updated ChangeLog

Added AppArmor profile

.dir-locals.el

@@ -0,0 +1,2 @@
+((c++-mode . ((indent-tabs-mode . t)))
+ (c-mode . ((mode . c++))))

.gitignore

@@ -3,13 +3,19 @@ obj/*.o
 router.info
 router.keys
 i2p
+libi2pd.so
 netDb
+/i2pd
+/libi2pd.a
+/libi2pdclient.a
+i2pd.exe
+
 
 # Autotools
 autom4te.cache
 .deps
 stamp-h1
-Makefile
+#Makefile
 config.h
 config.h.in~
 config.log
@@ -229,3 +235,15 @@ pip-log.txt
 
 #Mr Developer
 .mr.developer.cfg
+
+# Sphinx
+docs/_build
+/androidIdea/
+
+
+# emacs files
+*~
+*\#*
+
+# gdb files
+.gdb_history

.travis.yml

@@ -0,0 +1,35 @@
+language: cpp
+cache:
+  apt: true
+os:
+  - linux
+sudo: required
+dist: trusty
+addons:
+  apt:
+    packages:
+      - build-essential
+      - cmake
+      - g++
+      - clang
+      - libboost-chrono-dev
+      - libboost-date-time-dev
+      - libboost-filesystem-dev
+      - libboost-program-options-dev
+      - libboost-system-dev
+      - libboost-thread-dev
+      - libminiupnpc-dev
+      - libssl-dev
+compiler:
+  - gcc
+  - clang
+before_install:
+  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi
+  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install openssl miniupnpc ; fi
+  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew unlink boost openssl && brew link boost openssl -f ; fi
+env:
+  matrix:
+    - BUILD_TYPE=Release UPNP=ON
+    - BUILD_TYPE=Release UPNP=OFF
+script:
+  - cd build && cmake -DCMAKE_BUILD_TYPE=${BUILD_TYPE} -DWITH_UPNP=${UPNP} && make

AddressBook.cpp

@@ -1,23 +1,270 @@
 #include <string.h>
+#include <inttypes.h>
 #include <string>
 #include <map>
-#include "base64.h"
+#include <fstream>
+#include <chrono>
+#include <condition_variable>
+#include <openssl/rand.h>
+#include <boost/algorithm/string.hpp>
+#include "Base.h"
 #include "util.h"
 #include "Identity.h"
+#include "FS.h"
 #include "Log.h"
+#include "HTTP.h"
+#include "NetDb.h"
+#include "ClientContext.h"
 #include "AddressBook.h"
-
-#include <boost/algorithm/string.hpp>
+#include "Config.h"
 
 namespace i2p
 {
 namespace client
 {
+	// TODO: this is actually proxy class
+	class AddressBookFilesystemStorage: public AddressBookStorage
+	{
+		private:
+			i2p::fs::HashedStorage storage;
+			std::string etagsPath, indexPath, localPath;
 
-	AddressBook::AddressBook (): m_IsLoaded (false), m_IsDowloading (false)
+		public:
+			AddressBookFilesystemStorage (): storage("addressbook", "b", "", "b32") {};
+			std::shared_ptr<const i2p::data::IdentityEx> GetAddress (const i2p::data::IdentHash& ident) const;
+			void AddAddress (std::shared_ptr<const i2p::data::IdentityEx> address);
+			void RemoveAddress (const i2p::data::IdentHash& ident);
+
+			bool Init ();
+			int Load (std::map<std::string, i2p::data::IdentHash>& addresses);
+			int LoadLocal (std::map<std::string, i2p::data::IdentHash>& addresses);
+			int Save (const std::map<std::string, i2p::data::IdentHash>& addresses);
+
+			void SaveEtag (const i2p::data::IdentHash& subsciption, const std::string& etag, const std::string& lastModified);
+			bool GetEtag (const i2p::data::IdentHash& subscription, std::string& etag, std::string& lastModified);
+
+		private:
+
+			int LoadFromFile (const std::string& filename, std::map<std::string, i2p::data::IdentHash>& addresses); // returns -1 if can't open file, otherwise number of records
+
+	};
+
+	bool AddressBookFilesystemStorage::Init()
+	{	
+		storage.SetPlace(i2p::fs::GetDataDir());
+		// init storage
+		if (storage.Init(i2p::data::GetBase32SubstitutionTable(), 32))
+		{	
+			// init ETags
+			etagsPath = i2p::fs::StorageRootPath (storage, "etags");
+			if (!i2p::fs::Exists (etagsPath))
+				i2p::fs::CreateDirectory (etagsPath);
+			// init address files
+			indexPath = i2p::fs::StorageRootPath (storage, "addresses.csv");
+			localPath = i2p::fs::StorageRootPath (storage, "local.csv");
+			return true;
+		}	
+		return false;
+	}
+
+	std::shared_ptr<const i2p::data::IdentityEx> AddressBookFilesystemStorage::GetAddress (const i2p::data::IdentHash& ident) const
+	{
+		std::string filename = storage.Path(ident.ToBase32());
+		std::ifstream f(filename, std::ifstream::binary);
+		if (!f.is_open ()) {
+			LogPrint(eLogDebug, "Addressbook: Requested, but not found: ", filename);
+			return nullptr;
+		}
+
+		f.seekg (0,std::ios::end);
+		size_t len = f.tellg ();
+		if (len < i2p::data::DEFAULT_IDENTITY_SIZE) {
+			LogPrint (eLogError, "Addressbook: File ", filename, " is too short: ", len);
+			return nullptr;
+		}
+		f.seekg(0, std::ios::beg);
+		uint8_t * buf = new uint8_t[len];
+		f.read((char *)buf, len);
+		auto address = std::make_shared<i2p::data::IdentityEx>(buf, len);
+		delete[] buf;
+		return address;
+	}
+
+	void AddressBookFilesystemStorage::AddAddress (std::shared_ptr<const i2p::data::IdentityEx> address)
+	{
+		std::string path = storage.Path( address->GetIdentHash().ToBase32() );
+		std::ofstream f (path, std::ofstream::binary | std::ofstream::out);
+		if (!f.is_open ())	{
+			LogPrint (eLogError, "Addressbook: can't open file ", path);
+			return;
+		}
+		size_t len = address->GetFullLen ();
+		uint8_t * buf = new uint8_t[len];
+		address->ToBuffer (buf, len);
+		f.write ((char *)buf, len);
+		delete[] buf;
+	}	
+
+	void AddressBookFilesystemStorage::RemoveAddress (const i2p::data::IdentHash& ident)
+	{
+		storage.Remove( ident.ToBase32() );
+	}
+
+	int AddressBookFilesystemStorage::LoadFromFile (const std::string& filename, std::map<std::string, i2p::data::IdentHash>& addresses)
+	{
+		int num = 0;	
+		std::ifstream f (filename, std::ifstream::in); // in text mode
+		if (!f) return -1;
+
+		addresses.clear ();
+		while (!f.eof ()) 
+		{
+			std::string s;
+			getline(f, s);
+			if (!s.length()) continue; // skip empty line
+
+			std::size_t pos = s.find(',');
+			if (pos != std::string::npos)
+			{
+				std::string name = s.substr(0, pos++);
+				std::string addr = s.substr(pos);
+
+				i2p::data::IdentHash ident;
+				ident.FromBase32 (addr);
+				addresses[name] = ident;
+				num++;
+			}		
+		}
+		return num;
+	}
+
+	int AddressBookFilesystemStorage::Load (std::map<std::string, i2p::data::IdentHash>& addresses)
+	{
+		int num = LoadFromFile (indexPath, addresses);	
+		if (num < 0)
+		{
+			LogPrint(eLogWarning, "Addressbook: Can't open ", indexPath);
+			return 0;
+		}			
+		LogPrint(eLogInfo, "Addressbook: using index file ", indexPath);
+		LogPrint (eLogInfo, "Addressbook: ", num, " addresses loaded from storage");
+
+		return num;
+	}
+
+	int AddressBookFilesystemStorage::LoadLocal (std::map<std::string, i2p::data::IdentHash>& addresses)
+	{
+		int num = LoadFromFile (localPath, addresses);	
+		if (num < 0) return 0;
+		LogPrint (eLogInfo, "Addressbook: ", num, " local addresses loaded");	
+		return num;
+	}
+
+	int AddressBookFilesystemStorage::Save (const std::map<std::string, i2p::data::IdentHash>& addresses)
+	{
+		if (addresses.empty()) {
+			LogPrint(eLogWarning, "Addressbook: not saving empty addressbook");
+			return 0;
+		}
+
+		int num = 0;
+		std::ofstream f (indexPath, std::ofstream::out); // in text mode
+
+		if (!f.is_open ()) {
+			LogPrint (eLogWarning, "Addressbook: Can't open ", indexPath);
+			return 0;
+		}
+
+		for (const auto& it: addresses) {
+			f << it.first << "," << it.second.ToBase32 () << std::endl;
+			num++;
+		}
+		LogPrint (eLogInfo, "Addressbook: ", num, " addresses saved");
+		return num;	
+	}	
+
+	void AddressBookFilesystemStorage::SaveEtag (const i2p::data::IdentHash& subscription, const std::string& etag, const std::string& lastModified)
+	{
+		std::string fname = etagsPath + i2p::fs::dirSep + subscription.ToBase32 () + ".txt";
+		std::ofstream f (fname, std::ofstream::out | std::ofstream::trunc);
+		if (f)
+		{	
+			f << etag << std::endl; 
+			f<< lastModified << std::endl;
+		}	
+	}
+
+	bool AddressBookFilesystemStorage::GetEtag (const i2p::data::IdentHash& subscription, std::string& etag, std::string& lastModified)
+	{
+		std::string fname = etagsPath + i2p::fs::dirSep + subscription.ToBase32 () + ".txt";
+		std::ifstream f (fname, std::ofstream::in);
+		if (!f || f.eof ()) return false;
+		std::getline (f, etag);
+		if (f.eof ()) return false; 
+		std::getline (f, lastModified);
+		return true;
+	}
+
+//---------------------------------------------------------------------
+	AddressBook::AddressBook (): m_Storage(nullptr), m_IsLoaded (false), m_IsDownloading (false),
+		m_DefaultSubscription (nullptr), m_SubscriptionsUpdateTimer (nullptr)
 	{
 	}
 
+	AddressBook::~AddressBook ()
+	{	
+		Stop ();
+	}
+
+	void AddressBook::Start ()
+	{
+		if (!m_Storage)
+			m_Storage = new AddressBookFilesystemStorage;
+		m_Storage->Init();
+		LoadHosts (); /* try storage, then hosts.txt, then download */
+		StartSubscriptions ();
+		StartLookups ();
+	}
+
+	void AddressBook::StartResolvers ()
+	{
+		LoadLocal ();
+	}	
+	
+	void AddressBook::Stop ()
+	{
+		StopLookups ();
+		StopSubscriptions ();
+		if (m_SubscriptionsUpdateTimer)
+		{	
+			delete m_SubscriptionsUpdateTimer;	
+			m_SubscriptionsUpdateTimer = nullptr;
+		}	
+		if (m_IsDownloading)
+		{
+			LogPrint (eLogInfo, "Addressbook: subscriptions is downloading, abort");
+			for (int i = 0; i < 30; i++)
+			{
+				if (!m_IsDownloading)
+				{
+					LogPrint (eLogInfo, "Addressbook: subscriptions download complete");
+					break;
+				}	
+				std::this_thread::sleep_for (std::chrono::seconds (1)); // wait for 1 seconds
+			}	
+			LogPrint (eLogError, "Addressbook: subscription download timeout");
+			m_IsDownloading = false;
+		}
+		if (m_Storage)
+		{
+			m_Storage->Save (m_Addresses);
+			delete m_Storage;
+			m_Storage = nullptr;
+		}
+		m_DefaultSubscription = nullptr;	
+		m_Subscriptions.clear ();	
+	}	
+	
 	bool AddressBook::GetIdentHash (const std::string& address, i2p::data::IdentHash& ident)
 	{
 		auto pos = address.find(".b32.i2p");
@@ -37,73 +284,73 @@ namespace client
 					ident = *identHash;
 					return true;
 				}
+				else
+				{	
+					LookupAddress (address); // TODO:
+					return false;
+				}	
 			}
 		}	
-		return false;
+		// if not .b32 we assume full base64 address
+		i2p::data::IdentityEx dest;
+		if (!dest.FromBase64 (address))
+			return false;
+		ident = dest.GetIdentHash ();
+		return true;
 	}
 	
 	const i2p::data::IdentHash * AddressBook::FindAddress (const std::string& address)
 	{
-		if (!m_IsLoaded)
-			LoadHosts ();
-		if (m_IsLoaded)
-		{
-			auto it = m_Addresses.find (address);
-			if (it != m_Addresses.end ())
-				return &it->second;
-		}
+		auto it = m_Addresses.find (address);
+		if (it != m_Addresses.end ())
+			return &it->second;
 		return nullptr;	
 	}
 
 	void AddressBook::InsertAddress (const std::string& address, const std::string& base64)
 	{
-		i2p::data::IdentityEx ident;
-		ident.FromBase64 (base64);
-		m_Addresses[address] = ident.GetIdentHash ();
-		LogPrint (address,"->",ident.GetIdentHash ().ToBase32 (), ".b32.i2p added");
+		auto ident = std::make_shared<i2p::data::IdentityEx>();
+		ident->FromBase64 (base64);
+		m_Storage->AddAddress (ident);
+		m_Addresses[address] = ident->GetIdentHash ();
+		LogPrint (eLogInfo, "Addressbook: added ", address," -> ", ToAddress(ident->GetIdentHash ()));
 	}
 
-	void AddressBook::LoadHostsFromI2P ()
+	void AddressBook::InsertAddress (std::shared_ptr<const i2p::data::IdentityEx> address)
 	{
-		std::string content;
-		int http_code = i2p::util::http::httpRequestViaI2pProxy("http://udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p/hosts.txt", content);
-		if (http_code == 200)
-		{
-			std::ofstream f_save(i2p::util::filesystem::GetFullPath("hosts.txt").c_str(), std::ofstream::out);
-			if (f_save.is_open())
-			{
-				f_save << content;
-				f_save.close();
-			}
-			else
-				LogPrint("Can't write hosts.txt");
-			m_IsLoaded = false;
-		}	
-		else
-			LogPrint ("Failed to download hosts.txt");
-		m_IsDowloading = false;	
-	
-		return;
+		m_Storage->AddAddress (address);
 	}
 
+	std::shared_ptr<const i2p::data::IdentityEx> AddressBook::GetAddress (const std::string& address)
+	{
+		i2p::data::IdentHash ident;
+		if (!GetIdentHash (address, ident)) return nullptr;
+		return m_Storage->GetAddress (ident);
+	}	
+
 	void AddressBook::LoadHosts ()
 	{
-		std::ifstream f (i2p::util::filesystem::GetFullPath ("hosts.txt").c_str (), std::ofstream::in); // in text mode
-		if (!f.is_open ())	
+		if (m_Storage->Load (m_Addresses) > 0)
 		{
-			LogPrint ("hosts.txt not found. Try to load...");
-			if (!m_IsDowloading)
-			{
-				m_IsDowloading = true;
-				std::thread load_hosts(&AddressBook::LoadHostsFromI2P, this);
-				load_hosts.detach();
-			}
+			m_IsLoaded = true;
 			return;
 		}
+	
+		// then try hosts.txt
+		std::ifstream f (i2p::fs::DataDirPath("hosts.txt"), std::ifstream::in); // in text mode
+		if (f.is_open ())	
+		{
+			LoadHostsFromStream (f, false);
+			m_IsLoaded = true;
+		}
+	}
+
+	bool AddressBook::LoadHostsFromStream (std::istream& f, bool is_update)
+	{
+		std::unique_lock<std::mutex> l(m_AddressBookMutex);
 		int numAddresses = 0;
-
+		bool incomplete = false;
 		std::string s;
-
 		while (!f.eof ())
 		{
 			getline(f, s);
@@ -118,14 +365,505 @@ namespace client
 				std::string name = s.substr(0, pos++);
 				std::string addr = s.substr(pos);
 
-				i2p::data::IdentityEx ident;
-				ident.FromBase64(addr);
-				m_Addresses[name] = ident.GetIdentHash ();
+				auto ident = std::make_shared<i2p::data::IdentityEx> ();
+				if (!ident->FromBase64(addr)) {
+					LogPrint (eLogError, "Addressbook: malformed address ", addr, " for ", name);
+					incomplete = f.eof ();
+					continue;
+				}
 				numAddresses++;
-			}		
+				if (m_Addresses.count(name) > 0)
+					continue; /* already exists */
+				m_Addresses[name] = ident->GetIdentHash ();
+				m_Storage->AddAddress (ident);
+				if (is_update)
+					LogPrint(eLogInfo, "Addressbook: added new host: ", name);
+			}	
+			else
+				incomplete = f.eof ();
 		}
-		LogPrint (numAddresses, " addresses loaded");
-		m_IsLoaded = true;
+		LogPrint (eLogInfo, "Addressbook: ", numAddresses, " addresses processed");
+		if (numAddresses > 0)
+		{	
+			if (!incomplete) m_IsLoaded = true;
+			m_Storage->Save (m_Addresses);
+		}	
+		return !incomplete;
+	}	
+	
+	void AddressBook::LoadSubscriptions ()
+	{
+		if (!m_Subscriptions.size ())
+		{
+			std::ifstream f (i2p::fs::DataDirPath ("subscriptions.txt"), std::ifstream::in); // in text mode
+			if (f.is_open ())
+			{
+				std::string s;
+				while (!f.eof ())
+				{
+					getline(f, s);
+					if (!s.length()) continue; // skip empty line
+					m_Subscriptions.push_back (std::make_shared<AddressBookSubscription> (*this, s));
+				}
+				LogPrint (eLogInfo, "Addressbook: ", m_Subscriptions.size (), " subscriptions urls loaded");
+				LogPrint (eLogWarning, "Addressbook: subscriptions.txt usage is deprecated, use config file instead");
+			}
+			else if (!i2p::config::IsDefault("addressbook.subscriptions"))
+                        {
+                            // using config file items
+                            std::string subscriptionURLs; i2p::config::GetOption("addressbook.subscriptions", subscriptionURLs);
+                            std::vector<std::string> subsList;
+                            boost::split(subsList, subscriptionURLs, boost::is_any_of(","), boost::token_compress_on);
+
+                            for (size_t i = 0; i < subsList.size (); i++)
+                            {
+                                    m_Subscriptions.push_back (std::make_shared<AddressBookSubscription> (*this, subsList[i]));
+                            }
+                            LogPrint (eLogInfo, "Addressbook: ", m_Subscriptions.size (), " subscriptions urls loaded");
+                        }
+		}
+		else
+			LogPrint (eLogError, "Addressbook: subscriptions already loaded");
+	}
+
+	void AddressBook::LoadLocal ()
+	{
+		std::map<std::string, i2p::data::IdentHash> localAddresses;
+		m_Storage->LoadLocal (localAddresses);
+		for (const auto& it: localAddresses)
+		{
+			auto dot = it.first.find ('.');
+			if (dot != std::string::npos)
+			{
+				auto domain = it.first.substr (dot + 1);
+				auto it1 = m_Addresses.find (domain);  // find domain in our addressbook
+				if (it1 != m_Addresses.end ())
+				{
+					auto dest = context.FindLocalDestination (it1->second);
+					if (dest) 
+					{
+						// address is ours
+						std::shared_ptr<AddressResolver> resolver;
+						auto it2 = m_Resolvers.find (it1->second); 
+						if (it2 != m_Resolvers.end ())
+							resolver = it2->second; // resolver exists
+						else
+						{
+							// create new resolver
+							resolver = std::make_shared<AddressResolver>(dest);
+							m_Resolvers.insert (std::make_pair(it1->second, resolver));
+						}
+						resolver->AddAddress (it.first, it.second);
+					}
+				}
+			}
+		}
+	}
+
+	bool AddressBook::GetEtag (const i2p::data::IdentHash& subscription, std::string& etag, std::string& lastModified)
+	{
+		if (m_Storage)
+			return m_Storage->GetEtag (subscription, etag, lastModified);	
+		else
+			return false;		
+	}
+
+	void AddressBook::DownloadComplete (bool success, const i2p::data::IdentHash& subscription, const std::string& etag, const std::string& lastModified)
+	{
+		m_IsDownloading = false;
+		int nextUpdateTimeout = CONTINIOUS_SUBSCRIPTION_RETRY_TIMEOUT;
+		if (success)
+		{	
+			if (m_DefaultSubscription) m_DefaultSubscription = nullptr;
+			if (m_IsLoaded)
+				nextUpdateTimeout = CONTINIOUS_SUBSCRIPTION_UPDATE_TIMEOUT; 
+			else
+				m_IsLoaded = true;
+			if (m_Storage) m_Storage->SaveEtag (subscription, etag, lastModified);
+		}	
+		if (m_SubscriptionsUpdateTimer)
+		{
+			m_SubscriptionsUpdateTimer->expires_from_now (boost::posix_time::minutes(nextUpdateTimeout));
+			m_SubscriptionsUpdateTimer->async_wait (std::bind (&AddressBook::HandleSubscriptionsUpdateTimer,
+				this, std::placeholders::_1));
+		}
+	}
+
+	void AddressBook::StartSubscriptions ()
+	{
+		LoadSubscriptions ();
+		if (m_IsLoaded && m_Subscriptions.empty ()) return;
+		
+		auto dest = i2p::client::context.GetSharedLocalDestination ();
+		if (dest)
+		{
+			m_SubscriptionsUpdateTimer = new boost::asio::deadline_timer (dest->GetService ());
+			m_SubscriptionsUpdateTimer->expires_from_now (boost::posix_time::minutes(INITIAL_SUBSCRIPTION_UPDATE_TIMEOUT));
+			m_SubscriptionsUpdateTimer->async_wait (std::bind (&AddressBook::HandleSubscriptionsUpdateTimer,
+				this, std::placeholders::_1));
+		}
+		else
+			LogPrint (eLogError, "Addressbook: can't start subscriptions: missing shared local destination");
+	}
+
+	void AddressBook::StopSubscriptions ()
+	{
+		if (m_SubscriptionsUpdateTimer)
+			m_SubscriptionsUpdateTimer->cancel ();
+	}
+
+	void AddressBook::HandleSubscriptionsUpdateTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			auto dest = i2p::client::context.GetSharedLocalDestination ();
+			if (!dest) {
+				LogPrint(eLogWarning, "Addressbook: missing local destination, skip subscription update");
+				return;
+			}
+			if (!m_IsDownloading && dest->IsReady ())
+			{
+				if (!m_IsLoaded)
+				{
+					// download it from default subscription 
+					LogPrint (eLogInfo, "Addressbook: trying to download it from default subscription.");
+                                        std::string defaultSubURL; i2p::config::GetOption("addressbook.defaulturl", defaultSubURL);
+					if (!m_DefaultSubscription)
+						m_DefaultSubscription = std::make_shared<AddressBookSubscription>(*this, defaultSubURL);
+					m_IsDownloading = true;	
+					std::thread load_hosts(std::bind (&AddressBookSubscription::CheckUpdates, m_DefaultSubscription));
+					load_hosts.detach(); // TODO: use join
+				}	
+				else if (!m_Subscriptions.empty ())
+				{	
+					// pick random subscription
+					auto ind = rand () % m_Subscriptions.size();	
+					m_IsDownloading = true;	
+					std::thread load_hosts(std::bind (&AddressBookSubscription::CheckUpdates, m_Subscriptions[ind]));
+					load_hosts.detach(); // TODO: use join
+				}	
+			}
+			else
+			{
+				// try it again later
+				m_SubscriptionsUpdateTimer->expires_from_now (boost::posix_time::minutes(INITIAL_SUBSCRIPTION_RETRY_TIMEOUT));
+				m_SubscriptionsUpdateTimer->async_wait (std::bind (&AddressBook::HandleSubscriptionsUpdateTimer,
+					this, std::placeholders::_1));
+			}
+		}
+	}
+
+	void AddressBook::StartLookups ()
+	{
+		auto dest = i2p::client::context.GetSharedLocalDestination ();
+		if (dest)
+		{
+			auto datagram = dest->GetDatagramDestination ();
+			if (!datagram)
+				datagram = dest->CreateDatagramDestination ();
+			datagram->SetReceiver (std::bind (&AddressBook::HandleLookupResponse, this,
+				std::placeholders::_1, std::placeholders::_2, std::placeholders::_3, std::placeholders::_4, std::placeholders::_5),
+				ADDRESS_RESPONSE_DATAGRAM_PORT);
+		}	
+	}
+	
+	void AddressBook::StopLookups ()
+	{
+		auto dest = i2p::client::context.GetSharedLocalDestination ();
+		if (dest)
+		{
+			auto datagram = dest->GetDatagramDestination ();
+			if (datagram) datagram->ResetReceiver (ADDRESS_RESPONSE_DATAGRAM_PORT);
+		}	
+	}
+
+	void AddressBook::LookupAddress (const std::string& address)
+	{
+		const i2p::data::IdentHash * ident = nullptr;
+		auto dot = address.find ('.');
+		if (dot != std::string::npos)
+			ident = FindAddress (address.substr (dot + 1));
+		if (!ident)
+		{
+			LogPrint (eLogError, "Addressbook: Can't find domain for ", address);
+			return;
+		}	
+		
+		auto dest = i2p::client::context.GetSharedLocalDestination ();
+		if (dest)
+		{
+			auto datagram = dest->GetDatagramDestination ();
+			if (datagram)
+			{
+				uint32_t nonce;
+				RAND_bytes ((uint8_t *)&nonce, 4);
+				{
+					std::unique_lock<std::mutex> l(m_LookupsMutex);
+					m_Lookups[nonce] = address; 
+				}	
+				LogPrint (eLogDebug, "Addressbook: Lookup of ", address, " to ", ident->ToBase32 (), " nonce=", nonce);
+				size_t len = address.length () + 9;
+				uint8_t * buf = new uint8_t[len];
+				memset (buf, 0, 4);
+				htobe32buf (buf + 4, nonce);
+				buf[8] = address.length ();
+				memcpy (buf + 9, address.c_str (), address.length ());
+				datagram->SendDatagramTo (buf, len, *ident, ADDRESS_RESPONSE_DATAGRAM_PORT, ADDRESS_RESOLVER_DATAGRAM_PORT);
+				delete[] buf;
+			}	
+		}		
+	}	
+	
+	void AddressBook::HandleLookupResponse (const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len)
+	{
+		if (len < 44)
+		{
+			LogPrint (eLogError, "Addressbook: Lookup response is too short ", len);
+			return;
+		}
+		uint32_t nonce = bufbe32toh (buf + 4);
+		LogPrint (eLogDebug, "Addressbook: Lookup response received from ", from.GetIdentHash ().ToBase32 (), " nonce=", nonce);
+		std::string address;
+		{
+			std::unique_lock<std::mutex> l(m_LookupsMutex);
+			auto it = m_Lookups.find (nonce);
+			if (it != m_Lookups.end ())
+			{	
+				address = it->second;
+				m_Lookups.erase (it);
+			}	
+		}	
+		if (address.length () > 0)
+		{
+			// TODO: verify from
+			i2p::data::IdentHash hash(buf + 8);
+			if (!hash.IsZero ())				
+				m_Addresses[address] = hash;
+			else
+				LogPrint (eLogInfo, "AddressBook: Lookup response: ", address, " not found");
+		}	
+	}
+	
+	AddressBookSubscription::AddressBookSubscription (AddressBook& book, const std::string& link):
+		m_Book (book), m_Link (link)
+	{
+	}
+
+	void AddressBookSubscription::CheckUpdates ()
+	{
+		bool result = MakeRequest ();
+		m_Book.DownloadComplete (result, m_Ident, m_Etag, m_LastModified);
+	}
+
+	bool AddressBookSubscription::MakeRequest ()
+	{
+		i2p::http::URL url;
+		// must be run in separate thread	
+		LogPrint (eLogInfo, "Addressbook: Downloading hosts database from ", m_Link);
+		if (!url.parse(m_Link)) {
+			LogPrint(eLogError, "Addressbook: failed to parse url: ", m_Link);
+			return false;
+		}
+		if (!m_Book.GetIdentHash (url.host, m_Ident)) {
+			LogPrint (eLogError, "Addressbook: Can't resolve ", url.host);
+			return false;
+		}
+		/* this code block still needs some love */
+		std::condition_variable newDataReceived;
+		std::mutex newDataReceivedMutex;
+		auto leaseSet = i2p::client::context.GetSharedLocalDestination ()->FindLeaseSet (m_Ident);
+		if (!leaseSet)
+		{
+			std::unique_lock<std::mutex> l(newDataReceivedMutex);
+			i2p::client::context.GetSharedLocalDestination ()->RequestDestination (m_Ident,
+				[&newDataReceived, &leaseSet, &newDataReceivedMutex](std::shared_ptr<i2p::data::LeaseSet> ls)
+			    {
+					leaseSet = ls;
+					std::unique_lock<std::mutex> l1(newDataReceivedMutex);
+					newDataReceived.notify_all ();
+				});
+			if (newDataReceived.wait_for (l, std::chrono::seconds (SUBSCRIPTION_REQUEST_TIMEOUT)) == std::cv_status::timeout)
+			{
+				LogPrint (eLogError, "Addressbook: Subscription LeaseSet request timeout expired");
+				i2p::client::context.GetSharedLocalDestination ()->CancelDestinationRequest (m_Ident, false); // don't notify, because we know it already
+				return false;
+			}
+		}
+		if (!leaseSet) {
+			/* still no leaseset found */
+			LogPrint (eLogError, "Addressbook: LeaseSet for address ", url.host, " not found");
+			return false;
+		}
+		if (m_Etag.empty() && m_LastModified.empty()) {
+			m_Book.GetEtag (m_Ident, m_Etag, m_LastModified);
+			LogPrint (eLogDebug, "Addressbook: loaded for ", url.host, ": ETag: ", m_Etag, ", Last-Modified: ", m_LastModified);
+		}
+		/* save url parts for later use */
+		std::string dest_host = url.host;
+		int         dest_port = url.port ? url.port : 80;
+		/* create http request & send it */
+		i2p::http::HTTPReq req;
+		req.AddHeader("Host", dest_host);
+		req.AddHeader("User-Agent", "Wget/1.11.4");
+		req.AddHeader("X-Accept-Encoding", "x-i2p-gzip;q=1.0, identity;q=0.5, deflate;q=0, gzip;q=0, *;q=0\r\n");
+		req.AddHeader("Connection", "close");
+		if (!m_Etag.empty())
+			req.AddHeader("If-None-Match", m_Etag);
+		if (!m_LastModified.empty())
+			req.AddHeader("If-Modified-Since", m_LastModified);
+		/* convert url to relative */
+		url.schema = "";
+		url.host   = "";
+		req.uri  = url.to_string();
+		auto stream = i2p::client::context.GetSharedLocalDestination ()->CreateStream (leaseSet, dest_port);
+		std::string request = req.to_string();
+		stream->Send ((const uint8_t *) request.data(), request.length());
+		/* read response */
+		std::string response;
+		uint8_t recv_buf[4096];
+		bool end = false;
+		int numAttempts = 5;
+		while (!end) 
+		{
+			stream->AsyncReceive (boost::asio::buffer (recv_buf, 4096),
+				[&](const boost::system::error_code& ecode, std::size_t bytes_transferred)
+				{
+					if (bytes_transferred)
+						response.append ((char *)recv_buf, bytes_transferred);
+					if (ecode == boost::asio::error::timed_out || !stream->IsOpen ())
+						end = true;
+					newDataReceived.notify_all ();
+				},
+				30); // wait for 30 seconds
+			std::unique_lock<std::mutex> l(newDataReceivedMutex);
+			if (newDataReceived.wait_for (l, std::chrono::seconds (SUBSCRIPTION_REQUEST_TIMEOUT)) == std::cv_status::timeout)
+			{	
+				LogPrint (eLogError, "Addressbook: subscriptions request timeout expired");
+				numAttempts++;
+				if (numAttempts > 5) end = true;
+			}	
+		}
+		// process remaining buffer
+		while (size_t len = stream->ReadSome (recv_buf, sizeof(recv_buf))) 
+			response.append ((char *)recv_buf, len);
+		/* parse response */
+		i2p::http::HTTPRes res;
+		int res_head_len = res.parse(response);
+		if (res_head_len < 0) 
+		{
+			LogPrint(eLogError, "Addressbook: can't parse http response from ", dest_host);
+			return false;
+		}
+		if (res_head_len == 0) 
+		{
+			LogPrint(eLogError, "Addressbook: incomplete http response from ", dest_host, ", interrupted by timeout");
+			return false;
+		}
+		/* assert: res_head_len > 0 */
+		response.erase(0, res_head_len);
+		if (res.code == 304) 
+		{
+			LogPrint (eLogInfo, "Addressbook: no updates from ", dest_host, ", code 304");
+			return false;
+		}
+		if (res.code != 200) 
+		{
+			LogPrint (eLogWarning, "Adressbook: can't get updates from ", dest_host, ", response code ", res.code);
+			return false;
+		}
+		int len = res.content_length();
+		if (response.empty()) 
+		{
+			LogPrint(eLogError, "Addressbook: empty response from ", dest_host, ", expected ", len, " bytes");
+			return false;
+		}
+		if (!res.is_gzipped () && len > 0 && len != (int) response.length()) 
+		{
+			LogPrint(eLogError, "Addressbook: response size mismatch, expected: ", len, ", got: ", response.length(), "bytes");
+			return false;
+		}
+		/* assert: res.code == 200 */
+		auto it = res.headers.find("ETag");
+		if (it != res.headers.end()) m_Etag = it->second;
+		it = res.headers.find("If-Modified-Since");
+		if (it != res.headers.end()) m_LastModified = it->second;
+		if (res.is_chunked()) 
+		{
+			std::stringstream in(response), out;
+			i2p::http::MergeChunkedResponse (in, out);
+			response = out.str();
+		} 
+		else if (res.is_gzipped()) 
+		{
+			std::stringstream out;
+			i2p::data::GzipInflator inflator;
+			inflator.Inflate ((const uint8_t *) response.data(), response.length(), out);
+			if (out.fail()) 
+			{
+				LogPrint(eLogError, "Addressbook: can't gunzip http response");
+				return false;
+			}
+			response = out.str();
+		}
+		std::stringstream ss(response);
+		LogPrint (eLogInfo, "Addressbook: got update from ", dest_host);
+		m_Book.LoadHostsFromStream (ss, true);
+		return true;
+	}
+
+	AddressResolver::AddressResolver (std::shared_ptr<ClientDestination> destination):
+		m_LocalDestination (destination)
+	{
+		if (m_LocalDestination)
+		{
+			auto datagram = m_LocalDestination->GetDatagramDestination ();
+			if (!datagram)
+				datagram = m_LocalDestination->CreateDatagramDestination ();
+			datagram->SetReceiver (std::bind (&AddressResolver::HandleRequest, this, 
+				std::placeholders::_1, std::placeholders::_2, std::placeholders::_3, std::placeholders::_4, std::placeholders::_5), 
+				ADDRESS_RESOLVER_DATAGRAM_PORT);
+		}
+	}
+
+	AddressResolver::~AddressResolver ()
+	{
+		if (m_LocalDestination)
+		{
+			auto datagram = m_LocalDestination->GetDatagramDestination ();
+			if (datagram)
+			    datagram->ResetReceiver (ADDRESS_RESOLVER_DATAGRAM_PORT);
+		}	
+	}	
+		
+	void AddressResolver::HandleRequest (const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len)
+	{
+		if (len < 9 || len < buf[8] + 9U)
+		{
+			LogPrint (eLogError, "Addressbook: Address request is too short ", len);
+			return;
+		}
+		// read requested address
+		uint8_t l = buf[8];
+		char address[255];
+		memcpy (address, buf + 9, l);
+		address[l] = 0;		
+		LogPrint (eLogDebug, "Addressbook: Address request ", address);
+		// send response
+		uint8_t response[44];
+		memset (response, 0, 4); // reserved
+		memcpy (response + 4, buf + 4, 4); // nonce 	
+		auto it = m_LocalAddresses.find (address); // address lookup
+		if (it != m_LocalAddresses.end ())	
+			memcpy (response + 8, it->second, 32); // ident 
+		else
+			memset (response + 8, 0, 32); // not found 
+		memset (response + 40, 0, 4); // set expiration time to zero
+		m_LocalDestination->GetDatagramDestination ()->SendDatagramTo (response, 44, from.GetIdentHash(), toPort, fromPort);
+	}
+
+	void AddressResolver::AddAddress (const std::string& name, const i2p::data::IdentHash& ident)
+	{
+		m_LocalAddresses[name] = ident;		
 	}
 
 }

AddressBook.h

@@ -4,31 +4,139 @@
 #include <string.h>
 #include <string>
 #include <map>
-#include "base64.h"
-#include "util.h"
+#include <vector>
+#include <iostream>
+#include <mutex>
+#include <memory>
+#include <boost/asio.hpp>
+#include "Base.h"
 #include "Identity.h"
 #include "Log.h"
+#include "Destination.h"
 
 namespace i2p
 {
 namespace client
 {
+	const int INITIAL_SUBSCRIPTION_UPDATE_TIMEOUT = 3; // in minutes	
+	const int INITIAL_SUBSCRIPTION_RETRY_TIMEOUT = 1; // in minutes			
+	const int CONTINIOUS_SUBSCRIPTION_UPDATE_TIMEOUT = 720; // in minutes (12 hours)			
+	const int CONTINIOUS_SUBSCRIPTION_RETRY_TIMEOUT = 5; // in minutes	
+	const int SUBSCRIPTION_REQUEST_TIMEOUT = 60; //in second
+
+	const uint16_t ADDRESS_RESOLVER_DATAGRAM_PORT = 53;	
+	const uint16_t ADDRESS_RESPONSE_DATAGRAM_PORT = 54;
+	
+	inline std::string GetB32Address(const i2p::data::IdentHash& ident) { return ident.ToBase32().append(".b32.i2p"); }
+
+	class AddressBookStorage // interface for storage
+	{
+		public:
+
+			virtual ~AddressBookStorage () {};
+			virtual std::shared_ptr<const i2p::data::IdentityEx> GetAddress (const i2p::data::IdentHash& ident) const = 0;	
+			virtual void AddAddress (std::shared_ptr<const i2p::data::IdentityEx> address) = 0;
+			virtual void RemoveAddress (const i2p::data::IdentHash& ident) = 0;
+		
+			virtual bool Init () = 0;
+			virtual int Load (std::map<std::string, i2p::data::IdentHash>& addresses) = 0;
+			virtual int LoadLocal (std::map<std::string, i2p::data::IdentHash>& addresses) = 0;
+			virtual int Save (const std::map<std::string, i2p::data::IdentHash>& addresses) = 0;
+
+			virtual void SaveEtag (const i2p::data::IdentHash& subscription, const std::string& etag, const std::string& lastModified) = 0;
+			virtual bool GetEtag (const i2p::data::IdentHash& subscription, std::string& etag, std::string& lastModified) = 0;
+	};			
+
+	class AddressBookSubscription;
+	class AddressResolver;
 	class AddressBook
 	{
 		public:
 
 			AddressBook ();
+			~AddressBook ();
+			void Start ();
+			void StartResolvers ();
+			void Stop ();
 			bool GetIdentHash (const std::string& address, i2p::data::IdentHash& ident);
+			std::shared_ptr<const i2p::data::IdentityEx> GetAddress (const std::string& address);
 			const i2p::data::IdentHash * FindAddress (const std::string& address);
+			void LookupAddress (const std::string& address);
 			void InsertAddress (const std::string& address, const std::string& base64); // for jump service
+			void InsertAddress (std::shared_ptr<const i2p::data::IdentityEx> address);
+
+			bool LoadHostsFromStream (std::istream& f, bool is_update);
+			void DownloadComplete (bool success, const i2p::data::IdentHash& subscription, const std::string& etag, const std::string& lastModified);
+			//This method returns the ".b32.i2p" address
+			std::string ToAddress(const i2p::data::IdentHash& ident) { return GetB32Address(ident); }
+			std::string ToAddress(std::shared_ptr<const i2p::data::IdentityEx> ident) { return ToAddress(ident->GetIdentHash ()); }
+
+			bool GetEtag (const i2p::data::IdentHash& subscription, std::string& etag, std::string& lastModified);
+
+		private:
+
+			void StartSubscriptions ();
+			void StopSubscriptions ();
+			
+			void LoadHosts ();
+			void LoadSubscriptions ();
+			void LoadLocal ();
+
+			void HandleSubscriptionsUpdateTimer (const boost::system::error_code& ecode);
+
+			void StartLookups ();
+			void StopLookups ();
+			void HandleLookupResponse (const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
+			
+		private:	
+
+			std::mutex m_AddressBookMutex;
+			std::map<std::string, i2p::data::IdentHash>  m_Addresses;
+			std::map<i2p::data::IdentHash, std::shared_ptr<AddressResolver> > m_Resolvers; // local destination->resolver
+			std::mutex m_LookupsMutex;
+			std::map<uint32_t, std::string> m_Lookups; // nonce -> address
+			AddressBookStorage * m_Storage;
+			volatile bool m_IsLoaded, m_IsDownloading;
+			std::vector<std::shared_ptr<AddressBookSubscription> > m_Subscriptions;
+			std::shared_ptr<AddressBookSubscription> m_DefaultSubscription; // in case if we don't know any addresses yet
+			boost::asio::deadline_timer * m_SubscriptionsUpdateTimer;
+	};
+
+	class AddressBookSubscription
+	{
+		public:
+
+			AddressBookSubscription (AddressBook& book, const std::string& link);
+			void CheckUpdates ();
+
+		private:
+
+			bool MakeRequest ();
 		
 		private:
-	
-			void LoadHosts ();
-			void LoadHostsFromI2P ();
 
-			std::map<std::string, i2p::data::IdentHash>  m_Addresses;
-			bool m_IsLoaded, m_IsDowloading;
+			AddressBook& m_Book;
+			std::string m_Link, m_Etag, m_LastModified;
+			i2p::data::IdentHash m_Ident;
+			// m_Etag must be surrounded by ""
+	};
+
+	class AddressResolver
+	{
+		public:
+
+			AddressResolver (std::shared_ptr<ClientDestination> destination);
+			~AddressResolver ();
+			void AddAddress (const std::string& name, const i2p::data::IdentHash& ident);
+
+		private:
+
+			void HandleRequest (const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
+
+		private:
+
+			std::shared_ptr<ClientDestination> m_LocalDestination;
+			std::map<std::string, i2p::data::IdentHash>  m_LocalAddresses;
 	};
 }
 }

