET_IPV4); break;
+						}
+					}
+				break;
+				case GET_IPV4:
+					m_address.ip = (m_address.ip << 8)|((uint32_t)*sock_buff);
+					m_parseleft--;
+					if (m_parseleft == 0) 
+					{
+						switch (m_socksv) 
+						{
+							case SOCKS5: EnterState(GET_PORT); break;
+							case SOCKS4: EnterState(GET4_IDENT); m_4aip = m_address.ip; break;
+						}
+					}
+				break;
+				case GET4_IDENT:
+					if (!*sock_buff) 
+					{
+						if( m_4aip == 0 || m_4aip > 255 )
+							EnterState(DONE);
+						else
+							EnterState(GET4A_HOST);
+					}
+				break;
+				case GET4A_HOST:
+					if (!*sock_buff) 
+					{
+						EnterState(DONE);
+						break;
+					}
+					if (m_address.dns.size >= max_socks_hostname_size) 
+					{
+						LogPrint(eLogError,"--- SOCKS4a destination is too large");
+						SocksRequestFailed(SOCKS4_FAIL);
+						return false;
+					}
+					m_address.dns.push_back(*sock_buff);
+				break;
+				case GET5_REQUESTV:
+					if (*sock_buff != SOCKS5) 
+					{
+						LogPrint(eLogError,"--- SOCKS5 rejected unknown request version: ", ((int)*sock_buff));
+						SocksRequestFailed(SOCKS5_GEN_FAIL);
+						return false;
+					}
+					EnterState(GET_COMMAND);
+				break;
+				case GET5_GETRSV:
+					if ( *sock_buff != 0 ) 
+					{
+						LogPrint(eLogError,"--- SOCKS5 unknown reserved field: ", ((int)*sock_buff));
+						SocksRequestFailed(SOCKS5_GEN_FAIL);
+						return false;
+					}
+					EnterState(GET5_GETADDRTYPE);
+				break;
+				case GET5_GETADDRTYPE:
+					switch (*sock_buff) 
+					{
+						case ADDR_IPV4: EnterState(GET_IPV4); break;
+						case ADDR_IPV6: EnterState(GET5_IPV6); break;
+						case ADDR_DNS : EnterState(GET5_HOST_SIZE); break;
+						default:
+							LogPrint(eLogError,"--- SOCKS5 unknown address type: ", ((int)*sock_buff));
+							SocksRequestFailed(SOCKS5_GEN_FAIL);
+							return false;
+					}
+				break;
+				case GET5_IPV6:
+					m_address.ipv6[16-m_parseleft] = *sock_buff;
+					m_parseleft--;
+					if (m_parseleft == 0) EnterState(GET_PORT);
+				break;
+				case GET5_HOST_SIZE:
+					EnterState(GET5_HOST, *sock_buff);
+				break;
+				case GET5_HOST:
+					m_address.dns.push_back(*sock_buff);
+					m_parseleft--;
+					if (m_parseleft == 0) EnterState(GET_PORT);
+				break;
+				default:
+					LogPrint(eLogError,"--- SOCKS parse state?? ", m_state);
+					Terminate();
+					return false;
+			}
+			sock_buff++;
+			len--;
+			if (m_state == DONE) 
+			{
+				m_remaining_data_len = len;
+				m_remaining_data = sock_buff;
+				return ValidateSOCKSRequest();
+			}
+		}
+		return true;
+	}
+
+	void SOCKSHandler::HandleSockRecv(const boost::system::error_code & ecode, std::size_t len)
+	{
+		LogPrint(eLogDebug,"--- SOCKS sock recv: ", len);
+		if(ecode) 
+		{
+			LogPrint(eLogWarning," --- SOCKS sock recv got error: ", ecode);
+            Terminate();
 			return;
 		}
 
-		if (m_state == INITIAL) {
-
-			char hostbuff[socks_hostname_size];
-			char identbuff[socks_ident_size];
-			std::memset(hostbuff, 0, sizeof(hostbuff));
-			std::memset(identbuff, 0, sizeof(hostbuff));
-			std::string dest;
-			// get port
-			uint16_t port = 0;
-			uint16_t idx1 = 0;
-			uint16_t idx2 = 0;
-				
-			LogPrint("--- socks4a state initial ", len);
-
-			// check valid request
-			if( m_sock_buff[0] != 4 || m_sock_buff[1] != 1 || m_sock_buff[len-1] ) {
-				LogPrint("--- socks4a rejected invalid");
-				SocksFailed();
-				return;
-			}
-
-			// get port
-			port = m_sock_buff[3] | m_sock_buff[2] << 8;
-
-			// read ident 
-			do {
-				LogPrint("--- socks4a ", (int) m_sock_buff[9+idx1]);
-				identbuff[idx1] = m_sock_buff[8+idx1];
-			} while( identbuff[idx1++] && idx1 < socks_ident_size );
-
-			LogPrint("--- socks4a ident ", identbuff);
-			// read hostname
-			do {
-				hostbuff[idx2] = m_sock_buff[8+idx1+idx2];
-			} while( hostbuff[idx2++] && idx2 < socks_hostname_size );
-
-			LogPrint("--- socks4a requested ", hostbuff, ":" , port);
-
-			dest = std::string(hostbuff);
-			if(dest.find(".b32.i2p") == std::string::npos) {
-				LogPrint("--- socks4a invalid hostname: ", dest);
-				SocksFailed();
-				return;
-			}
-				
-			if ( i2p::data::Base32ToByteStream(hostbuff, destb32_len, (uint8_t *) m_dest, 32) != 32 ) {
-				LogPrint("--- sock4a invalid b32: ", dest);
-			}
-			
-			LogPrint("--- sock4a find lease set");
-			m_ls = i2p::data::netdb.FindLeaseSet(m_dest);
-			if (!m_ls || m_ls->HasNonExpiredLeases()) {
-				i2p::data::netdb.RequestDestination (m_dest, true, i2p::client::context.GetSharedLocalDestination ()->GetTunnelPool ());
-				m_ls_timer.expires_from_now(boost::posix_time::seconds(socks_leaseset_timeout));
-				m_ls_timer.async_wait(boost::bind(&SOCKS4AHandler::LeaseSetTimeout, this, boost::asio::placeholders::error));
-			} else {
-				ConnectionSuccess();
-			}
-		} else {
-			LogPrint("--- socks4a state?? ", m_state);
+		if (HandleData(m_sock_buff, len)) 
+		{
+			if (m_state == DONE) 
+			{
+				LogPrint(eLogInfo,"--- SOCKS requested ", m_address.dns.ToString(), ":" , m_port);
+				GetOwner()->CreateStream ( std::bind (&SOCKSHandler::HandleStreamRequestComplete,
+						shared_from_this(), std::placeholders::_1), m_address.dns.ToString(), m_port);
+			} 
+			else
+				AsyncSockRead();
 		}
 	}
-	
-	void SOCKS4AHandler::HandleStreamRecv(const boost::system::error_code & ecode, std::size_t len)
+
+	void SOCKSHandler::SentSocksFailed(const boost::system::error_code & ecode)
 	{
-		if(ecode) { LogPrint("--- socks4a stream recv error: ", ecode); m_state = END; }
-		switch(m_state) {
-		case INITIAL:
-		case END:
+		if (!ecode) 
+			Terminate();
+		else 
+		{
+			LogPrint (eLogError,"--- SOCKS Closing socket after sending failure because: ", ecode.message ());
 			Terminate();
-                        return;
-		case OKAY:
-			LogPrint("--- socks4a stream recv ", len);
-			boost::asio::async_write(*m_sock, boost::asio::buffer(m_stream_buff, len), 
-						 boost::bind(&SOCKS4AHandler::StreamWrote, this, 
-							     boost::asio::placeholders::error));
 		}
 	}
+
+	void SOCKSHandler::SentSocksDone(const boost::system::error_code & ecode)
+	{
+		if (!ecode) 
+		{
+			if (Kill()) return;
+			LogPrint (eLogInfo,"--- SOCKS New I2PTunnel connection");
+			auto connection = std::make_shared<i2p::client::I2PTunnelConnection>(GetOwner(), m_sock, m_stream);
+			GetOwner()->AddHandler (connection);
+			connection->I2PConnect (m_remaining_data,m_remaining_data_len);
+			Done(shared_from_this());
+		}
+		else
+		{
+			LogPrint (eLogError,"--- SOCKS Closing socket after completion reply because: ", ecode.message ());
+			Terminate();
+		}
+	}
+
+	void SOCKSHandler::SentSocksResponse(const boost::system::error_code & ecode)
+	{
+		if (ecode) 
+		{
+			LogPrint (eLogError,"--- SOCKS Closing socket after sending reply because: ", ecode.message ());
+			Terminate();
+		}
+	}
+
+	void SOCKSHandler::HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream)
+	{
+		if (stream) 
+		{
+			m_stream = stream;
+			SocksRequestSuccess();
+		} 
+		else 
+		{
+			LogPrint (eLogError,"--- SOCKS Issue when creating the stream, check the previous warnings for more info.");
+			SocksRequestFailed(SOCKS5_HOST_UNREACH);
+		}
+	}
+
+	SOCKSServer::SOCKSServer(int port, std::shared_ptr<i2p::client::ClientDestination> localDestination) : 
+		TCPIPAcceptor (port, localDestination ? localDestination : i2p::client::context.GetSharedLocalDestination ()) 
+	{
+	}
 	
-	void SOCKS4AHandler::SockWrote(const boost::system::error_code & ecode)
+	std::shared_ptr<i2p::client::I2PServiceHandler> SOCKSServer::CreateHandler(boost::asio::ip::tcp::socket * socket)
 	{
-		LogPrint("--- socks4a sock wrote");
-		if(ecode) { LogPrint("--- socks4a SockWrote error: ",ecode); }
-		else { AsyncSockRead(); }
+		return std::make_shared<SOCKSHandler> (this, socket);
 	}
 
-	void SOCKS4AHandler::StreamWrote(const boost::system::error_code & ecode)
-	{
-		
-		LogPrint("--- socks4a stream wrote");
-		if(ecode) { LogPrint("--- socks4a StreamWrote error: ",ecode); }
-		else { AsyncStreamRead(); }
-	}
-
-	void SOCKS4AHandler::LeaseSetTimeout(const boost::system::error_code & ecode)
-	{
-		m_ls = i2p::data::netdb.FindLeaseSet(m_dest);
-		if(m_ls) {
-			ConnectionSuccess();
-		} else {
-			LogPrint("--- socks4a ls timeout");
-			SocksFailed();
-		}
-	}
-
-	void SOCKS4AHandler::ConnectionSuccess()
-	{
-		LogPrint("--- socks4a connection success");
-		boost::asio::async_write(*m_sock, boost::asio::buffer("\x00\x5a 12345"),
-					 boost::bind(&SOCKS4AHandler::SentConnectionSuccess, this,
-						     boost::asio::placeholders::error));
-	}
-
-	void SOCKS4AHandler::SentConnectionSuccess(const boost::system::error_code & ecode)
-	{
-		LogPrint("--- socks4a making connection");
-		m_stream = i2p::client::context.GetSharedLocalDestination ()->CreateStream(*m_ls);
-		m_state = OKAY;
-		LogPrint("--- socks4a state is ", m_state);
-		AsyncSockRead();
-		AsyncStreamRead();
-	}
-
-	void SOCKS4AServer::Run()
-	{
-		LogPrint("--- socks4a run");
-		m_run = true;
-		while(m_run) {
-			try {
-				m_ios.run();
-			} catch (std::runtime_error & exc) {
-				LogPrint("--- socks4a exception: ", exc.what());
-			}
-		}
-	}
-	
-	void SOCKS4AServer::Accept()
-	{
-		m_new_sock = new boost::asio::ip::tcp::socket(m_ios);
-		m_acceptor.async_accept(*m_new_sock, 
-					boost::bind(
-						&SOCKS4AServer::HandleAccept, this, boost::asio::placeholders::error));
-	}
-
-	void SOCKS4AServer::Start()
-	{
-                m_run = true;
-		m_thread = new std::thread(std::bind(&SOCKS4AServer::Run, this));
-		m_acceptor.listen();
-		Accept();
-	}
-	
-	void SOCKS4AServer::Stop()
-	{
-		m_acceptor.close();
-		m_run = false;
-		m_ios.stop();
-		if (m_thread) {
-			m_thread->join();
-			delete m_thread;
-			m_thread = nullptr;
-		}
-	}
-		
-	void SOCKS4AServer::HandleAccept(const boost::system::error_code & ecode)
-	{
-		if (!ecode) {
-			LogPrint("--- socks4a accepted");
-			new SOCKS4AHandler(&m_ios, m_new_sock);
-			Accept();
-		}
-	}
 }
 }

SOCKS.h

@@ -1,97 +1,30 @@
-#ifndef SOCKS4A_H__
-#define SOCKS4A_H__
+#ifndef SOCKS_H__
+#define SOCKS_H__
 
-#include <thread>
+#include <memory>
+#include <set>
 #include <boost/asio.hpp>
-#include <vector>
 #include <mutex>
-
-#include "Identity.h"
-#include "Streaming.h"
+#include "I2PService.h"
 
 namespace i2p
 {
 namespace proxy
 {
-
-	const size_t socks_buffer_size = 8192;
-
-	class SOCKS4AHandler {
-
-		private:
-            enum state {
-                    INITIAL,
-                    OKAY,
-                    END
-            };
-
-            void GotClientRequest(boost::system::error_code & ecode, std::string & host, uint16_t port);
-            void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered);
-            void HandleSockForward(const boost::system::error_code & ecode, std::size_t bytes_transfered);
-            void HandleStreamRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered);
-            void Terminate();
-            void CloseSock();
-            void CloseStream();
-            void AsyncSockRead();
-            void AsyncStreamRead();
-            void SocksFailed();
-            void LeaseSetTimeout(const boost::system::error_code & ecode);
-            void StreamWrote(const boost::system::error_code & ecode);		  
-            void SockWrote(const boost::system::error_code & ecode);
-            void SentConnectionSuccess(const boost::system::error_code & ecode);
-            void ConnectionSuccess();
-            
-            uint8_t m_sock_buff[socks_buffer_size];
-            uint8_t m_stream_buff[socks_buffer_size];
-            
-            boost::asio::io_service * m_ios;
-            boost::asio::ip::tcp::socket * m_sock;
-            boost::asio::deadline_timer m_ls_timer;
-            i2p::stream::Stream * m_stream;
-            i2p::data::LeaseSet * m_ls;
-            i2p::data::IdentHash m_dest;
-            state m_state;
-		
-            
+	class SOCKSServer: public i2p::client::TCPIPAcceptor
+	{
 		public:
-			SOCKS4AHandler(boost::asio::io_service * ios, boost::asio::ip::tcp::socket * sock) : 
-				m_ios(ios), m_sock(sock), m_ls_timer(*ios),
-				m_stream(nullptr), m_ls(nullptr), m_state(INITIAL) { AsyncSockRead(); }
 
-			~SOCKS4AHandler() { CloseSock(); CloseStream(); }
-			bool isComplete() { return m_state == END; }
+			SOCKSServer(int port, std::shared_ptr<i2p::client::ClientDestination> localDestination = nullptr);
+			~SOCKSServer() {};
+
+		protected:
+			// Implements TCPIPAcceptor
+			std::shared_ptr<i2p::client::I2PServiceHandler> CreateHandler(boost::asio::ip::tcp::socket * socket);
+			const char* GetName() { return "SOCKS"; }
 	};
 
-	class SOCKS4AServer {
-		public:
-			SOCKS4AServer(int port) : m_run(false), 
-									  m_thread(nullptr), 
-									  m_work(m_ios),
-									  m_acceptor(m_ios, boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v4(), port)),
-									  m_new_sock(nullptr) { }
-			~SOCKS4AServer() { Stop(); }
-			void Start();
-			void Stop();
-		
-			boost::asio::io_service& GetService () { return m_ios; };	
-
-		private:
-		
-			void Run();
-			void Accept();
-			void HandleAccept(const boost::system::error_code& ecode);
-
-			bool m_run;
-			std::thread * m_thread;
-			boost::asio::io_service m_ios;
-			boost::asio::io_service::work m_work;
-            boost::asio::ip::tcp::acceptor m_acceptor;
-			boost::asio::ip::tcp::socket * m_new_sock;
-		
-
-	};
-
-	typedef SOCKS4AServer SOCKSProxy;
+	typedef SOCKSServer SOCKSProxy;
 }
 }
 

SSU.h

@@ -7,143 +7,31 @@
 #include <list>
 #include <set>
 #include <thread>
+#include <mutex>
 #include <boost/asio.hpp>
 #include "aes.h"
 #include "I2PEndian.h"
 #include "Identity.h"
 #include "RouterInfo.h"
 #include "I2NPProtocol.h"
-#include "TransportSession.h"
-#include "SSUData.h"
+#include "SSUSession.h"
 
 namespace i2p
 {
 namespace transport
 {
-#pragma pack(1)
-	struct SSUHeader
-	{
-		uint8_t mac[16];
-		uint8_t iv[16];
-		uint8_t flag;
-		uint32_t time;	
-
-		uint8_t GetPayloadType () const { return flag >> 4; };
-	};
-#pragma pack()
-
-	const int SSU_CONNECT_TIMEOUT = 5; // 5 seconds
-	const int SSU_TERMINATION_TIMEOUT = 330; // 5.5 minutes
 	const int SSU_KEEP_ALIVE_INTERVAL = 30; // 30 seconds	
+	const int SSU_PEER_TEST_TIMEOUT = 60; // 60 seconds		
 	const int SSU_TO_INTRODUCER_SESSION_DURATION = 3600; // 1 hour
 	const size_t SSU_MAX_NUM_INTRODUCERS = 3;
 
-	// payload types (4 bits)
-	const uint8_t PAYLOAD_TYPE_SESSION_REQUEST = 0;
-	const uint8_t PAYLOAD_TYPE_SESSION_CREATED = 1;
-	const uint8_t PAYLOAD_TYPE_SESSION_CONFIRMED = 2;
-	const uint8_t PAYLOAD_TYPE_RELAY_REQUEST = 3;
-	const uint8_t PAYLOAD_TYPE_RELAY_RESPONSE = 4;
-	const uint8_t PAYLOAD_TYPE_RELAY_INTRO = 5;
-	const uint8_t PAYLOAD_TYPE_DATA = 6;
-	const uint8_t PAYLOAD_TYPE_PEER_TEST = 7;
-	const uint8_t PAYLOAD_TYPE_SESSION_DESTROYED = 8;
-
-	enum SessionState
+	struct SSUPacket
 	{
-		eSessionStateUnknown,	
-		eSessionStateIntroduced,
-		eSessionStateEstablished,
-		eSessionStateFailed
+		i2p::crypto::AESAlignedBuffer<1500> buf;
+		boost::asio::ip::udp::endpoint from;
+		size_t len;
 	};	
-
-	class SSUServer;
-	class SSUSession: public TransportSession
-	{
-		public:
-
-			SSUSession (SSUServer& server, boost::asio::ip::udp::endpoint& remoteEndpoint,
-				const i2p::data::RouterInfo * router = nullptr, bool peerTest = false);
-			void ProcessNextMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);		
-			~SSUSession ();
-			
-			void Connect ();
-			void Introduce (uint32_t iTag, const uint8_t * iKey);
-			void WaitForIntroduction ();
-			void Close ();
-			boost::asio::ip::udp::endpoint& GetRemoteEndpoint () { return m_RemoteEndpoint; };
-			bool IsV6 () const { return m_RemoteEndpoint.address ().is_v6 (); };
-			void SendI2NPMessage (I2NPMessage * msg);
-			void SendPeerTest (); // Alice			
-
-			SessionState GetState () const  { return m_State; };
-			size_t GetNumSentBytes () const { return m_NumSentBytes; };
-			size_t GetNumReceivedBytes () const { return m_NumReceivedBytes; };
-			
-			void SendKeepAlive ();	
-			uint32_t GetRelayTag () const { return m_RelayTag; };	
-			uint32_t GetCreationTime () const { return m_CreationTime; };
-
-		private:
-
-			void CreateAESandMacKey (const uint8_t * pubKey); 
-
-			void PostI2NPMessage (I2NPMessage * msg);
-			void ProcessMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint); // call for established session
-			void ProcessSessionRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
-			void SendSessionRequest ();
-			void SendRelayRequest (uint32_t iTag, const uint8_t * iKey);
-			void ProcessSessionCreated (uint8_t * buf, size_t len);
-			void SendSessionCreated (const uint8_t * x);
-			void ProcessSessionConfirmed (uint8_t * buf, size_t len);
-			void SendSessionConfirmed (const uint8_t * y, const uint8_t * ourAddress, size_t ourAddressLen);
-			void ProcessRelayRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& from);
-			void SendRelayResponse (uint32_t nonce, const boost::asio::ip::udp::endpoint& from,
-				const uint8_t * introKey, const boost::asio::ip::udp::endpoint& to);
-			void SendRelayIntro (SSUSession * session, const boost::asio::ip::udp::endpoint& from);
-			void ProcessRelayResponse (uint8_t * buf, size_t len);
-			void ProcessRelayIntro (uint8_t * buf, size_t len);
-			void Established ();
-			void Failed ();
-			void ScheduleConnectTimer ();
-			void HandleConnectTimer (const boost::system::error_code& ecode);
-			void ProcessPeerTest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
-			void SendPeerTest (uint32_t nonce, uint32_t address, uint16_t port, const uint8_t * introKey, bool toAddress = true); 
-			void ProcessData (uint8_t * buf, size_t len);		
-			void SendSesionDestroyed ();
-			void Send (uint8_t type, const uint8_t * payload, size_t len); // with session key
-			void Send (const uint8_t * buf, size_t size); 
-			
-			void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, const uint8_t * aesKey, const uint8_t * iv, const uint8_t * macKey);
-			void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len); // with session key 
-			void Decrypt (uint8_t * buf, size_t len, const uint8_t * aesKey);
-			void DecryptSessionKey (uint8_t * buf, size_t len);
-			bool Validate (uint8_t * buf, size_t len, const uint8_t * macKey);			
-			const uint8_t * GetIntroKey () const; 
-
-			void ScheduleTermination ();
-			void HandleTerminationTimer (const boost::system::error_code& ecode);
-
-		private:
 	
-			friend class SSUData; // TODO: change in later
-			SSUServer& m_Server;
-			boost::asio::ip::udp::endpoint m_RemoteEndpoint;
-			boost::asio::deadline_timer m_Timer;
-			bool m_PeerTest;
-			SessionState m_State;
-			bool m_IsSessionKey;
-			uint32_t m_RelayTag;	
-			std::set<uint32_t> m_PeerTestNonces;
-			i2p::crypto::CBCEncryption m_SessionKeyEncryption;
-			i2p::crypto::CBCDecryption m_SessionKeyDecryption;
-			uint8_t m_SessionKey[32], m_MacKey[32];
-			std::list<i2p::I2NPMessage *> m_DelayedMessages;
-			SSUData m_Data;
-			size_t m_NumSentBytes, m_NumReceivedBytes;
-			uint32_t m_CreationTime; // seconds since epoch
-	};
-
 	class SSUServer
 	{
 		public:
@@ -152,49 +40,68 @@ namespace transport
 			~SSUServer ();
 			void Start ();
 			void Stop ();
-			SSUSession * GetSession (const i2p::data::RouterInfo * router, bool peerTest = false);
-			SSUSession * FindSession (const i2p::data::RouterInfo * router);
-			SSUSession * FindSession (const boost::asio::ip::udp::endpoint& e);
-			SSUSession * GetRandomEstablishedSession (const SSUSession * excluded);
-			void DeleteSession (SSUSession * session);
+			std::shared_ptr<SSUSession> GetSession (std::shared_ptr<const i2p::data::RouterInfo> router, bool peerTest = false);
+			std::shared_ptr<SSUSession> FindSession (std::shared_ptr<const i2p::data::RouterInfo> router) const;
+			std::shared_ptr<SSUSession> FindSession (const boost::asio::ip::udp::endpoint& e) const;
+			std::shared_ptr<SSUSession> GetRandomEstablishedSession (std::shared_ptr<const SSUSession> excluded);
+			void DeleteSession (std::shared_ptr<SSUSession> session);
 			void DeleteAllSessions ();			
 
-			boost::asio::io_service& GetService () { return m_Socket.get_io_service(); };
+			boost::asio::io_service& GetService () { return m_Service; };
+			boost::asio::io_service& GetServiceV6 () { return m_ServiceV6; };
 			const boost::asio::ip::udp::endpoint& GetEndpoint () const { return m_Endpoint; };			
 			void Send (const uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& to);
 			void AddRelay (uint32_t tag, const boost::asio::ip::udp::endpoint& relay);
-			SSUSession * FindRelaySession (uint32_t tag);
+			std::shared_ptr<SSUSession> FindRelaySession (uint32_t tag);
+
+			void NewPeerTest (uint32_t nonce, PeerTestParticipant role, std::shared_ptr<SSUSession> session = nullptr);
+			PeerTestParticipant GetPeerTestParticipant (uint32_t nonce);
+			std::shared_ptr<SSUSession> GetPeerTestSession (uint32_t nonce);
+			void UpdatePeerTest (uint32_t nonce, PeerTestParticipant role);
+			void RemovePeerTest (uint32_t nonce);
 
 		private:
 
 			void Run ();
+			void RunV6 ();
+			void RunReceivers ();
 			void Receive ();
 			void ReceiveV6 ();
-			void HandleReceivedFrom (const boost::system::error_code& ecode, std::size_t bytes_transferred);
-			void HandleReceivedFromV6 (const boost::system::error_code& ecode, std::size_t bytes_transferred);
-			void HandleReceivedBuffer (boost::asio::ip::udp::endpoint& from, uint8_t * buf, std::size_t bytes_transferred);
+			void HandleReceivedFrom (const boost::system::error_code& ecode, std::size_t bytes_transferred, SSUPacket * packet);
+			void HandleReceivedFromV6 (const boost::system::error_code& ecode, std::size_t bytes_transferred, SSUPacket * packet);
+			void HandleReceivedPackets (std::vector<SSUPacket *> packets);
 
 			template<typename Filter>
-			SSUSession * GetRandomSession (Filter filter);
+			std::shared_ptr<SSUSession> GetRandomSession (Filter filter);
 			
 			std::set<SSUSession *> FindIntroducers (int maxNumIntroducers);	
 			void ScheduleIntroducersUpdateTimer ();
 			void HandleIntroducersUpdateTimer (const boost::system::error_code& ecode);
-			
+
+			void SchedulePeerTestsCleanupTimer ();
+			void HandlePeerTestsCleanupTimer (const boost::system::error_code& ecode);
+
 		private:
 
+			struct PeerTest
+			{
+				uint64_t creationTime;
+				PeerTestParticipant role;
+				std::shared_ptr<SSUSession> session; // for Bob to Alice
+			};	
+			
 			bool m_IsRunning;
-			std::thread * m_Thread;	
-			boost::asio::io_service m_Service;
-			boost::asio::io_service::work m_Work;
+			std::thread * m_Thread, * m_ThreadV6, * m_ReceiversThread;	
+			boost::asio::io_service m_Service, m_ServiceV6, m_ReceiversService;
+			boost::asio::io_service::work m_Work, m_WorkV6, m_ReceiversWork;
 			boost::asio::ip::udp::endpoint m_Endpoint, m_EndpointV6;
 			boost::asio::ip::udp::socket m_Socket, m_SocketV6;
-			boost::asio::ip::udp::endpoint m_SenderEndpoint, m_SenderEndpointV6;
-			boost::asio::deadline_timer m_IntroducersUpdateTimer;
+			boost::asio::deadline_timer m_IntroducersUpdateTimer, m_PeerTestsCleanupTimer;
 			std::list<boost::asio::ip::udp::endpoint> m_Introducers; // introducers we are connected to
-			uint8_t m_ReceiveBuffer[2*SSU_MTU_V4], m_ReceiveBufferV6[2*SSU_MTU_V6]; 
-			std::map<boost::asio::ip::udp::endpoint, SSUSession *> m_Sessions;
+			mutable std::mutex m_SessionsMutex;
+			std::map<boost::asio::ip::udp::endpoint, std::shared_ptr<SSUSession> > m_Sessions;
 			std::map<uint32_t, boost::asio::ip::udp::endpoint> m_Relays; // we are introducer
+			std::map<uint32_t, PeerTest> m_PeerTests; // nonce -> creation time in milliseconds
 
 		public:
 			// for HTTP only

SSUData.cpp

@@ -10,8 +10,24 @@ namespace i2p
 {
 namespace transport
 {
+	void IncompleteMessage::AttachNextFragment (const uint8_t * fragment, size_t fragmentSize)
+	{
+		if (msg->len + fragmentSize > msg->maxLen)
+		{
+			LogPrint (eLogInfo, "SSU I2NP message size ", msg->maxLen, " is not enough");
+			I2NPMessage * newMsg = NewI2NPMessage ();
+			*newMsg = *msg;
+			DeleteI2NPMessage (msg);
+			msg = newMsg;
+		}
+		memcpy (msg->buf + msg->len, fragment, fragmentSize);
+		msg->len += fragmentSize;
+		nextFragmentNum++;
+	}
+
 	SSUData::SSUData (SSUSession& session):
-		m_Session (session), m_ResendTimer (session.m_Server.GetService ())
+		m_Session (session), m_ResendTimer (session.GetService ()), m_DecayTimer (session.GetService ()),
+		m_IncompleteMessagesCleanupTimer (session.GetService ())
 	{
 		m_MaxPacketSize = session.IsV6 () ? SSU_V6_MAX_PACKET_SIZE : SSU_V4_MAX_PACKET_SIZE;
 		m_PacketSize = m_MaxPacketSize;
@@ -22,16 +38,20 @@ namespace transport
 
 	SSUData::~SSUData ()
 	{
-		for (auto it: m_IncomleteMessages)
-			if (it.second)
-			{
-				DeleteI2NPMessage (it.second->msg);
-				delete it.second;
-			}	
-		for (auto it: m_SentMessages)
-			delete it.second;
 	}
 
+	void SSUData::Start ()
+	{
+		ScheduleIncompleteMessagesCleanup ();
+	}	
+		
+	void SSUData::Stop ()
+	{
+		m_ResendTimer.cancel ();
+		m_DecayTimer.cancel ();
+		m_IncompleteMessagesCleanupTimer.cancel ();
+	}	
+		
 	void SSUData::AdjustPacketSize (const i2p::data::RouterInfo& remoteRouter)
 	{
 		auto ssuAddress = remoteRouter.GetSSUAddress ();
@@ -69,7 +89,6 @@ namespace transport
 		auto it = m_SentMessages.find (msgID);
 		if (it != m_SentMessages.end ())
 		{
-			delete it->second;
 			m_SentMessages.erase (it);	
 			if (m_SentMessages.empty ())
 				m_ResendTimer.cancel ();
@@ -84,7 +103,7 @@ namespace transport
 			uint8_t numAcks =*buf;
 			buf++;
 			for (int i = 0; i < numAcks; i++)
-				ProcessSentMessageAck (be32toh (((uint32_t *)buf)[i]));
+				ProcessSentMessageAck (bufbe32toh (buf+i*4));
 			buf += numAcks*4;
 		}
 		if (flag & DATA_FLAG_ACK_BITFIELDS_INCLUDED)
@@ -94,7 +113,7 @@ namespace transport
 			buf++;
 			for (int i = 0; i < numBitfields; i++)
 			{
-				uint32_t msgID = be32toh (*(uint32_t *)buf);
+				uint32_t msgID = bufbe32toh (buf);
 				buf += 4; // msgID
 				auto it = m_SentMessages.find (msgID);		
 				// process individual Ack bitfields
@@ -115,10 +134,7 @@ namespace transport
 							if (bitfield & mask)
 							{
 								if (fragment < numSentFragments)
-								{
-									delete it->second->fragments[fragment];
-									it->second->fragments[fragment] = nullptr;
-								}	
+									it->second->fragments[fragment].reset (nullptr);
 							}				
 							fragment++;
 							mask <<= 1;
@@ -137,58 +153,50 @@ namespace transport
 		buf++;
 		for (int i = 0; i < numFragments; i++)
 		{	
-			uint32_t msgID = be32toh (*(uint32_t *)buf); // message ID
+			uint32_t msgID = bufbe32toh (buf); // message ID
 			buf += 4;
 			uint8_t frag[4];
 			frag[0] = 0;
 			memcpy (frag + 1, buf, 3);
 			buf += 3;
-			uint32_t fragmentInfo = be32toh (*(uint32_t *)frag); // fragment info
+			uint32_t fragmentInfo = bufbe32toh (frag); // fragment info
 			uint16_t fragmentSize = fragmentInfo & 0x1FFF; // bits 0 - 13
 			bool isLast = fragmentInfo & 0x010000; // bit 16	
-			uint8_t fragmentNum = fragmentInfo >> 17; // bits 23 - 17
-			LogPrint (eLogDebug, "SSU data fragment ", (int)fragmentNum, " of message ", msgID, " size=", (int)fragmentSize, isLast ? " last" : " non-last"); 		
+			uint8_t fragmentNum = fragmentInfo >> 17; // bits 23 - 17 		
+			if (fragmentSize >= SSU_V4_MAX_PACKET_SIZE)
+			{
+				LogPrint (eLogError, "Fragment size ", fragmentSize, "exceeds max SSU packet size");
+				return;
+			}
 
 			//  find message with msgID
-			I2NPMessage * msg = nullptr;
-			IncompleteMessage * incompleteMessage = nullptr;
-			auto it = m_IncomleteMessages.find (msgID);
-			if (it != m_IncomleteMessages.end ()) 
-			{	
-				// message exists
-				incompleteMessage = it->second;
-				msg = incompleteMessage->msg;
-			}	
-			else
+			auto it = m_IncompleteMessages.find (msgID);
+			if (it == m_IncompleteMessages.end ()) 
 			{
 				// create new message
-				msg = NewI2NPMessage ();
-				msg->len -= sizeof (I2NPHeaderShort);
-				incompleteMessage = new IncompleteMessage (msg);
-				m_IncomleteMessages[msgID] = incompleteMessage;
-			}	
+				auto msg = NewI2NPShortMessage ();
+				msg->len -= I2NP_SHORT_HEADER_SIZE;
+				it = m_IncompleteMessages.insert (std::make_pair (msgID, 
+					std::unique_ptr<IncompleteMessage>(new IncompleteMessage (msg)))).first;
+			}
+			std::unique_ptr<IncompleteMessage>& incompleteMessage = it->second;
 
 			// handle current fragment
 			if (fragmentNum == incompleteMessage->nextFragmentNum)
 			{
 				// expected fragment
-				memcpy (msg->buf + msg->len, buf, fragmentSize);
-				msg->len += fragmentSize;
-				incompleteMessage->nextFragmentNum++;
+				incompleteMessage->AttachNextFragment (buf, fragmentSize);
 				if (!isLast && !incompleteMessage->savedFragments.empty ())
 				{
 					// try saved fragments
 					for (auto it1 = incompleteMessage->savedFragments.begin (); it1 != incompleteMessage->savedFragments.end ();)
 					{
-						auto savedFragment = *it1;
+						auto& savedFragment = *it1;
 						if (savedFragment->fragmentNum == incompleteMessage->nextFragmentNum)
 						{
-							memcpy (msg->buf + msg->len, savedFragment->buf, savedFragment->len);
-							msg->len += savedFragment->len;
+							incompleteMessage->AttachNextFragment (savedFragment->buf, savedFragment->len);
 							isLast = savedFragment->isLast;
-							incompleteMessage->nextFragmentNum++;
 							incompleteMessage->savedFragments.erase (it1++);
-							delete savedFragment;
 						}
 						else
 							break;
@@ -207,11 +215,10 @@ namespace transport
 					// missing fragment
 					LogPrint (eLogWarning, "Missing fragments from ", (int)incompleteMessage->nextFragmentNum, " to ", fragmentNum - 1, " of message ", msgID);	
 					auto savedFragment = new Fragment (fragmentNum, buf, fragmentSize, isLast);
-					if (!incompleteMessage->savedFragments.insert (savedFragment).second)
-					{
+					if (incompleteMessage->savedFragments.insert (std::unique_ptr<Fragment>(savedFragment)).second)
+						incompleteMessage->lastFragmentInsertTime = i2p::util::GetSecondsSinceEpoch ();
+					else	
 						LogPrint (eLogWarning, "Fragment ", (int)fragmentNum, " of message ", msgID, " already saved");
-						delete savedFragment;
-					}	
 				}
 				isLast = false;
 			}	
@@ -219,8 +226,9 @@ namespace transport
 			if (isLast)
 			{
 				// delete incomplete message
-				delete incompleteMessage;
-				m_IncomleteMessages.erase (msgID);				
+				auto msg = incompleteMessage->msg;
+				incompleteMessage->msg = nullptr;
+				m_IncompleteMessages.erase (msgID);				
 				// process message
 				SendMsgAck (msgID);
 				msg->FromSSU (msgID);
@@ -228,9 +236,12 @@ namespace transport
 				{
 					if (!m_ReceivedMessages.count (msgID))
 					{	
-						if (m_ReceivedMessages.size () > 100) m_ReceivedMessages.clear ();
+						if (m_ReceivedMessages.size () > MAX_NUM_RECEIVED_MESSAGES)
+							m_ReceivedMessages.clear ();
+						else
+							ScheduleDecay ();
 						m_ReceivedMessages.insert (msgID);
-						i2p::HandleI2NPMessage (msg);
+						m_Handler.PutNextMessage (msg);
 					}	
 					else
 					{
@@ -241,13 +252,13 @@ namespace transport
 				else
 				{
 					// we expect DeliveryStatus
-					if (msg->GetHeader ()->typeID == eI2NPDeliveryStatus)
+					if (msg->GetTypeID () == eI2NPDeliveryStatus)
 					{
 						LogPrint ("SSU session established");
 						m_Session.Established ();
 					}	
 					else
-						LogPrint (eLogError, "SSU unexpected message ", (int)msg->GetHeader ()->typeID);
+						LogPrint (eLogError, "SSU unexpected message ", (int)msg->GetTypeID ());
 					DeleteI2NPMessage (msg);
 				}	
 			}	
@@ -257,12 +268,17 @@ namespace transport
 		}	
 	}
 
+	void SSUData::FlushReceivedMessage ()
+	{
+		m_Handler.Flush ();
+	}	
+		
 	void SSUData::ProcessMessage (uint8_t * buf, size_t len)
 	{
 		//uint8_t * start = buf;
 		uint8_t flag = *buf;
 		buf++;
-		LogPrint (eLogDebug, "Process SSU data flags=", (int)flag);
+		LogPrint (eLogDebug, "Process SSU data flags=", (int)flag, " len=", len);
 		// process acks if presented
 		if (flag & (DATA_FLAG_ACK_BITFIELDS_INCLUDED | DATA_FLAG_EXPLICIT_ACKS_INCLUDED))
 			ProcessAcks (buf, flag);
@@ -289,12 +305,15 @@ namespace transport
 		}	
 		if (m_SentMessages.empty ()) // schedule resend at first message only
 			ScheduleResend ();
-		SentMessage * sentMessage = new SentMessage;
-		m_SentMessages[msgID] = sentMessage; 
-		sentMessage->nextResendTime = i2p::util::GetSecondsSinceEpoch () + RESEND_INTERVAL;
-		sentMessage->numResends = 0;
+		
+		auto ret = m_SentMessages.insert (std::make_pair (msgID, std::unique_ptr<SentMessage>(new SentMessage))); 
+		std::unique_ptr<SentMessage>& sentMessage = ret.first->second;
+		if (ret.second)	
+		{
+			sentMessage->nextResendTime = i2p::util::GetSecondsSinceEpoch () + RESEND_INTERVAL;
+			sentMessage->numResends = 0;
+		}	
 		auto& fragments = sentMessage->fragments;
-		msgID = htobe32 (msgID);	
 		size_t payloadSize = m_PacketSize - sizeof (SSUHeader) - 9; // 9  =  flag + #frg(1) + messageID(4) + frag info (3) 
 		size_t len = msg->GetLength ();
 		uint8_t * msgBuf = msg->GetSSUHeader ();
@@ -305,13 +324,12 @@ namespace transport
 			Fragment * fragment = new Fragment;
 			fragment->fragmentNum = fragmentNum;
 			uint8_t * buf = fragment->buf;
-			fragments.push_back (fragment);
 			uint8_t	* payload = buf + sizeof (SSUHeader);
 			*payload = DATA_FLAG_WANT_REPLY; // for compatibility
 			payload++;
 			*payload = 1; // always 1 message fragment per message
 			payload++;
-			*(uint32_t *)payload = msgID;
+			htobe32buf (payload, msgID);
 			payload += 4;
 			bool isLast = (len <= payloadSize);
 			size_t size = isLast ? len : payloadSize;
@@ -329,11 +347,18 @@ namespace transport
 			if (size & 0x0F) // make sure 16 bytes boundary
 				size = ((size >> 4) + 1) << 4; // (/16 + 1)*16
 			fragment->len = size; 
+			fragments.push_back (std::unique_ptr<Fragment> (fragment));
 			
 			// encrypt message with session key
 			m_Session.FillHeaderAndEncrypt (PAYLOAD_TYPE_DATA, buf, size);
-			m_Session.Send (buf, size);
-
+			try
+			{	
+				m_Session.Send (buf, size);
+			}
+			catch (boost::system::system_error& ec)
+			{
+				LogPrint (eLogError, "Can't send SSU fragment ", ec.what ());
+			}	
 			if (!isLast)
 			{	
 				len -= payloadSize;
@@ -396,29 +421,94 @@ namespace transport
 	{		
 		m_ResendTimer.cancel ();
 		m_ResendTimer.expires_from_now (boost::posix_time::seconds(RESEND_INTERVAL));
-		m_ResendTimer.async_wait (boost::bind (&SSUData::HandleResendTimer,
-			this, boost::asio::placeholders::error));
+		auto s = m_Session.shared_from_this();
+		m_ResendTimer.async_wait ([s](const boost::system::error_code& ecode)
+			{ s->m_Data.HandleResendTimer (ecode); });
 	}
-		
+
 	void SSUData::HandleResendTimer (const boost::system::error_code& ecode)
 	{
 		if (ecode != boost::asio::error::operation_aborted)
 		{
 			uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
-			for (auto it : m_SentMessages)
+			for (auto it = m_SentMessages.begin (); it != m_SentMessages.end ();)
 			{
-				if (ts >= it.second->nextResendTime && it.second->numResends < MAX_NUM_RESENDS)
+				if (ts >= it->second->nextResendTime)
 				{	
-					for (auto f: it.second->fragments)
-						if (f) m_Session.Send (f->buf, f->len); // resend
+					if (it->second->numResends < MAX_NUM_RESENDS)
+					{	
+						for (auto& f: it->second->fragments)
+							if (f) 
+							{
+								try
+								{	
+									m_Session.Send (f->buf, f->len); // resend
+								}
+								catch (boost::system::system_error& ec)
+								{
+									LogPrint (eLogError, "Can't resend SSU fragment ", ec.what ());
+								}
+							}	
 
-					it.second->numResends++;
-					it.second->nextResendTime += it.second->numResends*RESEND_INTERVAL;
+						it->second->numResends++;
+						it->second->nextResendTime += it->second->numResends*RESEND_INTERVAL;
+						it++;
+					}	
+					else
+					{
+						LogPrint (eLogError, "SSU message has not been ACKed after ", MAX_NUM_RESENDS, " attempts. Deleted");
+						it = m_SentMessages.erase (it);
+					}	
 				}	
+				else
+					it++;
 			}
 			ScheduleResend ();	
 		}	
 	}	
+
+	void SSUData::ScheduleDecay ()
+	{		
+		m_DecayTimer.cancel ();
+		m_DecayTimer.expires_from_now (boost::posix_time::seconds(DECAY_INTERVAL));
+		auto s = m_Session.shared_from_this();
+		m_ResendTimer.async_wait ([s](const boost::system::error_code& ecode)
+			{ s->m_Data.HandleDecayTimer (ecode); });
+	}	
+
+	void SSUData::HandleDecayTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+			m_ReceivedMessages.clear ();
+	}	
+
+	void SSUData::ScheduleIncompleteMessagesCleanup ()
+	{
+		m_IncompleteMessagesCleanupTimer.cancel ();
+		m_IncompleteMessagesCleanupTimer.expires_from_now (boost::posix_time::seconds(INCOMPLETE_MESSAGES_CLEANUP_TIMEOUT));
+		auto s = m_Session.shared_from_this();
+		m_IncompleteMessagesCleanupTimer.async_wait ([s](const boost::system::error_code& ecode)
+			{ s->m_Data.HandleIncompleteMessagesCleanupTimer (ecode); });
+	}
+		
+	void SSUData::HandleIncompleteMessagesCleanupTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
+			for (auto it = m_IncompleteMessages.begin (); it != m_IncompleteMessages.end ();)
+			{
+				if (ts > it->second->lastFragmentInsertTime + INCOMPLETE_MESSAGES_CLEANUP_TIMEOUT)
+				{
+					LogPrint (eLogError, "SSU message ", it->first, " was not completed  in ", INCOMPLETE_MESSAGES_CLEANUP_TIMEOUT, " seconds. Deleted");
+					it = m_IncompleteMessages.erase (it);
+				}	
+				else
+					it++;
+			}	
+			ScheduleIncompleteMessagesCleanup ();
+		}	
+	}	
 }
 }
 

SSUData.h

@@ -6,6 +6,7 @@
 #include <map>
 #include <vector>
 #include <set>
+#include <memory>
 #include <boost/asio.hpp>
 #include "I2NPProtocol.h"
 #include "Identity.h"
@@ -25,6 +26,9 @@ namespace transport
 	const size_t SSU_V6_MAX_PACKET_SIZE = SSU_MTU_V6 - IPV6_HEADER_SIZE - UDP_HEADER_SIZE; // 1424
 	const int RESEND_INTERVAL = 3; // in seconds
 	const int MAX_NUM_RESENDS = 5;
+	const int DECAY_INTERVAL = 20; // in seconds
+	const int MAX_NUM_RECEIVED_MESSAGES = 1000; // how many msgID we store for duplicates check
+	const int INCOMPLETE_MESSAGES_CLEANUP_TIMEOUT = 30; // in seconds
 	// data flags
 	const uint8_t DATA_FLAG_EXTENDED_DATA_INCLUDED = 0x02;
 	const uint8_t DATA_FLAG_WANT_REPLY = 0x04;
@@ -47,7 +51,7 @@ namespace transport
 
 	struct FragmentCmp
 	{
-		bool operator() (const Fragment * f1, const Fragment * f2) const
+		bool operator() (const std::unique_ptr<Fragment>& f1, const std::unique_ptr<Fragment>& f2) const
   		{	
 			return f1->fragmentNum < f2->fragmentNum; 
 		};
@@ -57,19 +61,19 @@ namespace transport
 	{
 		I2NPMessage * msg;
 		int nextFragmentNum;	
-		std::set<Fragment *, FragmentCmp> savedFragments;
+		uint32_t lastFragmentInsertTime; // in seconds
+		std::set<std::unique_ptr<Fragment>, FragmentCmp> savedFragments;
 		
-		IncompleteMessage (I2NPMessage * m): msg (m), nextFragmentNum (0) {};
-		~IncompleteMessage () { for (auto it: savedFragments) { delete it; }; };
+		IncompleteMessage (I2NPMessage * m): msg (m), nextFragmentNum (0), lastFragmentInsertTime (0) {};
+		~IncompleteMessage () { if (msg) DeleteI2NPMessage (msg); };
+		void AttachNextFragment (const uint8_t * fragment, size_t fragmentSize);	
 	};
 
 	struct SentMessage
 	{
-		std::vector<Fragment *> fragments;
+		std::vector<std::unique_ptr<Fragment> > fragments;
 		uint32_t nextResendTime; // in seconds
 		int numResends;
-
-		~SentMessage () { for (auto it: fragments) { delete it; }; };
 	};	
 	
 	class SSUSession;
@@ -80,7 +84,11 @@ namespace transport
 			SSUData (SSUSession& session);
 			~SSUData ();
 
+			void Start ();
+			void Stop ();	
+			
 			void ProcessMessage (uint8_t * buf, size_t len);
+			void FlushReceivedMessage ();
 			void Send (i2p::I2NPMessage * msg);
 
 			void UpdatePacketSize (const i2p::data::IdentHash& remoteIdent);
@@ -95,17 +103,24 @@ namespace transport
 
 			void ScheduleResend ();
 			void HandleResendTimer (const boost::system::error_code& ecode);	
+
+			void ScheduleDecay ();
+			void HandleDecayTimer (const boost::system::error_code& ecode);	
+
+			void ScheduleIncompleteMessagesCleanup ();
+			void HandleIncompleteMessagesCleanupTimer (const boost::system::error_code& ecode);	
 			
 			void AdjustPacketSize (const i2p::data::RouterInfo& remoteRouter);	
 			
 		private:	
 
 			SSUSession& m_Session;
-			std::map<uint32_t, IncompleteMessage *> m_IncomleteMessages;
-			std::map<uint32_t, SentMessage *> m_SentMessages;
+			std::map<uint32_t, std::unique_ptr<IncompleteMessage> > m_IncompleteMessages;
+			std::map<uint32_t, std::unique_ptr<SentMessage> > m_SentMessages;
 			std::set<uint32_t> m_ReceivedMessages;
-			boost::asio::deadline_timer m_ResendTimer;
+			boost::asio::deadline_timer m_ResendTimer, m_DecayTimer, m_IncompleteMessagesCleanupTimer;
 			int m_MaxPacketSize, m_PacketSize;
+			i2p::I2NPMessagesHandler m_Handler;
 	};	
 }
 }

SSUSession.h

@@ -0,0 +1,159 @@
+#ifndef SSU_SESSION_H__
+#define SSU_SESSION_H__
+
+#include <inttypes.h>
+#include <set>
+#include <memory>
+#include "aes.h"
+#include "hmac.h"
+#include "I2NPProtocol.h"
+#include "TransportSession.h"
+#include "SSUData.h"
+
+namespace i2p
+{
+namespace transport
+{
+#pragma pack(1)
+	struct SSUHeader
+	{
+		uint8_t mac[16];
+		uint8_t iv[16];
+		uint8_t flag;
+		uint32_t time;	
+
+		uint8_t GetPayloadType () const { return flag >> 4; };
+	};
+#pragma pack()
+
+	const int SSU_CONNECT_TIMEOUT = 5; // 5 seconds
+	const int SSU_TERMINATION_TIMEOUT = 330; // 5.5 minutes
+
+	// payload types (4 bits)
+	const uint8_t PAYLOAD_TYPE_SESSION_REQUEST = 0;
+	const uint8_t PAYLOAD_TYPE_SESSION_CREATED = 1;
+	const uint8_t PAYLOAD_TYPE_SESSION_CONFIRMED = 2;
+	const uint8_t PAYLOAD_TYPE_RELAY_REQUEST = 3;
+	const uint8_t PAYLOAD_TYPE_RELAY_RESPONSE = 4;
+	const uint8_t PAYLOAD_TYPE_RELAY_INTRO = 5;
+	const uint8_t PAYLOAD_TYPE_DATA = 6;
+	const uint8_t PAYLOAD_TYPE_PEER_TEST = 7;
+	const uint8_t PAYLOAD_TYPE_SESSION_DESTROYED = 8;
+
+	enum SessionState
+	{
+		eSessionStateUnknown,	
+		eSessionStateIntroduced,
+		eSessionStateEstablished,
+		eSessionStateClosed,
+		eSessionStateFailed
+	};	
+
+	enum PeerTestParticipant
+	{
+		ePeerTestParticipantUnknown = 0,
+		ePeerTestParticipantAlice1,
+		ePeerTestParticipantAlice2,
+		ePeerTestParticipantBob,
+		ePeerTestParticipantCharlie
+	};
+	
+	class SSUServer;
+	class SSUSession: public TransportSession, public std::enable_shared_from_this<SSUSession>
+	{
+		public:
+
+			SSUSession (SSUServer& server, boost::asio::ip::udp::endpoint& remoteEndpoint,
+				std::shared_ptr<const i2p::data::RouterInfo> router = nullptr, bool peerTest = false);
+			void ProcessNextMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);		
+			~SSUSession ();
+			
+			void Connect ();
+			void WaitForConnect ();
+			void Introduce (uint32_t iTag, const uint8_t * iKey);
+			void WaitForIntroduction ();
+			void Close ();
+			void Done ();
+			boost::asio::ip::udp::endpoint& GetRemoteEndpoint () { return m_RemoteEndpoint; };
+			bool IsV6 () const { return m_RemoteEndpoint.address ().is_v6 (); };
+			void SendI2NPMessage (I2NPMessage * msg);
+			void SendI2NPMessages (const std::vector<I2NPMessage *>& msgs);
+			void SendPeerTest (); // Alice			
+
+			SessionState GetState () const  { return m_State; };
+			size_t GetNumSentBytes () const { return m_NumSentBytes; };
+			size_t GetNumReceivedBytes () const { return m_NumReceivedBytes; };
+			
+			void SendKeepAlive ();	
+			uint32_t GetRelayTag () const { return m_RelayTag; };	
+			uint32_t GetCreationTime () const { return m_CreationTime; };
+
+			void FlushData ();
+			
+		private:
+
+			boost::asio::io_service& GetService ();
+			void CreateAESandMacKey (const uint8_t * pubKey); 
+
+			void PostI2NPMessage (I2NPMessage * msg);
+			void PostI2NPMessages (std::vector<I2NPMessage *> msgs);
+			void ProcessMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint); // call for established session
+			void ProcessSessionRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
+			void SendSessionRequest ();
+			void SendRelayRequest (uint32_t iTag, const uint8_t * iKey);
+			void ProcessSessionCreated (uint8_t * buf, size_t len);
+			void SendSessionCreated (const uint8_t * x);
+			void ProcessSessionConfirmed (uint8_t * buf, size_t len);
+			void SendSessionConfirmed (const uint8_t * y, const uint8_t * ourAddress, size_t ourAddressLen);
+			void ProcessRelayRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& from);
+			void SendRelayResponse (uint32_t nonce, const boost::asio::ip::udp::endpoint& from,
+				const uint8_t * introKey, const boost::asio::ip::udp::endpoint& to);
+			void SendRelayIntro (SSUSession * session, const boost::asio::ip::udp::endpoint& from);
+			void ProcessRelayResponse (uint8_t * buf, size_t len);
+			void ProcessRelayIntro (uint8_t * buf, size_t len);
+			void Established ();
+			void Failed ();
+			void ScheduleConnectTimer ();
+			void HandleConnectTimer (const boost::system::error_code& ecode);
+			void ProcessPeerTest (const uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
+			void SendPeerTest (uint32_t nonce, uint32_t address, uint16_t port, const uint8_t * introKey, bool toAddress = true, bool sendAddress = true); 
+			void ProcessData (uint8_t * buf, size_t len);		
+			void SendSesionDestroyed ();
+			void Send (uint8_t type, const uint8_t * payload, size_t len); // with session key
+			void Send (const uint8_t * buf, size_t size); 
+			
+			void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, const uint8_t * aesKey, const uint8_t * iv, const uint8_t * macKey);
+			void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len); // with session key 
+			void Decrypt (uint8_t * buf, size_t len, const uint8_t * aesKey);
+			void DecryptSessionKey (uint8_t * buf, size_t len);
+			bool Validate (uint8_t * buf, size_t len, const uint8_t * macKey);			
+			const uint8_t * GetIntroKey () const; 
+
+			void ScheduleTermination ();
+			void HandleTerminationTimer (const boost::system::error_code& ecode);
+
+		private:
+	
+			friend class SSUData; // TODO: change in later
+			SSUServer& m_Server;
+			boost::asio::ip::udp::endpoint m_RemoteEndpoint;
+			boost::asio::deadline_timer m_Timer;
+			bool m_PeerTest;
+			SessionState m_State;
+			bool m_IsSessionKey;
+			uint32_t m_RelayTag;	
+			i2p::crypto::CBCEncryption m_SessionKeyEncryption;
+			i2p::crypto::CBCDecryption m_SessionKeyDecryption;
+			i2p::crypto::AESKey m_SessionKey;
+			i2p::crypto::MACKey m_MacKey;
+			uint32_t m_CreationTime; // seconds since epoch
+			SSUData m_Data;
+			bool m_IsDataReceived;
+	};
+
+
+}
+}
+
+#endif
+

Signature.h

@@ -3,6 +3,7 @@
 
 #include <inttypes.h>
 #include <cryptopp/dsa.h>
+#include <cryptopp/rsa.h>
 #include <cryptopp/asn.h>
 #include <cryptopp/oids.h>
 #include <cryptopp/osrng.h>
@@ -21,6 +22,7 @@ namespace crypto
 			virtual bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const = 0;
 			virtual size_t GetPublicKeyLen () const = 0;
 			virtual size_t GetSignatureLen () const = 0;
+			virtual size_t GetPrivateKeyLen () const { return GetSignatureLen ()/2; };
 	};
 
 	class Signer
@@ -87,67 +89,327 @@ namespace crypto
 		publicKey.GetPublicElement ().Encode (signingPublicKey, DSA_PUBLIC_KEY_LENGTH);
 	}	
 
-
-	const size_t ECDSAP256_PUBLIC_KEY_LENGTH = 64;
-	const size_t ECDSAP256_PUBLIC_KEY_HALF_LENGTH = ECDSAP256_PUBLIC_KEY_LENGTH/2;
-	const size_t ECDSAP256_SIGNATURE_LENGTH = 64;
-	const size_t ECDSAP256_PRIVATE_KEY_LENGTH = ECDSAP256_SIGNATURE_LENGTH/2;		
-	class ECDSAP256Verifier: public Verifier
-	{
+	template<typename Hash, size_t keyLen>
+	class ECDSAVerifier: public Verifier
+	{		
 		public:
 
-			ECDSAP256Verifier (const uint8_t * signingKey)
+			template<typename Curve>
+			ECDSAVerifier (Curve curve, const uint8_t * signingKey)
 			{
-				m_PublicKey.Initialize (CryptoPP::ASN1::secp256r1(), 
-					CryptoPP::ECP::Point (CryptoPP::Integer (signingKey, ECDSAP256_PUBLIC_KEY_HALF_LENGTH), 
-					CryptoPP::Integer (signingKey + ECDSAP256_PUBLIC_KEY_HALF_LENGTH, ECDSAP256_PUBLIC_KEY_HALF_LENGTH)));
-			}			
+				m_PublicKey.Initialize (curve, 
+					CryptoPP::ECP::Point (CryptoPP::Integer (signingKey, keyLen/2), 
+					CryptoPP::Integer (signingKey + keyLen/2, keyLen/2)));
+			}
 
 			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
 			{
-				CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::Verifier verifier (m_PublicKey);
-				return verifier.VerifyMessage (buf, len, signature, ECDSAP256_SIGNATURE_LENGTH);
+				typename CryptoPP::ECDSA<CryptoPP::ECP, Hash>::Verifier verifier (m_PublicKey);
+				return verifier.VerifyMessage (buf, len, signature, keyLen); // signature length
 			}	
 
-			size_t GetPublicKeyLen () const { return ECDSAP256_PUBLIC_KEY_LENGTH; };
-			size_t GetSignatureLen () const { return ECDSAP256_SIGNATURE_LENGTH; };
+			size_t GetPublicKeyLen () const { return keyLen; };
+			size_t GetSignatureLen () const { return keyLen; }; // signature length = key length
 			
 		private:
 
-			CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::PublicKey m_PublicKey;
-	};	
+			typename CryptoPP::ECDSA<CryptoPP::ECP, Hash>::PublicKey m_PublicKey;
+	};
 
-	class ECDSAP256Signer: public Signer
+	template<typename Hash>
+	class ECDSASigner: public Signer
 	{
 		public:
 
-			ECDSAP256Signer (const uint8_t * signingPrivateKey)
+			template<typename Curve>
+			ECDSASigner (Curve curve, const uint8_t * signingPrivateKey, size_t keyLen)
 			{
-				m_PrivateKey.Initialize (CryptoPP::ASN1::secp256r1(), CryptoPP::Integer (signingPrivateKey, ECDSAP256_PRIVATE_KEY_LENGTH));
+				m_PrivateKey.Initialize (curve, CryptoPP::Integer (signingPrivateKey, keyLen/2)); // private key length
 			}
 
 			void Sign (CryptoPP::RandomNumberGenerator& rnd, const uint8_t * buf, int len, uint8_t * signature) const
 			{
-				CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::Signer signer (m_PrivateKey);
+				typename CryptoPP::ECDSA<CryptoPP::ECP, Hash>::Signer signer (m_PrivateKey);
 				signer.SignMessage (rnd, buf, len, signature);
 			}
 
 		private:
 
-			CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::PrivateKey m_PrivateKey;
+			typename CryptoPP::ECDSA<CryptoPP::ECP, Hash>::PrivateKey m_PrivateKey;
+	};
+
+	template<typename Hash, typename Curve>
+	inline void CreateECDSARandomKeys (CryptoPP::RandomNumberGenerator& rnd, Curve curve, 
+		size_t keyLen, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
+	{
+		typename CryptoPP::ECDSA<CryptoPP::ECP, Hash>::PrivateKey privateKey;
+		typename CryptoPP::ECDSA<CryptoPP::ECP, Hash>::PublicKey publicKey;
+		privateKey.Initialize (rnd, curve);
+		privateKey.MakePublicKey (publicKey);
+		privateKey.GetPrivateExponent ().Encode (signingPrivateKey, keyLen/2);	
+		auto q = publicKey.GetPublicElement ();
+		q.x.Encode (signingPublicKey, keyLen/2);
+		q.y.Encode (signingPublicKey + keyLen/2, keyLen/2);
+	}	
+
+// ECDSA_SHA256_P256
+	const size_t ECDSAP256_KEY_LENGTH = 64;	
+	class ECDSAP256Verifier: public ECDSAVerifier<CryptoPP::SHA256, ECDSAP256_KEY_LENGTH>
+	{
+		public:
+
+			ECDSAP256Verifier (const uint8_t * signingKey): 
+				ECDSAVerifier (CryptoPP::ASN1::secp256r1(), signingKey)
+			{
+			}			
+	};	
+
+	class ECDSAP256Signer: public ECDSASigner<CryptoPP::SHA256>
+	{
+		public:
+
+			ECDSAP256Signer (const uint8_t * signingPrivateKey):
+				ECDSASigner (CryptoPP::ASN1::secp256r1(), signingPrivateKey, ECDSAP256_KEY_LENGTH)
+			{
+			}
 	};
 
 	inline void CreateECDSAP256RandomKeys (CryptoPP::RandomNumberGenerator& rnd, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
 	{
-		CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::PrivateKey privateKey;
-		CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::PublicKey publicKey;
-		privateKey.Initialize (rnd, CryptoPP::ASN1::secp256r1());
-		privateKey.MakePublicKey (publicKey);
-		privateKey.GetPrivateExponent ().Encode (signingPrivateKey, ECDSAP256_PRIVATE_KEY_LENGTH);	
-		auto q = publicKey.GetPublicElement ();
-		q.x.Encode (signingPublicKey, ECDSAP256_PUBLIC_KEY_HALF_LENGTH);
-		q.y.Encode (signingPublicKey + ECDSAP256_PUBLIC_KEY_HALF_LENGTH, ECDSAP256_PUBLIC_KEY_HALF_LENGTH);
+		CreateECDSARandomKeys<CryptoPP::SHA256> (rnd, CryptoPP::ASN1::secp256r1(), ECDSAP256_KEY_LENGTH, signingPrivateKey, signingPublicKey);
 	}	
+
+// ECDSA_SHA384_P384
+	const size_t ECDSAP384_KEY_LENGTH = 96;
+	class ECDSAP384Verifier: public ECDSAVerifier<CryptoPP::SHA384, ECDSAP384_KEY_LENGTH>
+	{
+		public:
+
+			ECDSAP384Verifier (const uint8_t * signingKey): 
+				ECDSAVerifier (CryptoPP::ASN1::secp384r1(), signingKey)
+			{
+			}			
+	};	
+
+	class ECDSAP384Signer: public ECDSASigner<CryptoPP::SHA384>
+	{
+		public:
+
+			ECDSAP384Signer (const uint8_t * signingPrivateKey):
+				ECDSASigner (CryptoPP::ASN1::secp384r1(), signingPrivateKey, ECDSAP384_KEY_LENGTH)
+			{
+			}
+	};
+
+	inline void CreateECDSAP384RandomKeys (CryptoPP::RandomNumberGenerator& rnd, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
+	{
+		CreateECDSARandomKeys<CryptoPP::SHA384> (rnd, CryptoPP::ASN1::secp384r1(), ECDSAP384_KEY_LENGTH, signingPrivateKey, signingPublicKey);
+	}	
+
+// ECDSA_SHA512_P521
+	const size_t ECDSAP521_KEY_LENGTH = 132;
+	class ECDSAP521Verifier: public ECDSAVerifier<CryptoPP::SHA512, ECDSAP521_KEY_LENGTH>
+	{
+		public:
+
+			ECDSAP521Verifier (const uint8_t * signingKey): 
+				ECDSAVerifier (CryptoPP::ASN1::secp521r1(), signingKey)
+			{
+			}			
+	};	
+
+	class ECDSAP521Signer: public ECDSASigner<CryptoPP::SHA512>
+	{
+		public:
+
+			ECDSAP521Signer (const uint8_t * signingPrivateKey):
+				ECDSASigner (CryptoPP::ASN1::secp521r1(), signingPrivateKey, ECDSAP521_KEY_LENGTH)
+			{
+			}
+	};
+
+	inline void CreateECDSAP521RandomKeys (CryptoPP::RandomNumberGenerator& rnd, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
+	{
+		CreateECDSARandomKeys<CryptoPP::SHA512> (rnd, CryptoPP::ASN1::secp521r1(), ECDSAP521_KEY_LENGTH, signingPrivateKey, signingPublicKey);
+	}
+
+// RSA
+	template<typename Hash, size_t keyLen>	
+	class RSAVerifier: public Verifier
+	{
+		public:
+
+			RSAVerifier (const uint8_t * signingKey)
+			{
+				m_PublicKey.Initialize (CryptoPP::Integer (signingKey, keyLen), CryptoPP::Integer (rsae));
+			}
+
+			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const 
+			{
+				typename CryptoPP::RSASS<CryptoPP::PKCS1v15, Hash>::Verifier verifier (m_PublicKey);
+				return verifier.VerifyMessage (buf, len, signature, keyLen); // signature length
+			}
+			size_t GetPublicKeyLen () const { return keyLen; }
+			size_t GetSignatureLen () const { return keyLen; }	
+			size_t GetPrivateKeyLen () const { return GetSignatureLen ()*2; };
+
+		private:
+			
+			CryptoPP::RSA::PublicKey m_PublicKey;			
+	};	
+
+	
+	template<typename Hash>
+	class RSASigner: public Signer
+	{
+		public:
+
+			RSASigner (const uint8_t * signingPrivateKey, size_t keyLen)
+			{
+				m_PrivateKey.Initialize (CryptoPP::Integer (signingPrivateKey, keyLen/2),
+				    rsae,                 			
+					CryptoPP::Integer (signingPrivateKey + keyLen/2, keyLen/2));
+			}
+
+			void Sign (CryptoPP::RandomNumberGenerator& rnd, const uint8_t * buf, int len, uint8_t * signature) const
+			{
+				typename CryptoPP::RSASS<CryptoPP::PKCS1v15, Hash>::Signer signer (m_PrivateKey);
+				signer.SignMessage (rnd, buf, len, signature);
+			}
+			
+		private:
+
+			CryptoPP::RSA::PrivateKey m_PrivateKey;
+	};		
+
+	inline void CreateRSARandomKeys (CryptoPP::RandomNumberGenerator& rnd, 
+		size_t publicKeyLen, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
+	{
+		CryptoPP::RSA::PrivateKey privateKey;
+		privateKey.Initialize (rnd, publicKeyLen*8, rsae);
+		privateKey.GetModulus ().Encode (signingPrivateKey, publicKeyLen);	
+		privateKey.GetPrivateExponent ().Encode (signingPrivateKey + publicKeyLen, publicKeyLen);	
+		privateKey.GetModulus ().Encode (signingPublicKey, publicKeyLen);
+	}	
+
+	
+//  RSA_SHA256_2048
+	const size_t RSASHA2562048_KEY_LENGTH = 256;
+	class RSASHA2562048Verifier: public RSAVerifier<CryptoPP::SHA256, RSASHA2562048_KEY_LENGTH> 
+	{
+		public:
+
+			RSASHA2562048Verifier (const uint8_t * signingKey): RSAVerifier (signingKey) 
+			{
+			}
+	};
+
+	class RSASHA2562048Signer: public RSASigner<CryptoPP::SHA256> 
+	{
+		public:
+
+			RSASHA2562048Signer (const uint8_t * signingPrivateKey): 
+				RSASigner (signingPrivateKey, RSASHA2562048_KEY_LENGTH*2) 
+			{
+			}
+	};
+
+//  RSA_SHA384_3072
+	const size_t RSASHA3843072_KEY_LENGTH = 384;
+	class RSASHA3843072Verifier: public RSAVerifier<CryptoPP::SHA384, RSASHA3843072_KEY_LENGTH> 
+	{
+		public:
+
+			RSASHA3843072Verifier (const uint8_t * signingKey): RSAVerifier (signingKey) 
+			{
+			}
+	};
+
+	class RSASHA3843072Signer: public RSASigner<CryptoPP::SHA384> 
+	{
+		public:
+
+			RSASHA3843072Signer (const uint8_t * signingPrivateKey): 
+				RSASigner (signingPrivateKey, RSASHA3843072_KEY_LENGTH*2) 
+			{
+			}
+	};
+
+//  RSA_SHA512_4096
+	const size_t RSASHA5124096_KEY_LENGTH = 512;
+	class RSASHA5124096Verifier: public RSAVerifier<CryptoPP::SHA512, RSASHA5124096_KEY_LENGTH> 
+	{
+		public:
+
+			RSASHA5124096Verifier (const uint8_t * signingKey): RSAVerifier (signingKey) 
+			{
+			}
+	};
+
+	class RSASHA5124096Signer: public RSASigner<CryptoPP::SHA512> 
+	{
+		public:
+
+			RSASHA5124096Signer (const uint8_t * signingPrivateKey): 
+				RSASigner (signingPrivateKey, RSASHA5124096_KEY_LENGTH*2) 
+			{
+			}
+	};
+
+// Raw verifiers	
+	class RawVerifier
+	{
+		public:
+			
+			virtual ~RawVerifier () {};
+			virtual void Update (const uint8_t * buf, size_t len) = 0;
+			virtual bool Verify (const uint8_t * signature) = 0;
+	};		
+
+	template<typename Hash, size_t keyLen>
+	class RSARawVerifier: public RawVerifier
+	{
+		public:
+
+			RSARawVerifier (const uint8_t * signingKey):
+				n (signingKey, keyLen)
+			{
+			}
+
+			void Update (const uint8_t * buf, size_t len)
+			{
+				m_Hash.Update (buf, len);
+			}
+			
+			bool Verify (const uint8_t * signature)
+			{
+				// RSA encryption first
+				CryptoPP::Integer enSig (a_exp_b_mod_c (CryptoPP::Integer (signature, keyLen), 
+					CryptoPP::Integer (i2p::crypto::rsae), n)); // s^e mod n 
+				uint8_t enSigBuf[keyLen];
+				enSig.Encode (enSigBuf, keyLen);
+
+				uint8_t digest[Hash::DIGESTSIZE];
+				m_Hash.Final (digest);
+				if ((int)keyLen < Hash::DIGESTSIZE) return false; // can't verify digest longer than key
+				// we assume digest is right aligned, at least for PKCS#1 v1.5 padding 
+				return !memcmp (enSigBuf + (keyLen - Hash::DIGESTSIZE), digest, Hash::DIGESTSIZE); 				
+			}
+
+		private:
+
+			CryptoPP::Integer n; // RSA modulus	
+			Hash m_Hash;
+	};	
+
+	class RSASHA5124096RawVerifier: public RSARawVerifier<CryptoPP::SHA512, RSASHA5124096_KEY_LENGTH> 
+	{
+		public:
+
+			RSASHA5124096RawVerifier (const uint8_t * signingKey): RSARawVerifier (signingKey) 
+			{
+			}
+	};
 }
 }
 

Streaming.cpp

@@ -12,48 +12,55 @@ namespace i2p
 namespace stream
 {
 	Stream::Stream (boost::asio::io_service& service, StreamingDestination& local, 
-		const i2p::data::LeaseSet& remote, int port): m_Service (service), m_SendStreamID (0), 
-		m_SequenceNumber (0), m_LastReceivedSequenceNumber (-1), m_IsOpen (false), 
-		m_IsReset (false), m_IsAckSendScheduled (false), m_LocalDestination (local), 
-		m_RemoteLeaseSet (&remote), m_RoutingSession (nullptr), m_ReceiveTimer (m_Service),
-		m_ResendTimer (m_Service), m_AckSendTimer (m_Service), m_NumSentBytes (0), 
-		m_NumReceivedBytes (0), m_Port (port)
+		std::shared_ptr<const i2p::data::LeaseSet> remote, int port): m_Service (service),
+		m_SendStreamID (0), m_SequenceNumber (0), m_LastReceivedSequenceNumber (-1), 
+		m_Status (eStreamStatusNew), m_IsAckSendScheduled (false), m_LocalDestination (local), 
+		m_RemoteLeaseSet (remote), m_ReceiveTimer (m_Service), m_ResendTimer (m_Service), 
+		m_AckSendTimer (m_Service),  m_NumSentBytes (0), m_NumReceivedBytes (0), m_Port (port), 
+		m_WindowSize (MIN_WINDOW_SIZE), m_RTT (INITIAL_RTT), m_RTO (INITIAL_RTO),
+		m_LastWindowSizeIncreaseTime (0), m_NumResendAttempts (0)
 	{
 		m_RecvStreamID = i2p::context.GetRandomNumberGenerator ().GenerateWord32 ();
+		m_RemoteIdentity = remote->GetIdentity ();
 		UpdateCurrentRemoteLease ();
 	}	
 
 	Stream::Stream (boost::asio::io_service& service, StreamingDestination& local):
 		m_Service (service), m_SendStreamID (0), m_SequenceNumber (0), m_LastReceivedSequenceNumber (-1), 
-		m_IsOpen (false), m_IsReset (false), m_IsAckSendScheduled (false), m_LocalDestination (local),
-		m_RemoteLeaseSet (nullptr), m_RoutingSession (nullptr), m_ReceiveTimer (m_Service), 
-		m_ResendTimer (m_Service), m_AckSendTimer (m_Service), m_NumSentBytes (0), 
-		m_NumReceivedBytes (0), m_Port (0)
+		m_Status (eStreamStatusNew), m_IsAckSendScheduled (false), m_LocalDestination (local),
+		m_ReceiveTimer (m_Service), m_ResendTimer (m_Service), m_AckSendTimer (m_Service), 
+		m_NumSentBytes (0), m_NumReceivedBytes (0), m_Port (0),  m_WindowSize (MIN_WINDOW_SIZE), 
+		m_RTT (INITIAL_RTT), m_RTO (INITIAL_RTO), m_LastWindowSizeIncreaseTime (0), m_NumResendAttempts (0)
 	{
 		m_RecvStreamID = i2p::context.GetRandomNumberGenerator ().GenerateWord32 ();
 	}
 
 	Stream::~Stream ()
 	{	
-		m_AckSendTimer.cancel ();
+		Terminate ();
 		while (!m_ReceiveQueue.empty ())
 		{
 			auto packet = m_ReceiveQueue.front ();
 			m_ReceiveQueue.pop ();
 			delete packet;
-		}	
-		m_ReceiveTimer.cancel ();
-					
+		}
+		
 		for (auto it: m_SentPackets)
 			delete it;
 		m_SentPackets.clear ();
-		m_ResendTimer.cancel ();
-
+		
 		for (auto it: m_SavedPackets)
 			delete it;
 		m_SavedPackets.clear ();
-		
-		Close ();
+			
+		LogPrint (eLogDebug, "Stream deleted");
+	}	
+
+	void Stream::Terminate ()
+	{
+		m_AckSendTimer.cancel ();
+		m_ReceiveTimer.cancel ();
+		m_ResendTimer.cancel ();
 	}	
 		
 	void Stream::HandleNextPacket (Packet * packet)
@@ -70,12 +77,12 @@ namespace stream
 		if (!receivedSeqn && !isSyn)
 		{
 			// plain ack
-			LogPrint ("Plain ACK received");
+			LogPrint (eLogDebug, "Plain ACK received");
 			delete packet;
 			return;
 		}
 
-		LogPrint ("Received seqn=", receivedSeqn); 
+		LogPrint (eLogDebug, "Received seqn=", receivedSeqn); 
 		if (isSyn || receivedSeqn == m_LastReceivedSequenceNumber + 1)
 		{			
 			// we have received next in sequence message
@@ -96,36 +103,52 @@ namespace stream
 			}
 