BOB.cpp

@@ -0,0 +1,717 @@
+#include <string.h>
+#include "Log.h"
+#include "ClientContext.h"
+#include "util.h"
+#include "BOB.h"
+
+namespace i2p
+{
+namespace client
+{
+	BOBI2PInboundTunnel::BOBI2PInboundTunnel (int port, std::shared_ptr<ClientDestination> localDestination): 
+		BOBI2PTunnel (localDestination), 
+		m_Acceptor (localDestination->GetService (), boost::asio::ip::tcp::endpoint (boost::asio::ip::tcp::v4(), port))
+	{
+	}
+
+	BOBI2PInboundTunnel::~BOBI2PInboundTunnel ()
+	{
+		Stop ();
+	}
+
+	void BOBI2PInboundTunnel::Start ()
+	{
+		m_Acceptor.listen ();
+		Accept ();
+	}
+
+	void BOBI2PInboundTunnel::Stop ()
+	{
+		m_Acceptor.close();
+		ClearHandlers ();
+	}
+
+	void BOBI2PInboundTunnel::Accept ()
+	{
+		auto receiver = std::make_shared<AddressReceiver> ();
+		receiver->socket = std::make_shared<boost::asio::ip::tcp::socket> (GetService ());
+		m_Acceptor.async_accept (*receiver->socket, std::bind (&BOBI2PInboundTunnel::HandleAccept, this,
+			std::placeholders::_1, receiver));
+	}	
+
+	void BOBI2PInboundTunnel::HandleAccept (const boost::system::error_code& ecode, std::shared_ptr<AddressReceiver> receiver)
+	{
+		if (!ecode)
+		{
+			Accept ();	
+			ReceiveAddress (receiver);
+		}
+	}
+
+	void BOBI2PInboundTunnel::ReceiveAddress (std::shared_ptr<AddressReceiver> receiver)
+	{
+		receiver->socket->async_read_some (boost::asio::buffer(
+		        receiver->buffer + receiver->bufferOffset, 
+				BOB_COMMAND_BUFFER_SIZE - receiver->bufferOffset),                
+			std::bind(&BOBI2PInboundTunnel::HandleReceivedAddress, this, 
+				std::placeholders::_1, std::placeholders::_2, receiver));
+	}
+	
+	void BOBI2PInboundTunnel::HandleReceivedAddress (const boost::system::error_code& ecode, std::size_t bytes_transferred,
+		std::shared_ptr<AddressReceiver> receiver)
+	{
+		if (ecode)
+			LogPrint (eLogError, "BOB: inbound tunnel read error: ", ecode.message ());
+		else
+		{
+			receiver->bufferOffset += bytes_transferred;
+			receiver->buffer[receiver->bufferOffset] = 0;
+			char * eol = strchr (receiver->buffer, '\n');
+			if (eol)
+			{
+				*eol = 0;
+				if (eol != receiver->buffer && eol[-1] == '\r') eol[-1] = 0; // workaround for Transmission, it sends '\r\n' terminated address 
+				receiver->data = (uint8_t *)eol + 1;
+				receiver->dataLen = receiver->bufferOffset - (eol - receiver->buffer + 1);
+				i2p::data::IdentHash ident;
+				if (!context.GetAddressBook ().GetIdentHash (receiver->buffer, ident)) 
+				{
+					LogPrint (eLogError, "BOB: address ", receiver->buffer, " not found");
+					return;
+				}
+				auto leaseSet = GetLocalDestination ()->FindLeaseSet (ident);
+				if (leaseSet)
+					CreateConnection (receiver, leaseSet);
+				else
+					GetLocalDestination ()->RequestDestination (ident, 
+						std::bind (&BOBI2PInboundTunnel::HandleDestinationRequestComplete,
+						this, std::placeholders::_1, receiver));
+			}
+			else
+			{
+				if (receiver->bufferOffset < BOB_COMMAND_BUFFER_SIZE)
+					ReceiveAddress (receiver);
+				else
+					LogPrint (eLogError, "BOB: missing inbound address");
+			}			
+		}
+	}
+
+	void BOBI2PInboundTunnel::HandleDestinationRequestComplete (std::shared_ptr<i2p::data::LeaseSet> leaseSet, std::shared_ptr<AddressReceiver> receiver)
+	{
+		if (leaseSet)
+			CreateConnection (receiver, leaseSet);
+		else
+			LogPrint (eLogError, "BOB: LeaseSet for inbound destination not found");
+	}	
+
+	void BOBI2PInboundTunnel::CreateConnection (std::shared_ptr<AddressReceiver> receiver, std::shared_ptr<const i2p::data::LeaseSet> leaseSet)
+	{
+		LogPrint (eLogDebug, "BOB: New inbound connection");
+		auto connection = std::make_shared<I2PTunnelConnection>(this, receiver->socket, leaseSet);
+		AddHandler (connection);
+		connection->I2PConnect (receiver->data, receiver->dataLen);
+	}
+
+	BOBI2POutboundTunnel::BOBI2POutboundTunnel (const std::string& address, int port, 
+		std::shared_ptr<ClientDestination> localDestination, bool quiet): BOBI2PTunnel (localDestination),
+		m_Endpoint (boost::asio::ip::address::from_string (address), port), m_IsQuiet (quiet)
+	{
+	}
+	
+	void BOBI2POutboundTunnel::Start ()
+	{
+		Accept ();
+	}
+
+	void BOBI2POutboundTunnel::Stop ()
+	{
+		ClearHandlers ();
+	}	
+
+	void BOBI2POutboundTunnel::Accept ()
+	{
+		auto localDestination = GetLocalDestination ();	
+		if (localDestination)
+			localDestination->AcceptStreams (std::bind (&BOBI2POutboundTunnel::HandleAccept, this, std::placeholders::_1));
+		else
+			LogPrint (eLogError, "BOB: Local destination not set for server tunnel");
+	}
+
+	void BOBI2POutboundTunnel::HandleAccept (std::shared_ptr<i2p::stream::Stream> stream)
+	{
+		if (stream)
+		{	
+			auto conn = std::make_shared<I2PTunnelConnection> (this, stream, std::make_shared<boost::asio::ip::tcp::socket> (GetService ()), m_Endpoint, m_IsQuiet);
+			AddHandler (conn);
+			conn->Connect ();
+		}	
+	}
+
+	BOBDestination::BOBDestination (std::shared_ptr<ClientDestination> localDestination):
+		m_LocalDestination (localDestination), 
+		m_OutboundTunnel (nullptr), m_InboundTunnel (nullptr)
+	{
+	}
+		
+	BOBDestination::~BOBDestination ()
+	{
+		delete m_OutboundTunnel;
+		delete m_InboundTunnel;
+		i2p::client::context.DeleteLocalDestination (m_LocalDestination);
+	}	
+
+	void BOBDestination::Start ()
+	{
+		if (m_OutboundTunnel) m_OutboundTunnel->Start ();
+		if (m_InboundTunnel) m_InboundTunnel->Start ();
+	}
+		
+	void BOBDestination::Stop ()
+	{		
+		StopTunnels ();
+		m_LocalDestination->Stop ();
+	}	
+
+	void BOBDestination::StopTunnels ()
+	{
+		if (m_OutboundTunnel)
+		{	
+			m_OutboundTunnel->Stop ();
+			delete m_OutboundTunnel;
+			m_OutboundTunnel = nullptr;
+		}	
+		if (m_InboundTunnel)
+		{	
+			m_InboundTunnel->Stop ();
+			delete m_InboundTunnel;
+			m_InboundTunnel = nullptr;
+		}	
+	}	
+		
+	void BOBDestination::CreateInboundTunnel (int port)
+	{
+		if (!m_InboundTunnel)
+			m_InboundTunnel = new BOBI2PInboundTunnel (port, m_LocalDestination);
+	}
+		
+	void BOBDestination::CreateOutboundTunnel (const std::string& address, int port, bool quiet)
+	{
+		if (!m_OutboundTunnel)
+			m_OutboundTunnel = new BOBI2POutboundTunnel (address, port, m_LocalDestination, quiet);
+	}	
+		
+	BOBCommandSession::BOBCommandSession (BOBCommandChannel& owner): 
+		m_Owner (owner), m_Socket (m_Owner.GetService ()),
+		m_ReceiveBufferOffset (0), m_IsOpen (true), m_IsQuiet (false), m_IsActive (false), 
+		m_InPort (0), m_OutPort (0), m_CurrentDestination (nullptr)
+	{
+	}
+
+	BOBCommandSession::~BOBCommandSession ()
+	{
+	}
+
+	void BOBCommandSession::Terminate ()
+	{
+		m_Socket.close ();
+		m_IsOpen = false;	
+	}
+
+	void BOBCommandSession::Receive ()
+	{
+		m_Socket.async_read_some (boost::asio::buffer(m_ReceiveBuffer + m_ReceiveBufferOffset, BOB_COMMAND_BUFFER_SIZE - m_ReceiveBufferOffset),                
+			std::bind(&BOBCommandSession::HandleReceived, shared_from_this (), 
+			std::placeholders::_1, std::placeholders::_2));
+	}
+
+	void BOBCommandSession::HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred)
+	{
+		if (ecode)
+		{
+			LogPrint (eLogError, "BOB: command channel read error: ", ecode.message ());
+			if (ecode != boost::asio::error::operation_aborted)
+				Terminate ();
+		}	
+		else
+		{	
+			size_t size = m_ReceiveBufferOffset + bytes_transferred; 
+			m_ReceiveBuffer[size] = 0;
+			char * eol = strchr (m_ReceiveBuffer, '\n');
+			if (eol)
+			{
+				*eol = 0;
+				char * operand =  strchr (m_ReceiveBuffer, ' ');
+				if (operand)  
+				{	
+					*operand = 0;
+					operand++;
+				}	
+				else 
+					operand = eol;
+				// process command
+				auto& handlers = m_Owner.GetCommandHandlers ();
+				auto it = handlers.find (m_ReceiveBuffer);
+				if (it != handlers.end ())
+					(this->*(it->second))(operand, eol - operand);
+				else	
+				{
+					LogPrint (eLogError, "BOB: unknown command ", m_ReceiveBuffer);
+					SendReplyError ("unknown command");
+				}
+
+				m_ReceiveBufferOffset = size - (eol - m_ReceiveBuffer) - 1;
+				memmove (m_ReceiveBuffer, eol + 1, m_ReceiveBufferOffset);
+			}
+			else
+			{
+				if (size < BOB_COMMAND_BUFFER_SIZE)
+					m_ReceiveBufferOffset = size;
+				else
+				{
+					LogPrint (eLogError, "BOB: Malformed input of the command channel");
+					Terminate ();
+				}
+			}	
+		}
+	}
+
+	void BOBCommandSession::Send (size_t len)
+	{
+		boost::asio::async_write (m_Socket, boost::asio::buffer (m_SendBuffer, len), 
+			boost::asio::transfer_all (),
+			std::bind(&BOBCommandSession::HandleSent, shared_from_this (), 
+				std::placeholders::_1, std::placeholders::_2));
+	}
+
+	void BOBCommandSession::HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred)
+	{
+		if (ecode)
+        {
+			LogPrint (eLogError, "BOB: command channel send error: ", ecode.message ());
+			if (ecode != boost::asio::error::operation_aborted)
+				Terminate ();
+		}
+		else
+		{
+			if (m_IsOpen)
+				Receive ();
+			else
+				Terminate ();	
+		}
+	}
+
+	void BOBCommandSession::SendReplyOK (const char * msg)
+	{
+#ifdef _MSC_VER
+		size_t len = sprintf_s (m_SendBuffer, BOB_COMMAND_BUFFER_SIZE, BOB_REPLY_OK, msg);
+#else		
+		size_t len = snprintf (m_SendBuffer, BOB_COMMAND_BUFFER_SIZE, BOB_REPLY_OK, msg);
+#endif
+		Send (len);
+	}
+
+	void BOBCommandSession::SendReplyError (const char * msg)
+	{
+#ifdef _MSC_VER
+		size_t len = sprintf_s (m_SendBuffer, BOB_COMMAND_BUFFER_SIZE, BOB_REPLY_ERROR, msg);
+#else		
+		size_t len = snprintf (m_SendBuffer, BOB_COMMAND_BUFFER_SIZE, BOB_REPLY_ERROR, msg);
+#endif
+		Send (len);	
+	}
+		
+	void BOBCommandSession::SendVersion ()
+	{
+		size_t len = strlen (BOB_VERSION);
+		memcpy (m_SendBuffer, BOB_VERSION, len);
+		Send (len);
+	}
+
+	void BOBCommandSession::SendData (const char * nickname)
+	{
+#ifdef _MSC_VER
+		size_t len = sprintf_s (m_SendBuffer, BOB_COMMAND_BUFFER_SIZE, BOB_DATA, nickname);
+#else		
+		size_t len = snprintf (m_SendBuffer, BOB_COMMAND_BUFFER_SIZE, BOB_DATA, nickname);
+#endif
+		Send (len);			
+	}
+		
+	void BOBCommandSession::ZapCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: zap");
+		Terminate ();
+	}
+
+	void BOBCommandSession::QuitCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: quit");
+		m_IsOpen = false;
+		SendReplyOK ("Bye!");
+	}
+
+	void BOBCommandSession::StartCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: start ", m_Nickname);
+		if (m_IsActive)
+		{
+			SendReplyError ("tunnel is active");
+			return; 
+		}
+		if (!m_CurrentDestination)
+		{	
+			m_CurrentDestination = new BOBDestination (i2p::client::context.CreateNewLocalDestination (m_Keys, true, &m_Options));
+			m_Owner.AddDestination (m_Nickname, m_CurrentDestination);
+		}	
+		if (m_InPort)
+			m_CurrentDestination->CreateInboundTunnel (m_InPort);
+		if (m_OutPort && !m_Address.empty ())
+			m_CurrentDestination->CreateOutboundTunnel (m_Address, m_OutPort, m_IsQuiet);
+		m_CurrentDestination->Start ();	
+		SendReplyOK ("Tunnel starting");
+		m_IsActive = true;
+	}	
+
+	void BOBCommandSession::StopCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: stop ", m_Nickname);
+		if (!m_IsActive)
+		{
+			SendReplyError ("tunnel is inactive");
+			return;
+		}
+		auto dest = m_Owner.FindDestination (m_Nickname);
+		if (dest)
+		{
+			dest->StopTunnels ();
+			SendReplyOK ("Tunnel stopping");
+		}
+		else
+			SendReplyError ("tunnel not found");
+		m_IsActive = false;
+	}	
+	
+	void BOBCommandSession::SetNickCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: setnick ", operand);
+		m_Nickname = operand;
+		std::string msg ("Nickname set to ");
+		msg += m_Nickname;
+		SendReplyOK (msg.c_str ());
+	}	
+
+	void BOBCommandSession::GetNickCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: getnick ", operand);
+		m_CurrentDestination = m_Owner.FindDestination (operand); 
+		if (m_CurrentDestination)
+		{
+			m_Keys = m_CurrentDestination->GetKeys ();
+			m_Nickname = operand;
+		}
+		if (m_Nickname == operand)
+		{	
+			std::string msg ("Nickname set to ");
+			msg += m_Nickname;
+			SendReplyOK (msg.c_str ());
+		}	
+		else
+			SendReplyError ("no nickname has been set");	
+	}	
+
+	void BOBCommandSession::NewkeysCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: newkeys");
+		m_Keys = i2p::data::PrivateKeys::CreateRandomKeys ();
+		SendReplyOK (m_Keys.GetPublic ()->ToBase64 ().c_str ());
+	}	
+
+	void BOBCommandSession::SetkeysCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: setkeys ", operand);
+		m_Keys.FromBase64 (operand);
+		SendReplyOK (m_Keys.GetPublic ()->ToBase64 ().c_str ());
+	}
+		
+	void BOBCommandSession::GetkeysCommandHandler (const char * operand, size_t len)
+	{		
+		LogPrint (eLogDebug, "BOB: getkeys");
+		if (m_Keys.GetPublic ()) // keys are set ?
+			SendReplyOK (m_Keys.ToBase64 ().c_str ());
+		else
+			SendReplyError ("keys are not set");
+	}
+
+	void BOBCommandSession::GetdestCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: getdest");
+		SendReplyOK (m_Keys.GetPublic ()->ToBase64 ().c_str ());
+	}	
+		
+	void BOBCommandSession::OuthostCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: outhost ", operand);
+		m_Address = operand;
+		SendReplyOK ("outhost set");
+	}
+		
+	void BOBCommandSession::OutportCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: outport ", operand);
+		m_OutPort = std::stoi(operand);
+		if (m_OutPort >= 0)
+			SendReplyOK ("outbound port set");
+		else
+			SendReplyError ("port out of range");
+	}	
+
+	void BOBCommandSession::InhostCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: inhost ", operand);
+		m_Address = operand;
+		SendReplyOK ("inhost set");
+	}
+		
+	void BOBCommandSession::InportCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: inport ", operand);
+		m_InPort = std::stoi(operand);
+		if (m_InPort >= 0)
+			SendReplyOK ("inbound port set");
+		else
+			SendReplyError ("port out of range");
+	}		
+
+	void BOBCommandSession::QuietCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: quiet");
+		if (m_Nickname.length () > 0)
+		{
+			if (!m_IsActive)
+			{
+				m_IsQuiet = true;
+				SendReplyOK ("Quiet set");
+			}
+			else
+				SendReplyError ("tunnel is active");
+		}
+		else
+			SendReplyError ("no nickname has been set");
+	}	
+	
+	void BOBCommandSession::LookupCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: lookup ", operand);
+		i2p::data::IdentHash ident;
+		if (!context.GetAddressBook ().GetIdentHash (operand, ident)) 
+		{
+			SendReplyError ("Address Not found");
+			return;
+		}	
+		auto localDestination = m_CurrentDestination ? m_CurrentDestination->GetLocalDestination () : i2p::client::context.GetSharedLocalDestination ();
+		auto leaseSet = localDestination->FindLeaseSet (ident);
+		if (leaseSet)
+			SendReplyOK (leaseSet->GetIdentity ()->ToBase64 ().c_str ());
+		else
+		{
+			auto s = shared_from_this ();
+			localDestination->RequestDestination (ident, 
+				[s](std::shared_ptr<i2p::data::LeaseSet> ls)
+				{
+					if (ls)
+						s->SendReplyOK (ls->GetIdentity ()->ToBase64 ().c_str ());
+					else	
+						s->SendReplyError ("LeaseSet Not found");
+				}	
+			);
+		}
+	}
+
+	void BOBCommandSession::ClearCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: clear");
+		m_Owner.DeleteDestination (m_Nickname);
+		m_Nickname = "";
+		SendReplyOK ("cleared");
+	}	
+
+	void BOBCommandSession::ListCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: list");
+		const auto& destinations = m_Owner.GetDestinations ();
+		for (const auto& it: destinations)
+			SendData (it.first.c_str ());
+		SendReplyOK ("Listing done");
+	}	
+
+	void BOBCommandSession::OptionCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: option ", operand);
+		const char * value = strchr (operand, '=');
+		if (value)
+		{	
+			std::string msg ("option ");
+			*(const_cast<char *>(value)) = 0;
+			m_Options[operand] = value + 1; 
+			msg += operand;
+			*(const_cast<char *>(value)) = '=';
+			msg += " set to ";
+			msg += value;	
+			SendReplyOK (msg.c_str ());
+		}	
+		else
+			SendReplyError ("malformed");
+	}	
+
+	void BOBCommandSession::StatusCommandHandler (const char * operand, size_t len)
+	{
+		LogPrint (eLogDebug, "BOB: status ", operand);
+		if (m_Nickname == operand)
+		{
+			std::stringstream s;
+			s << "DATA"; s << " NICKNAME: "; s << m_Nickname;
+			if (m_CurrentDestination)
+			{	
+				if (m_CurrentDestination->GetLocalDestination ()->IsReady ())
+					s << " STARTING: false RUNNING: true STOPPING: false";
+				else
+					s << " STARTING: true RUNNING: false STOPPING: false";
+			}	
+			else
+				s << " STARTING: false RUNNING: false STOPPING: false";
+			s << " KEYS: true"; s << " QUIET: "; s << (m_IsQuiet ? "true":"false");
+			if (m_InPort)
+			{	
+				s << " INPORT: " << m_InPort;
+				s << " INHOST: " << (m_Address.length () > 0 ? m_Address : "127.0.0.1");
+			}	
+			if (m_OutPort)
+			{ 
+				s << " OUTPORT: " << m_OutPort;
+				s << " OUTHOST: " << (m_Address.length () > 0 ? m_Address : "127.0.0.1");
+			}	
+			SendReplyOK (s.str().c_str());
+		}
+		else
+			SendReplyError ("no nickname has been set");	
+	}	
+		
+	BOBCommandChannel::BOBCommandChannel (const std::string& address, int port):
+		m_IsRunning (false), m_Thread (nullptr),
+		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint(boost::asio::ip::address::from_string(address), port))
+	{
+		// command -> handler
+		m_CommandHandlers[BOB_COMMAND_ZAP] = &BOBCommandSession::ZapCommandHandler; 
+		m_CommandHandlers[BOB_COMMAND_QUIT] = &BOBCommandSession::QuitCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_START] = &BOBCommandSession::StartCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_STOP] = &BOBCommandSession::StopCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_SETNICK] = &BOBCommandSession::SetNickCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_GETNICK] = &BOBCommandSession::GetNickCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_NEWKEYS] = &BOBCommandSession::NewkeysCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_GETKEYS] = &BOBCommandSession::GetkeysCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_SETKEYS] = &BOBCommandSession::SetkeysCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_GETDEST] = &BOBCommandSession::GetdestCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_OUTHOST] = &BOBCommandSession::OuthostCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_OUTPORT] = &BOBCommandSession::OutportCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_INHOST] = &BOBCommandSession::InhostCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_INPORT] = &BOBCommandSession::InportCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_QUIET] = &BOBCommandSession::QuietCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_LOOKUP] = &BOBCommandSession::LookupCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_CLEAR] = &BOBCommandSession::ClearCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_LIST] = &BOBCommandSession::ListCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_OPTION] = &BOBCommandSession::OptionCommandHandler;
+		m_CommandHandlers[BOB_COMMAND_STATUS] = &BOBCommandSession::StatusCommandHandler;
+	}
+
+	BOBCommandChannel::~BOBCommandChannel ()
+	{
+		Stop ();
+		for (const auto& it: m_Destinations)
+			delete it.second;
+	}
+
+	void BOBCommandChannel::Start ()
+	{
+		Accept ();
+		m_IsRunning = true;
+		m_Thread = new std::thread (std::bind (&BOBCommandChannel::Run, this));
+	}
+
+	void BOBCommandChannel::Stop ()
+	{
+		m_IsRunning = false;
+		for (auto& it: m_Destinations)
+			it.second->Stop ();
+		m_Acceptor.cancel ();	
+		m_Service.stop ();
+		if (m_Thread)
+		{	
+			m_Thread->join (); 
+			delete m_Thread;
+			m_Thread = nullptr;
+		}	
+	}
+		
+	void BOBCommandChannel::Run () 
+	{ 
+		while (m_IsRunning)
+		{
+			try
+			{	
+				m_Service.run ();
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "BOB: runtime exception: ", ex.what ());
+			}	
+		}	
+	}
+
+	void BOBCommandChannel::AddDestination (const std::string& name, BOBDestination * dest)
+	{
+		m_Destinations[name] = dest;
+	}	
+
+	void BOBCommandChannel::DeleteDestination (const std::string& name)
+	{
+		auto it = m_Destinations.find (name);
+		if (it != m_Destinations.end ())
+		{
+			it->second->Stop ();
+			delete it->second;
+			m_Destinations.erase (it);
+		}	
+	}	
+		
+	BOBDestination * BOBCommandChannel::FindDestination (const std::string& name)
+	{
+		auto it = m_Destinations.find (name);
+		if (it != m_Destinations.end ())
+			return it->second;
+		return nullptr;	
+	}
+		
+	void BOBCommandChannel::Accept ()
+	{
+		auto newSession = std::make_shared<BOBCommandSession> (*this);
+		m_Acceptor.async_accept (newSession->GetSocket (), std::bind (&BOBCommandChannel::HandleAccept, this,
+			std::placeholders::_1, newSession));
+	}
+
+	void BOBCommandChannel::HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<BOBCommandSession> session)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+			Accept ();
+
+		if (!ecode)
+		{
+			LogPrint (eLogInfo, "BOB: New command connection from ", session->GetSocket ().remote_endpoint ());
+			session->SendVersion ();	
+		}
+		else
+			LogPrint (eLogError, "BOB: accept error: ",  ecode.message ());
+	}
+}
+}
+

BOB.h

@@ -0,0 +1,239 @@
+#ifndef BOB_H__
+#define BOB_H__
+
+#include <inttypes.h>
+#include <thread>
+#include <memory>
+#include <map>
+#include <string>
+#include <boost/asio.hpp>
+#include "I2PTunnel.h"
+#include "I2PService.h"
+#include "Identity.h"
+#include "LeaseSet.h"
+
+namespace i2p
+{
+namespace client
+{
+	const size_t BOB_COMMAND_BUFFER_SIZE = 1024;
+	const char BOB_COMMAND_ZAP[] = "zap";
+	const char BOB_COMMAND_QUIT[] = "quit";
+	const char BOB_COMMAND_START[] = "start";
+	const char BOB_COMMAND_STOP[] = "stop";	
+	const char BOB_COMMAND_SETNICK[] = "setnick";
+	const char BOB_COMMAND_GETNICK[] = "getnick";		
+	const char BOB_COMMAND_NEWKEYS[] = "newkeys";
+	const char BOB_COMMAND_GETKEYS[] = "getkeys";
+	const char BOB_COMMAND_SETKEYS[] = "setkeys";
+	const char BOB_COMMAND_GETDEST[] = "getdest";
+	const char BOB_COMMAND_OUTHOST[] = "outhost";	
+	const char BOB_COMMAND_OUTPORT[] = "outport";
+	const char BOB_COMMAND_INHOST[] = "inhost";	
+	const char BOB_COMMAND_INPORT[] = "inport";
+	const char BOB_COMMAND_QUIET[] = "quiet";
+	const char BOB_COMMAND_LOOKUP[] = "lookup";	
+	const char BOB_COMMAND_CLEAR[] = "clear";
+	const char BOB_COMMAND_LIST[] = "list";
+	const char BOB_COMMAND_OPTION[] = "option";
+	const char BOB_COMMAND_STATUS[] = "status";	
+	
+	const char BOB_VERSION[] = "BOB 00.00.10\nOK\n";	
+	const char BOB_REPLY_OK[] = "OK %s\n";
+	const char BOB_REPLY_ERROR[] = "ERROR %s\n";
+	const char BOB_DATA[] = "NICKNAME %s\n";
+
+	class BOBI2PTunnel: public I2PService
+	{
+		public:
+
+			BOBI2PTunnel (std::shared_ptr<ClientDestination> localDestination): 
+				I2PService (localDestination) {};
+
+			virtual void Start () {};
+			virtual void Stop () {};				
+	};	
+	
+	class BOBI2PInboundTunnel: public BOBI2PTunnel
+	{
+			struct AddressReceiver
+			{
+				std::shared_ptr<boost::asio::ip::tcp::socket> socket;
+				char buffer[BOB_COMMAND_BUFFER_SIZE + 1]; // for destination base64 address
+				uint8_t * data; // pointer to buffer
+				size_t dataLen, bufferOffset; 
+
+				AddressReceiver (): data (nullptr), dataLen (0), bufferOffset (0) {};
+			};	
+		
+		public:
+
+			BOBI2PInboundTunnel (int port, std::shared_ptr<ClientDestination> localDestination);
+			~BOBI2PInboundTunnel ();
+
+			void Start ();
+			void Stop ();
+
+		private:
+
+			void Accept ();
+			void HandleAccept (const boost::system::error_code& ecode, std::shared_ptr<AddressReceiver> receiver);
+
+			void ReceiveAddress (std::shared_ptr<AddressReceiver> receiver);
+			void HandleReceivedAddress (const boost::system::error_code& ecode, std::size_t bytes_transferred,
+				std::shared_ptr<AddressReceiver> receiver);
+
+			void HandleDestinationRequestComplete (std::shared_ptr<i2p::data::LeaseSet> leaseSet, std::shared_ptr<AddressReceiver> receiver);
+
+			void CreateConnection (std::shared_ptr<AddressReceiver> receiver, std::shared_ptr<const i2p::data::LeaseSet> leaseSet);
+
+		private:
+
+			boost::asio::ip::tcp::acceptor m_Acceptor;	
+	};
+
+	class BOBI2POutboundTunnel: public BOBI2PTunnel
+	{
+		public:
+
+			 BOBI2POutboundTunnel (const std::string& address, int port, std::shared_ptr<ClientDestination> localDestination, bool quiet);	
+
+			void Start ();
+			void Stop ();
+
+			void SetQuiet () { m_IsQuiet = true; };
+
+		private:
+
+			void Accept ();
+			void HandleAccept (std::shared_ptr<i2p::stream::Stream> stream);
+
+		private:
+
+			boost::asio::ip::tcp::endpoint m_Endpoint;	
+			bool m_IsQuiet;	
+	};
+
+
+	class BOBDestination
+	{
+		public:
+
+			BOBDestination (std::shared_ptr<ClientDestination> localDestination);
+			~BOBDestination ();
+
+			void Start ();
+			void Stop ();
+			void StopTunnels ();
+			void CreateInboundTunnel (int port);
+			void CreateOutboundTunnel (const std::string& address, int port, bool quiet);
+			const i2p::data::PrivateKeys& GetKeys () const { return m_LocalDestination->GetPrivateKeys (); };
+			std::shared_ptr<ClientDestination> GetLocalDestination () const { return m_LocalDestination; };
+			
+		private:	
+
+			std::shared_ptr<ClientDestination> m_LocalDestination;
+			BOBI2POutboundTunnel * m_OutboundTunnel;
+			BOBI2PInboundTunnel * m_InboundTunnel;
+	};	
+	
+	class BOBCommandChannel;
+	class BOBCommandSession: public std::enable_shared_from_this<BOBCommandSession>
+	{
+		public:
+
+			BOBCommandSession (BOBCommandChannel& owner);
+			~BOBCommandSession ();	
+			void Terminate ();
+
+			boost::asio::ip::tcp::socket& GetSocket () { return m_Socket; };
+			void SendVersion ();
+
+			// command handlers
+			void ZapCommandHandler (const char * operand, size_t len);
+			void QuitCommandHandler (const char * operand, size_t len);
+			void StartCommandHandler (const char * operand, size_t len);
+			void StopCommandHandler (const char * operand, size_t len);
+			void SetNickCommandHandler (const char * operand, size_t len);
+			void GetNickCommandHandler (const char * operand, size_t len);
+			void NewkeysCommandHandler (const char * operand, size_t len);
+			void SetkeysCommandHandler (const char * operand, size_t len);
+			void GetkeysCommandHandler (const char * operand, size_t len);
+			void GetdestCommandHandler (const char * operand, size_t len);
+			void OuthostCommandHandler (const char * operand, size_t len);
+			void OutportCommandHandler (const char * operand, size_t len);
+			void InhostCommandHandler (const char * operand, size_t len);
+			void InportCommandHandler (const char * operand, size_t len);			
+			void QuietCommandHandler (const char * operand, size_t len);	
+			void LookupCommandHandler (const char * operand, size_t len);
+			void ClearCommandHandler (const char * operand, size_t len);
+			void ListCommandHandler (const char * operand, size_t len);
+			void OptionCommandHandler (const char * operand, size_t len);
+			void StatusCommandHandler (const char * operand, size_t len);
+			
+		private:
+
+			void Receive ();
+			void HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred);
+
+			void Send (size_t len);
+			void HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred);
+			void SendReplyOK (const char * msg);
+			void SendReplyError (const char * msg);
+			void SendData (const char * nickname);
+
+		private:
+
+			BOBCommandChannel& m_Owner;
+			boost::asio::ip::tcp::socket m_Socket;
+			char m_ReceiveBuffer[BOB_COMMAND_BUFFER_SIZE + 1], m_SendBuffer[BOB_COMMAND_BUFFER_SIZE + 1];
+			size_t m_ReceiveBufferOffset;
+			bool m_IsOpen, m_IsQuiet, m_IsActive;
+			std::string m_Nickname, m_Address;
+			int m_InPort, m_OutPort;
+			i2p::data::PrivateKeys m_Keys;
+			std::map<std::string, std::string> m_Options; 
+			BOBDestination * m_CurrentDestination;
+	};
+	typedef void (BOBCommandSession::*BOBCommandHandler)(const char * operand, size_t len);
+
+	class BOBCommandChannel
+	{
+		public:
+
+			BOBCommandChannel (const std::string& address, int port);
+			~BOBCommandChannel ();
+
+			void Start ();
+			void Stop ();
+
+			boost::asio::io_service& GetService () { return m_Service; };
+			void AddDestination (const std::string& name, BOBDestination * dest);
+			void DeleteDestination (const std::string& name);
+			BOBDestination * FindDestination (const std::string& name);
+			
+		private:
+
+			void Run ();
+			void Accept ();
+			void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<BOBCommandSession> session);
+
+		private:
+
+			bool m_IsRunning;
+			std::thread * m_Thread;	
+			boost::asio::io_service m_Service;
+			boost::asio::ip::tcp::acceptor m_Acceptor;
+			std::map<std::string, BOBDestination *> m_Destinations;
+			std::map<std::string, BOBCommandHandler> m_CommandHandlers;
+
+		public:
+
+			const decltype(m_CommandHandlers)& GetCommandHandlers () const { return m_CommandHandlers; };
+			const decltype(m_Destinations)& GetDestinations () const { return m_Destinations; };
+	};	
+}
+}
+
+#endif
+

Base.cpp

@@ -1,10 +1,23 @@
 #include <stdlib.h>
-#include "base64.h"
+#include <string.h>
+
+#include "Base.h"
 
 namespace i2p
 {
 namespace data
 {
+	static const char T32[32] = {
+		'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
+		'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p',
+		'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
+		'y', 'z', '2', '3', '4', '5', '6', '7',
+	};
+
+	const char * GetBase32SubstitutionTable ()
+	{
+		return T32;
+	}
 
 	static void iT64Build(void);
 
@@ -16,7 +29,7 @@ namespace data
 	* Direct Substitution Table
 	*/
 
-	static char T64[64] = { 
+	static const char T64[64] = {
 		       'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
 		       'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
 		       'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
@@ -79,7 +92,7 @@ namespace data
 		     outCount = 4*n;
 		else
 		     outCount = 4*(n+1);
-		if (outCount > len) return -1;
+		if (outCount > len) return 0;
 		pd = (unsigned char *)OutBuffer;
 		for ( i = 0; i<n; i++ ){
 		     acc_1 = *ps++;
@@ -154,11 +167,11 @@ namespace data
 		if (isFirstTime) iT64Build();
 		n = InCount/4;
 		m = InCount%4;
-		if (!m) 
+		if (InCount && !m) 
 		     outCount = 3*n;
 		else {
 		     outCount = 0;
-		     return -1;
+		     return 0;
 		}
 		
 		ps = (unsigned char *)(InBuffer + InCount - 1);
@@ -190,6 +203,13 @@ namespace data
 		return outCount;
 	}
 
+	size_t Base64EncodingBufferSize (const size_t input_size) 
+	{
+		auto d = div (input_size, 3);
+		if (d.rem) d.quot++;
+		return 4*d.quot;
+	}
+	
 	/*
 	*
 	* iT64
@@ -267,3 +287,4 @@ namespace data
 	}
 }
 }
+

Base.h

@@ -1,22 +1,25 @@
-#ifndef BASE64_H
-#define BASE64_H
+#ifndef BASE_H__
+#define BASE_H__
 
 #include <inttypes.h>
-#include <string.h>
-
-namespace i2p
-{
-namespace data
-{
+#include <string>
+#include <iostream>
 
+namespace i2p {
+namespace data {
 	size_t ByteStreamToBase64 (const uint8_t * InBuffer, size_t InCount, char * OutBuffer, size_t len);
 	size_t Base64ToByteStream (const char * InBuffer, size_t InCount, uint8_t * OutBuffer, size_t len );
+	const char * GetBase32SubstitutionTable ();
 	const char * GetBase64SubstitutionTable ();	
 	
 	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen);
 	size_t ByteStreamToBase32 (const uint8_t * InBuf, size_t len, char * outBuf, size_t outLen);
-}
-}
+
+  /**
+     Compute the size for a buffer to contain encoded base64 given that the size of the input is input_size bytes
+   */
+  size_t Base64EncodingBufferSize(const size_t input_size);
+} // data
+} // i2p
 
 #endif
-

BloomFilter.cpp

@@ -0,0 +1,69 @@
+#include "BloomFilter.h"
+#include "I2PEndian.h"
+#include <array>
+#include <openssl/sha.h>
+
+namespace i2p
+{
+namespace util
+{
+
+	/** @brief decaying bloom filter implementation */
+	class DecayingBloomFilter : public IBloomFilter
+	{
+	public:
+
+		DecayingBloomFilter(const std::size_t size)
+		{
+			m_Size = size;
+			m_Data = new uint8_t[size];
+		}
+
+		/** @brief implements IBloomFilter::~IBloomFilter */
+		~DecayingBloomFilter()
+		{
+			delete [] m_Data;
+		}
+
+		/** @brief implements IBloomFilter::Add */
+		bool Add(const uint8_t * data, std::size_t len)
+		{
+			std::size_t idx;
+			uint8_t mask;
+			Get(data, len, idx, mask);
+			if(m_Data[idx] & mask) return false; // filter hit
+			m_Data[idx] |= mask;
+			return true;
+		}
+
+		/** @brief implements IBloomFilter::Decay */
+		void Decay()
+		{
+			// reset bloom filter buffer
+			memset(m_Data, 0, m_Size);
+		}
+
+	private:
+		/** @brief get bit index for for data */
+		void Get(const uint8_t * data, std::size_t len, std::size_t & idx, uint8_t & bm)
+		{
+			bm = 1;
+			uint8_t digest[32];
+			// TODO: use blake2 because it's faster
+			SHA256(data, len, digest);
+			uint64_t i = buf64toh(digest);
+			idx = i % m_Size;
+			bm <<= (i % 8);
+		}
+
+		uint8_t * m_Data;
+		std::size_t m_Size;
+	};
+
+
+	BloomFilterPtr BloomFilter(std::size_t capacity)
+	{
+		return std::make_shared<DecayingBloomFilter>(capacity);
+	}
+}
+}

BloomFilter.h

@@ -0,0 +1,31 @@
+#ifndef BLOOM_FILTER_H_
+#define BLOOM_FILTER_H_
+#include <memory>
+#include <cstdint>
+
+namespace i2p
+{
+namespace util
+{
+
+	/** @brief interface for bloom filter */
+	struct IBloomFilter
+	{
+
+		/** @brief destructor */
+		virtual ~IBloomFilter() {};
+		/** @brief add entry to bloom filter, return false if filter hit otherwise return true */
+		virtual bool Add(const uint8_t * data, std::size_t len) = 0;
+		/** @brief optionally decay old entries */
+		virtual void Decay() = 0;
+	};
+
+	typedef std::shared_ptr<IBloomFilter> BloomFilterPtr;
+
+	/** @brief create bloom filter */
+	BloomFilterPtr BloomFilter(std::size_t capacity = 1024 * 8);
+
+}
+}
+
+#endif

ChangeLog

@@ -0,0 +1,159 @@
+# for this file format description,
+# see https://github.com/olivierlacan/keep-a-changelog
+
+## [2.12.0] - 2017-02-14
+### Added
+- Additional HTTP and SOCKS proxy tunnels
+- Reseed from ZIP archive
+- Some stats in a main window for Windows version
+### Changed
+- Reseed servers list
+- MTU of 1488 for ipv6 
+- Android and Mac OS X versions use OpenSSL 1.1
+- New logo for Android
+### Fixed
+- Multiple memory leaks
+- Incomptibility of some EdDSA private keys with Java
+- Clock skew for Windows XP
+- Occasional crashes with I2PSnark
+
+## [2.11.0] - 2016-12-18
+### Added
+- Websockets support
+- Reseed through a floodfill
+- Tunnel configuration for HTTP and SOCKS proxy
+- Zero-hops tunnels for destinations
+- Multiple acceptors for SAM
+### Changed
+- Reseed servers list
+- DHT uses AVX if applicable
+- New logo
+- LeaseSet lookups
+### Fixed
+- HTTP Proxy connection reset for Windows
+- Crash upon SAM session termination
+- Can't connect to a destination for a longer time after restart
+- Mass packet loss for UDP tunnels
+
+## [2.10.2] - 2016-12-04
+### Fixed
+- Fixes UPnP discovery bug, producing excessive CPU usage
+- Fixes sudden SSU thread stop for Windows. 
+
+## [2.10.1] - 2016-11-07
+### Fixed
+- Fixed some performance issues for Windows and Android
+
+## [2.10.0] - 2016-10-17
+### Added
+- Datagram i2p tunnels
+- Unique local addresses for server tunnels
+- Configurable list of reseed servers  and initial addressbook
+- Configurable netid
+- Initial iOS support
+
+### Changed
+- Reduced file descriptiors usage
+- Strict reseed checks enabled by default
+
+## Fixed
+- Multiple fixes in I2CP and BOB implementations
+
+## [2.9.0] - 2016-08-12
+### Changed
+- Proxy refactoring & speedup
+- Transmission-I2P support
+- Graceful shutdown for Windows
+- Android without QT
+- Reduced number of timers in SSU
+- ipv6 peer test support
+- Reseed from SU3 file
+
+## [2.8.0] - 2016-06-20
+### Added
+- Basic Android support
+- I2CP implementation
+- 'doxygen' target
+
+### Changed
+- I2PControl refactoring & fixes (proper jsonrpc responses on errors)
+- boost::regex no more needed
+
+### Fixed
+- initscripts: added openrc one, in sysv-ish make I2PD_PORT optional
+- properly close NTCP sessions (memleak)
+
+## [2.7.0] - 2016-05-18
+### Added
+- Precomputed El-Gamal/DH tables
+- Configurable limit of transit tunnels
+
+### Changed
+- Speed-up of assymetric crypto for non-x64 platforms
+- Refactoring of web-console
+
+## [2.6.0] - 2016-03-31
+### Added
+- Gracefull shutdown on SIGINT
+- Numeric bandwidth limits (was: by router class)
+- Jumpservices in web-console
+- Logging to syslog
+- Tray icon for windows application
+
+### Changed
+- Logs refactoring
+- Improved statistics in web-console
+
+### Deprecated:
+- Renamed main/tunnels config files (will use old, if found, but emits warning)
+
+## [2.5.1] - 2016-03-10
+### Fixed
+- Doesn't create ~/.i2pd dir if missing
+
+## [2.5.0] - 2016-03-04
+### Added
+- IRC server tunnels
+- SOCKS outproxy support
+- Support for gzipped addressbook updates
+- Support for router families
+
+### Changed
+- Shared RTT/RTO between streams
+- Filesystem work refactoring
+
+## [2.4.0] - 2016-02-03
+### Added
+- X-I2P-* headers for server http-tunnels
+- I2CP options for I2P tunnels
+- Show I2P tunnels in webconsole
+
+### Changed
+- Refactoring of cmdline/config parsing
+
+## [2.3.0] - 2016-01-12
+### Added
+- Support for new router bandwidth class codes (P and X)
+- I2PControl supports external webui
+- Added --pidfile and --notransit parameters
+- Ability to specify signature type for i2p tunnel
+
+### Changed
+- Fixed multiple floodfill-related bugs
+- New webconsole layout
+
+## [2.2.0] - 2015-12-22
+### Added
+- Ability to connect to router without ip via introducer
+
+### Changed
+- Persist temporary encryption keys for local destinations
+- Performance improvements for EdDSA
+- New addressbook structure
+
+## [2.1.0] - 2015-11-12
+### Added
+- Implementation of EdDSA
+
+### Changed
+- EdDSA is default signature type for new RouterInfos

ClientContext.cpp

@@ -1,6 +1,15 @@
-#include "util.h"
+#include <fstream>
+#include <iostream>
+#include <boost/property_tree/ptree.hpp>
+#include <boost/property_tree/ini_parser.hpp>
+#include "Config.h"
+#include "FS.h"
 #include "Log.h"
+#include "Identity.h"
+#include "util.h"
 #include "ClientContext.h"
+#include "SOCKS.h"
+#include "WebSocks.h"
 
 namespace i2p
 {
@@ -9,8 +18,8 @@ namespace client
 	ClientContext context;	
 
 	ClientContext::ClientContext (): m_SharedLocalDestination (nullptr),
-		m_HttpProxy (nullptr), m_SocksProxy (nullptr), m_IrcTunnel (nullptr),
-		m_ServerTunnel (nullptr), m_SamBridge (nullptr)	
+		m_HttpProxy (nullptr), m_SocksProxy (nullptr), m_SamBridge (nullptr), 
+		m_BOBCommandChannel (nullptr), m_I2CPServer (nullptr)
 	{
 	}
 	
@@ -18,141 +27,298 @@ namespace client
 	{
 		delete m_HttpProxy;
 		delete m_SocksProxy;
-		delete m_IrcTunnel;
-		delete m_ServerTunnel;
 		delete m_SamBridge;
+		delete m_BOBCommandChannel;
+		delete m_I2CPServer;
 	}
 	
 	void ClientContext::Start ()
 	{
 		if (!m_SharedLocalDestination)
 		{	
-			m_SharedLocalDestination = new ClientDestination (false, i2p::data::SIGNING_KEY_TYPE_DSA_SHA1); // non-public, DSA
-			m_Destinations[m_SharedLocalDestination->GetIdentity ().GetIdentHash ()] = m_SharedLocalDestination;
+			m_SharedLocalDestination = CreateNewLocalDestination (); // non-public, DSA
+			m_Destinations[m_SharedLocalDestination->GetIdentity ()->GetIdentHash ()] = m_SharedLocalDestination;
 			m_SharedLocalDestination->Start ();
 		}
 
-		m_HttpProxy = new i2p::proxy::HTTPProxy(i2p::util::config::GetArg("-httpproxyport", 4446));
-		m_HttpProxy->Start();
-		LogPrint("HTTP Proxy started");
-		m_SocksProxy = new i2p::proxy::SOCKSProxy(i2p::util::config::GetArg("-socksproxyport", 4447));
-		m_SocksProxy->Start();
-		LogPrint("SOCKS Proxy Started");
-		std::string ircDestination = i2p::util::config::GetArg("-ircdest", "");
-		if (ircDestination.length () > 0) // ircdest is presented
-		{
-			ClientDestination * localDestination = nullptr;
-			std::string ircKeys = i2p::util::config::GetArg("-irckeys", "");	
-			if (ircKeys.length () > 0)
-				localDestination = i2p::client::context.LoadLocalDestination (ircKeys, false);
-			m_IrcTunnel = new I2PClientTunnel (m_SocksProxy->GetService (), ircDestination,
-				i2p::util::config::GetArg("-ircport", 6668), localDestination);
-			m_IrcTunnel->Start ();
-			LogPrint("IRC tunnel started");
-		}	
-		std::string eepKeys = i2p::util::config::GetArg("-eepkeys", "");
-		if (eepKeys.length () > 0) // eepkeys file is presented
-		{
-			auto localDestination = i2p::client::context.LoadLocalDestination (eepKeys, true);
-			m_ServerTunnel = new I2PServerTunnel (m_SocksProxy->GetService (), 
-				i2p::util::config::GetArg("-eephost", "127.0.0.1"), i2p::util::config::GetArg("-eepport", 80),
-				localDestination);
-			m_ServerTunnel->Start ();
-			LogPrint("Server tunnel started");
+    
+		m_AddressBook.Start ();	
+    
+		std::shared_ptr<ClientDestination> localDestination;	
+		bool httproxy; i2p::config::GetOption("httpproxy.enabled", httproxy);
+		if (httproxy) {
+			std::string httpProxyKeys; i2p::config::GetOption("httpproxy.keys",    httpProxyKeys);
+			std::string httpProxyAddr; i2p::config::GetOption("httpproxy.address", httpProxyAddr);
+			uint16_t    httpProxyPort; i2p::config::GetOption("httpproxy.port",    httpProxyPort);
+			i2p::data::SigningKeyType sigType; i2p::config::GetOption("httpproxy.signaturetype",  sigType);
+			LogPrint(eLogInfo, "Clients: starting HTTP Proxy at ", httpProxyAddr, ":", httpProxyPort);
+			if (httpProxyKeys.length () > 0)
+			{
+				i2p::data::PrivateKeys keys;
+				if(LoadPrivateKeys (keys, httpProxyKeys, sigType))
+				{
+					std::map<std::string, std::string> params;
+					ReadI2CPOptionsFromConfig ("httpproxy.", params);
+					localDestination = CreateNewLocalDestination (keys, false, &params);
+				}	
+				else
+					LogPrint(eLogError, "Clients: failed to load HTTP Proxy key");
+			}
+			try {
+			  m_HttpProxy = new i2p::proxy::HTTPProxy(httpProxyAddr, httpProxyPort, localDestination);
+			  m_HttpProxy->Start();
+			} catch (std::exception& e) {
+			  LogPrint(eLogError, "Clients: Exception in HTTP Proxy: ", e.what());
+			}
 		}
-		int samPort = i2p::util::config::GetArg("-samport", 0);
-		if (samPort)
+    
+		localDestination = nullptr;
+		bool socksproxy; i2p::config::GetOption("socksproxy.enabled", socksproxy);
+		if (socksproxy) 
 		{
-			m_SamBridge = new SAMBridge (samPort);
-			m_SamBridge->Start ();
-			LogPrint("SAM bridge started");
+			std::string socksProxyKeys; i2p::config::GetOption("socksproxy.keys",    socksProxyKeys);
+			std::string socksProxyAddr; i2p::config::GetOption("socksproxy.address", socksProxyAddr);
+			uint16_t    socksProxyPort; i2p::config::GetOption("socksproxy.port",    socksProxyPort);
+			std::string socksOutProxyAddr; i2p::config::GetOption("socksproxy.outproxy",     socksOutProxyAddr);
+			uint16_t    socksOutProxyPort; i2p::config::GetOption("socksproxy.outproxyport", socksOutProxyPort);
+			i2p::data::SigningKeyType sigType; i2p::config::GetOption("socksproxy.signaturetype",  sigType);
+			LogPrint(eLogInfo, "Clients: starting SOCKS Proxy at ", socksProxyAddr, ":", socksProxyPort);
+			if (socksProxyKeys.length () > 0)
+			{
+				i2p::data::PrivateKeys keys;
+				if (LoadPrivateKeys (keys, socksProxyKeys, sigType))
+				{
+					std::map<std::string, std::string> params;
+					ReadI2CPOptionsFromConfig ("socksproxy.", params);
+					localDestination = CreateNewLocalDestination (keys, false, &params);
+				}
+				else
+					LogPrint(eLogError, "Clients: failed to load SOCKS Proxy key");
+			}
+			try {
+			  m_SocksProxy = new i2p::proxy::SOCKSProxy(socksProxyAddr, socksProxyPort, socksOutProxyAddr, socksOutProxyPort, localDestination);
+			  m_SocksProxy->Start();
+			} catch (std::exception& e) {
+			  LogPrint(eLogError, "Clients: Exception in SOCKS Proxy: ", e.what());
+			}
+		}
+
+		// I2P tunnels
+		ReadTunnels ();		
+    
+		// SAM
+		bool sam; i2p::config::GetOption("sam.enabled", sam);
+		if (sam) {
+			std::string samAddr; i2p::config::GetOption("sam.address", samAddr);
+			uint16_t    samPort; i2p::config::GetOption("sam.port",    samPort);
+			LogPrint(eLogInfo, "Clients: starting SAM bridge at ", samAddr, ":", samPort);
+			try {
+			  m_SamBridge = new SAMBridge (samAddr, samPort);
+			  m_SamBridge->Start ();
+			} catch (std::exception& e) {
+			  LogPrint(eLogError, "Clients: Exception in SAM bridge: ", e.what());
+			}
 		} 
+
+		// BOB
+		bool bob; i2p::config::GetOption("bob.enabled", bob);
+		if (bob) {
+			std::string bobAddr; i2p::config::GetOption("bob.address", bobAddr);
+			uint16_t    bobPort; i2p::config::GetOption("bob.port",    bobPort);
+			LogPrint(eLogInfo, "Clients: starting BOB command channel at ", bobAddr, ":", bobPort);
+			try {
+			  m_BOBCommandChannel = new BOBCommandChannel (bobAddr, bobPort);
+			  m_BOBCommandChannel->Start ();
+			} catch (std::exception& e) {
+			  LogPrint(eLogError, "Clients: Exception in BOB bridge: ", e.what());
+			}
+		} 
+
+		// I2CP
+		bool i2cp; i2p::config::GetOption("i2cp.enabled", i2cp);
+		if (i2cp) 
+		{
+			std::string i2cpAddr; i2p::config::GetOption("i2cp.address", i2cpAddr);
+			uint16_t i2cpPort; i2p::config::GetOption("i2cp.port", i2cpPort);
+			LogPrint(eLogInfo, "Clients: starting I2CP at ", i2cpAddr, ":", i2cpPort);
+			try 
+			{
+				m_I2CPServer = new I2CPServer (i2cpAddr, i2cpPort);
+			  	m_I2CPServer->Start ();
+			} 
+			catch (std::exception& e) 
+			{
+				LogPrint(eLogError, "Clients: Exception in I2CP: ", e.what());
+			}
+		} 
+
+		m_AddressBook.StartResolvers ();	
+
+		// start UDP cleanup
+		if (!m_ServerForwards.empty ())
+		{
+			m_CleanupUDPTimer.reset (new boost::asio::deadline_timer(m_SharedLocalDestination->GetService ()));
+			ScheduleCleanupUDP();
+		}
 	}
 		
 	void ClientContext::Stop ()
 	{
-		m_HttpProxy->Stop();
-		delete m_HttpProxy;
-		m_HttpProxy = nullptr;
-		LogPrint("HTTP Proxy stoped");
-		m_SocksProxy->Stop();
-		delete m_SocksProxy;
-		m_SocksProxy = nullptr;
-		LogPrint("SOCKS Proxy stoped");
-		if (m_IrcTunnel)
+		if (m_HttpProxy)
 		{
-			m_IrcTunnel->Stop ();
-			delete m_IrcTunnel; 
-			m_IrcTunnel = nullptr;
-			LogPrint("IRC tunnel stoped");	
+			LogPrint(eLogInfo, "Clients: stopping HTTP Proxy");
+			m_HttpProxy->Stop();
+			delete m_HttpProxy;
+			m_HttpProxy = nullptr;
 		}
-		if (m_ServerTunnel)
+
+		if (m_SocksProxy)
 		{
-			m_ServerTunnel->Stop ();
-			delete m_ServerTunnel; 
-			m_ServerTunnel = nullptr;
-			LogPrint("Server tunnel stoped");	
-		}			
+			LogPrint(eLogInfo, "Clients: stopping SOCKS Proxy");
+			m_SocksProxy->Stop();
+			delete m_SocksProxy;
+			m_SocksProxy = nullptr;
+		}
+
+		for (auto& it: m_ClientTunnels)
+		{
+			LogPrint(eLogInfo, "Clients: stopping I2P client tunnel on port ", it.first);
+			it.second->Stop ();
+		}
+		m_ClientTunnels.clear ();	
+
+		for (auto& it: m_ServerTunnels)
+		{
+			LogPrint(eLogInfo, "Clients: stopping I2P server tunnel");
+			it.second->Stop ();
+		}
+		m_ServerTunnels.clear ();	
+
 		if (m_SamBridge)
 		{
+			LogPrint(eLogInfo, "Clients: stopping SAM bridge");
 			m_SamBridge->Stop ();
 			delete m_SamBridge; 
 			m_SamBridge = nullptr;
-			LogPrint("SAM brdige stoped");	
 		}		
+
+		if (m_BOBCommandChannel)
+		{
+			LogPrint(eLogInfo, "Clients: stopping BOB command channel");
+			m_BOBCommandChannel->Stop ();
+			delete m_BOBCommandChannel; 
+			m_BOBCommandChannel = nullptr;
+		}
+
+		if (m_I2CPServer)
+		{
+			LogPrint(eLogInfo, "Clients: stopping I2CP");
+			m_I2CPServer->Stop ();
+			delete m_I2CPServer; 
+			m_I2CPServer = nullptr;
+		}
+
+		LogPrint(eLogInfo, "Clients: stopping AddressBook");
+		m_AddressBook.Stop ();
+
+    	{
+			std::lock_guard<std::mutex> lock(m_ForwardsMutex);
+			m_ServerForwards.clear();
+			m_ClientForwards.clear();
+		}
 		
-		for (auto it: m_Destinations)
-		{	
+		if (m_CleanupUDPTimer)
+		{
+			m_CleanupUDPTimer->cancel ();	
+			m_CleanupUDPTimer = nullptr;	
+		}
+
+		for (auto& it: m_Destinations)
 			it.second->Stop ();
-			delete it.second;
-		}		
 		m_Destinations.clear ();
-		m_SharedLocalDestination = 0; // deleted through m_Destination
+		m_SharedLocalDestination = nullptr;
 	}	
 
-	void ClientContext::LoadLocalDestinations ()
+	void ClientContext::ReloadConfig ()
 	{
-		int numDestinations = 0;
-		boost::filesystem::path p (i2p::util::filesystem::GetDataDir());
-		boost::filesystem::directory_iterator end;
-		for (boost::filesystem::directory_iterator it (p); it != end; ++it)
-		{
-			if (boost::filesystem::is_regular_file (*it) && it->path ().extension () == ".dat")
-			{
-				auto fullPath =
-#if BOOST_VERSION > 10500
-				it->path().string();
-#else
-				it->path();
-#endif
-				auto localDestination = new ClientDestination (fullPath, true);
-				m_Destinations[localDestination->GetIdentHash ()] = localDestination;
-				numDestinations++;
-			}	
-		}	
-		if (numDestinations > 0)
-			LogPrint (numDestinations, " local destinations loaded");
-	}	
+		std::string config; i2p::config::GetOption("conf", config);
+		i2p::config::ParseConfig(config);
+		Stop();
+		Start();
+	}
 	
-	ClientDestination * ClientContext::LoadLocalDestination (const std::string& filename, bool isPublic)
+	bool ClientContext::LoadPrivateKeys (i2p::data::PrivateKeys& keys, const std::string& filename, i2p::data::SigningKeyType sigType)
 	{
-		auto localDestination = new ClientDestination (i2p::util::filesystem::GetFullPath (filename), isPublic);
-		std::unique_lock<std::mutex> l(m_DestinationsMutex);	
-		m_Destinations[localDestination->GetIdentHash ()] = localDestination;
-		localDestination->Start ();
-		return localDestination;
+		bool success = true;
+		std::string fullPath = i2p::fs::DataDirPath (filename);
+		std::ifstream s(fullPath, std::ifstream::binary);
+		if (s.is_open ())	
+		{	
+			s.seekg (0, std::ios::end);
+			size_t len = s.tellg();
+			s.seekg (0, std::ios::beg);
+			uint8_t * buf = new uint8_t[len];
+			s.read ((char *)buf, len);
+			if(!keys.FromBuffer (buf, len))
+			{
+				LogPrint (eLogError, "Clients: failed to load keyfile ", filename);
+				success = false;
+			}
+			else
+				LogPrint (eLogInfo, "Clients: Local address ", m_AddressBook.ToAddress(keys.GetPublic ()->GetIdentHash ()), " loaded");
+			delete[] buf;
+		}	
+		else
+		{
+			LogPrint (eLogError, "Clients: can't open file ", fullPath, " Creating new one with signature type ", sigType);
+			keys = i2p::data::PrivateKeys::CreateRandomKeys (sigType); 
+			std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
+			size_t len = keys.GetFullLen ();
+			uint8_t * buf = new uint8_t[len];
+			len = keys.ToBuffer (buf, len);
+			f.write ((char *)buf, len);
+			delete[] buf;
+			
+			LogPrint (eLogInfo, "Clients: New private keys file ", fullPath, " for ", m_AddressBook.ToAddress(keys.GetPublic ()->GetIdentHash ()), " created");
+		}
+		return success;
 	}
 