 			// schedule ack for last message
-			if (m_IsOpen)
+			if (m_Status == eStreamStatusOpen)
 			{
 				if (!m_IsAckSendScheduled)
 				{
 					m_IsAckSendScheduled = true;
 					m_AckSendTimer.expires_from_now (boost::posix_time::milliseconds(ACK_SEND_TIMEOUT));
-					m_AckSendTimer.async_wait (boost::bind (&Stream::HandleAckSendTimer,
-						this, boost::asio::placeholders::error));
+					m_AckSendTimer.async_wait (std::bind (&Stream::HandleAckSendTimer,
+						shared_from_this (), std::placeholders::_1));
 				}
 			}	
 			else if (isSyn)
 				// we have to send SYN back to incoming connection
-				Send (nullptr, 0); // also sets m_IsOpen				
+				SendBuffer (); // also sets m_IsOpen				
 		}	
 		else 
 		{	
 			if (receivedSeqn <= m_LastReceivedSequenceNumber)
 			{
-				// we have received duplicate. Most likely our outbound tunnel is dead
-				LogPrint ("Duplicate message ", receivedSeqn, " received");
-				m_LocalDestination.GetOwner ().ResetCurrentOutboundTunnel (); // pick another outbound tunnel 
-				UpdateCurrentRemoteLease (); // pick another lease
+				// we have received duplicate
+				LogPrint (eLogWarning, "Duplicate message ", receivedSeqn, " received");
 				SendQuickAck (); // resend ack for previous message again
 				delete packet; // packet dropped
 			}	
 			else
 			{
-				LogPrint ("Missing messages from ", m_LastReceivedSequenceNumber + 1, " to ", receivedSeqn - 1);
+				LogPrint (eLogWarning, "Missing messages from ", m_LastReceivedSequenceNumber + 1, " to ", receivedSeqn - 1);
 				// save message and wait for missing message again
 				SavePacket (packet);
+				if (m_LastReceivedSequenceNumber >= 0)
+				{	
+					// send NACKs for missing messages ASAP
+					if (m_IsAckSendScheduled)
+					{
+						m_IsAckSendScheduled = false;	
+						m_AckSendTimer.cancel ();
+					}
+					SendQuickAck ();
+				}	
+				else
+				{
+					// wait for SYN
+					m_IsAckSendScheduled = true;
+					m_AckSendTimer.expires_from_now (boost::posix_time::milliseconds(ACK_SEND_TIMEOUT));
+					m_AckSendTimer.async_wait (std::bind (&Stream::HandleAckSendTimer,
+						shared_from_this (), std::placeholders::_1));
+				}			
 			}	
 		}	
 	}	
@@ -140,11 +163,11 @@ namespace stream
 		// process flags
 		uint32_t receivedSeqn = packet->GetSeqn ();
 		uint16_t flags = packet->GetFlags ();
-		LogPrint ("Process seqn=", receivedSeqn, ", flags=", flags);
+		LogPrint (eLogDebug, "Process seqn=", receivedSeqn, ", flags=", flags);
 		
 		const uint8_t * optionData = packet->GetOptionData ();
 		if (flags & PACKET_FLAG_SYNCHRONIZE)
-			LogPrint ("Synchronize");
+			LogPrint (eLogDebug, "Synchronize");
 
 		if (flags & PACKET_FLAG_DELAY_REQUESTED)
 		{
@@ -154,28 +177,28 @@ namespace stream
 		if (flags & PACKET_FLAG_FROM_INCLUDED)
 		{
 			optionData += m_RemoteIdentity.FromBuffer (optionData, packet->GetOptionSize ());
-			LogPrint ("From identity ", m_RemoteIdentity.GetIdentHash ().ToBase64 ());		
+			LogPrint (eLogInfo, "From identity ", m_RemoteIdentity.GetIdentHash ().ToBase64 ());		
 			if (!m_RemoteLeaseSet)
-				LogPrint ("Incoming stream from ", m_RemoteIdentity.GetIdentHash ().ToBase64 ());
+				LogPrint (eLogDebug, "Incoming stream from ", m_RemoteIdentity.GetIdentHash ().ToBase64 ());
 		}	
 
 		if (flags & PACKET_FLAG_MAX_PACKET_SIZE_INCLUDED)
 		{
-			uint16_t maxPacketSize = be16toh (*(uint16_t *)optionData);
-			LogPrint ("Max packet size ", maxPacketSize);
+			uint16_t maxPacketSize = bufbe16toh (optionData);
+			LogPrint (eLogDebug, "Max packet size ", maxPacketSize);
 			optionData += 2;
 		}	
 		
 		if (flags & PACKET_FLAG_SIGNATURE_INCLUDED)
 		{
-			LogPrint ("Signature");
+			LogPrint (eLogDebug, "Signature");
 			uint8_t signature[256]; 
 			auto signatureLen = m_RemoteIdentity.GetSignatureLen ();
 			memcpy (signature, optionData, signatureLen);
 			memset (const_cast<uint8_t *>(optionData), 0, signatureLen);
 			if (!m_RemoteIdentity.Verify (packet->GetBuffer (), packet->GetLength (), signature))
 			{  
-				LogPrint ("Signature verification failed");
+				LogPrint (eLogError, "Signature verification failed");
 			    Close ();
 				flags |= PACKET_FLAG_CLOSE;
 			}	
@@ -196,18 +219,16 @@ namespace stream
 
 		if (flags & PACKET_FLAG_CLOSE)
 		{
-			LogPrint ("Closed");
-			SendQuickAck (); // send ack for close explicitly?
-			m_IsOpen = false;
-			m_IsReset = true;
-			m_ReceiveTimer.cancel ();
-			m_ResendTimer.cancel ();
-			m_AckSendTimer.cancel ();
+			LogPrint (eLogInfo, "Closed");
+			m_Status = eStreamStatusReset;
+			Close ();
 		}
 	}	
 
 	void Stream::ProcessAck (Packet * packet)
 	{
+		bool acknowledged = false;
+		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 		uint32_t ackThrough = packet->GetAckThrough ();
 		int nackCount = packet->GetNACKCount ();
 		for (auto it = m_SentPackets.begin (); it != m_SentPackets.end ();)
@@ -226,157 +247,280 @@ namespace stream
 						}
 					if (nacked)
 					{
-						LogPrint ("Packet ", seqn, " NACK");
+						LogPrint (eLogDebug, "Packet ", seqn, " NACK");
 						it++;
 						continue;
 					}	
 				}
 				auto sentPacket = *it;
-				LogPrint ("Packet ", seqn, " acknowledged");
+				uint64_t rtt = ts - sentPacket->sendTime;
+				m_RTT = (m_RTT*seqn + rtt)/(seqn + 1);
+				m_RTO = m_RTT*1.5; // TODO: implement it better
+				LogPrint (eLogDebug, "Packet ", seqn, " acknowledged rtt=", rtt);
 				m_SentPackets.erase (it++);
 				delete sentPacket;	
+				acknowledged = true;
+				if (m_WindowSize < WINDOW_SIZE)
+					m_WindowSize++; // slow start
+				else
+				{
+					// linear growth
+					if (ts > m_LastWindowSizeIncreaseTime + m_RTT)
+					{
+						m_WindowSize++;
+						if (m_WindowSize > MAX_WINDOW_SIZE) m_WindowSize = MAX_WINDOW_SIZE;
+						m_LastWindowSizeIncreaseTime = ts;
+					}
+				}
 			}
 			else
 				break;
 		}
 		if (m_SentPackets.empty ())
 			m_ResendTimer.cancel ();
+		if (acknowledged)
+		{
+			m_NumResendAttempts = 0;
+			SendBuffer ();
+		}	
+		if (m_Status == eStreamStatusClosing)
+			Close (); // all outgoing messages have been sent
 	}		
 		
 	size_t Stream::Send (const uint8_t * buf, size_t len)
 	{
-		bool isNoAck = m_LastReceivedSequenceNumber < 0; // first packet
-		while (!m_IsOpen || len > 0)
+		if (len > 0 && buf)
 		{
-			Packet * p = new Packet ();
-			uint8_t * packet = p->GetBuffer ();
-			// TODO: implement setters
-			size_t size = 0;
-			*(uint32_t *)(packet + size) = htobe32 (m_SendStreamID);
-			size += 4; // sendStreamID
-			*(uint32_t *)(packet + size) = htobe32 (m_RecvStreamID);
-			size += 4; // receiveStreamID
-			*(uint32_t *)(packet + size) = htobe32 (m_SequenceNumber++);
-			size += 4; // sequenceNum
-			if (isNoAck)			
-				*(uint32_t *)(packet + size) = htobe32 (m_LastReceivedSequenceNumber);
-			else
-				*(uint32_t *)(packet + size) = 0;
-			size += 4; // ack Through
-			packet[size] = 0; 
-			size++; // NACK count
-			size++; // resend delay
-			if (!m_IsOpen)
-			{	
-				//  initial packet
-				m_IsOpen = true; m_IsReset = false;
-				uint16_t flags = PACKET_FLAG_SYNCHRONIZE | PACKET_FLAG_FROM_INCLUDED | 
-					PACKET_FLAG_SIGNATURE_INCLUDED | PACKET_FLAG_MAX_PACKET_SIZE_INCLUDED;
-				if (isNoAck) flags |= PACKET_FLAG_NO_ACK;
-				*(uint16_t *)(packet + size) = htobe16 (flags);
-				size += 2; // flags
-				size_t identityLen = m_LocalDestination.GetOwner ().GetIdentity ().GetFullLen ();
-				size_t signatureLen = m_LocalDestination.GetOwner ().GetIdentity ().GetSignatureLen ();
-				*(uint16_t *)(packet + size) = htobe16 (identityLen + signatureLen + 2); // identity + signature + packet size
-				size += 2; // options size
-				m_LocalDestination.GetOwner ().GetIdentity ().ToBuffer (packet + size, identityLen); 
-				size += identityLen; // from
-				*(uint16_t *)(packet + size) = htobe16 (STREAMING_MTU);
-				size += 2; // max packet size
-				uint8_t * signature = packet + size; // set it later
-				memset (signature, 0, signatureLen); // zeroes for now
-				size += signatureLen; // signature
-				size_t sentLen = STREAMING_MTU - size;
-				if (len < sentLen) sentLen = len;		
-				memcpy (packet + size, buf, sentLen); 
-				buf += sentLen;
-				len -= sentLen;
-				size += sentLen; // payload
-				m_LocalDestination.GetOwner ().Sign (packet, size, signature);
-			}	
-			else
-			{
-				// follow on packet
-				*(uint16_t *)(packet + size) = 0;
-				size += 2; // flags
-				*(uint16_t *)(packet + size) = 0; // no options
-				size += 2; // options size
-				size_t sentLen = STREAMING_MTU - size;
-				if (len < sentLen) sentLen = len;		
-				memcpy (packet + size, buf, sentLen); 
-				buf += sentLen;
-				len -= sentLen;
-				size += sentLen; // payload
-			}	
-			p->len = size;
-			m_Service.post (boost::bind (&Stream::SendPacket, this, p));
-		}
-
+			std::unique_lock<std::mutex> l(m_SendBufferMutex);
+			m_SendBuffer.clear ();
+			m_SendBuffer.write ((const char *)buf, len);
+		}	
+		m_Service.post (std::bind (&Stream::SendBuffer, shared_from_this ()));
 		return len;
 	}	
 
+	void Stream::SendBuffer ()
+	{	
+		int numMsgs = m_WindowSize - m_SentPackets.size ();
+		if (numMsgs <= 0) return; // window is full 
+		
+		bool isNoAck = m_LastReceivedSequenceNumber < 0; // first packet
+		std::vector<Packet *> packets;
+		{
+			std::unique_lock<std::mutex> l(m_SendBufferMutex);
+			while ((m_Status == eStreamStatusNew) || (IsEstablished () && !m_SendBuffer.eof () && numMsgs > 0))
+			{
+				Packet * p = new Packet ();
+				uint8_t * packet = p->GetBuffer ();
+				// TODO: implement setters
+				size_t size = 0;
+				htobe32buf (packet + size, m_SendStreamID);
+				size += 4; // sendStreamID
+				htobe32buf (packet + size, m_RecvStreamID);
+				size += 4; // receiveStreamID
+				htobe32buf (packet + size, m_SequenceNumber++);
+				size += 4; // sequenceNum
+				if (isNoAck)			
+					htobe32buf (packet + size, m_LastReceivedSequenceNumber);
+				else
+					htobuf32 (packet + size, 0);
+				size += 4; // ack Through
+				packet[size] = 0; 
+				size++; // NACK count
+				packet[size] = m_RTO/1000;
+				size++; // resend delay
+				if (m_Status == eStreamStatusNew)
+				{	
+					//  initial packet
+					m_Status = eStreamStatusOpen;
+					uint16_t flags = PACKET_FLAG_SYNCHRONIZE | PACKET_FLAG_FROM_INCLUDED | 
+						PACKET_FLAG_SIGNATURE_INCLUDED | PACKET_FLAG_MAX_PACKET_SIZE_INCLUDED;
+					if (isNoAck) flags |= PACKET_FLAG_NO_ACK;
+					htobe16buf (packet + size, flags);
+					size += 2; // flags
+					size_t identityLen = m_LocalDestination.GetOwner ().GetIdentity ().GetFullLen ();
+					size_t signatureLen = m_LocalDestination.GetOwner ().GetIdentity ().GetSignatureLen ();
+					htobe16buf (packet + size, identityLen + signatureLen + 2); // identity + signature + packet size
+					size += 2; // options size
+					m_LocalDestination.GetOwner ().GetIdentity ().ToBuffer (packet + size, identityLen); 
+					size += identityLen; // from
+					htobe16buf (packet + size, STREAMING_MTU);
+					size += 2; // max packet size
+					uint8_t * signature = packet + size; // set it later
+					memset (signature, 0, signatureLen); // zeroes for now
+					size += signatureLen; // signature
+					m_SendBuffer.read ((char *)(packet + size), STREAMING_MTU - size);
+					size += m_SendBuffer.gcount (); // payload
+					m_LocalDestination.GetOwner ().Sign (packet, size, signature);
+				}	
+				else
+				{
+					// follow on packet
+					htobuf16 (packet + size, 0);
+					size += 2; // flags
+					htobuf16 (packet + size, 0); // no options
+					size += 2; // options size
+					m_SendBuffer.read((char *)(packet + size), STREAMING_MTU - size);  
+					size += m_SendBuffer.gcount (); // payload
+				}	
+				p->len = size;
+				packets.push_back (p);
+				numMsgs--;
+			}
+		}	
+		if (packets.size () > 0)
+		{
+			m_IsAckSendScheduled = false;	
+			m_AckSendTimer.cancel ();
+			bool isEmpty = m_SentPackets.empty ();
+			auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+			for (auto it: packets)
+			{
+				it->sendTime = ts;
+				m_SentPackets.insert (it);
+			}
+			SendPackets (packets);
+			if (m_Status == eStreamStatusClosing && m_SendBuffer.eof ())
+				SendClose ();
+			if (isEmpty)
+				ScheduleResend ();
+		}	
+	}
 		
 	void Stream::SendQuickAck ()
 	{
+		int32_t lastReceivedSeqn = m_LastReceivedSequenceNumber;
+		if (!m_SavedPackets.empty ())
+		{
+			int32_t seqn = (*m_SavedPackets.rbegin ())->GetSeqn ();
+			if (seqn > lastReceivedSeqn) lastReceivedSeqn = seqn;
+		}	
+		if (lastReceivedSeqn < 0) 
+		{	
+			LogPrint (eLogError, "No packets have been received yet");
+			return;
+		}
+		
 		Packet p;
 		uint8_t * packet = p.GetBuffer ();	
 		size_t size = 0;
-		*(uint32_t *)(packet + size) = htobe32 (m_SendStreamID);
+		htobe32buf (packet + size, m_SendStreamID);
 		size += 4; // sendStreamID
-		*(uint32_t *)(packet + size) = htobe32 (m_RecvStreamID);
+		htobe32buf (packet + size, m_RecvStreamID);
 		size += 4; // receiveStreamID
-		*(uint32_t *)(packet + size) = 0; // this is plain Ack message
+		htobuf32 (packet + size, 0); // this is plain Ack message
 		size += 4; // sequenceNum
-		*(uint32_t *)(packet + size) = htobe32 (m_LastReceivedSequenceNumber);
+		htobe32buf (packet + size, lastReceivedSeqn);
 		size += 4; // ack Through
-		packet[size] = 0; 
-		size++; // NACK count
+		uint8_t numNacks = 0;
+		if (lastReceivedSeqn > m_LastReceivedSequenceNumber) 
+		{	
+			// fill NACKs
+			uint8_t * nacks = packet + size + 1;
+			auto nextSeqn = m_LastReceivedSequenceNumber + 1;
+			for (auto it: m_SavedPackets)
+			{
+				auto seqn = it->GetSeqn ();
+				if (numNacks + (seqn - nextSeqn) >= 256)
+				{
+					LogPrint (eLogError, "Number of NACKs exceeds 256. seqn=", seqn, " nextSeqn=", nextSeqn);
+					htobe32buf (packet + 12, nextSeqn); // change ack Through
+					break;
+				}	
+				for (uint32_t i = nextSeqn; i < seqn; i++)
+				{
+					htobe32buf (nacks, i);
+					nacks += 4;
+					numNacks++;
+				}	
+				nextSeqn = seqn + 1;
+			}
+			packet[size] = numNacks; 
+			size++; // NACK count	
+			size += numNacks*4; // NACKs
+		}	
+		else
+		{
+			// No NACKs
+			packet[size] = 0; 
+			size++; // NACK count		
+		}	
 		size++; // resend delay
-		*(uint16_t *)(packet + size) = 0; // nof flags set
+		htobuf16 (packet + size, 0); // nof flags set
 		size += 2; // flags
-		*(uint16_t *)(packet + size) = 0; // no options
+		htobuf16 (packet + size, 0); // no options
 		size += 2; // options size
 		p.len = size;		
 
 		SendPackets (std::vector<Packet *> { &p });
-		LogPrint ("Quick Ack sent");
+		LogPrint ("Quick Ack sent. ", (int)numNacks, " NACKs");
 	}	
 
 	void Stream::Close ()
 	{
-		if (m_IsOpen)
-		{	
-			m_IsOpen = false;
-			Packet * p = new Packet ();
-			uint8_t * packet = p->GetBuffer ();
-			size_t size = 0;
-			*(uint32_t *)(packet + size) = htobe32 (m_SendStreamID);
-			size += 4; // sendStreamID
-			*(uint32_t *)(packet + size) = htobe32 (m_RecvStreamID);
-			size += 4; // receiveStreamID
-			*(uint32_t *)(packet + size) = htobe32 (m_SequenceNumber++);
-			size += 4; // sequenceNum
-			*(uint32_t *)(packet + size) = htobe32 (m_LastReceivedSequenceNumber);
-			size += 4; // ack Through
-			packet[size] = 0; 
-			size++; // NACK count
-			size++; // resend delay
-			*(uint16_t *)(packet + size) = htobe16 (PACKET_FLAG_CLOSE | PACKET_FLAG_SIGNATURE_INCLUDED);
-			size += 2; // flags
-			size_t signatureLen = m_LocalDestination.GetOwner ().GetIdentity ().GetSignatureLen ();
-			*(uint16_t *)(packet + size) = htobe16 (signatureLen); // signature only
-			size += 2; // options size
-			uint8_t * signature = packet + size;
-			memset (packet + size, 0, signatureLen);
-			size += signatureLen; // signature
-			m_LocalDestination.GetOwner ().Sign (packet, size, signature);
-			
-			p->len = size;
-			SendPacket (p);
-			LogPrint ("FIN sent");
-		}	
+		switch (m_Status)
+		{
+			case eStreamStatusOpen:
+				m_Status = eStreamStatusClosing;
+				Close (); // recursion
+				if (m_Status == eStreamStatusClosing) //still closing
+					LogPrint (eLogInfo, "Trying to send stream data before closing");
+			break;
+			case eStreamStatusReset:
+				SendClose ();
+				Terminate ();
+				m_LocalDestination.DeleteStream (shared_from_this ());	
+			break;
+			case eStreamStatusClosing:
+				if (m_SentPackets.empty () && m_SendBuffer.eof ()) // nothing to send
+				{
+					m_Status = eStreamStatusClosed;
+					SendClose ();
+					Terminate ();
+					m_LocalDestination.DeleteStream (shared_from_this ());	
+				}
+			break;
+			case eStreamStatusClosed:
+				// already closed
+				Terminate ();
+				m_LocalDestination.DeleteStream (shared_from_this ());		
+			break;				
+			default:
+				LogPrint (eLogWarning, "Unexpected stream status ", (int)m_Status);
+		};			
 	}
 
+	void Stream::SendClose ()
+	{
+		Packet * p = new Packet ();
+		uint8_t * packet = p->GetBuffer ();
+		size_t size = 0;
+		htobe32buf (packet + size, m_SendStreamID);
+		size += 4; // sendStreamID
+		htobe32buf (packet + size, m_RecvStreamID);
+		size += 4; // receiveStreamID
+		htobe32buf (packet + size, m_SequenceNumber++);
+		size += 4; // sequenceNum
+		htobe32buf (packet + size, m_LastReceivedSequenceNumber);
+		size += 4; // ack Through
+		packet[size] = 0; 
+		size++; // NACK count
+		size++; // resend delay
+		htobe16buf (packet + size, PACKET_FLAG_CLOSE | PACKET_FLAG_SIGNATURE_INCLUDED);
+		size += 2; // flags
+		size_t signatureLen = m_LocalDestination.GetOwner ().GetIdentity ().GetSignatureLen ();
+		htobe16buf (packet + size, signatureLen); // signature only
+		size += 2; // options size
+		uint8_t * signature = packet + size;
+		memset (packet + size, 0, signatureLen);
+		size += signatureLen; // signature
+		m_LocalDestination.GetOwner ().Sign (packet, size, signature);
+		
+		p->len = size;
+		m_Service.post (std::bind (&Stream::SendPacket, shared_from_this (), p));
+		LogPrint ("FIN sent");
+	}	
+		
 	size_t Stream::ConcatenatePackets (uint8_t * buf, size_t len)
 	{
 		size_t pos = 0;
@@ -406,7 +550,7 @@ namespace stream
 				m_AckSendTimer.cancel ();
 			}
 			SendPackets (std::vector<Packet *> { packet });
-			if (m_IsOpen)
+			if (m_Status == eStreamStatusOpen)
 			{	
 				bool isEmpty = m_SentPackets.empty ();
 				m_SentPackets.insert (packet);
@@ -420,7 +564,7 @@ namespace stream
 		else
 			return false;
 	}	
-	
+		
 	void Stream::SendPackets (const std::vector<Packet *>& packets)
 	{
 		if (!m_RemoteLeaseSet)
@@ -428,13 +572,20 @@ namespace stream
 			UpdateCurrentRemoteLease ();	
 			if (!m_RemoteLeaseSet)
 			{
-				LogPrint ("Can't send packets. Missing remote LeaseSet");
+				LogPrint (eLogError, "Can't send packets. Missing remote LeaseSet");
 				return;
 			}
 		}
+		if (!m_CurrentOutboundTunnel || !m_CurrentOutboundTunnel->IsEstablished ())
+			m_CurrentOutboundTunnel = m_LocalDestination.GetOwner ().GetTunnelPool ()->GetNextOutboundTunnel ();
+		if (!m_CurrentOutboundTunnel)
+		{
+			LogPrint (eLogError, "No outbound tunnels in the pool");
+			return;
+		}
 
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
-		if (ts >= m_CurrentRemoteLease.endDate)
+		if (ts >= m_CurrentRemoteLease.endDate - i2p::tunnel::TUNNEL_EXPIRATION_THRESHOLD*1000)
 			UpdateCurrentRemoteLease ();
 		if (ts < m_CurrentRemoteLease.endDate)
 		{	
@@ -443,49 +594,76 @@ namespace stream
 			{ 
 				auto msg = m_RoutingSession->WrapSingleMessage (CreateDataMessage (it->GetBuffer (), it->GetLength ()));
 				msgs.push_back (i2p::tunnel::TunnelMessageBlock 
-							{ 
-								i2p::tunnel::eDeliveryTypeTunnel,
-								m_CurrentRemoteLease.tunnelGateway, m_CurrentRemoteLease.tunnelID,
-								msg
-							});	
+					{ 
+						i2p::tunnel::eDeliveryTypeTunnel,
+						m_CurrentRemoteLease.tunnelGateway, m_CurrentRemoteLease.tunnelID,
+						msg
+					});	
 				m_NumSentBytes += it->GetLength ();
 			}
-			m_LocalDestination.GetOwner ().SendTunnelDataMsgs (msgs);
+			m_CurrentOutboundTunnel->SendTunnelDataMsg (msgs);
 		}	
 		else
-			LogPrint ("All leases are expired");
+			LogPrint (eLogWarning, "All leases are expired");
 	}
 
+		
 	void Stream::ScheduleResend ()
 	{
 		m_ResendTimer.cancel ();
-		m_ResendTimer.expires_from_now (boost::posix_time::seconds(RESEND_TIMEOUT));
-		m_ResendTimer.async_wait (boost::bind (&Stream::HandleResendTimer,
-			this, boost::asio::placeholders::error));
+		m_ResendTimer.expires_from_now (boost::posix_time::milliseconds(m_RTO));
+		m_ResendTimer.async_wait (std::bind (&Stream::HandleResendTimer,
+			shared_from_this (), std::placeholders::_1));
 	}
 		
 	void Stream::HandleResendTimer (const boost::system::error_code& ecode)
 	{
-		if (ecode != boost::asio::error::operation_aborted)
+		if (ecode != boost::asio::error::operation_aborted) 
 		{	
+			// check for resend attempts
+			if (m_NumResendAttempts >= MAX_NUM_RESEND_ATTEMPTS)
+			{
+				LogPrint (eLogWarning, "Stream packet was not ACKed after ", MAX_NUM_RESEND_ATTEMPTS,  " attempts. Terminate");
+				m_Status = eStreamStatusReset;
+				Close ();
+				return;
+			}	
+
+			// collect packets to resend
+			auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 			std::vector<Packet *> packets;
 			for (auto it : m_SentPackets)
 			{
-				it->numResendAttempts++;
-				if (it->numResendAttempts <= MAX_NUM_RESEND_ATTEMPTS)
-					packets.push_back (it);
-				else
+				if (ts >= it->sendTime + m_RTO)
 				{
-					Close ();
-					m_IsReset = true;
-					m_ReceiveTimer.cancel ();
-					return;
-				}	
+					it->sendTime = ts;
+					packets.push_back (it);
+				}					
 			}	
+
+			// select tunnels if necessary and send
 			if (packets.size () > 0)
 			{
-				m_LocalDestination.GetOwner ().ResetCurrentOutboundTunnel (); // pick another outbound tunnel 
-				UpdateCurrentRemoteLease (); // pick another lease
+				m_NumResendAttempts++;
+				switch (m_NumResendAttempts)
+				{	
+					case 1: // congesion avoidance
+						m_WindowSize /= 2;
+						if (m_WindowSize < MIN_WINDOW_SIZE) m_WindowSize = MIN_WINDOW_SIZE;
+					break;
+					case 2:
+					case 4:	
+						UpdateCurrentRemoteLease (); // pick another lease
+						m_RTO = INITIAL_RTO; // drop RTO to initial upon tunnels pair change
+						LogPrint (eLogWarning, "Another remote lease has been selected for stream");
+					break;	
+					case 3:
+						// pick another outbound tunnel 
+						m_CurrentOutboundTunnel = m_LocalDestination.GetOwner ().GetTunnelPool ()->GetNextOutboundTunnel (m_CurrentOutboundTunnel); 
+						LogPrint (eLogWarning, "Another outbound tunnel has been selected for stream");
+					break;
+					default: ;	
+				}	
 				SendPackets (packets);
 			}	
 			ScheduleResend ();
@@ -496,7 +674,14 @@ namespace stream
 	{
 		if (m_IsAckSendScheduled)
 		{
-			if (m_IsOpen)
+			if (m_LastReceivedSequenceNumber < 0)
+			{
+				LogPrint (eLogWarning, "SYN has not been recived after ", ACK_SEND_TIMEOUT, " milliseconds after follow on. Terminate");
+				m_Status = eStreamStatusReset;
+				Close ();
+				return;
+			}	
+			if (m_Status == eStreamStatusOpen)
 				SendQuickAck ();
 			m_IsAckSendScheduled = false;
 		}	
@@ -513,17 +698,26 @@ namespace stream
 		if (m_RemoteLeaseSet)
 		{
 			if (!m_RoutingSession)
-				m_RoutingSession = m_LocalDestination.GetOwner ().GetRoutingSession (*m_RemoteLeaseSet, 32);
-			auto leases = m_RemoteLeaseSet->GetNonExpiredLeases ();
+				m_RoutingSession = m_LocalDestination.GetOwner ().GetRoutingSession (m_RemoteLeaseSet, 32);
+			auto leases = m_RemoteLeaseSet->GetNonExpiredLeases (false); // try without threshold first
+			if (leases.empty ())
+			{
+				m_LocalDestination.GetOwner ().RequestDestination (m_RemoteIdentity.GetIdentHash ()); // time to re-request
+				leases = m_RemoteLeaseSet->GetNonExpiredLeases (true); // then with threshold
+			}
 			if (!leases.empty ())
 			{	
 				uint32_t i = i2p::context.GetRandomNumberGenerator ().GenerateWord32 (0, leases.size () - 1);
-				m_CurrentRemoteLease = leases[i];
+				if (m_CurrentRemoteLease.endDate && leases[i].tunnelID == m_CurrentRemoteLease.tunnelID)
+					// make sure we don't select previous 	
+					i = (i + 1) % leases.size (); // if so, pick next
+				m_CurrentRemoteLease = leases[i];		
 			}	
 			else
 			{	
-				m_RemoteLeaseSet = m_LocalDestination.GetOwner ().FindLeaseSet (m_RemoteIdentity.GetIdentHash ()); // re-request expired
+				m_RemoteLeaseSet = nullptr;
 				m_CurrentRemoteLease.endDate = 0;
+				// re-request expired
 			}	
 		}
 		else
@@ -542,11 +736,11 @@ namespace stream
 		compressor.MessageEnd();
 		int size = compressor.MaxRetrievable ();
 		uint8_t * buf = msg->GetPayload ();
-		*(uint32_t *)buf = htobe32 (size); // length
+		htobe32buf (buf, size); // length
 		buf += 4;
 		compressor.Get (buf, size);
-		*(uint16_t *)(buf + 4) = 0; // source port
-		*(uint16_t *)(buf + 6) = htobe16 (m_Port); // destination port 
+		htobe16buf (buf + 4, m_LocalDestination.GetLocalPort ()); // source port
+		htobe16buf (buf + 6, m_Port); // destination port 
 		buf[9] = i2p::client::PROTOCOL_TYPE_STREAMING; // streaming protocol
 		msg->len += size + 4; 
 		FillI2NPMessageHeader (msg, eI2NPData);
@@ -563,12 +757,10 @@ namespace stream
 		ResetAcceptor ();
 		{
 			std::unique_lock<std::mutex> l(m_StreamsMutex);
-			for (auto it: m_Streams)
-				delete it.second;	
 			m_Streams.clear ();
 		}	
 	}	
-
+		
 	void StreamingDestination::HandleNextPacket (Packet * packet)
 	{
 		uint32_t sendStreamID = packet->GetSendStreamID ();
@@ -579,54 +771,65 @@ namespace stream
 				it->second->HandleNextPacket (packet);
 			else
 			{	
-				LogPrint ("Unknown stream ", sendStreamID);
+				LogPrint ("Unknown stream sendStreamID=", sendStreamID);
 				delete packet;
 			}
 		}	
-		else // new incoming stream
+		else 
 		{
-			auto incomingStream = CreateNewIncomingStream ();
-			incomingStream->HandleNextPacket (packet);
-			if (m_Acceptor != nullptr)
-				m_Acceptor (incomingStream);
-			else
+			if (packet->IsSYN () && !packet->GetSeqn ()) // new incoming stream
+			{	
+				auto incomingStream = CreateNewIncomingStream ();
+				incomingStream->HandleNextPacket (packet);
+				if (m_Acceptor != nullptr)
+					m_Acceptor (incomingStream);
+				else
+				{
+					LogPrint ("Acceptor for incoming stream is not set");
+					DeleteStream (incomingStream);
+				}	
+			}	
+			else // follow on packet without SYN
 			{
-				LogPrint ("Acceptor for incoming stream is not set");
-				DeleteStream (incomingStream);
-			}
+				uint32_t receiveStreamID = packet->GetReceiveStreamID ();
+				for (auto it: m_Streams)
+					if (it.second->GetSendStreamID () == receiveStreamID)
+					{
+						// found
+						it.second->HandleNextPacket (packet);
+						return;
+					}
+				// TODO: should queue it up
+				LogPrint ("Unknown stream receiveStreamID=", receiveStreamID);
+				delete packet;
+			}	
 		}	
 	}	
 
-	Stream * StreamingDestination::CreateNewOutgoingStream (const i2p::data::LeaseSet& remote, int port)
+	std::shared_ptr<Stream> StreamingDestination::CreateNewOutgoingStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port)
 	{
-		Stream * s = new Stream (*m_Owner.GetService (), *this, remote, port);
+		auto s = std::make_shared<Stream> (m_Owner.GetService (), *this, remote, port);
 		std::unique_lock<std::mutex> l(m_StreamsMutex);
 		m_Streams[s->GetRecvStreamID ()] = s;
 		return s;
 	}	
 
-	Stream * StreamingDestination::CreateNewIncomingStream ()
+	std::shared_ptr<Stream> StreamingDestination::CreateNewIncomingStream ()
 	{
-		Stream * s = new Stream (*m_Owner.GetService (), *this);
+		auto s = std::make_shared<Stream> (m_Owner.GetService (), *this);
 		std::unique_lock<std::mutex> l(m_StreamsMutex);
 		m_Streams[s->GetRecvStreamID ()] = s;
 		return s;
 	}
 
-	void StreamingDestination::DeleteStream (Stream * stream)
+	void StreamingDestination::DeleteStream (std::shared_ptr<Stream> stream)
 	{
 		if (stream)
 		{	
 			std::unique_lock<std::mutex> l(m_StreamsMutex);
 			auto it = m_Streams.find (stream->GetRecvStreamID ());
 			if (it != m_Streams.end ())
-			{	
 				m_Streams.erase (it);
-				if (m_Owner.GetService ())
-					m_Owner.GetService ()->post ([stream](void) { delete stream; }); 
-				else
-					delete stream;
-			}	
 		}	
 	}		
 
@@ -650,11 +853,5 @@ namespace stream
 			delete uncompressed;
 		}	
 	}
-
-	void DeleteStream (Stream * stream)
-	{
-		if (stream)
-			stream->GetLocalDestination ().DeleteStream (stream);
-	}
 }		
 }	

Streaming.h

@@ -3,12 +3,14 @@
 
 #include <inttypes.h>
 #include <string>
+#include <sstream>
 #include <map>
 #include <set>
 #include <queue>
 #include <functional>
+#include <memory>
+#include <mutex>
 #include <boost/asio.hpp>
-#include <boost/bind.hpp>
 #include "I2PEndian.h"
 #include "Identity.h"
 #include "LeaseSet.h"
@@ -39,29 +41,33 @@ namespace stream
 	const size_t STREAMING_MTU = 1730;
 	const size_t MAX_PACKET_SIZE = 4096;
 	const size_t COMPRESSION_THRESHOLD_SIZE = 66;	
-	const int RESEND_TIMEOUT = 10; // in seconds
 	const int ACK_SEND_TIMEOUT = 200; // in milliseconds
-	const int MAX_NUM_RESEND_ATTEMPTS = 5;	
+	const int MAX_NUM_RESEND_ATTEMPTS = 6;	
+	const int WINDOW_SIZE = 6; // in messages
+	const int MIN_WINDOW_SIZE = 1;
+	const int MAX_WINDOW_SIZE = 128;		
+	const int INITIAL_RTT = 8000; // in milliseconds
+	const int INITIAL_RTO = 9000; // in milliseconds
 	
 	struct Packet
 	{
-		uint8_t buf[MAX_PACKET_SIZE];	
 		size_t len, offset;
-		int numResendAttempts;
+		uint8_t buf[MAX_PACKET_SIZE];	
+		uint64_t sendTime;
 		
-		Packet (): len (0), offset (0), numResendAttempts (0) {};
+		Packet (): len (0), offset (0), sendTime (0) {};
 		uint8_t * GetBuffer () { return buf + offset; };
 		size_t GetLength () const { return len - offset; };
 
-		uint32_t GetSendStreamID () const { return be32toh (*(uint32_t *)buf); };
-		uint32_t GetReceiveStreamID () const { return be32toh (*(uint32_t *)(buf + 4)); };
-		uint32_t GetSeqn () const { return be32toh (*(uint32_t *)(buf + 8)); };
-		uint32_t GetAckThrough () const { return be32toh (*(uint32_t *)(buf + 12)); };
+		uint32_t GetSendStreamID () const { return bufbe32toh (buf); };
+		uint32_t GetReceiveStreamID () const { return bufbe32toh (buf + 4); };
+		uint32_t GetSeqn () const { return bufbe32toh (buf + 8); };
+		uint32_t GetAckThrough () const { return bufbe32toh (buf + 12); };
 		uint8_t GetNACKCount () const { return buf[16]; };
-		uint32_t GetNACK (int i) const { return be32toh (((uint32_t *)(buf + 17))[i]); };
+		uint32_t GetNACK (int i) const { return bufbe32toh (buf + 17 + 4 * i); };
 		const uint8_t * GetOption () const { return buf + 17 + GetNACKCount ()*4 + 3; }; // 3 = resendDelay + flags
-		uint16_t GetFlags () const { return be16toh (*(uint16_t *)(GetOption () - 2)); };
-		uint16_t GetOptionSize () const { return be16toh (*(uint16_t *)GetOption ()); };
+		uint16_t GetFlags () const { return bufbe16toh (GetOption () - 2); };
+		uint16_t GetOptionSize () const { return bufbe16toh (GetOption ()); };
 		const uint8_t * GetOptionData () const { return GetOption () + 2; };
 		const uint8_t * GetPayload () const { return GetOptionData () + GetOptionSize (); };
 
@@ -76,22 +82,31 @@ namespace stream
 			return p1->GetSeqn () < p2->GetSeqn (); 
 		};
 	};	
+
+	enum StreamStatus
+	{
+		eStreamStatusNew,
+		eStreamStatusOpen,
+		eStreamStatusReset,
+		eStreamStatusClosing,
+		eStreamStatusClosed
+	};	
 	
 	class StreamingDestination;
-	class Stream
+	class Stream: public std::enable_shared_from_this<Stream>
 	{	
 		public:
 
 			Stream (boost::asio::io_service& service, StreamingDestination& local, 
-				const i2p::data::LeaseSet& remote, int port = 0); // outgoing
+				std::shared_ptr<const i2p::data::LeaseSet> remote, int port = 0); // outgoing
 			Stream (boost::asio::io_service& service, StreamingDestination& local); // incoming			
 
 			~Stream ();
 			uint32_t GetSendStreamID () const { return m_SendStreamID; };
 			uint32_t GetRecvStreamID () const { return m_RecvStreamID; };
-			const i2p::data::LeaseSet * GetRemoteLeaseSet () const { return m_RemoteLeaseSet; };
+			std::shared_ptr<const i2p::data::LeaseSet> GetRemoteLeaseSet () const { return m_RemoteLeaseSet; };
 			const i2p::data::IdentityEx& GetRemoteIdentity () const { return m_RemoteIdentity; };
-			bool IsOpen () const { return m_IsOpen; };
+			bool IsOpen () const { return m_Status ==  eStreamStatusOpen; };
 			bool IsEstablished () const { return m_SendStreamID; };
 			StreamingDestination& GetLocalDestination () { return m_LocalDestination; };
 			
@@ -100,17 +115,26 @@ namespace stream
 			
 			template<typename Buffer, typename ReceiveHandler>
 			void AsyncReceive (const Buffer& buffer, ReceiveHandler handler, int timeout = 0);
-
+			size_t ReadSome (uint8_t * buf, size_t len) { return ConcatenatePackets (buf, len); };
+			
 			void Close ();
+			void Cancel () { m_ReceiveTimer.cancel (); };
 
 			size_t GetNumSentBytes () const { return m_NumSentBytes; };
 			size_t GetNumReceivedBytes () const { return m_NumReceivedBytes; };
 			size_t GetSendQueueSize () const { return m_SentPackets.size (); };
 			size_t GetReceiveQueueSize () const { return m_ReceiveQueue.size (); };
+			size_t GetSendBufferSize () const { return m_SendBuffer.rdbuf ()->in_avail (); };
+			int GetWindowSize () const { return m_WindowSize; };
+			int GetRTT () const { return m_RTT; };
 			
 		private:
 
+			void Terminate ();
+
+			void SendBuffer ();
 			void SendQuickAck ();
+			void SendClose ();
 			bool SendPacket (Packet * packet);
 			void SendPackets (const std::vector<Packet *>& packets);
 
@@ -123,7 +147,7 @@ namespace stream
 			
 			template<typename Buffer, typename ReceiveHandler>
 			void HandleReceiveTimer (const boost::system::error_code& ecode, const Buffer& buffer, ReceiveHandler handler);
-
+			
 			void ScheduleResend ();
 			void HandleResendTimer (const boost::system::error_code& ecode);
 			void HandleAckSendTimer (const boost::system::error_code& ecode);
@@ -135,50 +159,63 @@ namespace stream
 			boost::asio::io_service& m_Service;
 			uint32_t m_SendStreamID, m_RecvStreamID, m_SequenceNumber;
 			int32_t m_LastReceivedSequenceNumber;
-			bool m_IsOpen, m_IsReset, m_IsAckSendScheduled;
+			StreamStatus m_Status;
+			bool m_IsAckSendScheduled;
 			StreamingDestination& m_LocalDestination;
 			i2p::data::IdentityEx m_RemoteIdentity;
-			const i2p::data::LeaseSet * m_RemoteLeaseSet;
-			i2p::garlic::GarlicRoutingSession * m_RoutingSession;
+			std::shared_ptr<const i2p::data::LeaseSet> m_RemoteLeaseSet;
+			std::shared_ptr<i2p::garlic::GarlicRoutingSession> m_RoutingSession;
 			i2p::data::Lease m_CurrentRemoteLease;
+			std::shared_ptr<i2p::tunnel::OutboundTunnel> m_CurrentOutboundTunnel;
 			std::queue<Packet *> m_ReceiveQueue;
 			std::set<Packet *, PacketCmp> m_SavedPackets;
 			std::set<Packet *, PacketCmp> m_SentPackets;
 			boost::asio::deadline_timer m_ReceiveTimer, m_ResendTimer, m_AckSendTimer;
 			size_t m_NumSentBytes, m_NumReceivedBytes;
 			uint16_t m_Port;
+
+			std::mutex m_SendBufferMutex;
+			std::stringstream m_SendBuffer;
+			int m_WindowSize, m_RTT, m_RTO;
+			uint64_t m_LastWindowSizeIncreaseTime;
+			int m_NumResendAttempts;
 	};
 
 	class StreamingDestination
 	{
 		public:
 
-			StreamingDestination (i2p::client::ClientDestination& owner): m_Owner (owner) {};
+			typedef std::function<void (std::shared_ptr<Stream>)> Acceptor;
+
+			StreamingDestination (i2p::client::ClientDestination& owner, uint16_t localPort = 0): 
+				m_Owner (owner), m_LocalPort (localPort) {};
 			~StreamingDestination () {};	
 
 			void Start ();
 			void Stop ();
 
-			Stream * CreateNewOutgoingStream (const i2p::data::LeaseSet& remote, int port = 0);
-			void DeleteStream (Stream * stream);			
-			void SetAcceptor (const std::function<void (Stream *)>& acceptor) { m_Acceptor = acceptor; };
-			void ResetAcceptor () { m_Acceptor = nullptr; };
+			std::shared_ptr<Stream> CreateNewOutgoingStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port = 0);
+			void DeleteStream (std::shared_ptr<Stream> stream);			
+			void SetAcceptor (const Acceptor& acceptor) { m_Acceptor = acceptor; };
+			void ResetAcceptor () { if (m_Acceptor) m_Acceptor (nullptr); m_Acceptor = nullptr; };
 			bool IsAcceptorSet () const { return m_Acceptor != nullptr; };	
 			i2p::client::ClientDestination& GetOwner () { return m_Owner; };
+			uint16_t GetLocalPort () const { return m_LocalPort; };
 
 			void HandleDataMessagePayload (const uint8_t * buf, size_t len);
 
 		private:		
 	
 			void HandleNextPacket (Packet * packet);
-			Stream * CreateNewIncomingStream ();
+			std::shared_ptr<Stream> CreateNewIncomingStream ();
 
 		private:
 
 			i2p::client::ClientDestination& m_Owner;
+			uint16_t m_LocalPort;
 			std::mutex m_StreamsMutex;
-			std::map<uint32_t, Stream *> m_Streams;
-			std::function<void (Stream *)> m_Acceptor;
+			std::map<uint32_t, std::shared_ptr<Stream> > m_Streams;
+			Acceptor m_Acceptor;
 			
 		public:
 
@@ -186,8 +223,6 @@ namespace stream
 			const decltype(m_Streams)& GetStreams () const { return m_Streams; };
 	};		
 
-	void DeleteStream (Stream * stream);
-
 //-------------------------------------------------
 
 	template<typename Buffer, typename ReceiveHandler>
@@ -195,15 +230,17 @@ namespace stream
 	{
 		if (!m_ReceiveQueue.empty ())
 		{
-			m_Service.post ([=](void) { this->HandleReceiveTimer (
+			auto s = shared_from_this();
+			m_Service.post ([=](void) { s->HandleReceiveTimer (
 				boost::asio::error::make_error_code (boost::asio::error::operation_aborted),
 				buffer, handler); });
 		}
 		else
 		{
 			m_ReceiveTimer.expires_from_now (boost::posix_time::seconds(timeout));
+			auto s = shared_from_this();
 			m_ReceiveTimer.async_wait ([=](const boost::system::error_code& ecode)
-				{ this->HandleReceiveTimer (ecode, buffer, handler); });
+				{ s->HandleReceiveTimer (ecode, buffer, handler); });
 		}
 	}
 
@@ -211,16 +248,15 @@ namespace stream
 	void Stream::HandleReceiveTimer (const boost::system::error_code& ecode, const Buffer& buffer, ReceiveHandler handler)
 	{
 		size_t received = ConcatenatePackets (boost::asio::buffer_cast<uint8_t *>(buffer), boost::asio::buffer_size(buffer));
-		if (ecode == boost::asio::error::operation_aborted)
+		if (received > 0)
+			handler (boost::system::error_code (), received);
+		else if (ecode == boost::asio::error::operation_aborted)
 		{	
 			// timeout not expired	
-			if (m_IsOpen)
-				// no error
-				handler (boost::system::error_code (), received); 
+			if (m_Status == eStreamStatusReset)
+				handler (boost::asio::error::make_error_code (boost::asio::error::connection_reset), 0);
 			else
-				// socket closed
-				handler (m_IsReset ? boost::asio::error::make_error_code (boost::asio::error::connection_reset) :
-					boost::asio::error::make_error_code (boost::asio::error::operation_aborted), 0);
+				handler (boost::asio::error::make_error_code (boost::asio::error::operation_aborted), 0); 
 		}	
 		else
 			// timeout expired

TransitTunnel.cpp

@@ -15,7 +15,7 @@ namespace tunnel
 	    const uint8_t * nextIdent, uint32_t nextTunnelID, 
 		const uint8_t * layerKey,const uint8_t * ivKey): 
 			m_TunnelID (receiveTunnelID),  m_NextTunnelID (nextTunnelID), 
-			m_NextIdent (nextIdent), m_NumTransmittedBytes (0)
+			m_NextIdent (nextIdent)
 	{	
 		m_Encryption.SetKeys (layerKey, ivKey);
 	}	
@@ -24,39 +24,65 @@ namespace tunnel
 	{		
 		m_Encryption.Encrypt (tunnelMsg->GetPayload () + 4); 
 	}	
-	
-	void TransitTunnel::HandleTunnelDataMsg (i2p::I2NPMessage * tunnelMsg)
+
+	TransitTunnelParticipant::~TransitTunnelParticipant ()
+	{
+		for (auto it: m_TunnelDataMsgs)
+			i2p::DeleteI2NPMessage (it);
+	}	
+		
+	void TransitTunnelParticipant::HandleTunnelDataMsg (i2p::I2NPMessage * tunnelMsg)
 	{
 		EncryptTunnelMsg (tunnelMsg);
 		
-		LogPrint ("TransitTunnel: ",m_TunnelID,"->", m_NextTunnelID);
 		m_NumTransmittedBytes += tunnelMsg->GetLength ();
-		*(uint32_t *)(tunnelMsg->GetPayload ()) = htobe32 (m_NextTunnelID);
+		htobe32buf (tunnelMsg->GetPayload (), GetNextTunnelID ());
 		FillI2NPMessageHeader (tunnelMsg, eI2NPTunnelData);
-		
-		i2p::transport::transports.SendMessage (m_NextIdent, tunnelMsg);	
+		m_TunnelDataMsgs.push_back (tunnelMsg);
 	}
 
+	void TransitTunnelParticipant::FlushTunnelDataMsgs ()
+	{
+		if (!m_TunnelDataMsgs.empty ())
+		{	
+			LogPrint (eLogDebug, "TransitTunnel: ",GetTunnelID (),"->", GetNextTunnelID (), " ", m_TunnelDataMsgs.size ());
+			i2p::transport::transports.SendMessages (GetNextIdentHash (), m_TunnelDataMsgs);
+			m_TunnelDataMsgs.clear ();
+		}	
+	}	
+		
 	void TransitTunnel::SendTunnelDataMsg (i2p::I2NPMessage * msg)
 	{	
-		LogPrint ("We are not a gateway for transit tunnel ", m_TunnelID);
+		LogPrint (eLogError, "We are not a gateway for transit tunnel ", m_TunnelID);
 		i2p::DeleteI2NPMessage (msg);	
 	}		
 
+	void TransitTunnel::HandleTunnelDataMsg (i2p::I2NPMessage * tunnelMsg)
+	{
+		LogPrint (eLogError, "Incoming tunnel message is not supported  ", m_TunnelID);
+		DeleteI2NPMessage (tunnelMsg);	
+	}	
+		
 	void TransitTunnelGateway::SendTunnelDataMsg (i2p::I2NPMessage * msg)
 	{
 		TunnelMessageBlock block;
 		block.deliveryType = eDeliveryTypeLocal;
 		block.data = msg;
 		std::unique_lock<std::mutex> l(m_SendMutex);
-		m_Gateway.SendTunnelDataMsg (block);
+		m_Gateway.PutTunnelDataMsg (block);
 	}		
 
+	void TransitTunnelGateway::FlushTunnelDataMsgs ()
+	{
+		std::unique_lock<std::mutex> l(m_SendMutex);
+		m_Gateway.SendBuffer ();
+	}	
+		
 	void TransitTunnelEndpoint::HandleTunnelDataMsg (i2p::I2NPMessage * tunnelMsg)
 	{
 		EncryptTunnelMsg (tunnelMsg);
 		
-		LogPrint ("TransitTunnel endpoint for ", GetTunnelID ());
+		LogPrint (eLogDebug, "TransitTunnel endpoint for ", GetTunnelID ());
 		m_Endpoint.HandleDecryptedTunnelDataMsg (tunnelMsg); 
 	}
 		
@@ -67,18 +93,18 @@ namespace tunnel
 	{
 		if (isEndpoint)
 		{	
-			LogPrint ("TransitTunnel endpoint: ", receiveTunnelID, " created");
+			LogPrint (eLogInfo, "TransitTunnel endpoint: ", receiveTunnelID, " created");
 			return new TransitTunnelEndpoint (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey);
 		}	
 		else if (isGateway)
 		{	
-			LogPrint ("TransitTunnel gateway: ", receiveTunnelID, " created");
+			LogPrint (eLogInfo, "TransitTunnel gateway: ", receiveTunnelID, " created");
 			return new TransitTunnelGateway (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey);
 		}	
 		else	
 		{	
-			LogPrint ("TransitTunnel: ", receiveTunnelID, "->", nextTunnelID, " created");
-			return new TransitTunnel (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey);
+			LogPrint (eLogInfo, "TransitTunnel: ", receiveTunnelID, "->", nextTunnelID, " created");
+			return new TransitTunnelParticipant (receiveTunnelID, nextIdent, nextTunnelID, layerKey, ivKey);
 		}	
 	}		
 }

TransitTunnel.h

@@ -2,6 +2,7 @@
 #define TRANSIT_TUNNEL_H__
 
 #include <inttypes.h>
+#include <vector>
 #include <mutex>
 #include "aes.h"
 #include "I2NPProtocol.h"
@@ -13,7 +14,7 @@ namespace i2p
 {
 namespace tunnel
 {	
-	class TransitTunnel: public TunnelBase // tunnel patricipant
+	class TransitTunnel: public TunnelBase 
 	{
 		public:
 
@@ -21,13 +22,13 @@ namespace tunnel
 			    const uint8_t * nextIdent, uint32_t nextTunnelID, 
 	    		const uint8_t * layerKey,const uint8_t * ivKey); 
 			
-			virtual void HandleTunnelDataMsg (i2p::I2NPMessage * tunnelMsg);
-			virtual void SendTunnelDataMsg (i2p::I2NPMessage * msg);
-			virtual size_t GetNumTransmittedBytes () const { return m_NumTransmittedBytes; };
+			virtual size_t GetNumTransmittedBytes () const { return 0; };
 			
 			uint32_t GetTunnelID () const { return m_TunnelID; };
 
 			// implements TunnelBase
+			void SendTunnelDataMsg (i2p::I2NPMessage * msg);
+			void HandleTunnelDataMsg (i2p::I2NPMessage * tunnelMsg);
 			void EncryptTunnelMsg (I2NPMessage * tunnelMsg); 
 			uint32_t GetNextTunnelID () const { return m_NextTunnelID; };
 			const i2p::data::IdentHash& GetNextIdentHash () const { return m_NextIdent; };
@@ -36,11 +37,31 @@ namespace tunnel
 
 			uint32_t m_TunnelID, m_NextTunnelID;
 			i2p::data::IdentHash m_NextIdent;
-			size_t m_NumTransmittedBytes;
 			
 			i2p::crypto::TunnelEncryption m_Encryption;
 	};	
 
+	class TransitTunnelParticipant: public TransitTunnel
+	{
+		public:
+
+			TransitTunnelParticipant (uint32_t receiveTunnelID,
+			    const uint8_t * nextIdent, uint32_t nextTunnelID, 
+	    		const uint8_t * layerKey,const uint8_t * ivKey):
+				TransitTunnel (receiveTunnelID, nextIdent, nextTunnelID, 
+				layerKey, ivKey), m_NumTransmittedBytes (0) {};
+			~TransitTunnelParticipant ();
+
+			size_t GetNumTransmittedBytes () const { return m_NumTransmittedBytes; };
+			void HandleTunnelDataMsg (i2p::I2NPMessage * tunnelMsg);
+			void FlushTunnelDataMsgs ();
+
+		private:
+
+			size_t m_NumTransmittedBytes;
+			std::vector<i2p::I2NPMessage *> m_TunnelDataMsgs;
+	};	
+	
 	class TransitTunnelGateway: public TransitTunnel
 	{
 		public:
@@ -52,6 +73,7 @@ namespace tunnel
 				layerKey, ivKey), m_Gateway(this) {};
 
 			void SendTunnelDataMsg (i2p::I2NPMessage * msg);
+			void FlushTunnelDataMsgs ();
 			size_t GetNumTransmittedBytes () const { return m_Gateway.GetNumSentBytes (); };
 			
 		private:

TransportSession.h

@@ -3,8 +3,11 @@
 
 #include <inttypes.h>
 #include <iostream>
+#include <memory>
+#include <vector>
 #include "Identity.h"
 #include "RouterInfo.h"
+#include "I2NPProtocol.h"
 
 namespace i2p
 {
@@ -51,23 +54,32 @@ namespace transport
 	{
 		public:
 
-			TransportSession (const i2p::data::RouterInfo * in_RemoteRouter): 
-				m_RemoteRouter (in_RemoteRouter), m_DHKeysPair (nullptr) 
+			TransportSession (std::shared_ptr<const i2p::data::RouterInfo> in_RemoteRouter): 
+				m_RemoteRouter (in_RemoteRouter), m_DHKeysPair (nullptr), 
+				m_NumSentBytes (0), m_NumReceivedBytes (0)
 			{
 				if (m_RemoteRouter)
 					m_RemoteIdentity = m_RemoteRouter->GetRouterIdentity ();
 			}
 
 			virtual ~TransportSession () { delete m_DHKeysPair; };
+			virtual void Done () = 0;
 			
-			const i2p::data::RouterInfo * GetRemoteRouter () { return m_RemoteRouter; };
+			std::shared_ptr<const i2p::data::RouterInfo> GetRemoteRouter () { return m_RemoteRouter; };
 			const i2p::data::IdentityEx& GetRemoteIdentity () { return m_RemoteIdentity; };
 
+			size_t GetNumSentBytes () const { return m_NumSentBytes; };
+			size_t GetNumReceivedBytes () const { return m_NumReceivedBytes; };
+			
+			virtual void SendI2NPMessage (I2NPMessage * msg) = 0;
+			virtual void SendI2NPMessages (const std::vector<I2NPMessage *>& msgs) = 0;
+			
 		protected:
 
-			const i2p::data::RouterInfo * m_RemoteRouter;
+			std::shared_ptr<const i2p::data::RouterInfo> m_RemoteRouter;
 			i2p::data::IdentityEx m_RemoteIdentity; 
 			DHKeysPair * m_DHKeysPair; // X - for client and Y - for server
+			size_t m_NumSentBytes, m_NumReceivedBytes;
 	};	
 }
 }

Transports.cpp

@@ -1,5 +1,4 @@
 #include <cryptopp/dh.h>
-#include <boost/bind.hpp>
 #include "Log.h"
 #include "CryptoConst.h"
 #include "RouterContext.h"
@@ -96,8 +95,10 @@ namespace transport
 	Transports transports;	
 	
 	Transports::Transports (): 
-		m_Thread (nullptr), m_Work (m_Service), m_NTCPAcceptor (nullptr), m_NTCPV6Acceptor (nullptr), 
-		m_SSUServer (nullptr), m_DHKeysPairSupplier (5) // 5 pre-generated keys
+		m_IsRunning (false), m_Thread (nullptr), m_Work (m_Service), m_PeerCleanupTimer (m_Service),
+		m_NTCPServer (nullptr), m_SSUServer (nullptr), m_DHKeysPairSupplier (5), // 5 pre-generated keys
+		m_TotalSentBytes(0), m_TotalReceivedBytes(0), m_InBandwidth (0), m_OutBandwidth (0),
+		m_LastInBandwidthUpdateBytes (0), m_LastOutBandwidthUpdateBytes (0), m_LastBandwidthUpdateTime (0)	
 	{		
 	}
 		
@@ -115,31 +116,13 @@ namespace transport
 		auto addresses = context.GetRouterInfo ().GetAddresses ();
 		for (auto& address : addresses)
 		{
-			if (address.transportStyle == RouterInfo::eTransportNTCP && address.host.is_v4 ())
+			if (!m_NTCPServer)
 			{	
-				m_NTCPAcceptor = new boost::asio::ip::tcp::acceptor (m_Service,
-					boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v4(), address.port));
-
-				LogPrint ("Start listening TCP port ", address.port);	
-				auto conn = new NTCPServerConnection (m_Service);
-				m_NTCPAcceptor->async_accept(conn->GetSocket (), boost::bind (&Transports::HandleAccept, this, 
-					conn, boost::asio::placeholders::error));	
-				
-				if (context.SupportsV6 ())
-				{
-					m_NTCPV6Acceptor = new boost::asio::ip::tcp::acceptor (m_Service);
-					m_NTCPV6Acceptor->open (boost::asio::ip::tcp::v6());
-					m_NTCPV6Acceptor->set_option (boost::asio::ip::v6_only (true));
-					m_NTCPV6Acceptor->bind (boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v6(), address.port));
-					m_NTCPV6Acceptor->listen ();
-
-					LogPrint ("Start listening V6 TCP port ", address.port);	
-					auto conn = new NTCPServerConnection (m_Service);
-					m_NTCPV6Acceptor->async_accept(conn->GetSocket (), boost::bind (&Transports::HandleAcceptV6,
-						this, conn, boost::asio::placeholders::error));
-				}	
+				m_NTCPServer = new NTCPServer (address.port);
+				m_NTCPServer->Start ();
 			}	
-			else if (address.transportStyle == RouterInfo::eTransportSSU && address.host.is_v4 ())
+			
+			if (address.transportStyle == RouterInfo::eTransportSSU && address.host.is_v4 ())
 			{
 				if (!m_SSUServer)
 				{	
@@ -152,24 +135,26 @@ namespace transport
 					LogPrint ("SSU server already exists");
 			}
 		}	
+		m_PeerCleanupTimer.expires_from_now (boost::posix_time::seconds(5*SESSION_CREATION_TIMEOUT));
+		m_PeerCleanupTimer.async_wait (std::bind (&Transports::HandlePeerCleanupTimer, this, std::placeholders::_1));
 	}
 		
 	void Transports::Stop ()
 	{	
+		m_PeerCleanupTimer.cancel ();	
+		m_Peers.clear ();
 		if (m_SSUServer)
 		{
 			m_SSUServer->Stop ();
 			delete m_SSUServer;
 			m_SSUServer = nullptr;
 		}	
-		
-		for (auto session: m_NTCPSessions)
-			delete session.second;
-		m_NTCPSessions.clear ();
-		delete m_NTCPAcceptor;
-		m_NTCPAcceptor = nullptr;
-		delete m_NTCPV6Acceptor;
-		m_NTCPV6Acceptor = nullptr;
+		if (m_NTCPServer)
+		{
+			m_NTCPServer->Stop ();
+			delete m_NTCPServer;
+			m_NTCPServer = nullptr;
+		}	
 
 		m_DHKeysPairSupplier.Stop ();
 		m_IsRunning = false;
@@ -197,153 +182,219 @@ namespace transport
 		}	
 	}
 		
-	void Transports::AddNTCPSession (NTCPSession * session)
+	void Transports::UpdateBandwidth ()
 	{
-		if (session)
-			m_NTCPSessions[session->GetRemoteIdentity ().GetIdentHash ()] = session;
-	}	
-
-	void Transports::RemoveNTCPSession (NTCPSession * session)
-	{
-		if (session)
-			m_NTCPSessions.erase (session->GetRemoteIdentity ().GetIdentHash ());
-	}	
-		
-	void Transports::HandleAccept (NTCPServerConnection * conn, const boost::system::error_code& error)
-	{		
-		if (!error)
+		uint64_t ts = i2p::util::GetMillisecondsSinceEpoch ();
+		if (m_LastBandwidthUpdateTime > 0)
 		{
-			LogPrint ("Connected from ", conn->GetSocket ().remote_endpoint().address ().to_string ());
-			conn->ServerLogin ();
+			auto delta = ts - m_LastBandwidthUpdateTime;
+			if (delta > 0)
+			{
+				m_InBandwidth = (m_TotalReceivedBytes - m_LastInBandwidthUpdateBytes)*1000/delta; // per second 
+				m_OutBandwidth = (m_TotalSentBytes - m_LastOutBandwidthUpdateBytes)*1000/delta; // per second 
+			} 
 		}
-		else
-			delete conn;
-
-		if (error != boost::asio::error::operation_aborted)
-		{
-    		conn = new NTCPServerConnection (m_Service);
-			m_NTCPAcceptor->async_accept(conn->GetSocket (), boost::bind (&Transports::HandleAccept, this, 
-				conn, boost::asio::placeholders::error));
-		}	
+		m_LastBandwidthUpdateTime = ts;
+		m_LastInBandwidthUpdateBytes = m_TotalReceivedBytes;	
+		m_LastOutBandwidthUpdateBytes = m_TotalSentBytes;		
 	}
 
-	void Transports::HandleAcceptV6 (NTCPServerConnection * conn, const boost::system::error_code& error)
-	{		
-		if (!error)
-		{
-			LogPrint ("Connected from ", conn->GetSocket ().remote_endpoint().address ().to_string ());
-			conn->ServerLogin ();
-		}
-		else
-			delete conn;
-
-		if (error != boost::asio::error::operation_aborted)
-		{
-    		conn = new NTCPServerConnection (m_Service);
-			m_NTCPV6Acceptor->async_accept(conn->GetSocket (), boost::bind (&Transports::HandleAcceptV6, this, 
-				conn, boost::asio::placeholders::error));
-		}	
+	bool Transports::IsBandwidthExceeded () const
+	{
+		if (i2p::context.GetRouterInfo ().IsHighBandwidth ()) return false;
+		return std::max (m_InBandwidth, m_OutBandwidth) > LOW_BANDWIDTH_LIMIT;
 	}
 
-	NTCPSession * Transports::GetNextNTCPSession ()
-	{
-		for (auto session: m_NTCPSessions)
-			if (session.second->IsEstablished ())
-				return session.second;
-		return 0;
-	}	
-
-	NTCPSession * Transports::FindNTCPSession (const i2p::data::IdentHash& ident)
-	{
-		auto it = m_NTCPSessions.find (ident);
-		if (it != m_NTCPSessions.end ())
-			return it->second;
-		return 0;
-	}	
-
 	void Transports::SendMessage (const i2p::data::IdentHash& ident, i2p::I2NPMessage * msg)
 	{
-		if (ident == i2p::context.GetRouterInfo ().GetIdentHash ())
-			// we send it to ourself
-			i2p::HandleI2NPMessage (msg);
-		else
-			m_Service.post (boost::bind (&Transports::PostMessage, this, ident, msg));                             
+		m_Service.post (std::bind (&Transports::PostMessage, this, ident, msg));                             
 	}	
 
-	void Transports::PostMessage (const i2p::data::IdentHash& ident, i2p::I2NPMessage * msg)
+	void Transports::SendMessages (const i2p::data::IdentHash& ident, const std::vector<i2p::I2NPMessage *>& msgs)
 	{
-		auto session = FindNTCPSession (ident);
-		if (session)
-			session->SendI2NPMessage (msg);
-		else
+		m_Service.post (std::bind (&Transports::PostMessages, this, ident, msgs));
+	}	
+		
+	void Transports::PostMessage (i2p::data::IdentHash ident, i2p::I2NPMessage * msg)
+	{
+		if (ident == i2p::context.GetRouterInfo ().GetIdentHash ())
+		{	
+			// we send it to ourself
+			i2p::HandleI2NPMessage (msg);
+			return;
+		}	
+
+		auto it = m_Peers.find (ident);
+		if (it == m_Peers.end ())
 		{
-			RouterInfo * r = netdb.FindRouter (ident);
-			if (r)
-			{	
-				auto ssuSession = m_SSUServer ? m_SSUServer->FindSession (r) : nullptr;
-				if (ssuSession)
-					ssuSession->SendI2NPMessage (msg);
-				else
-				{	
-					// existing session not found. create new 
-					// try NTCP first if message size < 16K
-					auto address = r->GetNTCPAddress (!context.SupportsV6 ()); 
-					if (address && !r->UsesIntroducer () && !r->IsUnreachable () && msg->GetLength () < NTCP_MAX_MESSAGE_SIZE)
-					{	
-						auto s = new NTCPClient (m_Service, address->host, address->port, *r);
-						AddNTCPSession (s);
-						s->SendI2NPMessage (msg);
-					}	
-					else
-					{	
-						// then SSU					
-						auto s = m_SSUServer ? m_SSUServer->GetSession (r) : nullptr;
-						if (s)
-							s->SendI2NPMessage (msg);
-						else
+			auto r = netdb.FindRouter (ident);
+			it = m_Peers.insert (std::pair<i2p::data::IdentHash, Peer>(ident, { 0, r, nullptr,
+				i2p::util::GetSecondsSinceEpoch () })).first;
+			if (!ConnectToPeer (ident, it->second))
+			{
+				DeleteI2NPMessage (msg);
+				return;
+			}	
+		}	
+		if (it->second.session)
+			it->second.session->SendI2NPMessage (msg);
+		else
+			it->second.delayedMessages.push_back (msg);
+	}	
+
+	void Transports::PostMessages (i2p::data::IdentHash ident, std::vector<i2p::I2NPMessage *> msgs)
+	{
+		if (ident == i2p::context.GetRouterInfo ().GetIdentHash ())
+		{	
+			// we send it to ourself
+			for (auto it: msgs)
+				i2p::HandleI2NPMessage (it);
+			return;
+		}	
+		auto it = m_Peers.find (ident);
+		if (it == m_Peers.end ())
+		{
+			auto r = netdb.FindRouter (ident);
+			it = m_Peers.insert (std::pair<i2p::data::IdentHash, Peer>(ident, { 0, r, nullptr,
+				i2p::util::GetSecondsSinceEpoch () })).first;
+			if (!ConnectToPeer (ident, it->second))
+			{
+				for (auto it1: msgs)
+					DeleteI2NPMessage (it1);
+				return;
+			}	
+		}	
+		if (it->second.session)
+			it->second.session->SendI2NPMessages (msgs);
+		else
+		{	
+			for (auto it1: msgs)
+				it->second.delayedMessages.push_back (it1);
+		}	
+	}	
+		
+	bool Transports::ConnectToPeer (const i2p::data::IdentHash& ident, Peer& peer)
+	{
+		if (peer.router) // we have RI already
+		{	
+			if (!peer.numAttempts) // NTCP
+			{
+				peer.numAttempts++;
+				auto address = peer.router->GetNTCPAddress (!context.SupportsV6 ());
+				if (address)
+				{
+#if BOOST_VERSION >= 104900
+					if (!address->host.is_unspecified ()) // we have address now
+#else
+					boost::system::error_code ecode;
+					address->host.to_string (ecode);
+					if (!ecode)
+#endif
+					{
+						if (!peer.router->UsesIntroducer () && !peer.router->IsUnreachable ())
+						{	
+							auto s = std::make_shared<NTCPSession> (*m_NTCPServer, peer.router);
+							m_NTCPServer->Connect (address->host, address->port, s);
+							return true;
+						}
+					}
+					else // we don't have address
+					{
+						if (address->addressString.length () > 0) // trying to resolve
 						{
-							LogPrint ("No NTCP and SSU addresses available");
-							DeleteI2NPMessage (msg); 
+							LogPrint (eLogInfo, "Resolving ", address->addressString);
+							NTCPResolve (address->addressString, ident);
+							return true;
 						}
 					}
 				}	
 			}
+			else  if (peer.numAttempts == 1)// SSU
+			{
+				peer.numAttempts++;
+				if (m_SSUServer)
+				{	
+					if (m_SSUServer->GetSession (peer.router))
+						return true;
+				}
+			}	
+			LogPrint (eLogError, "No NTCP and SSU addresses available");
+			if (peer.session) peer.session->Done ();
+			m_Peers.erase (ident);
+			return false;
+		}	
+		else // otherwise request RI
+		{
+			LogPrint ("Router not found. Requested");
+			i2p::data::netdb.RequestDestination (ident, std::bind (
+				&Transports::RequestComplete, this, std::placeholders::_1, ident));
+		}	
+		return true;
+	}	
+	
+	void Transports::RequestComplete (std::shared_ptr<const i2p::data::RouterInfo> r, const i2p::data::IdentHash& ident)
+	{
+		m_Service.post (std::bind (&Transports::HandleRequestComplete, this, r, ident));
+	}		
+	
+	void Transports::HandleRequestComplete (std::shared_ptr<const i2p::data::RouterInfo> r, const i2p::data::IdentHash& ident)
+	{
+		auto it = m_Peers.find (ident);
+		if (it != m_Peers.end ())
+		{	
+			if (r)
+			{
+				LogPrint ("Router found. Trying to connect");
+				it->second.router = r;
+				ConnectToPeer (ident, it->second);
+			}	
 			else
 			{
-				LogPrint ("Router not found. Requested");
-				i2p::data::netdb.RequestDestination (ident);
-				auto resendTimer = new boost::asio::deadline_timer (m_Service);
-				resendTimer->expires_from_now (boost::posix_time::seconds(5)); // 5 seconds
-				resendTimer->async_wait (boost::bind (&Transports::HandleResendTimer,
-					this, boost::asio::placeholders::error, resendTimer, ident, msg));			
+				LogPrint ("Router not found. Failed to send messages");
+				m_Peers.erase (it);
 			}	
 		}	
 	}	
 
-	void Transports::HandleResendTimer (const boost::system::error_code& ecode, 
-		boost::asio::deadline_timer * timer, const i2p::data::IdentHash& ident, i2p::I2NPMessage * msg)
+	void Transports::NTCPResolve (const std::string& addr, const i2p::data::IdentHash& ident)
 	{
-		RouterInfo * r = netdb.FindRouter (ident);
-		if (r)
+		auto resolver = std::make_shared<boost::asio::ip::tcp::resolver>(m_Service);
+		resolver->async_resolve (boost::asio::ip::tcp::resolver::query (addr, ""), 
+			std::bind (&Transports::HandleNTCPResolve, this, 
+				std::placeholders::_1, std::placeholders::_2, ident, resolver));
+	}
+
+	void Transports::HandleNTCPResolve (const boost::system::error_code& ecode, boost::asio::ip::tcp::resolver::iterator it, 
+		i2p::data::IdentHash ident, std::shared_ptr<boost::asio::ip::tcp::resolver> resolver)
+	{
+		auto it1 = m_Peers.find (ident);
+		if (it1 != m_Peers.end ())
 		{
-			LogPrint ("Router found. Sending message");
-			PostMessage (ident, msg);
-		}	
-		else
-		{
-			LogPrint ("Router not found. Failed to send message");
-			DeleteI2NPMessage (msg);
-		}	
-		delete timer;
-	}	
-		
-	void Transports::CloseSession (const i2p::data::RouterInfo * router)
+			auto& peer = it1->second;
+			if (!ecode && peer.router)
+			{
+				auto address = (*it).endpoint ().address ();
+				LogPrint (eLogInfo, (*it).host_name (), " has been resolved to ", address);
+				auto addr = peer.router->GetNTCPAddress ();
+				if (addr)
+				{
+					auto s = std::make_shared<NTCPSession> (*m_NTCPServer, peer.router);
+					m_NTCPServer->Connect (address, addr->port, s);
+					return;
+				}	
+			}
+			LogPrint (eLogError, "Unable to resolve NTCP address: ", ecode.message ());
+			m_Peers.erase (it1);
+		}
+	}
+
+	void Transports::CloseSession (std::shared_ptr<const i2p::data::RouterInfo> router)
 	{
 		if (!router) return;
-		m_Service.post (boost::bind (&Transports::PostCloseSession, this, router));    
+		m_Service.post (std::bind (&Transports::PostCloseSession, this, router));    
 	}	
 
-	void Transports::PostCloseSession (const i2p::data::RouterInfo * router)
+	void Transports::PostCloseSession (std::shared_ptr<const i2p::data::RouterInfo> router)
 	{
 		auto ssuSession = m_SSUServer ? m_SSUServer->FindSession (router) : nullptr;
 		if (ssuSession) // try SSU first
@@ -356,12 +407,25 @@ namespace transport
 		
 	void Transports::DetectExternalIP ()
 	{
-		for (int i = 0; i < 5; i++)
+		if (m_SSUServer)
 		{
-			auto router = i2p::data::netdb.GetRandomRouter ();
-			if (router && router->IsSSU () && m_SSUServer)
-				m_SSUServer->GetSession (router, true);  // peer test	
-		}	
+			i2p::context.SetStatus (eRouterStatusTesting);
+			for (int i = 0; i < 5; i++)
+			{
+				auto router = i2p::data::netdb.GetRandomPeerTestRouter ();
+				if (router  && router->IsSSU ())
+					m_SSUServer->GetSession (router, true);  // peer test	
+				else
+				{
+					// if not peer test capable routers found pick any
+					router = i2p::data::netdb.GetRandomRouter ();
+					if (router && router->IsSSU ())
+						m_SSUServer->GetSession (router);  	// no peer test
+				}
+			}	
+		}
+		else
+			LogPrint (eLogError, "Can't detect external IP. SSU is not available");
 	}
 			
 	DHKeysPair * Transports::GetNextDHKeysPair ()
@@ -373,6 +437,76 @@ namespace transport
 	{
 		m_DHKeysPairSupplier.Return (pair);
 	}
+
+	void Transports::PeerConnected (std::shared_ptr<TransportSession> session)
+	{
+		m_Service.post([session, this]()
+		{   
+			auto ident = session->GetRemoteIdentity ().GetIdentHash ();
+			auto it = m_Peers.find (ident);
+			if (it != m_Peers.end ())
+			{
+				if (!it->second.session)
+				{
+					it->second.session = session;
+					session->SendI2NPMessages (it->second.delayedMessages);
+					it->second.delayedMessages.clear ();
+				}
+				else
+				{
+					LogPrint (eLogError, "Session for ", ident.ToBase64 ().substr (0, 4), " already exists");
+					session->Done ();
+				}
+			}
+			else // incoming connection
+				m_Peers.insert (std::make_pair (ident, Peer{ 0, nullptr, session, i2p::util::GetSecondsSinceEpoch () }));
+		});			
+	}
+		
+	void Transports::PeerDisconnected (std::shared_ptr<TransportSession> session)
+	{
+		m_Service.post([session, this]()
+		{  
+			auto ident = session->GetRemoteIdentity ().GetIdentHash ();
+			auto it = m_Peers.find (ident);
+			if (it != m_Peers.end () && (!it->second.session || it->second.session == session))
+			{
+				if (it->second.delayedMessages.size () > 0)
+					ConnectToPeer (ident, it->second);
+				else
+					m_Peers.erase (it);
+			}
+		});	
+	}	
+
+	bool Transports::IsConnected (const i2p::data::IdentHash& ident) const
+	{
+		auto it = m_Peers.find (ident);
+		return it != m_Peers.end ();
+	}	
+		
+	void Transports::HandlePeerCleanupTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			auto ts = i2p::util::GetSecondsSinceEpoch ();
+			for (auto it = m_Peers.begin (); it != m_Peers.end (); )
+			{
+				if (!it->second.session && ts > it->second.creationTime + SESSION_CREATION_TIMEOUT)
+				{
+					LogPrint (eLogError, "Session to peer ", it->first.ToBase64 (), " has not been created in ", SESSION_CREATION_TIMEOUT, " seconds");
+					it = m_Peers.erase (it);
+				}
+				else
+					it++;
+			}
+			UpdateBandwidth (); // TODO: use separate timer(s) for it
+			if (i2p::context.GetStatus () == eRouterStatusTesting) // if still testing,  repeat peer test
+				DetectExternalIP ();
+			m_PeerCleanupTimer.expires_from_now (boost::posix_time::seconds(5*SESSION_CREATION_TIMEOUT));
+			m_PeerCleanupTimer.async_wait (std::bind (&Transports::HandlePeerCleanupTimer, this, std::placeholders::_1));
+		}	
+	}
 }
 }
 

Transports.h

@@ -6,8 +6,11 @@
 #include <condition_variable>
 #include <functional>
 #include <map>
+#include <vector>
 #include <queue>
 #include <string>
+#include <memory>
+#include <atomic>
 #include <cryptopp/osrng.h>
 #include <boost/asio.hpp>
 #include "TransportSession.h"
@@ -49,6 +52,23 @@ namespace transport
 			CryptoPP::AutoSeededRandomPool m_Rnd;
 	};
 
+	struct Peer
+	{
+		int numAttempts;
+		std::shared_ptr<const i2p::data::RouterInfo> router;
+		std::shared_ptr<TransportSession> session;
+		uint64_t creationTime;
+		std::vector<i2p::I2NPMessage *> delayedMessages;
+
+		~Peer ()
+		{
+			for (auto it :delayedMessages)
+				i2p::DeleteI2NPMessage (it);			
+		}	
+	};	
+	
+	const size_t SESSION_CREATION_TIMEOUT = 10; // in seconds
+	const uint32_t LOW_BANDWIDTH_LIMIT = 32*1024; // 32KBs
 	class Transports
 	{
 		public:
@@ -63,25 +83,38 @@ namespace transport
 			i2p::transport::DHKeysPair * GetNextDHKeysPair ();	
 			void ReuseDHKeysPair (DHKeysPair * pair);
 
-			void AddNTCPSession (NTCPSession * session);
-			void RemoveNTCPSession (NTCPSession * session);
-			
-			NTCPSession * GetNextNTCPSession ();
-			NTCPSession * FindNTCPSession (const i2p::data::IdentHash& ident);
-
 			void SendMessage (const i2p::data::IdentHash& ident, i2p::I2NPMessage * msg);
-			void CloseSession (const i2p::data::RouterInfo * router);
+			void SendMessages (const i2p::data::IdentHash& ident, const std::vector<i2p::I2NPMessage *>& msgs);
+			void CloseSession (std::shared_ptr<const i2p::data::RouterInfo> router);
+
+			void PeerConnected (std::shared_ptr<TransportSession> session);
+			void PeerDisconnected (std::shared_ptr<TransportSession> session);
+			bool IsConnected (const i2p::data::IdentHash& ident) const;
 			
+			void UpdateSentBytes (uint64_t numBytes) { m_TotalSentBytes += numBytes; };
+			void UpdateReceivedBytes (uint64_t numBytes) { m_TotalReceivedBytes += numBytes; };
+			uint64_t GetTotalSentBytes () const { return m_TotalSentBytes; };
+			uint64_t GetTotalReceivedBytes () const { return m_TotalReceivedBytes; };		
+			uint32_t GetInBandwidth () const { return m_InBandwidth; }; // bytes per second
+			uint32_t GetOutBandwidth () const { return m_OutBandwidth; }; // bytes per second
+			bool IsBandwidthExceeded () const;
+
 		private:
 
 			void Run ();
-			void HandleAccept (NTCPServerConnection * conn, const boost::system::error_code& error);
-			void HandleAcceptV6 (NTCPServerConnection * conn, const boost::system::error_code& error);
-			void HandleResendTimer (const boost::system::error_code& ecode, boost::asio::deadline_timer * timer,
-				const i2p::data::IdentHash& ident, i2p::I2NPMessage * msg);
-			void PostMessage (const i2p::data::IdentHash& ident, i2p::I2NPMessage * msg);
-			void PostCloseSession (const i2p::data::RouterInfo * router);
-			
+			void RequestComplete (std::shared_ptr<const i2p::data::RouterInfo> r, const i2p::data::IdentHash& ident);
+			void HandleRequestComplete (std::shared_ptr<const i2p::data::RouterInfo> r, const i2p::data::IdentHash& ident);
+			void PostMessage (i2p::data::IdentHash ident, i2p::I2NPMessage * msg);
+			void PostMessages (i2p::data::IdentHash ident, std::vector<i2p::I2NPMessage *> msgs);
+			void PostCloseSession (std::shared_ptr<const i2p::data::RouterInfo> router);
+			bool ConnectToPeer (const i2p::data::IdentHash& ident, Peer& peer);
+			void HandlePeerCleanupTimer (const boost::system::error_code& ecode);			
+
+			void NTCPResolve (const std::string& addr, const i2p::data::IdentHash& ident);
+			void HandleNTCPResolve (const boost::system::error_code& ecode, boost::asio::ip::tcp::resolver::iterator it,
+ 				i2p::data::IdentHash ident, std::shared_ptr<boost::asio::ip::tcp::resolver> resolver);
+
+			void UpdateBandwidth ();
 			void DetectExternalIP ();
 			
 		private:
@@ -90,18 +123,25 @@ namespace transport
 			std::thread * m_Thread;	
 			boost::asio::io_service m_Service;
 			boost::asio::io_service::work m_Work;
-			boost::asio::ip::tcp::acceptor * m_NTCPAcceptor, * m_NTCPV6Acceptor;
+			boost::asio::deadline_timer m_PeerCleanupTimer;
 
-			std::map<i2p::data::IdentHash, NTCPSession *> m_NTCPSessions;
+			NTCPServer * m_NTCPServer;
 			SSUServer * m_SSUServer;
-
+			std::map<i2p::data::IdentHash, Peer> m_Peers;
+			
 			DHKeysPairSupplier m_DHKeysPairSupplier;
 
+			std::atomic<uint64_t> m_TotalSentBytes, m_TotalReceivedBytes;
+			uint32_t m_InBandwidth, m_OutBandwidth;
+			uint64_t m_LastInBandwidthUpdateBytes, m_LastOutBandwidthUpdateBytes;	
+			uint64_t m_LastBandwidthUpdateTime;		
+
 		public:
 
 			// for HTTP only
-			const decltype(m_NTCPSessions)& GetNTCPSessions () const { return m_NTCPSessions; };
+			const NTCPServer * GetNTCPServer () const { return m_NTCPServer; };
 			const SSUServer * GetSSUServer () const { return m_SSUServer; };
+			const decltype(m_Peers)& GetPeers () const { return m_Peers; };
 	};	
 
 	extern Transports transports;

Tunnel.cpp

@@ -1,3 +1,4 @@
+#include <string.h>
 #include "I2PEndian.h"
 #include <thread>
 #include <algorithm>
@@ -26,14 +27,14 @@ namespace tunnel
 		delete m_Config;
 	}	
 
-	void Tunnel::Build (uint32_t replyMsgID, OutboundTunnel * outboundTunnel)
+	void Tunnel::Build (uint32_t replyMsgID, std::shared_ptr<OutboundTunnel> outboundTunnel)
 	{
 		CryptoPP::RandomNumberGenerator& rnd = i2p::context.GetRandomNumberGenerator ();
 		auto numHops = m_Config->GetNumHops ();
 		int numRecords = numHops <= STANDARD_NUM_RECORDS ? STANDARD_NUM_RECORDS : numHops; 
-		I2NPMessage * msg = NewI2NPMessage ();
+		I2NPMessage * msg = NewI2NPShortMessage ();
 		*msg->GetPayload () = numRecords;
-		msg->len += numRecords*sizeof (I2NPBuildRequestRecordElGamalEncrypted) + 1;		
+		msg->len += numRecords*TUNNEL_BUILD_RECORD_SIZE + 1;		
 
 		// shuffle records
 		std::vector<int> recordIndicies;
@@ -41,22 +42,14 @@ namespace tunnel
 		std::random_shuffle (recordIndicies.begin(), recordIndicies.end());
 
 		// create real records
-		I2NPBuildRequestRecordElGamalEncrypted * records = (I2NPBuildRequestRecordElGamalEncrypted *)(msg->GetPayload () + 1); 
+		uint8_t * records = msg->GetPayload () + 1; 
 		TunnelHopConfig * hop = m_Config->GetFirstHop ();
 		int i = 0;
 		while (hop)
 		{
 			int idx = recordIndicies[i];
-			EncryptBuildRequestRecord (*hop->router,
-				CreateBuildRequestRecord (hop->router->GetIdentHash (), 
-				    hop->tunnelID,
-					hop->nextRouter->GetIdentHash (), 
-					hop->nextTunnelID,
-					hop->layerKey, hop->ivKey,                  
-					hop->replyKey, hop->replyIV,
-					hop->next ? rnd.GenerateWord32 () : replyMsgID, // we set replyMsgID for last hop only
-				    hop->isGateway, hop->isEndpoint), 
-		    	records[idx]);
+			hop->CreateBuildRequestRecord (records + idx*TUNNEL_BUILD_RECORD_SIZE, 
+				hop->next ? rnd.GenerateWord32 () : replyMsgID); // we set replyMsgID for last hop only 
 			hop->recordIndex = idx; 
 			i++;
 			hop = hop->next;
@@ -65,7 +58,7 @@ namespace tunnel
 		for (int i = numHops; i < numRecords; i++)
 		{
 			int idx = recordIndicies[i];
-			rnd.GenerateBlock ((uint8_t *)(records + idx), sizeof (records[idx])); 
+			rnd.GenerateBlock (records + idx*TUNNEL_BUILD_RECORD_SIZE, TUNNEL_BUILD_RECORD_SIZE); 
 		}	
 