-	ClientDestination * ClientContext::CreateNewLocalDestination (bool isPublic, i2p::data::SigningKeyType sigType)
+	std::vector<std::shared_ptr<DatagramSessionInfo> > ClientContext::GetForwardInfosFor(const i2p::data::IdentHash & destination)
 	{
-		auto localDestination = new ClientDestination (isPublic, sigType);
+		std::vector<std::shared_ptr<DatagramSessionInfo> > infos;
+		std::lock_guard<std::mutex> lock(m_ForwardsMutex);
+		for(const auto & c : m_ClientForwards)
+		{
+			if (c.second->IsLocalDestination(destination))
+			{
+				for (auto & i : c.second->GetSessions()) infos.push_back(i);
+				break;
+			}
+		}
+		for(const auto & s : m_ServerForwards)
+		{
+			if(std::get<0>(s.first) == destination)
+			{
+				for( auto & i : s.second->GetSessions()) infos.push_back(i);
+				break;
+			}
+		}
+		return infos;
+	}
+  
+	std::shared_ptr<ClientDestination> ClientContext::CreateNewLocalDestination (bool isPublic, i2p::data::SigningKeyType sigType,
+		const std::map<std::string, std::string> * params)
+	{
+		i2p::data::PrivateKeys keys = i2p::data::PrivateKeys::CreateRandomKeys (sigType);
+		auto localDestination = std::make_shared<ClientDestination> (keys, isPublic, params);
 		std::unique_lock<std::mutex> l(m_DestinationsMutex);
 		m_Destinations[localDestination->GetIdentHash ()] = localDestination;
 		localDestination->Start ();
 		return localDestination;
 	}
 
-	void ClientContext::DeleteLocalDestination (ClientDestination * destination)
+	void ClientContext::DeleteLocalDestination (std::shared_ptr<ClientDestination> destination)
 	{
 		if (!destination) return;
 		auto it = m_Destinations.find (destination->GetIdentHash ());
@@ -164,16 +330,16 @@ namespace client
 				m_Destinations.erase (it);
 			}	
 			d->Stop ();
-			delete d;
 		}
 	}
 
-	ClientDestination * ClientContext::CreateNewLocalDestination (const i2p::data::PrivateKeys& keys, bool isPublic)
+	std::shared_ptr<ClientDestination> ClientContext::CreateNewLocalDestination (const i2p::data::PrivateKeys& keys, bool isPublic,
+		const std::map<std::string, std::string> * params)
 	{
-		auto it = m_Destinations.find (keys.GetPublic ().GetIdentHash ());
+		auto it = m_Destinations.find (keys.GetPublic ()->GetIdentHash ());
 		if (it != m_Destinations.end ())
 		{
-			LogPrint ("Local destination ", keys.GetPublic ().GetIdentHash ().ToBase32 (), ".b32.i2p exists");
+			LogPrint (eLogWarning, "Clients: Local destination ", m_AddressBook.ToAddress(keys.GetPublic ()->GetIdentHash ()), " exists");
 			if (!it->second->IsRunning ())
 			{	
 				it->second->Start ();
@@ -181,19 +347,302 @@ namespace client
 			}	
 			return nullptr;
 		}	
-		auto localDestination = new ClientDestination (keys, isPublic);
+		auto localDestination = std::make_shared<ClientDestination> (keys, isPublic, params);
 		std::unique_lock<std::mutex> l(m_DestinationsMutex);
-		m_Destinations[keys.GetPublic ().GetIdentHash ()] = localDestination;
+		m_Destinations[keys.GetPublic ()->GetIdentHash ()] = localDestination;
 		localDestination->Start ();
 		return localDestination;
 	}
 	
-	ClientDestination * ClientContext::FindLocalDestination (const i2p::data::IdentHash& destination) const
+	std::shared_ptr<ClientDestination> ClientContext::FindLocalDestination (const i2p::data::IdentHash& destination) const
 	{
 		auto it = m_Destinations.find (destination);
 		if (it != m_Destinations.end ())
 			return it->second;
 		return nullptr;
 	}	
+
+	template<typename Section, typename Type>
+	std::string ClientContext::GetI2CPOption (const Section& section, const std::string& name, const Type& value) const
+	{
+        return section.second.get (boost::property_tree::ptree::path_type (name, '/'), std::to_string (value));
+	}	
+
+	template<typename Section>
+	void ClientContext::ReadI2CPOptions (const Section& section, std::map<std::string, std::string>& options) const
+	{
+		options[I2CP_PARAM_INBOUND_TUNNEL_LENGTH] = GetI2CPOption (section, I2CP_PARAM_INBOUND_TUNNEL_LENGTH,  DEFAULT_INBOUND_TUNNEL_LENGTH);
+		options[I2CP_PARAM_OUTBOUND_TUNNEL_LENGTH] = GetI2CPOption (section, I2CP_PARAM_OUTBOUND_TUNNEL_LENGTH, DEFAULT_OUTBOUND_TUNNEL_LENGTH);
+		options[I2CP_PARAM_INBOUND_TUNNELS_QUANTITY] = GetI2CPOption (section, I2CP_PARAM_INBOUND_TUNNELS_QUANTITY, DEFAULT_INBOUND_TUNNELS_QUANTITY);
+		options[I2CP_PARAM_OUTBOUND_TUNNELS_QUANTITY] = GetI2CPOption (section, I2CP_PARAM_OUTBOUND_TUNNELS_QUANTITY, DEFAULT_OUTBOUND_TUNNELS_QUANTITY);
+		options[I2CP_PARAM_TAGS_TO_SEND] = GetI2CPOption (section, I2CP_PARAM_TAGS_TO_SEND, DEFAULT_TAGS_TO_SEND);
+		options[I2CP_PARAM_MIN_TUNNEL_LATENCY] = GetI2CPOption(section, I2CP_PARAM_MIN_TUNNEL_LATENCY, DEFAULT_MIN_TUNNEL_LATENCY);
+		options[I2CP_PARAM_MAX_TUNNEL_LATENCY] = GetI2CPOption(section, I2CP_PARAM_MAX_TUNNEL_LATENCY, DEFAULT_MAX_TUNNEL_LATENCY);
+	}	
+
+	void ClientContext::ReadI2CPOptionsFromConfig (const std::string& prefix, std::map<std::string, std::string>& options) const
+	{
+		std::string value; 
+		if (i2p::config::GetOption(prefix + I2CP_PARAM_INBOUND_TUNNEL_LENGTH, value)) 
+			options[I2CP_PARAM_INBOUND_TUNNEL_LENGTH] = value;
+		if (i2p::config::GetOption(prefix + I2CP_PARAM_INBOUND_TUNNELS_QUANTITY, value)) 
+			options[I2CP_PARAM_INBOUND_TUNNELS_QUANTITY] = value;	
+		if (i2p::config::GetOption(prefix + I2CP_PARAM_OUTBOUND_TUNNEL_LENGTH, value)) 
+			options[I2CP_PARAM_OUTBOUND_TUNNEL_LENGTH] = value;
+		if (i2p::config::GetOption(prefix + I2CP_PARAM_OUTBOUND_TUNNELS_QUANTITY, value)) 
+			options[I2CP_PARAM_OUTBOUND_TUNNELS_QUANTITY] = value;
+		if (i2p::config::GetOption(prefix + I2CP_PARAM_MIN_TUNNEL_LATENCY, value))
+			options[I2CP_PARAM_MIN_TUNNEL_LATENCY] = value;
+		if (i2p::config::GetOption(prefix + I2CP_PARAM_MAX_TUNNEL_LATENCY, value))
+			options[I2CP_PARAM_MAX_TUNNEL_LATENCY] = value;
+	}	
+
+	void ClientContext::ReadTunnels ()
+	{
+		boost::property_tree::ptree pt;
+		std::string tunConf; i2p::config::GetOption("tunconf", tunConf);
+		if (tunConf == "") {
+			// TODO: cleanup this in 2.8.0
+			tunConf = i2p::fs::DataDirPath ("tunnels.cfg");
+			if (i2p::fs::Exists(tunConf)) {
+				LogPrint(eLogWarning, "FS: please rename tunnels.cfg -> tunnels.conf here: ", tunConf);
+			} else {
+				tunConf = i2p::fs::DataDirPath ("tunnels.conf");
+			}
+		}
+		LogPrint(eLogDebug, "FS: tunnels config file: ", tunConf);
+		try 
+		{
+			boost::property_tree::read_ini (tunConf, pt);
+		} 
+		catch (std::exception& ex) 
+		{
+			LogPrint (eLogWarning, "Clients: Can't read ", tunConf, ": ", ex.what ());
+			return;
+		}
+			
+		int numClientTunnels = 0, numServerTunnels = 0;
+		for (auto& section: pt)
+		{
+			std::string name = section.first;			
+			try
+			{
+				std::string type = section.second.get<std::string> (I2P_TUNNELS_SECTION_TYPE);
+				if (type == I2P_TUNNELS_SECTION_TYPE_CLIENT
+						|| type == I2P_TUNNELS_SECTION_TYPE_SOCKS
+						|| type == I2P_TUNNELS_SECTION_TYPE_WEBSOCKS
+						|| type == I2P_TUNNELS_SECTION_TYPE_HTTPPROXY
+						|| type == I2P_TUNNELS_SECTION_TYPE_UDPCLIENT)
+				{
+					// mandatory params
+					std::string dest;
+					if (type == I2P_TUNNELS_SECTION_TYPE_CLIENT || type == I2P_TUNNELS_SECTION_TYPE_UDPCLIENT)
+						dest = section.second.get<std::string> (I2P_CLIENT_TUNNEL_DESTINATION);
+					int port = section.second.get<int> (I2P_CLIENT_TUNNEL_PORT);
+					// optional params
+					std::string keys = section.second.get (I2P_CLIENT_TUNNEL_KEYS, "");
+					std::string address = section.second.get (I2P_CLIENT_TUNNEL_ADDRESS, "127.0.0.1");
+					int destinationPort = section.second.get (I2P_CLIENT_TUNNEL_DESTINATION_PORT, 0);
+					i2p::data::SigningKeyType sigType = section.second.get (I2P_CLIENT_TUNNEL_SIGNATURE_TYPE, i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
+					// I2CP
+					std::map<std::string, std::string> options;			
+					ReadI2CPOptions (section, options);	
+
+					std::shared_ptr<ClientDestination> localDestination = nullptr;
+					if (keys.length () > 0)
+					{
+						i2p::data::PrivateKeys k;
+						if(LoadPrivateKeys (k, keys, sigType))
+						{
+							localDestination = FindLocalDestination (k.GetPublic ()->GetIdentHash ());
+							if (!localDestination)
+								localDestination = CreateNewLocalDestination (k, type == I2P_TUNNELS_SECTION_TYPE_UDPCLIENT, &options);
+						}
+					}
+					if (type == I2P_TUNNELS_SECTION_TYPE_UDPCLIENT) {
+						// udp client
+						// TODO: hostnames
+						boost::asio::ip::udp::endpoint end(boost::asio::ip::address::from_string(address), port);
+						if (!localDestination)
+						{
+							localDestination = m_SharedLocalDestination;
+						}
+						auto clientTunnel = new I2PUDPClientTunnel(name, dest, end, localDestination, destinationPort);
+						if(m_ClientForwards.insert(std::make_pair(end, std::unique_ptr<I2PUDPClientTunnel>(clientTunnel))).second)
+						{
+							clientTunnel->Start();
+						}
+						else
+							LogPrint(eLogError, "Clients: I2P Client forward for endpoint ", end, " already exists");
+
+					} else {
+						boost::asio::ip::tcp::endpoint clientEndpoint;
+						I2PService * clientTunnel = nullptr;
+						if (type == I2P_TUNNELS_SECTION_TYPE_SOCKS)
+						{
+							// socks proxy
+							clientTunnel = new i2p::proxy::SOCKSProxy(address, port, "", destinationPort, localDestination);
+							clientEndpoint = ((i2p::proxy::SOCKSProxy*)clientTunnel)->GetAcceptor().local_endpoint();
+						}
+						else if (type == I2P_TUNNELS_SECTION_TYPE_HTTPPROXY)
+						{
+							// http proxy
+							clientTunnel = new i2p::proxy::HTTPProxy(address, port, localDestination);
+							clientEndpoint = ((i2p::proxy::HTTPProxy*)clientTunnel)->GetAcceptor().local_endpoint();
+						}
+						else if (type == I2P_TUNNELS_SECTION_TYPE_WEBSOCKS)
+						{
+							// websocks proxy
+							clientTunnel = new WebSocks(address, port, localDestination);;
+							clientEndpoint = ((WebSocks*)clientTunnel)->GetLocalEndpoint();
+						}
+						else
+						{
+							// tcp client
+							clientTunnel = new I2PClientTunnel (name, dest, address, port, localDestination, destinationPort);
+							clientEndpoint = ((I2PClientTunnel*)clientTunnel)->GetAcceptor().local_endpoint();
+						}
+						if (m_ClientTunnels.insert (std::make_pair (clientEndpoint,	std::unique_ptr<I2PService>(clientTunnel))).second)
+						{
+							clientTunnel->Start ();
+							numClientTunnels++;
+						}
+						else
+							LogPrint (eLogError, "Clients: I2P client tunnel for endpoint ", clientEndpoint, "already exists");
+					}
+				}
+				else if (type == I2P_TUNNELS_SECTION_TYPE_SERVER
+								 || type == I2P_TUNNELS_SECTION_TYPE_HTTP
+								 || type == I2P_TUNNELS_SECTION_TYPE_IRC
+								 || type == I2P_TUNNELS_SECTION_TYPE_UDPSERVER)
+				{	
+					// mandatory params
+					std::string host = section.second.get<std::string> (I2P_SERVER_TUNNEL_HOST);
+					int port = section.second.get<int> (I2P_SERVER_TUNNEL_PORT);
+					std::string keys = section.second.get<std::string> (I2P_SERVER_TUNNEL_KEYS);
+					// optional params
+					int inPort = section.second.get (I2P_SERVER_TUNNEL_INPORT, 0);
+					std::string accessList = section.second.get (I2P_SERVER_TUNNEL_ACCESS_LIST, "");
+					std::string hostOverride = section.second.get (I2P_SERVER_TUNNEL_HOST_OVERRIDE, "");
+					std::string webircpass = section.second.get<std::string> (I2P_SERVER_TUNNEL_WEBIRC_PASSWORD, "");
+					bool gzip = section.second.get (I2P_SERVER_TUNNEL_GZIP, true);
+					i2p::data::SigningKeyType sigType = section.second.get (I2P_SERVER_TUNNEL_SIGNATURE_TYPE, i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
+					uint32_t maxConns = section.second.get(i2p::stream::I2CP_PARAM_STREAMING_MAX_CONNS_PER_MIN, i2p::stream::DEFAULT_MAX_CONNS_PER_MIN);
+					std::string address = section.second.get<std::string> (I2P_SERVER_TUNNEL_ADDRESS, "127.0.0.1");
+					bool isUniqueLocal = section.second.get(I2P_SERVER_TUNNEL_ENABLE_UNIQUE_LOCAL, true);
+
+					// I2CP
+					std::map<std::string, std::string> options;							 
+					ReadI2CPOptions (section, options);				
+
+					std::shared_ptr<ClientDestination> localDestination = nullptr;
+					i2p::data::PrivateKeys k;
+					if(!LoadPrivateKeys (k, keys, sigType))
+						continue;
+					localDestination = FindLocalDestination (k.GetPublic ()->GetIdentHash ());
+					if (!localDestination)		
+						localDestination = CreateNewLocalDestination (k, true, &options);
+					if (type == I2P_TUNNELS_SECTION_TYPE_UDPSERVER)
+					{
+						// udp server tunnel
+						// TODO: hostnames
+						auto localAddress = boost::asio::ip::address::from_string(address);
+						boost::asio::ip::udp::endpoint endpoint(boost::asio::ip::address::from_string(host), port);
+						I2PUDPServerTunnel * serverTunnel = new I2PUDPServerTunnel(name, localDestination, localAddress, endpoint, port);
+						if(!isUniqueLocal) 
+						{
+							LogPrint(eLogInfo, "Clients: disabling loopback address mapping");
+							serverTunnel->SetUniqueLocal(isUniqueLocal);
+						}
+						std::lock_guard<std::mutex> lock(m_ForwardsMutex);
+						if(m_ServerForwards.insert(
+							std::make_pair(
+								std::make_pair(
+									localDestination->GetIdentHash(), port),
+								std::unique_ptr<I2PUDPServerTunnel>(serverTunnel))).second)
+						{
+							serverTunnel->Start();
+							LogPrint(eLogInfo, "Clients: I2P Server Forward created for UDP Endpoint ", host, ":", port, " bound on ", address, " for ",localDestination->GetIdentHash().ToBase32());
+						}
+						else
+							LogPrint(eLogError, "Clients: I2P Server Forward for destination/port ", m_AddressBook.ToAddress(localDestination->GetIdentHash()), "/", port, "already exists");
+						
+						continue;
+					}
+          
+					I2PServerTunnel * serverTunnel;
+					if (type == I2P_TUNNELS_SECTION_TYPE_HTTP)
+                    	serverTunnel = new I2PServerTunnelHTTP (name, host, port, localDestination, hostOverride, inPort, gzip);
+               		else if (type == I2P_TUNNELS_SECTION_TYPE_IRC)
+                    	serverTunnel = new I2PServerTunnelIRC (name, host, port, localDestination, webircpass, inPort, gzip);
+					else // regular server tunnel by default
+                   		serverTunnel = new I2PServerTunnel (name, host, port, localDestination, inPort, gzip);
+
+					LogPrint(eLogInfo, "Clients: Set Max Conns To ", maxConns);
+					serverTunnel->SetMaxConnsPerMinute(maxConns);
+					if(!isUniqueLocal)
+					{
+						LogPrint(eLogInfo, "Clients: disabling loopback address mapping");
+						serverTunnel->SetUniqueLocal(isUniqueLocal);
+          			}
+
+					if (accessList.length () > 0)
+					{
+						std::set<i2p::data::IdentHash> idents;
+						size_t pos = 0, comma;
+						do
+						{
+							comma = accessList.find (',', pos);
+							i2p::data::IdentHash ident;
+							ident.FromBase32 (accessList.substr (pos, comma != std::string::npos ? comma - pos : std::string::npos));	
+							idents.insert (ident);
+							pos = comma + 1;
+						}
+						while (comma != std::string::npos);
+						serverTunnel->SetAccessList (idents);
+					}
+					if (m_ServerTunnels.insert (std::make_pair (
+							std::make_pair (localDestination->GetIdentHash (), inPort), 
+					        std::unique_ptr<I2PServerTunnel>(serverTunnel))).second)
+					{
+						serverTunnel->Start ();
+						numServerTunnels++;
+					}
+					else
+						LogPrint (eLogError, "Clients: I2P server tunnel for destination/port ",   m_AddressBook.ToAddress(localDestination->GetIdentHash ()), "/", inPort, " already exists");
+						
+				}
+				else
+					LogPrint (eLogWarning, "Clients: Unknown section type=", type, " of ", name, " in ", tunConf);
+				
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "Clients: Can't read tunnel ", name, " params: ", ex.what ());
+			}
+		}	
+		LogPrint (eLogInfo, "Clients: ", numClientTunnels, " I2P client tunnels created");
+		LogPrint (eLogInfo, "Clients: ", numServerTunnels, " I2P server tunnels created");
+	}
+  
+	void ClientContext::ScheduleCleanupUDP()
+	{
+		if (m_CleanupUDPTimer)
+		{
+			// schedule cleanup in 17 seconds
+			m_CleanupUDPTimer->expires_from_now (boost::posix_time::seconds (17));
+			m_CleanupUDPTimer->async_wait(std::bind(&ClientContext::CleanupUDP, this, std::placeholders::_1));
+		}
+	}
+
+	void ClientContext::CleanupUDP(const boost::system::error_code & ecode)
+	{
+		if(!ecode)
+		{
+			std::lock_guard<std::mutex> lock(m_ForwardsMutex);
+			for (auto & s : m_ServerForwards ) s.second->ExpireStale();
+			ScheduleCleanupUDP();
+		}
+	}
 }		
 }	

ClientContext.h

@@ -1,18 +1,52 @@
 #ifndef CLIENT_CONTEXT_H__
 #define CLIENT_CONTEXT_H__
 
+#include <map>
 #include <mutex>
+#include <memory>
+#include <boost/asio.hpp>
 #include "Destination.h"
+#include "I2PService.h"
 #include "HTTPProxy.h"
 #include "SOCKS.h"
 #include "I2PTunnel.h"
 #include "SAM.h"
+#include "BOB.h"
+#include "I2CP.h"
 #include "AddressBook.h"
 
 namespace i2p
 {
 namespace client
 {
+	const char I2P_TUNNELS_SECTION_TYPE[] = "type";
+	const char I2P_TUNNELS_SECTION_TYPE_CLIENT[] = "client";
+	const char I2P_TUNNELS_SECTION_TYPE_SERVER[] = "server";
+	const char I2P_TUNNELS_SECTION_TYPE_HTTP[] = "http";
+	const char I2P_TUNNELS_SECTION_TYPE_IRC[] = "irc";
+	const char I2P_TUNNELS_SECTION_TYPE_UDPCLIENT[] = "udpclient";
+	const char I2P_TUNNELS_SECTION_TYPE_UDPSERVER[] = "udpserver";
+	const char I2P_TUNNELS_SECTION_TYPE_SOCKS[] = "socks";
+	const char I2P_TUNNELS_SECTION_TYPE_WEBSOCKS[] = "websocks";
+	const char I2P_TUNNELS_SECTION_TYPE_HTTPPROXY[] = "httpproxy";
+	const char I2P_CLIENT_TUNNEL_PORT[] = "port";
+	const char I2P_CLIENT_TUNNEL_ADDRESS[] = "address";
+	const char I2P_CLIENT_TUNNEL_DESTINATION[] = "destination";
+	const char I2P_CLIENT_TUNNEL_KEYS[] = "keys";
+	const char I2P_CLIENT_TUNNEL_SIGNATURE_TYPE[] = "signaturetype";
+	const char I2P_CLIENT_TUNNEL_DESTINATION_PORT[] = "destinationport";	
+	const char I2P_SERVER_TUNNEL_HOST[] = "host";	
+	const char I2P_SERVER_TUNNEL_HOST_OVERRIDE[] = "hostoverride";	
+	const char I2P_SERVER_TUNNEL_PORT[] = "port";
+	const char I2P_SERVER_TUNNEL_KEYS[] = "keys";
+	const char I2P_SERVER_TUNNEL_SIGNATURE_TYPE[] = "signaturetype";
+	const char I2P_SERVER_TUNNEL_INPORT[] = "inport";
+	const char I2P_SERVER_TUNNEL_ACCESS_LIST[] = "accesslist";		
+	const char I2P_SERVER_TUNNEL_GZIP[] = "gzip";
+	const char I2P_SERVER_TUNNEL_WEBIRC_PASSWORD[] = "webircpassword";
+	const char I2P_SERVER_TUNNEL_ADDRESS[] = "address";
+	const char I2P_SERVER_TUNNEL_ENABLE_UNIQUE_LOCAL[] = "enableuniquelocal";
+
 	class ClientContext
 	{
 		public:
@@ -23,36 +57,67 @@ namespace client
 			void Start ();
 			void Stop ();
 
-			ClientDestination * GetSharedLocalDestination () const { return m_SharedLocalDestination; };
-			ClientDestination * CreateNewLocalDestination (bool isPublic = true, i2p::data::SigningKeyType sigType = i2p::data::SIGNING_KEY_TYPE_DSA_SHA1); // transient
-			ClientDestination * CreateNewLocalDestination (const i2p::data::PrivateKeys& keys, bool isPublic = true);
-			void DeleteLocalDestination (ClientDestination * destination);
-			ClientDestination * FindLocalDestination (const i2p::data::IdentHash& destination) const;		
-			ClientDestination * LoadLocalDestination (const std::string& filename, bool isPublic);
+			void ReloadConfig ();
+
+			std::shared_ptr<ClientDestination> GetSharedLocalDestination () const { return m_SharedLocalDestination; };
+			std::shared_ptr<ClientDestination> CreateNewLocalDestination (bool isPublic = false, i2p::data::SigningKeyType sigType = i2p::data::SIGNING_KEY_TYPE_DSA_SHA1,
+			    const std::map<std::string, std::string> * params = nullptr); // transient
+			std::shared_ptr<ClientDestination> CreateNewLocalDestination (const i2p::data::PrivateKeys& keys, bool isPublic = true, 
+				const std::map<std::string, std::string> * params = nullptr);
+			void DeleteLocalDestination (std::shared_ptr<ClientDestination> destination);
+			std::shared_ptr<ClientDestination> FindLocalDestination (const i2p::data::IdentHash& destination) const;		
+			bool LoadPrivateKeys (i2p::data::PrivateKeys& keys, const std::string& filename, i2p::data::SigningKeyType sigType = i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
 
 			AddressBook& GetAddressBook () { return m_AddressBook; };
+			const SAMBridge * GetSAMBridge () const { return m_SamBridge; };
+			const I2CPServer * GetI2CPServer () const { return m_I2CPServer; };
 
-		private:	
+			std::vector<std::shared_ptr<DatagramSessionInfo> > GetForwardInfosFor(const i2p::data::IdentHash & destination);
 
-			void LoadLocalDestinations ();
+		private:
+
+			void ReadTunnels ();
+			template<typename Section, typename Type>
+			std::string GetI2CPOption (const Section& section, const std::string& name, const Type& value) const;
+			template<typename Section>
+			void ReadI2CPOptions (const Section& section, std::map<std::string, std::string>& options) const;
+			void ReadI2CPOptionsFromConfig (const std::string& prefix, std::map<std::string, std::string>& options) const;	
+
+			void CleanupUDP(const boost::system::error_code & ecode);
+			void ScheduleCleanupUDP();
 			
 		private:
 
 			std::mutex m_DestinationsMutex;
-			std::map<i2p::data::IdentHash, ClientDestination *> m_Destinations;
-			ClientDestination * m_SharedLocalDestination;	
+			std::map<i2p::data::IdentHash, std::shared_ptr<ClientDestination> > m_Destinations;
+			std::shared_ptr<ClientDestination>  m_SharedLocalDestination;	
 
 			AddressBook m_AddressBook;
 
 			i2p::proxy::HTTPProxy * m_HttpProxy;
 			i2p::proxy::SOCKSProxy * m_SocksProxy;
-			I2PClientTunnel * m_IrcTunnel;
-			I2PServerTunnel * m_ServerTunnel;
-			SAMBridge * m_SamBridge;
+			std::map<boost::asio::ip::tcp::endpoint, std::unique_ptr<I2PService> > m_ClientTunnels; // local endpoint->tunnel
+			std::map<std::pair<i2p::data::IdentHash, int>, std::unique_ptr<I2PServerTunnel> > m_ServerTunnels; // <destination,port>->tunnel
 
+			std::mutex m_ForwardsMutex;			 
+			std::map<boost::asio::ip::udp::endpoint, std::unique_ptr<I2PUDPClientTunnel> > m_ClientForwards; // local endpoint -> udp tunnel
+			std::map<std::pair<i2p::data::IdentHash, int>, std::unique_ptr<I2PUDPServerTunnel> > m_ServerForwards; // <destination,port> -> udp tunnel
+			
+			SAMBridge * m_SamBridge;
+			BOBCommandChannel * m_BOBCommandChannel;
+			I2CPServer * m_I2CPServer;
+
+			std::unique_ptr<boost::asio::deadline_timer> m_CleanupUDPTimer;
+			
 		public:
 			// for HTTP
 			const decltype(m_Destinations)& GetDestinations () const { return m_Destinations; };
+			const decltype(m_ClientTunnels)& GetClientTunnels () const { return m_ClientTunnels; };
+			const decltype(m_ServerTunnels)& GetServerTunnels () const { return m_ServerTunnels; };
+			const decltype(m_ClientForwards)& GetClientForwards () const { return m_ClientForwards; }
+			const decltype(m_ServerForwards)& GetServerForwards () const { return m_ServerForwards; }
+			const i2p::proxy::HTTPProxy * GetHttpProxy () const { return m_HttpProxy; }
+			const i2p::proxy::SOCKSProxy * GetSocksProxy () const { return m_SocksProxy; }
 	};
 	
 	extern ClientContext context;	

Config.cpp

@@ -0,0 +1,285 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <cstdlib>
+#include <iostream>
+#include <fstream>
+#include <map>
+#include <string>
+#include <boost/program_options/cmdline.hpp>
+#include <boost/program_options/options_description.hpp>
+#include <boost/program_options/parsers.hpp>
+#include <boost/program_options/variables_map.hpp>
+
+#include "Identity.h"
+#include "Config.h"
+#include "version.h"
+
+using namespace boost::program_options;
+
+namespace i2p {
+namespace config {
+  options_description m_OptionsDesc;
+  variables_map       m_Options;
+
+  void Init() {
+
+    options_description general("General options");
+    general.add_options()
+      ("help",     "Show this message")
+      ("conf",      value<std::string>()->default_value(""),     "Path to main i2pd config file (default: try ~/.i2pd/i2pd.conf or /var/lib/i2pd/i2pd.conf)")
+      ("tunconf",   value<std::string>()->default_value(""),     "Path to config with tunnels list and options (default: try ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf)")
+      ("pidfile",   value<std::string>()->default_value(""),     "Path to pidfile (default: ~/i2pd/i2pd.pid or /var/lib/i2pd/i2pd.pid)")
+      ("log",       value<std::string>()->default_value(""),     "Logs destination: stdout, file, syslog (stdout if not set)")
+      ("logfile",   value<std::string>()->default_value(""),     "Path to logfile (stdout if not set, autodetect if daemon)")
+      ("loglevel",  value<std::string>()->default_value("info"), "Set the minimal level of log messages (debug, info, warn, error)")
+	  ("family",    value<std::string>()->default_value(""),     "Specify a family, router belongs to")
+	  ("datadir",   value<std::string>()->default_value(""),     "Path to storage of i2pd data (RI, keys, peer profiles, ...)")
+      ("host",      value<std::string>()->default_value("0.0.0.0"),     "External IP")
+      ("ifname",    value<std::string>()->default_value(""), "Network interface to bind to")
+			("ifname4",   value<std::string>()->default_value(""), "Network interface to bind to for ipv4")
+			("ifname6",   value<std::string>()->default_value(""), "Network interface to bind to for ipv6")
+      ("nat",       value<bool>()->zero_tokens()->default_value(true), "Should we assume we are behind NAT?")
+      ("port",      value<uint16_t>()->default_value(0),                "Port to listen for incoming connections (default: auto)")
+      ("ipv4",      value<bool>()->zero_tokens()->default_value(true),  "Enable communication through ipv4")
+      ("ipv6",      value<bool>()->zero_tokens()->default_value(false), "Enable communication through ipv6")
+	  ("netid",		value<int>()->default_value(I2PD_NET_ID), "Specify NetID. Main I2P is 2") 	
+      ("daemon",    value<bool>()->zero_tokens()->default_value(false), "Router will go to background after start")
+      ("service",   value<bool>()->zero_tokens()->default_value(false), "Router will use system folders like '/var/lib/i2pd'")
+      ("notransit", value<bool>()->zero_tokens()->default_value(false), "Router will not accept transit tunnels at startup")
+      ("floodfill", value<bool>()->zero_tokens()->default_value(false), "Router will be floodfill")
+      ("bandwidth", value<std::string>()->default_value(""), "Bandwidth limit: integer in kbps or letters: L (32), O (256), P (2048), X (>9000)")
+      ("ntcp", value<bool>()->zero_tokens()->default_value(true), "Enable NTCP transport")
+      ("ssu", value<bool>()->zero_tokens()->default_value(true), "Enable SSU transport")
+#ifdef _WIN32
+      ("svcctl",    value<std::string>()->default_value(""),     "Windows service management ('install' or 'remove')")
+      ("insomnia", value<bool>()->zero_tokens()->default_value(false), "Prevent system from sleeping")
+      ("close", value<std::string>()->default_value("ask"), "Action on close: minimize, exit, ask") // TODO: add custom validator or something
+#endif
+      ;
+		
+    options_description limits("Limits options");
+    limits.add_options()
+      ("limits.coresize",         value<uint32_t>()->default_value(0),    "Maximum size of corefile in Kb (0 - use system limit)")
+      ("limits.openfiles",        value<uint16_t>()->default_value(0),    "Maximum number of open files (0 - use system default)")
+      ("limits.transittunnels",   value<uint16_t>()->default_value(2500), "Maximum active transit sessions (default:2500)")
+      ;
+
+    options_description httpserver("HTTP Server options");
+    httpserver.add_options()
+      ("http.enabled",        value<bool>()->default_value(true),               "Enable or disable webconsole")
+      ("http.address",        value<std::string>()->default_value("127.0.0.1"), "Webconsole listen address")
+      ("http.port",           value<uint16_t>()->default_value(7070),           "Webconsole listen port")
+      ("http.auth",           value<bool>()->default_value(false),              "Enable Basic HTTP auth for webconsole")
+      ("http.user",           value<std::string>()->default_value("i2pd"),      "Username for basic auth")
+      ("http.pass",           value<std::string>()->default_value(""),          "Password for basic auth (default: random, see logs)")
+      ;
+
+    options_description httpproxy("HTTP Proxy options");
+    httpproxy.add_options()
+      ("httpproxy.enabled",   value<bool>()->default_value(true),                         "Enable or disable HTTP Proxy")
+      ("httpproxy.address",   value<std::string>()->default_value("127.0.0.1"),           "HTTP Proxy listen address")
+      ("httpproxy.port",      value<uint16_t>()->default_value(4444),                     "HTTP Proxy listen port")
+      ("httpproxy.keys",      value<std::string>()->default_value(""),  "File to persist HTTP Proxy keys")
+	  ("httpproxy.signaturetype",      value<i2p::data::SigningKeyType>()->default_value(i2p::data::SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519), "Signature type for new keys. 7 (EdDSA) by default")	
+	  ("httpproxy.inbound.length",      value<std::string>()->default_value("3"),  "HTTP proxy inbound tunnel length")	
+	  ("httpproxy.outbound.length",     value<std::string>()->default_value("3"),  "HTTP proxy outbound tunnel length")
+	  ("httpproxy.inbound.quantity",    value<std::string>()->default_value("5"),  "HTTP proxy inbound tunnels quantity")	
+	  ("httpproxy.outbound.quantity",   value<std::string>()->default_value("5"),  "HTTP proxy outbound tunnels quantity")
+	  ("httpproxy.latency.min",    value<std::string>()->default_value("0"),  "HTTP proxy min latency for tunnels")	
+	  ("httpproxy.latency.max",   value<std::string>()->default_value("0"),  "HTTP proxy max latency for tunnels")
+			("httpproxy.outproxy", value<std::string>()->default_value(""), "HTTP proxy upstream out proxy url")
+      ;
+
+    options_description socksproxy("SOCKS Proxy options");
+    socksproxy.add_options()
+      ("socksproxy.enabled",  value<bool>()->default_value(true),                         "Enable or disable SOCKS Proxy")
+      ("socksproxy.address",  value<std::string>()->default_value("127.0.0.1"),           "SOCKS Proxy listen address")
+      ("socksproxy.port",     value<uint16_t>()->default_value(4447),                     "SOCKS Proxy listen port")
+      ("socksproxy.keys",     value<std::string>()->default_value(""), "File to persist SOCKS Proxy keys")
+	  ("socksproxy.signaturetype",      value<i2p::data::SigningKeyType>()->default_value(i2p::data::SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519), "Signature type for new keys. 7 (EdDSA) by default")	
+      ("socksproxy.inbound.length",      value<std::string>()->default_value("3"),  "SOCKS proxy inbound tunnel length")	
+	  ("socksproxy.outbound.length",     value<std::string>()->default_value("3"),  "SOCKS proxy outbound tunnel length")
+	  ("socksproxy.inbound.quantity",    value<std::string>()->default_value("5"),  "SOCKS proxy inbound tunnels quantity")	
+	  ("socksproxy.outbound.quantity",   value<std::string>()->default_value("5"),  "SOCKS proxy outbound tunnels quantity")
+	  ("socksproxy.latency.min",    value<std::string>()->default_value("0"),  "SOCKS proxy min latency for tunnels")	
+	  ("socksproxy.latency.max",   value<std::string>()->default_value("0"),  "SOCKS proxy max latency for tunnels")	
+	  ("socksproxy.outproxy", value<std::string>()->default_value("127.0.0.1"), "Upstream outproxy address for SOCKS Proxy")
+      ("socksproxy.outproxyport", value<uint16_t>()->default_value(9050), "Upstream outproxy port for SOCKS Proxy")
+      ;
+
+    options_description sam("SAM bridge options");
+    sam.add_options()
+      ("sam.enabled",         value<bool>()->default_value(false),                        "Enable or disable SAM Application bridge")
+      ("sam.address",         value<std::string>()->default_value("127.0.0.1"),           "SAM listen address")
+      ("sam.port",            value<uint16_t>()->default_value(7656),                     "SAM listen port")
+      ;
+
+    options_description bob("BOB options");
+    bob.add_options()
+      ("bob.enabled",         value<bool>()->default_value(false),                        "Enable or disable BOB command channel")
+      ("bob.address",         value<std::string>()->default_value("127.0.0.1"),           "BOB listen address")
+      ("bob.port",            value<uint16_t>()->default_value(2827),                     "BOB listen port")
+      ;
+
+	options_description i2cp("I2CP options");
+    i2cp.add_options()
+      ("i2cp.enabled",        value<bool>()->default_value(false),                        "Enable or disable I2CP")
+      ("i2cp.address",        value<std::string>()->default_value("127.0.0.1"),           "I2CP listen address")
+      ("i2cp.port",            value<uint16_t>()->default_value(7654),                     "I2CP listen port")
+      ;
+
+    options_description i2pcontrol("I2PControl options");
+    i2pcontrol.add_options()
+      ("i2pcontrol.enabled",  value<bool>()->default_value(false),                        "Enable or disable I2P Control Protocol")
+      ("i2pcontrol.address",  value<std::string>()->default_value("127.0.0.1"),           "I2PCP listen address")
+      ("i2pcontrol.port",     value<uint16_t>()->default_value(7650),                     "I2PCP listen port")
+      ("i2pcontrol.password", value<std::string>()->default_value("itoopie"),             "I2PCP access password")
+      ("i2pcontrol.cert",     value<std::string>()->default_value("i2pcontrol.crt.pem"),  "I2PCP connection cerificate")
+      ("i2pcontrol.key",      value<std::string>()->default_value("i2pcontrol.key.pem"),  "I2PCP connection cerificate key")
+      ;
+
+	bool upnp_default = false;
+#if (defined(USE_UPNP) && (defined(WIN32_APP) || defined(ANDROID)))
+	upnp_default = true; // enable UPNP for windows GUI and android by default	
+#endif
+  	options_description upnp("UPnP options");
+  	upnp.add_options()
+    ("upnp.enabled",  value<bool>()->default_value(upnp_default),             "Enable or disable UPnP: automatic port forwarding")
+	("upnp.name", value<std::string>()->default_value("I2Pd"), "Name i2pd appears in UPnP forwardings list") 
+    ;
+
+	options_description precomputation("Precomputation options");
+	precomputation.add_options()  
+	  ("precomputation.elgamal",  
+#if defined(__x86_64__)	   
+	   value<bool>()->default_value(false),   
+#else
+	   value<bool>()->default_value(true),  
+#endif	   
+	   "Enable or disable elgamal precomputation table")
+	  ;
+	
+	options_description reseed("Reseed options");	
+	reseed.add_options()
+	  ("reseed.verify", value<bool>()->default_value(false), "Verify .su3 signature")
+	  ("reseed.threshold", value<uint16_t>()->default_value(25), "Minimum number of known routers before requesting reseed")
+		("reseed.floodfill", value<std::string>()->default_value(""), "Path to router info of floodfill to reseed from")
+	  ("reseed.file", value<std::string>()->default_value(""),  "Path to local .su3 file or HTTPS URL to reseed from")
+	  ("reseed.zipfile", value<std::string>()->default_value(""),  "Path to local .zip file to reseed from")
+	  ("reseed.urls", value<std::string>()->default_value(
+		"https://reseed.i2p-projekt.de/,"
+		"https://i2p.mooo.com/netDb/,"
+		"https://netdb.i2p2.no/,"
+//		"https://us.reseed.i2p2.no:444/," // mamoth's shit
+//		"https://uk.reseed.i2p2.no:444/," // mamoth's shit
+		"https://i2p-0.manas.ca:8443/,"
+		"https://reseed.i2p.vzaws.com:8443/,"
+		"https://download.xxlspeed.com/,"
+		"https://reseed-ru.lngserv.ru/,"
+	    "https://reseed.atomike.ninja/,"
+	    "https://reseed.memcpy.io/,"
+	    "https://reseed.onion.im/,"
+	    "https://itoopie.atomike.ninja/"
+		),  "Reseed URLs, separated by comma")
+	  ;	
+
+  	options_description addressbook("AddressBook options");
+  	addressbook.add_options()
+      ("addressbook.defaulturl", value<std::string>()->default_value(
+                "http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt"
+                ), "AddressBook subscription URL for initial setup")
+      ("addressbook.subscriptions", value<std::string>()->default_value(""), 
+                "AddressBook subscriptions URLs, separated by comma");
+
+  	options_description trust("Trust options");
+  	trust.add_options()
+      ("trust.enabled", value<bool>()->default_value(false), "Enable explicit trust options")
+      ("trust.family", value<std::string>()->default_value(""), "Router Familiy to trust for first hops")
+			("trust.routers", value<std::string>()->default_value(""), "Only Connect to these routers")
+      ("trust.hidden", value<bool>()->default_value(false), "Should we hide our router from other routers?");
+		
+    options_description websocket("Websocket Options");
+    websocket.add_options()
+      ("websockets.enabled", value<bool>()->default_value(false), "enable websocket server")
+      ("websockets.address", value<std::string>()->default_value("127.0.0.1"), "address to bind websocket server on")
+      ("websockets.port", value<uint16_t>()->default_value(7666), "port to bind websocket server on");
+
+    m_OptionsDesc
+      .add(general)
+	  .add(limits)	
+      .add(httpserver)
+      .add(httpproxy)
+      .add(socksproxy)
+      .add(sam)
+      .add(bob)
+	  .add(i2cp)	
+      .add(i2pcontrol)
+      .add(upnp)
+	  .add(precomputation)
+	  .add(reseed) 
+      .add(addressbook)	
+      .add(trust)
+      .add(websocket)
+      ;
+  }
+
+  void ParseCmdline(int argc, char* argv[]) {
+    try {
+      auto style = boost::program_options::command_line_style::unix_style
+                 | boost::program_options::command_line_style::allow_long_disguise;
+      style &=   ~ boost::program_options::command_line_style::allow_guessing;
+      store(parse_command_line(argc, argv, m_OptionsDesc, style), m_Options);
+    } catch (boost::program_options::error& e) {
+      std::cerr << "args: " << e.what() << std::endl;
+      exit(EXIT_FAILURE);
+    }
+
+    if (m_Options.count("help") || m_Options.count("h")) {
+      std::cout << "i2pd version " << I2PD_VERSION << " (" << I2P_VERSION << ")" << std::endl;
+      std::cout << m_OptionsDesc;
+      exit(EXIT_SUCCESS);
+    }
+  }
+
+  void ParseConfig(const std::string& path) {
+    if (path == "") return;
+
+    std::ifstream config(path, std::ios::in);
+
+    if (!config.is_open()) 
+	{
+      std::cerr << "missing/unreadable config file: " << path << std::endl;
+      exit(EXIT_FAILURE);
+    }
+
+    try 
+	{
+		store(boost::program_options::parse_config_file(config, m_OptionsDesc), m_Options);
+    } 
+	catch (boost::program_options::error& e) 
+	{
+      std::cerr << e.what() << std::endl;
+      exit(EXIT_FAILURE);
+    };
+  }
+
+  void Finalize() {
+    notify(m_Options);
+  }
+
+  bool IsDefault(const char *name) {
+    if (!m_Options.count(name))
+      throw "try to check non-existent option";
+
+    if (m_Options[name].defaulted())
+      return true;
+    return false;
+  }
+} // namespace config
+} // namespace i2p

Config.h

@@ -0,0 +1,113 @@
+#ifndef CONFIG_H
+#define CONFIG_H
+
+#include <string>
+#include <boost/program_options/options_description.hpp>
+#include <boost/program_options/variables_map.hpp>
+
+/**
+ * Functions to parse and store i2pd parameters
+ *
+ * General usage flow:
+ *   Init() -- early as possible
+ *   ParseCmdline() -- somewhere close to main()
+ *   ParseConfig()  -- after detecting path to config
+ *   Finalize()     -- right after all Parse*() functions called
+ *   GetOption()    -- may be called after Finalize()
+ */
+
+namespace i2p {
+namespace config {
+  extern boost::program_options::variables_map m_Options;
+
+  /**
+   * @brief  Initialize list of acceptable parameters
+   *
+   * Should be called before any Parse* functions.
+   */
+  void Init();
+
+  /**
+   * @brief  Parse cmdline parameters, and show help if requested
+   * @param  argc  Cmdline arguments count, should be passed from main().
+   * @param  argv  Cmdline parameters array, should be passed from main()
+   *
+   * If --help is given in parameters, shows it's list with description
+   * terminates the program with exitcode 0.
+   *
+   * In case of parameter misuse boost throws an exception.
+   * We internally handle type boost::program_options::unknown_option,
+   * and then terminate program with exitcode 1.
+   *
+   * Other exceptions will be passed to higher level.
+   */
+  void ParseCmdline(int argc, char* argv[]);
+
+  /**
+   * @brief  Load and parse given config file
+   * @param  path  Path to config file
+   *
+   * If error occured when opening file path is points to,
+   * we show the error message and terminate program.
+   *
+   * In case of parameter misuse boost throws an exception.
+   * We internally handle type boost::program_options::unknown_option,
+   * and then terminate program with exitcode 1.
+   *
+   * Other exceptions will be passed to higher level.
+   */
+  void ParseConfig(const std::string& path);
+
+  /**
+   * @brief  Used to combine options from cmdline, config and default values
+   */
+  void Finalize();
+
+  /* @brief  Accessor to parameters by name
+   * @param  name  Name of the requested parameter
+   * @param  value Variable where to store option
+   * @return this function returns false if parameter not found
+   *
+   * Example: uint16_t port; GetOption("sam.port", port);
+   */
+  template<typename T>
+  bool GetOption(const char *name, T& value) {
+    if (!m_Options.count(name))
+      return false;
+    value = m_Options[name].as<T>();
+    return true;
+  }
+
+  template<typename T>
+  bool GetOption(const std::string& name, T& value) 
+  {
+    return GetOption (name.c_str (), value);
+  }	
+
+  /**
+   * @brief  Set value of given parameter
+   * @param  name  Name of settable parameter
+   * @param  value New parameter value
+   * @return true if value set up successful, false otherwise
+   *
+   * Example: uint16_t port = 2827; SetOption("bob.port", port);
+   */
+  template<typename T>
+  bool SetOption(const char *name, const T& value) {
+    if (!m_Options.count(name))
+      return false;
+    m_Options.at(name).value() = value;
+    notify(m_Options);
+    return true;
+  }
+
+  /**
+   * @brief  Check is value explicitly given or default
+   * @param  name  Name of checked parameter
+   * @return true if value set to default, false othervise
+   */
+  bool IsDefault(const char *name);
+}
+}
+
+#endif // CONFIG_H

Crypto.cpp

@@ -0,0 +1,841 @@
+#include <string.h>
+#include <string>
+#include <vector>
+#include <mutex>
+#include <memory>
+#include <openssl/dh.h>
+#include <openssl/md5.h>
+#include <openssl/crypto.h>
+#include "TunnelBase.h"
+#include <openssl/ssl.h>
+#include "Log.h"
+#include "Crypto.h"
+
+namespace i2p
+{
+namespace crypto
+{	
+	const uint8_t elgp_[256]=
+	{
+		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 
+		0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 
+		0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+		0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+		0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+ 		0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+		0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+		0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 
+		0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+		0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+		0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 
+		0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+		0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+		0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+		0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+		0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+	};
+
+	const int elgg_ = 2;
+	
+	const uint8_t dsap_[128]=
+	{
+		0x9c, 0x05, 0xb2, 0xaa, 0x96, 0x0d, 0x9b, 0x97, 0xb8, 0x93, 0x19, 0x63, 0xc9, 0xcc, 0x9e, 0x8c,
+		0x30, 0x26, 0xe9, 0xb8, 0xed, 0x92, 0xfa, 0xd0, 0xa6, 0x9c, 0xc8, 0x86, 0xd5, 0xbf, 0x80, 0x15,
+		0xfc, 0xad, 0xae, 0x31, 0xa0, 0xad, 0x18, 0xfa, 0xb3, 0xf0, 0x1b, 0x00, 0xa3, 0x58, 0xde, 0x23,
+		0x76, 0x55, 0xc4, 0x96, 0x4a, 0xfa, 0xa2, 0xb3, 0x37, 0xe9, 0x6a, 0xd3, 0x16, 0xb9, 0xfb, 0x1c,
+		0xc5, 0x64, 0xb5, 0xae, 0xc5, 0xb6, 0x9a, 0x9f, 0xf6, 0xc3, 0xe4, 0x54, 0x87, 0x07, 0xfe, 0xf8,
+		0x50, 0x3d, 0x91, 0xdd, 0x86, 0x02, 0xe8, 0x67, 0xe6, 0xd3, 0x5d, 0x22, 0x35, 0xc1, 0x86, 0x9c,
+		0xe2, 0x47, 0x9c, 0x3b, 0x9d, 0x54, 0x01, 0xde, 0x04, 0xe0, 0x72, 0x7f, 0xb3, 0x3d, 0x65, 0x11, 
+		0x28, 0x5d, 0x4c, 0xf2, 0x95, 0x38, 0xd9, 0xe3, 0xb6, 0x05, 0x1f, 0x5b, 0x22, 0xcc, 0x1c, 0x93
+	};
+
+	const uint8_t dsaq_[20]=
+	{
+		0xa5, 0xdf, 0xc2, 0x8f, 0xef, 0x4c, 0xa1, 0xe2, 0x86, 0x74, 0x4c, 0xd8, 0xee, 0xd9, 0xd2, 0x9d,
+		0x68, 0x40, 0x46, 0xb7
+	};
+
+	const uint8_t dsag_[128]=
+	{
+		0x0c, 0x1f, 0x4d, 0x27, 0xd4, 0x00, 0x93, 0xb4, 0x29, 0xe9, 0x62, 0xd7, 0x22, 0x38, 0x24, 0xe0,
+		0xbb, 0xc4, 0x7e, 0x7c, 0x83, 0x2a, 0x39, 0x23, 0x6f, 0xc6, 0x83, 0xaf, 0x84, 0x88, 0x95, 0x81,
+		0x07, 0x5f, 0xf9, 0x08, 0x2e, 0xd3, 0x23, 0x53, 0xd4, 0x37, 0x4d, 0x73, 0x01, 0xcd, 0xa1, 0xd2,
+		0x3c, 0x43, 0x1f, 0x46, 0x98, 0x59, 0x9d, 0xda, 0x02, 0x45, 0x18, 0x24, 0xff, 0x36, 0x97, 0x52,
+		0x59, 0x36, 0x47, 0xcc, 0x3d, 0xdc, 0x19, 0x7d, 0xe9, 0x85, 0xe4, 0x3d, 0x13, 0x6c, 0xdc, 0xfc,
+		0x6b, 0xd5, 0x40, 0x9c, 0xd2, 0xf4, 0x50, 0x82, 0x11, 0x42, 0xa5, 0xe6, 0xf8, 0xeb, 0x1c, 0x3a,
+		0xb5, 0xd0, 0x48, 0x4b, 0x81, 0x29, 0xfc, 0xf1, 0x7b, 0xce, 0x4f, 0x7f, 0x33, 0x32, 0x1c, 0x3c, 
+		0xb3, 0xdb, 0xb1, 0x4a, 0x90, 0x5e, 0x7b, 0x2b, 0x3e, 0x93, 0xbe, 0x47, 0x08, 0xcb, 0xcc, 0x82  
+	};
+
+	const int rsae_ = 65537;	
+	
+	struct CryptoConstants
+	{
+		// DH/ElGamal
+		BIGNUM * elgp;
+		BIGNUM * elgg; 
+
+		// DSA
+		BIGNUM * dsap;		
+		BIGNUM * dsaq;
+		BIGNUM * dsag;
+
+		// RSA
+		BIGNUM * rsae;
+		
+		CryptoConstants (const uint8_t * elgp_, int elgg_, const uint8_t * dsap_, 
+			const uint8_t * dsaq_, const uint8_t * dsag_, int rsae_)
+		{
+			elgp = BN_new ();
+			BN_bin2bn (elgp_, 256, elgp);
+			elgg = BN_new ();
+			BN_set_word (elgg, elgg_);
+			dsap = BN_new ();
+			BN_bin2bn (dsap_, 128, dsap);
+			dsaq = BN_new ();
+			BN_bin2bn (dsaq_, 20, dsaq);
+			dsag = BN_new ();
+			BN_bin2bn (dsag_, 128, dsag);
+			rsae = BN_new ();
+			BN_set_word (rsae, rsae_);
+		}
+		
+		~CryptoConstants ()
+		{
+			BN_free (elgp);  BN_free (elgg); BN_free (dsap); BN_free (dsaq); BN_free (dsag); BN_free (rsae);
+		}	
+	};	
+
+	static const CryptoConstants& GetCryptoConstants ()
+	{
+		static CryptoConstants cryptoConstants (elgp_, elgg_, dsap_, dsaq_, dsag_, rsae_);		                                        
+		return cryptoConstants;
+	}	
+
+	bool bn2buf (const BIGNUM * bn, uint8_t * buf, size_t len)
+	{
+		int offset = len - BN_num_bytes (bn);
+		if (offset < 0) return false;
+		BN_bn2bin (bn, buf + offset);
+		memset (buf, 0, offset);
+		return true;
+	}	
+
+// RSA
+	#define rsae GetCryptoConstants ().rsae		
+	const BIGNUM * GetRSAE ()
+	{
+		return rsae;
+	}	
+
+// DSA
+	#define dsap GetCryptoConstants ().dsap	
+	#define dsaq GetCryptoConstants ().dsaq
+	#define dsag GetCryptoConstants ().dsag	
+	DSA * CreateDSA ()
+	{
+		DSA * dsa = DSA_new ();
+		DSA_set0_pqg (dsa, BN_dup (dsap), BN_dup (dsaq), BN_dup (dsag));	
+		DSA_set0_key (dsa, NULL, NULL);
+		return dsa;
+	}
+
+// DH/ElGamal	
+
+	const int ELGAMAL_SHORT_EXPONENT_NUM_BITS = 226;
+	const int ELGAMAL_SHORT_EXPONENT_NUM_BYTES = ELGAMAL_SHORT_EXPONENT_NUM_BITS/8+1;
+	const int ELGAMAL_FULL_EXPONENT_NUM_BITS = 2048;
+	const int ELGAMAL_FULL_EXPONENT_NUM_BYTES = ELGAMAL_FULL_EXPONENT_NUM_BITS/8;
+	
+	#define elgp GetCryptoConstants ().elgp
+	#define elgg GetCryptoConstants ().elgg
+
+	static BN_MONT_CTX * g_MontCtx = nullptr;
+	static void PrecalculateElggTable (BIGNUM * table[][255], int len) // table is len's array of array of 255 bignums
+	{
+		if (len <= 0) return;
+		BN_CTX * ctx = BN_CTX_new ();
+		g_MontCtx = BN_MONT_CTX_new ();
+		BN_MONT_CTX_set (g_MontCtx, elgp, ctx);		
+		auto montCtx = BN_MONT_CTX_new ();
+		BN_MONT_CTX_copy (montCtx, g_MontCtx);
+		for (int i = 0; i < len; i++)
+		{
+			table[i][0] = BN_new ();
+			if (!i) 	
+				BN_to_montgomery (table[0][0], elgg, montCtx, ctx); 	
+			else
+				BN_mod_mul_montgomery (table[i][0], table[i-1][254], table[i-1][0], montCtx, ctx);
+			for (int j = 1; j < 255; j++)
+			{
+				table[i][j] = BN_new ();
+				BN_mod_mul_montgomery (table[i][j], table[i][j-1], table[i][0], montCtx, ctx);
+			}
+		}
+		BN_MONT_CTX_free (montCtx);
+		BN_CTX_free (ctx);
+	}	 
+
+	static void DestroyElggTable (BIGNUM * table[][255], int len)
+	{
+		for (int i = 0; i < len; i++)
+			for (int j = 0; j < 255; j++)
+			{
+				BN_free (table[i][j]);
+				table[i][j] = nullptr;
+			}
+		BN_MONT_CTX_free (g_MontCtx);
+	}
+	
+	static BIGNUM * ElggPow (const uint8_t * exp, int len, BIGNUM * table[][255], BN_CTX * ctx)
+	// exp is in Big Endian	
+	{
+		if (len <= 0) return nullptr;
+		auto montCtx = BN_MONT_CTX_new ();
+		BN_MONT_CTX_copy (montCtx, g_MontCtx);
+		BIGNUM * res = nullptr;
+		for (int i = 0; i < len; i++)
+		{
+			if (res)
+			{
+				if (exp[i])
+					BN_mod_mul_montgomery (res, res, table[len-1-i][exp[i]-1], montCtx, ctx);
+			}	
+			else if (exp[i]) 
+				res = BN_dup (table[len-i-1][exp[i]-1]);
+		}	
+		if (res)
+			BN_from_montgomery (res, res, montCtx, ctx);
+		BN_MONT_CTX_free (montCtx);
+		return res;
+	}	
+
+	static BIGNUM * ElggPow (const BIGNUM * exp, BIGNUM * table[][255], BN_CTX * ctx)
+	{
+		auto len = BN_num_bytes (exp);
+		uint8_t * buf = new uint8_t[len];
+		BN_bn2bin (exp, buf);
+		auto ret = ElggPow (buf, len, table, ctx);
+		delete[] buf;
+		return ret;
+	}	
+
+	static BIGNUM * (* g_ElggTable)[255] = nullptr; 
+	
+// DH
+	
+	DHKeys::DHKeys ()
+	{
+		m_DH = DH_new ();
+		DH_set0_pqg (m_DH, BN_dup (elgp), NULL, BN_dup (elgg));
+		DH_set0_key (m_DH, NULL, NULL);
+	}
+	
+	DHKeys::~DHKeys ()
+	{
+		DH_free (m_DH);
+	}	
+
+	void DHKeys::GenerateKeys ()
+	{
+		BIGNUM * priv_key = NULL, * pub_key = NULL;	
+#if !defined(__x86_64__) // use short exponent for non x64 
+		priv_key = BN_new ();
+		BN_rand (priv_key, ELGAMAL_SHORT_EXPONENT_NUM_BITS, 0, 1);
+#endif		
+		if (g_ElggTable)
+		{	
+#if defined(__x86_64__)
+			priv_key = BN_new ();
+			BN_rand (priv_key, ELGAMAL_FULL_EXPONENT_NUM_BITS, 0, 1);
+#endif			
+			auto ctx = BN_CTX_new ();
+			pub_key = ElggPow (priv_key, g_ElggTable, ctx);
+			DH_set0_key (m_DH, pub_key, priv_key);
+			BN_CTX_free (ctx);
+		}	
+		else
+		{
+			DH_set0_key (m_DH, NULL, priv_key);
+			DH_generate_key (m_DH);
+			DH_get0_key (m_DH, (const BIGNUM **)&pub_key, (const BIGNUM **)&priv_key);
+		}	
+
+		bn2buf (pub_key, m_PublicKey, 256);
+	}	
+	
+	void DHKeys::Agree (const uint8_t * pub, uint8_t * shared)
+	{
+		BIGNUM * pk = BN_bin2bn (pub, 256, NULL);
+		DH_compute_key (shared, pk, m_DH);
+		BN_free (pk);
+	}	
+	
+// ElGamal
+	void ElGamalEncrypt (const uint8_t * key, const uint8_t * data, uint8_t * encrypted, bool zeroPadding)
+	{
+		BN_CTX * ctx = BN_CTX_new ();
+		// select random k
+		BIGNUM * k = BN_new ();
+#if defined(__x86_64__)
+		BN_rand (k, ELGAMAL_FULL_EXPONENT_NUM_BITS, -1, 1); // full exponent for x64
+#else
+		BN_rand (k, ELGAMAL_SHORT_EXPONENT_NUM_BITS, -1, 1); // short exponent of 226 bits
+#endif		
+		// calculate a
+		BIGNUM * a;	
+		if (g_ElggTable)
+			a = ElggPow (k, g_ElggTable, ctx);
+		else
+		{	
+			a = BN_new ();
+			BN_mod_exp (a, elgg, k, elgp, ctx);
+		}
+
+		BIGNUM * y = BN_new ();
+		BN_bin2bn (key, 256, y);
+		// calculate b1
+		BIGNUM * b1 = BN_new ();
+		BN_mod_exp (b1, y, k, elgp, ctx);
+		BN_free (y);
+		BN_free (k);
+		// create m
+		uint8_t m[255];
+		m[0] = 0xFF;
+		memcpy (m+33, data, 222);
+		SHA256 (m+33, 222, m+1);
+		// calculate b = b1*m mod p
+		BIGNUM * b = BN_new ();
+		BN_bin2bn (m, 255, b);
+		BN_mod_mul (b, b1, b, elgp, ctx);
+		BN_free (b1);
+		// copy a and b
+		if (zeroPadding)
+		{
+			encrypted[0] = 0;
+			bn2buf (a, encrypted + 1, 256);
+			encrypted[257] = 0;
+			bn2buf (b, encrypted + 258, 256);
+		}	
+		else
+		{
+			bn2buf (a, encrypted, 256);
+			bn2buf (b, encrypted + 256, 256);
+		}		
+		BN_free (b);
+		BN_free (a);
+		BN_CTX_free (ctx);
+	}
+
+	bool ElGamalDecrypt (const uint8_t * key, const uint8_t * encrypted, 
+		uint8_t * data, bool zeroPadding)
+	{
+		BN_CTX * ctx = BN_CTX_new ();
+		BIGNUM * x = BN_new (), * a = BN_new (), * b = BN_new ();
+		BN_bin2bn (key, 256, x);
+		BN_sub (x, elgp, x); BN_sub_word (x, 1); // x = elgp - x- 1
+		BN_bin2bn (zeroPadding ? encrypted + 1 : encrypted, 256, a);
+		BN_bin2bn (zeroPadding ? encrypted + 258 : encrypted + 256, 256, b);
+		// m = b*(a^x mod p) mod p		
+		BN_mod_exp (x, a, x, elgp, ctx);
+		BN_mod_mul (b, b, x, elgp, ctx);	
+		uint8_t m[255];
+		bn2buf (b, m, 255); 
+		BN_free (x); BN_free (a); BN_free (b); 
+		BN_CTX_free (ctx);
+		uint8_t hash[32];
+		SHA256 (m + 33, 222, hash);
+		if (memcmp (m + 1, hash, 32))
+		{
+			LogPrint (eLogError, "ElGamal decrypt hash doesn't match");
+			return false;
+		}	
+		memcpy (data, m + 33, 222);
+		return true;
+	}	
+
+	void GenerateElGamalKeyPair (uint8_t * priv, uint8_t * pub)
+	{
+#if defined(__x86_64__) || defined(__i386__) || defined(_MSC_VER)	
+		RAND_bytes (priv, 256);
+#else
+		// lower 226 bits (28 bytes and 2 bits) only. short exponent
+		auto numBytes = (ELGAMAL_SHORT_EXPONENT_NUM_BITS)/8 + 1; // 29
+		auto numZeroBytes = 256 - numBytes;
+		RAND_bytes (priv + numZeroBytes, numBytes);
+		memset (priv, 0, numZeroBytes);
+		priv[numZeroBytes] &= 0x03;
+#endif
+		BN_CTX * ctx = BN_CTX_new ();
+		BIGNUM * p = BN_new ();	
+		BN_bin2bn (priv, 256, p);
+		BN_mod_exp (p, elgg, p, elgp, ctx);
+		bn2buf (p, pub, 256); 
+		BN_free (p);
+		BN_CTX_free (ctx);
+	}
+
+// HMAC
+	const uint64_t IPAD = 0x3636363636363636;
+	const uint64_t OPAD = 0x5C5C5C5C5C5C5C5C; 			
+
+#if defined(__AVX__)	
+	static const uint64_t ipads[] = { IPAD, IPAD, IPAD, IPAD };
+	static const uint64_t opads[] = { OPAD, OPAD, OPAD, OPAD };
+#endif
+	
+	void HMACMD5Digest (uint8_t * msg, size_t len, const MACKey& key, uint8_t * digest)
+	// key is 32 bytes
+	// digest is 16 bytes
+	// block size is 64 bytes	
+	{
+		uint64_t buf[256];
+		uint64_t hash[12]; // 96 bytes
+#if defined(__AVX__) // for AVX
+		__asm__
+		(
+			"vmovups %[key], %%ymm0 \n"
+			"vmovups %[ipad], %%ymm1 \n"
+			"vmovups %%ymm1, 32(%[buf]) \n"
+			"vxorps %%ymm0, %%ymm1, %%ymm1 \n"
+			"vmovups %%ymm1, (%[buf]) \n"			
+			"vmovups %[opad], %%ymm1 \n"
+			"vmovups %%ymm1, 32(%[hash]) \n"	
+			"vxorps %%ymm0, %%ymm1, %%ymm1 \n"
+			"vmovups %%ymm1, (%[hash]) \n"
+			"vzeroall \n" // end of AVX
+		    "movups %%xmm0, 80(%[hash]) \n" // zero last 16 bytes
+			: 
+			: [key]"m"(*(const uint8_t *)key), [ipad]"m"(*ipads), [opad]"m"(*opads),
+			  [buf]"r"(buf), [hash]"r"(hash)
+			: "memory", "%xmm0"	// TODO: change to %ymm0 later
+		);
+#else
+		// ikeypad
+		buf[0] = key.GetLL ()[0] ^ IPAD; 
+		buf[1] = key.GetLL ()[1] ^ IPAD; 
+		buf[2] = key.GetLL ()[2] ^ IPAD; 
+		buf[3] = key.GetLL ()[3] ^ IPAD; 
+		buf[4] = IPAD;
+		buf[5] = IPAD;
+		buf[6] = IPAD;
+		buf[7] = IPAD;
+		// okeypad			
+		hash[0] = key.GetLL ()[0] ^ OPAD; 
+		hash[1] = key.GetLL ()[1] ^ OPAD; 
+		hash[2] = key.GetLL ()[2] ^ OPAD; 
+		hash[3] = key.GetLL ()[3] ^ OPAD; 
+		hash[4] = OPAD;
+		hash[5] = OPAD;
+		hash[6] = OPAD;
+		hash[7] = OPAD;
+		// fill last 16 bytes with zeros (first hash size assumed 32 bytes in I2P)
+		memset (hash + 10, 0, 16);		
+#endif
+
+		// concatenate with msg
+		memcpy (buf + 8, msg, len);
+		// calculate first hash
+		MD5((uint8_t *)buf, len + 64, (uint8_t *)(hash + 8));  // 16 bytes	
+		
+		// calculate digest
+		MD5((uint8_t *)hash, 96, digest);
+	}
+
+// AES
+	#ifdef AESNI
+	
+	#define KeyExpansion256(round0,round1) \
+		"pshufd	$0xff, %%xmm2, %%xmm2 \n" \
+		"movaps	%%xmm1, %%xmm4 \n" \
+		"pslldq	$4, %%xmm4 \n" \
+		"pxor %%xmm4, %%xmm1 \n" \
+		"pslldq	$4, %%xmm4 \n" \
+		"pxor %%xmm4, %%xmm1 \n" \
+		"pslldq	$4, %%xmm4 \n" \
+		"pxor %%xmm4, %%xmm1 \n" \
+		"pxor %%xmm2, %%xmm1 \n" \
+		"movaps	%%xmm1, "#round0"(%[sched]) \n" \
+		"aeskeygenassist $0, %%xmm1, %%xmm4 \n" \
+		"pshufd	$0xaa, %%xmm4, %%xmm2 \n" \
+		"movaps	%%xmm3, %%xmm4 \n" \
+		"pslldq	$4, %%xmm4 \n" \
+		"pxor %%xmm4, %%xmm3 \n" \
+		"pslldq	$4, %%xmm4 \n" \
+		"pxor %%xmm4, %%xmm3 \n" \
+		"pslldq	$4, %%xmm4 \n" \
+		"pxor %%xmm4, %%xmm3 \n" \
+		"pxor %%xmm2, %%xmm3 \n" \
+		"movaps	%%xmm3, "#round1"(%[sched]) \n" 
+
+	void ECBCryptoAESNI::ExpandKey (const AESKey& key)
+	{
+		__asm__
+		(
+			"movups (%[key]), %%xmm1 \n"
+			"movups 16(%[key]), %%xmm3 \n"
+			"movaps %%xmm1, (%[sched]) \n"
+			"movaps %%xmm3, 16(%[sched]) \n"
+			"aeskeygenassist $1, %%xmm3, %%xmm2 \n"
+			KeyExpansion256(32,48)
+			"aeskeygenassist $2, %%xmm3, %%xmm2 \n"
+			KeyExpansion256(64,80)
+			"aeskeygenassist $4, %%xmm3, %%xmm2 \n"
+			KeyExpansion256(96,112)
+			"aeskeygenassist $8, %%xmm3, %%xmm2 \n"
+			KeyExpansion256(128,144)
+			"aeskeygenassist $16, %%xmm3, %%xmm2 \n"
+			KeyExpansion256(160,176)
+			"aeskeygenassist $32, %%xmm3, %%xmm2 \n"
+			KeyExpansion256(192,208)
+			"aeskeygenassist $64, %%xmm3, %%xmm2 \n"
+			// key expansion final
+			"pshufd	$0xff, %%xmm2, %%xmm2 \n"
+			"movaps	%%xmm1, %%xmm4 \n" 
+			"pslldq	$4, %%xmm4 \n"
+			"pxor %%xmm4, %%xmm1 \n"
+			"pslldq	$4, %%xmm4 \n"
+			"pxor %%xmm4, %%xmm1 \n"
+			"pslldq	$4, %%xmm4 \n"
+			"pxor %%xmm4, %%xmm1 \n"
+			"pxor %%xmm2, %%xmm1 \n"
+			"movups	%%xmm1, 224(%[sched]) \n"
+			: // output
+			: [key]"r"((const uint8_t *)key), [sched]"r"(GetKeySchedule ()) // input
+			: "%xmm1", "%xmm2", "%xmm3", "%xmm4", "memory" // clogged
+		);
+	}
+
+	#define EncryptAES256(sched) \
+		"pxor (%["#sched"]), %%xmm0 \n" \
+		"aesenc	16(%["#sched"]), %%xmm0 \n" \
+		"aesenc	32(%["#sched"]), %%xmm0 \n" \
+		"aesenc	48(%["#sched"]), %%xmm0 \n" \
+		"aesenc	64(%["#sched"]), %%xmm0 \n" \
+		"aesenc	80(%["#sched"]), %%xmm0 \n" \
+		"aesenc	96(%["#sched"]), %%xmm0 \n" \
+		"aesenc	112(%["#sched"]), %%xmm0 \n" \
+		"aesenc	128(%["#sched"]), %%xmm0 \n" \
+		"aesenc	144(%["#sched"]), %%xmm0 \n" \
+		"aesenc	160(%["#sched"]), %%xmm0 \n" \
+		"aesenc	176(%["#sched"]), %%xmm0 \n" \
+		"aesenc	192(%["#sched"]), %%xmm0 \n" \
+		"aesenc	208(%["#sched"]), %%xmm0 \n" \
+		"aesenclast	224(%["#sched"]), %%xmm0 \n"
+		
+	void ECBEncryptionAESNI::Encrypt (const ChipherBlock * in, ChipherBlock * out)
+	{
+		__asm__
+		(
+			"movups	(%[in]), %%xmm0 \n"
+			EncryptAES256(sched)
+			"movups	%%xmm0, (%[out]) \n"	
+			: : [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out) : "%xmm0", "memory"
+		);
+	}		
+
+	#define DecryptAES256(sched) \
+		"pxor 224(%["#sched"]), %%xmm0 \n" \
+		"aesdec	208(%["#sched"]), %%xmm0 \n" \
+		"aesdec	192(%["#sched"]), %%xmm0 \n" \
+		"aesdec	176(%["#sched"]), %%xmm0 \n" \
+		"aesdec	160(%["#sched"]), %%xmm0 \n" \
+		"aesdec	144(%["#sched"]), %%xmm0 \n" \
+		"aesdec	128(%["#sched"]), %%xmm0 \n" \
+		"aesdec	112(%["#sched"]), %%xmm0 \n" \
+		"aesdec	96(%["#sched"]), %%xmm0 \n" \
+		"aesdec	80(%["#sched"]), %%xmm0 \n" \
+		"aesdec	64(%["#sched"]), %%xmm0 \n" \
+		"aesdec	48(%["#sched"]), %%xmm0 \n" \
+		"aesdec	32(%["#sched"]), %%xmm0 \n" \
+		"aesdec	16(%["#sched"]), %%xmm0 \n" \
+		"aesdeclast (%["#sched"]), %%xmm0 \n"
+	
+	void ECBDecryptionAESNI::Decrypt (const ChipherBlock * in, ChipherBlock * out)
+	{
+		__asm__
+		(
+			"movups	(%[in]), %%xmm0 \n"
+			DecryptAES256(sched)
+			"movups	%%xmm0, (%[out]) \n"	
+			: : [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out) : "%xmm0", "memory"
+		);		
+	}
+
+	#define CallAESIMC(offset) \
+		"movaps "#offset"(%[shed]), %%xmm0 \n"	\
+		"aesimc %%xmm0, %%xmm0 \n" \
+		"movaps %%xmm0, "#offset"(%[shed]) \n" 
+
+	void ECBDecryptionAESNI::SetKey (const AESKey& key)
+	{
+		ExpandKey (key); // expand encryption key first
+		// then  invert it using aesimc
+		__asm__
+		(
+			CallAESIMC(16)
+			CallAESIMC(32)
+			CallAESIMC(48)
+			CallAESIMC(64)
+			CallAESIMC(80)
+			CallAESIMC(96)
+			CallAESIMC(112)
+			CallAESIMC(128)
+			CallAESIMC(144)
+			CallAESIMC(160)
+			CallAESIMC(176)
+			CallAESIMC(192)
+			CallAESIMC(208)
+			: : [shed]"r"(GetKeySchedule ()) : "%xmm0", "memory"
+		);
+	}
+
+#endif		
+
+
+	void CBCEncryption::Encrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out)
+	{
+#ifdef AESNI
+		__asm__
+		(
+		 	"movups	(%[iv]), %%xmm1 \n"
+		 	"1: \n"
+		 	"movups	(%[in]), %%xmm0 \n"
+		 	"pxor %%xmm1, %%xmm0 \n"
+		 	EncryptAES256(sched)
+		 	"movaps	%%xmm0, %%xmm1 \n"	
+		 	"movups	%%xmm0, (%[out]) \n"
+		 	"add $16, %[in] \n"
+		 	"add $16, %[out] \n"
+		 	"dec %[num] \n"
+		 	"jnz 1b \n"	 	
+		 	"movups	%%xmm1, (%[iv]) \n"
+			: 
+			: [iv]"r"((uint8_t *)m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()), 
+			  [in]"r"(in), [out]"r"(out), [num]"r"(numBlocks)
+			: "%xmm0", "%xmm1", "cc", "memory"
+		); 
+#else		
+		for (int i = 0; i < numBlocks; i++)
+		{
+			*m_LastBlock.GetChipherBlock () ^= in[i];
+			m_ECBEncryption.Encrypt (m_LastBlock.GetChipherBlock (), m_LastBlock.GetChipherBlock ());
+			out[i] = *m_LastBlock.GetChipherBlock ();
+		}
+#endif		
+	}
+
+	void CBCEncryption::Encrypt (const uint8_t * in, std::size_t len, uint8_t * out)
+	{
+		// len/16
+		int numBlocks = len >> 4;
+		if (numBlocks > 0)
+			Encrypt (numBlocks, (const ChipherBlock *)in, (ChipherBlock *)out); 
+	}
+
+	void CBCEncryption::Encrypt (const uint8_t * in, uint8_t * out)
+	{
+#ifdef AESNI
+		__asm__
+		(
+			"movups	(%[iv]), %%xmm1 \n"
+			"movups	(%[in]), %%xmm0 \n"
+		 	"pxor %%xmm1, %%xmm0 \n"
+		 	EncryptAES256(sched)
+			"movups	%%xmm0, (%[out]) \n"
+			"movups	%%xmm0, (%[iv]) \n"
+			: 
+			: [iv]"r"((uint8_t *)m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()), 
+			  [in]"r"(in), [out]"r"(out)
+			: "%xmm0", "%xmm1", "memory"
+		);		
+#else
+		Encrypt (1, (const ChipherBlock *)in, (ChipherBlock *)out); 
+#endif
+	}
+
+	void CBCDecryption::Decrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out)
+	{
+#ifdef AESNI
+		__asm__
+		(
+			"movups	(%[iv]), %%xmm1 \n"
+		 	"1: \n"
+		 	"movups	(%[in]), %%xmm0 \n"
+			"movaps %%xmm0, %%xmm2 \n"
+		 	DecryptAES256(sched)
+			"pxor %%xmm1, %%xmm0 \n"
+		 	"movups	%%xmm0, (%[out]) \n"
+			"movaps %%xmm2, %%xmm1 \n"
+		 	"add $16, %[in] \n"
+		 	"add $16, %[out] \n"
+		 	"dec %[num] \n"
+		 	"jnz 1b \n"	 	
+		 	"movups	%%xmm1, (%[iv]) \n"
+			: 
+			: [iv]"r"((uint8_t *)m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()), 
+			  [in]"r"(in), [out]"r"(out), [num]"r"(numBlocks)
+			: "%xmm0", "%xmm1", "%xmm2", "cc", "memory"
+		); 
+#else
+		for (int i = 0; i < numBlocks; i++)
+		{
+			ChipherBlock tmp = in[i];
+			m_ECBDecryption.Decrypt (in + i, out + i);
+			out[i] ^= *m_IV.GetChipherBlock ();
+			*m_IV.GetChipherBlock () = tmp;
+		}
+#endif
+	}
+
+	void CBCDecryption::Decrypt (const uint8_t * in, std::size_t len, uint8_t * out)
+	{
+		int numBlocks = len >> 4;
+		if (numBlocks > 0)
+			Decrypt (numBlocks, (const ChipherBlock *)in, (ChipherBlock *)out); 
+	}
+
+	void CBCDecryption::Decrypt (const uint8_t * in, uint8_t * out)
+	{
+#ifdef AESNI
+		__asm__
+		(
+			"movups	(%[iv]), %%xmm1 \n"
+		 	"movups	(%[in]), %%xmm0 \n"
+			"movups	%%xmm0, (%[iv]) \n"
+		 	DecryptAES256(sched)
+			"pxor %%xmm1, %%xmm0 \n"
+		 	"movups	%%xmm0, (%[out]) \n"	
+			: 
+			: [iv]"r"((uint8_t *)m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()), 
+			  [in]"r"(in), [out]"r"(out)
+			: "%xmm0", "%xmm1", "memory"
+		);
+#else
+		Decrypt (1, (const ChipherBlock *)in, (ChipherBlock *)out); 
+#endif
+	}
+
+	void TunnelEncryption::Encrypt (const uint8_t * in, uint8_t * out)
+	{
+#ifdef AESNI
+		__asm__
+		(
+            // encrypt IV 
+			"movups	(%[in]), %%xmm0 \n"
+			EncryptAES256(sched_iv)
+			"movaps %%xmm0, %%xmm1 \n"
+			// double IV encryption
+			EncryptAES256(sched_iv)
+			"movups %%xmm0, (%[out]) \n"
+			// encrypt data, IV is xmm1
+			"1: \n"
+			"add $16, %[in] \n"
+		    "add $16, %[out] \n"
+		 	"movups	(%[in]), %%xmm0 \n"
+		 	"pxor %%xmm1, %%xmm0 \n"
+		 	EncryptAES256(sched_l)
+		 	"movaps	%%xmm0, %%xmm1 \n"	
+		 	"movups	%%xmm0, (%[out]) \n"
+		 	"dec %[num] \n"
+		 	"jnz 1b \n"	 	
+			: 
+			: [sched_iv]"r"(m_IVEncryption.GetKeySchedule ()), [sched_l]"r"(m_LayerEncryption.GetKeySchedule ()), 
+			  [in]"r"(in), [out]"r"(out), [num]"r"(63) // 63 blocks = 1008 bytes
+			: "%xmm0", "%xmm1", "cc", "memory"
+		);
+#else
+		m_IVEncryption.Encrypt ((const ChipherBlock *)in, (ChipherBlock *)out); // iv
+		m_LayerEncryption.SetIV (out);
+		m_LayerEncryption.Encrypt (in + 16, i2p::tunnel::TUNNEL_DATA_ENCRYPTED_SIZE, out + 16); // data
+		m_IVEncryption.Encrypt ((ChipherBlock *)out, (ChipherBlock *)out); // double iv
+#endif
+	}
+
+	void TunnelDecryption::Decrypt (const uint8_t * in, uint8_t * out)
+	{
+#ifdef AESNI
+		__asm__
+		(
+            // decrypt IV 
+			"movups	(%[in]), %%xmm0 \n"
+			DecryptAES256(sched_iv)
+			"movaps %%xmm0, %%xmm1 \n"
+			// double IV encryption
+			DecryptAES256(sched_iv)
+			"movups %%xmm0, (%[out]) \n"
+			// decrypt data, IV is xmm1
+			"1: \n"
+			"add $16, %[in] \n"
+		    "add $16, %[out] \n"
+			"movups	(%[in]), %%xmm0 \n"
+			"movaps %%xmm0, %%xmm2 \n"
+		 	DecryptAES256(sched_l)
+			"pxor %%xmm1, %%xmm0 \n"
+		 	"movups	%%xmm0, (%[out]) \n"
+			"movaps %%xmm2, %%xmm1 \n"
+		 	"dec %[num] \n"
+		 	"jnz 1b \n"	 	
+			: 
+			: [sched_iv]"r"(m_IVDecryption.GetKeySchedule ()), [sched_l]"r"(m_LayerDecryption.GetKeySchedule ()), 
+			  [in]"r"(in), [out]"r"(out), [num]"r"(63) // 63 blocks = 1008 bytes
+			: "%xmm0", "%xmm1", "%xmm2", "cc", "memory"
+		);
+#else
+		m_IVDecryption.Decrypt ((const ChipherBlock *)in, (ChipherBlock *)out); // iv
+		m_LayerDecryption.SetIV (out);	
+		m_LayerDecryption.Decrypt (in + 16, i2p::tunnel::TUNNEL_DATA_ENCRYPTED_SIZE, out + 16); // data
+		m_IVDecryption.Decrypt ((ChipherBlock *)out, (ChipherBlock *)out); // double iv
+#endif
+	}	
+
+/*	std::vector <std::unique_ptr<std::mutex> >  m_OpenSSLMutexes;
+	static void OpensslLockingCallback(int mode, int type, const char * file, int line)
+	{
+		if (type > 0 && (size_t)type < m_OpenSSLMutexes.size ())
+		{
+			if (mode & CRYPTO_LOCK)
+				m_OpenSSLMutexes[type]->lock ();
+			else
+				m_OpenSSLMutexes[type]->unlock ();
+		}	
+	}*/
+	
+	void InitCrypto (bool precomputation)
+	{
+		SSL_library_init ();
+/*		auto numLocks = CRYPTO_num_locks();
+		for (int i = 0; i < numLocks; i++)
+		     m_OpenSSLMutexes.emplace_back (new std::mutex);
+		CRYPTO_set_locking_callback (OpensslLockingCallback);*/
+		if (precomputation)
+		{	
+#if defined(__x86_64__)
+			g_ElggTable = new BIGNUM * [ELGAMAL_FULL_EXPONENT_NUM_BYTES][255];
+			PrecalculateElggTable (g_ElggTable, ELGAMAL_FULL_EXPONENT_NUM_BYTES);
+#else			
+			g_ElggTable = new BIGNUM * [ELGAMAL_SHORT_EXPONENT_NUM_BYTES][255];
+			PrecalculateElggTable (g_ElggTable, ELGAMAL_SHORT_EXPONENT_NUM_BYTES);
+#endif		
+		}	
+	}
+	
+	void TerminateCrypto ()
+	{
+		if (g_ElggTable)
+		{		
+			DestroyElggTable (g_ElggTable,
+#if defined(__x86_64__)				                  
+				ELGAMAL_FULL_EXPONENT_NUM_BYTES
+#else
+				ELGAMAL_SHORT_EXPONENT_NUM_BYTES	
+#endif	
+			);   
+			delete[] g_ElggTable; g_ElggTable = nullptr;
+		}	
+/*		CRYPTO_set_locking_callback (nullptr);
+		m_OpenSSLMutexes.clear ();*/
+	}	
+}
+}
+

Crypto.h

@@ -0,0 +1,334 @@
+#ifndef CRYPTO_H__
+#define CRYPTO_H__
+
+#include <inttypes.h>
+#include <string>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/aes.h>
+#include <openssl/dsa.h>
+#include <openssl/ecdsa.h>
+#include <openssl/rsa.h>
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+#include "Base.h"
+#include "Tag.h"
+
+namespace i2p
+{
+namespace crypto
+{
+	bool bn2buf (const BIGNUM * bn, uint8_t * buf, size_t len);
+
+	// DSA
+	DSA * CreateDSA ();	
+
+	// RSA
+	const BIGNUM * GetRSAE ();
+
+	// DH
+	class DHKeys
+	{
+		public:
+			
+			DHKeys ();
+			~DHKeys ();
+
+			void GenerateKeys ();
+			const uint8_t * GetPublicKey () const { return m_PublicKey; };
+			void Agree (const uint8_t * pub, uint8_t * shared);
+			
+		private:
+
+			DH * m_DH;
+			uint8_t m_PublicKey[256];
+	};	
+	
+	// ElGamal
+	void ElGamalEncrypt (const uint8_t * key, const uint8_t * data, uint8_t * encrypted, bool zeroPadding = false);
+	bool ElGamalDecrypt (const uint8_t * key, const uint8_t * encrypted, uint8_t * data, bool zeroPadding = false);
+	void GenerateElGamalKeyPair (uint8_t * priv, uint8_t * pub);
+
+	// HMAC
+	typedef i2p::data::Tag<32> MACKey;		
+	void HMACMD5Digest (uint8_t * msg, size_t len, const MACKey& key, uint8_t * digest);
+
+	// AES
+	struct ChipherBlock	
+	{
+		uint8_t buf[16];
+
+		void operator^=(const ChipherBlock& other) // XOR
+		{
+#if defined(__AVX__) // AVX
+			__asm__
+			(
+				"vmovups (%[buf]), %%xmm0 \n"	
+				"vmovups (%[other]), %%xmm1 \n"	
+				"vxorps %%xmm0, %%xmm1, %%xmm0 \n"
+				"vmovups %%xmm0, (%[buf]) \n"	
+				: 
+				: [buf]"r"(buf), [other]"r"(other.buf) 
+				: "%xmm0", "%xmm1", "memory"
+			);		
+#elif defined(__SSE__) // SSE
+			__asm__
+			(
+				"movups	(%[buf]), %%xmm0 \n"	
+				"movups	(%[other]), %%xmm1 \n"	
+				"pxor %%xmm1, %%xmm0 \n"
+				"movups	%%xmm0, (%[buf]) \n"
+				: 
+				: [buf]"r"(buf), [other]"r"(other.buf) 
+				: "%xmm0", "%xmm1", "memory"
+			);			
+#else
+			// TODO: implement it better
+			for (int i = 0; i < 16; i++)
+				buf[i] ^= other.buf[i];
+#endif
+		}	 
+	};
+
+	typedef i2p::data::Tag<32> AESKey;
+	
+	template<size_t sz>
+	class AESAlignedBuffer // 16 bytes alignment
+	{
+		public:
+		
+			AESAlignedBuffer ()
+			{
+				m_Buf = m_UnalignedBuffer;
+				uint8_t rem = ((size_t)m_Buf) & 0x0f;
+				if (rem)
+					m_Buf += (16 - rem);
+			}
+		
+			operator uint8_t * () { return m_Buf; };
+			operator const uint8_t * () const { return m_Buf; };
+			ChipherBlock * GetChipherBlock () { return (ChipherBlock *)m_Buf; };
+			const ChipherBlock * GetChipherBlock () const { return (const ChipherBlock *)m_Buf; };
+			
+		private:
+
+			uint8_t m_UnalignedBuffer[sz + 15]; // up to 15 bytes alignment
+			uint8_t * m_Buf;
+	};			
+
+
+#ifdef AESNI
+	class ECBCryptoAESNI
+	{	
+		public:
+
+			uint8_t * GetKeySchedule () { return m_KeySchedule; };
+
+		protected:
+
+			void ExpandKey (const AESKey& key);
+		
+		private:
+
+			AESAlignedBuffer<240> m_KeySchedule;  // 14 rounds for AES-256, 240 bytes
+	};	
+
+	class ECBEncryptionAESNI: public ECBCryptoAESNI
+	{
+		public:
+		
+			void SetKey (const AESKey& key) { ExpandKey (key); };
+			void Encrypt (const ChipherBlock * in, ChipherBlock * out);	
+	};	
+
+	class ECBDecryptionAESNI: public ECBCryptoAESNI
+	{
+		public:
+		
+			void SetKey (const AESKey& key);
+			void Decrypt (const ChipherBlock * in, ChipherBlock * out);		
+	};	
+
+	typedef ECBEncryptionAESNI ECBEncryption;
+	typedef ECBDecryptionAESNI ECBDecryption;
+
+#else // use openssl
+
+	class ECBEncryption
+	{
+		public:
+		
+			void SetKey (const AESKey& key) 
+			{ 
+				AES_set_encrypt_key (key, 256, &m_Key);
+			}
+			void Encrypt (const ChipherBlock * in, ChipherBlock * out)
+			{
+				AES_encrypt (in->buf, out->buf, &m_Key);
+			}	
+
+		private:
+
+			AES_KEY m_Key;
+	};	
+
+	class ECBDecryption
+	{
+		public:
+		
+			void SetKey (const AESKey& key) 
+			{ 
+				AES_set_decrypt_key (key, 256, &m_Key); 
+			}
+			void Decrypt (const ChipherBlock * in, ChipherBlock * out)
+			{
+				AES_decrypt (in->buf, out->buf, &m_Key);
+			}	
+
+		private:
+
+			AES_KEY m_Key;
+	};		
+
+
+#endif			
+
+	class CBCEncryption
+	{
+		public:
+	
+			CBCEncryption () { memset ((uint8_t *)m_LastBlock, 0, 16); };
+
+			void SetKey (const AESKey& key) { m_ECBEncryption.SetKey (key); }; // 32 bytes
+			void SetIV (const uint8_t * iv) { memcpy ((uint8_t *)m_LastBlock, iv, 16); }; // 16 bytes
+
+			void Encrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
+			void Encrypt (const uint8_t * in, std::size_t len, uint8_t * out);
+			void Encrypt (const uint8_t * in, uint8_t * out); // one block
+
+		private:
+
+			AESAlignedBuffer<16> m_LastBlock;
+			
+			ECBEncryption m_ECBEncryption;
+	};
+
+	class CBCDecryption
+	{
+		public:
+	
+			CBCDecryption () { memset ((uint8_t *)m_IV, 0, 16); };
+
+			void SetKey (const AESKey& key) { m_ECBDecryption.SetKey (key); }; // 32 bytes
+			void SetIV (const uint8_t * iv) { memcpy ((uint8_t *)m_IV, iv, 16); }; // 16 bytes
+
+			void Decrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
+			void Decrypt (const uint8_t * in, std::size_t len, uint8_t * out);
+			void Decrypt (const uint8_t * in, uint8_t * out); // one block
+
+		private:
+
+			AESAlignedBuffer<16> m_IV;
+			ECBDecryption m_ECBDecryption;
+	};	
+
+	class TunnelEncryption // with double IV encryption
+	{
+		public:
+
+			void SetKeys (const AESKey& layerKey, const AESKey& ivKey)
+			{
+				m_LayerEncryption.SetKey (layerKey);
+				m_IVEncryption.SetKey (ivKey);
+			}	
+
+			void Encrypt (const uint8_t * in, uint8_t * out); // 1024 bytes (16 IV + 1008 data)		
+
+		private:
+
+			ECBEncryption m_IVEncryption;
+#ifdef AESNI
+			ECBEncryption m_LayerEncryption;
+#else
+			CBCEncryption m_LayerEncryption;
+#endif
+	};
+
+	class TunnelDecryption // with double IV encryption
+	{
+		public:
+
+			void SetKeys (const AESKey& layerKey, const AESKey& ivKey)
+			{
+				m_LayerDecryption.SetKey (layerKey);
+				m_IVDecryption.SetKey (ivKey);
+			}			
+
+			void Decrypt (const uint8_t * in, uint8_t * out); // 1024 bytes (16 IV + 1008 data)	
+
+		private:
+
+			ECBDecryption m_IVDecryption;
+#ifdef AESNI
+			ECBDecryption m_LayerDecryption;
+#else
+			CBCDecryption m_LayerDecryption;
+#endif
+	};	
+
+	void InitCrypto (bool precomputation);
+	void TerminateCrypto ();
+}		
+}	
+
+// take care about openssl version
+#include <openssl/opensslv.h>
+#if (OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER) // 1.1.0 or LibreSSL
+// define getters and setters introduced in 1.1.0
+inline int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) 
+	{ d->p = p; d->q = q; d->g = g; return 1; }
+inline int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) 
+	{ d->pub_key = pub_key; d->priv_key = priv_key; return 1; } 
+inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) 
+	{ *pub_key = d->pub_key; *priv_key = d->priv_key; }
+inline int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) 
+	{ sig->r = r; sig->s = s; return 1; }
+inline void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) 
+	{ *pr = sig->r; *ps = sig->s; }
+
+inline int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+	{ 
+		if (sig->r) BN_free (sig->r);
+		if (sig->s) BN_free (sig->s);
+		sig->r = r; sig->s = s; return 1; 
+	}
+inline void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+	{ *pr = sig->r; *ps = sig->s; }
+
+inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) 
+	{ r->n = n; r->e = e; r->d = d; return 1; }
+inline void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+	{ *n = r->n; *e = r->e; *d = r->d; }
+
+inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+	{ dh->p = p; dh->q = q; dh->g = g;  return 1; }
+inline int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+	{ 
+		if (dh->pub_key) BN_free (dh->pub_key); 
+		if (dh->priv_key) BN_free (dh->priv_key);
+		dh->pub_key = pub_key; dh->priv_key = priv_key; return 1; 
+	}
+inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+	{ *pub_key = dh->pub_key; *priv_key = dh->priv_key; }
+
+inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
+	{ return pkey->pkey.rsa; }
+
+// ssl
+#define TLS_method TLSv1_method
+
+#endif
+
+#endif

CryptoConst.cpp

@@ -1,73 +0,0 @@
-#include <inttypes.h>
-#include "CryptoConst.h"
-
-namespace i2p
-{
-namespace crypto
-{
-	const uint8_t elgp_[256]=
-	{
-		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 
-		0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 
-		0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-		0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
-		0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 		0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-		0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
-		0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 
-		0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
-		0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
-		0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 
-		0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
-		0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
-		0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
-		0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
-		0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
-	};
-	
-	const uint8_t dsap_[128]=
-	{
-		0x9c, 0x05, 0xb2, 0xaa, 0x96, 0x0d, 0x9b, 0x97, 0xb8, 0x93, 0x19, 0x63, 0xc9, 0xcc, 0x9e, 0x8c,
-		0x30, 0x26, 0xe9, 0xb8, 0xed, 0x92, 0xfa, 0xd0, 0xa6, 0x9c, 0xc8, 0x86, 0xd5, 0xbf, 0x80, 0x15,
-		0xfc, 0xad, 0xae, 0x31, 0xa0, 0xad, 0x18, 0xfa, 0xb3, 0xf0, 0x1b, 0x00, 0xa3, 0x58, 0xde, 0x23,
-		0x76, 0x55, 0xc4, 0x96, 0x4a, 0xfa, 0xa2, 0xb3, 0x37, 0xe9, 0x6a, 0xd3, 0x16, 0xb9, 0xfb, 0x1c,
-		0xc5, 0x64, 0xb5, 0xae, 0xc5, 0xb6, 0x9a, 0x9f, 0xf6, 0xc3, 0xe4, 0x54, 0x87, 0x07, 0xfe, 0xf8,
-		0x50, 0x3d, 0x91, 0xdd, 0x86, 0x02, 0xe8, 0x67, 0xe6, 0xd3, 0x5d, 0x22, 0x35, 0xc1, 0x86, 0x9c,
-		0xe2, 0x47, 0x9c, 0x3b, 0x9d, 0x54, 0x01, 0xde, 0x04, 0xe0, 0x72, 0x7f, 0xb3, 0x3d, 0x65, 0x11, 
-		0x28, 0x5d, 0x4c, 0xf2, 0x95, 0x38, 0xd9, 0xe3, 0xb6, 0x05, 0x1f, 0x5b, 0x22, 0xcc, 0x1c, 0x93
-	};
-
-	const uint8_t dsaq_[20]=
-	{
-		0xa5, 0xdf, 0xc2, 0x8f, 0xef, 0x4c, 0xa1, 0xe2, 0x86, 0x74, 0x4c, 0xd8, 0xee, 0xd9, 0xd2, 0x9d,
-		0x68, 0x40, 0x46, 0xb7
-	};
-
-	const uint8_t dsag_[128]=
-	{
-		0x0c, 0x1f, 0x4d, 0x27, 0xd4, 0x00, 0x93, 0xb4, 0x29, 0xe9, 0x62, 0xd7, 0x22, 0x38, 0x24, 0xe0,
-		0xbb, 0xc4, 0x7e, 0x7c, 0x83, 0x2a, 0x39, 0x23, 0x6f, 0xc6, 0x83, 0xaf, 0x84, 0x88, 0x95, 0x81,
-		0x07, 0x5f, 0xf9, 0x08, 0x2e, 0xd3, 0x23, 0x53, 0xd4, 0x37, 0x4d, 0x73, 0x01, 0xcd, 0xa1, 0xd2,
-		0x3c, 0x43, 0x1f, 0x46, 0x98, 0x59, 0x9d, 0xda, 0x02, 0x45, 0x18, 0x24, 0xff, 0x36, 0x97, 0x52,
-		0x59, 0x36, 0x47, 0xcc, 0x3d, 0xdc, 0x19, 0x7d, 0xe9, 0x85, 0xe4, 0x3d, 0x13, 0x6c, 0xdc, 0xfc,
-		0x6b, 0xd5, 0x40, 0x9c, 0xd2, 0xf4, 0x50, 0x82, 0x11, 0x42, 0xa5, 0xe6, 0xf8, 0xeb, 0x1c, 0x3a,
-		0xb5, 0xd0, 0x48, 0x4b, 0x81, 0x29, 0xfc, 0xf1, 0x7b, 0xce, 0x4f, 0x7f, 0x33, 0x32, 0x1c, 0x3c, 
-		0xb3, 0xdb, 0xb1, 0x4a, 0x90, 0x5e, 0x7b, 0x2b, 0x3e, 0x93, 0xbe, 0x47, 0x08, 0xcb, 0xcc, 0x82  
-	};
-
-	const CryptoConstants& GetCryptoConstants ()
-	{
-		static CryptoConstants cryptoConstants = 
-		{
-			{elgp_, 256},	// elgp
-			{2},			// elgg	
-			{dsap_, 128},	// dsap
-			{dsaq_, 20},	// dsaq
-			{dsag_, 128}	// dsag
-		};	
-		return cryptoConstants;
-	}	
-	
-}
-}
-

CryptoConst.h

@@ -1,35 +0,0 @@
-#ifndef CRYPTO_CONST_H__
-#define CRYPTO_CONST_H__
-
-#include <cryptopp/integer.h>
-
-namespace i2p
-{
-namespace crypto
-{
-	struct CryptoConstants
-	{
-		// DH/ElGamal
-		const CryptoPP::Integer elgp;
-		const CryptoPP::Integer elgg; 
-
-		// DSA
-		const CryptoPP::Integer dsap;		
-		const CryptoPP::Integer dsaq;
-		const CryptoPP::Integer dsag;			
-	};	
-	
-	const CryptoConstants& GetCryptoConstants ();
-	
-	// DH/ElGamal	
-	#define elgp GetCryptoConstants ().elgp
-	#define elgg GetCryptoConstants ().elgg
-
-	// DSA
-	#define dsap GetCryptoConstants ().dsap	
-	#define dsaq GetCryptoConstants ().dsaq
-	#define dsag GetCryptoConstants ().dsag		
-}		
-}	
-
-#endif

Daemon.cpp

@@ -1,22 +1,32 @@
 #include <thread>
+#include <memory>
 
 #include "Daemon.h"
 
+#include "Config.h"
 #include "Log.h"
-#include "base64.h"
+#include "FS.h"
+#include "Base.h"
 #include "version.h"
 #include "Transports.h"
 #include "NTCPSession.h"
 #include "RouterInfo.h"
 #include "RouterContext.h"
 #include "Tunnel.h"
+#include "HTTP.h"
 #include "NetDb.h"
 #include "Garlic.h"
-#include "util.h"
 #include "Streaming.h"
 #include "Destination.h"
 #include "HTTPServer.h"
+#include "I2PControl.h"
 #include "ClientContext.h"
+#include "Crypto.h"
+#include "UPnP.h"
+#include "util.h"
+
+#include "Event.h"
+#include "Websocket.h"
 
 namespace i2p
 {
@@ -25,114 +35,324 @@ namespace i2p
 		class Daemon_Singleton::Daemon_Singleton_Private
 		{
 		public:
-			Daemon_Singleton_Private() : httpServer(nullptr)
-			{};
-			~Daemon_Singleton_Private() 
-			{
-				delete httpServer;
-			};
+			Daemon_Singleton_Private() {};
+			~Daemon_Singleton_Private() {};
 