 		// decrypt real records
@@ -79,9 +72,8 @@ namespace tunnel
 			while (hop1)
 			{	
 				decryption.SetIV (hop->replyIV);
-				decryption.Decrypt((uint8_t *)&records[hop1->recordIndex], 
-					sizeof (I2NPBuildRequestRecordElGamalEncrypted), 
-				    (uint8_t *)&records[hop1->recordIndex]);
+				uint8_t * record = records + hop1->recordIndex*TUNNEL_BUILD_RECORD_SIZE;
+				decryption.Decrypt(record, TUNNEL_BUILD_RECORD_SIZE, record);
 				hop1 = hop1->next;
 			}	
 			hop = hop->prev;
@@ -111,9 +103,9 @@ namespace tunnel
 				auto idx = hop1->recordIndex;
 				if (idx >= 0 && idx < msg[0])
 				{	
-					uint8_t * record = msg + 1 + idx*sizeof (I2NPBuildResponseRecord);
+					uint8_t * record = msg + 1 + idx*TUNNEL_BUILD_RECORD_SIZE;
 					decryption.SetIV (hop->replyIV);
-					decryption.Decrypt(record, sizeof (I2NPBuildResponseRecord), record);
+					decryption.Decrypt(record, TUNNEL_BUILD_RECORD_SIZE, record);
 				}	
 				else
 					LogPrint ("Tunnel hop index ", idx, " is out of range");
@@ -126,9 +118,11 @@ namespace tunnel
 		hop = m_Config->GetFirstHop ();
 		while (hop)
 		{			
-			I2NPBuildResponseRecord * record = (I2NPBuildResponseRecord *)(msg + 1 + hop->recordIndex*sizeof (I2NPBuildResponseRecord));
-			LogPrint ("Ret code=", (int)record->ret);
-			if (record->ret) 
+			const uint8_t * record = msg + 1 + hop->recordIndex*TUNNEL_BUILD_RECORD_SIZE;
+			uint8_t ret = record[BUILD_RESPONSE_RECORD_RET_OFFSET];
+			LogPrint ("Ret code=", (int)ret);
+			hop->router->GetProfile ()->TunnelBuildResponse (ret);
+			if (ret) 
 				// if any of participants declined the tunnel is not established
 				established = false; 
 			hop = hop->next;
@@ -157,11 +151,17 @@ namespace tunnel
 			hop = hop->prev;
 		}
 	}	
-	
+
+	void Tunnel::SendTunnelDataMsg (i2p::I2NPMessage * msg)
+	{
+		LogPrint (eLogInfo, "Can't send I2NP messages without delivery instructions");	
+		DeleteI2NPMessage (msg);
+	}	
+
 	void InboundTunnel::HandleTunnelDataMsg (I2NPMessage * msg)
 	{
 		if (IsFailed ()) SetState (eTunnelStateEstablished); // incoming messages means a tunnel is alive			
-		msg->from = this;
+		msg->from = shared_from_this ();
 		EncryptTunnelMsg (msg);
 		m_Endpoint.HandleDecryptedTunnelDataMsg (msg);	
 	}	
@@ -196,36 +196,27 @@ namespace tunnel
 		m_Gateway.SendBuffer ();
 	}	
 	
+	void OutboundTunnel::HandleTunnelDataMsg (i2p::I2NPMessage * tunnelMsg)
+	{
+		LogPrint (eLogError, "Incoming message for outbound tunnel ", GetTunnelID ());
+		DeleteI2NPMessage (tunnelMsg);	
+	}
+
 	Tunnels tunnels;
 	
-	Tunnels::Tunnels (): m_IsRunning (false), m_Thread (nullptr), m_ExploratoryPool (nullptr)
+	Tunnels::Tunnels (): m_IsRunning (false), m_Thread (nullptr),
+		m_NumSuccesiveTunnelCreations (0), m_NumFailedTunnelCreations (0)
 	{
 	}
 	
 	Tunnels::~Tunnels ()	
 	{
-		for (auto& it : m_OutboundTunnels)
-			delete it;
-		m_OutboundTunnels.clear ();
-
-		for (auto& it : m_InboundTunnels)
-			delete it.second;
-		m_InboundTunnels.clear ();
-		
 		for (auto& it : m_TransitTunnels)
 			delete it.second;
 		m_TransitTunnels.clear ();
-
-		/*for (auto& it : m_PendingTunnels)
-			delete it.second;
-		m_PendingTunnels.clear ();*/
-
-		for (auto& it: m_Pools)
-			delete it.second;
-		m_Pools.clear ();
 	}	
 	
-	InboundTunnel * Tunnels::GetInboundTunnel (uint32_t tunnelID)
+	std::shared_ptr<InboundTunnel> Tunnels::GetInboundTunnel (uint32_t tunnelID)
 	{
 		auto it = m_InboundTunnels.find(tunnelID);
 		if (it != m_InboundTunnels.end ())
@@ -240,11 +231,22 @@ namespace tunnel
 			return it->second;
 		return nullptr;
 	}	
-		
-	Tunnel * Tunnels::GetPendingTunnel (uint32_t replyMsgID)
+	
+	std::shared_ptr<InboundTunnel> Tunnels::GetPendingInboundTunnel (uint32_t replyMsgID)
 	{
-		auto it = m_PendingTunnels.find(replyMsgID);
-		if (it != m_PendingTunnels.end () && it->second->GetState () == eTunnelStatePending)
+		return GetPendingTunnel (replyMsgID, m_PendingInboundTunnels);	
+	}
+	
+	std::shared_ptr<OutboundTunnel> Tunnels::GetPendingOutboundTunnel (uint32_t replyMsgID)
+	{
+		return GetPendingTunnel (replyMsgID, m_PendingOutboundTunnels);	
+	}		
+
+	template<class TTunnel>		
+	std::shared_ptr<TTunnel> Tunnels::GetPendingTunnel (uint32_t replyMsgID, const std::map<uint32_t, std::shared_ptr<TTunnel> >& pendingTunnels)
+	{
+		auto it = pendingTunnels.find(replyMsgID);
+		if (it != pendingTunnels.end () && it->second->GetState () == eTunnelStatePending)
 		{	
 			it->second->SetState (eTunnelStateBuildReplyReceived);	
 			return it->second;
@@ -252,11 +254,10 @@ namespace tunnel
 		return nullptr;
 	}	
 
-	InboundTunnel * Tunnels::GetNextInboundTunnel ()
+	std::shared_ptr<InboundTunnel> Tunnels::GetNextInboundTunnel ()
 	{
-		InboundTunnel * tunnel  = nullptr; 
+		std::shared_ptr<InboundTunnel> tunnel; 
 		size_t minReceived = 0;
-		std::unique_lock<std::mutex> l(m_InboundTunnelsMutex);
 		for (auto it : m_InboundTunnels)
 		{
 			if (!it.second->IsEstablished ()) continue;
@@ -269,12 +270,11 @@ namespace tunnel
 		return tunnel;
 	}
 	
-	OutboundTunnel * Tunnels::GetNextOutboundTunnel ()
+	std::shared_ptr<OutboundTunnel> Tunnels::GetNextOutboundTunnel ()
 	{
 		CryptoPP::RandomNumberGenerator& rnd = i2p::context.GetRandomNumberGenerator ();
 		uint32_t ind = rnd.GenerateWord32 (0, m_OutboundTunnels.size () - 1), i = 0;
-		OutboundTunnel * tunnel = nullptr;
-		std::unique_lock<std::mutex> l(m_OutboundTunnelsMutex);
+		std::shared_ptr<OutboundTunnel> tunnel;
 		for (auto it: m_OutboundTunnels)
 		{	
 			if (it->IsEstablished ())
@@ -287,28 +287,27 @@ namespace tunnel
 		return tunnel;
 	}	
 
-	TunnelPool * Tunnels::CreateTunnelPool (i2p::garlic::GarlicDestination& localDestination, int numHops)
+	std::shared_ptr<TunnelPool> Tunnels::CreateTunnelPool (i2p::garlic::GarlicDestination * localDestination, int numInboundHops, int numOutboundHops)
 	{
-		auto pool = new TunnelPool (localDestination, numHops);
+		auto pool = std::make_shared<TunnelPool> (localDestination, numInboundHops, numOutboundHops);
 		std::unique_lock<std::mutex> l(m_PoolsMutex);
-		m_Pools[pool->GetIdentHash ()] = pool;
+		m_Pools.push_back (pool);
 		return pool;
 	}	
 
-	void Tunnels::DeleteTunnelPool (TunnelPool * pool)
+	void Tunnels::DeleteTunnelPool (std::shared_ptr<TunnelPool> pool)
 	{
 		if (pool)
 		{	
 			StopTunnelPool (pool);
-			m_Pools.erase (pool->GetLocalDestination ().GetIdentHash ());
-			for (auto it: m_PendingTunnels)
-				if (it.second->GetTunnelPool () == pool)
-					it.second->SetTunnelPool (nullptr);
-			delete pool;
+			{
+				std::unique_lock<std::mutex> l(m_PoolsMutex);
+				m_Pools.remove (pool);
+			}	
 		}	
 	}	
 
-	void Tunnels::StopTunnelPool (TunnelPool * pool)
+	void Tunnels::StopTunnelPool (std::shared_ptr<TunnelPool> pool)
 	{
 		if (pool)
 		{
@@ -320,7 +319,11 @@ namespace tunnel
 	void Tunnels::AddTransitTunnel (TransitTunnel * tunnel)
 	{
 		std::unique_lock<std::mutex> l(m_TransitTunnelsMutex);
-		m_TransitTunnels[tunnel->GetTunnelID ()] = tunnel;
+		if (!m_TransitTunnels.insert (std::make_pair (tunnel->GetTunnelID (), tunnel)).second)
+		{	
+			LogPrint (eLogError, "Transit tunnel ", tunnel->GetTunnelID (), " already exists");
+			delete tunnel;
+		}
 	}	
 
 	void Tunnels::Start ()
@@ -351,24 +354,69 @@ namespace tunnel
 			try
 			{	
 				I2NPMessage * msg = m_Queue.GetNextWithTimeout (1000); // 1 sec
-				while (msg)
-				{
-					uint32_t  tunnelID = be32toh (*(uint32_t *)msg->GetPayload ()); 
-					InboundTunnel * tunnel = GetInboundTunnel (tunnelID);
-					if (tunnel)
-						tunnel->HandleTunnelDataMsg (msg);
-					else
-					{	
-						TransitTunnel * transitTunnel = GetTransitTunnel (tunnelID);
-						if (transitTunnel)
-							transitTunnel->HandleTunnelDataMsg (msg);
-						else	
-						{	
-							LogPrint ("Tunnel ", tunnelID, " not found");
-							i2p::DeleteI2NPMessage (msg);
-						}	
-					}	
-					msg = m_Queue.Get ();
+				if (msg)
+				{	
+					uint32_t prevTunnelID = 0, tunnelID = 0;
+					TunnelBase * prevTunnel = nullptr; 
+					do
+					{
+						TunnelBase * tunnel = nullptr;
+						uint8_t typeID = msg->GetTypeID ();
+						switch (typeID)
+						{									
+							case eI2NPTunnelData:
+							case eI2NPTunnelGateway:
+							{	
+								tunnelID = bufbe32toh (msg->GetPayload ()); 
+								if (tunnelID == prevTunnelID)
+									tunnel = prevTunnel;
+								else if (prevTunnel)
+									prevTunnel->FlushTunnelDataMsgs (); 
+						
+								if (!tunnel && typeID == eI2NPTunnelData)
+									tunnel = GetInboundTunnel (tunnelID).get ();
+								if (!tunnel)
+									tunnel = GetTransitTunnel (tunnelID);
+								if (tunnel)
+								{
+									if (typeID == eI2NPTunnelData)
+										tunnel->HandleTunnelDataMsg (msg);
+									else // tunnel gateway assumed
+										HandleTunnelGatewayMsg (tunnel, msg);
+								}
+								else	
+								{	
+									LogPrint (eLogWarning, "Tunnel ", tunnelID, " not found");
+									DeleteI2NPMessage (msg);
+								}	
+								break;
+							}	
+							case eI2NPVariableTunnelBuild:		
+							case eI2NPVariableTunnelBuildReply:
+							case eI2NPTunnelBuild:
+							case eI2NPTunnelBuildReply:	
+							{
+								HandleI2NPMessage (msg->GetBuffer (), msg->GetLength ());
+								DeleteI2NPMessage (msg);
+								break;
+							}	
+							default:
+							{
+								LogPrint (eLogError, "Unexpected  messsage type ", (int)typeID);
+								DeleteI2NPMessage (msg);
+							}	
+						}
+							
+						msg = m_Queue.Get ();
+						if (msg)
+						{
+							prevTunnelID = tunnelID;
+							prevTunnel = tunnel;
+						}
+						else if (tunnel)
+							tunnel->FlushTunnelDataMsgs ();
+					}
+					while (msg);
 				}	
 			
 				uint64_t ts = i2p::util::GetSecondsSinceEpoch ();
@@ -385,6 +433,33 @@ namespace tunnel
 		}	
 	}	
 
+	void Tunnels::HandleTunnelGatewayMsg (TunnelBase * tunnel, I2NPMessage * msg)
+	{
+		if (!tunnel)
+		{
+			LogPrint (eLogError, "Missing tunnel for TunnelGateway");
+			i2p::DeleteI2NPMessage (msg);
+			return;
+		}
+		const uint8_t * payload = msg->GetPayload ();
+		uint16_t len = bufbe16toh(payload + TUNNEL_GATEWAY_HEADER_LENGTH_OFFSET);
+		// we make payload as new I2NP message to send
+		msg->offset += I2NP_HEADER_SIZE + TUNNEL_GATEWAY_HEADER_SIZE;
+		msg->len = msg->offset + len;
+		auto typeID = msg->GetTypeID ();
+		LogPrint (eLogDebug, "TunnelGateway of ", (int)len, " bytes for tunnel ", tunnel->GetTunnelID (), ". Msg type ", (int)typeID);
+			
+		if (typeID == eI2NPDatabaseStore || typeID == eI2NPDatabaseSearchReply)
+		{
+			// transit DatabaseStore my contain new/updated RI 
+			// or DatabaseSearchReply with new routers
+			auto ds = NewI2NPMessage ();
+			*ds = *msg;
+			i2p::data::netdb.PostI2NPMsg (ds);
+		}	
+		tunnel->SendTunnelDataMsg (msg);
+	}
+
 	void Tunnels::ManageTunnels ()
 	{
 		ManagePendingTunnels ();
@@ -395,10 +470,17 @@ namespace tunnel
 	}	
 
 	void Tunnels::ManagePendingTunnels ()
+	{
+		ManagePendingTunnels (m_PendingInboundTunnels);
+		ManagePendingTunnels (m_PendingOutboundTunnels);
+	}
+
+	template<class PendingTunnels>
+	void Tunnels::ManagePendingTunnels (PendingTunnels& pendingTunnels)
 	{
 		// check pending tunnel. delete failed or timeout
 		uint64_t ts = i2p::util::GetSecondsSinceEpoch ();
-		for (auto it = m_PendingTunnels.begin (); it != m_PendingTunnels.end ();)
+		for (auto it = pendingTunnels.begin (); it != pendingTunnels.end ();)
 		{	
 			auto tunnel = it->second;
 			switch (tunnel->GetState ())
@@ -407,23 +489,38 @@ namespace tunnel
 					if (ts > tunnel->GetCreationTime () + TUNNEL_CREATION_TIMEOUT)
 					{
 						LogPrint ("Pending tunnel build request ", it->first, " timeout. Deleted");
-						delete tunnel;
-						it = m_PendingTunnels.erase (it);
+						// update stats
+						auto config = tunnel->GetTunnelConfig ();
+						if (config)
+						{
+							auto hop = config->GetFirstHop ();
+							while (hop)
+							{
+								if (hop->router) 
+									hop->router->GetProfile ()->TunnelNonReplied ();
+								hop = hop->next;
+							}	
+						}	
+						// delete
+						it = pendingTunnels.erase (it);
+						m_NumFailedTunnelCreations++;
 					}
 					else
 						it++;
 				break;
 				case eTunnelStateBuildFailed:
 					LogPrint ("Pending tunnel build request ", it->first, " failed. Deleted");
-					delete tunnel;
-					it = m_PendingTunnels.erase (it);
+					it = pendingTunnels.erase (it);
+					m_NumFailedTunnelCreations++;
 				break;
 				case eTunnelStateBuildReplyReceived:
-					// intermidiate state, will be either established of build failed
+					// intermediate state, will be either established of build failed
 					it++;
 				break;	
 				default:
-					it = m_PendingTunnels.erase (it);
+					// success
+					it = pendingTunnels.erase (it);
+					m_NumSuccesiveTunnelCreations++;
 			}	
 		}	
 	}
@@ -439,16 +536,11 @@ namespace tunnel
 				{
 					LogPrint ("Tunnel ", tunnel->GetTunnelID (), " expired");
 					{
-						std::unique_lock<std::mutex> l(m_PoolsMutex);
 						auto pool = tunnel->GetTunnelPool ();
 						if (pool)
 							pool->TunnelExpired (tunnel);
 					}	
-					{
-						std::unique_lock<std::mutex> l(m_OutboundTunnelsMutex);
-						it = m_OutboundTunnels.erase (it);
-					}
-					delete tunnel;
+					it = m_OutboundTunnels.erase (it);
 				}	
 				else 
 				{
@@ -462,11 +554,11 @@ namespace tunnel
 		if (m_OutboundTunnels.size () < 5) 
 		{
 			// trying to create one more oubound tunnel
-			InboundTunnel * inboundTunnel = GetNextInboundTunnel ();
+			auto inboundTunnel = GetNextInboundTunnel ();
 			if (!inboundTunnel) return;
 			LogPrint ("Creating one hop outbound tunnel...");
 			CreateTunnel<OutboundTunnel> (
-			  	new TunnelConfig (std::vector<const i2p::data::RouterInfo *> 
+			  	new TunnelConfig (std::vector<std::shared_ptr<const i2p::data::RouterInfo> > 
 				    { 
 						i2p::data::netdb.GetRandomRouter ()
 					},		
@@ -485,16 +577,11 @@ namespace tunnel
 				{
 					LogPrint ("Tunnel ", tunnel->GetTunnelID (), " expired");
 					{
-						std::unique_lock<std::mutex> l(m_PoolsMutex);
 						auto pool = tunnel->GetTunnelPool ();
 						if (pool)
 							pool->TunnelExpired (tunnel);
 					}	
-					{
-						std::unique_lock<std::mutex> l(m_InboundTunnelsMutex);
-						it = m_InboundTunnels.erase (it);
-					}
-					delete tunnel;
+					it = m_InboundTunnels.erase (it);
 				}	
 				else 
 				{
@@ -510,7 +597,7 @@ namespace tunnel
 			LogPrint ("Creating zero hops inbound tunnel...");
 			CreateZeroHopsInboundTunnel ();
 			if (!m_ExploratoryPool)
-				m_ExploratoryPool = CreateTunnelPool (i2p::context, 2); // 2-hop exploratory
+				m_ExploratoryPool = CreateTunnelPool (&i2p::context, 2, 2); // 2-hop exploratory
 			return;
 		}
 		
@@ -519,7 +606,7 @@ namespace tunnel
 			// trying to create one more inbound tunnel			
 			LogPrint ("Creating one hop inbound tunnel...");
 			CreateTunnel<InboundTunnel> (
-				new TunnelConfig (std::vector<const i2p::data::RouterInfo *>
+				new TunnelConfig (std::vector<std::shared_ptr<const i2p::data::RouterInfo> >
 				    {              
 						i2p::data::netdb.GetRandomRouter ()
 					}));
@@ -533,8 +620,8 @@ namespace tunnel
 		{
 			if (ts > it->second->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT)
 			{
-				LogPrint ("Transit tunnel ", it->second->GetTunnelID (), " expired");
 				auto tmp = it->second;
+				LogPrint ("Transit tunnel ", tmp->GetTunnelID (), " expired");
 				{
 					std::unique_lock<std::mutex> l(m_TransitTunnelsMutex);
 					it = m_TransitTunnels.erase (it);
@@ -551,8 +638,8 @@ namespace tunnel
 		std::unique_lock<std::mutex> l(m_PoolsMutex);
 		for (auto it: m_Pools)
 		{	
-			TunnelPool * pool = it.second;
-			if (pool->IsActive ())
+			auto pool = it;
+			if (pool && pool->IsActive ())
 			{	
 				pool->CreateTunnels ();
 				pool->TestTunnels ();
@@ -565,19 +652,33 @@ namespace tunnel
 		if (msg) m_Queue.Put (msg);		
 	}	
 
-	template<class TTunnel>
-	TTunnel * Tunnels::CreateTunnel (TunnelConfig * config, OutboundTunnel * outboundTunnel)
+	void Tunnels::PostTunnelData (const std::vector<I2NPMessage *>& msgs)
 	{
-		TTunnel * newTunnel = new TTunnel (config);
+		m_Queue.Put (msgs);
+	}	
+		
+	template<class TTunnel>
+	std::shared_ptr<TTunnel> Tunnels::CreateTunnel (TunnelConfig * config, std::shared_ptr<OutboundTunnel> outboundTunnel)
+	{
+		auto newTunnel = std::make_shared<TTunnel> (config);
 		uint32_t replyMsgID = i2p::context.GetRandomNumberGenerator ().GenerateWord32 ();
-		m_PendingTunnels[replyMsgID] = newTunnel; 
+		AddPendingTunnel (replyMsgID, newTunnel); 
 		newTunnel->Build (replyMsgID, outboundTunnel);
 		return newTunnel;
 	}	
 
-	void Tunnels::AddOutboundTunnel (OutboundTunnel * newTunnel)
+	void Tunnels::AddPendingTunnel (uint32_t replyMsgID, std::shared_ptr<InboundTunnel> tunnel)
+	{
+		m_PendingInboundTunnels[replyMsgID] = tunnel; 
+	}
+
+	void Tunnels::AddPendingTunnel (uint32_t replyMsgID, std::shared_ptr<OutboundTunnel> tunnel)
+	{
+		m_PendingOutboundTunnels[replyMsgID] = tunnel; 
+	}
+
+	void Tunnels::AddOutboundTunnel (std::shared_ptr<OutboundTunnel> newTunnel)
 	{
-		std::unique_lock<std::mutex> l(m_OutboundTunnelsMutex);
 		m_OutboundTunnels.push_back (newTunnel);
 		auto pool = newTunnel->GetTunnelPool ();
 		if (pool && pool->IsActive ())
@@ -586,9 +687,8 @@ namespace tunnel
 			newTunnel->SetTunnelPool (nullptr);
 	}	
 
-	void Tunnels::AddInboundTunnel (InboundTunnel * newTunnel)
+	void Tunnels::AddInboundTunnel (std::shared_ptr<InboundTunnel> newTunnel)
 	{
-		std::unique_lock<std::mutex> l(m_InboundTunnelsMutex);
 		m_InboundTunnels[newTunnel->GetTunnelID ()] = newTunnel;
 		auto pool = newTunnel->GetTunnelPool ();
 		if (!pool)
@@ -609,10 +709,23 @@ namespace tunnel
 	void Tunnels::CreateZeroHopsInboundTunnel ()
 	{
 		CreateTunnel<InboundTunnel> (
-			new TunnelConfig (std::vector<const i2p::data::RouterInfo *>
+			new TunnelConfig (std::vector<std::shared_ptr<const i2p::data::RouterInfo> >
 			    { 
-					&i2p::context.GetRouterInfo ()
+					i2p::context.GetSharedRouterInfo ()
 				}));
 	}	
+
+	int Tunnels::GetTransitTunnelsExpirationTimeout ()
+	{
+		int timeout = 0;
+		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
+		std::unique_lock<std::mutex> l(m_TransitTunnelsMutex);
+		for (auto it: m_TransitTunnels)
+		{
+			int t = it.second->GetCreationTime () + TUNNEL_EXPIRATION_TIMEOUT - ts;
+			if (t > timeout) timeout = t;
+		}	
+		return timeout;
+	}	
 }
 }

Tunnel.h

@@ -8,6 +8,7 @@
 #include <string>
 #include <thread>
 #include <mutex>
+#include <memory>
 #include "Queue.h"
 #include "TunnelConfig.h"
 #include "TunnelPool.h"
@@ -46,7 +47,7 @@ namespace tunnel
 			Tunnel (TunnelConfig * config);
 			~Tunnel ();
 
-			void Build (uint32_t replyMsgID, OutboundTunnel * outboundTunnel = 0);
+			void Build (uint32_t replyMsgID, std::shared_ptr<OutboundTunnel> outboundTunnel = nullptr);
 			
 			TunnelConfig * GetTunnelConfig () const { return m_Config; }
 			TunnelState GetState () const { return m_State; };
@@ -54,12 +55,13 @@ namespace tunnel
 			bool IsEstablished () const { return m_State == eTunnelStateEstablished; };
 			bool IsFailed () const { return m_State == eTunnelStateFailed; };
 
-			TunnelPool * GetTunnelPool () const { return m_Pool; };
-			void SetTunnelPool (TunnelPool * pool) { m_Pool = pool; };			
+			std::shared_ptr<TunnelPool> GetTunnelPool () const { return m_Pool; };
+			void SetTunnelPool (std::shared_ptr<TunnelPool> pool) { m_Pool = pool; };			
 			
 			bool HandleTunnelBuildResponse (uint8_t * msg, size_t len);
 			
 			// implements TunnelBase
+			void SendTunnelDataMsg (i2p::I2NPMessage * msg);
 			void EncryptTunnelMsg (I2NPMessage * tunnelMsg); 
 			uint32_t GetNextTunnelID () const { return m_Config->GetFirstHop ()->tunnelID; };
 			const i2p::data::IdentHash& GetNextIdentHash () const { return m_Config->GetFirstHop ()->router->GetIdentHash (); };
@@ -67,7 +69,7 @@ namespace tunnel
 		private:
 
 			TunnelConfig * m_Config;
-			TunnelPool * m_Pool; // pool, tunnel belongs to, or null
+			std::shared_ptr<TunnelPool> m_Pool; // pool, tunnel belongs to, or null
 			TunnelState m_State;
 	};	
 
@@ -79,11 +81,12 @@ namespace tunnel
 
 			void SendTunnelDataMsg (const uint8_t * gwHash, uint32_t gwTunnel, i2p::I2NPMessage * msg);
 			void SendTunnelDataMsg (const std::vector<TunnelMessageBlock>& msgs); // multiple messages
-			const i2p::data::RouterInfo * GetEndpointRouter () const 
+			std::shared_ptr<const i2p::data::RouterInfo> GetEndpointRouter () const 
 				{ return GetTunnelConfig ()->GetLastHop ()->router; }; 
 			size_t GetNumSentBytes () const { return m_Gateway.GetNumSentBytes (); };
 
 			// implements TunnelBase
+			void HandleTunnelDataMsg (i2p::I2NPMessage * tunnelMsg);
 			uint32_t GetTunnelID () const { return GetNextTunnelID (); };
 			
 		private:
@@ -92,7 +95,7 @@ namespace tunnel
 			TunnelGateway m_Gateway; 
 	};
 	
-	class InboundTunnel: public Tunnel 
+	class InboundTunnel: public Tunnel, public std::enable_shared_from_this<InboundTunnel>
 	{
 		public:
 
@@ -117,30 +120,42 @@ namespace tunnel
 			void Start ();
 			void Stop ();		
 			
-			InboundTunnel * GetInboundTunnel (uint32_t tunnelID);
-			Tunnel * GetPendingTunnel (uint32_t replyMsgID);
-			InboundTunnel * GetNextInboundTunnel ();
-			OutboundTunnel * GetNextOutboundTunnel ();
-			TunnelPool * GetExploratoryPool () const { return m_ExploratoryPool; };
+			std::shared_ptr<InboundTunnel> GetInboundTunnel (uint32_t tunnelID);
+			std::shared_ptr<InboundTunnel> GetPendingInboundTunnel (uint32_t replyMsgID);	
+			std::shared_ptr<OutboundTunnel> GetPendingOutboundTunnel (uint32_t replyMsgID);			
+			std::shared_ptr<InboundTunnel> GetNextInboundTunnel ();
+			std::shared_ptr<OutboundTunnel> GetNextOutboundTunnel ();
+			std::shared_ptr<TunnelPool> GetExploratoryPool () const { return m_ExploratoryPool; };
 			TransitTunnel * GetTransitTunnel (uint32_t tunnelID);
+			int GetTransitTunnelsExpirationTimeout ();
 			void AddTransitTunnel (TransitTunnel * tunnel);
-			void AddOutboundTunnel (OutboundTunnel * newTunnel);
-			void AddInboundTunnel (InboundTunnel * newTunnel);
+			void AddOutboundTunnel (std::shared_ptr<OutboundTunnel> newTunnel);
+			void AddInboundTunnel (std::shared_ptr<InboundTunnel> newTunnel);
 			void PostTunnelData (I2NPMessage * msg);
+			void PostTunnelData (const std::vector<I2NPMessage *>& msgs);
 			template<class TTunnel>
-			TTunnel * CreateTunnel (TunnelConfig * config, OutboundTunnel * outboundTunnel = 0);
-			TunnelPool * CreateTunnelPool (i2p::garlic::GarlicDestination& localDestination, int numHops);
-			void DeleteTunnelPool (TunnelPool * pool);
-			void StopTunnelPool (TunnelPool * pool);
+			std::shared_ptr<TTunnel> CreateTunnel (TunnelConfig * config, std::shared_ptr<OutboundTunnel> outboundTunnel = nullptr);
+			void AddPendingTunnel (uint32_t replyMsgID, std::shared_ptr<InboundTunnel> tunnel);
+			void AddPendingTunnel (uint32_t replyMsgID, std::shared_ptr<OutboundTunnel> tunnel);
+			std::shared_ptr<TunnelPool> CreateTunnelPool (i2p::garlic::GarlicDestination * localDestination, int numInboundHops, int numOuboundHops);
+			void DeleteTunnelPool (std::shared_ptr<TunnelPool> pool);
+			void StopTunnelPool (std::shared_ptr<TunnelPool> pool);
 			
 		private:
-			
+		
+			template<class TTunnel>
+			std::shared_ptr<TTunnel> GetPendingTunnel (uint32_t replyMsgID, const std::map<uint32_t, std::shared_ptr<TTunnel> >& pendingTunnels);			
+
+			void HandleTunnelGatewayMsg (TunnelBase * tunnel, I2NPMessage * msg);
+
 			void Run ();	
 			void ManageTunnels ();
 			void ManageOutboundTunnels ();
 			void ManageInboundTunnels ();
 			void ManageTransitTunnels ();
 			void ManagePendingTunnels ();
+			template<class PendingTunnels>
+			void ManagePendingTunnels (PendingTunnels& pendingTunnels);
 			void ManageTunnelPools ();
 			
 			void CreateZeroHopsInboundTunnel ();
@@ -149,24 +164,32 @@ namespace tunnel
 
 			bool m_IsRunning;
 			std::thread * m_Thread;	
-			std::map<uint32_t, Tunnel *> m_PendingTunnels; // by replyMsgID
-			std::mutex m_InboundTunnelsMutex;
-			std::map<uint32_t, InboundTunnel *> m_InboundTunnels;
-			std::mutex m_OutboundTunnelsMutex;
-			std::list<OutboundTunnel *> m_OutboundTunnels;
+			std::map<uint32_t, std::shared_ptr<InboundTunnel> > m_PendingInboundTunnels; // by replyMsgID
+			std::map<uint32_t, std::shared_ptr<OutboundTunnel> > m_PendingOutboundTunnels; // by replyMsgID
+			std::map<uint32_t, std::shared_ptr<InboundTunnel> > m_InboundTunnels;
+			std::list<std::shared_ptr<OutboundTunnel> > m_OutboundTunnels;
 			std::mutex m_TransitTunnelsMutex;
 			std::map<uint32_t, TransitTunnel *> m_TransitTunnels;
 			std::mutex m_PoolsMutex;
-			std::map<i2p::data::IdentHash, TunnelPool *> m_Pools;
-			TunnelPool * m_ExploratoryPool;
+			std::list<std::shared_ptr<TunnelPool>> m_Pools;
+			std::shared_ptr<TunnelPool> m_ExploratoryPool;
 			i2p::util::Queue<I2NPMessage> m_Queue;
 
+			// some stats
+			int m_NumSuccesiveTunnelCreations, m_NumFailedTunnelCreations;
+
 		public:
 
 			// for HTTP only
 			const decltype(m_OutboundTunnels)& GetOutboundTunnels () const { return m_OutboundTunnels; };
 			const decltype(m_InboundTunnels)& GetInboundTunnels () const { return m_InboundTunnels; };
 			const decltype(m_TransitTunnels)& GetTransitTunnels () const { return m_TransitTunnels; };
+			int GetQueueSize () { return m_Queue.GetSize (); };
+			int GetTunnelCreationSuccessRate () const // in percents
+			{ 
+				int totalNum = m_NumSuccesiveTunnelCreations + m_NumFailedTunnelCreations;
+				return totalNum ? m_NumSuccesiveTunnelCreations*100/totalNum : 0;
+			}		
 	};	
 
 	extern Tunnels tunnels;

TunnelBase.h

@@ -2,6 +2,7 @@
 #define TUNNEL_BASE_H__
 
 #include <inttypes.h>
+#include <memory>
 #include "Timestamp.h"
 #include "I2NPProtocol.h"
 #include "Identity.h"
@@ -36,6 +37,9 @@ namespace tunnel
 			TunnelBase (): m_CreationTime (i2p::util::GetSecondsSinceEpoch ()) {};
 			virtual ~TunnelBase () {};
 			
+			virtual void HandleTunnelDataMsg (i2p::I2NPMessage * tunnelMsg) = 0;
+			virtual void SendTunnelDataMsg (i2p::I2NPMessage * msg) = 0;
+			virtual void FlushTunnelDataMsgs () {};
 			virtual void EncryptTunnelMsg (I2NPMessage * tunnelMsg) = 0;
 			virtual uint32_t GetNextTunnelID () const = 0;
 			virtual const i2p::data::IdentHash& GetNextIdentHash () const = 0;
@@ -51,7 +55,7 @@ namespace tunnel
 
 	struct TunnelCreationTimeCmp
 	{
-		bool operator() (const TunnelBase * t1, const TunnelBase * t2) const
+		bool operator() (std::shared_ptr<const TunnelBase> t1, std::shared_ptr<const TunnelBase> t2) const
   		{	
 			if (t1->GetCreationTime () != t2->GetCreationTime ())
 				return t1->GetCreationTime () > t2->GetCreationTime (); 

TunnelConfig.h

@@ -4,9 +4,11 @@
 #include <inttypes.h>
 #include <sstream>
 #include <vector>
+#include <memory>
 #include "aes.h"
 #include "RouterInfo.h"
 #include "RouterContext.h"
+#include "Timestamp.h"
 
 namespace i2p
 {
@@ -14,7 +16,7 @@ namespace tunnel
 {
 	struct TunnelHopConfig
 	{
-		const i2p::data::RouterInfo * router, * nextRouter;
+		std::shared_ptr<const i2p::data::RouterInfo> router, nextRouter;
 		uint32_t tunnelID, nextTunnelID;
 		uint8_t layerKey[32];
 		uint8_t ivKey[32];
@@ -26,7 +28,7 @@ namespace tunnel
 		i2p::crypto::TunnelDecryption decryption;	
 		int recordIndex; // record # in tunnel build message
 		
-		TunnelHopConfig (const i2p::data::RouterInfo * r)
+		TunnelHopConfig (std::shared_ptr<const i2p::data::RouterInfo> r)
 		{
 			CryptoPP::RandomNumberGenerator& rnd = i2p::context.GetRandomNumberGenerator ();
 			rnd.GenerateBlock (layerKey, 32);
@@ -36,14 +38,14 @@ namespace tunnel
 			isGateway = true;
 			isEndpoint = true;
 			router = r; 
-			nextRouter = 0;
+			//nextRouter = nullptr; 
 			nextTunnelID = 0;
 
-			next = 0;
-			prev = 0;
+			next = nullptr;
+			prev = nullptr;
 		}	
 
-		void SetNextRouter (const i2p::data::RouterInfo * r)
+		void SetNextRouter (std::shared_ptr<const i2p::data::RouterInfo> r)
 		{
 			nextRouter = r;
 			isEndpoint = false;
@@ -81,6 +83,28 @@ namespace tunnel
 				isGateway = false;
 			}	
 		}
+
+		void CreateBuildRequestRecord (uint8_t * record, uint32_t replyMsgID)
+		{
+			uint8_t clearText[BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE];
+			htobe32buf (clearText + BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET, tunnelID); 
+			memcpy (clearText + BUILD_REQUEST_RECORD_OUR_IDENT_OFFSET, router->GetIdentHash (), 32);
+			htobe32buf (clearText + BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET, nextTunnelID);
+			memcpy (clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, nextRouter->GetIdentHash (), 32);
+			memcpy (clearText + BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET, layerKey, 32);
+			memcpy (clearText + BUILD_REQUEST_RECORD_IV_KEY_OFFSET, ivKey, 32);
+			memcpy (clearText + BUILD_REQUEST_RECORD_REPLY_KEY_OFFSET, replyKey, 32);
+			memcpy (clearText + BUILD_REQUEST_RECORD_REPLY_IV_OFFSET, replyIV, 16);
+			uint8_t flag = 0;
+			if (isGateway) flag |= 0x80;
+			if (isEndpoint) flag |= 0x40;
+			clearText[BUILD_REQUEST_RECORD_FLAG_OFFSET] = flag;
+			htobe32buf (clearText + BUILD_REQUEST_RECORD_REQUEST_TIME_OFFSET, i2p::util::GetHoursSinceEpoch ()); 
+			htobe32buf (clearText + BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET, replyMsgID); 
+			// TODO: fill padding
+			router->GetElGamalEncryption ()->Encrypt (clearText, BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE, record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET);
+			memcpy (record + BUILD_REQUEST_RECORD_TO_PEER_OFFSET, (const uint8_t *)router->GetIdentHash (), 16);
+		}	
 	};	
 
 	class TunnelConfig
@@ -88,7 +112,7 @@ namespace tunnel
 		public:			
 			
 
-			TunnelConfig (std::vector<const i2p::data::RouterInfo *> peers, 
+			TunnelConfig (std::vector<std::shared_ptr<const i2p::data::RouterInfo> > peers, 
 				const TunnelConfig * replyTunnelConfig = nullptr) // replyTunnelConfig=nullptr means inbound
 			{
 				TunnelHopConfig * prev = nullptr;
@@ -109,7 +133,7 @@ namespace tunnel
 					m_LastHop->SetReplyHop (replyTunnelConfig->GetFirstHop ());
 				}	
 				else // inbound
-					m_LastHop->SetNextRouter (&i2p::context.GetRouterInfo ());
+					m_LastHop->SetNextRouter (i2p::context.GetSharedRouterInfo ());
 			}
 			
 			~TunnelConfig ()
@@ -184,7 +208,7 @@ namespace tunnel
 						if (hop->isGateway) // inbound tunnel
 							newHop->SetReplyHop (m_FirstHop); // use it as reply tunnel
 						else
-							newHop->SetNextRouter (&i2p::context.GetRouterInfo ());
+							newHop->SetNextRouter (i2p::context.GetSharedRouterInfo ());
 					}	
 					if (!hop->next) newConfig->m_FirstHop = newHop; // last hop
 									
@@ -195,7 +219,7 @@ namespace tunnel
 
 			TunnelConfig * Clone (const TunnelConfig * replyTunnelConfig = nullptr) const
 			{
-				std::vector<const i2p::data::RouterInfo *> peers;
+				std::vector<std::shared_ptr<const i2p::data::RouterInfo> > peers;
 				TunnelHopConfig * hop = m_FirstHop;
 				while (hop)
 				{

TunnelEndpoint.cpp

@@ -27,7 +27,6 @@ namespace tunnel
 		uint8_t * zero = (uint8_t *)memchr (decrypted + 4, 0, TUNNEL_DATA_ENCRYPTED_SIZE - 4); // witout 4-byte checksum
 		if (zero)
 		{	
-			LogPrint ("TunnelMessage: zero found at ", (int)(zero-decrypted));
 			uint8_t * fragment = zero + 1;
 			// verify checksum
 			memcpy (msg->GetPayload () + TUNNEL_DATA_MSG_SIZE, msg->GetPayload () + 4, 16); // copy iv to the end
@@ -35,7 +34,7 @@ namespace tunnel
 			CryptoPP::SHA256().CalculateDigest (hash, fragment, TUNNEL_DATA_MSG_SIZE -(fragment - msg->GetPayload ()) + 16); // payload + iv
 			if (memcmp (hash, decrypted, 4))
 			{
-				LogPrint ("TunnelMessage: checksum verification failed");
+				LogPrint (eLogError, "TunnelMessage: checksum verification failed");
 				i2p::DeleteI2NPMessage (msg);
 				return;
 			}	
@@ -57,17 +56,14 @@ namespace tunnel
 					switch (m.deliveryType)
 					{
 						case eDeliveryTypeLocal: // 0
-							LogPrint ("Delivery type local");
 						break;
 					  	case eDeliveryTypeTunnel: // 1
-							LogPrint ("Delivery type tunnel");	
-							m.tunnelID = be32toh (*(uint32_t *)fragment);
+							m.tunnelID = bufbe32toh (fragment);
 							fragment += 4; // tunnelID
 							m.hash = i2p::data::IdentHash (fragment);
 							fragment += 32; // hash
 						break;
 						case eDeliveryTypeRouter: // 2
-							LogPrint ("Delivery type router");	
 							m.hash = i2p::data::IdentHash (fragment);	
 							fragment += 32; // to hash
 						break;
@@ -79,34 +75,31 @@ namespace tunnel
 					if (isFragmented)
 					{
 						// Message ID
-						msgID = be32toh (*(uint32_t *)fragment); 	
+						msgID = bufbe32toh (fragment); 	
 						fragment += 4;
-						LogPrint ("Fragmented message ", msgID);
 						isLastFragment = false;
 					}	
 				}
 				else
 				{
 					// follow on
-					msgID = be32toh (*(uint32_t *)fragment); // MessageID			
+					msgID = bufbe32toh (fragment); // MessageID			
 					fragment += 4; 
 					fragmentNum = (flag >> 1) & 0x3F; // 6 bits
 					isLastFragment = flag & 0x01;
-					LogPrint ("Follow on fragment ", fragmentNum, " of message ", msgID, isLastFragment ? " last" : " non-last");
 				}	
 				