-			i2p::util::HTTPServer *httpServer;
+			std::unique_ptr<i2p::http::HTTPServer> httpServer;
+			std::unique_ptr<i2p::client::I2PControlService> m_I2PControlService;
+			std::unique_ptr<i2p::transport::UPnP> UPnP;
+#ifdef WITH_EVENTS
+			std::unique_ptr<i2p::event::WebsocketServer> m_WebsocketServer;
+#endif
 		};
 
-		Daemon_Singleton::Daemon_Singleton() : running(1), d(*new Daemon_Singleton_Private()) {};
+		Daemon_Singleton::Daemon_Singleton() : isDaemon(false), running(true), d(*new Daemon_Singleton_Private()) {}
 		Daemon_Singleton::~Daemon_Singleton() {
 			delete &d;
-		};
+		}
 
 		bool Daemon_Singleton::IsService () const
 		{
+			bool service = false;
 #ifndef _WIN32
-			return i2p::util::config::GetArg("-service", 0);
-#else
-			return false;
+			i2p::config::GetOption("service", service);
 #endif
+			return service;
 		}
 
 		bool Daemon_Singleton::init(int argc, char* argv[])
 		{
-			i2p::util::config::OptionParser(argc, argv);
+			i2p::config::Init();
+			i2p::config::ParseCmdline(argc, argv);
+
+			std::string config;  i2p::config::GetOption("conf",    config);
+			std::string datadir; i2p::config::GetOption("datadir", datadir);
+			i2p::fs::DetectDataDir(datadir, IsService());
+			i2p::fs::Init();
+
+			datadir = i2p::fs::GetDataDir();
+			// TODO: drop old name detection in v2.8.0
+			if (config == "")
+			{
+				config = i2p::fs::DataDirPath("i2p.conf");
+				if (i2p::fs::Exists (config)) {
+					LogPrint(eLogWarning, "Daemon: please rename i2p.conf to i2pd.conf here: ", config);
+				} else {
+					config = i2p::fs::DataDirPath("i2pd.conf");
+					if (!i2p::fs::Exists (config)) {
+						// use i2pd.conf only if exists
+						config = ""; /* reset */
+					}
+				}
+			}
+
+			i2p::config::ParseConfig(config);
+			i2p::config::Finalize();
+
+			i2p::config::GetOption("daemon", isDaemon);
+
+			std::string logs     = ""; i2p::config::GetOption("log",      logs);
+			std::string logfile  = ""; i2p::config::GetOption("logfile",  logfile);
+			std::string loglevel = ""; i2p::config::GetOption("loglevel", loglevel);
+
+			/* setup logging */
+			if (isDaemon && (logs == "" || logs == "stdout"))
+				logs = "file";
+
+			i2p::log::Logger().SetLogLevel(loglevel);
+			if (logs == "file") {
+				if (logfile == "")
+					logfile = i2p::fs::DataDirPath("i2pd.log");
+				LogPrint(eLogInfo, "Log: will send messages to ", logfile);
+				i2p::log::Logger().SendTo (logfile);
+#ifndef _WIN32
+			} else if (logs == "syslog") {
+				LogPrint(eLogInfo, "Log: will send messages to syslog");
+				i2p::log::Logger().SendTo("i2pd", LOG_DAEMON);
+#endif
+			} else {
+				// use stdout -- default
+			}
+
+			LogPrint(eLogInfo,	"i2pd v", VERSION, " starting");
+			LogPrint(eLogDebug, "FS: main config file: ", config);
+			LogPrint(eLogDebug, "FS: data directory: ", datadir);
+
+			bool precomputation; i2p::config::GetOption("precomputation.elgamal", precomputation);
+			i2p::crypto::InitCrypto (precomputation);
+
+			int netID; i2p::config::GetOption("netid", netID);
+			i2p::context.SetNetID (netID);
 			i2p::context.Init ();
 
-			LogPrint("\n\n\n\ni2pd starting\n");
-			LogPrint("Version ", VERSION);
-			LogPrint("data directory: ", i2p::util::filesystem::GetDataDir().string());
-			i2p::util::filesystem::ReadConfigFile(i2p::util::config::mapArgs, i2p::util::config::mapMultiArgs);
-
-			isDaemon = i2p::util::config::GetArg("-daemon", 0);
-			isLogging = i2p::util::config::GetArg("-log", 1);
-
-			int port = i2p::util::config::GetArg("-port", 0);
-			if (port)
-				i2p::context.UpdatePort (port);					
-			const char * host = i2p::util::config::GetCharArg("-host", "");
-			if (host && host[0])
-				i2p::context.UpdateAddress (boost::asio::ip::address::from_string (host));	
-
-			if (i2p::util::config::GetArg("-unreachable", 0))
-				i2p::context.SetUnreachable ();
-
-			i2p::context.SetSupportsV6 (i2p::util::config::GetArg("-v6", 0));
+			bool ipv6;		i2p::config::GetOption("ipv6", ipv6);
+			bool ipv4;		i2p::config::GetOption("ipv4", ipv4);
+#ifdef MESHNET
+			// manual override for meshnet
+			ipv4 = false;
+			ipv6 = true;
+#endif
+			uint16_t port; i2p::config::GetOption("port", port);
+			if (!i2p::config::IsDefault("port"))
+			{
+				LogPrint(eLogInfo, "Daemon: accepting incoming connections at port ", port);
+				i2p::context.UpdatePort (port);
+			}
+			i2p::context.SetSupportsV6		 (ipv6);
+			i2p::context.SetSupportsV4		 (ipv4);
 			
-			LogPrint("CMD parameters:");
-			for (int i = 0; i < argc; ++i)
-				LogPrint(i, "  ", argv[i]);
+			bool transit; i2p::config::GetOption("notransit", transit);
+			i2p::context.SetAcceptsTunnels (!transit);
+			uint16_t transitTunnels; i2p::config::GetOption("limits.transittunnels", transitTunnels);
+			SetMaxNumTransitTunnels (transitTunnels);
 
-			return true;
+			bool isFloodfill; i2p::config::GetOption("floodfill", isFloodfill);
+			if (isFloodfill) {
+				LogPrint(eLogInfo, "Daemon: router will be floodfill");
+				i2p::context.SetFloodfill (true);
+			}	else {
+				i2p::context.SetFloodfill (false);
+			}
+
+			/* this section also honors 'floodfill' flag, if set above */
+			std::string bandwidth; i2p::config::GetOption("bandwidth", bandwidth);
+			if (bandwidth.length () > 0)
+			{	
+				if (bandwidth[0] >= 'K' && bandwidth[0] <= 'X') 
+				{
+					i2p::context.SetBandwidth (bandwidth[0]);
+					LogPrint(eLogInfo, "Daemon: bandwidth set to ", i2p::context.GetBandwidthLimit (), "KBps");
+				} 
+				else 
+				{
+					auto value = std::atoi(bandwidth.c_str());
+					if (value > 0) 
+					{	
+						i2p::context.SetBandwidth (value);
+						LogPrint(eLogInfo, "Daemon: bandwidth set to ", i2p::context.GetBandwidthLimit (), " KBps");
+					}
+					else
+					{
+						LogPrint(eLogInfo, "Daemon: unexpected bandwidth ", bandwidth, ". Set to 'low'");
+						i2p::context.SetBandwidth (i2p::data::CAPS_FLAG_LOW_BANDWIDTH2);
+					}	
+				}	
+			}	
+			else if (isFloodfill) 
+			{
+				LogPrint(eLogInfo, "Daemon: floodfill bandwidth set to 'extra'");
+				i2p::context.SetBandwidth (i2p::data::CAPS_FLAG_EXTRA_BANDWIDTH1);
+			} 
+			else
+			{
+				LogPrint(eLogInfo, "Daemon: bandwidth set to 'low'");
+				i2p::context.SetBandwidth (i2p::data::CAPS_FLAG_LOW_BANDWIDTH2);
+			}	
+
+			std::string family; i2p::config::GetOption("family", family);
+			i2p::context.SetFamily (family);
+			if (family.length () > 0)
+				LogPrint(eLogInfo, "Daemon: family set to ", family);	
+
+      bool trust; i2p::config::GetOption("trust.enabled", trust);
+      if (trust)
+      {
+        LogPrint(eLogInfo, "Daemon: explicit trust enabled");
+        std::string fam; i2p::config::GetOption("trust.family", fam);
+				std::string routers; i2p::config::GetOption("trust.routers", routers);
+				bool restricted = false;
+        if (fam.length() > 0)
+        {
+					std::set<std::string> fams;
+					size_t pos = 0, comma;
+					do
+					{
+						comma = fam.find (',', pos);
+						fams.insert (fam.substr (pos, comma != std::string::npos ? comma - pos : std::string::npos));
+						pos = comma + 1;
+					}
+					while (comma != std::string::npos);				 
+					i2p::transport::transports.RestrictRoutesToFamilies(fams);
+					restricted  = fams.size() > 0;
+        }
+				if (routers.length() > 0) {
+					std::set<i2p::data::IdentHash> idents;
+					size_t pos = 0, comma;
+					do
+					{
+						comma = routers.find (',', pos);
+						i2p::data::IdentHash ident;
+						ident.FromBase64 (routers.substr (pos, comma != std::string::npos ? comma - pos : std::string::npos));	
+						idents.insert (ident);
+						pos = comma + 1;
+					}
+					while (comma != std::string::npos);				 
+					LogPrint(eLogInfo, "Daemon: setting restricted routes to use ", idents.size(), " trusted routesrs");
+					i2p::transport::transports.RestrictRoutesToRouters(idents);
+					restricted = idents.size() > 0;
+				}
+				if(!restricted)
+					LogPrint(eLogError, "Daemon: no trusted routers of families specififed");
+      }
+      bool hidden; i2p::config::GetOption("trust.hidden", hidden);
+      if (hidden)
+      {
+        LogPrint(eLogInfo, "Daemon: using hidden mode");
+        i2p::data::netdb.SetHidden(true);
+      }
+      return true;
 		}
 			
 		bool Daemon_Singleton::start()
 		{
-			// initialize log			
-			if (isLogging)
-			{
-				if (isDaemon)
-				{
-					std::string logfile_path = IsService () ? "/var/log" : i2p::util::filesystem::GetDataDir().string();
-	#ifndef _WIN32
-					logfile_path.append("/i2pd.log");
-	#else
-					logfile_path.append("\\i2pd.log");
-	#endif
-					StartLog (logfile_path);
-				}
-				else
-					StartLog (""); // write to stdout
+			i2p::log::Logger().Start();
+			LogPrint(eLogInfo, "Daemon: starting NetDB");
+			i2p::data::netdb.Start();
+
+			bool upnp; i2p::config::GetOption("upnp.enabled", upnp);
+			if (upnp) {
+				d.UPnP = std::unique_ptr<i2p::transport::UPnP>(new i2p::transport::UPnP);
+				d.UPnP->Start ();
+			}
+
+			bool ntcp; i2p::config::GetOption("ntcp", ntcp);
+			bool ssu; i2p::config::GetOption("ssu", ssu);
+			LogPrint(eLogInfo, "Daemon: starting Transports");
+			if(!ssu) LogPrint(eLogInfo, "Daemon: ssu disabled");
+			if(!ntcp) LogPrint(eLogInfo, "Daemon: ntcp disabled");
+			i2p::transport::transports.Start(ntcp, ssu);
+			if (i2p::transport::transports.IsBoundNTCP() || i2p::transport::transports.IsBoundSSU()) {
+				LogPrint(eLogInfo, "Daemon: Transports started");
+			} else {
+				LogPrint(eLogError, "Daemon: failed to start Transports");
+				/** shut down netdb right away */
+				i2p::transport::transports.Stop();
+				i2p::data::netdb.Stop();
+				return false;
+			}
+						
+			bool http; i2p::config::GetOption("http.enabled", http);
+			if (http) {
+				std::string httpAddr; i2p::config::GetOption("http.address", httpAddr);
+				uint16_t		httpPort; i2p::config::GetOption("http.port",		 httpPort);
+				LogPrint(eLogInfo, "Daemon: starting HTTP Server at ", httpAddr, ":", httpPort);
+				d.httpServer = std::unique_ptr<i2p::http::HTTPServer>(new i2p::http::HTTPServer(httpAddr, httpPort));
+				d.httpServer->Start();
 			}
 
-			d.httpServer = new i2p::util::HTTPServer(i2p::util::config::GetArg("-httpport", 7070));
-			d.httpServer->Start();
-			LogPrint("HTTP Server started");
-			i2p::data::netdb.Start();
-			LogPrint("NetDB started");
-			i2p::transport::transports.Start();
-			LogPrint("Transports started");
-			i2p::tunnel::tunnels.Start();
-			LogPrint("Tunnels started");
-			i2p::client::context.Start ();
-			LogPrint("Client started");
 			
+			LogPrint(eLogInfo, "Daemon: starting Tunnels");
+			i2p::tunnel::tunnels.Start();
+
+			LogPrint(eLogInfo, "Daemon: starting Client");
+			i2p::client::context.Start ();
+
+			// I2P Control Protocol
+			bool i2pcontrol; i2p::config::GetOption("i2pcontrol.enabled", i2pcontrol);
+			if (i2pcontrol) {
+				std::string i2pcpAddr; i2p::config::GetOption("i2pcontrol.address", i2pcpAddr);
+				uint16_t    i2pcpPort; i2p::config::GetOption("i2pcontrol.port",    i2pcpPort);
+				LogPrint(eLogInfo, "Daemon: starting I2PControl at ", i2pcpAddr, ":", i2pcpPort);
+				d.m_I2PControlService = std::unique_ptr<i2p::client::I2PControlService>(new i2p::client::I2PControlService (i2pcpAddr, i2pcpPort));
+				d.m_I2PControlService->Start ();
+			}
+#ifdef WITH_EVENTS
+
+			bool websocket; i2p::config::GetOption("websockets.enabled", websocket);
+			if(websocket) {
+				std::string websocketAddr; i2p::config::GetOption("websockets.address", websocketAddr);
+				uint16_t		websocketPort; i2p::config::GetOption("websockets.port",		websocketPort);
+				LogPrint(eLogInfo, "Daemon: starting Websocket server at ", websocketAddr, ":", websocketPort);
+				d.m_WebsocketServer = std::unique_ptr<i2p::event::WebsocketServer>(new i2p::event::WebsocketServer (websocketAddr, websocketPort));
+				d.m_WebsocketServer->Start();
+				i2p::event::core.SetListener(d.m_WebsocketServer->ToListener());
+			}
+#endif
 			return true;
 		}
 
 		bool Daemon_Singleton::stop()
 		{
-			LogPrint("Shutdown started.");
+#ifdef WITH_EVENTS
+			i2p::event::core.SetListener(nullptr);
+#endif
+			LogPrint(eLogInfo, "Daemon: shutting down");
+			LogPrint(eLogInfo, "Daemon: stopping Client");
 			i2p::client::context.Stop();
-			LogPrint("Client stoped");
+			LogPrint(eLogInfo, "Daemon: stopping Tunnels");
 			i2p::tunnel::tunnels.Stop();
-			LogPrint("Tunnels stoped");
-			i2p::transport::transports.Stop();
-			LogPrint("Transports stoped");
-			i2p::data::netdb.Stop();
-			LogPrint("NetDB stoped");
-			d.httpServer->Stop();
-			LogPrint("HTTP Server stoped");
-			StopLog ();
 
-			delete d.httpServer; d.httpServer = nullptr;
+			if (d.UPnP) {
+				d.UPnP->Stop ();
+				d.UPnP = nullptr;
+			}
+
+			LogPrint(eLogInfo, "Daemon: stopping Transports");
+			i2p::transport::transports.Stop();
+			LogPrint(eLogInfo, "Daemon: stopping NetDB");
+			i2p::data::netdb.Stop();
+			if (d.httpServer) {
+				LogPrint(eLogInfo, "Daemon: stopping HTTP Server");
+				d.httpServer->Stop();
+				d.httpServer = nullptr;
+			}
+			if (d.m_I2PControlService)
+			{
+				LogPrint(eLogInfo, "Daemon: stopping I2PControl");
+				d.m_I2PControlService->Stop ();
+				d.m_I2PControlService = nullptr;
+			}
+#ifdef WITH_EVENTS
+			if (d.m_WebsocketServer) {
+				LogPrint(eLogInfo, "Daemon: stopping Websocket server");
+				d.m_WebsocketServer->Stop();
+				d.m_WebsocketServer = nullptr;
+			}
+#endif
+			i2p::crypto::TerminateCrypto ();
+			i2p::log::Logger().Stop();
 
 			return true;
 		}
-	}
+}
 }

Daemon.h

@@ -1,11 +1,8 @@
-#pragma once
-#include <string>
+#ifndef DAEMON_H__
+#define DAEMON_H__
 
-#ifdef _WIN32
-#define Daemon i2p::util::DaemonWin32::Instance()
-#else
-#define Daemon i2p::util::DaemonLinux::Instance()
-#endif
+#include <memory>
+#include <string>
 
 namespace i2p
 {
@@ -18,24 +15,52 @@ namespace i2p
 			virtual bool init(int argc, char* argv[]);
 			virtual bool start();
 			virtual bool stop();
+			virtual void run () {};
 
-			int isLogging;
-			int isDaemon;
-			
-			int running;
+			bool isDaemon;
+			bool running;
 
 		protected:
 			Daemon_Singleton();
 			virtual ~Daemon_Singleton();
 
-			bool IsService () const;				
+			bool IsService () const;
 
 			// d-pointer for httpServer, httpProxy, etc.
 			class Daemon_Singleton_Private;
 			Daemon_Singleton_Private &d;
 		};
 
-#ifdef _WIN32
+#if defined(QT_GUI_LIB) // check if QT
+#define Daemon i2p::util::DaemonQT::Instance()
+	// dummy, invoked from RunQT	
+    class DaemonQT: public i2p::util::Daemon_Singleton
+	{
+		public:
+
+			static DaemonQT& Instance()
+			{
+				static DaemonQT instance;
+				return instance;
+			}
+    };
+
+#elif defined(ANDROID)
+#define Daemon i2p::util::DaemonAndroid::Instance()
+	// dummy, invoked from android/jni/DaemonAndroid.*
+    class DaemonAndroid: public i2p::util::Daemon_Singleton
+	{
+		public:
+
+			static DaemonAndroid& Instance()
+			{
+				static DaemonAndroid instance;
+				return instance;
+			}
+    };
+
+#elif defined(_WIN32)
+#define Daemon i2p::util::DaemonWin32::Instance()
 		class DaemonWin32 : public Daemon_Singleton
 		{
 		public:
@@ -45,27 +70,38 @@ namespace i2p
 				return instance;
 			}
 
-			virtual bool init(int argc, char* argv[]);
-			virtual bool start();
-			virtual bool stop();
+			bool init(int argc, char* argv[]);
+			bool start();
+			bool stop();
+			void run ();
 		};
 #else
-		class DaemonLinux : public Daemon_Singleton
+#define Daemon i2p::util::DaemonLinux::Instance()
+        class DaemonLinux : public Daemon_Singleton
 		{
-		public:
-			static DaemonLinux& Instance()
-			{
-				static DaemonLinux instance;
-				return instance;
-			}
+			public:
+				static DaemonLinux& Instance()
+				{
+					static DaemonLinux instance;
+					return instance;
+				}
 
-			virtual bool start();
-			virtual bool stop();
-                private:
-                       std::string pidfile;
-                       int pidFilehandle;
+				bool start();
+				bool stop();
+				void run ();
+
+			private:
+
+				std::string pidfile;
+                int pidFH;
+
+			public:
+
+				int gracefulShutdownInterval; // in seconds
 
 		};
 #endif
 	}
 }
+
+#endif // DAEMON_H__

DaemonLinux.cpp

@@ -4,47 +4,54 @@
 
 #include <signal.h>
 #include <stdlib.h>
+#include <thread>
 #include <unistd.h>
 #include <fcntl.h>
 #include <sys/stat.h>
+#include <sys/resource.h>
 
+#include "Config.h"
+#include "FS.h"
 #include "Log.h"
-#include "util.h"
-
+#include "RouterContext.h"
+#include "ClientContext.h"
 
 void handle_signal(int sig)
 {
 	switch (sig)
 	{
-	case SIGHUP:
-		if (i2p::util::config::GetArg("daemon", 0) == 1)
-		{
-			static bool first=true;
-			if (first)
-			{
-				first=false;
-				return;
-			}
-		}
-		LogPrint("Reloading config.");
-		i2p::util::filesystem::ReadConfigFile(i2p::util::config::mapArgs, i2p::util::config::mapMultiArgs);
+		case SIGHUP:
+			LogPrint(eLogInfo, "Daemon: Got SIGHUP, reopening tunnel configuration...");
+			i2p::client::context.ReloadConfig();
 		break;
-	case SIGABRT:
-	case SIGTERM:
-	case SIGINT:
-		Daemon.running = 0; // Exit loop
+		case SIGUSR1:
+			LogPrint(eLogInfo, "Daemon: Got SIGUSR1, reopening logs...");
+			i2p::log::Logger().Reopen ();
+		break;
+		case SIGINT:
+			if (i2p::context.AcceptsTunnels () && !Daemon.gracefulShutdownInterval)
+			{
+				i2p::context.SetAcceptsTunnels (false);
+				Daemon.gracefulShutdownInterval = 10*60; // 10 minutes
+				LogPrint(eLogInfo, "Graceful shutdown after ", Daemon.gracefulShutdownInterval, " seconds");
+			}
+			else
+				Daemon.running = 0;
+		break;
+		case SIGABRT:
+		case SIGTERM:
+			Daemon.running = 0; // Exit loop
 		break;
 	}
 }
 
-
 namespace i2p
 {
 	namespace util
 	{
 		bool DaemonLinux::start()
 		{
-			if (isDaemon == 1)
+			if (isDaemon)
 			{
 				pid_t pid;
 				pid = fork();
@@ -52,44 +59,96 @@ namespace i2p
 					::exit (EXIT_SUCCESS);
 
 				if (pid < 0) // error
+				{
+					LogPrint(eLogError, "Daemon: could not fork: ", strerror(errno));
 					return false;
+				}
 
 				// child
-				umask(0);
+				umask(S_IWGRP | S_IRWXO); // 0027
 				int sid = setsid();
 				if (sid < 0)
 				{
-					LogPrint("Error, could not create process group.");
+					LogPrint(eLogError, "Daemon: could not create process group.");
+					return false;
+				}
+				std::string d = i2p::fs::GetDataDir();
+				if (chdir(d.c_str()) != 0)
+				{
+					LogPrint(eLogError, "Daemon: could not chdir: ", strerror(errno));
 					return false;
 				}
-				chdir(i2p::util::filesystem::GetDataDir().string().c_str());
 
-				// close stdin/stdout/stderr descriptors
-				::close (0);
-				::open ("/dev/null", O_RDWR);
-				::close (1);
-				::open ("/dev/null", O_RDWR);	
-				::close (2);
-				::open ("/dev/null", O_RDWR);
+				// point std{in,out,err} descriptors to /dev/null
+				freopen("/dev/null", "r", stdin);
+				freopen("/dev/null", "w", stdout);
+				freopen("/dev/null", "w", stderr);
+			}
+
+			// set proc limits
+			struct rlimit limit;
+			uint16_t nfiles; i2p::config::GetOption("limits.openfiles", nfiles);
+			getrlimit(RLIMIT_NOFILE, &limit);
+			if (nfiles == 0) {
+				LogPrint(eLogInfo, "Daemon: using system limit in ", limit.rlim_cur, " max open files");
+			} else if (nfiles <= limit.rlim_max) {
+				limit.rlim_cur = nfiles;
+				if (setrlimit(RLIMIT_NOFILE, &limit) == 0) {
+					LogPrint(eLogInfo, "Daemon: set max number of open files to ",
+						nfiles, " (system limit is ", limit.rlim_max, ")");
+				} else {
+					LogPrint(eLogError, "Daemon: can't set max number of open files: ", strerror(errno));
+				}
+			} else {
+				LogPrint(eLogError, "Daemon: limits.openfiles exceeds system limit: ", limit.rlim_max);
+			}
+			uint32_t cfsize; i2p::config::GetOption("limits.coresize", cfsize);
+			if (cfsize) // core file size set
+			{
+				cfsize *= 1024;
+				getrlimit(RLIMIT_CORE, &limit);
+				if (cfsize <= limit.rlim_max) {
+					limit.rlim_cur = cfsize;
+					if (setrlimit(RLIMIT_CORE, &limit) != 0) {
+						LogPrint(eLogError, "Daemon: can't set max size of coredump: ", strerror(errno));
+					} else if (cfsize == 0) {
+						LogPrint(eLogInfo, "Daemon: coredumps disabled");
+					} else {
+						LogPrint(eLogInfo, "Daemon: set max size of core files to ", cfsize / 1024, "Kb");
+					}
+				} else {
+					LogPrint(eLogError, "Daemon: limits.coresize exceeds system limit: ", limit.rlim_max);
+				}
 			}
 
 			// Pidfile
-			pidfile = IsService () ? "/var/run" : i2p::util::filesystem::GetDataDir().string();
-			pidfile.append("/i2pd.pid");
-			pidFilehandle = open(pidfile.c_str(), O_RDWR | O_CREAT, 0600);
-			if (pidFilehandle == -1)
-			{
-				LogPrint("Error, could not create pid file (", pidfile, ")\nIs an instance already running?");
-				return false;
+			// this code is c-styled and a bit ugly, but we need fd for locking pidfile
+			std::string pidfile; i2p::config::GetOption("pidfile", pidfile);
+			if (pidfile == "") {
+				pidfile = i2p::fs::DataDirPath("i2pd.pid");
 			}
-			if (lockf(pidFilehandle, F_TLOCK, 0) == -1)
-			{
-				LogPrint("Error, could not lock pid file (", pidfile, ")\nIs an instance already running?");
-				return false;
+			if (pidfile != "") {
+				pidFH = open(pidfile.c_str(), O_RDWR | O_CREAT, 0600);
+				if (pidFH < 0)
+				{
+					LogPrint(eLogError, "Daemon: could not create pid file ", pidfile, ": ", strerror(errno));
+					return false;
+				}
+				if (lockf(pidFH, F_TLOCK, 0) != 0)
+				{
+					LogPrint(eLogError, "Daemon: could not lock pid file ", pidfile, ": ", strerror(errno));
+					return false;
+				}
+				char pid[10];
+				sprintf(pid, "%d\n", getpid());
+				ftruncate(pidFH, 0);
+				if (write(pidFH, pid, strlen(pid)) < 0)
+				{
+					LogPrint(eLogError, "Daemon: could not write pidfile: ", strerror(errno));
+					return false;
+				}
 			}
-			char pid[10];
-			sprintf(pid, "%d\n", getpid());
-			write(pidFilehandle, pid, strlen(pid));
+			gracefulShutdownInterval = 0; // not specified
 
 			// Signal handler
 			struct sigaction sa;
@@ -97,6 +156,7 @@ namespace i2p
 			sigemptyset(&sa.sa_mask);
 			sa.sa_flags = SA_RESTART;
 			sigaction(SIGHUP, &sa, 0);
+			sigaction(SIGUSR1, &sa, 0);
 			sigaction(SIGABRT, &sa, 0);
 			sigaction(SIGTERM, &sa, 0);
 			sigaction(SIGINT, &sa, 0);
@@ -106,12 +166,27 @@ namespace i2p
 
 		bool DaemonLinux::stop()
 		{
-			close(pidFilehandle);
-			unlink(pidfile.c_str());
+			i2p::fs::Remove(pidfile);
 
-			return Daemon_Singleton::stop();			
+			return Daemon_Singleton::stop();
 		}
 
+		void DaemonLinux::run ()
+		{
+			while (running)
+			{
+				std::this_thread::sleep_for (std::chrono::seconds(1));
+				if (gracefulShutdownInterval)
+				{
+					gracefulShutdownInterval--; // - 1 second
+					if (gracefulShutdownInterval <= 0)
+					{
+						LogPrint(eLogInfo, "Graceful shutdown");
+						return;
+					}
+				}
+			}
+		}
 	}
 }
 

DaemonWin32.cpp

@@ -1,10 +1,16 @@
+#include <thread>
+#include <clocale>
+#include "Config.h"
 #include "Daemon.h"
 #include "util.h"
 #include "Log.h"
 
 #ifdef _WIN32
 
-#include "./Win32/Win32Service.h"
+#include "Win32/Win32Service.h"
+#ifdef WIN32_APP
+#include "Win32/Win32App.h"
+#endif
 
 namespace i2p
 {
@@ -17,15 +23,13 @@ namespace i2p
 			SetConsoleOutputCP(1251);
 			setlocale(LC_ALL, "Russian");
 
-			if (!Daemon_Singleton::init(argc, argv)) return false;
-			if (I2PService::isService())
-				isDaemon = 1;
-			else
-				isDaemon = 0;
+			if (!Daemon_Singleton::init(argc, argv))
+				return false;
 
-			std::string serviceControl = i2p::util::config::GetArg("-service", "none");
+			std::string serviceControl; i2p::config::GetOption("svcctl", serviceControl);
 			if (serviceControl == "install")
 			{
+				LogPrint(eLogInfo, "WinSVC: installing ", SERVICE_NAME, " as service");
 				InstallService(
 					SERVICE_NAME,               // Name of service
 					SERVICE_DISPLAY_NAME,       // Name to display
@@ -34,50 +38,78 @@ namespace i2p
 					SERVICE_ACCOUNT,            // Service running account
 					SERVICE_PASSWORD            // Password of the account
 					);
-				exit(0);
+				return false;
 			}
 			else if (serviceControl == "remove")
 			{
+				LogPrint(eLogInfo, "WinSVC: uninstalling ", SERVICE_NAME, " service");
 				UninstallService(SERVICE_NAME);
-				exit(0);
+				return false;
 			}
-			else if (serviceControl != "none")
+
+			if (isDaemon)
 			{
-				printf(" --service=install  to install the service.\n");
-				printf(" --service=remove   to remove the service.\n");
-			}
-			
-			if (isDaemon == 1)
-			{
-				LogPrint("Service session");
+				LogPrint(eLogDebug, "Daemon: running as service");
 				I2PService service(SERVICE_NAME);
 				if (!I2PService::Run(service))
 				{
-					LogPrint("Service failed to run w/err 0x%08lx\n", GetLastError());
-					exit(EXIT_FAILURE);
+					LogPrint(eLogError, "Daemon: Service failed to run w/err 0x%08lx\n", GetLastError());
+					return false;
 				}
-				exit(EXIT_SUCCESS);
+				return false;
 			}
 			else
-				LogPrint("User session");
+				LogPrint(eLogDebug, "Daemon: running as user");
 
 			return true;
 		}
+
 		bool DaemonWin32::start()
 		{
 			setlocale(LC_CTYPE, "");
 			SetConsoleCP(1251);
 			SetConsoleOutputCP(1251);
 			setlocale(LC_ALL, "Russian");
+#ifdef WIN32_APP
+            if (!i2p::win32::StartWin32App ()) return false;
 
-			return Daemon_Singleton::start();
+            // override log
+            i2p::config::SetOption("log", std::string ("file"));
+#endif
+			bool ret = Daemon_Singleton::start();
+			if (ret && i2p::log::Logger().GetLogType() == eLogFile)
+			{
+				// TODO: find out where this garbage to console comes from
+				SetStdHandle(STD_OUTPUT_HANDLE, INVALID_HANDLE_VALUE);
+				SetStdHandle(STD_ERROR_HANDLE, INVALID_HANDLE_VALUE);
+			}
+			bool insomnia; i2p::config::GetOption("insomnia", insomnia);
+			if (insomnia)
+				SetThreadExecutionState(ES_CONTINUOUS | ES_SYSTEM_REQUIRED);
+			return ret;
 		}
 
 		bool DaemonWin32::stop()
 		{
+#ifdef WIN32_APP
+		    i2p::win32::StopWin32App ();
+#endif
 			return Daemon_Singleton::stop();
 		}
+
+		void DaemonWin32::run ()
+        {
+#ifdef WIN32_APP
+            i2p::win32::RunWin32App ();
+#else
+		 while (running)
+		{
+			std::this_thread::sleep_for (std::chrono::seconds(1));
+		}
+ 	
+#endif
+        }
 	}
 }
 
-#endif
+#endif

Datagram.cpp

@@ -1,7 +1,6 @@
 #include <string.h>
 #include <vector>
-#include <cryptopp/sha.h>
-#include <cryptopp/gzip.h>
+#include "Crypto.h"
 #include "Log.h"
 #include "TunnelBase.h"
 #include "RouterContext.h"
@@ -12,62 +11,46 @@ namespace i2p
 {
 namespace datagram
 {
-	DatagramDestination::DatagramDestination (i2p::client::ClientDestination& owner): 
-		m_Owner (owner), m_Receiver (nullptr)
+	DatagramDestination::DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner): 
+		m_Owner (owner.get()),
+		m_Receiver (nullptr)
 	{
+		m_Identity.FromBase64 (owner->GetIdentity()->ToBase64());
+	}
+	
+	DatagramDestination::~DatagramDestination ()
+	{
+		m_Sessions.clear();
 	}
 
-	void DatagramDestination::SendDatagramTo (const uint8_t * payload, size_t len, const i2p::data::LeaseSet& remote)
-	{
-		uint8_t buf[MAX_DATAGRAM_SIZE];
-		auto identityLen = m_Owner.GetIdentity ().ToBuffer (buf, MAX_DATAGRAM_SIZE);
+	void DatagramDestination::SendDatagramTo(const uint8_t * payload, size_t len, const i2p::data::IdentHash & identity, uint16_t fromPort, uint16_t toPort)
+	{	
+		auto owner = m_Owner;
+		std::vector<uint8_t> v(MAX_DATAGRAM_SIZE);
+		uint8_t * buf = v.data();
+		auto identityLen = m_Identity.ToBuffer (buf, MAX_DATAGRAM_SIZE);
 		uint8_t * signature = buf + identityLen;
-		auto signatureLen = m_Owner.GetIdentity ().GetSignatureLen ();
+		auto signatureLen = m_Identity.GetSignatureLen ();
 		uint8_t * buf1 = signature + signatureLen;
 		size_t headerLen = identityLen + signatureLen;
 		
 		memcpy (buf1, payload, len);	
-		if (m_Owner.GetIdentity ().GetSigningKeyType () == i2p::data::SIGNING_KEY_TYPE_DSA_SHA1)
+		if (m_Identity.GetSigningKeyType () == i2p::data::SIGNING_KEY_TYPE_DSA_SHA1)
 		{
 			uint8_t hash[32];	
-			CryptoPP::SHA256().CalculateDigest (hash, buf1, len);
-			m_Owner.Sign (hash, 32, signature);
+			SHA256(buf1, len, hash);
+			owner->Sign (hash, 32, signature);
 		}
 		else
-			m_Owner.Sign (buf1, len, signature);
-		
-		auto service = m_Owner.GetService ();
-		if (service) 
-			service->post (boost::bind (&DatagramDestination::SendMsg, this, 
-				CreateDataMessage (buf, len + headerLen), remote));
-		else
-			LogPrint (eLogWarning, "Failed to send datagram. Destination is not running");
+			owner->Sign (buf1, len, signature);
+
+		auto msg = CreateDataMessage (buf, len + headerLen, fromPort, toPort);
+		auto session = ObtainSession(identity);
+		session->SendMsg(msg);
 	}
 
-	void DatagramDestination::SendMsg (I2NPMessage * msg, const i2p::data::LeaseSet& remote)
-	{
-		auto leases = remote.GetNonExpiredLeases ();
-		if (!leases.empty ())
-		{
-			std::vector<i2p::tunnel::TunnelMessageBlock> msgs;			
-			uint32_t i = i2p::context.GetRandomNumberGenerator ().GenerateWord32 (0, leases.size () - 1);
-			auto garlic = m_Owner.WrapMessage (remote, msg, true);
-			msgs.push_back (i2p::tunnel::TunnelMessageBlock 
-				{ 
-					i2p::tunnel::eDeliveryTypeTunnel,
-					leases[i].tunnelGateway, leases[i].tunnelID,
-					garlic
-				});
-			m_Owner.SendTunnelDataMsgs (msgs);
-		}
-		else
-		{
-			LogPrint (eLogWarning, "Failed to send datagram. All leases expired");
-			DeleteI2NPMessage (msg);	
-		}	
-	}
 
-	void DatagramDestination::HandleDatagram (const uint8_t * buf, size_t len)
+	void DatagramDestination::HandleDatagram (uint16_t fromPort, uint16_t toPort,uint8_t * const &buf, size_t len)
 	{
 		i2p::data::IdentityEx identity;
 		size_t identityLen = identity.FromBuffer (buf, len);
@@ -77,59 +60,297 @@ namespace datagram
 		bool verified = false;
 		if (identity.GetSigningKeyType () == i2p::data::SIGNING_KEY_TYPE_DSA_SHA1)
 		{
-			uint8_t hash[32];	
-			CryptoPP::SHA256().CalculateDigest (hash, buf + headerLen, len - headerLen);
+			uint8_t hash[32];
+			SHA256(buf + headerLen, len - headerLen, hash);
 			verified = identity.Verify (hash, 32, signature);
-		}
+		}	
 		else	
 			verified = identity.Verify (buf + headerLen, len - headerLen, signature);
 				
 		if (verified)
 		{
-			if (m_Receiver != nullptr)
-				m_Receiver (identity, buf + headerLen, len -headerLen);
+			auto h = identity.GetIdentHash();
+			auto session = ObtainSession(h);
+			session->Ack();
+			auto r = FindReceiver(toPort);
+			if(r)
+				r(identity, fromPort, toPort, buf + headerLen, len -headerLen);
 			else
-				LogPrint (eLogWarning, "Receiver for datagram is not set");	
+				LogPrint (eLogWarning, "DatagramDestination: no receiver for port ", toPort);
 		}
 		else
 			LogPrint (eLogWarning, "Datagram signature verification failed");	
 	}
 
-	void DatagramDestination::HandleDataMessagePayload (const uint8_t * buf, size_t len)
+	DatagramDestination::Receiver DatagramDestination::FindReceiver(uint16_t port)
 	{
-		// unzip it
-		CryptoPP::Gunzip decompressor;
-		decompressor.Put (buf, len);
-		decompressor.MessageEnd();
-		uint8_t uncompressed[MAX_DATAGRAM_SIZE];
-		auto uncompressedLen = decompressor.MaxRetrievable ();
-		if (uncompressedLen <= MAX_DATAGRAM_SIZE)
-		{
-			decompressor.Get (uncompressed, uncompressedLen);
-			HandleDatagram (uncompressed, uncompressedLen); 
-		}
-		else
-			LogPrint ("Received datagram size ", uncompressedLen,  " exceeds max size");
-
+		std::lock_guard<std::mutex> lock(m_ReceiversMutex);
+		Receiver r = m_Receiver;
+		auto itr = m_ReceiversByPorts.find(port);
+		if (itr != m_ReceiversByPorts.end())
+			r = itr->second;
+		return r;
 	}
 
-	I2NPMessage * DatagramDestination::CreateDataMessage (const uint8_t * payload, size_t len)
+	void DatagramDestination::HandleDataMessagePayload (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len)
 	{
-		I2NPMessage * msg = NewI2NPMessage ();
-		CryptoPP::Gzip compressor; // default level
-		compressor.Put (payload, len);
-		compressor.MessageEnd();
-		int size = compressor.MaxRetrievable ();
+		// unzip it
+		uint8_t uncompressed[MAX_DATAGRAM_SIZE];
+		size_t uncompressedLen = m_Inflator.Inflate (buf, len, uncompressed, MAX_DATAGRAM_SIZE);
+		if (uncompressedLen)
+			HandleDatagram (fromPort, toPort, uncompressed, uncompressedLen);
+		else
+			LogPrint (eLogWarning, "Datagram: decompression failed");
+	}
+
+	std::shared_ptr<I2NPMessage> DatagramDestination::CreateDataMessage (const uint8_t * payload, size_t len, uint16_t fromPort, uint16_t toPort)
+	{
+		auto msg = NewI2NPMessage ();
 		uint8_t * buf = msg->GetPayload ();
-		*(uint32_t *)buf = htobe32 (size); // length
-		buf += 4;
-		compressor.Get (buf, size);
-		memset (buf + 4, 0, 4); // source and destination are zeroes
-		buf[9] = i2p::client::PROTOCOL_TYPE_DATAGRAM; // datagram protocol
-		msg->len += size + 4; 
-		FillI2NPMessageHeader (msg, eI2NPData);
+		buf += 4; // reserve for length
+		size_t size = m_Deflator.Deflate (payload, len, buf, msg->maxLen - msg->len);
+		if (size)
+		{
+			htobe32buf (msg->GetPayload (), size); // length
+			htobe16buf (buf + 4, fromPort); // source port
+			htobe16buf (buf + 6, toPort); // destination port 
+			buf[9] = i2p::client::PROTOCOL_TYPE_DATAGRAM; // datagram protocol
+			msg->len += size + 4; 
+			msg->FillI2NPMessageHeader (eI2NPData);
+		}	
+		else
+			msg = nullptr;
 		return msg;
-	}	
+	}
+
+	void DatagramDestination::CleanUp ()
+	{			
+		if (m_Sessions.empty ()) return;
+		auto now = i2p::util::GetMillisecondsSinceEpoch();
+		LogPrint(eLogDebug, "DatagramDestination: clean up sessions");
+		std::unique_lock<std::mutex> lock(m_SessionsMutex);
+		// for each session ...
+		for (auto it = m_Sessions.begin (); it != m_Sessions.end (); ) 
+		{
+			// check if expired
+			if (now - it->second->LastActivity() >= DATAGRAM_SESSION_MAX_IDLE)
+			{
+				LogPrint(eLogInfo, "DatagramDestination: expiring idle session with ", it->first.ToBase32());
+				it->second->Stop ();
+				it = m_Sessions.erase (it); // we are expired
+			}
+			else
+				it++;
+		}
+	}
+	
+	std::shared_ptr<DatagramSession> DatagramDestination::ObtainSession(const i2p::data::IdentHash & identity)
+	{
+		std::shared_ptr<DatagramSession> session = nullptr;
+		std::lock_guard<std::mutex> lock(m_SessionsMutex);
+		auto itr = m_Sessions.find(identity);
+		if (itr == m_Sessions.end()) {
+			// not found, create new session
+			session = std::make_shared<DatagramSession>(m_Owner, identity);
+			session->Start ();
+			m_Sessions[identity] = session;
+		} else {
+			session = itr->second;
+		}
+		return session;
+	}
+
+	std::shared_ptr<DatagramSession::Info> DatagramDestination::GetInfoForRemote(const i2p::data::IdentHash & remote)
+	{
+		std::lock_guard<std::mutex> lock(m_SessionsMutex);
+		for ( auto & item : m_Sessions)
+		{
+			if(item.first == remote) return std::make_shared<DatagramSession::Info>(item.second->GetSessionInfo());
+		}
+		return nullptr;
+	}
+	
+	DatagramSession::DatagramSession(i2p::client::ClientDestination * localDestination,
+																	 const i2p::data::IdentHash & remoteIdent) :
+		m_LocalDestination(localDestination),
+		m_RemoteIdent(remoteIdent),
+		m_SendQueueTimer(localDestination->GetService()),
+		m_RequestingLS(false)
+	{
+	}
+
+	void DatagramSession::Start ()
+	{
+		m_LastUse = i2p::util::GetMillisecondsSinceEpoch ();
+		ScheduleFlushSendQueue();
+	}
+
+	void DatagramSession::Stop ()
+	{
+		m_SendQueueTimer.cancel ();
+	}
+
+	void DatagramSession::SendMsg(std::shared_ptr<I2NPMessage> msg)
+	{
+		// we used this session
+		m_LastUse = i2p::util::GetMillisecondsSinceEpoch();
+		// schedule send
+		auto self = shared_from_this();
+		m_LocalDestination->GetService().post(std::bind(&DatagramSession::HandleSend, self, msg));
+	}
+
+	DatagramSession::Info DatagramSession::GetSessionInfo() const
+	{
+		if(!m_RoutingSession)
+			return DatagramSession::Info(nullptr, nullptr, m_LastUse);
+		
+		auto routingPath = m_RoutingSession->GetSharedRoutingPath();
+		if (!routingPath)
+			return DatagramSession::Info(nullptr, nullptr, m_LastUse);
+		auto lease = routingPath->remoteLease;
+		auto tunnel = routingPath->outboundTunnel;
+		if(lease)
+		{
+			if(tunnel)
+				return DatagramSession::Info(lease->tunnelGateway, tunnel->GetEndpointIdentHash(), m_LastUse);
+			else
+				return DatagramSession::Info(lease->tunnelGateway, nullptr, m_LastUse);
+		}
+		else if(tunnel)
+			return DatagramSession::Info(nullptr, tunnel->GetEndpointIdentHash(), m_LastUse);
+		else
+			return DatagramSession::Info(nullptr, nullptr, m_LastUse);
+	}
+
+	void DatagramSession::Ack()
+	{
+		m_LastUse = i2p::util::GetMillisecondsSinceEpoch();
+		auto path = GetSharedRoutingPath();
+		if(path)
+			path->updateTime = i2p::util::GetSecondsSinceEpoch ();
+	}
+
+	std::shared_ptr<i2p::garlic::GarlicRoutingPath> DatagramSession::GetSharedRoutingPath ()
+	{
+		if(!m_RoutingSession) {
+			if(!m_RemoteLeaseSet) {
+				m_RemoteLeaseSet = m_LocalDestination->FindLeaseSet(m_RemoteIdent);
+			}
+			if(!m_RemoteLeaseSet) {
+				// no remote lease set
+				if(!m_RequestingLS) {
+					m_RequestingLS = true;
+					m_LocalDestination->RequestDestination(m_RemoteIdent, std::bind(&DatagramSession::HandleLeaseSetUpdated, this, std::placeholders::_1));
+				}
+				return nullptr;
+			}
+			m_RoutingSession = m_LocalDestination->GetRoutingSession(m_RemoteLeaseSet, true);
+		}
+		auto path = m_RoutingSession->GetSharedRoutingPath();
+		if(path) {
+			if (m_CurrentOutboundTunnel && !m_CurrentOutboundTunnel->IsEstablished()) {
+				// bad outbound tunnel, switch outbound tunnel
+				m_CurrentOutboundTunnel = m_LocalDestination->GetTunnelPool()->GetNextOutboundTunnel(m_CurrentOutboundTunnel);
+				path->outboundTunnel = m_CurrentOutboundTunnel;
+			}
+			if(m_CurrentRemoteLease && m_CurrentRemoteLease->ExpiresWithin(DATAGRAM_SESSION_LEASE_HANDOVER_WINDOW)) {
+				// bad lease, switch to next one
+				if(m_RemoteLeaseSet) {
+					auto ls = m_RemoteLeaseSet->GetNonExpiredLeasesExcluding([&](const i2p::data::Lease& l) -> bool {
+							return l.tunnelGateway == m_CurrentRemoteLease->tunnelGateway;
+					});
+					auto sz = ls.size();
+					if (sz) {
+						auto idx = rand() % sz;
+						m_CurrentRemoteLease = ls[idx];
+					}
+				} else {
+					// no remote lease set?
+					LogPrint(eLogWarning, "DatagramSession: no cached remote lease set for ", m_RemoteIdent.ToBase32());
+				}
+				path->remoteLease = m_CurrentRemoteLease;
+			}
+		} else {
+			// no current path, make one
+			path = std::make_shared<i2p::garlic::GarlicRoutingPath>();
+			// switch outbound tunnel if bad
+			if(m_CurrentOutboundTunnel == nullptr || ! m_CurrentOutboundTunnel->IsEstablished()) {
+				m_CurrentOutboundTunnel = m_LocalDestination->GetTunnelPool()->GetNextOutboundTunnel(m_CurrentOutboundTunnel);
+			}
+			// switch lease if bad
+			if(m_CurrentRemoteLease == nullptr || m_CurrentRemoteLease->ExpiresWithin(DATAGRAM_SESSION_LEASE_HANDOVER_WINDOW)) {
+				if(!m_RemoteLeaseSet) {
+					m_RemoteLeaseSet = m_LocalDestination->FindLeaseSet(m_RemoteIdent);
+				}
+				if(m_RemoteLeaseSet) {
+					// pick random next good lease
+					auto ls = m_RemoteLeaseSet->GetNonExpiredLeasesExcluding([&] (const i2p::data::Lease & l) -> bool {
+							if(m_CurrentRemoteLease)
+								return l.tunnelGateway == m_CurrentRemoteLease->tunnelGateway;
+							return false;
+					});
+					auto sz = ls.size();
+					if(sz) {
+						auto idx = rand() % sz;
+						m_CurrentRemoteLease = ls[idx];
+					}
+				} else {
+					// no remote lease set currently, bail
+					LogPrint(eLogWarning, "DatagramSession: no remote lease set found for ", m_RemoteIdent.ToBase32());
+					return nullptr;
+				}
+			}
+			path->outboundTunnel = m_CurrentOutboundTunnel;
+			path->remoteLease = m_CurrentRemoteLease;
+			m_RoutingSession->SetSharedRoutingPath(path);
+		}
+		return path;
+	
+	}
+
+	void DatagramSession::HandleLeaseSetUpdated(std::shared_ptr<i2p::data::LeaseSet> ls)
+	{
+		m_RequestingLS = false;
+		if(!ls) return;
+		// only update lease set if found and newer than previous lease set
+		uint64_t oldExpire = 0;
+		if(m_RemoteLeaseSet) oldExpire = m_RemoteLeaseSet->GetExpirationTime();
+		if(ls && ls->GetExpirationTime() > oldExpire) m_RemoteLeaseSet = ls;
+	}
+
+	void DatagramSession::HandleSend(std::shared_ptr<I2NPMessage> msg)
+	{
+	  m_SendQueue.push_back(msg);
+		// flush queue right away if full
+		if(m_SendQueue.size() >= DATAGRAM_SEND_QUEUE_MAX_SIZE) FlushSendQueue();
+	}
+
+	void DatagramSession::FlushSendQueue ()
+	{
+
+		std::vector<i2p::tunnel::TunnelMessageBlock> send;
+		auto routingPath = GetSharedRoutingPath();
+		// if we don't have a routing path we will drop all queued messages
+		if(routingPath && routingPath->outboundTunnel && routingPath->remoteLease)
+		{
+			for (const auto & msg : m_SendQueue)
+			{
+				auto m = m_RoutingSession->WrapSingleMessage(msg);
+				send.push_back(i2p::tunnel::TunnelMessageBlock{i2p::tunnel::eDeliveryTypeTunnel,routingPath->remoteLease->tunnelGateway, routingPath->remoteLease->tunnelID, m});
+			}
+			routingPath->outboundTunnel->SendTunnelDataMsg(send);
+		}
+		m_SendQueue.clear();
+		ScheduleFlushSendQueue();
+	}
+
+	void DatagramSession::ScheduleFlushSendQueue()
+	{
+		boost::posix_time::milliseconds dlt(100);
+		m_SendQueueTimer.expires_from_now(dlt);
+		auto self = shared_from_this();
+		m_SendQueueTimer.async_wait([self](const boost::system::error_code & ec) { if(ec) return; self->FlushSendQueue(); });
+	}
 }
 }
 

Datagram.h

@@ -2,10 +2,14 @@
 #define DATAGRAM_H__
 
 #include <inttypes.h>
+#include <memory>
 #include <functional>
+#include <map>
+#include "Base.h"
 #include "Identity.h"
 #include "LeaseSet.h"
 #include "I2NPProtocol.h"
+#include "Garlic.h"
 
 namespace i2p
 {
@@ -15,32 +19,129 @@ namespace client
 }
 namespace datagram
 {
-	const size_t MAX_DATAGRAM_SIZE = 32768;
+	// milliseconds for max session idle time 
+	const uint64_t DATAGRAM_SESSION_MAX_IDLE = 10 * 60 * 1000;
+	// milliseconds for how long we try sticking to a dead routing path before trying to switch
+	const uint64_t DATAGRAM_SESSION_PATH_TIMEOUT = 10 * 1000;
+	// milliseconds interval a routing path is used before switching
+	const uint64_t DATAGRAM_SESSION_PATH_SWITCH_INTERVAL = 20 * 60 * 1000;
+	// milliseconds before lease expire should we try switching leases
+	const uint64_t DATAGRAM_SESSION_LEASE_HANDOVER_WINDOW = 10 * 1000;
+	// milliseconds fudge factor for leases handover
+	const uint64_t DATAGRAM_SESSION_LEASE_HANDOVER_FUDGE = 1000;
+	// milliseconds minimum time between path switches
+	const uint64_t DATAGRAM_SESSION_PATH_MIN_LIFETIME = 5 * 1000;
+  // max 64 messages buffered in send queue for each datagram session
+  const size_t DATAGRAM_SEND_QUEUE_MAX_SIZE = 64;
+	
+	class DatagramSession : public std::enable_shared_from_this<DatagramSession>
+	{
+	public:
+		DatagramSession(i2p::client::ClientDestination * localDestination, const i2p::data::IdentHash & remoteIdent);
+
+		void Start ();
+		void Stop ();	
+
+
+    /** @brief ack the garlic routing path */
+    void Ack();
+
+		/** send an i2np message to remote endpoint for this session */
+		void SendMsg(std::shared_ptr<I2NPMessage> msg);
+		/** get the last time in milliseconds for when we used this datagram session */
+		uint64_t LastActivity() const { return m_LastUse; }
+
+		struct Info
+		{
+			std::shared_ptr<const i2p::data::IdentHash> IBGW;
+			std::shared_ptr<const i2p::data::IdentHash> OBEP;
+			const uint64_t activity;
+ 
+			Info() : IBGW(nullptr), OBEP(nullptr), activity(0) {}
+			Info(const uint8_t * ibgw, const uint8_t * obep, const uint64_t a) :
+				activity(a) {
+				if(ibgw) IBGW = std::make_shared<i2p::data::IdentHash>(ibgw);
+				else IBGW = nullptr;
+				if(obep) OBEP = std::make_shared<i2p::data::IdentHash>(obep);
+				else OBEP = nullptr;
+			}
+		};
+
+		Info GetSessionInfo() const;
+
+	private:
+
+    void FlushSendQueue();
+    void ScheduleFlushSendQueue();
+
+    void HandleSend(std::shared_ptr<I2NPMessage> msg);
+
+    std::shared_ptr<i2p::garlic::GarlicRoutingPath> GetSharedRoutingPath();
+    
+    void HandleLeaseSetUpdated(std::shared_ptr<i2p::data::LeaseSet> ls);
+
+	private:
+		i2p::client::ClientDestination * m_LocalDestination;
+    i2p::data::IdentHash m_RemoteIdent;
+    std::shared_ptr<const i2p::data::LeaseSet> m_RemoteLeaseSet;
+    std::shared_ptr<i2p::garlic::GarlicRoutingSession> m_RoutingSession;
+    std::shared_ptr<const i2p::data::Lease> m_CurrentRemoteLease;
+    std::shared_ptr<i2p::tunnel::OutboundTunnel> m_CurrentOutboundTunnel;
+    boost::asio::deadline_timer m_SendQueueTimer;
+    std::vector<std::shared_ptr<I2NPMessage> > m_SendQueue;
+    uint64_t m_LastUse;
+    bool m_RequestingLS;
+	};
+
+	typedef std::shared_ptr<DatagramSession> DatagramSession_ptr;
+
+	const size_t MAX_DATAGRAM_SIZE = 32768;	 
 	class DatagramDestination
 	{
-		typedef std::function<void (const i2p::data::IdentityEx& ident, const uint8_t *, size_t)> Receiver;
+		typedef std::function<void (const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len)> Receiver;
 
 		public:
 
-			DatagramDestination (i2p::client::ClientDestination& owner);
-			~DatagramDestination () {};				
+    
+			DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner);
+			~DatagramDestination ();	
 
-			void SendDatagramTo (const uint8_t * payload, size_t len, const i2p::data::LeaseSet& remote);
-			void HandleDataMessagePayload (const uint8_t * buf, size_t len);
+    	void SendDatagramTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash & ident, uint16_t fromPort = 0, uint16_t toPort = 0);
+			void HandleDataMessagePayload (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
 
 			void SetReceiver (const Receiver& receiver) { m_Receiver = receiver; };
 			void ResetReceiver () { m_Receiver = nullptr; };
 
-		private:
+			void SetReceiver (const Receiver& receiver, uint16_t port) { std::lock_guard<std::mutex> lock(m_ReceiversMutex); m_ReceiversByPorts[port] = receiver; };
+			void ResetReceiver (uint16_t port) { std::lock_guard<std::mutex> lock(m_ReceiversMutex); m_ReceiversByPorts.erase (port); };
 
-			I2NPMessage * CreateDataMessage (const uint8_t * payload, size_t len);
-			void SendMsg (I2NPMessage * msg, const i2p::data::LeaseSet& remote);
-			void HandleDatagram (const uint8_t * buf, size_t len);
+			std::shared_ptr<DatagramSession::Info> GetInfoForRemote(const i2p::data::IdentHash & remote);
+		
+			// clean up stale sessions
+			void CleanUp ();
 
 		private:
+						
+    std::shared_ptr<DatagramSession> ObtainSession(const i2p::data::IdentHash & ident);
+			
+			std::shared_ptr<I2NPMessage> CreateDataMessage (const uint8_t * payload, size_t len, uint16_t fromPort, uint16_t toPort);
 
-			i2p::client::ClientDestination& m_Owner;
-			Receiver m_Receiver;
+			void HandleDatagram (uint16_t fromPort, uint16_t toPort, uint8_t *const& buf, size_t len);
+
+			/** find a receiver by port, if none by port is found try default receiever, otherwise returns nullptr */
+			Receiver FindReceiver(uint16_t port);
+			
+		private:
+			i2p::client::ClientDestination * m_Owner;
+			i2p::data::IdentityEx m_Identity;
+			Receiver m_Receiver; // default
+			std::mutex m_SessionsMutex;
+			std::map<i2p::data::IdentHash, DatagramSession_ptr > m_Sessions;
+			std::mutex m_ReceiversMutex;
+			std::map<uint16_t, Receiver> m_ReceiversByPorts;
+
+			i2p::data::GzipInflator m_Inflator;
+			i2p::data::GzipDeflator m_Deflator;
 	};		
 }
 }

Destination.h

@@ -3,11 +3,21 @@
 
 #include <thread>
 #include <mutex>
+#include <memory>
+#include <map>
+#include <set>
+#include <string>
+#include <functional>
+#ifdef I2LUA
+#include <future>
+#endif
+#include <boost/asio.hpp>
 #include "Identity.h"
 #include "TunnelPool.h"
-#include "CryptoConst.h"
+#include "Crypto.h"
 #include "LeaseSet.h"
 #include "Garlic.h"
+#include "NetDb.h"
 #include "Streaming.h"
 #include "Datagram.h"
 
@@ -18,83 +28,209 @@ namespace client
 	const uint8_t PROTOCOL_TYPE_STREAMING = 6;
 	const uint8_t PROTOCOL_TYPE_DATAGRAM = 17;
 	const uint8_t PROTOCOL_TYPE_RAW = 18;	
+	const int PUBLISH_CONFIRMATION_TIMEOUT = 5; // in seconds
+	const int PUBLISH_VERIFICATION_TIMEOUT = 10; // in seconds after successfull publish
+	const int PUBLISH_MIN_INTERVAL = 20; // in seconds 
+	const int PUBLISH_REGULAR_VERIFICATION_INTERNAL = 100; // in seconds periodically	
+	const int LEASESET_REQUEST_TIMEOUT = 5; // in seconds
+	const int MAX_LEASESET_REQUEST_TIMEOUT = 40; // in seconds
+	const int DESTINATION_CLEANUP_TIMEOUT = 3; // in minutes 
+	const unsigned int MAX_NUM_FLOODFILLS_PER_REQUEST = 7;
+	
+	// I2CP
+	const char I2CP_PARAM_INBOUND_TUNNEL_LENGTH[] = "inbound.length";
+	const int DEFAULT_INBOUND_TUNNEL_LENGTH = 3;
+	const char I2CP_PARAM_OUTBOUND_TUNNEL_LENGTH[] = "outbound.length";
+	const int DEFAULT_OUTBOUND_TUNNEL_LENGTH = 3;
+	const char I2CP_PARAM_INBOUND_TUNNELS_QUANTITY[] = "inbound.quantity";
+	const int DEFAULT_INBOUND_TUNNELS_QUANTITY = 5;
+	const char I2CP_PARAM_OUTBOUND_TUNNELS_QUANTITY[] = "outbound.quantity";
+	const int DEFAULT_OUTBOUND_TUNNELS_QUANTITY = 5;
+	const char I2CP_PARAM_EXPLICIT_PEERS[] = "explicitPeers";
+	const int STREAM_REQUEST_TIMEOUT = 60; //in seconds
+	const char I2CP_PARAM_TAGS_TO_SEND[] = "crypto.tagsToSend";
+	const int DEFAULT_TAGS_TO_SEND = 40;
 
-	class ClientDestination: public i2p::garlic::GarlicDestination
+	// latency
+	const char I2CP_PARAM_MIN_TUNNEL_LATENCY[] = "latency.min";
+	const int DEFAULT_MIN_TUNNEL_LATENCY = 0;
+	const char I2CP_PARAM_MAX_TUNNEL_LATENCY[] = "latency.max";
+	const int DEFAULT_MAX_TUNNEL_LATENCY = 0;
+	
+	typedef std::function<void (std::shared_ptr<i2p::stream::Stream> stream)> StreamRequestComplete;
+
+	class LeaseSetDestination: public i2p::garlic::GarlicDestination,
+		public std::enable_shared_from_this<LeaseSetDestination>
 	{
+		typedef std::function<void (std::shared_ptr<i2p::data::LeaseSet> leaseSet)> RequestComplete;
+		// leaseSet = nullptr means not found
+		struct LeaseSetRequest
+		{
+			LeaseSetRequest (boost::asio::io_service& service): requestTime (0), requestTimeoutTimer (service) {};
+			std::set<i2p::data::IdentHash> excluded;
+			uint64_t requestTime;
+			boost::asio::deadline_timer requestTimeoutTimer;
+			std::list<RequestComplete> requestComplete;
+			std::shared_ptr<i2p::tunnel::OutboundTunnel> outboundTunnel;
+			std::shared_ptr<i2p::tunnel::InboundTunnel> replyTunnel;
+
+			void Complete (std::shared_ptr<i2p::data::LeaseSet> ls)
+			{
+				for (auto& it: requestComplete) it (ls);
+				requestComplete.clear ();
+			}	
+		};	
+		
+		
 		public:
 
-			ClientDestination (bool isPublic, i2p::data::SigningKeyType sigType);
-			ClientDestination (const std::string& fullPath, bool isPublic);
-			ClientDestination (const i2p::data::PrivateKeys& keys, bool isPublic);
-			~ClientDestination ();	
+			LeaseSetDestination (bool isPublic, const std::map<std::string, std::string> * params = nullptr);
+			~LeaseSetDestination ();	
 
-			virtual void Start ();
-			virtual void Stop ();
+			virtual bool Start ();
+			virtual bool Stop ();
 			bool IsRunning () const { return m_IsRunning; };
-			boost::asio::io_service * GetService () { return m_Service; };
-			i2p::tunnel::TunnelPool * GetTunnelPool () { return m_Pool; }; 
-			bool IsReady () const { return m_LeaseSet && m_LeaseSet->HasNonExpiredLeases (); };
+			boost::asio::io_service& GetService () { return m_Service; };
+			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () { return m_Pool; }; 
+			bool IsReady () const { return m_LeaseSet && !m_LeaseSet->IsExpired () && m_Pool->GetOutboundTunnels ().size () > 0; };
+			std::shared_ptr<const i2p::data::LeaseSet> FindLeaseSet (const i2p::data::IdentHash& ident);
+			bool RequestDestination (const i2p::data::IdentHash& dest, RequestComplete requestComplete = nullptr);
+			void CancelDestinationRequest (const i2p::data::IdentHash& dest, bool notify = true);	
 
-			void ResetCurrentOutboundTunnel () { m_CurrentOutboundTunnel = nullptr; };
-			const i2p::data::LeaseSet * FindLeaseSet (const i2p::data::IdentHash& ident);
-			void SendTunnelDataMsgs (const std::vector<i2p::tunnel::TunnelMessageBlock>& msgs);
-
-			// streaming
-			i2p::stream::StreamingDestination * GetStreamingDestination () const { return m_StreamingDestination; };
-			i2p::stream::Stream * CreateStream (const i2p::data::LeaseSet& remote, int port = 0);
-			void AcceptStreams (const i2p::stream::StreamingDestination::Acceptor& acceptor);
-			void StopAcceptingStreams ();
-			bool IsAcceptingStreams () const;
-
-			// datagram
-			i2p::datagram::DatagramDestination * GetDatagramDestination () const { return m_DatagramDestination; };
-			i2p::datagram::DatagramDestination * CreateDatagramDestination ();
-
-			// implements LocalDestination
-			const i2p::data::PrivateKeys& GetPrivateKeys () const { return m_Keys; };
-			const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; };
-			const uint8_t * GetEncryptionPublicKey () const { return m_EncryptionPublicKey; };
-			
 			// implements GarlicDestination
-			const i2p::data::LeaseSet * GetLeaseSet ();
-			void HandleI2NPMessage (const uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from);
+			std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSet ();
+			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () const { return m_Pool; }
+			void HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
 
 			// override GarlicDestination
-			void ProcessGarlicMessage (I2NPMessage * msg);
-			void ProcessDeliveryStatusMessage (I2NPMessage * msg);	
+			bool SubmitSessionKey (const uint8_t * key, const uint8_t * tag);
+			void ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg);
+			void ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);	
 			void SetLeaseSetUpdated ();
 
-			// I2CP
-			void HandleDataMessage (const uint8_t * buf, size_t len);
+		protected:
 
+			void SetLeaseSet (i2p::data::LocalLeaseSet * newLeaseSet);
+			virtual void CleanupDestination () {}; // additional clean up in derived classes
+			// I2CP
+			virtual void HandleDataMessage (const uint8_t * buf, size_t len) = 0;
+			virtual void CreateNewLeaseSet (std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels) = 0;
+			
 		private:
 				
 			void Run ();			
 			void UpdateLeaseSet ();
-			void HandleDatabaseStoreMessage (const uint8_t * buf, size_t len);			
+			void Publish ();
+			void HandlePublishConfirmationTimer (const boost::system::error_code& ecode);
+			void HandlePublishVerificationTimer (const boost::system::error_code& ecode);
+			void HandlePublishDelayTimer (const boost::system::error_code& ecode);
+			void HandleDatabaseStoreMessage (const uint8_t * buf, size_t len);
+			void HandleDatabaseSearchReplyMessage (const uint8_t * buf, size_t len);
+			void HandleDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);		
 
+			void RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete);
+			bool SendLeaseSetRequest (const i2p::data::IdentHash& dest, std::shared_ptr<const i2p::data::RouterInfo>  nextFloodfill, std::shared_ptr<LeaseSetRequest> request);	
+			void HandleRequestTimoutTimer (const boost::system::error_code& ecode, const i2p::data::IdentHash& dest);
+			void HandleCleanupTimer (const boost::system::error_code& ecode);
+			void CleanupRemoteLeaseSets ();			
+			
 		private:
 
-			bool m_IsRunning;
+			volatile bool m_IsRunning;
 			std::thread * m_Thread;	
-			boost::asio::io_service * m_Service;
-			boost::asio::io_service::work * m_Work;
-			i2p::data::PrivateKeys m_Keys;
-			uint8_t m_EncryptionPublicKey[256], m_EncryptionPrivateKey[256];
-			std::map<i2p::data::IdentHash, i2p::data::LeaseSet *> m_RemoteLeaseSets;
+			boost::asio::io_service m_Service;
+			mutable std::mutex m_RemoteLeaseSetsMutex;
+			std::map<i2p::data::IdentHash, std::shared_ptr<i2p::data::LeaseSet> > m_RemoteLeaseSets;
+			std::map<i2p::data::IdentHash, std::shared_ptr<LeaseSetRequest> > m_LeaseSetRequests;
 
-			i2p::tunnel::TunnelPool * m_Pool;
-			i2p::tunnel::OutboundTunnel * m_CurrentOutboundTunnel;
-			i2p::data::LeaseSet * m_LeaseSet;
+			std::shared_ptr<i2p::tunnel::TunnelPool> m_Pool;
+			std::mutex m_LeaseSetMutex;
+			std::shared_ptr<i2p::data::LocalLeaseSet> m_LeaseSet;
 			bool m_IsPublic;
-		
-			i2p::stream::StreamingDestination * m_StreamingDestination;
-			i2p::datagram::DatagramDestination * m_DatagramDestination;
+			uint32_t m_PublishReplyToken;
+			uint64_t m_LastSubmissionTime; // in seconds
+			std::set<i2p::data::IdentHash> m_ExcludedFloodfills; // for publishing
 	
+			boost::asio::deadline_timer m_PublishConfirmationTimer, m_PublishVerificationTimer, 
+				m_PublishDelayTimer, m_CleanupTimer;
+
 		public:
 			
 			// for HTTP only
 			int GetNumRemoteLeaseSets () const { return m_RemoteLeaseSets.size (); };
+			const decltype(m_RemoteLeaseSets)& GetLeaseSets () const { return m_RemoteLeaseSets; };
+	};	
+
+	class ClientDestination: public LeaseSetDestination
+	{
+		public:
+#ifdef I2LUA
+			// type for informing that a client destination is ready
+			typedef std::promise<std::shared_ptr<ClientDestination> > ReadyPromise;
+			// informs promise with shared_from_this() when this destination is ready to use
+			// if cancelled before ready, informs promise with nullptr
+			void Ready(ReadyPromise & p);
+#endif
+		
+			ClientDestination (const i2p::data::PrivateKeys& keys, bool isPublic, const std::map<std::string, std::string> * params = nullptr);
+			~ClientDestination ();
+			
+			bool Start ();
+			bool Stop ();
+			
+			const i2p::data::PrivateKeys& GetPrivateKeys () const { return m_Keys; };
+			void Sign (const uint8_t * buf, int len, uint8_t * signature) const { m_Keys.Sign (buf, len, signature); };	
+			
+			// streaming
+			std::shared_ptr<i2p::stream::StreamingDestination> CreateStreamingDestination (int port, bool gzip = true); // additional
+			std::shared_ptr<i2p::stream::StreamingDestination> GetStreamingDestination (int port = 0) const;
+			// following methods operate with default streaming destination
+			void CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, int port = 0);
+			std::shared_ptr<i2p::stream::Stream> CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port = 0);
+			void AcceptStreams (const i2p::stream::StreamingDestination::Acceptor& acceptor);
+			void StopAcceptingStreams ();
+			bool IsAcceptingStreams () const;
+			void AcceptOnce (const i2p::stream::StreamingDestination::Acceptor& acceptor);
+			
+			// datagram
+      i2p::datagram::DatagramDestination * GetDatagramDestination () const { return m_DatagramDestination; };
+      i2p::datagram::DatagramDestination * CreateDatagramDestination ();
+			
+			// implements LocalDestination		
+			const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; };
+			std::shared_ptr<const i2p::data::IdentityEx> GetIdentity () const { return m_Keys.GetPublic (); };			
+
+		protected:
+			
+			void CleanupDestination ();
+			// I2CP
+			void HandleDataMessage (const uint8_t * buf, size_t len);
+			void CreateNewLeaseSet (std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels);
+			
+		private:
+
+			std::shared_ptr<ClientDestination> GetSharedFromThis ()
+			{ return std::static_pointer_cast<ClientDestination>(shared_from_this ()); }   
+			void PersistTemporaryKeys ();
+#ifdef I2LUA
+			void ScheduleCheckForReady(ReadyPromise * p);
+			void HandleCheckForReady(const boost::system::error_code & ecode, ReadyPromise * p);
+#endif      
+		private:
+
+			i2p::data::PrivateKeys m_Keys;
+			uint8_t m_EncryptionPublicKey[256], m_EncryptionPrivateKey[256];
+
+			std::shared_ptr<i2p::stream::StreamingDestination> m_StreamingDestination; // default
+			std::map<uint16_t, std::shared_ptr<i2p::stream::StreamingDestination> > m_StreamingDestinationsByPorts;
+      i2p::datagram::DatagramDestination * m_DatagramDestination;
+
+			boost::asio::deadline_timer m_ReadyChecker;
+			
+		public:
+
+			// for HTTP only
+			std::vector<std::shared_ptr<const i2p::stream::Stream> > GetAllStreams () const;
 	};	
 }	
 }	

Dockerfile

@@ -0,0 +1,54 @@
+FROM alpine:latest
+
+MAINTAINER Mikal Villa <mikal@sigterm.no>
+
+ENV GIT_BRANCH="master"
+ENV I2PD_PREFIX="/opt/i2pd-${GIT_BRANCH}"
+ENV PATH=${I2PD_PREFIX}/bin:$PATH
+
+ENV GOSU_VERSION=1.7
+ENV GOSU_SHASUM="34049cfc713e8b74b90d6de49690fa601dc040021980812b2f1f691534be8a50  /usr/local/bin/gosu"
+
+RUN mkdir /user && adduser -S -h /user i2pd && chown -R i2pd:nobody /user
+
+
+#
+# Each RUN is a layer, adding the dependencies and building i2pd in one layer takes around 8-900Mb, so to keep the 
+# image under 20mb we need to remove all the build dependencies in the same "RUN" / layer.
+#
+
+# 1. install deps, clone and build. 
+# 2. strip binaries. 
+# 3. Purge all dependencies and other unrelated packages, including build directory. 
+RUN apk --no-cache --virtual build-dependendencies add make gcc g++ libtool boost-dev build-base openssl-dev openssl git \
+    && mkdir -p /tmp/build \
+    && cd /tmp/build && git clone -b ${GIT_BRANCH} https://github.com/PurpleI2P/i2pd.git \
+    && cd i2pd \
+    && make -j4 \
+    && mkdir -p ${I2PD_PREFIX}/bin \
+    && mv i2pd ${I2PD_PREFIX}/bin/ \
+    && cd ${I2PD_PREFIX}/bin \
+    && strip i2pd \
+    && rm -fr /tmp/build && apk --purge del build-dependendencies build-base fortify-headers boost-dev zlib-dev openssl-dev \
+    boost-python3 python3 gdbm boost-unit_test_framework boost-python linux-headers boost-prg_exec_monitor \
+    boost-serialization boost-signals boost-wave boost-wserialization boost-math boost-graph boost-regex git pcre \
+    libtool g++ gcc pkgconfig
+
+# 2. Adding required libraries to run i2pd to ensure it will run.
+RUN apk --no-cache add boost-filesystem boost-system boost-program_options boost-date_time boost-thread boost-iostreams openssl musl-utils libstdc++
+
+# Gosu is a replacement for su/sudo in docker and not a backdoor :) See https://github.com/tianon/gosu
+RUN wget -O /usr/local/bin/gosu https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64 \
+    && echo "${GOSU_SHASUM}" | sha256sum -c && chmod +x /usr/local/bin/gosu
+
+COPY entrypoint.sh /entrypoint.sh
+
+RUN chmod a+x /entrypoint.sh
+RUN echo "export PATH=${PATH}" >> /etc/profile
+
+VOLUME [ "/var/lib/i2pd" ]
+
+EXPOSE 7070 4444 4447 7656 2827 7654 7650
+
+ENTRYPOINT [ "/entrypoint.sh" ]
+

ElGamal.h

@@ -1,77 +0,0 @@
-#ifndef EL_GAMAL_H__
-#define EL_GAMAL_H__
-
-#include <inttypes.h>
-#include <cryptopp/integer.h>
-#include <cryptopp/osrng.h>
-#include <cryptopp/sha.h>
-#include "CryptoConst.h"
-#include "Log.h"
-
-namespace i2p
-{
-namespace crypto
-{
-
-	class ElGamalEncryption
-	{
-		public:
-
-			ElGamalEncryption (const uint8_t * key):
-				y (key, 256), k (rnd, CryptoPP::Integer::One(), elgp-1),
-				a (a_exp_b_mod_c (elgg, k, elgp)), b1 (a_exp_b_mod_c (y, k, elgp))
-			{
-			}
-
-			void Encrypt (const uint8_t * data, int len, uint8_t * encrypted, bool zeroPadding = false)
-			{
-				// calculate b = b1*m mod p
-				uint8_t m[255];
-				m[0] = 0xFF;
-				memcpy (m+33, data, len);
-				CryptoPP::SHA256().CalculateDigest(m+1, m+33, 222);
-				CryptoPP::Integer b (a_times_b_mod_c (b1, CryptoPP::Integer (m, 255), elgp));
-
-				// copy a and b
-				if (zeroPadding)
-				{
-					encrypted[0] = 0;
-					a.Encode (encrypted + 1, 256);
-					encrypted[257] = 0;
-					b.Encode (encrypted + 258, 256);
-				}	
-				else
-				{
-					a.Encode (encrypted, 256);	
-					b.Encode (encrypted + 256, 256);
-				}	
-			}
-
-		private:
-
-			CryptoPP::AutoSeededRandomPool rnd;	
-			CryptoPP::Integer y, k, a, b1;	
-			bool m_ZeroPadding;	
-	};
-
-	inline bool ElGamalDecrypt (const uint8_t * key, const uint8_t * encrypted, 
-		uint8_t * data, bool zeroPadding = false)
-	{
-		CryptoPP::Integer x(key, 256), a(zeroPadding? encrypted +1 : encrypted, 256), 
-			b(zeroPadding? encrypted + 258 :encrypted + 256, 256);
-		uint8_t m[255], hash[32];
-		a_times_b_mod_c (b, a_exp_b_mod_c (a, elgp - x - 1, elgp), elgp).Encode (m, 255);
-		CryptoPP::SHA256().CalculateDigest(hash, m+33, 222);
-		for (int i = 0; i < 32; i++)
-			if (hash[i] != m[i+1])
-			{
-				LogPrint ("ElGamal decrypt hash doesn't match");
-				return false;
-			}
-		memcpy (data, m + 33, 222);
-		return true;
-	}	
-}
-}	
-
-#endif

Event.cpp

@@ -0,0 +1,61 @@
+#include "Event.h"
+#include "Log.h"
+
+namespace i2p
+{
+	namespace event
+	{
+#ifdef WITH_EVENTS
+		EventCore core;
+#endif
+
+		void EventCore::SetListener(EventListener * l)
+		{
+			m_listener = l;
+			LogPrint(eLogInfo, "Event: listener set");
+		}
+
+		void EventCore::QueueEvent(const EventType & ev)
+		{
+			if(m_listener) m_listener->HandleEvent(ev);
+		}
+
+		void EventCore::CollectEvent(const std::string & type, const std::string & ident, uint64_t val)
+		{
+			std::unique_lock<std::mutex> lock(m_collect_mutex);
+			std::string key = type + "." + ident;
+			if (m_collected.find(key) == m_collected.end())
+			{
+				m_collected[key] = {type, key, 0};
+			}
+		  m_collected[key].Val += val;
+		}
+		
+		void EventCore::PumpCollected(EventListener * listener)
+		{
+			std::unique_lock<std::mutex> lock(m_collect_mutex);
+			if(listener)
+			{
+				for(const auto & ev : m_collected) {
+					listener->HandlePumpEvent({{"type", ev.second.Key}, {"ident", ev.second.Ident}}, ev.second.Val);
+				}
+			}
+			m_collected.clear();
+		}
+	}
+}
+
+void QueueIntEvent(const std::string & type, const std::string & ident, uint64_t val)
+{
+#ifdef WITH_EVENTS
+	i2p::event::core.CollectEvent(type, ident, val);
+#endif
+}
+
+void EmitEvent(const EventType & e)
+{
+#if WITH_EVENTS
+	i2p::event::core.QueueEvent(e);
+#endif
+}
+

Event.h

@@ -0,0 +1,53 @@
+#ifndef EVENT_H__
+#define EVENT_H__
+#include <map>
+#include <string>
+#include <memory>
+#include <mutex>
+#include <tuple>
+
+#include <boost/asio.hpp>
+
+typedef std::map<std::string, std::string> EventType;
+
+namespace i2p
+{
+	namespace event
+	{
+		class EventListener	 {
+		public:
+			virtual ~EventListener() {};
+			virtual void HandleEvent(const EventType & ev) = 0;
+      /** @brief handle collected event when pumped */
+      virtual void HandlePumpEvent(const EventType & ev, const uint64_t & val) = 0;
+		};
+
+		class EventCore
+		{
+		public:
+			void QueueEvent(const EventType & ev);
+      void CollectEvent(const std::string & type, const std::string & ident, uint64_t val);
+			void SetListener(EventListener * l);
+      void PumpCollected(EventListener * l);
+      
+		private:
+      std::mutex m_collect_mutex;
+      struct CollectedEvent
+      {
+        std::string Key;
+        std::string Ident;
+        uint64_t Val;
+      };
+      std::map<std::string, CollectedEvent> m_collected;
+			EventListener * m_listener = nullptr;
+		};
+#ifdef WITH_EVENTS		
+		extern EventCore core;
+#endif
+	}
+}
+
+void QueueIntEvent(const std::string & type, const std::string & ident, uint64_t val);
+void EmitEvent(const EventType & ev);
+
+#endif

FS.cpp

@@ -0,0 +1,192 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <algorithm>
+#include <boost/filesystem.hpp>
+
+#ifdef _WIN32
+#include <shlobj.h>
+#endif
+
+#include "Base.h"
+#include "FS.h"
+#include "Log.h"
+
+namespace i2p {
+namespace fs {
+  std::string appName = "i2pd";
+  std::string dataDir = "";
+#ifdef _WIN32
+  std::string dirSep = "\\";
+#else
+  std::string dirSep = "/";
+#endif
+
+  const std::string & GetAppName () {
+    return appName;
+  }
+
+  void SetAppName (const std::string& name) {
+    appName = name;
+  }
+
+  const std::string & GetDataDir () {
+    return dataDir;
+  }
+
+  void DetectDataDir(const std::string & cmdline_param, bool isService) {
+    if (cmdline_param != "") {
+      dataDir = cmdline_param;
+      return;
+    }
+#if defined(WIN32) || defined(_WIN32)
+    char localAppData[MAX_PATH];
+    // check executable directory first
+    GetModuleFileName (NULL, localAppData, MAX_PATH);
+    auto execPath = boost::filesystem::path(localAppData).parent_path();
+    // if config file exists in .exe's folder use it
+    if(boost::filesystem::exists(execPath/"i2pd.conf")) // TODO: magic string
+        dataDir = execPath.string ();
+    else
+    {
+        // otherwise %appdata%
+        SHGetFolderPath(NULL, CSIDL_APPDATA, 0, NULL, localAppData);
+        dataDir = std::string(localAppData) + "\\" + appName;
+    }
+    return;
+#elif defined(MAC_OSX)
+    char *home = getenv("HOME");
+    dataDir = (home != NULL && strlen(home) > 0) ? home : "";
+    dataDir += "/Library/Application Support/" + appName;
+    return;
+#else /* other unix */
+#if defined(ANDROID)
+	const char * ext = getenv("EXTERNAL_STORAGE");
+	if (!ext) ext = "/sdcard";	
+	if (boost::filesystem::exists(ext))
+	{
+		dataDir = std::string (ext) + "/" + appName;
+		return;
+	}
+	// otherwise use /data/files
+#endif
+    char *home = getenv("HOME");
+    if (isService) {
+      dataDir = "/var/lib/" + appName;
+    } else if (home != NULL && strlen(home) > 0) {
+      dataDir = std::string(home) + "/." + appName;
+    } else {
+      dataDir = "/tmp/" + appName;
+    }
+    return;
+#endif
+  }
+
+  bool Init() {
+    if (!boost::filesystem::exists(dataDir))
+      boost::filesystem::create_directory(dataDir);
+    std::string destinations = DataDirPath("destinations");
+    if (!boost::filesystem::exists(destinations))
+      boost::filesystem::create_directory(destinations);
+
+    return true;
+  }
+
+  bool ReadDir(const std::string & path, std::vector<std::string> & files) {
+    if (!boost::filesystem::exists(path))
+      return false;
+    boost::filesystem::directory_iterator it(path);
+    boost::filesystem::directory_iterator end;
+
+    for ( ; it != end; it++) {
+      if (!boost::filesystem::is_regular_file(it->status()))
+        continue;
+      files.push_back(it->path().string());
+    }
+
+    return true;
+  }
+
+  bool Exists(const std::string & path) {
+    return boost::filesystem::exists(path);
+  }
+
+  bool Remove(const std::string & path) {
+    if (!boost::filesystem::exists(path))
+      return false;
+    return boost::filesystem::remove(path);
+  }
+
+  	bool CreateDirectory (const std::string& path)
+	{
+		if (boost::filesystem::exists(path) &&
+			boost::filesystem::is_directory (boost::filesystem::status (path))) return true;
+		return boost::filesystem::create_directory(path);
+	}
+
+  void HashedStorage::SetPlace(const std::string &path) {
+    root = path + i2p::fs::dirSep + name;
+  }
+
+  bool HashedStorage::Init(const char * chars, size_t count) {
+    if (!boost::filesystem::exists(root)) {
+      boost::filesystem::create_directories(root);
+    }
+
+    for (size_t i = 0; i < count; i++) {
+      auto p = root + i2p::fs::dirSep + prefix1 + chars[i];
+      if (boost::filesystem::exists(p))
+        continue;
+      if (boost::filesystem::create_directory(p))
+        continue; /* ^ throws exception on failure */
+      return false;
+    }
+    return true;
+  }
+
+  std::string HashedStorage::Path(const std::string & ident) const {
+    std::string safe_ident = ident;
+    std::replace(safe_ident.begin(), safe_ident.end(), '/',  '-');
+    std::replace(safe_ident.begin(), safe_ident.end(), '\\', '-');
+
+    std::stringstream t("");
+    t << this->root << i2p::fs::dirSep;
+    t << prefix1 << safe_ident[0] << i2p::fs::dirSep;
+    t << prefix2 << safe_ident    << "." << suffix;
+
+    return t.str();
+  }
+
+  void HashedStorage::Remove(const std::string & ident) {
+    std::string path = Path(ident);
+    if (!boost::filesystem::exists(path))
+      return;
+    boost::filesystem::remove(path);
+  }
+
+  void HashedStorage::Traverse(std::vector<std::string> & files) {
+    Iterate([&files] (const std::string & fname) {
+        files.push_back(fname);
+    });
+  }
+
+  void HashedStorage::Iterate(FilenameVisitor v)
+  {
+    boost::filesystem::path p(root);
+    boost::filesystem::recursive_directory_iterator it(p);
+    boost::filesystem::recursive_directory_iterator end;
+
+    for ( ; it != end; it++) {
+      if (!boost::filesystem::is_regular_file( it->status() ))
+        continue;
+      const std::string & t = it->path().string();
+      v(t);
+    }
+  }
+} // fs
+} // i2p

FS.h

@@ -0,0 +1,159 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#ifndef FS_H__
+#define FS_H__
+
+#include <vector>
+#include <string>
+#include <iostream>
+#include <sstream>
+#include <functional>
+
+namespace i2p {
+namespace fs {
+  extern std::string dirSep;
+
+  /**
+   * @brief Class to work with NetDb & Router profiles
+   *
+   * Usage:
+   *
+   * const char alphabet[8] = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'};
+   * auto h = HashedStorage("name", "y", "z-", ".txt");
+   * h.SetPlace("/tmp/hs-test");
+   * h.GetName()          -> gives "name"
+   * h.GetRoot()          -> gives "/tmp/hs-test/name"
+   * h.Init(alphabet, 8); <- creates needed dirs, 8 is size of alphabet
+   * h.Path("abcd");      <- returns /tmp/hs-test/name/ya/z-abcd.txt
+   * h.Remove("abcd");    <- removes /tmp/hs-test/name/ya/z-abcd.txt, if it exists
+   * std::vector<std::string> files;
+   * h.Traverse(files);   <- finds all files in storage and saves in given vector
+   */
+  class HashedStorage {
+    protected:
+      std::string root;    /**< path to storage with it's name included */
+      std::string name;    /**< name of the storage */
+      std::string prefix1; /**< hashed directory prefix */
+      std::string prefix2; /**< prefix of file in storage */
+      std::string suffix;  /**< suffix of file in storage (extension) */
+
+    public:
+      typedef std::function<void(const std::string &)> FilenameVisitor;
+      HashedStorage(const char *n, const char *p1, const char *p2, const char *s):
+        name(n), prefix1(p1), prefix2(p2), suffix(s) {};
+
+      /** create subdirs in storage */
+      bool Init(const char* chars, size_t cnt);
+      const std::string & GetRoot() const { return root; }
+      const std::string & GetName() const { return name; }
+      /** set directory where to place storage directory */
+      void SetPlace(const std::string & path);
+      /** path to file with given ident */
+      std::string Path(const std::string & ident) const;
+      /** remove file by ident */
+      void Remove(const std::string & ident);
+      /** find all files in storage and store list in provided vector */
+      void Traverse(std::vector<std::string> & files);
+      /** visit every file in this storage with a visitor */
+      void Iterate(FilenameVisitor v);
+  };
+
+  /** @brief Returns current application name, default 'i2pd' */
+	const std::string & GetAppName ();
+  /** @brief Set applicaton name, affects autodetection of datadir */
+	void SetAppName (const std::string& name);
+
+  /** @brief Returns datadir path */
+  const std::string & GetDataDir();
+
+  /**
+   * @brief Set datadir either from cmdline option or using autodetection
+   * @param cmdline_param  Value of cmdline parameter --datadir=<something>
+   * @param isService      Value of cmdline parameter --service
+   *
+   * Examples of autodetected paths:
+   *
+   *   Windows < Vista: C:\Documents and Settings\Username\Application Data\i2pd\
+   *   Windows >= Vista: C:\Users\Username\AppData\Roaming\i2pd\
+   *   Mac: /Library/Application Support/i2pd/ or ~/Library/Application Support/i2pd/
+   *   Unix: /var/lib/i2pd/ (system=1) >> ~/.i2pd/ or /tmp/i2pd/
+   */
+  void DetectDataDir(const std::string & cmdline_datadir, bool isService = false);
+
+  /**
+   * @brief Create subdirectories inside datadir
+   */
+  bool Init();
+
+  /**
+   * @brief Get list of files in directory
+   * @param path  Path to directory
+   * @param files Vector to store found files
+   * @return true on success and false if directory not exists
+   */
+  bool ReadDir(const std::string & path, std::vector<std::string> & files);
+
+  /**
+   * @brief Remove file with given path
+   * @param path Absolute path to file
+   * @return true on success, false if file not exists, throws exception on error
+   */
+  bool Remove(const std::string & path);
+
+  /**
+   * @brief Check existence of file
+   * @param path Absolute path to file
+   * @return true if file exists, false otherwise
+   */
+  bool Exists(const std::string & path);
+ 
+  bool CreateDirectory (const std::string& path);	
+
+  template<typename T>
+  void _ExpandPath(std::stringstream & path, T c) {
+    path << i2p::fs::dirSep << c;
+  }
+
+  template<typename T, typename ... Other>
+  void _ExpandPath(std::stringstream & path, T c, Other ... other) {
+    _ExpandPath(path, c);
+    _ExpandPath(path, other ...);
+  }
+
+  /**
+   * @brief Get path relative to datadir
+   *
+   * Examples (with datadir = "/tmp/i2pd"):
+   *
+   * i2p::fs::Path("test")             -> '/tmp/i2pd/test'
+   * i2p::fs::Path("test", "file.txt") -> '/tmp/i2pd/test/file.txt'
+   */
+  template<typename ... Other>
+  std::string DataDirPath(Other ... components) {
+    std::stringstream s("");
+    s << i2p::fs::GetDataDir();
+    _ExpandPath(s, components ...);
+
+    return s.str();
+  }
+
+	template<typename Storage, typename... Filename>
+	std::string StorageRootPath (const Storage& storage, Filename... filenames)
+	{
+		std::stringstream s("");
+		s << storage.GetRoot ();
+		_ExpandPath(s, filenames...);
+
+		return s.str();
+	}	
+
+} // fs
+} // i2p
+
+#endif // /* FS_H__ */

Family.cpp

@@ -0,0 +1,181 @@
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+#include "Crypto.h"
+#include "FS.h"
+#include "Log.h"
+#include "Family.h"
+
+namespace i2p
+{
+namespace data
+{
+	Families::Families ()
+	{
+	}
+
+	Families::~Families ()
+	{
+	}
+
+	void Families::LoadCertificate (const std::string& filename)
+	{
+		SSL_CTX * ctx = SSL_CTX_new (TLS_method ());
+		int ret = SSL_CTX_use_certificate_file (ctx, filename.c_str (), SSL_FILETYPE_PEM); 
+		if (ret)
+		{	
+			SSL * ssl = SSL_new (ctx);
+			X509 * cert = SSL_get_certificate (ssl);
+			if (cert)
+			{	
+				std::shared_ptr<i2p::crypto::Verifier> verifier;
+				// extract issuer name
+				char name[100];
+				X509_NAME_oneline (X509_get_issuer_name(cert), name, 100);
+				char * cn = strstr (name, "CN=");
+				if (cn)
+				{	
+					cn += 3;
+					char * family = strstr (cn, ".family");
+					if (family) family[0] = 0;
+				}	
+				auto pkey = X509_get_pubkey (cert);
+				int keyType = EVP_PKEY_base_id (pkey);
+				switch (keyType)
+				{
+					case EVP_PKEY_DSA:
+						// TODO:
+					break;
+					case EVP_PKEY_EC:
+					{
+						EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);
+						if (ecKey)
+						{
+							auto group = EC_KEY_get0_group (ecKey);
+							if (group)
+							{
+								int curve = EC_GROUP_get_curve_name (group);
+								if (curve == NID_X9_62_prime256v1)
+								{
+									uint8_t signingKey[64];
+									BIGNUM * x = BN_new(), * y = BN_new();
+									EC_POINT_get_affine_coordinates_GFp (group,
+										EC_KEY_get0_public_key (ecKey), x, y, NULL);
+									i2p::crypto::bn2buf (x, signingKey, 32);
+									i2p::crypto::bn2buf (y, signingKey + 32, 32);
+									BN_free (x); BN_free (y);
+									verifier = std::make_shared<i2p::crypto::ECDSAP256Verifier>(signingKey);
+								}	
+								else
+									LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
+							}
+							EC_KEY_free (ecKey);
+						}
+						break;
+					}
+					default:
+						LogPrint (eLogWarning, "Family: Certificate key type ", keyType, " is not supported");
+				}
+				EVP_PKEY_free (pkey);
+				if (verifier && cn)
+					m_SigningKeys[cn] = verifier;
+			}	
+			SSL_free (ssl);			
+		}	
+		else
+			LogPrint (eLogError, "Family: Can't open certificate file ", filename);
+		SSL_CTX_free (ctx);		
+	}
+
+	void Families::LoadCertificates ()
+	{
+		std::string certDir = i2p::fs::DataDirPath("certificates", "family");
+		std::vector<std::string> files;
+		int numCertificates = 0;
+
+		if (!i2p::fs::ReadDir(certDir, files)) {
+			LogPrint(eLogWarning, "Family: Can't load family certificates from ", certDir);
+			return;
+		}
+
+		for (const std::string & file : files) {
+			if (file.compare(file.size() - 4, 4, ".crt") != 0) {
+				LogPrint(eLogWarning, "Family: ignoring file ", file);
+				continue;
+			}
+			LoadCertificate (file);
+			numCertificates++;
+		}	
+		LogPrint (eLogInfo, "Family: ", numCertificates, " certificates loaded");
+	}
+
+	bool Families::VerifyFamily (const std::string& family, const IdentHash& ident, 
+		const char * signature, const char * key)
+	{
+		uint8_t buf[50], signatureBuf[64];
+		size_t len = family.length (), signatureLen = strlen (signature);
+		if (len + 32 > 50)
+		{
+			LogPrint (eLogError, "Family: ", family, " is too long");
+			return false;
+		}		
+
+		memcpy (buf, family.c_str (), len);
+		memcpy (buf + len, (const uint8_t *)ident, 32);
+		len += 32;	
+		Base64ToByteStream (signature, signatureLen, signatureBuf, 64);	
+		auto it = m_SigningKeys.find (family);
+		if (it != m_SigningKeys.end ())
+			return it->second->Verify (buf, len, signatureBuf);
+		// TODO: process key
+		return true;
+	}
+
+	std::string CreateFamilySignature (const std::string& family, const IdentHash& ident)
+	{
+		auto filename = i2p::fs::DataDirPath("family", (family + ".key"));
+		std::string sig;
+		SSL_CTX * ctx = SSL_CTX_new (TLS_method ());
+		int ret = SSL_CTX_use_PrivateKey_file (ctx, filename.c_str (), SSL_FILETYPE_PEM); 
+		if (ret)
+		{
+			SSL * ssl = SSL_new (ctx);
+			EVP_PKEY * pkey = SSL_get_privatekey (ssl);
+			EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);
+			if (ecKey)
+			{
+				auto group = EC_KEY_get0_group (ecKey);
+				if (group)
+				{
+					int curve = EC_GROUP_get_curve_name (group);
+					if (curve == NID_X9_62_prime256v1)
+					{
+						uint8_t signingPrivateKey[32], buf[50], signature[64];
+						i2p::crypto::bn2buf (EC_KEY_get0_private_key (ecKey), signingPrivateKey, 32);
+						i2p::crypto::ECDSAP256Signer signer (signingPrivateKey);
+						size_t len = family.length ();
+						memcpy (buf, family.c_str (), len);
+						memcpy (buf + len, (const uint8_t *)ident, 32);
+						len += 32;
+						signer.Sign (buf, len, signature);
+						len = Base64EncodingBufferSize (64);
+						char * b64 = new char[len+1];
+						len = ByteStreamToBase64 (signature, 64, b64, len);
+						b64[len] = 0;
+						sig = b64;
+						delete[] b64;
+					}
+					else
+						LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
+				}	
+			}	
+			SSL_free (ssl);		
+		}	
+		else
+			LogPrint (eLogError, "Family: Can't open keys file: ", filename);
+		SSL_CTX_free (ctx);	
+		return sig;
+	}	
+}
+}
+

Family.h

@@ -0,0 +1,38 @@
+#ifndef FAMILY_H__
+#define FAMILY_H__
+
+#include <map>
+#include <string>
+#include <memory>
+#include "Signature.h"
+#include "Identity.h"
+
+namespace i2p
+{
+namespace data
+{
+	class Families
+	{
+		public:
+
+			Families ();
+			~Families ();
+			void LoadCertificates ();
+			bool VerifyFamily (const std::string& family, const IdentHash& ident, 
+				const char * signature, const char * key = nullptr);
+
+		private:
+
+			void LoadCertificate (const std::string& filename);
+
+		private:
+
+			std::map<std::string, std::shared_ptr<i2p::crypto::Verifier> > m_SigningKeys;
+	};		
+
+	std::string CreateFamilySignature (const std::string& family, const IdentHash& ident);
+	// return base64 signature of empty string in case of failure
+}
+}
+
+#endif

Garlic.cpp

@@ -2,12 +2,14 @@
 #include "I2PEndian.h"
 #include <map>
 #include <string>
+#include "Crypto.h"
 #include "RouterContext.h"
 #include "I2NPProtocol.h"
 #include "Tunnel.h"
 #include "TunnelPool.h"
+#include "Transports.h"
 #include "Timestamp.h"
-#include "Destination.h"
+#include "Log.h"
 #include "Garlic.h"
 
 namespace i2p
@@ -15,17 +17,18 @@ namespace i2p
 namespace garlic
 {
 	GarlicRoutingSession::GarlicRoutingSession (GarlicDestination * owner, 
-	    const i2p::data::RoutingDestination * destination, int numTags):
+	    std::shared_ptr<const i2p::data::RoutingDestination> destination, int numTags, bool attachLeaseSet):
 		m_Owner (owner), m_Destination (destination), m_NumTags (numTags), 
-		m_LeaseSetUpdated (numTags > 0)
+		m_LeaseSetUpdateStatus (attachLeaseSet ? eLeaseSetUpdated : eLeaseSetDoNotSend),
+		m_LeaseSetUpdateMsgID (0)
 	{
 		// create new session tags and session key
-		m_Rnd.GenerateBlock (m_SessionKey, 32);
+		RAND_bytes (m_SessionKey, 32);
 		m_Encryption.SetKey (m_SessionKey);
 	}	
 
 	GarlicRoutingSession::GarlicRoutingSession (const uint8_t * sessionKey, const SessionTag& sessionTag):
-		m_Owner (nullptr), m_Destination (nullptr), m_NumTags (1), m_LeaseSetUpdated (false)
+		m_Owner (nullptr), m_NumTags (1), m_LeaseSetUpdateStatus (eLeaseSetDoNotSend), m_LeaseSetUpdateMsgID (0)
 	{
 		memcpy (m_SessionKey, sessionKey, 32);
 		m_Encryption.SetKey (m_SessionKey);
@@ -35,54 +38,118 @@ namespace garlic
 