-				uint16_t size = be16toh (*(uint16_t *)fragment);
+				uint16_t size = bufbe16toh (fragment);
 				fragment += 2;
-				LogPrint ("Fragment size=", (int)size);
 
 				msg->offset = fragment - msg->buf;
 				msg->len = msg->offset + size;
 				if (fragment + size < decrypted + TUNNEL_DATA_ENCRYPTED_SIZE)
 				{
 					// this is not last message. we have to copy it
-					m.data = NewI2NPMessage ();
-					m.data->offset += sizeof (TunnelGatewayHeader); // reserve room for TunnelGateway header
-					m.data->len += sizeof (TunnelGatewayHeader);
+					m.data = NewI2NPShortMessage ();
+					m.data->offset += TUNNEL_GATEWAY_HEADER_SIZE; // reserve room for TunnelGateway header
+					m.data->len += TUNNEL_GATEWAY_HEADER_SIZE;
 					*(m.data) = *msg;
 				}
 				else
@@ -121,9 +114,14 @@ namespace tunnel
 						if (!isFollowOnFragment) // create new incomlete message
 						{
 							m.nextFragmentNum = 1;
-							auto& msg = m_IncompleteMessages[msgID];
-							msg = m;
-							HandleOutOfSequenceFragment (msgID, msg);
+							auto ret = m_IncompleteMessages.insert (std::pair<uint32_t, TunnelMessageBlockEx>(msgID, m));
+							if (ret.second)
+								HandleOutOfSequenceFragment (msgID, ret.first->second);
+							else
+							{
+								LogPrint (eLogError, "Incomplete message ", msgID, "already exists");
+								DeleteI2NPMessage (m.data);
+							}	
 						}
 						else
 						{
@@ -131,8 +129,11 @@ namespace tunnel
 							HandleFollowOnFragment (msgID, isLastFragment, m);
 						}	
 					}
-					else
-						LogPrint ("Message is fragmented, but msgID is not presented");
+					else	
+					{	
+						LogPrint (eLogError, "Message is fragmented, but msgID is not presented");
+						DeleteI2NPMessage (m.data);
+					}	
 				}	
 					
 				fragment += size;
@@ -140,7 +141,7 @@ namespace tunnel
 		}	
 		else
 		{	
-			LogPrint ("TunnelMessage: zero not found");
+			LogPrint (eLogError, "TunnelMessage: zero not found");
 			i2p::DeleteI2NPMessage (msg);	
 		}	
 	}	
@@ -155,8 +156,16 @@ namespace tunnel
 			auto& msg = it->second;
 			if (m.nextFragmentNum == msg.nextFragmentNum)
 			{
-				if (msg.data->len + size < I2NP_MAX_MESSAGE_SIZE) // check if messega is not too long
+				if (msg.data->len + size < I2NP_MAX_MESSAGE_SIZE) // check if message is not too long
 				{	
+					if (msg.data->len + size > msg.data->maxLen)
+					{
+						LogPrint (eLogInfo, "Tunnel endpoint I2NP message size ", msg.data->maxLen, " is not enough");
+						I2NPMessage * newMsg = NewI2NPMessage ();
+						*newMsg = *(msg.data);
+						DeleteI2NPMessage (msg.data);
+						msg.data = newMsg;
+					}
 					memcpy (msg.data->buf + msg.data->len, fragment, size); // concatenate fragment
 					msg.data->len += size;
 					if (isLastFragment)
@@ -173,7 +182,7 @@ namespace tunnel
 				}
 				else
 				{
-					LogPrint ("Fragment ", m.nextFragmentNum, " of message ", msgID, "exceeds max I2NP message size. Message dropped");
+					LogPrint (eLogError, "Fragment ", m.nextFragmentNum, " of message ", msgID, "exceeds max I2NP message size. Message dropped");
 					i2p::DeleteI2NPMessage (msg.data);
 					m_IncompleteMessages.erase (it);
 				}
@@ -181,13 +190,13 @@ namespace tunnel
 			}
 			else
 			{	
-				LogPrint ("Unexpected fragment ", (int)m.nextFragmentNum, " instead ", (int)msg.nextFragmentNum, " of message ", msgID, ". Saved");
+				LogPrint (eLogInfo, "Unexpected fragment ", (int)m.nextFragmentNum, " instead ", (int)msg.nextFragmentNum, " of message ", msgID, ". Saved");
 				AddOutOfSequenceFragment (msgID, m.nextFragmentNum, isLastFragment, m.data);
 			}
 		}
 		else
 		{	
-			LogPrint ("First fragment of message ", msgID, " not found. Saved");
+			LogPrint (eLogInfo, "First fragment of message ", msgID, " not found. Saved");
 			AddOutOfSequenceFragment (msgID, m.nextFragmentNum, isLastFragment, m.data);
 		}	
 	}	
@@ -208,8 +217,16 @@ namespace tunnel
 		{
 			if (it->second.fragmentNum == msg.nextFragmentNum)
 			{
-				LogPrint ("Out-of-sequence fragment ", (int)it->second.fragmentNum, " of message ", msgID, " found");
+				LogPrint (eLogInfo, "Out-of-sequence fragment ", (int)it->second.fragmentNum, " of message ", msgID, " found");
 				auto size = it->second.data->GetLength ();
+				if (msg.data->len + size > msg.data->maxLen)
+				{
+					LogPrint (eLogInfo, "Tunnel endpoint I2NP message size ", msg.data->maxLen, " is not enough");
+					I2NPMessage * newMsg = NewI2NPMessage ();
+					*newMsg = *(msg.data);
+					DeleteI2NPMessage (msg.data);
+					msg.data = newMsg;
+				}
 				memcpy (msg.data->buf + msg.data->len, it->second.data->GetBuffer (), size); // concatenate out-of-sync fragment
 				msg.data->len += size;
 				if (it->second.isLastFragment)
@@ -228,7 +245,7 @@ namespace tunnel
 	
 	void TunnelEndpoint::HandleNextMessage (const TunnelMessageBlock& msg)
 	{
-		LogPrint ("TunnelMessage: handle fragment of ", msg.data->GetLength ()," bytes. Msg type ", (int)msg.data->GetHeader()->typeID);
+		LogPrint (eLogInfo, "TunnelMessage: handle fragment of ", msg.data->GetLength ()," bytes. Msg type ", (int)msg.data->GetTypeID ());
 		switch (msg.deliveryType)
 		{
 			case eDeliveryTypeLocal:
@@ -245,11 +262,11 @@ namespace tunnel
 					// to somebody else
 					if (!m_IsInbound) // outbound transit tunnel
 					{
-						if (msg.data->GetHeader()->typeID == eI2NPDatabaseStore ||
-						    msg.data->GetHeader()->typeID == eI2NPDatabaseSearchReply )
+						auto typeID = msg.data->GetTypeID ();
+						if (typeID == eI2NPDatabaseStore || typeID == eI2NPDatabaseSearchReply )
 						{
 							// catch RI or reply with new list of routers
-							auto ds = NewI2NPMessage ();
+							auto ds = NewI2NPShortMessage ();
 							*ds = *(msg.data);
 							i2p::data::netdb.PostI2NPMsg (ds);
 						}
@@ -257,13 +274,16 @@ namespace tunnel
 					}
 					else // we shouldn't send this message. possible leakage 
 					{
-						LogPrint ("Message to another router arrived from an inbound tunnel. Dropped");
+						LogPrint (eLogError, "Message to another router arrived from an inbound tunnel. Dropped");
 						i2p::DeleteI2NPMessage (msg.data);
 					}
 				}
 			break;
 			default:
-				LogPrint ("TunnelMessage: Unknown delivery type ", (int)msg.deliveryType);
+			{	
+				LogPrint (eLogError, "TunnelMessage: Unknown delivery type ", (int)msg.deliveryType);
+				i2p::DeleteI2NPMessage (msg.data);
+			}	
 		};	
 	}	
 }		

TunnelGateway.cpp

@@ -10,6 +10,12 @@ namespace i2p
 {
 namespace tunnel
 {
+	TunnelGatewayBuffer::~TunnelGatewayBuffer ()
+	{
+		for (auto it: m_TunnelDataMsgs)
+			DeleteI2NPMessage (it);
+	}	
+	
 	void TunnelGatewayBuffer::PutI2NPMsg (const TunnelMessageBlock& block)
 	{
 		bool messageCreated = false;
@@ -26,7 +32,7 @@ namespace tunnel
 		{	
 			if (block.deliveryType == eDeliveryTypeTunnel)
 			{
-				*(uint32_t *)(di + diLen) = htobe32 (block.tunnelID);
+				htobe32buf (di + diLen, block.tunnelID);
 				diLen += 4; // tunnelID
 			}
 			
@@ -41,7 +47,7 @@ namespace tunnel
 		if (fullMsgLen <= m_RemainingSize)
 		{
 			// message fits. First and last fragment
-			*(uint16_t *)(di + diLen) = htobe16 (msg->GetLength ());
+			htobe16buf (di + diLen, msg->GetLength ());
 			diLen += 2; // size
 			memcpy (m_CurrentTunnelDataMsg->buf + m_CurrentTunnelDataMsg->len, di, diLen);
 			memcpy (m_CurrentTunnelDataMsg->buf + m_CurrentTunnelDataMsg->len + diLen, msg->GetBuffer (), msg->GetLength ());
@@ -68,14 +74,15 @@ namespace tunnel
 			if (diLen + 6 <= m_RemainingSize)
 			{
 				// delivery instructions fit
-				uint32_t msgID = msg->GetHeader ()->msgID; // in network bytes order
+				uint32_t msgID;
+				memcpy (&msgID, msg->GetHeader () + I2NP_HEADER_MSGID_OFFSET, 4); // in network bytes order
 				size_t size = m_RemainingSize - diLen - 6; // 6 = 4 (msgID) + 2 (size)
 
 				// first fragment
 				di[0] |= 0x08; // fragmented
-				*(uint32_t *)(di + diLen) = msgID;
+				htobuf32 (di + diLen, msgID);
 				diLen += 4; // Message ID
-				*(uint16_t *)(di + diLen) = htobe16 (size);
+				htobe16buf (di + diLen, size);
 				diLen += 2; // size
 				memcpy (m_CurrentTunnelDataMsg->buf + m_CurrentTunnelDataMsg->len, di, diLen);
 				memcpy (m_CurrentTunnelDataMsg->buf + m_CurrentTunnelDataMsg->len + diLen, msg->GetBuffer (), size);
@@ -96,9 +103,9 @@ namespace tunnel
 					{	
 						buf[0] |= 0x01;
 						isLastFragment = true;
-					}	
-					*(uint32_t *)(buf + 1) = msgID; //Message ID
-					*(uint16_t *)(buf + 5) = htobe16 (s); // size
+					}
+					htobuf32 (buf + 1, msgID); //Message ID
+					htobe16buf (buf + 5, s); // size
 					memcpy (buf + 7, msg->GetBuffer () + size, s);
 					m_CurrentTunnelDataMsg->len += s+7;
 					if (isLastFragment)
@@ -131,9 +138,10 @@ namespace tunnel
 
 	void TunnelGatewayBuffer::CreateCurrentTunnelDataMessage ()
 	{
-		m_CurrentTunnelDataMsg = NewI2NPMessage ();
+		m_CurrentTunnelDataMsg = NewI2NPShortMessage ();
+		m_CurrentTunnelDataMsg->Align (12);
 		// we reserve space for padding
-		m_CurrentTunnelDataMsg->offset += TUNNEL_DATA_MSG_SIZE + sizeof (I2NPHeader);
+		m_CurrentTunnelDataMsg->offset += TUNNEL_DATA_MSG_SIZE + I2NP_HEADER_SIZE;
 		m_CurrentTunnelDataMsg->len = m_CurrentTunnelDataMsg->offset;
 		m_RemainingSize = TUNNEL_DATA_MAX_PAYLOAD_SIZE;
 	}	
@@ -144,9 +152,9 @@ namespace tunnel
 		uint8_t * payload = m_CurrentTunnelDataMsg->GetBuffer ();
 		size_t size = m_CurrentTunnelDataMsg->len - m_CurrentTunnelDataMsg->offset;
 		
-		m_CurrentTunnelDataMsg->offset = m_CurrentTunnelDataMsg->len - TUNNEL_DATA_MSG_SIZE - sizeof (I2NPHeader);
+		m_CurrentTunnelDataMsg->offset = m_CurrentTunnelDataMsg->len - TUNNEL_DATA_MSG_SIZE - I2NP_HEADER_SIZE;
 		uint8_t * buf = m_CurrentTunnelDataMsg->GetPayload ();
-		*(uint32_t *)(buf) = htobe32 (m_TunnelID);
+		htobe32buf (buf, m_TunnelID);
 		CryptoPP::RandomNumberGenerator& rnd = i2p::context.GetRandomNumberGenerator ();
 		rnd.GenerateBlock (buf + 4, 16); // original IV	
 		memcpy (payload + size, buf + 4, 16); // copy IV for checksum 
@@ -186,9 +194,9 @@ namespace tunnel
 		{	
 			m_Tunnel->EncryptTunnelMsg (tunnelMsg);
 			FillI2NPMessageHeader (tunnelMsg, eI2NPTunnelData);
-			i2p::transport::transports.SendMessage (m_Tunnel->GetNextIdentHash (), tunnelMsg);
 			m_NumSentBytes += TUNNEL_DATA_MSG_SIZE;
 		}	
+		i2p::transport::transports.SendMessages (m_Tunnel->GetNextIdentHash (), tunnelMsgs);
 		m_Buffer.ClearTunnelDataMsgs ();
 	}	
 }		

TunnelGateway.h

@@ -15,6 +15,7 @@ namespace tunnel
 		public:
 			TunnelGatewayBuffer (uint32_t tunnelID): m_TunnelID (tunnelID), 
 				m_CurrentTunnelDataMsg (nullptr), m_RemainingSize (0) {};
+			~TunnelGatewayBuffer ();
 			void PutI2NPMsg (const TunnelMessageBlock& block);	
 			const std::vector<I2NPMessage *>& GetTunnelDataMsgs () const { return m_TunnelDataMsgs; };
 			void ClearTunnelDataMsgs ();

TunnelPool.cpp

@@ -10,9 +10,9 @@ namespace i2p
 {
 namespace tunnel
 {
-	TunnelPool::TunnelPool (i2p::garlic::GarlicDestination& localDestination, int numHops, int numTunnels):
-		m_LocalDestination (localDestination), m_NumHops (numHops), m_NumTunnels (numTunnels),
-		m_IsActive (true)
+	TunnelPool::TunnelPool (i2p::garlic::GarlicDestination * localDestination, int numInboundHops, int numOutboundHops, int numTunnels):
+		m_LocalDestination (localDestination), m_NumInboundHops (numInboundHops), m_NumOutboundHops (numOutboundHops),
+		m_NumTunnels (numTunnels), m_IsActive (true)
 	{
 	}
 
@@ -38,17 +38,18 @@ namespace tunnel
 		m_Tests.clear ();
 	}	
 		
-	void TunnelPool::TunnelCreated (InboundTunnel * createdTunnel)
+	void TunnelPool::TunnelCreated (std::shared_ptr<InboundTunnel> createdTunnel)
 	{
 		if (!m_IsActive) return;
 		{
 			std::unique_lock<std::mutex> l(m_InboundTunnelsMutex);
 			m_InboundTunnels.insert (createdTunnel);
 		}
-		m_LocalDestination.SetLeaseSetUpdated ();
+		if (m_LocalDestination)
+			m_LocalDestination->SetLeaseSetUpdated ();
 	}
 
-	void TunnelPool::TunnelExpired (InboundTunnel * expiredTunnel)
+	void TunnelPool::TunnelExpired (std::shared_ptr<InboundTunnel> expiredTunnel)
 	{
 		if (expiredTunnel)
 		{	
@@ -62,14 +63,14 @@ namespace tunnel
 		}	
 	}	
 
-	void TunnelPool::TunnelCreated (OutboundTunnel * createdTunnel)
+	void TunnelPool::TunnelCreated (std::shared_ptr<OutboundTunnel> createdTunnel)
 	{
 		if (!m_IsActive) return;
 		std::unique_lock<std::mutex> l(m_OutboundTunnelsMutex);
 		m_OutboundTunnels.insert (createdTunnel);
 	}
 
-	void TunnelPool::TunnelExpired (OutboundTunnel * expiredTunnel)
+	void TunnelPool::TunnelExpired (std::shared_ptr<OutboundTunnel> expiredTunnel)
 	{
 		if (expiredTunnel)
 		{
@@ -83,9 +84,9 @@ namespace tunnel
 		}
 	}
 		
-	std::vector<InboundTunnel *> TunnelPool::GetInboundTunnels (int num) const
+	std::vector<std::shared_ptr<InboundTunnel> > TunnelPool::GetInboundTunnels (int num) const
 	{
-		std::vector<InboundTunnel *> v;
+		std::vector<std::shared_ptr<InboundTunnel> > v;
 		int i = 0;
 		std::unique_lock<std::mutex> l(m_InboundTunnelsMutex);
 		for (auto it : m_InboundTunnels)
@@ -100,38 +101,35 @@ namespace tunnel
 		return v;
 	}
 
-	OutboundTunnel * TunnelPool::GetNextOutboundTunnel (OutboundTunnel * suggested) const
+	std::shared_ptr<OutboundTunnel> TunnelPool::GetNextOutboundTunnel (std::shared_ptr<OutboundTunnel> excluded) const
 	{
 		std::unique_lock<std::mutex> l(m_OutboundTunnelsMutex);	
-		return GetNextTunnel (m_OutboundTunnels, suggested);
+		return GetNextTunnel (m_OutboundTunnels, excluded);
 	}	
 
-	InboundTunnel * TunnelPool::GetNextInboundTunnel (InboundTunnel * suggested) const
+	std::shared_ptr<InboundTunnel> TunnelPool::GetNextInboundTunnel (std::shared_ptr<InboundTunnel> excluded) const
 	{
 		std::unique_lock<std::mutex> l(m_InboundTunnelsMutex);	
-		return GetNextTunnel (m_InboundTunnels, suggested);
+		return GetNextTunnel (m_InboundTunnels, excluded);
 	}
 
 	template<class TTunnels>
-	typename TTunnels::value_type TunnelPool::GetNextTunnel (TTunnels& tunnels, 
-		typename TTunnels::value_type suggested) const
+	typename TTunnels::value_type TunnelPool::GetNextTunnel (TTunnels& tunnels, typename TTunnels::value_type excluded) const
 	{
-		if (tunnels.empty ()) return nullptr;
-		if (suggested && tunnels.count (suggested) > 0 && suggested->IsEstablished ())
-				return suggested;
-		
+		if (tunnels.empty ()) return nullptr;		
 		CryptoPP::RandomNumberGenerator& rnd = i2p::context.GetRandomNumberGenerator ();
 		uint32_t ind = rnd.GenerateWord32 (0, tunnels.size ()/2), i = 0;
 		typename TTunnels::value_type tunnel = nullptr;
 		for (auto it: tunnels)
 		{	
-			if (it->IsEstablished ())
+			if (it->IsEstablished () && it != excluded)
 			{
 				tunnel = it;
 				i++;
 			}
 			if (i > ind && tunnel) break;
-		}	
+		}
+		if (!tunnel && excluded && excluded->IsEstablished ()) tunnel = excluded;
 		return tunnel;
 	}
 
@@ -183,13 +181,15 @@ namespace tunnel
 						std::unique_lock<std::mutex> l(m_InboundTunnelsMutex);
 						m_InboundTunnels.erase (it.second.second);
 					}
-					m_LocalDestination.SetLeaseSetUpdated ();
+					if (m_LocalDestination)
+						m_LocalDestination->SetLeaseSetUpdated ();
 				}	
 				else
 					it.second.second->SetState (eTunnelStateTestFailed);
 			}	
 		}
-		m_Tests.clear ();	
+		m_Tests.clear ();
+		// new tests	
 		auto it1 = m_OutboundTunnels.begin ();
 		auto it2 = m_InboundTunnels.begin ();
 		while (it1 != m_OutboundTunnels.end () && it2 != m_InboundTunnels.end ())
@@ -207,19 +207,34 @@ namespace tunnel
 			}
 			if (!failed)
 			{
-				uint32_t msgID = rnd.GenerateWord32 ();
-				m_Tests[msgID] = std::make_pair (*it1, *it2);
-				(*it1)->SendTunnelDataMsg ((*it2)->GetNextIdentHash (), (*it2)->GetNextTunnelID (),
+ 				uint32_t msgID = rnd.GenerateWord32 ();
+ 				m_Tests[msgID] = std::make_pair (*it1, *it2);
+ 				(*it1)->SendTunnelDataMsg ((*it2)->GetNextIdentHash (), (*it2)->GetNextTunnelID (),
 					CreateDeliveryStatusMsg (msgID));
 				it1++; it2++;
 			}	
 		}
 	}
 
+	void TunnelPool::ProcessGarlicMessage (I2NPMessage * msg)
+	{
+		if (m_LocalDestination)
+			m_LocalDestination->ProcessGarlicMessage (msg);
+		else
+		{
+			LogPrint (eLogWarning, "Local destination doesn't exist. Dropped");
+			DeleteI2NPMessage (msg);
+		}	
+	}	
+		
 	void TunnelPool::ProcessDeliveryStatus (I2NPMessage * msg)
 	{
-		I2NPDeliveryStatusMsg * deliveryStatus = (I2NPDeliveryStatusMsg *)msg->GetPayload ();
-		auto it = m_Tests.find (be32toh (deliveryStatus->msgID));
+		const uint8_t * buf = msg->GetPayload ();
+		uint32_t msgID = bufbe32toh (buf);
+		buf += 4;	
+		uint64_t timestamp = bufbe64toh (buf);
+
+		auto it = m_Tests.find (msgID);
 		if (it != m_Tests.end ())
 		{
 			// restore from test failed state if any
@@ -227,18 +242,33 @@ namespace tunnel
 				it->second.first->SetState (eTunnelStateEstablished);
 			if (it->second.second->GetState () == eTunnelStateTestFailed)
 				it->second.second->SetState (eTunnelStateEstablished);
-			LogPrint ("Tunnel test ", it->first, " successive. ", i2p::util::GetMillisecondsSinceEpoch () - be64toh (deliveryStatus->timestamp), " milliseconds");
+			LogPrint ("Tunnel test ", it->first, " successive. ", i2p::util::GetMillisecondsSinceEpoch () - timestamp, " milliseconds");
 			m_Tests.erase (it);
 			DeleteI2NPMessage (msg);
 		}
 		else
-			m_LocalDestination.ProcessDeliveryStatusMessage (msg);
+		{
+			if (m_LocalDestination)
+				m_LocalDestination->ProcessDeliveryStatusMessage (msg);
+			else
+			{	
+				LogPrint (eLogWarning, "Local destination doesn't exist. Dropped");
+				DeleteI2NPMessage (msg);
+			}	
+		}	
 	}
 
-	const i2p::data::RouterInfo * TunnelPool::SelectNextHop (const i2p::data::RouterInfo * prevHop) const
+	std::shared_ptr<const i2p::data::RouterInfo> TunnelPool::SelectNextHop (std::shared_ptr<const i2p::data::RouterInfo> prevHop) const
 	{
-		auto hop = m_NumHops >= 3 ? i2p::data::netdb.GetHighBandwidthRandomRouter (prevHop) :
-			i2p::data::netdb.GetRandomRouter (prevHop);
+		bool isExploratory = (m_LocalDestination == &i2p::context); // TODO: implement it better
+		auto hop = isExploratory ? i2p::data::netdb.GetRandomRouter (prevHop): 
+			i2p::data::netdb.GetHighBandwidthRandomRouter (prevHop);
+		if (!isExploratory && hop && hop->GetProfile ()->IsBad ())
+		{
+			LogPrint (eLogInfo, "Selected peer for tunnel has bad profile. Selecting another"); 
+			hop = i2p::data::netdb.GetHighBandwidthRandomRouter (prevHop);
+		}	
+			
 		if (!hop)
 			hop = i2p::data::netdb.GetRandomRouter ();
 		return hop;	
@@ -246,13 +276,13 @@ namespace tunnel
 		
 	void TunnelPool::CreateInboundTunnel ()
 	{
-		OutboundTunnel * outboundTunnel = GetNextOutboundTunnel ();
+		auto outboundTunnel = GetNextOutboundTunnel ();
 		if (!outboundTunnel)
 			outboundTunnel = tunnels.GetNextOutboundTunnel ();
 		LogPrint ("Creating destination inbound tunnel...");
-		const i2p::data::RouterInfo * prevHop = &i2p::context.GetRouterInfo ();	
-		std::vector<const i2p::data::RouterInfo *> hops;
-		int numHops = m_NumHops;
+		auto prevHop = i2p::context.GetSharedRouterInfo ();	
+		std::vector<std::shared_ptr<const i2p::data::RouterInfo> > hops;
+		int numHops = m_NumInboundHops;
 		if (outboundTunnel)
 		{	
 			// last hop
@@ -271,57 +301,57 @@ namespace tunnel
 			hops.push_back (hop);
 		}		
 		std::reverse (hops.begin (), hops.end ());	
-		auto * tunnel = tunnels.CreateTunnel<InboundTunnel> (new TunnelConfig (hops), outboundTunnel);
-		tunnel->SetTunnelPool (this);
+		auto tunnel = tunnels.CreateTunnel<InboundTunnel> (new TunnelConfig (hops), outboundTunnel);
+		tunnel->SetTunnelPool (shared_from_this ());
 	}
 
-	void TunnelPool::RecreateInboundTunnel (InboundTunnel * tunnel)
+	void TunnelPool::RecreateInboundTunnel (std::shared_ptr<InboundTunnel> tunnel)
 	{
-		OutboundTunnel * outboundTunnel = GetNextOutboundTunnel ();
+		auto outboundTunnel = GetNextOutboundTunnel ();
 		if (!outboundTunnel)
 			outboundTunnel = tunnels.GetNextOutboundTunnel ();
 		LogPrint ("Re-creating destination inbound tunnel...");
-		auto * newTunnel = tunnels.CreateTunnel<InboundTunnel> (tunnel->GetTunnelConfig ()->Clone (), outboundTunnel);
-		newTunnel->SetTunnelPool (this);
+		auto newTunnel = tunnels.CreateTunnel<InboundTunnel> (tunnel->GetTunnelConfig ()->Clone (), outboundTunnel);
+		newTunnel->SetTunnelPool (shared_from_this());
 	}	
 		
 	void TunnelPool::CreateOutboundTunnel ()
 	{
-		InboundTunnel * inboundTunnel = GetNextInboundTunnel ();
+		auto inboundTunnel = GetNextInboundTunnel ();
 		if (!inboundTunnel)
 			inboundTunnel = tunnels.GetNextInboundTunnel ();
 		if (inboundTunnel)
 		{	
 			LogPrint ("Creating destination outbound tunnel...");
 
-			const i2p::data::RouterInfo * prevHop = &i2p::context.GetRouterInfo ();
-			std::vector<const i2p::data::RouterInfo *> hops;
-			for (int i = 0; i < m_NumHops; i++)
+			auto prevHop = i2p::context.GetSharedRouterInfo ();
+			std::vector<std::shared_ptr<const i2p::data::RouterInfo> > hops;
+			for (int i = 0; i < m_NumOutboundHops; i++)
 			{
 				auto hop = SelectNextHop (prevHop);
 				prevHop = hop;
 				hops.push_back (hop);
 			}	
 				
-			auto * tunnel = tunnels.CreateTunnel<OutboundTunnel> (
+			auto tunnel = tunnels.CreateTunnel<OutboundTunnel> (
 				new TunnelConfig (hops, inboundTunnel->GetTunnelConfig ()));
-			tunnel->SetTunnelPool (this);
+			tunnel->SetTunnelPool (shared_from_this ());
 		}	
 		else
 			LogPrint ("Can't create outbound tunnel. No inbound tunnels found");
 	}	
 		
-	void TunnelPool::RecreateOutboundTunnel (OutboundTunnel * tunnel)
+	void TunnelPool::RecreateOutboundTunnel (std::shared_ptr<OutboundTunnel> tunnel)
 	{
-		InboundTunnel * inboundTunnel = GetNextInboundTunnel ();
+		auto inboundTunnel = GetNextInboundTunnel ();
 		if (!inboundTunnel)
 			inboundTunnel = tunnels.GetNextInboundTunnel ();
 		if (inboundTunnel)
 		{	
 			LogPrint ("Re-creating destination outbound tunnel...");
-			auto * newTunnel = tunnels.CreateTunnel<OutboundTunnel> (
+			auto newTunnel = tunnels.CreateTunnel<OutboundTunnel> (
 				tunnel->GetTunnelConfig ()->Clone (inboundTunnel->GetTunnelConfig ()));
-			newTunnel->SetTunnelPool (this);
+			newTunnel->SetTunnelPool (shared_from_this ());
 		}	
 		else
 			LogPrint ("Can't re-create outbound tunnel. No inbound tunnels found");

TunnelPool.h

@@ -6,6 +6,7 @@
 #include <vector>
 #include <utility>
 #include <mutex>
+#include <memory>
 #include "Identity.h"
 #include "LeaseSet.h"
 #include "RouterInfo.h"
@@ -22,30 +23,27 @@ namespace tunnel
 	class InboundTunnel;
 	class OutboundTunnel;
 
-	class TunnelPool // per local destination
+	class TunnelPool: public std::enable_shared_from_this<TunnelPool> // per local destination
 	{
 		public:
 
-			TunnelPool (i2p::garlic::GarlicDestination& localDestination, int numHops, int numTunnels = 5);
+			TunnelPool (i2p::garlic::GarlicDestination * localDestination, int numInboundHops, int numOutboundHops, int numTunnels = 5);
 			~TunnelPool ();
-
-			const uint8_t * GetEncryptionPrivateKey () const { return m_LocalDestination.GetEncryptionPrivateKey (); };
-			const uint8_t * GetEncryptionPublicKey () const { return m_LocalDestination.GetEncryptionPublicKey (); };
-			const i2p::data::LocalDestination& GetLocalDestination () const { return m_LocalDestination; };			
-			i2p::garlic::GarlicDestination& GetGarlicDestination () const { return m_LocalDestination; };	
-			bool IsExploratory () const { return GetIdentHash () == i2p::context.GetIdentHash (); };		
+		
+			i2p::garlic::GarlicDestination * GetLocalDestination () const { return m_LocalDestination; };
+			void SetLocalDestination (i2p::garlic::GarlicDestination * destination) { m_LocalDestination = destination; };
 
 			void CreateTunnels ();
-			void TunnelCreated (InboundTunnel * createdTunnel);
-			void TunnelExpired (InboundTunnel * expiredTunnel);
-			void TunnelCreated (OutboundTunnel * createdTunnel);
-			void TunnelExpired (OutboundTunnel * expiredTunnel);
-			std::vector<InboundTunnel *> GetInboundTunnels (int num) const;
-			OutboundTunnel * GetNextOutboundTunnel (OutboundTunnel * suggested = nullptr) const;
-			InboundTunnel * GetNextInboundTunnel (InboundTunnel * suggested = nullptr) const;
-			const i2p::data::IdentHash& GetIdentHash () const { return m_LocalDestination.GetIdentHash (); };			
+			void TunnelCreated (std::shared_ptr<InboundTunnel> createdTunnel);
+			void TunnelExpired (std::shared_ptr<InboundTunnel> expiredTunnel);
+			void TunnelCreated (std::shared_ptr<OutboundTunnel> createdTunnel);
+			void TunnelExpired (std::shared_ptr<OutboundTunnel> expiredTunnel);
+			std::vector<std::shared_ptr<InboundTunnel> > GetInboundTunnels (int num) const;
+			std::shared_ptr<OutboundTunnel> GetNextOutboundTunnel (std::shared_ptr<OutboundTunnel> excluded = nullptr) const;
+			std::shared_ptr<InboundTunnel> GetNextInboundTunnel (std::shared_ptr<InboundTunnel> excluded = nullptr) const;		
 
 			void TestTunnels ();
+			void ProcessGarlicMessage (I2NPMessage * msg);
 			void ProcessDeliveryStatus (I2NPMessage * msg);
 
 			bool IsActive () const { return m_IsActive; };
@@ -56,22 +54,21 @@ namespace tunnel
 
 			void CreateInboundTunnel ();	
 			void CreateOutboundTunnel ();
-			void RecreateInboundTunnel (InboundTunnel * tunnel);
-			void RecreateOutboundTunnel (OutboundTunnel * tunnel);
+			void RecreateInboundTunnel (std::shared_ptr<InboundTunnel> tunnel);
+			void RecreateOutboundTunnel (std::shared_ptr<OutboundTunnel> tunnel);
 			template<class TTunnels>
-			typename TTunnels::value_type GetNextTunnel (TTunnels& tunnels, 
-				typename TTunnels::value_type suggested = nullptr) const;
-			const i2p::data::RouterInfo * SelectNextHop (const i2p::data::RouterInfo * prevHop) const;
+			typename TTunnels::value_type GetNextTunnel (TTunnels& tunnels, typename TTunnels::value_type excluded) const;
+			std::shared_ptr<const i2p::data::RouterInfo> SelectNextHop (std::shared_ptr<const i2p::data::RouterInfo> prevHop) const;
 			
 		private:
 
-			i2p::garlic::GarlicDestination& m_LocalDestination;
-			int m_NumHops, m_NumTunnels;
+			i2p::garlic::GarlicDestination * m_LocalDestination;
+			int m_NumInboundHops, m_NumOutboundHops, m_NumTunnels;
 			mutable std::mutex m_InboundTunnelsMutex;
-			std::set<InboundTunnel *, TunnelCreationTimeCmp> m_InboundTunnels; // recent tunnel appears first
+			std::set<std::shared_ptr<InboundTunnel>, TunnelCreationTimeCmp> m_InboundTunnels; // recent tunnel appears first
 			mutable std::mutex m_OutboundTunnelsMutex;
-			std::set<OutboundTunnel *, TunnelCreationTimeCmp> m_OutboundTunnels;
-			std::map<uint32_t, std::pair<OutboundTunnel *, InboundTunnel *> > m_Tests;
+			std::set<std::shared_ptr<OutboundTunnel>, TunnelCreationTimeCmp> m_OutboundTunnels;
+			std::map<uint32_t, std::pair<std::shared_ptr<OutboundTunnel>, std::shared_ptr<InboundTunnel> > > m_Tests;
 			bool m_IsActive;
 
 		public:

UPnP.cpp

@@ -1,68 +1,270 @@
+#ifdef USE_UPNP
 #include <string>
-#include <boost/lexical_cast.hpp>
+#include <thread>
+
+#ifdef _WIN32
+#include <windows.h>
+#endif
+
+#include <boost/thread/thread.hpp>
+#include <boost/asio.hpp>
 #include <boost/bind.hpp>
+
 #include "Log.h"
+#include "RouterContext.h"
 #include "UPnP.h"
+#include "NetDb.h"
+#include "util.h"
+
+#include <miniupnpc/miniupnpc.h>
+#include <miniupnpc/upnpcommands.h>
+#include <dlfcn.h>
+
+#ifndef UPNPDISCOVER_SUCCESS
+/* miniupnpc 1.5 */
+typedef UPNPDev* (*upnp_upnpDiscoverFunc) (int, const char *, const char *, int);
+typedef int (*upnp_UPNP_AddPortMappingFunc) (const char *, const char *, const char *, const char *, 
+                                             const char *, const char *, const char *, const char *);
+#else
+/* miniupnpc 1.6 */
+typedef UPNPDev* (*upnp_upnpDiscoverFunc) (int, const char *, const char *, int, int, int *);
+typedef int (*upnp_UPNP_AddPortMappingFunc) (const char *, const char *, const char *, const char *, 
+                                             const char *, const char *, const char *, const char *, const char *);
+#endif
+typedef int (*upnp_UPNP_GetValidIGDFunc) (struct UPNPDev *, struct UPNPUrls *, struct IGDdatas *, char *, int);
+typedef int (*upnp_UPNP_GetExternalIPAddressFunc) (const char *, const char *, char *);
+typedef int (*upnp_UPNP_DeletePortMappingFunc) (const char *, const char *, const char *, const char *, const char *);
+typedef void (*upnp_freeUPNPDevlistFunc) (struct UPNPDev *);
+typedef void (*upnp_FreeUPNPUrlsFunc) (struct UPNPUrls *);
 
 namespace i2p
 {
-	UPnP::UPnP (): m_Timer (m_Service),
-		m_Endpoint (boost::asio::ip::udp::v4 (), UPNP_REPLY_PORT),
-		m_MulticastEndpoint (boost::asio::ip::address::from_string (UPNP_GROUP), UPNP_PORT),		
-		m_Socket (m_Service, m_Endpoint.protocol ())
-	{
-		m_Socket.set_option (boost::asio::socket_base::receive_buffer_size (65535));
-		m_Socket.set_option (boost::asio::socket_base::send_buffer_size (65535));
-		m_Socket.set_option(boost::asio::ip::udp::socket::reuse_address(true));
-	}
-	
-	UPnP::~UPnP ()
-	{
-	}	
+namespace UPnP
+{
+    UPnP upnpc;
 
-	void UPnP::Run ()
-	{
-		DiscoverRouter ();
-		m_Service.run ();
-	}	
-		
-	void UPnP::DiscoverRouter ()
-	{
-		m_Timer.expires_from_now (boost::posix_time::seconds(5)); // 5 seconds
-		m_Timer.async_wait (boost::bind (&UPnP::HandleTimer, this, boost::asio::placeholders::error));
+    UPnP::UPnP () : m_Thread (nullptr) , m_IsModuleLoaded (false)
+    {
+    }
 
-		std::string address = UPNP_GROUP;
-		address += ":" + boost::lexical_cast<std::string>(UPNP_PORT);
-		std::string request = "M-SEARCH * HTTP/1.1\r\n"
-			"HOST: " + address + "\r\n"
-			"ST:" + UPNP_ROUTER + "\r\n"
-			"MAN:\"ssdp:discover\"\r\n"
-			"MX:3\r\n"
-			"\r\n\r\n";
-		m_Socket.send_to (boost::asio::buffer (request.c_str (), request.length ()), m_MulticastEndpoint);
-		Receive ();
-	}	
+    void UPnP::Stop ()
+    {
+        if (m_Thread)
+        {   
+            m_Thread->join (); 
+            delete m_Thread;
+            m_Thread = nullptr;
+        }
+    }
 