 	GarlicRoutingSession::~GarlicRoutingSession	()
 	{	
-		for (auto it: m_UnconfirmedTagsMsgs)	
-			delete it.second;
-		m_UnconfirmedTagsMsgs.clear ();
 	}
-	
+
+	std::shared_ptr<GarlicRoutingPath> GarlicRoutingSession::GetSharedRoutingPath ()
+	{
+		if (!m_SharedRoutingPath) return nullptr;
+		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
+		if (m_SharedRoutingPath->numTimesUsed >= ROUTING_PATH_MAX_NUM_TIMES_USED ||
+		    !m_SharedRoutingPath->outboundTunnel->IsEstablished () ||
+			ts*1000LL > m_SharedRoutingPath->remoteLease->endDate ||
+		    ts > m_SharedRoutingPath->updateTime + ROUTING_PATH_EXPIRATION_TIMEOUT)
+				m_SharedRoutingPath = nullptr;
+		if (m_SharedRoutingPath) m_SharedRoutingPath->numTimesUsed++;
+		return m_SharedRoutingPath;
+	}
+		
+	void GarlicRoutingSession::SetSharedRoutingPath (std::shared_ptr<GarlicRoutingPath> path)
+	{	
+		if (path && path->outboundTunnel && path->remoteLease) 
+		{	
+			path->updateTime = i2p::util::GetSecondsSinceEpoch ();
+			path->numTimesUsed = 0;
+		}	
+		else
+			path = nullptr;
+		m_SharedRoutingPath = path;
+	}
+		
 	GarlicRoutingSession::UnconfirmedTags * GarlicRoutingSession::GenerateSessionTags ()
 	{
 		auto tags = new UnconfirmedTags (m_NumTags);
 		tags->tagsCreationTime = i2p::util::GetSecondsSinceEpoch ();		
 		for (int i = 0; i < m_NumTags; i++)
 		{
-			m_Rnd.GenerateBlock (tags->sessionTags[i], 32);
+			RAND_bytes (tags->sessionTags[i], 32);
 			tags->sessionTags[i].creationTime = tags->tagsCreationTime;
 		}			
 		return tags;	
 	}
-	
+
+	void GarlicRoutingSession::MessageConfirmed (uint32_t msgID)
+	{
+		TagsConfirmed (msgID);
+		if (msgID == m_LeaseSetUpdateMsgID)
+		{	
+			m_LeaseSetUpdateStatus = eLeaseSetUpToDate;
+			m_LeaseSetUpdateMsgID = 0;
+			LogPrint (eLogInfo, "Garlic: LeaseSet update confirmed");
+		}	
+		else
+			CleanupExpiredTags ();
+	}	
+		
 	void GarlicRoutingSession::TagsConfirmed (uint32_t msgID) 
 	{ 
 		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
-		auto it = m_UnconfirmedTagsMsgs.find (msgID);	
+		auto it = m_UnconfirmedTagsMsgs.find (msgID);
 		if (it != m_UnconfirmedTagsMsgs.end ())
 		{
-			UnconfirmedTags * tags = it->second;
+			auto& tags = it->second;
 			if (ts < tags->tagsCreationTime + OUTGOING_TAGS_EXPIRATION_TIMEOUT)
 			{	
 				for (int i = 0; i < tags->numTags; i++)
 					m_SessionTags.push_back (tags->sessionTags[i]);
 			}	
 			m_UnconfirmedTagsMsgs.erase (it);
-			delete tags;
 		}
+	}
+
+	bool GarlicRoutingSession::CleanupExpiredTags ()
+	{
+		auto ts = i2p::util::GetSecondsSinceEpoch ();
+		for (auto it = m_SessionTags.begin (); it != m_SessionTags.end ();)
+		{
+			if (ts >= it->creationTime + OUTGOING_TAGS_EXPIRATION_TIMEOUT)
+				it = m_SessionTags.erase (it);
+			else 
+				++it;
+		}
+		CleanupUnconfirmedTags ();
+		if (m_LeaseSetUpdateMsgID && ts*1000LL > m_LeaseSetSubmissionTime + LEASET_CONFIRMATION_TIMEOUT)
+		{
+			if (m_Owner)
+				m_Owner->RemoveDeliveryStatusSession (m_LeaseSetUpdateMsgID);
+			m_LeaseSetUpdateMsgID = 0;
+		} 	
+		return !m_SessionTags.empty () || !m_UnconfirmedTagsMsgs.empty ();
+ 	}
+
+	bool GarlicRoutingSession::CleanupUnconfirmedTags ()
+	{
+		bool ret = false;
+		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
 		// delete expired unconfirmed tags
 		for (auto it = m_UnconfirmedTagsMsgs.begin (); it != m_UnconfirmedTagsMsgs.end ();)
 		{
-			if (ts >= it->second->tagsCreationTime + OUTGOING_TAGS_EXPIRATION_TIMEOUT)
+			if (ts >= it->second->tagsCreationTime + OUTGOING_TAGS_CONFIRMATION_TIMEOUT)
 			{
-				delete it->second;
+				if (m_Owner)
+					m_Owner->RemoveDeliveryStatusSession (it->first);
 				it = m_UnconfirmedTagsMsgs.erase (it);
+				ret = true;
 			}	
 			else
-				it++;
+				++it;
 		}	
+		return ret;
 	}
 
-	I2NPMessage * GarlicRoutingSession::WrapSingleMessage (I2NPMessage * msg)
+	std::shared_ptr<I2NPMessage> GarlicRoutingSession::WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg)
 	{
-		I2NPMessage * m = NewI2NPMessage ();
+		auto m = NewI2NPMessage ();
+		m->Align (12); // in order to get buf aligned to 16 (12 + 4)
 		size_t len = 0;
 		uint8_t * buf = m->GetPayload () + 4; // 4 bytes for length
 
@@ -108,19 +175,19 @@ namespace garlic
 		// create message
 		if (!tagFound) // new session
 		{
-			LogPrint ("No garlic tags available. Use ElGamal");
+			LogPrint (eLogInfo, "Garlic: No tags available, will use ElGamal");
 			if (!m_Destination)
 			{
-				LogPrint ("Can't use ElGamal for unknown destination");
+				LogPrint (eLogError, "Garlic: Can't use ElGamal for unknown destination");
 				return nullptr;
 			}
 			// create ElGamal block
 			ElGamalBlock elGamal;
 			memcpy (elGamal.sessionKey, m_SessionKey, 32); 
-			m_Rnd.GenerateBlock (elGamal.preIV, 32); // Pre-IV
+			RAND_bytes (elGamal.preIV, 32); // Pre-IV
 			uint8_t iv[32]; // IV is first 16 bytes
-			CryptoPP::SHA256().CalculateDigest(iv, elGamal.preIV, 32); 
-			m_Destination->GetElGamalEncryption ()->Encrypt ((uint8_t *)&elGamal, sizeof(elGamal), buf, true);			
+			SHA256(elGamal.preIV, 32, iv); 
+			i2p::crypto::ElGamalEncrypt (m_Destination->GetEncryptionPublicKey (), (uint8_t *)&elGamal, buf, true);			
 			m_Encryption.SetIV (iv);
 			buf += 514;
 			len += 514;	
@@ -130,27 +197,25 @@ namespace garlic
 			// session tag
 			memcpy (buf, tag, 32);	
 			uint8_t iv[32]; // IV is first 16 bytes
-			CryptoPP::SHA256().CalculateDigest(iv, tag, 32);
+			SHA256(tag, 32, iv);
 			m_Encryption.SetIV (iv);
 			buf += 32;
 			len += 32;		
 		}	
 		// AES block
 		len += CreateAESBlock (buf, msg);
-		*(uint32_t *)(m->GetPayload ()) = htobe32 (len);
+		htobe32buf (m->GetPayload (), len);
 		m->len += len + 4;
-		FillI2NPMessageHeader (m, eI2NPGarlic);
-		if (msg)
-			DeleteI2NPMessage (msg);
+		m->FillI2NPMessageHeader (eI2NPGarlic);
 		return m;
 	}	
 
-	size_t GarlicRoutingSession::CreateAESBlock (uint8_t * buf, const I2NPMessage * msg)
+	size_t GarlicRoutingSession::CreateAESBlock (uint8_t * buf, std::shared_ptr<const I2NPMessage> msg)
 	{
 		size_t blockSize = 0;
-		bool createNewTags = m_Owner && m_NumTags && ((int)m_SessionTags.size () <= m_NumTags/2);
+		bool createNewTags = m_Owner && m_NumTags && ((int)m_SessionTags.size () <= m_NumTags*2/3);
 		UnconfirmedTags * newTags = createNewTags ? GenerateSessionTags () : nullptr;
-		*(uint16_t *)buf = newTags ? htobe16 (newTags->numTags) : 0; // tag count
+		htobuf16 (buf, newTags ? htobe16 (newTags->numTags) : 0); // tag count
 		blockSize += 2;
 		if (newTags) // session tags recreated
 		{	
@@ -167,8 +232,8 @@ namespace garlic
 		buf[blockSize] = 0; // flag
 		blockSize++;
 		size_t len = CreateGarlicPayload (buf + blockSize, msg, newTags);
-		*payloadSize = htobe32 (len);
-		CryptoPP::SHA256().CalculateDigest(payloadHash, buf + blockSize, len);
+		htobe32buf (payloadSize, len);
+		SHA256(buf + blockSize, len, payloadHash);
 		blockSize += len;
 		size_t rem = blockSize % 16;
 		if (rem)
@@ -177,10 +242,11 @@ namespace garlic
 		return blockSize;
 	}	
 
-	size_t GarlicRoutingSession::CreateGarlicPayload (uint8_t * payload, const I2NPMessage * msg, UnconfirmedTags * newTags)
+	size_t GarlicRoutingSession::CreateGarlicPayload (uint8_t * payload, std::shared_ptr<const I2NPMessage> msg, UnconfirmedTags * newTags)
 	{
-		uint64_t ts = i2p::util::GetMillisecondsSinceEpoch () + 5000; // 5 sec
-		uint32_t msgID = m_Rnd.GenerateWord32 ();	
+		uint64_t ts = i2p::util::GetMillisecondsSinceEpoch ();
+		uint32_t msgID;
+		RAND_bytes ((uint8_t *)&msgID, 4);
 		size_t size = 0;
 		uint8_t * numCloves = payload + size;
 		*numCloves = 0;
@@ -188,26 +254,43 @@ namespace garlic
 
 		if (m_Owner)
 		{	
-			if (newTags) // new session
+			// resubmit non-confirmed LeaseSet
+			if (m_LeaseSetUpdateStatus == eLeaseSetSubmitted && ts > m_LeaseSetSubmissionTime + LEASET_CONFIRMATION_TIMEOUT)
+			{
+				m_LeaseSetUpdateStatus = eLeaseSetUpdated;
+				SetSharedRoutingPath (nullptr); // invalidate path since leaseset was not confirmed
+			}
+
+			// attach DeviveryStatus if necessary
+			if (newTags || m_LeaseSetUpdateStatus == eLeaseSetUpdated) // new tags created or leaseset updated
 			{
 				// clove is DeliveryStatus 
-				size += CreateDeliveryStatusClove (payload + size, msgID);
-				if (size > 0) // successive?
+				auto cloveSize = CreateDeliveryStatusClove (payload + size, msgID);
+				if (cloveSize > 0) // successive?
 				{
+					size += cloveSize;
 					(*numCloves)++;
-					m_UnconfirmedTagsMsgs[msgID] = newTags;
-					m_Owner->DeliveryStatusSent (this, msgID);
+					if (newTags) // new tags created
+					{
+						newTags->msgID = msgID;
+						m_UnconfirmedTagsMsgs.insert (std::make_pair(msgID, std::unique_ptr<UnconfirmedTags>(newTags)));
+						newTags = nullptr; // got acquired
+					}	
+					m_Owner->DeliveryStatusSent (shared_from_this (), msgID);
 				}
 				else
-					LogPrint ("DeliveryStatus clove was not created");
+					LogPrint (eLogWarning, "Garlic: DeliveryStatus clove was not created");
 			}	
-			if (m_LeaseSetUpdated) 
+			// attach LeaseSet
+			if (m_LeaseSetUpdateStatus == eLeaseSetUpdated) 
 			{
-				m_LeaseSetUpdated = false;
+				if (m_LeaseSetUpdateMsgID) m_Owner->RemoveDeliveryStatusSession (m_LeaseSetUpdateMsgID); // remove previous
+				m_LeaseSetUpdateStatus = eLeaseSetSubmitted;
+				m_LeaseSetUpdateMsgID = msgID;
+				m_LeaseSetSubmissionTime = ts;
 				// clove if our leaseSet must be attached
 				auto leaseSet = CreateDatabaseStoreMsg (m_Owner->GetLeaseSet ());
-				size += CreateGarlicClove (payload + size, leaseSet, false);
-				DeleteI2NPMessage (leaseSet);
+				size += CreateGarlicClove (payload + size, leaseSet, false); 
 				(*numCloves)++;
 			}
 		}	
@@ -216,21 +299,22 @@ namespace garlic
 			size += CreateGarlicClove (payload + size, msg, m_Destination ? m_Destination->IsDestination () : false);
 			(*numCloves)++;
 		}	
-		
 		memset (payload + size, 0, 3); // certificate of message
 		size += 3;
-		*(uint32_t *)(payload + size) = htobe32 (msgID); // MessageID
+		htobe32buf (payload + size, msgID); // MessageID
 		size += 4;
-		*(uint64_t *)(payload + size) = htobe64 (ts); // Expiration of message
+		htobe64buf (payload + size, ts + 8000); // Expiration of message, 8 sec
 		size += 8;
+		
+		if (newTags) delete newTags; // not acquired, delete			
 		return size;
 	}	
 
-	size_t GarlicRoutingSession::CreateGarlicClove (uint8_t * buf, const I2NPMessage * msg, bool isDestination)
+	size_t GarlicRoutingSession::CreateGarlicClove (uint8_t * buf, std::shared_ptr<const I2NPMessage> msg, bool isDestination)
 	{
-		uint64_t ts = i2p::util::GetMillisecondsSinceEpoch () + 5000; // 5 sec
+		uint64_t ts = i2p::util::GetMillisecondsSinceEpoch () + 8000; // 8 sec
 		size_t size = 0;
-		if (isDestination && m_Destination)
+		if (isDestination)
 		{
 			buf[size] = eGarlicDeliveryTypeDestination << 5;//  delivery instructions flag destination
 			size++;
@@ -245,9 +329,11 @@ namespace garlic
 		
 		memcpy (buf + size, msg->GetBuffer (), msg->GetLength ());
 		size += msg->GetLength ();
-		*(uint32_t *)(buf + size) = htobe32 (m_Rnd.GenerateWord32 ()); // CloveID
+		uint32_t cloveID;
+		RAND_bytes ((uint8_t *)&cloveID, 4);
+		htobe32buf (buf + size, cloveID); // CloveID
 		size += 4;
-		*(uint64_t *)(buf + size) = htobe64 (ts); // Expiration of clove
+		htobe64buf (buf + size, ts); // Expiration of clove
 		size += 8;
 		memset (buf + size, 0, 3); // certificate of clove
 		size += 3;
@@ -259,57 +345,60 @@ namespace garlic
 		size_t size = 0;
 		if (m_Owner)
 		{
-			auto leases = m_Owner->GetLeaseSet ()->GetNonExpiredLeases ();
-			if (!leases.empty ())
+			auto inboundTunnel = m_Owner->GetTunnelPool ()->GetNextInboundTunnel ();
+			if (inboundTunnel)
 			{	
 				buf[size] = eGarlicDeliveryTypeTunnel << 5; // delivery instructions flag tunnel
 				size++;
-				uint32_t i = m_Rnd.GenerateWord32 (0, leases.size () - 1);
 				// hash and tunnelID sequence is reversed for Garlic 
-				memcpy (buf + size, leases[i].tunnelGateway, 32); // To Hash
+				memcpy (buf + size, inboundTunnel->GetNextIdentHash (), 32); // To Hash
 				size += 32;
-				*(uint32_t *)(buf + size) = htobe32 (leases[i].tunnelID); // tunnelID
+				htobe32buf (buf + size, inboundTunnel->GetNextTunnelID ()); // tunnelID
 				size += 4; 	
 				// create msg 
-				I2NPMessage * msg = CreateDeliveryStatusMsg (msgID);
+				auto msg = CreateDeliveryStatusMsg (msgID);
 				if (m_Owner)
 				{
 					//encrypt 
 					uint8_t key[32], tag[32];
-					m_Rnd.GenerateBlock (key, 32); // random session key 
-					m_Rnd.GenerateBlock (tag, 32); // random session tag
-					m_Owner->AddSessionKey (key, tag);
+					RAND_bytes (key, 32); // random session key 
+					RAND_bytes (tag, 32); // random session tag
+					m_Owner->SubmitSessionKey (key, tag);
 					GarlicRoutingSession garlic (key, tag);
 					msg = garlic.WrapSingleMessage (msg);		
 				}
 				memcpy (buf + size, msg->GetBuffer (), msg->GetLength ());
 				size += msg->GetLength ();
-				DeleteI2NPMessage (msg);
 				// fill clove
-				uint64_t ts = i2p::util::GetMillisecondsSinceEpoch () + 5000; // 5 sec
-				*(uint32_t *)(buf + size) = htobe32 (m_Rnd.GenerateWord32 ()); // CloveID
+				uint64_t ts = i2p::util::GetMillisecondsSinceEpoch () + 8000; // 8 sec
+				uint32_t cloveID;
+				RAND_bytes ((uint8_t *)&cloveID, 4);
+				htobe32buf (buf + size, cloveID); // CloveID
 				size += 4;
-				*(uint64_t *)(buf + size) = htobe64 (ts); // Expiration of clove
+				htobe64buf (buf + size, ts); // Expiration of clove
 				size += 8;
 				memset (buf + size, 0, 3); // certificate of clove
 				size += 3;
 			}
 			else	
-				LogPrint ("All tunnels of local LeaseSet expired");	
+				LogPrint (eLogError, "Garlic: No inbound tunnels in the pool for DeliveryStatus");
 		}
 		else
-			LogPrint ("Missing local LeaseSet");
+			LogPrint (eLogWarning, "Garlic: Missing local LeaseSet");
 
 		return size;
 	}
 	
 	GarlicDestination::~GarlicDestination ()
 	{
-		for (auto it: m_Sessions)
-			delete it.second;
-		m_Sessions.clear ();
 	}
 
+	void GarlicDestination::CleanUp ()
+	{		
+		m_Sessions.clear ();
+		m_DeliveryStatusSessions.clear ();
+		m_Tags.clear ();
+	}	
 	void GarlicDestination::AddSessionKey (const uint8_t * key, const uint8_t * tag)
 	{
 		if (key)
@@ -321,80 +410,79 @@ namespace garlic
 		}
 	}
 
-	void GarlicDestination::HandleGarlicMessage (I2NPMessage * msg)
+	bool GarlicDestination::SubmitSessionKey (const uint8_t * key, const uint8_t * tag) 
+	{
+		AddSessionKey (key, tag);
+		return true;
+	}
+
+	void GarlicDestination::HandleGarlicMessage (std::shared_ptr<I2NPMessage> msg)
 	{
 		uint8_t * buf = msg->GetPayload ();
-		uint32_t length = be32toh (*(uint32_t *)buf);
+		uint32_t length = bufbe32toh (buf);
+		if (length > msg->GetLength ())
+		{
+			LogPrint (eLogWarning, "Garlic: message length ", length, " exceeds I2NP message length ", msg->GetLength ());
+			return;
+		}	
 		buf += 4; // length
 		auto it = m_Tags.find (SessionTag(buf));
 		if (it != m_Tags.end ())
 		{
 			// tag found. Use AES
-			uint8_t iv[32]; // IV is first 16 bytes
-			CryptoPP::SHA256().CalculateDigest(iv, buf, 32);
-			it->second->SetIV (iv);
-			it->second->Decrypt (buf + 32, length - 32, buf + 32);
-			HandleAESBlock (buf + 32, length - 32, it->second, msg->from);
-			m_Tags.erase (it); // tag might be used only once
+			if (length >= 32)
+			{	
+				uint8_t iv[32]; // IV is first 16 bytes
+				SHA256(buf, 32, iv);
+				it->second->SetIV (iv);
+				it->second->Decrypt (buf + 32, length - 32, buf + 32);
+				HandleAESBlock (buf + 32, length - 32, it->second, msg->from);
+			}	
+			else
+				LogPrint (eLogWarning, "Garlic: message length ", length, " is less than 32 bytes");
+			m_Tags.erase (it); // tag might be used only once	
 		}
 		else
 		{
 			// tag not found. Use ElGamal
 			ElGamalBlock elGamal;
-			if (i2p::crypto::ElGamalDecrypt (GetEncryptionPrivateKey (), buf, (uint8_t *)&elGamal, true))
+			if (length >= 514 && i2p::crypto::ElGamalDecrypt (GetEncryptionPrivateKey (), buf, (uint8_t *)&elGamal, true))
 			{	
 				auto decryption = std::make_shared<i2p::crypto::CBCDecryption>();
 				decryption->SetKey (elGamal.sessionKey);
 				uint8_t iv[32]; // IV is first 16 bytes
-				CryptoPP::SHA256().CalculateDigest(iv, elGamal.preIV, 32); 
+				SHA256(elGamal.preIV, 32, iv); 
 				decryption->SetIV (iv);
 				decryption->Decrypt(buf + 514, length - 514, buf + 514);
 				HandleAESBlock (buf + 514, length - 514, decryption, msg->from);
 			}	
 			else
-				LogPrint ("Failed to decrypt garlic");
+				LogPrint (eLogError, "Garlic: Failed to decrypt message");
 		}
-		DeleteI2NPMessage (msg);
-
-		// cleanup expired tags
-		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
-		if (ts > m_LastTagsCleanupTime + INCOMING_TAGS_EXPIRATION_TIMEOUT)
-		{
-			if (m_LastTagsCleanupTime)
-			{
-				int numExpiredTags = 0;
-				for (auto it = m_Tags.begin (); it != m_Tags.end ();)
-				{
-					if (ts > it->first.creationTime + INCOMING_TAGS_EXPIRATION_TIMEOUT)
-					{
-						numExpiredTags++;
-						it = m_Tags.erase (it);
-					}	
-					else
-						it++;
-				}
-				LogPrint (numExpiredTags, " tags expired for ", GetIdentHash().ToBase64 ());
-			}	
-			m_LastTagsCleanupTime = ts;
-		}	
 	}	
 
 	void GarlicDestination::HandleAESBlock (uint8_t * buf, size_t len, std::shared_ptr<i2p::crypto::CBCDecryption> decryption,
-		i2p::tunnel::InboundTunnel * from)
+		std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
-		uint16_t tagCount = be16toh (*(uint16_t *)buf);
-		buf += 2;	
+		uint16_t tagCount = bufbe16toh (buf);
+		buf += 2; len -= 2;	
 		if (tagCount > 0)
 		{	
+			if (tagCount*32 > len) 
+			{
+				LogPrint (eLogError, "Garlic: Tag count ", tagCount, " exceeds length ", len);
+				return ;
+			}	
 			uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
 			for (int i = 0; i < tagCount; i++)
 				m_Tags[SessionTag(buf + i*32, ts)] = decryption;	
 		}	
 		buf += tagCount*32;
-		uint32_t payloadSize = be32toh (*(uint32_t *)buf);
+		len -= tagCount*32;
+		uint32_t payloadSize = bufbe32toh (buf);
 		if (payloadSize > len)
 		{
-			LogPrint ("Unexpected payload size ", payloadSize);
+			LogPrint (eLogError, "Garlic: Unexpected payload size ", payloadSize);
 			return;
 		}	
 		buf += 4;
@@ -405,20 +493,21 @@ namespace garlic
 		buf++; // flag
 
 		// payload
-		uint8_t hash[32];
-		CryptoPP::SHA256().CalculateDigest(hash, buf, payloadSize);
-		if (memcmp (hash, payloadHash, 32)) // payload hash doesn't match
+		uint8_t digest[32];
+		SHA256 (buf, payloadSize, digest);
+		if (memcmp (payloadHash, digest, 32)) // payload hash doesn't match
 		{
-			LogPrint ("Wrong payload hash");
+			LogPrint (eLogError, "Garlic: wrong payload hash");
 			return;
 		}		    
 		HandleGarlicPayload (buf, payloadSize, from);
 	}	
 
-	void GarlicDestination::HandleGarlicPayload (uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from)
+	void GarlicDestination::HandleGarlicPayload (uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
+		const uint8_t * buf1 = buf;
 		int numCloves = buf[0];
-		LogPrint (numCloves," cloves");
+		LogPrint (eLogDebug, "Garlic: ", numCloves," cloves");
 		buf++;
 		for (int i = 0; i < numCloves; i++)
 		{
@@ -428,120 +517,191 @@ namespace garlic
 			if (flag & 0x80) // encrypted?
 			{
 				// TODO: implement
-				LogPrint ("Clove encrypted");
+				LogPrint (eLogWarning, "Garlic: clove encrypted");
 				buf += 32; 
 			}	
 			GarlicDeliveryType deliveryType = (GarlicDeliveryType)((flag >> 5) & 0x03);
 			switch (deliveryType)
 			{
 				case eGarlicDeliveryTypeLocal:
-					LogPrint ("Garlic type local");
+					LogPrint (eLogDebug, "Garlic: type local");
 					HandleI2NPMessage (buf, len, from);
 				break;	
 				case eGarlicDeliveryTypeDestination:	
-					LogPrint ("Garlic type destination");
+					LogPrint (eLogDebug, "Garlic: type destination");
 					buf += 32; // destination. check it later or for multiple destinations
 					HandleI2NPMessage (buf, len, from);
 				break;
 				case eGarlicDeliveryTypeTunnel:
 				{	
-					LogPrint ("Garlic type tunnel");
+					LogPrint (eLogDebug, "Garlic: type tunnel");
 					// gwHash and gwTunnel sequence is reverted
 					uint8_t * gwHash = buf;
 					buf += 32;
-					uint32_t gwTunnel = be32toh (*(uint32_t *)buf);
+					uint32_t gwTunnel = bufbe32toh (buf);
 					buf += 4;
-					i2p::tunnel::OutboundTunnel * tunnel = nullptr;
-					if (from && from->GetTunnelPool ())
-						tunnel = from->GetTunnelPool ()->GetNextOutboundTunnel ();
-					if (tunnel) // we have send it through an outbound tunnel
-					{	
-						I2NPMessage * msg = CreateI2NPMessage (buf, GetI2NPMessageLength (buf), from);
-						tunnel->SendTunnelDataMsg (gwHash, gwTunnel, msg);
-					}	
-					else
-						LogPrint ("No outbound tunnels available for garlic clove");
+					auto msg = CreateI2NPMessage (buf, GetI2NPMessageLength (buf), from);
+					if (from) // received through an inbound tunnel
+					{
+						std::shared_ptr<i2p::tunnel::OutboundTunnel> tunnel;
+						if (from->GetTunnelPool ())
+							tunnel = from->GetTunnelPool ()->GetNextOutboundTunnel ();
+						else
+							LogPrint (eLogError, "Garlic: Tunnel pool is not set for inbound tunnel");
+						if (tunnel) // we have send it through an outbound tunnel
+							tunnel->SendTunnelDataMsg (gwHash, gwTunnel, msg);
+						else
+							LogPrint (eLogWarning, "Garlic: No outbound tunnels available for garlic clove");
+					}
+					else // received directly
+						i2p::transport::transports.SendMessage (gwHash, i2p::CreateTunnelGatewayMsg (gwTunnel, msg)); // send directly
 					break;
 				}
 				case eGarlicDeliveryTypeRouter:
-					LogPrint ("Garlic type router not supported");
+				{
+					uint8_t * ident = buf;
 					buf += 32;
-				break;	
+					if (!from) // received directly
+						i2p::transport::transports.SendMessage (ident,
+							CreateI2NPMessage (buf, GetI2NPMessageLength (buf)));
+					else
+						LogPrint (eLogWarning, "Garlic: type router for inbound tunnels not supported");
+					break;	
+				}
 				default:
-					LogPrint ("Unknow garlic delivery type ", (int)deliveryType);
+					LogPrint (eLogWarning, "Garlic: unknown delivery type ", (int)deliveryType);
 			}
 			buf += GetI2NPMessageLength (buf); //  I2NP
 			buf += 4; // CloveID
 			buf += 8; // Date
 			buf += 3; // Certificate
+			if (buf - buf1  > (int)len)
+			{
+				LogPrint (eLogError, "Garlic: clove is too long");
+				break;
+			}	
 		}	
 	}	
 	
-	I2NPMessage * GarlicDestination::WrapMessage (const i2p::data::RoutingDestination& destination, 
-		I2NPMessage * msg, bool attachLeaseSet)	
+	std::shared_ptr<I2NPMessage> GarlicDestination::WrapMessage (std::shared_ptr<const i2p::data::RoutingDestination> destination, 
+		std::shared_ptr<I2NPMessage> msg, bool attachLeaseSet)	
 	{
-		if (attachLeaseSet) // we should maintain this session
-		{	
-			auto session = GetRoutingSession (destination, 32);  // 32 tags by default
-			return session->WrapSingleMessage (msg);	
-		}
-		else // one time session
-		{
-			GarlicRoutingSession session (this, &destination, 0); // don't use tag if no LeaseSet
-			return session.WrapSingleMessage (msg);
-		}	
+		auto session = GetRoutingSession (destination, attachLeaseSet);  
+		return session->WrapSingleMessage (msg);	
 	}
 
-	GarlicRoutingSession * GarlicDestination::GetRoutingSession (
-		const i2p::data::RoutingDestination& destination, int numTags)
+	std::shared_ptr<GarlicRoutingSession> GarlicDestination::GetRoutingSession (
+		std::shared_ptr<const i2p::data::RoutingDestination> destination, bool attachLeaseSet)
 	{
-		auto it = m_Sessions.find (destination.GetIdentHash ());
-		GarlicRoutingSession * session = nullptr;
-		if (it != m_Sessions.end ())
-			session = it->second;
+		GarlicRoutingSessionPtr session;
+		{	
+			std::unique_lock<std::mutex> l(m_SessionsMutex);
+			auto it = m_Sessions.find (destination->GetIdentHash ());
+			if (it != m_Sessions.end ())
+				session = it->second;
+		}
 		if (!session)
 		{
-			session = new GarlicRoutingSession (this, &destination, numTags); 
+			session = std::make_shared<GarlicRoutingSession> (this, destination, 
+				attachLeaseSet ? m_NumTags : 4, attachLeaseSet); // specified num tags for connections and 4 for LS requests
 			std::unique_lock<std::mutex> l(m_SessionsMutex);
-			m_Sessions[destination.GetIdentHash ()] = session;
+			m_Sessions[destination->GetIdentHash ()] = session;
 		}	
 		return session;
 	}	
-		
-	void GarlicDestination::DeliveryStatusSent (GarlicRoutingSession * session, uint32_t msgID)
+	
+	void GarlicDestination::CleanupExpiredTags ()
 	{
-		m_CreatedSessions[msgID] = session;
-	}		
-
-	void GarlicDestination::HandleDeliveryStatusMessage (I2NPMessage * msg)
-	{
-		I2NPDeliveryStatusMsg * deliveryStatus = (I2NPDeliveryStatusMsg *)msg->GetPayload ();
-		uint32_t msgID = be32toh (deliveryStatus->msgID);
+		// incoming
+		uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
+		int numExpiredTags = 0;
+		for (auto it = m_Tags.begin (); it != m_Tags.end ();)
 		{
-			auto it = m_CreatedSessions.find (msgID);
-			if (it != m_CreatedSessions.end ())			
+			if (ts > it->first.creationTime + INCOMING_TAGS_EXPIRATION_TIMEOUT)
 			{
-				it->second->TagsConfirmed (msgID);
-				m_CreatedSessions.erase (it);
-				LogPrint ("Garlic message ", msgID, " acknowledged");
+				numExpiredTags++;
+				it = m_Tags.erase (it);
 			}	
+			else
+				++it;
+		}
+		if (numExpiredTags > 0)
+			LogPrint (eLogDebug, "Garlic: ", numExpiredTags, " tags expired for ", GetIdentHash().ToBase64 ());
+
+		// outgoing
+		{
+			std::unique_lock<std::mutex> l(m_SessionsMutex);
+			for (auto it = m_Sessions.begin (); it != m_Sessions.end ();)
+			{
+				it->second->GetSharedRoutingPath (); // delete shared path if necessary
+				if (!it->second->CleanupExpiredTags ())
+				{
+					LogPrint (eLogInfo, "Routing session to ", it->first.ToBase32 (), " deleted");
+					it->second->SetOwner (nullptr);
+					it = m_Sessions.erase (it);
+				}
+				else
+					++it;
+			}
+		}
+		// delivery status sessions
+		{	
+			std::unique_lock<std::mutex> l(m_DeliveryStatusSessionsMutex);
+			for (auto it = m_DeliveryStatusSessions.begin (); it != m_DeliveryStatusSessions.end (); )
+			{
+				if (it->second->GetOwner () != this)
+					it = m_DeliveryStatusSessions.erase (it);
+				else
+					++it;
+			}
+		}	
+	}
+
+	void GarlicDestination::RemoveDeliveryStatusSession (uint32_t msgID)
+	{
+		std::unique_lock<std::mutex> l(m_DeliveryStatusSessionsMutex);
+		m_DeliveryStatusSessions.erase (msgID);
+	}
+
+	void GarlicDestination::DeliveryStatusSent (GarlicRoutingSessionPtr session, uint32_t msgID)
+	{
+		std::unique_lock<std::mutex> l(m_DeliveryStatusSessionsMutex);
+		m_DeliveryStatusSessions[msgID] = session;
+	}
+
+	void GarlicDestination::HandleDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg)
+	{
+		uint32_t msgID = bufbe32toh (msg->GetPayload ());
+		GarlicRoutingSessionPtr session;
+		{
+			std::unique_lock<std::mutex> l(m_DeliveryStatusSessionsMutex);
+			auto it = m_DeliveryStatusSessions.find (msgID);
+			if (it != m_DeliveryStatusSessions.end ())
+			{
+				session = it->second;
+				m_DeliveryStatusSessions.erase (it);
+			}
+		}
+		if (session)
+		{
+			session->MessageConfirmed (msgID);
+			LogPrint (eLogDebug, "Garlic: message ", msgID, " acknowledged");
 		}
-		DeleteI2NPMessage (msg);	
 	}
 
 	void GarlicDestination::SetLeaseSetUpdated ()
 	{
-		std::unique_lock<std::mutex> l(m_SessionsMutex);	
-		for (auto it: m_Sessions)
+		std::unique_lock<std::mutex> l(m_SessionsMutex);
+		for (auto& it: m_Sessions)
 			it.second->SetLeaseSetUpdated ();
 	}
 
-	void GarlicDestination::ProcessGarlicMessage (I2NPMessage * msg)
+	void GarlicDestination::ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg)
 	{
 		HandleGarlicMessage (msg);
 	}
 
-	void GarlicDestination::ProcessDeliveryStatusMessage (I2NPMessage * msg)
+	void GarlicDestination::ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg)
 	{
 		HandleDeliveryStatusMessage (msg);
 	}

Garlic.h

@@ -8,15 +8,19 @@
 #include <thread>
 #include <mutex>
 #include <memory>
-#include <cryptopp/osrng.h>
-#include "aes.h"
+#include "Crypto.h"
 #include "I2NPProtocol.h"
 #include "LeaseSet.h"
 #include "Queue.h"
 #include "Identity.h"
 
 namespace i2p
-{	
+{
+namespace tunnel
+{		
+	class OutboundTunnel;
+}
+	
 namespace garlic
 {
 	
@@ -28,17 +32,19 @@ namespace garlic
 		eGarlicDeliveryTypeTunnel = 3
 	};	
 
-#pragma pack(1)
 	struct ElGamalBlock
 	{
 		uint8_t sessionKey[32];
 		uint8_t preIV[32];
 		uint8_t padding[158];
 	};		
-#pragma pack()	
 
 	const int INCOMING_TAGS_EXPIRATION_TIMEOUT = 960; // 16 minutes			
 	const int OUTGOING_TAGS_EXPIRATION_TIMEOUT = 720; // 12 minutes
+	const int OUTGOING_TAGS_CONFIRMATION_TIMEOUT = 10; // 10 seconds 
+	const int LEASET_CONFIRMATION_TIMEOUT = 4000; // in milliseconds
+	const int ROUTING_PATH_EXPIRATION_TIMEOUT = 30; // 30 seconds 
+	const int ROUTING_PATH_MAX_NUM_TIMES_USED = 100; // how many times might be used 
 	
 	struct SessionTag: public i2p::data::Tag<32> 
 	{
@@ -52,14 +58,32 @@ namespace garlic
 #endif
 		uint32_t creationTime; // seconds since epoch	
 	};
-		
-	class GarlicDestination;
-	class GarlicRoutingSession
+
+	struct GarlicRoutingPath
 	{
+		std::shared_ptr<i2p::tunnel::OutboundTunnel> outboundTunnel;
+		std::shared_ptr<const i2p::data::Lease> remoteLease;
+		int rtt; // RTT
+		uint32_t updateTime; // seconds since epoch
+		int numTimesUsed; 
+	};	
+	
+	class GarlicDestination;
+	class GarlicRoutingSession: public std::enable_shared_from_this<GarlicRoutingSession>
+	{
+			enum LeaseSetUpdateStatus
+			{
+				eLeaseSetUpToDate = 0,
+				eLeaseSetUpdated,
+				eLeaseSetSubmitted,
+				eLeaseSetDoNotSend
+			};
+		
 			struct UnconfirmedTags
 			{
 				UnconfirmedTags (int n): numTags (n), tagsCreationTime (0) { sessionTags = new SessionTag[numTags]; };
 				~UnconfirmedTags () { delete[] sessionTags; };
+				uint32_t msgID;
 				int numTags;
 				SessionTag * sessionTags;
 				uint32_t tagsCreationTime;
@@ -67,79 +91,119 @@ namespace garlic
 
 		public:
 
-			GarlicRoutingSession (GarlicDestination * owner, const i2p::data::RoutingDestination * destination, int numTags);
+			GarlicRoutingSession (GarlicDestination * owner, std::shared_ptr<const i2p::data::RoutingDestination> destination, 
+				int numTags, bool attachLeaseSet);
 			GarlicRoutingSession (const uint8_t * sessionKey, const SessionTag& sessionTag); // one time encryption
 			~GarlicRoutingSession ();
-			I2NPMessage * WrapSingleMessage (I2NPMessage * msg);
-			void TagsConfirmed (uint32_t msgID);
+			std::shared_ptr<I2NPMessage> WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg);
+			void MessageConfirmed (uint32_t msgID);
+			bool CleanupExpiredTags (); // returns true if something left 
+			bool CleanupUnconfirmedTags (); // returns true if something has been deleted
 
-			void SetLeaseSetUpdated () { m_LeaseSetUpdated = true; };
+			void SetLeaseSetUpdated () 
+			{ 
+				if (m_LeaseSetUpdateStatus != eLeaseSetDoNotSend) m_LeaseSetUpdateStatus = eLeaseSetUpdated; 
+			};
+			bool IsLeaseSetNonConfirmed () const { return m_LeaseSetUpdateStatus == eLeaseSetSubmitted; };
+			bool IsLeaseSetUpdated () const { return m_LeaseSetUpdateStatus == eLeaseSetUpdated; };
+			uint64_t GetLeaseSetSubmissionTime () const { return m_LeaseSetSubmissionTime; }	
 			
+			std::shared_ptr<GarlicRoutingPath> GetSharedRoutingPath ();
+			void SetSharedRoutingPath (std::shared_ptr<GarlicRoutingPath> path);
+
+			const GarlicDestination * GetOwner () const { return m_Owner; }
+			void SetOwner (GarlicDestination * owner) { m_Owner = owner; }
+
 		private:
 
-			size_t CreateAESBlock (uint8_t * buf, const I2NPMessage * msg);
-			size_t CreateGarlicPayload (uint8_t * payload, const I2NPMessage * msg, UnconfirmedTags * newTags);
-			size_t CreateGarlicClove (uint8_t * buf, const I2NPMessage * msg, bool isDestination);
+			size_t CreateAESBlock (uint8_t * buf, std::shared_ptr<const I2NPMessage> msg);
+			size_t CreateGarlicPayload (uint8_t * payload, std::shared_ptr<const I2NPMessage> msg, UnconfirmedTags * newTags);
+			size_t CreateGarlicClove (uint8_t * buf, std::shared_ptr<const I2NPMessage> msg, bool isDestination);
 			size_t CreateDeliveryStatusClove (uint8_t * buf, uint32_t msgID);
-			
+
+			void TagsConfirmed (uint32_t msgID);
 			UnconfirmedTags * GenerateSessionTags ();
 
 		private:
 
 			GarlicDestination * m_Owner;
-			const i2p::data::RoutingDestination * m_Destination;
+			std::shared_ptr<const i2p::data::RoutingDestination> m_Destination;
+			
 			i2p::crypto::AESKey m_SessionKey;
 			std::list<SessionTag> m_SessionTags;
 			int m_NumTags;
-			std::map<uint32_t, UnconfirmedTags *> m_UnconfirmedTagsMsgs;	
-			bool m_LeaseSetUpdated;
-
+			std::map<uint32_t, std::unique_ptr<UnconfirmedTags> > m_UnconfirmedTagsMsgs; // msgID->tags	
+			
+			LeaseSetUpdateStatus m_LeaseSetUpdateStatus;
+			uint32_t m_LeaseSetUpdateMsgID;
+			uint64_t m_LeaseSetSubmissionTime; // in milliseconds
+			
 			i2p::crypto::CBCEncryption m_Encryption;
-			CryptoPP::AutoSeededRandomPool m_Rnd;
+
+			std::shared_ptr<GarlicRoutingPath> m_SharedRoutingPath;
+			
+		public:
+			// for HTTP only
+			size_t GetNumOutgoingTags () const { return m_SessionTags.size (); };
 	};	
+	//using GarlicRoutingSessionPtr = std::shared_ptr<GarlicRoutingSession>;
+	typedef std::shared_ptr<GarlicRoutingSession> GarlicRoutingSessionPtr; // TODO: replace to using after switch to 4.8	
 
 	class GarlicDestination: public i2p::data::LocalDestination
 	{
 		public:
 
-			GarlicDestination (): m_LastTagsCleanupTime (0) {};
+			GarlicDestination (): m_NumTags (32) {}; // 32 tags by default
 			~GarlicDestination ();
 
-			GarlicRoutingSession * GetRoutingSession (const i2p::data::RoutingDestination& destination, int numTags);	
-			I2NPMessage * WrapMessage (const i2p::data::RoutingDestination& destination, 
-			    I2NPMessage * msg, bool attachLeaseSet = false);
+			void CleanUp ();
+			void SetNumTags (int numTags) { m_NumTags = numTags; };		
+			std::shared_ptr<GarlicRoutingSession> GetRoutingSession (std::shared_ptr<const i2p::data::RoutingDestination> destination, bool attachLeaseSet);	
+			void CleanupExpiredTags ();
+			void RemoveDeliveryStatusSession (uint32_t msgID);
+			std::shared_ptr<I2NPMessage> WrapMessage (std::shared_ptr<const i2p::data::RoutingDestination> destination, 
+			    std::shared_ptr<I2NPMessage> msg, bool attachLeaseSet = false);
 
 			void AddSessionKey (const uint8_t * key, const uint8_t * tag); // one tag
-			void DeliveryStatusSent (GarlicRoutingSession * session, uint32_t msgID);
+			virtual bool SubmitSessionKey (const uint8_t * key, const uint8_t * tag); // from different thread
+			void DeliveryStatusSent (GarlicRoutingSessionPtr session, uint32_t msgID);
 			
-			virtual void ProcessGarlicMessage (I2NPMessage * msg);
-			virtual void ProcessDeliveryStatusMessage (I2NPMessage * msg);			
+			virtual void ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg);
+			virtual void ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);			
 			virtual void SetLeaseSetUpdated ();
 			
-			virtual const i2p::data::LeaseSet * GetLeaseSet () = 0; // TODO
-			virtual void HandleI2NPMessage (const uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from) = 0;
+			virtual std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSet () = 0; // TODO
+			virtual std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () const = 0;
+			virtual void HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from) = 0;
 			
 		protected:
 
-			void HandleGarlicMessage (I2NPMessage * msg);
-			void HandleDeliveryStatusMessage (I2NPMessage * msg);			
+			void HandleGarlicMessage (std::shared_ptr<I2NPMessage> msg);
+			void HandleDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);			
 	
 		private:
 
 			void HandleAESBlock (uint8_t * buf, size_t len, std::shared_ptr<i2p::crypto::CBCDecryption> decryption, 
-				i2p::tunnel::InboundTunnel * from);
-			void HandleGarlicPayload (uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from);
+				std::shared_ptr<i2p::tunnel::InboundTunnel> from);
+			void HandleGarlicPayload (uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
 
 		private:
 			
 			// outgoing sessions
+			int m_NumTags;
 			std::mutex m_SessionsMutex;
-			std::map<i2p::data::IdentHash, GarlicRoutingSession *> m_Sessions;
+			std::map<i2p::data::IdentHash, GarlicRoutingSessionPtr> m_Sessions;
 			// incoming
 			std::map<SessionTag, std::shared_ptr<i2p::crypto::CBCDecryption>> m_Tags;
-			uint32_t m_LastTagsCleanupTime;
 			// DeliveryStatus
-			std::map<uint32_t, GarlicRoutingSession *> m_CreatedSessions; // msgID -> session
+			std::mutex m_DeliveryStatusSessionsMutex;
+			std::map<uint32_t, GarlicRoutingSessionPtr> m_DeliveryStatusSessions; // msgID -> session
+			
+		public:
+
+			// for HTTP only
+			size_t GetNumIncomingTags () const { return m_Tags.size (); }	
+			const decltype(m_Sessions)& GetSessions () const { return m_Sessions; };
 	};	
 }	
 }

Gzip.cpp

@@ -0,0 +1,115 @@
+/*
+* Copyright (c) 2013-2017, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <inttypes.h>
+#include <string.h> /* memset */
+#include <iostream>
+#include "Log.h"
+#include "Gzip.h"
+
+namespace i2p 
+{
+namespace data 
+{
+	const size_t GZIP_CHUNK_SIZE = 16384;
+
+	GzipInflator::GzipInflator (): m_IsDirty (false)
+	{
+		memset (&m_Inflator, 0, sizeof (m_Inflator));
+		inflateInit2 (&m_Inflator, MAX_WBITS + 16); // gzip
+	}
+
+	GzipInflator::~GzipInflator ()
+	{
+		inflateEnd (&m_Inflator);
+	}
+
+	size_t GzipInflator::Inflate (const uint8_t * in, size_t inLen, uint8_t * out, size_t outLen)
+	{
+		if (m_IsDirty) inflateReset (&m_Inflator);
+		m_IsDirty = true;
+		m_Inflator.next_in = const_cast<uint8_t *>(in);
+		m_Inflator.avail_in = inLen;
+		m_Inflator.next_out = out;
+		m_Inflator.avail_out = outLen;
+		int err;
+		if ((err = inflate (&m_Inflator, Z_NO_FLUSH)) == Z_STREAM_END) 
+			return outLen - m_Inflator.avail_out;
+		// else
+		LogPrint (eLogError, "Gzip: Inflate error ", err);
+		return 0;
+	}
+
+	void GzipInflator::Inflate (const uint8_t * in, size_t inLen, std::ostream& os)
+	{
+		m_IsDirty = true;
+		uint8_t * out = new uint8_t[GZIP_CHUNK_SIZE];
+		m_Inflator.next_in = const_cast<uint8_t *>(in);
+		m_Inflator.avail_in = inLen;
+		int ret;
+		do 
+		{
+			m_Inflator.next_out = out;
+			m_Inflator.avail_out = GZIP_CHUNK_SIZE;
+			ret = inflate (&m_Inflator, Z_NO_FLUSH);
+			if (ret < 0) 
+			{
+				inflateEnd (&m_Inflator);
+				os.setstate(std::ios_base::failbit);
+				break;
+			}
+			os.write ((char *)out, GZIP_CHUNK_SIZE - m_Inflator.avail_out);
+		} 
+		while (!m_Inflator.avail_out); // more data to read
+		delete[] out;
+	}
+
+	void GzipInflator::Inflate (std::istream& in, std::ostream& out)
+	{
+		uint8_t * buf = new uint8_t[GZIP_CHUNK_SIZE];
+		while (!in.eof ())
+		{
+			in.read ((char *) buf, GZIP_CHUNK_SIZE);
+			Inflate (buf, in.gcount (), out);
+		}
+		delete[] buf;
+	}
+
+	GzipDeflator::GzipDeflator (): m_IsDirty (false)
+	{
+		memset (&m_Deflator, 0, sizeof (m_Deflator));
+		deflateInit2 (&m_Deflator, Z_DEFAULT_COMPRESSION, Z_DEFLATED, 15 + 16, 8, Z_DEFAULT_STRATEGY); // 15 + 16 sets gzip
+	}
+
+	GzipDeflator::~GzipDeflator ()
+	{
+		deflateEnd (&m_Deflator);
+	}
+
+	void GzipDeflator::SetCompressionLevel (int level)
+	{
+		deflateParams (&m_Deflator, level, Z_DEFAULT_STRATEGY);
+	}
+
+	size_t GzipDeflator::Deflate (const uint8_t * in, size_t inLen, uint8_t * out, size_t outLen)
+	{
+		if (m_IsDirty) deflateReset (&m_Deflator);
+		m_IsDirty = true;
+		m_Deflator.next_in = const_cast<uint8_t *>(in);
+		m_Deflator.avail_in = inLen;
+		m_Deflator.next_out = out;
+		m_Deflator.avail_out = outLen;
+		int err;
+		if ((err = deflate (&m_Deflator, Z_FINISH)) == Z_STREAM_END) 
+			return outLen - m_Deflator.avail_out;
+		// else
+		LogPrint (eLogError, "Gzip: Deflate error ", err);
+		return 0;
+	}
+} // data
+} // i2p

Gzip.h

@@ -0,0 +1,44 @@
+#ifndef GZIP_H__
+#define GZIP_H__
+
+#include <zlib.h>
+
+namespace i2p {
+namespace data {
+	class GzipInflator
+	{
+		public:
+
+			GzipInflator ();
+			~GzipInflator ();
+
+			size_t Inflate (const uint8_t * in, size_t inLen, uint8_t * out, size_t outLen);
+			/** @note @a os failbit will be set in case of error */
+			void Inflate (const uint8_t * in, size_t inLen, std::ostream& os);
+			void Inflate (std::istream& in, std::ostream& out);
+
+		private:
+
+			z_stream m_Inflator;
+			bool m_IsDirty;
+	};
+
+	class GzipDeflator
+	{
+		public:
+
+			GzipDeflator ();
+			~GzipDeflator ();
+
+			void SetCompressionLevel (int level);
+			size_t Deflate (const uint8_t * in, size_t inLen, uint8_t * out, size_t outLen);
+
+		private:
+
+			z_stream m_Deflator;
+			bool m_IsDirty;
+	};
+} // data
+} // i2p
+
+#endif /* GZIP_H__ */