-	void UPnP::Receive ()
-	{
-		m_Socket.async_receive_from (boost::asio::buffer (m_ReceiveBuffer, UPNP_MAX_PACKET_LEN), m_SenderEndpoint,
-			boost::bind (&UPnP::HandleReceivedFrom, this, boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred)); 
-	}
-		
-	void UPnP::HandleReceivedFrom (const boost::system::error_code& ecode, size_t bytes_transferred)
-	{		
-		LogPrint ("UPnP: ", bytes_transferred, " received from ", m_SenderEndpoint.address ());
-		std::string str (m_ReceiveBuffer, bytes_transferred);
-		LogPrint (str);
-		m_Timer.cancel ();
-	}
+    void UPnP::Start()
+    {
+        m_Thread = new std::thread (std::bind (&UPnP::Run, this));
+    }
+    
+    UPnP::~UPnP ()
+    {
+    } 
+
+    void UPnP::Run ()
+    {
+#ifdef MAC_OSX
+        m_Module = dlopen ("libminiupnpc.dylib", RTLD_LAZY);
+#elif _WIN32
+        m_Module = LoadLibrary ("libminiupnpc.dll");
+        if (m_Module == NULL)
+        {
+            LogPrint ("Error loading UPNP library. This often happens if there is version mismatch!");
+            return;
+        }
+        else
+        {
+            m_IsModuleLoaded = true;
+        }
+#else
+        m_Module = dlopen ("libminiupnpc.so", RTLD_LAZY);
+#endif
+#ifndef _WIN32
+        if (!m_Module)
+        {
+            LogPrint ("no UPnP module available (", dlerror (), ")");
+            return;
+        }
+        else
+        {
+            m_IsModuleLoaded = true;
+        }
+#endif
+        for (auto& address : context.GetRouterInfo ().GetAddresses ())
+        {
+            if (!address.host.is_v6 ())
+            {
+                m_Port = std::to_string (util::config::GetArg ("-port", address.port));
+                Discover ();
+                if (address.transportStyle == data::RouterInfo::eTransportSSU )
+                {
+                    TryPortMapping (I2P_UPNP_UDP);
+                }
+                else if (address.transportStyle == data::RouterInfo::eTransportNTCP )
+                {
+                    TryPortMapping (I2P_UPNP_TCP);
+                }
+            }
+        }
+    } 
+        
+    void UPnP::Discover ()
+    {
+        const char *error;
+#ifdef _WIN32
+        upnp_upnpDiscoverFunc upnpDiscoverFunc = (upnp_upnpDiscoverFunc) GetProcAddress (m_Module, "upnpDiscover");
+#else
+        upnp_upnpDiscoverFunc upnpDiscoverFunc = (upnp_upnpDiscoverFunc) dlsym (m_Module, "upnpDiscover");
+        // reinterpret_cast<upnp_upnpDiscoverFunc> (dlsym(...));
+        if ( (error = dlerror ()))
+        {
+            LogPrint ("Error loading UPNP library. This often happens if there is version mismatch!");
+            return;
+        }
+#endif // _WIN32
+#ifndef UPNPDISCOVER_SUCCESS
+        /* miniupnpc 1.5 */
+        m_Devlist = upnpDiscoverFunc (2000, m_MulticastIf, m_Minissdpdpath, 0);
+#else
+        /* miniupnpc 1.6 */
+        int nerror = 0;
+        m_Devlist = upnpDiscoverFunc (2000, m_MulticastIf, m_Minissdpdpath, 0, 0, &nerror);
+#endif
+
+        int r;
+#ifdef _WIN32
+        upnp_UPNP_GetValidIGDFunc UPNP_GetValidIGDFunc = (upnp_UPNP_GetValidIGDFunc) GetProcAddress (m_Module, "UPNP_GetValidIGD");
+#else
+        upnp_UPNP_GetValidIGDFunc UPNP_GetValidIGDFunc = (upnp_UPNP_GetValidIGDFunc) dlsym (m_Module, "UPNP_GetValidIGD");
+#endif
+        r = (*UPNP_GetValidIGDFunc) (m_Devlist, &m_upnpUrls, &m_upnpData, m_NetworkAddr, sizeof (m_NetworkAddr));
+        if (r == 1)
+        {
+            upnp_UPNP_GetExternalIPAddressFunc UPNP_GetExternalIPAddressFunc = (upnp_UPNP_GetExternalIPAddressFunc) dlsym (m_Module, "UPNP_GetExternalIPAddress");
+            r = UPNP_GetExternalIPAddressFunc (m_upnpUrls.controlURL, m_upnpData.first.servicetype, m_externalIPAddress);
+            if(r != UPNPCOMMAND_SUCCESS)
+            {
+                LogPrint ("UPnP: UPNP_GetExternalIPAddress () returned ", r);
+                return;
+            }
+            else
+            {
+                if (m_externalIPAddress[0])
+                {
+                    LogPrint ("UPnP: ExternalIPAddress = ", m_externalIPAddress);
+                    i2p::context.UpdateAddress (boost::asio::ip::address::from_string (m_externalIPAddress));
+                    return;
+                }
+                else
+                {
+                    LogPrint ("UPnP: GetExternalIPAddress failed.");
+                    return;
+                }
+            }
+        }
+    }
+
+    void UPnP::TryPortMapping (int type)
+    {
+        std::string strType;
+        switch (type)
+        {
+            case I2P_UPNP_TCP:
+                strType = "TCP";
+                break;
+            case I2P_UPNP_UDP:
+            default:
+                strType = "UDP";
+        }
+        int r;
+        std::string strDesc = "I2Pd";
+        try {
+            for (;;) {
+#ifdef _WIN32
+                upnp_UPNP_AddPortMappingFunc UPNP_AddPortMappingFunc = (upnp_UPNP_AddPortMappingFunc) GetProcAddress (m_Module, "UPNP_AddPortMapping");
+#else
+                upnp_UPNP_AddPortMappingFunc UPNP_AddPortMappingFunc = (upnp_UPNP_AddPortMappingFunc) dlsym (m_Module, "UPNP_AddPortMapping");
+#endif
+#ifndef UPNPDISCOVER_SUCCESS
+                /* miniupnpc 1.5 */
+                r = UPNP_AddPortMappingFunc (m_upnpUrls.controlURL, m_upnpData.first.servicetype, m_Port.c_str (), m_Port.c_str (), m_NetworkAddr, strDesc.c_str (), strType.c_str (), 0);
+#else
+                /* miniupnpc 1.6 */
+                r = UPNP_AddPortMappingFunc (m_upnpUrls.controlURL, m_upnpData.first.servicetype, m_Port.c_str (), m_Port.c_str (), m_NetworkAddr, strDesc.c_str (), strType.c_str (), 0, "0");
+#endif
+                if (r!=UPNPCOMMAND_SUCCESS)
+                {
+                    LogPrint ("AddPortMapping (", m_Port.c_str () ,", ", m_Port.c_str () ,", ", m_NetworkAddr, ") failed with code ", r);
+                    return;
+                }
+                else
+                {
+                    LogPrint ("UPnP Port Mapping successful. (", m_NetworkAddr ,":", m_Port.c_str(), " type ", strType.c_str () ," -> ", m_externalIPAddress ,":", m_Port.c_str() ,")");
+                    return;
+                }
+                sleep(20*60);
+            }
+        }
+        catch (boost::thread_interrupted)
+        {
+            CloseMapping(type);
+            Close();
+            throw;
+        }
+    }
+
+    void UPnP::CloseMapping (int type)
+    {
+        std::string strType;
+        switch (type)
+        {
+            case I2P_UPNP_TCP:
+                strType = "TCP";
+                break;
+            case I2P_UPNP_UDP:
+            default:
+                strType = "UDP";
+        }
+        int r = 0;
+#ifdef _WIN32
+        upnp_UPNP_DeletePortMappingFunc UPNP_DeletePortMappingFunc = (upnp_UPNP_DeletePortMappingFunc) GetProcAddress (m_Module, "UPNP_DeletePortMapping");
+#else
+        upnp_UPNP_DeletePortMappingFunc UPNP_DeletePortMappingFunc = (upnp_UPNP_DeletePortMappingFunc) dlsym (m_Module, "UPNP_DeletePortMapping");
+#endif
+        r = UPNP_DeletePortMappingFunc (m_upnpUrls.controlURL, m_upnpData.first.servicetype, m_Port.c_str (), strType.c_str (), 0);
+        LogPrint ("UPNP_DeletePortMapping() returned : ", r, "\n");
+    }
+
+    void UPnP::Close ()
+    {
+#ifdef _WIN32
+        upnp_freeUPNPDevlistFunc freeUPNPDevlistFunc = (upnp_freeUPNPDevlistFunc) GetProcAddress (m_Module, "freeUPNPDevlist");
+#else
+        upnp_freeUPNPDevlistFunc freeUPNPDevlistFunc = (upnp_freeUPNPDevlistFunc) dlsym (m_Module, "freeUPNPDevlist");
+#endif
+        freeUPNPDevlistFunc (m_Devlist);
+        m_Devlist = 0;
+#ifdef _WIN32
+        upnp_FreeUPNPUrlsFunc FreeUPNPUrlsFunc = (upnp_FreeUPNPUrlsFunc) GetProcAddress (m_Module, "FreeUPNPUrlsFunc");
+#else
+        upnp_FreeUPNPUrlsFunc FreeUPNPUrlsFunc = (upnp_FreeUPNPUrlsFunc) dlsym (m_Module, "FreeUPNPUrlsFunc");
+#endif
+        FreeUPNPUrlsFunc (&m_upnpUrls);
+#ifndef _WIN32
+        dlclose (m_Module);
+#else
+        FreeLibrary (m_Module);
+#endif
+    }
 
-	void UPnP::HandleTimer (const boost::system::error_code& ecode)
-	{
-		if (ecode != boost::asio::error::operation_aborted)
-		{
-			LogPrint ("UPnP: timeout expired");
-			m_Service.stop ();
-		}	
-	}	
 }
+}
+
+
+#endif
+

UPnP.h

@@ -1,41 +1,65 @@
-#ifndef UPNP_H__
-#define UPNP_H__
+#ifndef __UPNP_H__
+#define __UPNP_H__
+
+#ifdef USE_UPNP
+#include <string>
+#include <thread>
+
+#include <miniupnpc/miniwget.h>
+#include <miniupnpc/miniupnpc.h>
+#include <miniupnpc/upnpcommands.h>
+#include <miniupnpc/upnperrors.h>
 
 #include <boost/asio.hpp>
 
+#include "util.h"
+
+#define I2P_UPNP_TCP 1
+#define I2P_UPNP_UDP 2
+
 namespace i2p
 {
-	const int UPNP_MAX_PACKET_LEN = 1500;
-	const char UPNP_GROUP[] = "239.255.255.250";
-	const int UPNP_PORT = 1900;
-	const int UPNP_REPLY_PORT = 1901;
-	const char UPNP_ROUTER[] = "urn:schemas-upnp-org:device:InternetGatewayDevice:1";	
-	
+namespace UPnP
+{
 	class UPnP
 	{
-		public:
+	public:
 
-			UPnP ();
-			~UPnP ();
+		UPnP ();
+		~UPnP ();
+        void Close ();
 
-			void Run ();
-			
+        void Start ();
+        void Stop ();
 
-		private:
+		void Discover ();
+		void TryPortMapping (int type);
+		void CloseMapping (int type);
+	private:
+		void Run ();
 
-			void DiscoverRouter ();
-			void Receive ();
-			void HandleReceivedFrom (const boost::system::error_code& ecode, size_t bytes_transferred);
-			void HandleTimer (const boost::system::error_code& ecode);
-			
-		private:
+        std::thread * m_Thread;
+        struct UPNPUrls m_upnpUrls;
+        struct IGDdatas m_upnpData;
 
-			boost::asio::io_service m_Service;
-			boost::asio::deadline_timer m_Timer;
-			boost::asio::ip::udp::endpoint m_Endpoint, m_MulticastEndpoint, m_SenderEndpoint;
-			boost::asio::ip::udp::socket m_Socket;
-			char m_ReceiveBuffer[UPNP_MAX_PACKET_LEN];
-	};	
+        // For miniupnpc
+        char * m_MulticastIf = 0;
+        char * m_Minissdpdpath = 0;
+        struct UPNPDev * m_Devlist = 0;
+        char m_NetworkAddr[64];
+        char m_externalIPAddress[40];
+        bool m_IsModuleLoaded;
+        std::string m_Port = std::to_string (util::config::GetArg ("-port", 17070));
+#ifndef _WIN32
+        void *m_Module;
+#else
+        HINSTANCE *m_Module;
+#endif
+	};
+	extern UPnP upnpc;
+}
 }
 
 #endif
+
+#endif

Win32/PurpleI2P.nsi

@@ -0,0 +1,282 @@
+# NSIS Installer script. (Tested with NSIS 2.64 on Windows 7)
+# Author: Mikal Villa (Meeh)
+# Version: 1.1
+Name PurpleI2P
+
+RequestExecutionLevel highest
+SetCompressor /SOLID lzma
+ShowInstDetails show
+
+# General Symbol Definitions
+!define REGKEY "SOFTWARE\$(^Name)"
+!define VERSION 0.3.0.0
+!define COMPANY "The Privacy Solutions Project"
+!define URL "https://i2p.io"
+
+# MUI Symbol Definitions
+!define MUI_ICON "ictoopie.ico"
+#!define MUI_WELCOMEFINISHPAGE_BITMAP "../share/pixmaps/nsis-wizard.bmp"
+!define MUI_HEADERIMAGE
+!define MUI_HEADERIMAGE_RIGHT
+#!define MUI_HEADERIMAGE_BITMAP "../share/pixmaps/nsis-header.bmp"
+!define MUI_FINISHPAGE_NOAUTOCLOSE
+!define MUI_STARTMENUPAGE_REGISTRY_ROOT HKLM
+!define MUI_STARTMENUPAGE_REGISTRY_KEY ${REGKEY}
+!define MUI_STARTMENUPAGE_REGISTRY_VALUENAME StartMenuGroup
+!define MUI_STARTMENUPAGE_DEFAULTFOLDER PurpleI2P
+!define MUI_FINISHPAGE_RUN $INSTDIR\i2pd.exe
+!define MUI_FINISHPAGE_SHOWREADME $INSTDIR\Readme.txt
+
+
+!define MUI_UNICON "${NSISDIR}\Contrib\Graphics\Icons\modern-uninstall.ico"
+!define MUI_UNWELCOMEFINISHPAGE_BITMAP "../share/pixmaps/nsis-wizard.bmp"
+!define MUI_UNFINISHPAGE_NOAUTOCLOSE
+
+# Included files
+!include Sections.nsh
+!include MUI2.nsh
+!include nsDialogs.nsh
+!include winmessages.nsh
+!include logiclib.nsh
+# Local included files
+!include nsi\helper_readme.nsh
+;!include nsi\servicelib.nsh
+
+# Variables
+Var StartMenuGroup
+
+# Installer pages
+# Execution flow of installer windows
+!insertmacro MUI_PAGE_WELCOME
+!insertmacro MUI_PAGE_README "../Readme.md"
+!insertmacro MUI_PAGE_DIRECTORY
+# Disabled for now. Use the bat
+;Page custom mode_selection # Meeh's hack for installing and starting service.
+!insertmacro MUI_PAGE_STARTMENU Application $StartMenuGroup
+!insertmacro MUI_PAGE_INSTFILES
+!insertmacro MUI_PAGE_FINISH
+
+# Uninstall pages
+!insertmacro MUI_UNPAGE_CONFIRM
+!insertmacro MUI_UNPAGE_INSTFILES
+
+# Installer languages
+!insertmacro MUI_LANGUAGE English
+
+# Installer attributes
+OutFile PurpleI2P-0.3.0.0-win32-setup.exe
+InstallDir $PROGRAMFILES\PurpleI2P
+CRCCheck on
+XPStyle on
+BrandingText " "
+ShowInstDetails show
+VIProductVersion 0.3.0.0
+VIAddVersionKey ProductName PurpleI2P
+VIAddVersionKey ProductVersion "${VERSION}"
+VIAddVersionKey CompanyName "${COMPANY}"
+VIAddVersionKey CompanyWebsite "${URL}"
+VIAddVersionKey FileVersion "${VERSION}"
+VIAddVersionKey FileDescription ""
+VIAddVersionKey LegalCopyright ""
+InstallDirRegKey HKCU "${REGKEY}" Path
+ShowUninstDetails show
+
+# Readme definitions
+
+;--------------------------------
+;Languages
+  ;Set up install lang strings for 1st lang
+  ${ReadmeLanguage} "${LANG_ENGLISH}" \
+          "Read Me" \
+          "Please review the following important information." \
+          "About $(^name):" \
+          "$\n  Click on scrollbar arrows or press Page Down to review the entire text."
+ 
+  ;Add 2nd language
+  !insertmacro MUI_LANGUAGE "Norwegian"
+ 
+  ;set up install lang strings for second lang
+  ${ReadmeLanguage} "${LANG_NORWEGIAN}" \
+          "Les meg!" \
+          "Vennligst les informasjonen om hvordan du skal bruke PurpleI2P." \
+          "Om $(^name):" \
+          "$\n  Klikk på scrollbaren til høyre for å se hele innholdet."
+ 
+;--------------------------------
+
+# Installer sections
+Section -Main SEC0000
+    SetOutPath $INSTDIR
+    SetOverwrite on
+    File /oname=i2pd.exe Release\i2pd.exe
+    File /oname=install_service.bat install_service.bat
+    File /oname=uninstall_service.bat uninstall_service.bat
+    File /oname=LICENSE.txt ..\LICENSE
+    File /oname=Readme.txt ..\README.md
+    SetOutPath $INSTDIR\src
+    File /r /x *.nsi /x *.rc /x *.exe /x *.obj /x *.nsh /x *.sln /x *.vcxproj /x *.tlog /x *.log /x *.res /x *.pdb /x *.suo /x *.opensdf /x *.filters /x *.sdf /x *.iss /x *.aps /x .gitignore /x *.o ../\*.*
+    SetOutPath $INSTDIR
+    RMDir /r /REBOOTOK $INSTDIR\src\.git # Remove git directory
+    RMDir /r /REBOOTOK $INSTDIR\src\Win32\Release # Removing release directory
+    RMDir /r /REBOOTOK $INSTDIR\src\Win32\nsi
+    WriteRegStr HKCU "${REGKEY}\Components" Main 1
+SectionEnd
+
+Section -post SEC0001
+    WriteRegStr HKCU "${REGKEY}" Path $INSTDIR
+    SetOutPath $INSTDIR
+    WriteUninstaller $INSTDIR\uninstall.exe
+    !insertmacro MUI_STARTMENU_WRITE_BEGIN Application
+    CreateDirectory $SMPROGRAMS\$StartMenuGroup
+    CreateShortcut "$SMPROGRAMS\$StartMenuGroup\PurpleI2P.lnk" $INSTDIR\i2pd.exe
+    CreateShortcut "$SMPROGRAMS\$StartMenuGroup\Install PurpleI2P Service.lnk" $INSTDIR\install_service.bat
+    CreateShortcut "$SMPROGRAMS\$StartMenuGroup\Uninstall PurpleI2P Service.lnk" $INSTDIR\uninstall_service.bat
+    CreateShortcut "$SMPROGRAMS\$StartMenuGroup\Uninstall PurpleI2P.lnk" $INSTDIR\uninstall.exe
+    !insertmacro MUI_STARTMENU_WRITE_END
+    WriteRegStr HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" DisplayName "$(^Name)"
+    WriteRegStr HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" DisplayVersion "${VERSION}"
+    WriteRegStr HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" Publisher "${COMPANY}"
+    WriteRegStr HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" URLInfoAbout "${URL}"
+    WriteRegStr HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" DisplayIcon $INSTDIR\uninstall.exe
+    WriteRegStr HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" UninstallString $INSTDIR\uninstall.exe
+    WriteRegDWORD HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" NoModify 1
+    WriteRegDWORD HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" NoRepair 1
+    WriteRegStr HKCR "i2pd" "URL Protocol" ""
+    WriteRegStr HKCR "i2pd" "" "URL:i2pd" # TODO: if a instance of own is found, relaunch with a proxyfied browser to open webage. (e.g i2pd://meeh.i2p)
+    WriteRegStr HKCR "i2pd\DefaultIcon" "" $INSTDIR\i2pd.exe
+    WriteRegStr HKCR "i2pd\shell\open\command" "" '"$INSTDIR\i2pd.exe" "%1"'
+SectionEnd
+
+# Macro for selecting uninstaller sections
+!macro SELECT_UNSECTION SECTION_NAME UNSECTION_ID
+    Push $R0
+    ReadRegStr $R0 HKCU "${REGKEY}\Components" "${SECTION_NAME}"
+    StrCmp $R0 1 0 next${UNSECTION_ID}
+    !insertmacro SelectSection "${UNSECTION_ID}"
+    GoTo done${UNSECTION_ID}
+next${UNSECTION_ID}:
+    !insertmacro UnselectSection "${UNSECTION_ID}"
+done${UNSECTION_ID}:
+    Pop $R0
+!macroend
+
+
+# Uninstaller sections
+Section /o -un.Main UNSEC0000
+    Delete /REBOOTOK $INSTDIR\i2pd.exe
+    Delete /REBOOTOK $INSTDIR\LICENSE.txt
+    Delete /REBOOTOK $INSTDIR\Readme.txt
+    Delete /REBOOTOK $INSTDIR\install_service.bat
+    Delete /REBOOTOK $INSTDIR\uninstall_service.bat
+    RMDir /r /REBOOTOK $INSTDIR\src
+    DeleteRegValue HKCU "${REGKEY}\Components" Main
+SectionEnd
+
+Section -un.post UNSEC0001
+    DeleteRegKey HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)"
+    Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\Uninstall PurpleI2P.lnk"
+    Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\PurpleI2P.lnk"
+    Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\Install PurpleI2P Service.lnk"
+    Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\UnInstall PurpleI2P Service.lnk"
+    Delete /REBOOTOK "$SMSTARTUP\PurpleI2P.lnk"
+    Delete /REBOOTOK $INSTDIR\uninstall.exe
+    Delete /REBOOTOK $INSTDIR\debug.log
+    DeleteRegValue HKCU "${REGKEY}" StartMenuGroup
+    DeleteRegValue HKCU "${REGKEY}" Path
+    DeleteRegKey /IfEmpty HKCU "${REGKEY}\Components"
+    DeleteRegKey /IfEmpty HKCU "${REGKEY}"
+    DeleteRegKey HKCR "i2pd"
+    RmDir /REBOOTOK $SMPROGRAMS\$StartMenuGroup
+    RmDir /REBOOTOK $INSTDIR
+    Push $R0
+    StrCpy $R0 $StartMenuGroup 1
+    StrCmp $R0 ">" no_smgroup
+no_smgroup:
+    Pop $R0
+SectionEnd
+
+; var hwndExecModeRadio
+; var hwndRunServiceNowRadio
+
+; Function mode_selection
+;     nsDialogs::Create 1018 
+;     Pop $0
+;     ${NSD_CreateLabel} 0 10 75% 20u "How would you like PurpleI2P (i2pd) to run?"
+;     Pop $0 
+
+;     ${NSD_CreateRadioButton} 20 60 80% 25u "Service Mode"
+;     Pop $hwndExecModeRadio
+;     ${NSD_AddStyle} $hwndExecModeRadio ${WS_GROUP}
+
+;     ${NSD_CreateRadioButton} 20 90 80% 25u "Command line Mode"
+;     Pop $0
+
+;     ${NSD_CreateButton} 20 150 -40 14u "Do it!"
+;     Pop $0
+;     ${NSD_OnClick} $0 perform_mode
+
+;     nsDialogs::Show
+; FunctionEnd
+
+; Function start_now_selection
+;     nsDialogs::Create 1018 
+;     Pop $0
+;     ${NSD_CreateLabel} 0 10 75% 20u "Enable the service now?"
+;     Pop $0 
+
+;     ${NSD_CreateRadioButton} 20 60 80% 25u "Yes"
+;     Pop $hwndRunServiceNowRadio
+;     ${NSD_AddStyle} $hwndRunServiceNowRadio ${WS_GROUP}
+
+;     ${NSD_CreateRadioButton} 20 90 80% 25u "No"
+;     Pop $0
+
+;     ${NSD_CreateButton} 20 150 -40 14u "Do it!"
+;     Pop $0
+;     ${NSD_OnClick} $0 perform_mode
+
+;     nsDialogs::Show
+; FunctionEnd
+
+; Function perform_mode
+;     ${NSD_GetState} $hwndExecModeRadio $0
+;     ${If} $0 = ${BST_CHECKED}
+;         Call service_mode
+;     ${EndIF}
+; FunctionEnd
+
+; Function start_now
+;     ${NSD_GetState} $hwndRunServiceNowRadio $0
+;     ${If} $0 = ${BST_CHECKED}
+;         Call start_now_selection
+;     ${EndIF}
+; FunctionEnd
+
+; Function service_mode
+;     Push "create"
+;     Push "PurpleI2P Service"
+;     Push "$INSTDIR\i2pd.exe;autostart=1;display=PurpleI2P"
+;     Call Service
+;     Pop $0 ; Actually more to write than !insertmacro, but much more fun :D
+;     Push "start"
+;     Push "PurpleI2P Service"
+;     Call Service
+;     Pop $0
+;     Call start_now
+;     !define MUI_FINISHPAGE_RUN_NOTCHECKED
+;     !define MUI_FINISHPAGE_RUN_TEXT "No need to run now since we already installed and launched it as a Windows service!"
+; FunctionEnd
+
+# Installer functions
+Function .onInit
+    InitPluginsDir
+    !insertmacro MUI_LANGDLL_DISPLAY
+FunctionEnd
+
+# Uninstaller functions
+Function un.onInit
+    ReadRegStr $INSTDIR HKCU "${REGKEY}" Path
+    !insertmacro MUI_STARTMENU_GETFOLDER Application $StartMenuGroup
+    !insertmacro SELECT_UNSECTION Main ${UNSEC0000}
+    !insertmacro MUI_UNGETLANGUAGE
+FunctionEnd

Win32/README-Build.txt

@@ -0,0 +1,84 @@
+Building i2pd for Windows
+=========================
+
+Requirements for building:
+
+* Visual Studio 2013 (tested with VS2013 Update 1, Update 3, and Update 4 RC)
+* Boost (tested with 1.56 and 1.57)
+* Crypto++ (tested with 5.6.2)
+
+
+Building Boost (32-bit)
+-----------------------
+
+Open a Visual Studio x86 command prompt and run the following:
+
+	cd C:\path\to\boost\sources
+	bootstrap
+	b2 toolset=msvc-12.0 --build-type=complete --libdir=C:\Boost\lib\Win32 install --with-filesystem --with-program_options --with-regex --with-date_time
+
+
+Building Boost (64-bit)
+-----------------------
+
+Open a Visual Studio x64 command prompt and run the following:
+
+	cd C:\path\to\boost\sources
+	bootstrap
+	b2 toolset=msvc-12.0 --build-type=complete --libdir=C:\Boost\lib\x64 architecture=x86 address-model=64 install --with-filesystem --with-program_options --with-regex --with-date_time
+
+After Boost is compiled, set the environment variable `BOOST` to the directory
+Boost was installed to. If you followed the instructions outlined here, you
+should set it to `C:\Boost`. Additionally, set the BOOSTVER variable to the
+version of Boost that you're using, but instead of a '.' use a '_'. For
+example, I have `BOOSTVER` set to `1_57`.
+
+Building Crypto++
+-----------------
+
+* Open the crypttest Solution in VS2013
+* Visual Studio will ask to update the Solution/Project. Allow it.
+* Build the `cryptopp` project, both the Debug and Release targets and for both
+  Win32 and x64.
+* Create a folder called `cryptopp` in the crypto++ source directory, then copy
+  the header files to this new directory.
+* Set the `CRYPTOPP` environment variable pointing to the Crypto++ source directory.
+
+
+Building i2pd
+-------------
+
+## Prep work ##
+
+I strongly advise setting up your own `INCLUDES` and `LIBS` instead of relying
+on the settings in the i2pd project file. By using your own settings, if the
+i2pd devs change the paths in the project file, your builds will still work.
+
+To do this, create or edit the file
+`%localappdata%\Microsoft\MSBuild\v4.0\Microsoft.Cpp.Win32.user`.
+
+For comparison, my file is reproduced below:
+
+	<?xml version="1.0" encoding="utf-8"?>
+	<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+	  <ImportGroup Label="PropertySheets">
+	  </ImportGroup>
+	  <PropertyGroup Label="UserMacros" />
+	  <PropertyGroup>
+	    <LibraryPath>$(CRYPTOPP)\$(Platform)\Output\$(Configuration);$(BOOST)\lib\$(Platform);$(LibraryPath)</LibraryPath>
+	    <IncludePath>$(CRYPTOPP);$(BOOST)\include\boost-$(BOOSTVER);$(IncludePath)</IncludePath>
+	  </PropertyGroup>
+	  <ItemDefinitionGroup />
+	  <ItemGroup />
+	</Project>
+
+
+If you want to build x64 binaries as well, you'll want to edit or create the
+file `%localappdata%\Microsoft\MSBuild\v4.0\Microsoft.Cpp.x64.user`. If you
+followed the steps outlined earlier you can copy (or link) the win32 file to
+the x64 one.
+
+## Anti-Climatic End ##
+
+After following the above instructions, you'll be able to build Debug Win32,
+Debug x64, Release Win32, and Release x64 i2pd binaries.

Win32/i2pd.sln

@@ -1,27 +1,30 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 2013
-VisualStudioVersion = 12.0.30501.0
+VisualStudioVersion = 12.0.30723.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "i2pd", "i2pd.vcxproj", "{930568EC-31C9-406A-AD1C-9636DF5D8FAA}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
 		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{930568EC-31C9-406A-AD1C-9636DF5D8FAA}.Debug|Win32.ActiveCfg = Debug|Win32
 		{930568EC-31C9-406A-AD1C-9636DF5D8FAA}.Debug|Win32.Build.0 = Debug|Win32
 		{930568EC-31C9-406A-AD1C-9636DF5D8FAA}.Debug|Win32.Deploy.0 = Debug|Win32
+		{930568EC-31C9-406A-AD1C-9636DF5D8FAA}.Debug|x64.ActiveCfg = Debug|x64
+		{930568EC-31C9-406A-AD1C-9636DF5D8FAA}.Debug|x64.Build.0 = Debug|x64
 		{930568EC-31C9-406A-AD1C-9636DF5D8FAA}.Release|Win32.ActiveCfg = Release|Win32
 		{930568EC-31C9-406A-AD1C-9636DF5D8FAA}.Release|Win32.Build.0 = Release|Win32
 		{930568EC-31C9-406A-AD1C-9636DF5D8FAA}.Release|Win32.Deploy.0 = Release|Win32
+		{930568EC-31C9-406A-AD1C-9636DF5D8FAA}.Release|x64.ActiveCfg = Release|x64
+		{930568EC-31C9-406A-AD1C-9636DF5D8FAA}.Release|x64.Build.0 = Release|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
-	GlobalSection(Performance) = preSolution
-		HasPerformanceSessions = true
-	EndGlobalSection
 EndGlobal

Win32/i2pd.vcxproj

@@ -5,15 +5,24 @@
       <Configuration>Debug</Configuration>
       <Platform>Win32</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="..\AddressBook.cpp" />
     <ClCompile Include="..\aes.cpp" />
     <ClCompile Include="..\base64.cpp" />
+    <ClCompile Include="..\BOB.cpp" />
     <ClCompile Include="..\CryptoConst.cpp" />
     <ClCompile Include="..\Daemon.cpp" />
     <ClCompile Include="..\DaemonWin32.cpp" />
@@ -23,19 +32,23 @@
     <ClCompile Include="..\I2NPProtocol.cpp" />
     <ClCompile Include="..\i2p.cpp" />
     <ClCompile Include="..\I2PEndian.cpp" />
+    <ClCompile Include="..\I2PService.cpp" />
     <ClCompile Include="..\Identity.cpp" />
     <ClCompile Include="..\LeaseSet.cpp" />
     <ClCompile Include="..\Log.cpp" />
     <ClCompile Include="..\NetDb.cpp" />
     <ClCompile Include="..\NTCPSession.cpp" />
+	<ClCompile Include="..\Profiling.cpp" />
     <ClCompile Include="..\Reseed.cpp" />
     <ClCompile Include="..\RouterContext.cpp" />
     <ClCompile Include="..\RouterInfo.cpp" />
     <ClCompile Include="..\SAM.cpp" />
     <ClCompile Include="..\SSU.cpp" />
     <ClCompile Include="..\SSUData.cpp" />
+    <ClCompile Include="..\SSUSession.cpp" />
     <ClCompile Include="..\Streaming.cpp" />
-	<ClCompile Include="..\Destination.cpp" />
+    <ClCompile Include="..\Datagram.cpp" />
+    <ClCompile Include="..\Destination.cpp" />
     <ClCompile Include="..\TransitTunnel.cpp" />
     <ClCompile Include="..\Transports.cpp" />
     <ClCompile Include="..\Tunnel.cpp" />
@@ -46,13 +59,14 @@
     <ClCompile Include="..\util.cpp" />
     <ClCompile Include="..\SOCKS.cpp" />
     <ClCompile Include="..\I2PTunnel.cpp" />
-	<ClCompile Include="..\ClientContext.cpp" />
-	<ClCompile Include="..\Datagram.cpp" />
+    <ClCompile Include="..\I2PControl.cpp" />
+    <ClCompile Include="..\ClientContext.cpp" />
     <ClCompile Include="Win32Service.cpp" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\AddressBook.h" />
     <ClInclude Include="..\base64.h" />
+    <ClInclude Include="..\BOB.h" />
     <ClInclude Include="..\CryptoConst.h" />
     <ClInclude Include="..\Daemon.h" />
     <ClInclude Include="..\ElGamal.h" />
@@ -61,6 +75,7 @@
     <ClInclude Include="..\HTTPServer.h" />
     <ClInclude Include="..\I2NPProtocol.h" />
     <ClInclude Include="..\I2PEndian.h" />
+    <ClInclude Include="..\I2PService.h" />
     <ClInclude Include="..\Identity.h" />
     <ClInclude Include="..\LeaseSet.h" />
     <ClInclude Include="..\LittleBigEndian.h" />
@@ -68,14 +83,17 @@
     <ClInclude Include="..\NetDb.h" />
     <ClInclude Include="..\NTCPSession.h" />
     <ClInclude Include="..\Queue.h" />
+	<ClInclude Include="..\Profiling.h" />
     <ClInclude Include="..\Reseed.h" />
     <ClInclude Include="..\RouterContext.h" />
     <ClInclude Include="..\RouterInfo.h" />
     <ClInclude Include="..\SAM.h" />
     <ClInclude Include="..\SSU.h" />
     <ClInclude Include="..\SSUData.h" />
+    <ClInclude Include="..\SSUSession.h" />
     <ClInclude Include="..\Streaming.h" />
-	<ClInclude Include="..\Destination.h" />
+    <ClInclude Include="..\Datagram.h" />
+    <ClInclude Include="..\Destination.h" />
     <ClInclude Include="..\Timestamp.h" />
     <ClInclude Include="..\TransitTunnel.h" />
     <ClInclude Include="..\Transports.h" />
@@ -89,13 +107,17 @@
     <ClInclude Include="..\util.h" />
     <ClInclude Include="..\SOCKS.h" />
     <ClInclude Include="..\I2PTunnel.h" />
+    <ClInclude Include="..\I2PControl.h" />
     <ClInclude Include="..\version.h" />
     <ClInclude Include="..\Signature.h" />
     <ClInclude Include="..\ClientContext.h" />
-	<ClCompile Include="..\TransportSession.h" />
-	<ClCompile Include="..\Datagram.h" />	
+    <ClInclude Include="..\TransportSession.h" />
+    <ClInclude Include="resource.h" />
     <ClInclude Include="Win32Service.h" />
   </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="Resource.rc" />
+  </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{930568EC-31C9-406A-AD1C-9636DF5D8FAA}</ProjectGuid>
     <RootNamespace>i2pd</RootNamespace>
@@ -104,15 +126,28 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v120</PlatformToolset>
-    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120_xp</PlatformToolset>
+    <CharacterSet>NotSet</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v120_xp</PlatformToolset>
+    <CharacterSet>NotSet</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <PlatformToolset>v120_xp</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
+    <CharacterSet>NotSet</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v120_xp</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>NotSet</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -120,19 +155,36 @@
   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <IncludePath>E:\build\cryptopp562;E:\build\boost_1_56_0;./..;$(IncludePath)</IncludePath>
-    <LibraryPath>E:\build\cryptopp562\Win32\Output\Debug;E:\build\boost_1_56_0\stage\lib;$(LibraryPath)</LibraryPath>
+    <IncludePath>./..;$(IncludePath);$(BOOST);$(CRYPTOPP);C:\build-lib\cryptopp;C:\build-lib\boost_1_57_0\</IncludePath>
+    <LibraryPath>$(BOOST)\stage\lib;C:\build-lib\cryptopp;C:\build-lib\boost_1_57_0\stage\lib;$(CRYPTOPP)\cryptopp\$(Platform)\Output\$(Configuration);$(LibraryPath)</LibraryPath>
+    <SourcePath>./..;$(VC_SourcePath);</SourcePath>
+    <TargetName>$(ProjectName)_d</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <IncludePath>./..;$(IncludePath);$(BOOST);$(CRYPTOPP)</IncludePath>
+    <LibraryPath>$(BOOST)\stage\lib;$(CRYPTOPP)\cryptopp\$(Platform)\Output\$(Configuration);$(LibraryPath)</LibraryPath>
     <SourcePath>./..;$(VC_SourcePath);</SourcePath>
     <TargetName>$(ProjectName)_d</TargetName>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <IncludePath>E:\build\cryptopp562;E:\build\boost_1_56_0;./..;$(IncludePath)</IncludePath>
-    <LibraryPath>E:\build\cryptopp562\Win32\Output\Release;E:\build\cryptopp562\Win32\cryptopp\Release;E:\build\boost_1_56_0\stage\lib;E:\build\cryptopp562\Win32\cryptlib\DLL-Import Release;$(LibraryPath)</LibraryPath>
+    <IncludePath>./..;$(IncludePath);$(BOOST);C:\build-lib\boost_1_57_0\;C:\build-lib</IncludePath>
+    <LibraryPath>C:\build-lib\boost_1_57_0\stage\lib;C:\build-lib\cryptopp\$(Platform)\Output\$(Configuration);$(LibraryPath)</LibraryPath>
+    <SourcePath>./..;$(VC_SourcePath);</SourcePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <IncludePath>./..;$(IncludePath);$(BOOST);$(CRYPTOPP)</IncludePath>
+    <LibraryPath>$(BOOST)\stage\lib;$(CRYPTOPP)\cryptopp\$(Platform)\Output\$(Configuration);$(LibraryPath)</LibraryPath>
     <SourcePath>./..;$(VC_SourcePath);</SourcePath>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
@@ -147,26 +199,82 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <AdditionalDependencies>cryptlib.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
-      <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
+      <UACExecutionLevel>AsInvoker</UACExecutionLevel>
+      <Version>0.2</Version>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <PreprocessorDefinitions>_MBCS;_WIN32_WINNT=0x0502;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>cryptlib.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
+      <UACExecutionLevel>AsInvoker</UACExecutionLevel>
+      <Version>0.2</Version>
+      <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level2</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <PreprocessorDefinitions>_WIN32_WINNT=0x0501;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MultiProcessorCompilation>true</MultiProcessorCompilation>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>false</OptimizeReferences>
+      <AdditionalDependencies>cryptlib.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
+      <UACExecutionLevel>AsInvoker</UACExecutionLevel>
+      <Version>
+      </Version>
+      <SubSystem>Console</SubSystem>
+      <MinimumRequiredVersion>5.01</MinimumRequiredVersion>
+      <LinkErrorReporting>NoErrorReport</LinkErrorReporting>
+    </Link>
+    <Manifest>
+      <AssemblyIdentity>
+      </AssemblyIdentity>
+      <ComponentFileName>
+      </ComponentFileName>
+    </Manifest>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <PreprocessorDefinitions>_WIN32_WINNT=0x0502;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MultiProcessorCompilation>true</MultiProcessorCompilation>
+      <SDLCheck>true</SDLCheck>
     </ClCompile>
     <Link>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>false</OptimizeReferences>
       <AdditionalDependencies>cryptlib.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
-      <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
+      <UACExecutionLevel>AsInvoker</UACExecutionLevel>
       <Version>
       </Version>
+      <SubSystem>Console</SubSystem>
+      <MinimumRequiredVersion>5.02</MinimumRequiredVersion>
+      <LinkErrorReporting>NoErrorReport</LinkErrorReporting>
     </Link>
     <Manifest>
       <AssemblyIdentity>

Win32/i2pd.vcxproj.filters

@@ -123,6 +123,27 @@
     <ClCompile Include="..\SAM.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\SSUSession.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\Datagram.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\Destination.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\ClientContext.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\BOB.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\I2PControl.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\I2PService.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\Identity.h">
@@ -245,5 +266,37 @@
     <ClInclude Include="..\SAM.h">
       <Filter>Source Files</Filter>
     </ClInclude>
+    <ClInclude Include="..\SSUSession.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\Datagram.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\Destination.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\ClientContext.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\TransportSession.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="resource.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\BOB.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\I2PControl.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\I2PService.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="Resource.rc">
+      <Filter>Resource Files</Filter>
+    </ResourceCompile>
   </ItemGroup>
 </Project>

Win32/inno_installer.iss

@@ -1,10 +1,10 @@
 
-#define I2Pd_AppName "i2pd" 
-#define I2Pd_ver "0.1" 
+#define I2Pd_AppName "i2pd"
+#define I2Pd_ver "0.2"
 
 [Setup]
-AppName={#I2Pd_AppName} 
-AppVersion={#I2Pd_ver} 
+AppName={#I2Pd_AppName}
+AppVersion={#I2Pd_ver}
 DefaultDirName={pf}\I2Pd
 DefaultGroupName=I2Pd
 UninstallDisplayIcon={app}\I2Pd.exe
@@ -13,27 +13,50 @@ SolidCompression=yes
 OutputDir=.
 LicenseFile=.\..\LICENSE
 OutputBaseFilename=setup_{#I2Pd_AppName}_v{#I2Pd_ver}
+ArchitecturesInstallIn64BitMode=x64
+
 
 [Files]
-Source: "i2pd.exe"; DestDir: "{app}"
+Source: "x64\Release\i2pd.exe"; DestDir: "{app}"; DestName: "i2pd.exe"; Check: Is64BitInstallMode
+Source: "Release\i2pd.exe"; DestDir: "{app}"; Check: not Is64BitInstallMode
+Source: "..\README.md"; DestDir: "{app}"; DestName: "Readme.txt"; AfterInstall: ConvertLineEndings
 
 [Icons]
 Name: "{group}\I2Pd"; Filename: "{app}\i2pd.exe"
+Name: "{group}\Readme"; Filename: "{app}\Readme.txt"
+
+
+[Registry]
+Root: HKCU; Subkey: "Environment"; ValueName: "Path"; ValueType: "string"; ValueData: "{app};{olddata}"; Check: NotOnPathAlready(); Flags: preservestringtype;
 
 [Code]
 
 var
-  DefaultTop, 
-  DefaultLeft, 
+  DefaultTop,
+  DefaultLeft,
   DefaultHeight,
-  DefaultBackTop, 
-  DefaultNextTop, 
+  DefaultBackTop,
+  DefaultNextTop,
   DefaultCancelTop,
-  DefaultBevelTop, 
+  DefaultBevelTop,
   DefaultOuterHeight: Integer;
 
-const 
+const
   LicenseHeight = 400;
+   LF = #10;
+   CR = #13;
+   CRLF = CR + LF;
+
+procedure ConvertLineEndings();
+  var
+     FilePath : String;
+     FileContents : String;
+begin
+   FilePath := ExpandConstant(CurrentFileName)
+   LoadStringFromFile(FilePath, FileContents);
+   StringChangeEx(FileContents, LF, CRLF, False);
+   SaveStringToFile(FilePath, FileContents, False);
+end;
 
 procedure InitializeWizard();
 begin
@@ -67,7 +90,7 @@ begin
     WizardForm.BackButton.Top := DefaultBackTop + (LicenseHeight - DefaultHeight);
     WizardForm.Bevel.Top := DefaultBevelTop + (LicenseHeight - DefaultHeight);
   end
-  else 
+  else
   begin
     WizardForm.Top := DefaultTop;
     WizardForm.Left := DefaultLeft;
@@ -78,4 +101,49 @@ begin
     WizardForm.BackButton.Top := DefaultBackTop;
     WizardForm.Bevel.Top := DefaultBevelTop;
   end;
-end;
+end;
+
+function NotOnPathAlready(): Boolean;
+var
+  BinDir, Path: String;
+begin
+  Log('Checking if i2pd dir is already in the %PATH%');
+  if RegQueryStringValue(HKEY_CURRENT_USER, 'Environment', 'Path', Path) then
+  begin // Successfully read the value
+    Log('HKCUEnvironmentPATH = ' + Path);
+    BinDir := ExpandConstant('{app}');
+    Log('Looking for i2pd dir in %PATH%: ' + BinDir + ' in ' + Path);
+    if Pos(LowerCase(BinDir), Lowercase(Path)) = 0 then
+    begin
+      Log('Did not find i2pd dir in %PATH% so I will add it');
+      Result := True;
+    end
+    else
+    begin
+      Log('Found i2pd dir in %PATH% so will not add it again');
+      Result := False;
+    end
+  end
+  else // The key probably doesn't exist
+  begin
+    Log('Could not access HKCUEnvironmentPATH so I assume that it is OK to add it');
+    Result := True;
+  end;
+end;
+
+
+procedure CurUninstallStepChanged(CurUninstallStep: TUninstallStep);
+var
+  BinDir, Path: String;
+begin
+  if (CurUninstallStep = usPostUninstall)
+     and (RegQueryStringValue(HKEY_CURRENT_USER, 'Environment', 'PATH', Path)) then
+  begin
+    BinDir := ExpandConstant('{app}');
+    if Pos(LowerCase(BinDir) + ';', Lowercase(Path)) <> 0 then
+    begin
+      StringChange(Path, BinDir + ';', '');
+      RegWriteStringValue(HKEY_CURRENT_USER, 'Environment', 'PATH', Path);
+    end;
+  end;
+end;

Win32/nsi/helper_readme.nsh

@@ -0,0 +1,57 @@
+!verbose push
+!verbose 3
+ 
+!ifndef _MUI_EXTRAPAGES_NSH
+!define _MUI_EXTRAPAGES_NSH
+ 
+!ifmacrondef MUI_EXTRAPAGE_README & MUI_PAGE_README & MUI_UNPAGE_README & ReadmeLangStrings
+ 
+!macro MUI_EXTRAPAGE_README UN ReadmeFile
+!verbose push
+!verbose 3
+   !define MUI_PAGE_HEADER_TEXT "$(${UN}ReadmeHeader)"
+   !define MUI_PAGE_HEADER_SUBTEXT "$(${UN}ReadmeSubHeader)"
+   !define MUI_LICENSEPAGE_TEXT_TOP "$(${UN}ReadmeTextTop)"
+   !define MUI_LICENSEPAGE_TEXT_BOTTOM "$(${UN}ReadmeTextBottom)"
+   !define MUI_LICENSEPAGE_BUTTON "$(^NextBtn)"
+   !insertmacro MUI_${UN}PAGE_LICENSE "${ReadmeFile}"
+!verbose pop
+!macroend
+ 
+!define ReadmeRun "!insertmacro MUI_EXTRAPAGE_README"
+ 
+ 
+!macro MUI_PAGE_README ReadmeFile
+!verbose push
+!verbose 3
+    ${ReadmeRun} "" "${ReadmeFile}"
+!verbose pop
+!macroend
+ 
+ 
+!macro MUI_UNPAGE_README ReadmeFile
+!verbose push
+!verbose 3
+    ${ReadmeRun} "UN" "${ReadmeFile}"
+!verbose pop
+!macroend
+ 
+ 
+!macro ReadmeLangStrings UN MUI_LANG ReadmeHeader ReadmeSubHeader ReadmeTextTop ReadmeTextBottom
+!verbose push
+!verbose 3
+    LangString ${UN}ReadmeHeader     ${MUI_LANG} "${ReadmeHeader}"
+    LangString ${UN}ReadmeSubHeader  ${MUI_LANG} "${ReadmeSubHeader}"
+    LangString ${UN}ReadmeTextTop    ${MUI_LANG} "${ReadmeTextTop}"
+    LangString ${UN}ReadmeTextBottom ${MUI_LANG} "${ReadmeTextBottom}"
+!verbose pop
+!macroend
+ 
+!define ReadmeLanguage `!insertmacro ReadmeLangStrings ""`
+ 
+!define Un.ReadmeLanguage `!insertmacro ReadmeLangStrings "UN"`
+ 
+!endif
+!endif
+ 
+!verbose pop

Win32/nsi/servicelib.nsh

@@ -0,0 +1,419 @@
+; NSIS SERVICE LIBRARY - servicelib.nsh
+; Version 1.8.1 - Jun 21th, 2013
+; Questions/Comments - dselkirk@hotmail.com
+;
+; Description:
+;   Provides an interface to window services
+;
+; Inputs:
+;   action     - systemlib action ie. create, delete, start, stop, pause,
+;              continue, installed, running, status
+;   name       - name of service to manipulate
+;   param      - action parameters; usage: var1=value1;var2=value2;...etc.
+;                 (don't forget to add a ';' after the last value!)
+;
+; Actions:
+;   create     - creates a new windows service
+;              Parameters:
+;                path        - path to service executable
+;                autostart   - automatically start with system ie. 1|0
+;                interact    - interact with the desktop ie. 1|0
+;                depend      - service dependencies
+;                user        - user that runs the service
+;                password    - password of the above user
+;                display     - display name in service's console
+;                description - Description of service
+;                starttype   - start type (supersedes autostart)
+;                servicetype - service type (supersedes interact)
+;
+;   delete     - deletes a windows service
+;   start      - start a stopped windows service
+;   stop       - stops a running windows service
+;   pause      - pauses a running windows service
+;   continue   - continues a paused windows service
+;   installed  - is the provided service installed
+;              Parameters:
+;                action      - if true then invokes the specified action
+;   running    - is the provided service running
+;              Parameters:
+;                action      - if true then invokes the specified action
+;   status     - check the status of the provided service
+;
+; Usage:
+;   Method 1:
+;     Push "action"
+;     Push "name"
+;     Push "param"
+;     Call Service
+;     Pop $0 ;response
+;
+;   Method 2:
+;     !insertmacro SERVICE "action" "name" "param"
+;
+; History:
+;   1.0 - 09/15/2003 - Initial release
+;   1.1 - 09/16/2003 - Changed &l to i, thx brainsucker
+;   1.2 - 02/29/2004 - Fixed documentation.
+;   1.3 - 01/05/2006 - Fixed interactive flag and pop order (Kichik)
+;   1.4 - 12/07/2006 - Added display and depend, fixed datatypes (Vitoco)
+;   1.5 - 06/25/2008 - Added description of service.(DeSafe.com/liuqixing#gmail.com)
+;   1.5.1 - 06/12/2009 - Added use of __UNINSTALL__
+;   1.6 - 08/02/2010 - Fixed description implementation (Anders)
+;   1.7 - 04/11/2010 - Added get running service process id (Nico)
+;   1.8 - 24/03/2011 - Added starttype and servicetype (Sergius)
+;   1.8.1 - 21/06/2013 - Added dynamic ASCII & Unicode support (Zinthose)
+ 
+!ifndef SERVICELIB
+  !define SERVICELIB
+ 
+  !define SC_MANAGER_ALL_ACCESS         0x3F
+  !define SC_STATUS_PROCESS_INFO        0x0
+  !define SERVICE_ALL_ACCESS            0xF01FF
+ 
+  !define SERVICE_CONTROL_STOP          1
+  !define SERVICE_CONTROL_PAUSE         2
+  !define SERVICE_CONTROL_CONTINUE      3
+ 
+  !define SERVICE_STOPPED               0x1
+  !define SERVICE_START_PENDING         0x2
+  !define SERVICE_STOP_PENDING          0x3
+  !define SERVICE_RUNNING               0x4
+  !define SERVICE_CONTINUE_PENDING      0x5
+  !define SERVICE_PAUSE_PENDING         0x6
+  !define SERVICE_PAUSED                0x7
+ 
+  !define SERVICE_KERNEL_DRIVER         0x00000001
+  !define SERVICE_FILE_SYSTEM_DRIVER    0x00000002 
+  !define SERVICE_WIN32_OWN_PROCESS     0x00000010 
+  !define SERVICE_WIN32_SHARE_PROCESS   0x00000020
+  !define SERVICE_INTERACTIVE_PROCESS   0x00000100
+ 
+ 
+  !define SERVICE_BOOT_START            0x00000000
+  !define SERVICE_SYSTEM_START          0x00000001
+  !define SERVICE_AUTO_START            0x00000002 
+  !define SERVICE_DEMAND_START          0x00000003
+  !define SERVICE_DISABLED              0x00000004
+ 
+  ## Added by Zinthose for Native Unicode Support
+  !ifdef NSIS_UNICODE
+	!define APITAG "W"
+  !else
+    !define APITAG "A"
+  !endif
+ 
+  !macro SERVICE ACTION NAME PARAM
+    Push '${ACTION}'
+    Push '${NAME}'
+    Push '${PARAM}'
+    !ifdef __UNINSTALL__
+        Call un.Service
+    !else
+        Call Service
+    !endif
+  !macroend
+ 
+  !macro FUNC_GETPARAM
+    Push $0
+    Push $1
+    Push $2
+    Push $3
+    Push $4
+    Push $5
+    Push $6
+    Push $7
+    Exch 8
+    Pop $1 ;name
+    Exch 8
+    Pop $2 ;source
+    StrCpy $0 ""
+    StrLen $7 $2
+    StrCpy $3 0
+    lbl_loop:
+      IntCmp $3 $7 0 0 lbl_done
+      StrLen $4 "$1="
+      StrCpy $5 $2 $4 $3
+      StrCmp $5 "$1=" 0 lbl_next
+      IntOp $5 $3 + $4
+      StrCpy $3 $5
+      lbl_loop2:
+        IntCmp $3 $7 0 0 lbl_done
+        StrCpy $6 $2 1 $3
+        StrCmp $6 ";" 0 lbl_next2
+        IntOp $6 $3 - $5
+        StrCpy $0 $2 $6 $5
+        Goto lbl_done
+        lbl_next2:
+        IntOp $3 $3 + 1
+        Goto lbl_loop2
+      lbl_next:
+      IntOp $3 $3 + 1
+      Goto lbl_loop
+    lbl_done:
+    Pop $5
+    Pop $4
+    Pop $3
+    Pop $2
+    Pop $1
+    Exch 2
+    Pop $6
+    Pop $7
+    Exch $0
+  !macroend
+ 
+  !macro CALL_GETPARAM VAR NAME DEFAULT LABEL
+    Push $1
+    Push ${NAME}
+    Call ${UN}GETPARAM
+    Pop $6
+    StrCpy ${VAR} "${DEFAULT}"
+    StrCmp $6 "" "${LABEL}" 0
+    StrCpy ${VAR} $6
+  !macroend
+ 
+  !macro FUNC_SERVICE UN
+    Push $0
+    Push $1
+    Push $2
+    Push $3
+    Push $4
+    Push $5
+    Push $6
+    Push $7
+    Exch 8
+    Pop $1 ;param
+    Exch 8
+    Pop $2 ;name
+    Exch 8
+    Pop $3 ;action
+    ;$0 return
+    ;$4 OpenSCManager
+    ;$5 OpenService
+ 
+    StrCpy $0 "false"
+    System::Call 'advapi32::OpenSCManager${APITAG}(n, n, i ${SC_MANAGER_ALL_ACCESS}) i.r4'
+    IntCmp $4 0 lbl_done
+    StrCmp $3 "create" lbl_create
+    System::Call 'advapi32::OpenService${APITAG}(i r4, t r2, i ${SERVICE_ALL_ACCESS}) i.r5'
+    IntCmp $5 0 lbl_done
+ 
+    lbl_select:
+    StrCmp $3 "delete" lbl_delete
+    StrCmp $3 "start" lbl_start
+    StrCmp $3 "stop" lbl_stop
+    StrCmp $3 "pause" lbl_pause
+    StrCmp $3 "continue" lbl_continue
+    StrCmp $3 "installed" lbl_installed
+    StrCmp $3 "running" lbl_running
+    StrCmp $3 "status" lbl_status
+    StrCmp $3 "processid" lbl_processid
+    Goto lbl_done
+ 
+    ; create service
+    lbl_create:
+      Push $R1 ;depend
+      Push $R2 ;user
+      Push $R3 ;password
+      Push $R4 ;servicetype/interact
+      Push $R5 ;starttype/autostart
+      Push $R6 ;path
+      Push $R7 ;display
+      Push $R8 ;description
+ 
+      !insertmacro CALL_GETPARAM $R1 "depend" "n" "lbl_depend"
+        StrCpy $R1 't "$R1"'
+      lbl_depend:
+      StrCmp $R1 "n" 0 lbl_machine ;old name of depend param
+      !insertmacro CALL_GETPARAM $R1 "machine" "n" "lbl_machine"
+        StrCpy $R1 't "$R1"'
+      lbl_machine:
+ 
+      !insertmacro CALL_GETPARAM $R2 "user" "n" "lbl_user"
+        StrCpy $R2 't "$R2"'
+      lbl_user:
+ 
+      !insertmacro CALL_GETPARAM $R3 "password" "n" "lbl_password"
+        StrCpy $R3 't "$R3"'
+      lbl_password:
+ 
+      !insertmacro CALL_GETPARAM $R4 "interact" "${SERVICE_WIN32_OWN_PROCESS}" "lbl_interact"
+        StrCpy $6 ${SERVICE_WIN32_OWN_PROCESS}
+        IntCmp $R4 0 +2
+        IntOp $6 $6 | ${SERVICE_INTERACTIVE_PROCESS}
+        StrCpy $R4 $6
+      lbl_interact:
+ 
+      !insertmacro CALL_GETPARAM $R4 "servicetype" "$R4" "lbl_servicetype"
+      lbl_servicetype:
+ 
+      !insertmacro CALL_GETPARAM $R5 "autostart" "${SERVICE_DEMAND_START}" "lbl_autostart"
+        StrCpy $6 ${SERVICE_DEMAND_START}
+        IntCmp $R5 0 +2
+        StrCpy $6 ${SERVICE_AUTO_START}
+        StrCpy $R5 $6
+      lbl_autostart:
+ 
+      !insertmacro CALL_GETPARAM $R5 "starttype" "$R5" "lbl_starttype"
+      lbl_starttype:
+ 
+      !insertmacro CALL_GETPARAM $R6 "path" "n" "lbl_path"
+      lbl_path:
+ 
+      !insertmacro CALL_GETPARAM $R7 "display" "$2" "lbl_display"
+      lbl_display:
+ 
+      !insertmacro CALL_GETPARAM $R8 "description" "$2" "lbl_description"
+      lbl_description:
+ 
+      System::Call 'advapi32::CreateService${APITAG}(i r4, t r2, t R7, i ${SERVICE_ALL_ACCESS}, \
+                                             i R4, i R5, i 0, t R6, n, n, $R1, $R2, $R3) i.r6' 
+ 
+      ; write description of service (SERVICE_CONFIG_DESCRIPTION)
+      System::Call 'advapi32::ChangeServiceConfig2${APITAG}(ir6,i1,*t "$R8")i.R7'
+      strcmp $R7 "error" 0 lbl_descriptioncomplete
+      WriteRegStr HKLM "SYSTEM\CurrentControlSet\Services\$2" "Description" $R8
+      lbl_descriptioncomplete:
+ 
+      Pop $R8
+      Pop $R7
+      Pop $R6
+      Pop $R5
+      Pop $R4
+      Pop $R3
+      Pop $R2
+      Pop $R1
+      StrCmp $6 0 lbl_done lbl_good
+ 
+    ; delete service
+    lbl_delete:
+      System::Call 'advapi32::DeleteService(i r5) i.r6'
+      StrCmp $6 0 lbl_done lbl_good
+ 
+    ; start service
+    lbl_start:
+      System::Call 'advapi32::StartService${APITAG}(i r5, i 0, i 0) i.r6'
+      StrCmp $6 0 lbl_done lbl_good
+ 
+    ; stop service
+    lbl_stop:
+      Push $R1
+      System::Call '*(i,i,i,i,i,i,i) i.R1'
+      System::Call 'advapi32::ControlService(i r5, i ${SERVICE_CONTROL_STOP}, i $R1) i'
+      System::Free $R1
+      Pop $R1
+      StrCmp $6 0 lbl_done lbl_good
+ 
+    ; pause service
+    lbl_pause:
+      Push $R1
+      System::Call '*(i,i,i,i,i,i,i) i.R1'
+      System::Call 'advapi32::ControlService(i r5, i ${SERVICE_CONTROL_PAUSE}, i $R1) i'
+      System::Free $R1
+      Pop $R1
+      StrCmp $6 0 lbl_done lbl_good
+ 
+    ; continue service
+    lbl_continue:
+      Push $R1
+      System::Call '*(i,i,i,i,i,i,i) i.R1'
+      System::Call 'advapi32::ControlService(i r5, i ${SERVICE_CONTROL_CONTINUE}, i $R1) i'
+      System::Free $R1
+      Pop $R1
+      StrCmp $6 0 lbl_done lbl_good
+ 
+    ; is installed
+    lbl_installed:
+      !insertmacro CALL_GETPARAM $7 "action" "" "lbl_good"
+        StrCpy $3 $7
+        Goto lbl_select
+ 
+    ; is service running
+    lbl_running:
+      Push $R1
+      System::Call '*(i,i,i,i,i,i,i) i.R1'
+      System::Call 'advapi32::QueryServiceStatus(i r5, i $R1) i'
+      System::Call '*$R1(i, i.r6)'
+      System::Free $R1
+      Pop $R1
+      IntFmt $6 "0x%X" $6
+      StrCmp $6 ${SERVICE_RUNNING} 0 lbl_done
+      !insertmacro CALL_GETPARAM $7 "action" "" "lbl_good"
+        StrCpy $3 $7
+        Goto lbl_select
+ 
+    lbl_status:
+      Push $R1
+      System::Call '*(i,i,i,i,i,i,i) i.R1'
+      System::Call 'advapi32::QueryServiceStatus(i r5, i $R1) i'
+      System::Call '*$R1(i, i .r6)'
+      System::Free $R1
+      Pop $R1
+      IntFmt $6 "0x%X" $6
+      StrCpy $0 "running"
+      IntCmp $6 ${SERVICE_RUNNING} lbl_done
+      StrCpy $0 "stopped"
+      IntCmp $6 ${SERVICE_STOPPED} lbl_done
+      StrCpy $0 "start_pending"
+      IntCmp $6 ${SERVICE_START_PENDING} lbl_done
+      StrCpy $0 "stop_pending"
+      IntCmp $6 ${SERVICE_STOP_PENDING} lbl_done
+      StrCpy $0 "running"
+      IntCmp $6 ${SERVICE_RUNNING} lbl_done
+      StrCpy $0 "continue_pending"
+      IntCmp $6 ${SERVICE_CONTINUE_PENDING} lbl_done
+      StrCpy $0 "pause_pending"
+      IntCmp $6 ${SERVICE_PAUSE_PENDING} lbl_done
+      StrCpy $0 "paused"
+      IntCmp $6 ${SERVICE_PAUSED} lbl_done
+      StrCpy $0 "unknown"
+      Goto lbl_done
+ 
+    lbl_processid:
+      Push $R1
+      Push $R2
+      System::Call '*(i,i,i,i,i,i,i,i,i) i.R1'
+      System::Call '*(i 0) i.R2'
+      System::Call "advapi32::QueryServiceStatusEx(i r5, i ${SC_STATUS_PROCESS_INFO}, i $R1, i 36, i $R2) i"
+      System::Call "*$R1(i,i,i,i,i,i,i, i .r0)"
+      System::Free $R2
+      System::Free $R1
+      Pop $R2
+      Pop $R1
+      Goto lbl_done
+ 
+    lbl_good:
+    StrCpy $0 "true"
+    lbl_done:
+    IntCmp $5 0 +2
+    System::Call 'advapi32::CloseServiceHandle(i r5) n'
+    IntCmp $4 0 +2
+    System::Call 'advapi32::CloseServiceHandle(i r4) n'
+    Pop $4
+    Pop $3
+    Pop $2
+    Pop $1
+    Exch 3
+    Pop $5
+    Pop $7
+    Pop $6
+    Exch $0
+  !macroend
+ 
+  Function Service
+    !insertmacro FUNC_SERVICE ""
+  FunctionEnd
+ 
+  Function un.Service
+    !insertmacro FUNC_SERVICE "un."
+  FunctionEnd
+ 
+  Function GetParam
+    !insertmacro FUNC_GETPARAM
+  FunctionEnd
+ 
+  Function un.GetParam
+    !insertmacro FUNC_GETPARAM
+  FunctionEnd
+ 
+  !undef APITAG
+!endif

aes.cpp

@@ -8,14 +8,6 @@ namespace crypto
 {
 
 #ifdef AESNI
-
-	ECBCryptoAESNI::ECBCryptoAESNI ()
-	{
-		m_KeySchedule = m_UnalignedBuffer;
-		uint8_t rem = ((uint64_t)m_KeySchedule) & 0x0f;
-		if (rem)
-			m_KeySchedule += (16 - rem);
-	}	
 	
 	#define KeyExpansion256(round0,round1) \
 		"pshufd	$0xff, %%xmm2, %%xmm2 \n" \
@@ -33,14 +25,14 @@ namespace crypto
 		"movaps	%%xmm3, %%xmm4 \n" \
 		"pslldq	$4, %%xmm4 \n" \
 		"pxor %%xmm4, %%xmm3 \n" \
-	    "pslldq	$4, %%xmm4 \n" \
+		"pslldq	$4, %%xmm4 \n" \
 		"pxor %%xmm4, %%xmm3 \n" \
 		"pslldq	$4, %%xmm4 \n" \
 		"pxor %%xmm4, %%xmm3 \n" \
 		"pxor %%xmm2, %%xmm3 \n" \
 		"movaps	%%xmm3, "#round1"(%[sched]) \n" 
 
-	void ECBCryptoAESNI::ExpandKey (const uint8_t * key)
+	void ECBCryptoAESNI::ExpandKey (const AESKey& key)
 	{
 		__asm__
 		(
@@ -73,8 +65,8 @@ namespace crypto
 			"pxor %%xmm2, %%xmm1 \n"
 			"movups	%%xmm1, 224(%[sched]) \n"
 			: // output
-			: [key]"r"(key), [sched]"r"(m_KeySchedule) // input
-			: "%xmm1", "%xmm2", "%xmm3", "%xmm4" // clogged
+			: [key]"r"((const uint8_t *)key), [sched]"r"(GetKeySchedule ()) // input
+			: "%xmm1", "%xmm2", "%xmm3", "%xmm4", "memory" // clogged
 		);
 	}
 
@@ -102,7 +94,7 @@ namespace crypto
 			"movups	(%[in]), %%xmm0 \n"
 			EncryptAES256(sched)
 			"movups	%%xmm0, (%[out]) \n"	
-			: : [sched]"r"(m_KeySchedule), [in]"r"(in), [out]"r"(out) : "%xmm0"
+			: : [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out) : "%xmm0", "memory"
 		);
 	}		
 
@@ -130,7 +122,7 @@ namespace crypto
 			"movups	(%[in]), %%xmm0 \n"
 			DecryptAES256(sched)
 			"movups	%%xmm0, (%[out]) \n"	
-			: : [sched]"r"(m_KeySchedule), [in]"r"(in), [out]"r"(out) : "%xmm0"
+			: : [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out) : "%xmm0", "memory"
 		);		
 	}
 
@@ -139,7 +131,7 @@ namespace crypto
 		"aesimc %%xmm0, %%xmm0 \n" \
 		"movaps %%xmm0, "#offset"(%[shed]) \n" 
 
-	void ECBDecryptionAESNI::SetKey (const uint8_t * key)
+	void ECBDecryptionAESNI::SetKey (const AESKey& key)
 	{
 		ExpandKey (key); // expand encryption key first
 		// then  invert it using aesimc
@@ -158,7 +150,7 @@ namespace crypto
 			CallAESIMC(176)
 			CallAESIMC(192)
 			CallAESIMC(208)
-			: : [shed]"r"(m_KeySchedule) : "%xmm0"
+			: : [shed]"r"(GetKeySchedule ()) : "%xmm0", "memory"
 		);
 	}
 
@@ -171,7 +163,7 @@ namespace crypto
 		__asm__
 		(
 		 	"movups	(%[iv]), %%xmm1 \n"
-		 	"block_e: \n"
+		 	"1: \n"
 		 	"movups	(%[in]), %%xmm0 \n"
 		 	"pxor %%xmm1, %%xmm0 \n"
 		 	EncryptAES256(sched)
@@ -180,7 +172,7 @@ namespace crypto
 		 	"add $16, %[in] \n"
 		 	"add $16, %[out] \n"
 		 	"dec %[num] \n"
-		 	"jnz block_e; \n"	 	
+		 	"jnz 1b \n"	 	
 		 	"movups	%%xmm1, (%[iv]) \n"
 			: 
 			: [iv]"r"(&m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()), 
@@ -200,7 +192,9 @@ namespace crypto
 	void CBCEncryption::Encrypt (const uint8_t * in, std::size_t len, uint8_t * out)
 	{
 		// len/16
-		Encrypt (len >> 4, (const ChipherBlock *)in, (ChipherBlock *)out); 
+		int numBlocks = len >> 4;
+		if (numBlocks > 0)
+			Encrypt (numBlocks, (const ChipherBlock *)in, (ChipherBlock *)out); 
 	}
 
 	void CBCEncryption::Encrypt (const uint8_t * in, uint8_t * out)
@@ -230,7 +224,7 @@ namespace crypto
 		__asm__
 		(
 			"movups	(%[iv]), %%xmm1 \n"
-		 	"block_d: \n"
+		 	"1: \n"
 		 	"movups	(%[in]), %%xmm0 \n"
 			"movaps %%xmm0, %%xmm2 \n"
 		 	DecryptAES256(sched)
@@ -240,7 +234,7 @@ namespace crypto
 		 	"add $16, %[in] \n"
 		 	"add $16, %[out] \n"
 		 	"dec %[num] \n"
-		 	"jnz block_d; \n"	 	
+		 	"jnz 1b \n"	 	
 		 	"movups	%%xmm1, (%[iv]) \n"
 			: 
 			: [iv]"r"(&m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()), 
@@ -260,7 +254,9 @@ namespace crypto
 
 	void CBCDecryption::Decrypt (const uint8_t * in, std::size_t len, uint8_t * out)
 	{
-		Decrypt (len >> 4, (const ChipherBlock *)in, (ChipherBlock *)out); 
+		int numBlocks = len >> 4;
+		if (numBlocks > 0)
+			Decrypt (numBlocks, (const ChipherBlock *)in, (ChipherBlock *)out); 
 	}
 
 	void CBCDecryption::Decrypt (const uint8_t * in, uint8_t * out)
@@ -297,7 +293,7 @@ namespace crypto
 			EncryptAES256(sched_iv)
 			"movups %%xmm0, (%[payload]) \n"
 			// encrypt data, IV is xmm1
-			"block_et: \n"
+			"1: \n"
 			"add $16, %[payload] \n"
 		 	"movups	(%[payload]), %%xmm0 \n"
 		 	"pxor %%xmm1, %%xmm0 \n"
@@ -305,7 +301,7 @@ namespace crypto
 		 	"movaps	%%xmm0, %%xmm1 \n"	
 		 	"movups	%%xmm0, (%[payload]) \n"
 		 	"dec %[num] \n"
-		 	"jnz block_et; \n"	 	
+		 	"jnz 1b \n"	 	
 			: 
 			: [sched_iv]"r"(m_IVEncryption.GetKeySchedule ()), [sched_l]"r"(m_LayerEncryption.GetKeySchedule ()), 
 			  [payload]"r"(payload), [num]"r"(63) // 63 blocks = 1008 bytes
@@ -332,7 +328,7 @@ namespace crypto
 			DecryptAES256(sched_iv)
 			"movups %%xmm0, (%[payload]) \n"
 			// decrypt data, IV is xmm1
-			"block_dt: \n"
+			"1: \n"
 			"add $16, %[payload] \n"
 			"movups	(%[payload]), %%xmm0 \n"
 			"movaps %%xmm0, %%xmm2 \n"
@@ -341,7 +337,7 @@ namespace crypto
 		 	"movups	%%xmm0, (%[payload]) \n"
 			"movaps %%xmm2, %%xmm1 \n"
 		 	"dec %[num] \n"
-		 	"jnz block_dt; \n"	 	
+		 	"jnz 1b \n"	 	
 			: 
 			: [sched_iv]"r"(m_IVDecryption.GetKeySchedule ()), [sched_l]"r"(m_LayerDecryption.GetKeySchedule ()), 
 			  [payload]"r"(payload), [num]"r"(63) // 63 blocks = 1008 bytes

aes.h

@@ -4,46 +4,83 @@
 #include <inttypes.h>
 #include <cryptopp/modes.h>
 #include <cryptopp/aes.h>
+#include "Identity.h"
 
 namespace i2p
 {
 namespace crypto
 {	
-	union ChipherBlock	
+	struct ChipherBlock	
 	{
 		uint8_t buf[16];
-		uint64_t ll[2];
 
 		void operator^=(const ChipherBlock& other) // XOR
 		{
-			ll[0] ^= other.ll[0];
-			ll[1] ^= other.ll[1];
+#if defined(__x86_64__) // for Intel x64 
+			__asm__
+			(
+				"movups	(%[buf]), %%xmm0 \n"	
+				"movups	(%[other]), %%xmm1 \n"	
+				"pxor %%xmm1, %%xmm0 \n"
+				"movups	%%xmm0, (%[buf]) \n"
+				: 
+				: [buf]"r"(buf), [other]"r"(other.buf) 
+				: "%xmm0", "%xmm1", "memory"
+			);			
+#else
+			// TODO: implement it better
+			for (int i = 0; i < 16; i++)
+				buf[i] ^= other.buf[i];
+#endif
 		}	 
 	};
 
+	typedef i2p::data::Tag<32> AESKey;
+	
+	template<size_t sz>
+	class AESAlignedBuffer // 16 bytes alignment
+	{
+		public:
+		
+			AESAlignedBuffer ()
+			{
+				m_Buf = m_UnalignedBuffer;
+				uint8_t rem = ((size_t)m_Buf) & 0x0f;
+				if (rem)
+					m_Buf += (16 - rem);
+			}
+		
+			operator uint8_t * () { return m_Buf; };
+			operator const uint8_t * () const { return m_Buf; };
+
+		private:
+
+			uint8_t m_UnalignedBuffer[sz + 15]; // up to 15 bytes alignment
+			uint8_t * m_Buf;
+	};			
+
+
 #ifdef AESNI
 	class ECBCryptoAESNI
 	{	
 		public:
 
-			ECBCryptoAESNI ();
 			uint8_t * GetKeySchedule () { return m_KeySchedule; };
-			
+
 		protected:
 
-			void ExpandKey (const uint8_t * key);
+			void ExpandKey (const AESKey& key);
 		
-		protected:
+		private:
 
-			uint8_t * m_KeySchedule; // start of 16 bytes boundary of m_UnalignedBuffer
-			uint8_t m_UnalignedBuffer[256]; // 14 rounds for AES-256, 240 + 16 bytes
+			AESAlignedBuffer<240> m_KeySchedule;  // 14 rounds for AES-256, 240 bytes
 	};	
 
 	class ECBEncryptionAESNI: public ECBCryptoAESNI
 	{
 		public:
 		
-			void SetKey (const uint8_t * key) { ExpandKey (key); };
+			void SetKey (const AESKey& key) { ExpandKey (key); };
 			void Encrypt (const ChipherBlock * in, ChipherBlock * out);	
 	};	
 
@@ -51,7 +88,7 @@ namespace crypto
 	{
 		public:
 		
-			void SetKey (const uint8_t * key);
+			void SetKey (const AESKey& key);
 			void Decrypt (const ChipherBlock * in, ChipherBlock * out);		
 	};	
 
@@ -64,7 +101,7 @@ namespace crypto
 	{
 		public:
 		
-			void SetKey (const uint8_t * key) 
+			void SetKey (const AESKey& key) 
 			{ 
 				m_Encryption.SetKey (key, 32); 
 			}
@@ -82,7 +119,7 @@ namespace crypto
 	{
 		public:
 		
-			void SetKey (const uint8_t * key) 
+			void SetKey (const AESKey& key) 
 			{ 
 				m_Decryption.SetKey (key, 32); 
 			}
@@ -105,7 +142,7 @@ namespace crypto
 	
 			CBCEncryption () { memset (m_LastBlock.buf, 0, 16); };
 
-			void SetKey (const uint8_t * key) { m_ECBEncryption.SetKey (key); }; // 32 bytes
+			void SetKey (const AESKey& key) { m_ECBEncryption.SetKey (key); }; // 32 bytes
 			void SetIV (const uint8_t * iv) { memcpy (m_LastBlock.buf, iv, 16); }; // 16 bytes
 
 			void Encrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
@@ -125,7 +162,7 @@ namespace crypto
 	
 			CBCDecryption () { memset (m_IV.buf, 0, 16); };
 
-			void SetKey (const uint8_t * key) { m_ECBDecryption.SetKey (key); }; // 32 bytes
+			void SetKey (const AESKey& key) { m_ECBDecryption.SetKey (key); }; // 32 bytes
 			void SetIV (const uint8_t * iv) { memcpy (m_IV.buf, iv, 16); }; // 16 bytes
 
 			void Decrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
@@ -142,7 +179,7 @@ namespace crypto
 	{
 		public:
 
-			void SetKeys (const uint8_t * layerKey, const uint8_t * ivKey)
+			void SetKeys (const AESKey& layerKey, const AESKey& ivKey)
 			{
 				m_LayerEncryption.SetKey (layerKey);
 				m_IVEncryption.SetKey (ivKey);
@@ -164,7 +201,7 @@ namespace crypto
 	{
 		public:
 
-			void SetKeys (const uint8_t * layerKey, const uint8_t * ivKey)
+			void SetKeys (const AESKey& layerKey, const AESKey& ivKey)
 			{
 				m_LayerDecryption.SetKey (layerKey);
 				m_IVDecryption.SetKey (ivKey);

api.cpp

@@ -0,0 +1,112 @@
+#include <string>
+#include <map>
+#include "Log.h"
+#include "NetDb.h"
+#include "Transports.h"
+#include "Tunnel.h"
+#include "RouterContext.h"
+#include "Identity.h"
+#include "Destination.h"
+#include "util.h"
+#include "api.h"
+
+namespace i2p
+{
+namespace api
+{
+	void InitI2P (int argc, char* argv[], const char * appName)
+	{
+		i2p::util::filesystem::SetAppName (appName);
+		i2p::util::config::OptionParser(argc, argv);
+		i2p::context.Init ();	
+	}
+
+	void StartI2P (std::ostream * logStream)
+	{
+		if (logStream)
+			StartLog (logStream);
+		else
+			StartLog (i2p::util::filesystem::GetAppName () + ".log");
+		i2p::data::netdb.Start();
+		LogPrint("NetDB started");
+		i2p::transport::transports.Start();
+		LogPrint("Transports started");
+		i2p::tunnel::tunnels.Start();
+		LogPrint("Tunnels started");
+	}
+
+	void StopI2P ()
+	{
+		LogPrint("Shutdown started.");
+		i2p::tunnel::tunnels.Stop();
+		LogPrint("Tunnels stopped");
+		i2p::transport::transports.Stop();
+		LogPrint("Transports stopped");
+		i2p::data::netdb.Stop();
+		LogPrint("NetDB stopped");
+		StopLog ();
+	}
+
+	i2p::client::ClientDestination * CreateLocalDestination (const i2p::data::PrivateKeys& keys, bool isPublic,
+		const std::map<std::string, std::string> * params)
+	{
+		auto localDestination = new i2p::client::ClientDestination (keys, isPublic, params);
+		localDestination->Start ();
+		return localDestination;
+	}
+
+	i2p::client::ClientDestination * CreateLocalDestination (bool isPublic, i2p::data::SigningKeyType sigType,
+		const std::map<std::string, std::string> * params)
+	{
+		i2p::data::PrivateKeys keys = i2p::data::PrivateKeys::CreateRandomKeys (sigType);
+		auto localDestination = new i2p::client::ClientDestination (keys, isPublic, params);
+		localDestination->Start ();
+		return localDestination;
+	}
+
+	void DestroyLocalDestination (i2p::client::ClientDestination * dest)
+	{
+		if (dest)
+		{
+			dest->Stop ();
+			delete dest;
+		}
+	}
+
+	void RequestLeaseSet (i2p::client::ClientDestination * dest, const i2p::data::IdentHash& remote)
+	{
+		if (dest)
+			dest->RequestDestination (remote);
+	}
+
+	std::shared_ptr<i2p::stream::Stream> CreateStream (i2p::client::ClientDestination * dest, const i2p::data::IdentHash& remote)
+	{
+		if (!dest) return nullptr;
+		auto leaseSet = dest->FindLeaseSet (remote);
+		if (leaseSet)
+		{
+			auto stream = dest->CreateStream (leaseSet);
+			stream->Send (nullptr, 0); // connect
+			return stream;
+		}
+		else
+		{
+			RequestLeaseSet (dest, remote);
+			return nullptr;	
+		}	
+	}
+
+	void AcceptStream (i2p::client::ClientDestination * dest, const i2p::stream::StreamingDestination::Acceptor& acceptor)
+	{
+		if (dest)
+			dest->AcceptStreams (acceptor);
+	}
+
+	void DestroyStream (std::shared_ptr<i2p::stream::Stream> stream)
+	{
+		if (stream)
+			stream->Close ();
+	}
+}
+}
+

api.h

@@ -0,0 +1,36 @@
+#ifndef API_H__
+#define API_H__
+
+#include <memory>
+#include <iostream>
+#include "Identity.h"
+#include "Destination.h"
+#include "Streaming.h"
+
+namespace i2p
+{
+namespace api
+{
+	// initialization start and stop	
+	void InitI2P (int argc, char* argv[], const char * appName);
+	void StartI2P (std::ostream * logStream = nullptr);
+	// write system log to logStream, if not specified to <appName>.log in application's folder
+	void StopI2P ();
+
+	// destinations
+	i2p::client::ClientDestination * CreateLocalDestination (const i2p::data::PrivateKeys& keys, bool isPublic = true,
+		const std::map<std::string, std::string> * params = nullptr); 
+	i2p::client::ClientDestination * CreateLocalDestination (bool isPublic = false, i2p::data::SigningKeyType sigType = i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256, 
+		const std::map<std::string, std::string> * params = nullptr); // transient destinations usually not published
+	void DestroyLocalDestination (i2p::client::ClientDestination * dest);
+
+	// streams
+	void RequestLeaseSet (i2p::client::ClientDestination * dest, const i2p::data::IdentHash& remote);
+	std::shared_ptr<i2p::stream::Stream> CreateStream (i2p::client::ClientDestination * dest, const i2p::data::IdentHash& remote);
+	void AcceptStream (i2p::client::ClientDestination * dest, const i2p::stream::StreamingDestination::Acceptor& acceptor);
+	void DestroyStream (std::shared_ptr<i2p::stream::Stream> stream);
+}
+}
+
+#endif
+

base64.cpp

@@ -79,7 +79,7 @@ namespace data
 		     outCount = 4*n;
 		else
 		     outCount = 4*(n+1);
-		if (outCount > len) return -1;
+		if (outCount > len) return 0;
 		pd = (unsigned char *)OutBuffer;
 		for ( i = 0; i<n; i++ ){
 		     acc_1 = *ps++;
@@ -158,7 +158,7 @@ namespace data
 		     outCount = 3*n;
 		else {
 		     outCount = 0;
-		     return -1;
+		     return 0;
 		}
 		
 		ps = (unsigned char *)(InBuffer + InCount - 1);