HTTP.cpp

@@ -0,0 +1,482 @@
+/*
+* Copyright (c) 2013-2017, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <algorithm>
+#include <utility>
+#include "util.h"
+#include "HTTP.h"
+#include <ctime>
+
+namespace i2p {
+namespace http {
+  const std::vector<std::string> HTTP_METHODS = {
+    "GET", "HEAD", "POST", "PUT", "PATCH",
+    "DELETE", "OPTIONS", "CONNECT"
+  };
+  const std::vector<std::string> HTTP_VERSIONS = {
+    "HTTP/1.0", "HTTP/1.1"
+  };
+
+  inline bool is_http_version(const std::string & str) {
+    return std::find(HTTP_VERSIONS.begin(), HTTP_VERSIONS.end(), str) != std::end(HTTP_VERSIONS);
+  }
+
+  inline bool is_http_method(const std::string & str) {
+    return std::find(HTTP_METHODS.begin(), HTTP_METHODS.end(), str) != std::end(HTTP_METHODS);
+  }
+  
+  void strsplit(const std::string & line, std::vector<std::string> &tokens, char delim, std::size_t limit = 0) {
+    std::size_t count = 0;
+    std::stringstream ss(line);
+    std::string token;
+    while (1) {
+      count++;
+      if (limit > 0 && count >= limit)
+        delim = '\n'; /* reset delimiter */
+      if (!std::getline(ss, token, delim))
+        break;
+      tokens.push_back(token);
+    }
+  }
+
+  static std::pair<std::string, std::string> parse_header_line(const std::string& line) 
+  {
+    std::size_t pos = 0;
+    std::size_t len = 2; /* strlen(": ") */
+    std::size_t max = line.length();
+    if ((pos = line.find(": ", pos)) == std::string::npos)
+      return std::make_pair("", "");
+    while ((pos + len) < max && isspace(line.at(pos + len)))
+      len++;
+    return std::make_pair(line.substr(0, pos), line.substr(pos + len));
+  }
+
+  void gen_rfc1123_date(std::string & out) {
+    std::time_t now = std::time(nullptr);
+    char buf[128];
+    std::strftime(buf, sizeof(buf), "%a, %d %b %Y %H:%M:%S GMT", std::gmtime(&now));
+    out = buf;
+  }
+
+  bool URL::parse(const char *str, std::size_t len) {
+    std::string url(str, len ? len : strlen(str));
+    return parse(url);
+  }
+
+  bool URL::parse(const std::string& url) {
+    std::size_t pos_p = 0; /* < current parse position */
+    std::size_t pos_c = 0; /* < work position */
+    if(url.at(0) != '/' || pos_p > 0) {
+      std::size_t pos_s = 0;
+      /* schema */
+      pos_c = url.find("://");
+      if (pos_c != std::string::npos) {
+        schema = url.substr(0, pos_c);
+        pos_p = pos_c + 3;
+      }
+      /* user[:pass] */
+      pos_s = url.find('/', pos_p); /* find first slash */
+      pos_c = url.find('@', pos_p); /* find end of 'user' or 'user:pass' part */
+      if (pos_c != std::string::npos && (pos_s == std::string::npos || pos_s > pos_c)) {
+        std::size_t delim = url.find(':', pos_p);
+        if (delim != std::string::npos && delim < pos_c) {
+          user = url.substr(pos_p, delim - pos_p);
+          delim += 1;
+          pass = url.substr(delim, pos_c - delim);
+        } else {
+          user = url.substr(pos_p, pos_c - pos_p);
+        }
+        pos_p = pos_c + 1;
+      }
+      /* hostname[:port][/path] */
+      pos_c = url.find_first_of(":/", pos_p);
+      if (pos_c == std::string::npos) {
+        /* only hostname, without post and path */
+        host = url.substr(pos_p, std::string::npos);
+        return true;
+      } else if (url.at(pos_c) == ':') {
+        host = url.substr(pos_p, pos_c - pos_p);
+        /* port[/path] */
+        pos_p = pos_c + 1;
+        pos_c = url.find('/', pos_p);
+        std::string port_str = (pos_c == std::string::npos)
+          ? url.substr(pos_p, std::string::npos)
+          : url.substr(pos_p, pos_c - pos_p);
+        /* stoi throws exception on failure, we don't need it */
+        for (char c : port_str) {
+          if (c < '0' || c > '9')
+            return false;
+          port *= 10;
+          port += c - '0';
+        }
+        if (pos_c == std::string::npos)
+          return true; /* no path part */
+        pos_p = pos_c;
+      } else {
+        /* start of path part found */
+        host = url.substr(pos_p, pos_c - pos_p);
+        pos_p = pos_c;
+      }
+    }
+
+    /* pos_p now at start of path part */
+    pos_c = url.find_first_of("?#", pos_p);
+    if (pos_c == std::string::npos) {
+      /* only path, without fragment and query */
+      path = url.substr(pos_p, std::string::npos);
+      return true;
+    } else if (url.at(pos_c) == '?') {
+      /* found query part */
+      path = url.substr(pos_p, pos_c - pos_p);
+      pos_p = pos_c + 1;
+      pos_c = url.find('#', pos_p);
+      if (pos_c == std::string::npos) {
+        /* no fragment */
+        query = url.substr(pos_p, std::string::npos);
+        return true;
+      } else {
+        query = url.substr(pos_p, pos_c - pos_p);
+        pos_p = pos_c + 1;
+      }
+    } else {
+      /* found fragment part */
+      path = url.substr(pos_p, pos_c - pos_p);
+      pos_p = pos_c + 1;
+    }
+
+    /* pos_p now at start of fragment part */
+    frag = url.substr(pos_p, std::string::npos);
+    return true;
+  }
+
+  bool URL::parse_query(std::map<std::string, std::string> & params) {
+    std::vector<std::string> tokens;
+    strsplit(query, tokens, '&');
+
+    params.clear();
+    for (const auto& it : tokens) {
+      std::size_t eq = it.find ('=');
+      if (eq != std::string::npos) {
+        auto e = std::pair<std::string, std::string>(it.substr(0, eq), it.substr(eq + 1));
+        params.insert(e);
+      } else {
+        auto e = std::pair<std::string, std::string>(it, "");
+        params.insert(e);
+      }
+    }
+    return true;
+  }
+
+  std::string URL::to_string() {
+    std::string out = "";
+    if (schema != "") {
+      out = schema + "://";
+      if (user != "" && pass != "") {
+        out += user + ":" + pass + "@";
+      } else if (user != "") {
+        out += user + "@";
+      }
+      if (port) {
+        out += host + ":" + std::to_string(port);
+      } else {
+        out += host;
+      }
+    }
+    out += path;
+    if (query != "")
+      out += "?" + query;
+    if (frag != "")
+      out += "#" + frag;
+    return out;
+  }
+
+  void HTTPMsg::add_header(const char *name, std::string & value, bool replace) {
+    add_header(name, value.c_str(), replace);
+  }
+
+  void HTTPMsg::add_header(const char *name, const char *value, bool replace) {
+    std::size_t count = headers.count(name);
+    if (count && !replace)
+      return;
+    if (count) {
+      headers[name] = value;
+      return;
+    }
+    headers.insert(std::pair<std::string, std::string>(name, value));
+  }
+
+  void HTTPMsg::del_header(const char *name) {
+    headers.erase(name);
+  }
+
+  int HTTPReq::parse(const char *buf, size_t len) {
+    std::string str(buf, len);
+    return parse(str);
+  }
+
+  int HTTPReq::parse(const std::string& str) {
+    enum { REQ_LINE, HEADER_LINE } expect = REQ_LINE;
+    std::size_t eoh = str.find(HTTP_EOH); /* request head size */
+    std::size_t eol = 0, pos = 0;
+    URL url;
+
+    if (eoh == std::string::npos)
+      return 0; /* str not contains complete request */
+
+    while ((eol = str.find(CRLF, pos)) != std::string::npos) {
+      if (expect == REQ_LINE) {
+        std::string line = str.substr(pos, eol - pos);
+        std::vector<std::string> tokens;
+        strsplit(line, tokens, ' ');
+        if (tokens.size() != 3)
+          return -1;
+        if (!is_http_method(tokens[0]))
+          return -1;
+        if (!is_http_version(tokens[2]))
+          return -1;
+        if (!url.parse(tokens[1]))
+          return -1;
+        /* all ok */
+        method  = tokens[0];
+        uri     = tokens[1];
+        version = tokens[2];
+        expect = HEADER_LINE;
+      } 
+	  else 
+	  {
+        std::string line = str.substr(pos, eol - pos);
+        auto p = parse_header_line(line);
+		if (p.first.length () > 0)
+			headers.push_back (p);
+		else  
+            return -1;
+      }
+      pos = eol + strlen(CRLF);
+      if (pos >= eoh)
+        break;
+    }
+    return eoh + strlen(HTTP_EOH);
+  }
+
+  void HTTPReq::write(std::ostream & o) 
+  {
+	  o << method << " " << uri << " " << version << CRLF;
+	  for (auto & h : headers) 
+  		o << h.first << ": " << h.second << CRLF;
+	  o << CRLF;
+  }
+
+	std::string HTTPReq::to_string()
+	{
+		std::stringstream ss;
+		write(ss);
+		return ss.str();
+	}
+
+	void HTTPReq::AddHeader (const std::string& name, const std::string& value)
+	{	
+		headers.push_back (std::make_pair(name, value));
+	}
+
+	void HTTPReq::UpdateHeader (const std::string& name, const std::string& value)
+	{
+		 for (auto& it : headers)
+			if (it.first == name)
+			{
+				it.second = value;
+				break;
+			}	
+	}	
+	
+	void HTTPReq::RemoveHeader (const std::string& name)
+	{
+		for (auto it = headers.begin (); it != headers.end ();)
+		{
+			if (!it->first.compare(0, name.length (), name))	
+				it = headers.erase (it);
+			else
+				it++;
+		}	
+	}	
+
+	std::string HTTPReq::GetHeader (const std::string& name) const 
+	{
+		 for (auto& it : headers)
+			if (it.first == name)
+				return it.second;	
+		return "";
+	}	
+	
+  bool HTTPRes::is_chunked() const
+ {
+    auto it = headers.find("Transfer-Encoding");
+    if (it == headers.end())
+      return false;
+    if (it->second.find("chunked") == std::string::npos)
+      return true;
+    return false;
+  }
+
+  bool HTTPRes::is_gzipped(bool includingI2PGzip) const
+  {
+    auto it = headers.find("Content-Encoding");
+    if (it == headers.end())
+      return false; /* no header */
+    if (it->second.find("gzip") != std::string::npos)
+      return true; /* gotcha! */
+	if (includingI2PGzip &&  it->second.find("x-i2p-gzip") != std::string::npos)
+	  return true;	  
+    return false;
+  }
+	
+  long int HTTPMsg::content_length() const
+  {
+    unsigned long int length = 0;
+    auto it = headers.find("Content-Length");
+    if (it == headers.end())
+      return -1;
+    errno = 0;
+    length = std::strtoul(it->second.c_str(), (char **) NULL, 10);
+    if (errno != 0)
+      return -1;
+    return length;
+  }
+
+  int HTTPRes::parse(const char *buf, size_t len) {
+    std::string str(buf, len);
+    return parse(str);
+  }
+
+  int HTTPRes::parse(const std::string& str) {
+    enum { RES_LINE, HEADER_LINE } expect = RES_LINE;
+    std::size_t eoh = str.find(HTTP_EOH); /* request head size */
+    std::size_t eol = 0, pos = 0;
+
+    if (eoh == std::string::npos)
+      return 0; /* str not contains complete request */
+
+    while ((eol = str.find(CRLF, pos)) != std::string::npos) {
+      if (expect == RES_LINE) {
+        std::string line = str.substr(pos, eol - pos);
+        std::vector<std::string> tokens;
+        strsplit(line, tokens, ' ', 3);
+        if (tokens.size() != 3)
+          return -1;
+        if (!is_http_version(tokens[0]))
+          return -1;
+        code = atoi(tokens[1].c_str());
+        if (code < 100 || code >= 600)
+          return -1;
+        /* all ok */
+        version = tokens[0];
+        status  = tokens[2];
+        expect = HEADER_LINE;
+      } else {
+        std::string line = str.substr(pos, eol - pos);
+        auto p = parse_header_line(line);
+		if (p.first.length () > 0)
+			headers.insert (p);  
+		else	  
+          return -1;
+      }
+      pos = eol + strlen(CRLF);
+      if (pos >= eoh)
+        break;
+    }
+
+    return eoh + strlen(HTTP_EOH);
+  }
+
+  std::string HTTPRes::to_string() {
+    if (version == "HTTP/1.1" && headers.count("Date") == 0) {
+      std::string date;
+      gen_rfc1123_date(date);
+      add_header("Date", date.c_str());
+    }
+    if (status == "OK" && code != 200)
+      status = HTTPCodeToStatus(code); // update
+    if (body.length() > 0 && headers.count("Content-Length") == 0)
+        add_header("Content-Length", std::to_string(body.length()).c_str());
+    /* build response */
+    std::stringstream ss;
+    ss << version << " " << code << " " << status << CRLF;
+    for (auto & h : headers) {
+      ss << h.first << ": " << h.second << CRLF;
+    }
+    ss << CRLF;
+    if (body.length() > 0)
+      ss << body;
+    return ss.str();
+  }
+
+  const char * HTTPCodeToStatus(int code) {
+    const char *ptr;
+    switch (code) {
+      case 105: ptr = "Name Not Resolved"; break;
+      /* success */
+      case 200: ptr = "OK"; break;
+      case 206: ptr = "Partial Content"; break;
+      /* redirect */
+      case 301: ptr = "Moved Permanently"; break;
+      case 302: ptr = "Found"; break;
+      case 304: ptr = "Not Modified"; break;
+      case 307: ptr = "Temporary Redirect"; break;
+      /* client error */
+      case 400: ptr = "Bad Request";  break;
+      case 401: ptr = "Unauthorized"; break;
+      case 403: ptr = "Forbidden"; break;
+      case 404: ptr = "Not Found"; break;
+      case 407: ptr = "Proxy Authentication Required"; break;
+      case 408: ptr = "Request Timeout"; break;
+      /* server error */
+      case 500: ptr = "Internal Server Error"; break;
+      case 502: ptr = "Bad Gateway"; break;
+      case 503: ptr = "Not Implemented"; break;
+      case 504: ptr = "Gateway Timeout"; break;
+      default:  ptr = "Unknown Status";  break;
+    }
+    return ptr;
+  }
+
+  std::string UrlDecode(const std::string& data, bool allow_null) {
+		std::string decoded(data);
+    size_t pos = 0;
+    while ((pos = decoded.find('%', pos)) != std::string::npos) {
+      char c = strtol(decoded.substr(pos + 1, 2).c_str(), NULL, 16);
+      if (c == '\0' && !allow_null) {
+        pos += 3;
+        continue;
+      }
+      decoded.replace(pos, 3, 1, c);
+      pos++;
+    }
+    return decoded;
+  }
+
+  bool MergeChunkedResponse (std::istream& in, std::ostream& out) {
+    std::string hexLen;
+    while (!in.eof ()) {
+      std::getline (in, hexLen);
+      errno = 0;
+      long int len = strtoul(hexLen.c_str(), (char **) NULL, 16);
+      if (errno != 0)
+        return false; /* conversion error */
+      if (len == 0)
+        return true; /* end of stream */
+      if (len < 0 || len > 10 * 1024 * 1024) /* < 10Mb */
+        return false; /* too large chunk */
+      char * buf = new char[len];
+      in.read (buf, len);
+      out.write (buf, len);
+      delete[] buf;
+      std::getline (in, hexLen); // read \r\n after chunk
+    }
+    return true;
+  }
+} // http
+} // i2p

HTTP.h

@@ -0,0 +1,163 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#ifndef HTTP_H__
+#define HTTP_H__
+
+#include <cstring>
+#include <map>
+#include <list>
+#include <sstream>
+#include <string>
+#include <vector>
+
+namespace i2p {
+namespace http {
+  const char CRLF[] = "\r\n";         /**< HTTP line terminator */
+  const char HTTP_EOH[] = "\r\n\r\n"; /**< HTTP end-of-headers mark */
+  extern const std::vector<std::string> HTTP_METHODS;  /**< list of valid HTTP methods */
+  extern const std::vector<std::string> HTTP_VERSIONS; /**< list of valid HTTP versions */
+
+  struct URL {
+    std::string schema;
+    std::string user;
+    std::string pass;
+    std::string host;
+    unsigned short int port;
+    std::string path;
+    std::string query;
+    std::string frag;
+
+    URL(): schema(""), user(""), pass(""), host(""), port(0), path(""), query(""), frag("") {};
+
+    /**
+     * @brief Tries to parse url from string
+     * @return true on success, false on invalid url
+     */
+    bool parse (const char *str, std::size_t len = 0);
+    bool parse (const std::string& url);
+
+    /**
+     * @brief Parse query part of url to key/value map
+     * @note Honestly, this should be implemented with std::multimap
+     */
+    bool parse_query(std::map<std::string, std::string> & params);
+
+    /**
+     * @brief Serialize URL structure to url
+     * @note Returns relative url if schema if empty, absolute url otherwise
+     */
+    std::string to_string ();
+  };
+
+  struct HTTPMsg 
+  {
+    std::map<std::string, std::string> headers;
+
+    void add_header(const char *name, std::string & value, bool replace = false);
+    void add_header(const char *name, const char *value, bool replace = false);
+    void del_header(const char *name);
+
+    /** @brief Returns declared message length or -1 if unknown */
+    long int content_length() const;
+  };
+
+  struct HTTPReq 
+  {
+	std::list<std::pair<std::string, std::string> > headers;  
+    std::string version;
+    std::string method;
+    std::string uri;
+
+    HTTPReq (): version("HTTP/1.0"), method("GET"), uri("/") {};
+
+    /**
+     * @brief Tries to parse HTTP request from string
+     * @return -1 on error, 0 on incomplete query, >0 on success
+     * @note Positive return value is a size of header
+     */
+    int parse(const char *buf, size_t len);
+    int parse(const std::string& buf);
+
+    /** @brief Serialize HTTP request to string */
+    std::string to_string();
+	void write(std::ostream & o);
+
+	void AddHeader (const std::string& name, const std::string& value);
+	void UpdateHeader (const std::string& name, const std::string& value);  
+	void RemoveHeader (const std::string& name);
+	std::string GetHeader (const std::string& name) const;  
+  };
+
+  struct HTTPRes : HTTPMsg {
+    std::string version;
+    std::string status;
+    unsigned short int code;
+    /**
+     * @brief Simplifies response generation
+     *
+     * If this variable is set, on @a to_string() call:
+     *   * Content-Length header will be added if missing,
+     *   * contents of @a body will be included in generated response
+     */
+    std::string body;
+
+    HTTPRes (): version("HTTP/1.1"), status("OK"), code(200) {}
+
+    /**
+     * @brief Tries to parse HTTP response from string
+     * @return -1 on error, 0 on incomplete query, >0 on success
+     * @note Positive return value is a size of header
+     */
+    int parse(const char *buf, size_t len);
+    int parse(const std::string& buf);
+
+    /**
+     * @brief Serialize HTTP response to string
+     * @note If @a version is set to HTTP/1.1, and Date header is missing,
+     *   it will be generated based on current time and added to headers
+     * @note If @a body is set and Content-Length header is missing,
+     *   this header will be added, based on body's length
+     */
+    std::string to_string();
+
+		void write(std::ostream & o);
+		
+    /** @brief Checks that response declared as chunked data */
+    bool is_chunked() const ;
+
+    /** @brief Checks that response contains compressed data */
+    bool is_gzipped(bool includingI2PGzip = true) const;
+  };
+
+  /**
+   * @brief returns HTTP status string by integer code
+   * @param code HTTP code [100, 599]
+   * @return Immutable string with status
+   */
+  const char * HTTPCodeToStatus(int code);
+
+  /**
+   * @brief Replaces %-encoded characters in string with their values
+   * @param data Source string
+   * @param null If set to true - decode also %00 sequence, otherwise - skip
+   * @return Decoded string
+   */
+  std::string UrlDecode(const std::string& data, bool null = false);
+
+  /**
+   * @brief Merge HTTP response content with Transfer-Encoding: chunked
+   * @param in  Input stream
+   * @param out Output stream
+   * @return true on success, false otherwise
+   */
+  bool MergeChunkedResponse (std::istream& in, std::ostream& out);
+} // http
+} // i2p
+
+#endif /* HTTP_H__ */

HTTPProxy.cpp

@@ -1,87 +1,517 @@
-#include <boost/lexical_cast.hpp>
-#include <boost/regex.hpp>
+#include <cstring>
+#include <cassert>
+#include <string>
+#include <atomic>
+#include <memory>
+#include <set>
+#include <boost/asio.hpp>
+#include <mutex>
 
-#include "ClientContext.h"
+#include "I2PService.h"
+#include "Destination.h"
 #include "HTTPProxy.h"
+#include "util.h"
+#include "Identity.h"
+#include "Streaming.h"
+#include "Destination.h"
+#include "ClientContext.h"
+#include "I2PEndian.h"
+#include "I2PTunnel.h"
+#include "Config.h"
+#include "HTTP.h"
 
-namespace i2p
-{
-namespace proxy
-{
-	void HTTPProxyConnection::parseHeaders(const std::string& h, std::vector<header>& hm) {
-		std::string str (h);
-		std::string::size_type idx;
-		std::string t;
-		int i = 0;
-		while( (idx=str.find ("\r\n")) != std::string::npos) {
-			t=str.substr (0,idx);
-			str.erase (0,idx+2);
-			if (t == "")
-				break;
-			idx=t.find(": ");
-			if (idx == std::string::npos)
-			{
-				std::cout << "Bad header line: " << t << std::endl;
-				break;
-			}
-			LogPrint ("Name: ", t.substr (0,idx), " Value: ", t.substr (idx+2));
-			hm[i].name = t.substr (0,idx);
-			hm[i].value = t.substr (idx+2);
-			i++;
-		}
+namespace i2p {
+namespace proxy {
+	std::map<std::string, std::string> jumpservices = {
+		{ "inr.i2p",    "http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/search/?q=" },
+		{ "stats.i2p",  "http://7tbay5p4kzeekxvyvbf6v7eauazemsnnl2aoyqhg5jzpr5eke7tq.b32.i2p/cgi-bin/jump.cgi?a=" },
+	};
+
+	static const char *pageHead =
+		"<head>\r\n"
+		"  <title>I2Pd HTTP proxy</title>\r\n"
+		"  <style type=\"text/css\">\r\n"
+		"    body { font: 100%/1.5em sans-serif; margin: 0; padding: 1.5em; background: #FAFAFA; color: #103456; }\r\n"
+		"    .header { font-size: 2.5em; text-align: center; margin: 1.5em 0; color: #894C84; }\r\n"
+		"  </style>\r\n"
+		"</head>\r\n"
+	;
+
+	bool str_rmatch(std::string & str, const char *suffix) {
+		auto pos = str.rfind (suffix);
+		if (pos == std::string::npos)
+			return false; /* not found */
+		if (str.length() == (pos + std::strlen(suffix)))
+			return true; /* match */
+		return false;
 	}
 
-	void HTTPProxyConnection::ExtractRequest(request& r)
+	class HTTPReqHandler: public i2p::client::I2PServiceHandler, public std::enable_shared_from_this<HTTPReqHandler>
 	{
-		std::string requestString = m_Buffer;
-		int idx=requestString.find(" ");
-		std::string method = requestString.substr(0,idx);
-		requestString = requestString.substr(idx+1);
-		idx=requestString.find(" ");
-		std::string requestUrl = requestString.substr(0,idx);
-		LogPrint("method is: ", method, "\nRequest is: ", requestUrl);
-		std::string server="";
-		std::string port="80";
-		boost::regex rHTTP("http://(.*?)(:(\\d+))?(/.*)");
-		boost::smatch m;
-		std::string path;
-		if(boost::regex_search(requestUrl, m, rHTTP, boost::match_extra)) {
-			server=m[1].str();
-			if(m[2].str() != "") {
-				port=m[3].str();
-			}
-			path=m[4].str();
+		private:
+
+			bool HandleRequest();
+			void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered);
+			void Terminate();
+			void AsyncSockRead();
+			bool ExtractAddressHelper(i2p::http::URL & url, std::string & b64);
+			void SanitizeHTTPRequest(i2p::http::HTTPReq & req);
+			void SentHTTPFailed(const boost::system::error_code & ecode);
+			void HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream);
+			/* error helpers */
+			void GenericProxyError(const char *title, const char *description);
+			void GenericProxyInfo(const char *title, const char *description);
+			void HostNotFound(std::string & host);
+			void SendProxyError(std::string & content);
+
+		void ForwardToUpstreamProxy();
+		void HandleUpstreamHTTPProxyConnect(const boost::system::error_code & ec);
+		void HandleUpstreamSocksProxyConnect(const boost::system::error_code & ec);
+		
+		void HandleSocksProxySendHandshake(const boost::system::error_code & ec, std::size_t bytes_transfered);
+		void HandleSocksProxyReply(const boost::system::error_code & ec, std::size_t bytes_transfered);
+		
+		typedef std::function<void(boost::asio::ip::tcp::endpoint)> ProxyResolvedHandler;
+		
+		void HandleUpstreamProxyResolved(const boost::system::error_code & ecode, boost::asio::ip::tcp::resolver::iterator itr, ProxyResolvedHandler handler);
+
+		void SocksProxySuccess();
+		void HandoverToUpstreamProxy();
+		
+			uint8_t m_recv_chunk[8192];
+			std::string m_recv_buf; // from client
+			std::string m_send_buf; // to upstream
+			std::shared_ptr<boost::asio::ip::tcp::socket> m_sock;
+		std::shared_ptr<boost::asio::ip::tcp::socket> m_proxysock;
+		boost::asio::ip::tcp::resolver m_proxy_resolver;
+		i2p::http::URL m_ProxyURL;
+		i2p::http::URL m_RequestURL;
+		uint8_t m_socks_buf[255+8]; // for socks request/response
+		ssize_t m_req_len;
+		i2p::http::URL m_ClientRequestURL;
+		i2p::http::HTTPReq m_ClientRequest;
+		i2p::http::HTTPRes m_ClientResponse;
+		std::stringstream m_ClientRequestBuffer;
+		public:
+
+			HTTPReqHandler(HTTPProxy * parent, std::shared_ptr<boost::asio::ip::tcp::socket> sock) :
+				I2PServiceHandler(parent), m_sock(sock),
+				m_proxysock(std::make_shared<boost::asio::ip::tcp::socket>(parent->GetService())),
+				m_proxy_resolver(parent->GetService()) {}
+			~HTTPReqHandler() { Terminate(); }
+			void Handle () { AsyncSockRead(); } /* overload */
+	};
+
+	void HTTPReqHandler::AsyncSockRead()
+	{
+		LogPrint(eLogDebug, "HTTPProxy: async sock read");
+		if (!m_sock) {
+			LogPrint(eLogError, "HTTPProxy: no socket for read");
+			return;
 		}
-		LogPrint("server is: ",server, " port is: ", port, "\n path is: ",path);
-		r.uri = path;
-		r.method = method;
-		r.host = server;
-		r.port = boost::lexical_cast<int>(port);
+		m_sock->async_read_some(boost::asio::buffer(m_recv_chunk, sizeof(m_recv_chunk)),
+					std::bind(&HTTPReqHandler::HandleSockRecv, shared_from_this(),
+							std::placeholders::_1, std::placeholders::_2));
 	}
 
-
-	void HTTPProxyConnection::RunRequest()
-	{
-		request r;
-		ExtractRequest(r);
-		parseHeaders(m_Buffer, r.headers);
-		size_t addressHelperPos = r.uri.find ("i2paddresshelper");
-		if (addressHelperPos != std::string::npos)
+	void HTTPReqHandler::Terminate() {
+		if (Kill()) return;
+		if (m_sock) 
 		{
-			// jump service
-			size_t addressPos = r.uri.find ("=", addressHelperPos);
-			if (addressPos != std::string::npos)
-			{
-				LogPrint ("Jump service for ", r.host, " found. Inserting to address book");
-				auto base64 = r.uri.substr (addressPos + 1);
-				i2p::client::context.GetAddressBook ().InsertAddress (r.host, base64);
-			}
-		}			
-	
-		LogPrint("Requesting ", r.host, ":", r.port, " with path ", r.uri, " and method ", r.method);
-		SendToAddress (r.host, r.port,  m_Buffer, m_BufferLen);
+			LogPrint(eLogDebug, "HTTPProxy: close sock");
+			m_sock->close();
+			m_sock = nullptr;
+		}
+		if(m_proxysock)
+		{
+			LogPrint(eLogDebug, "HTTPProxy: close proxysock");
+			if(m_proxysock->is_open())
+				m_proxysock->close();
+			m_proxysock = nullptr;
+		}
+		Done(shared_from_this());
 	}
 
-}
-}
+	void HTTPReqHandler::GenericProxyError(const char *title, const char *description) {
+		std::stringstream ss;
+		ss << "<h1>Proxy error: " << title << "</h1>\r\n";
+		ss << "<p>" << description << "</p>\r\n";
+		std::string content = ss.str();
+		SendProxyError(content);
+	}
 
+	void HTTPReqHandler::GenericProxyInfo(const char *title, const char *description) {
+		std::stringstream ss;
+		ss << "<h1>Proxy info: " << title << "</h1>\r\n";
+		ss << "<p>" << description << "</p>\r\n";
+		std::string content = ss.str();
+		SendProxyError(content);
+	}
+
+	void HTTPReqHandler::HostNotFound(std::string & host) {
+		std::stringstream ss;
+		ss << "<h1>Proxy error: Host not found</h1>\r\n"
+		   << "<p>Remote host not found in router's addressbook</p>\r\n"
+		   << "<p>You may try to find this host on jumpservices below:</p>\r\n"
+		   << "<ul>\r\n";
+		for (const auto& js : jumpservices) {
+			ss << "  <li><a href=\"" << js.second << host << "\">" << js.first << "</a></li>\r\n";
+		}
+		ss << "</ul>\r\n";
+		std::string content = ss.str();
+		SendProxyError(content);
+	}
+
+	void HTTPReqHandler::SendProxyError(std::string & content)
+	{
+		i2p::http::HTTPRes res;
+		res.code = 500;
+		res.add_header("Content-Type", "text/html; charset=UTF-8");
+		res.add_header("Connection", "close");
+		std::stringstream ss;
+		ss << "<html>\r\n" << pageHead
+		   << "<body>" << content << "</body>\r\n"
+		   << "</html>\r\n";
+		res.body = ss.str();
+		std::string response = res.to_string();
+		boost::asio::async_write(*m_sock, boost::asio::buffer(response), boost::asio::transfer_all(),
+					 std::bind(&HTTPReqHandler::SentHTTPFailed, shared_from_this(), std::placeholders::_1));
+	}
+
+	bool HTTPReqHandler::ExtractAddressHelper(i2p::http::URL & url, std::string & b64)
+	{
+		const char *param = "i2paddresshelper=";
+		std::size_t pos = url.query.find(param);
+		std::size_t len = std::strlen(param);
+		std::map<std::string, std::string> params;
+
+		if (pos == std::string::npos)
+			return false; /* not found */
+		if (!url.parse_query(params))
+			return false;
+
+		std::string value = params["i2paddresshelper"];
+		len += value.length();
+		b64 = i2p::http::UrlDecode(value);
+		url.query.replace(pos, len, "");
+		return true;
+	}
+
+	void HTTPReqHandler::SanitizeHTTPRequest(i2p::http::HTTPReq & req)
+	{
+		/* drop common headers */
+		req.RemoveHeader ("Referer");
+		req.RemoveHeader("Via");
+		req.RemoveHeader("Forwarded");
+		/* drop proxy-disclosing headers */
+		req.RemoveHeader("X-Forwarded");
+		req.RemoveHeader("Proxy-");		
+		/* replace headers */
+		req.UpdateHeader("User-Agent", "MYOB/6.66 (AN/ON)");
+		/* add headers */
+		req.AddHeader("Connection", "close"); /* keep-alive conns not supported yet */
+	}
+
+	/**
+	 * @brief Try to parse request from @a m_recv_buf
+	 *   If parsing success, rebuild request and store to @a m_send_buf
+	 * with remaining data tail
+	 * @return true on processed request or false if more data needed
+	 */
+	bool HTTPReqHandler::HandleRequest()
+	{
+		std::string b64;
+
+		m_req_len = m_ClientRequest.parse(m_recv_buf);
+
+		if (m_req_len == 0)
+			return false; /* need more data */
+
+		if (m_req_len < 0) {
+			LogPrint(eLogError, "HTTPProxy: unable to parse request");
+			GenericProxyError("Invalid request", "Proxy unable to parse your request");
+			return true; /* parse error */
+		}
+
+		/* parsing success, now let's look inside request */
+		LogPrint(eLogDebug, "HTTPProxy: requested: ", m_ClientRequest.uri);
+		m_RequestURL.parse(m_ClientRequest.uri);
+
+		if (ExtractAddressHelper(m_RequestURL, b64)) {
+			i2p::client::context.GetAddressBook ().InsertAddress (m_RequestURL.host, b64);
+			LogPrint (eLogInfo, "HTTPProxy: added b64 from addresshelper for ", m_RequestURL.host);
+			std::string full_url = m_RequestURL.to_string();
+			std::stringstream ss;
+			ss << "Host " << m_RequestURL.host << " added to router's addressbook from helper. "
+			   << "Click <a href=\"" << full_url << "\">here</a> to proceed.";
+			GenericProxyInfo("Addresshelper found", ss.str().c_str());
+			return true; /* request processed */
+		}
+
+		SanitizeHTTPRequest(m_ClientRequest);
+
+		std::string dest_host = m_RequestURL.host;
+		uint16_t    dest_port = m_RequestURL.port;
+		/* always set port, even if missing in request */
+		if (!dest_port)
+			dest_port = (m_RequestURL.schema == "https") ? 443 : 80;
+		/* detect dest_host, set proper 'Host' header in upstream request */
+		if (dest_host != "") 
+		{
+			/* absolute url, replace 'Host' header */
+			std::string h = dest_host;
+			if (dest_port != 0 && dest_port != 80)
+				h += ":" + std::to_string(dest_port);
+			m_ClientRequest.UpdateHeader("Host", h);
+		} 
+		else
+		{	
+			auto h = m_ClientRequest.GetHeader ("Host");
+			if (h.length () > 0) 
+			{
+				/* relative url and 'Host' header provided. transparent proxy mode? */
+				i2p::http::URL u;
+				std::string t = "http://" + h;
+				u.parse(t);
+				dest_host = u.host;
+				dest_port = u.port;
+			} 
+			else 
+			{
+				/* relative url and missing 'Host' header */
+				GenericProxyError("Invalid request", "Can't detect destination host from request");
+				return true;
+			}
+		}	
+
+		/* check dest_host really exists and inside I2P network */
+		i2p::data::IdentHash identHash;
+		if (str_rmatch(dest_host, ".i2p")) {
+			if (!i2p::client::context.GetAddressBook ().GetIdentHash (dest_host, identHash)) {
+				HostNotFound(dest_host);
+				return true; /* request processed */
+			}
+		} else {
+			std::string outproxyUrl; i2p::config::GetOption("httpproxy.outproxy", outproxyUrl);
+			if(outproxyUrl.size()) {
+				LogPrint (eLogDebug, "HTTPProxy: use outproxy ", outproxyUrl);
+				if(m_ProxyURL.parse(outproxyUrl))
+					ForwardToUpstreamProxy();
+				else
+					GenericProxyError("Outproxy failure", "bad outproxy settings");
+			} else {
+				LogPrint (eLogWarning, "HTTPProxy: outproxy failure for ", dest_host, ": no outprxy enabled");
+				std::string message = "Host" + dest_host + "not inside I2P network, but outproxy is not enabled";
+				GenericProxyError("Outproxy failure", message.c_str());
+			}
+			return true;
+		}
+
+		/* make relative url */
+		m_RequestURL.schema = "";
+		m_RequestURL.host   = "";
+		m_ClientRequest.uri = m_RequestURL.to_string();
+
+		/* drop original request from recv buffer */
+		m_recv_buf.erase(0, m_req_len);
+		/* build new buffer from modified request and data from original request */
+		m_send_buf = m_ClientRequest.to_string();
+		m_send_buf.append(m_recv_buf);
+		/* connect to destination */
+		LogPrint(eLogDebug, "HTTPProxy: connecting to host ", dest_host, ":", dest_port);
+		GetOwner()->CreateStream (std::bind (&HTTPReqHandler::HandleStreamRequestComplete,
+			shared_from_this(), std::placeholders::_1), dest_host, dest_port);
+		return true;
+	}
+
+	void HTTPReqHandler::ForwardToUpstreamProxy()
+	{
+		LogPrint(eLogDebug, "HTTPProxy: forward to upstream");
+		// build http requset
+
+		m_ClientRequestURL = m_RequestURL;
+		LogPrint(eLogDebug, "HTTPProxy: ", m_ClientRequestURL.host);
+		m_ClientRequestURL.schema = "";
+		m_ClientRequestURL.host   = "";
+		m_ClientRequest.uri = m_ClientRequestURL.to_string();
+
+		m_ClientRequest.write(m_ClientRequestBuffer);
+		m_ClientRequestBuffer << m_recv_buf.substr(m_req_len);
+		
+		// assume http if empty schema
+		if (m_ProxyURL.schema == "" || m_ProxyURL.schema == "http") {
+			// handle upstream http proxy
+			if (!m_ProxyURL.port) m_ProxyURL.port = 80;
+			boost::asio::ip::tcp::resolver::query q(m_ProxyURL.host, std::to_string(m_ProxyURL.port));
+			m_proxy_resolver.async_resolve(q, std::bind(&HTTPReqHandler::HandleUpstreamProxyResolved, this, std::placeholders::_1, std::placeholders::_2, [&](boost::asio::ip::tcp::endpoint ep) {
+						m_proxysock->async_connect(ep, std::bind(&HTTPReqHandler::HandleUpstreamHTTPProxyConnect, this, std::placeholders::_1));
+			}));
+		} else if (m_ProxyURL.schema == "socks") {
+			// handle upstream socks proxy
+			if (!m_ProxyURL.port) m_ProxyURL.port = 9050; // default to tor default if not specified
+			boost::asio::ip::tcp::resolver::query q(m_ProxyURL.host, std::to_string(m_ProxyURL.port));
+			m_proxy_resolver.async_resolve(q, std::bind(&HTTPReqHandler::HandleUpstreamProxyResolved, this, std::placeholders::_1, std::placeholders::_2, [&](boost::asio::ip::tcp::endpoint ep) {
+						m_proxysock->async_connect(ep, std::bind(&HTTPReqHandler::HandleUpstreamSocksProxyConnect, this, std::placeholders::_1));
+			}));
+		} else {
+			// unknown type, complain
+			GenericProxyError("unknown outproxy url", m_ProxyURL.to_string().c_str());
+		}
+	}
+
+	void HTTPReqHandler::HandleUpstreamProxyResolved(const boost::system::error_code & ec, boost::asio::ip::tcp::resolver::iterator it, ProxyResolvedHandler handler)
+	{
+		if(ec) GenericProxyError("cannot resolve upstream proxy", ec.message().c_str());
+		else handler(*it); 
+	}
+
+	void HTTPReqHandler::HandleUpstreamSocksProxyConnect(const boost::system::error_code & ec)
+	{
+		if(!ec) {
+			if(m_RequestURL.host.size() > 255) {
+				GenericProxyError("hostname too long", m_RequestURL.host.c_str());
+				return;
+			}
+			uint16_t port = m_RequestURL.port;
+			if(!port) port = 80;
+			LogPrint(eLogDebug, "HTTPProxy: connected to socks upstream");
+
+			std::string host = m_RequestURL.host;
+			std::size_t reqsize = 0;
+			m_socks_buf[0] = '\x04';
+			m_socks_buf[1] = 1;
+			htobe16buf(m_socks_buf+2, port);
+			m_socks_buf[4] = 0;
+			m_socks_buf[5] = 0;
+			m_socks_buf[6] = 0;
+			m_socks_buf[7] = 1;
+			// user id
+			m_socks_buf[8] = 'i';
+			m_socks_buf[9] = '2';
+			m_socks_buf[10] = 'p';
+			m_socks_buf[11] = 'd';
+			m_socks_buf[12] = 0;
+			reqsize += 13;
+			memcpy(m_socks_buf+ reqsize, host.c_str(), host.size());
+			reqsize += host.size();
+			m_socks_buf[++reqsize] = 0;
+			boost::asio::async_write(*m_proxysock, boost::asio::buffer(m_socks_buf, reqsize), boost::asio::transfer_all(), std::bind(&HTTPReqHandler::HandleSocksProxySendHandshake, this, std::placeholders::_1, std::placeholders::_2));
+		} else GenericProxyError("cannot connect to upstream socks proxy", ec.message().c_str());
+	}
+
+	void HTTPReqHandler::HandleSocksProxySendHandshake(const boost::system::error_code & ec, std::size_t bytes_transferred)
+	{
+		LogPrint(eLogDebug, "HTTPProxy: upstream socks handshake sent");
+		if(ec) GenericProxyError("Cannot negotiate with socks proxy", ec.message().c_str());
+		else m_proxysock->async_read_some(boost::asio::buffer(m_socks_buf, 8), std::bind(&HTTPReqHandler::HandleSocksProxyReply, this, std::placeholders::_1, std::placeholders::_2));
+	}
+
+	void HTTPReqHandler::HandoverToUpstreamProxy()
+	{
+		LogPrint(eLogDebug, "HTTPProxy: handover to socks proxy");
+		auto connection = std::make_shared<i2p::client::TCPIPPipe>(GetOwner(), m_proxysock, m_sock);
+		m_sock = nullptr;
+		m_proxysock = nullptr;
+		GetOwner()->AddHandler(connection);
+		connection->Start();
+		Terminate();
+	}
+	
+	void HTTPReqHandler::SocksProxySuccess()
+	{
+		if(m_ClientRequest.method == "CONNECT") {
+			m_ClientResponse.code = 200;
+			m_send_buf = m_ClientResponse.to_string();
+			boost::asio::async_write(*m_sock, boost::asio::buffer(m_send_buf), boost::asio::transfer_all(), [&] (const boost::system::error_code & ec, std::size_t transferred) {
+					if(ec) GenericProxyError("socks proxy error", ec.message().c_str());
+					else HandoverToUpstreamProxy();
+				});
+		} else {
+			m_send_buf = m_ClientRequestBuffer.str();
+			LogPrint(eLogDebug, "HTTPProxy: send ", m_send_buf.size(), " bytes");
+			boost::asio::async_write(*m_proxysock, boost::asio::buffer(m_send_buf), boost::asio::transfer_all(), [&](const boost::system::error_code & ec, std::size_t transferred) {
+					if(ec) GenericProxyError("failed to send request to upstream", ec.message().c_str());
+					else HandoverToUpstreamProxy();
+				});
+		}
+	}
+	
+	void HTTPReqHandler::HandleSocksProxyReply(const boost::system::error_code & ec, std::size_t bytes_transferred)
+	{
+		if(!ec)
+		{
+			if(m_socks_buf[1] == 90) {
+				// success
+				SocksProxySuccess();
+			} else {
+				std::stringstream ss;
+				ss << "error code: ";
+				ss << (int) m_socks_buf[1];
+				std::string msg = ss.str();
+				GenericProxyError("Socks Proxy error", msg.c_str());
+			}
+		}
+		else GenericProxyError("No Reply From socks proxy", ec.message().c_str());
+	}
+	
+	void HTTPReqHandler::HandleUpstreamHTTPProxyConnect(const boost::system::error_code & ec)
+	{
+		if(!ec) {
+			LogPrint(eLogDebug, "HTTPProxy: connected to http upstream");
+			GenericProxyError("cannot connect", "http out proxy not implemented");
+		} else GenericProxyError("cannot connect to upstream http proxy", ec.message().c_str());
+	}
+	
+	/* will be called after some data received from client */
+	void HTTPReqHandler::HandleSockRecv(const boost::system::error_code & ecode, std::size_t len)
+	{
+		LogPrint(eLogDebug, "HTTPProxy: sock recv: ", len, " bytes, recv buf: ", m_recv_buf.length(), ", send buf: ", m_send_buf.length());
+		if(ecode) 
+		{
+			LogPrint(eLogWarning, "HTTPProxy: sock recv got error: ", ecode);
+			Terminate();
+			return;
+		}
+
+		m_recv_buf.append(reinterpret_cast<const char *>(m_recv_chunk), len);
+		if (HandleRequest()) {
+			m_recv_buf.clear();
+			return;
+		}
+		AsyncSockRead();
+	}
+
+	void HTTPReqHandler::SentHTTPFailed(const boost::system::error_code & ecode)
+	{
+		if (ecode)
+			LogPrint (eLogError, "HTTPProxy: Closing socket after sending failure because: ", ecode.message ());
+		Terminate();
+	}
+
+	void HTTPReqHandler::HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream)
+	{
+		if (!stream) {
+			LogPrint (eLogError, "HTTPProxy: error when creating the stream, check the previous warnings for more info");
+			GenericProxyError("Host is down", "Can't create connection to requested host, it may be down");
+			return;
+		}
+		if (Kill())
+			return;
+		LogPrint (eLogDebug, "HTTPProxy: Created new I2PTunnel stream, sSID=", stream->GetSendStreamID(), ", rSID=", stream->GetRecvStreamID());
+		auto connection = std::make_shared<i2p::client::I2PClientTunnelConnectionHTTP>(GetOwner(), m_sock, stream);
+		GetOwner()->AddHandler (connection);
+		connection->I2PConnect (reinterpret_cast<const uint8_t*>(m_send_buf.data()), m_send_buf.length());
+		Done (shared_from_this());
+	}
+
+	HTTPProxy::HTTPProxy(const std::string& address, int port, std::shared_ptr<i2p::client::ClientDestination> localDestination):
+		TCPIPAcceptor(address, port, localDestination ? localDestination : i2p::client::context.GetSharedLocalDestination ()) 
+	{
+	}
+	
+	std::shared_ptr<i2p::client::I2PServiceHandler> HTTPProxy::CreateHandler(std::shared_ptr<boost::asio::ip::tcp::socket> socket)
+	{
+		return std::make_shared<HTTPReqHandler> (this, socket);
+	}
+} // http
+} // i2p

HTTPProxy.h

@@ -1,42 +1,21 @@
 #ifndef HTTP_PROXY_H__
 #define HTTP_PROXY_H__
 
-#include <sstream>
-#include <thread>
-#include <boost/asio.hpp>
-#include <boost/array.hpp>
-
-#include "HTTPServer.h"
-
-namespace i2p
-{
-namespace proxy
-{
-	class HTTPProxyConnection : public i2p::util::HTTPConnection
+namespace i2p {
+namespace proxy {
+	class HTTPProxy: public i2p::client::TCPIPAcceptor
 	{
 		public:
-			HTTPProxyConnection (boost::asio::ip::tcp::socket * socket): HTTPConnection(socket) { };
+
+			HTTPProxy(const std::string& address, int port, std::shared_ptr<i2p::client::ClientDestination> localDestination = nullptr);
+			~HTTPProxy() {};
 
 		protected:
-			void RunRequest();
-			void parseHeaders(const std::string& h, std::vector<header>& hm);
-			void ExtractRequest(request& r);
+			// Implements TCPIPAcceptor
+			std::shared_ptr<i2p::client::I2PServiceHandler> CreateHandler(std::shared_ptr<boost::asio::ip::tcp::socket> socket);
+			const char* GetName() { return "HTTP Proxy"; }
 	};
-
-	class HTTPProxy : public i2p::util::HTTPServer
-	{
-		public:
-			HTTPProxy (int port): HTTPServer(port) {};
-
-		private:
-			void CreateConnection(boost::asio::ip::tcp::socket * m_NewSocket)
-			{
-				new HTTPProxyConnection(m_NewSocket);
-			}
-	};
-}
-}
+} // http
+} // i2p
 
 #endif
-
-

HTTPServer.h

@@ -1,111 +1,60 @@
 #ifndef HTTP_SERVER_H__
 #define HTTP_SERVER_H__
 
-#include <sstream>
+#include <inttypes.h>
+#include <string>
+#include <memory>
+#include <map>
 #include <thread>
 #include <boost/asio.hpp>
-#include <boost/array.hpp>
-#include "LeaseSet.h"
-#include "Streaming.h"
+#include "HTTP.h"
 
-namespace i2p
+namespace i2p 
 {
-namespace util
+namespace http 
 {
-	const size_t HTTP_CONNECTION_BUFFER_SIZE = 8192;	
-	const int HTTP_DESTINATION_REQUEST_TIMEOUT = 10; // in seconds
-	class HTTPConnection
+	const size_t HTTP_CONNECTION_BUFFER_SIZE = 8192;		
+	const int TOKEN_EXPIRATION_TIMEOUT = 30; // in seconds	
+
+	class HTTPConnection: public std::enable_shared_from_this<HTTPConnection>
 	{
-		protected:
-
-			struct header
-			{
-			  std::string name;
-			  std::string value;
-			};
-
-			struct request
-			{
-			  std::string method;
-			  std::string uri;
-			  std::string host;
-		      int port;	
-			  int http_version_major;
-			  int http_version_minor;
-			  std::vector<header> headers;
-			};
-
-			struct reply
-			{
-				std::vector<header> headers;
-				std::string content;
-
-				std::vector<boost::asio::const_buffer> to_buffers (int status);
-			};
-
 		public:
 
-			HTTPConnection (boost::asio::ip::tcp::socket * socket): 
-				m_Socket (socket), m_Timer (socket->get_io_service ()), 
-				m_Stream (nullptr), m_BufferLen (0) { Receive (); };
-			virtual ~HTTPConnection() { delete m_Socket; }
+			HTTPConnection (std::shared_ptr<boost::asio::ip::tcp::socket> socket);
+			void Receive ();
+			
+		private:
+
+			void HandleReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
+			void Terminate     (const boost::system::error_code& ecode);
+
+			void RunRequest ();
+			bool CheckAuth     (const HTTPReq & req);
+			void HandleRequest (const HTTPReq & req);
+			void HandlePage    (const HTTPReq & req, HTTPRes & res, std::stringstream& data);
+			void HandleCommand (const HTTPReq & req, HTTPRes & res, std::stringstream& data);
+			void SendReply     (HTTPRes & res, std::string & content);
 
 		private:
 
-			void Terminate ();
-			void Receive ();
-			void HandleReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
-			void AsyncStreamReceive ();
-			void HandleStreamReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
-			void HandleWriteReply(const boost::system::error_code& ecode);
-			void HandleWrite (const boost::system::error_code& ecode);
-			void SendReply (const std::string& content, int status = 200);
-
-			void HandleRequest (const std::string& address);
-			void HandleCommand (const std::string& command, std::stringstream& s);
-			void ShowTransports (std::stringstream& s);
-			void ShowTunnels (std::stringstream& s);
-			void ShowTransitTunnels (std::stringstream& s);
-			void ShowLocalDestinations (std::stringstream& s);
-			void ShowLocalDestination (const std::string& b32, std::stringstream& s);
-			void StartAcceptingTunnels (std::stringstream& s);
-			void StopAcceptingTunnels (std::stringstream& s);
-			void FillContent (std::stringstream& s);
-			std::string ExtractAddress ();
-			void ExtractParams (const std::string& str, std::map<std::string, std::string>& params);
-			
-			
-		protected:
-
-			boost::asio::ip::tcp::socket * m_Socket;
+			std::shared_ptr<boost::asio::ip::tcp::socket> m_Socket;
 			boost::asio::deadline_timer m_Timer;
-			i2p::stream::Stream * m_Stream;
-			char m_Buffer[HTTP_CONNECTION_BUFFER_SIZE + 1], m_StreamBuffer[HTTP_CONNECTION_BUFFER_SIZE + 1];
+			char m_Buffer[HTTP_CONNECTION_BUFFER_SIZE + 1];
 			size_t m_BufferLen;
-			request m_Request;
-			reply m_Reply;
+			std::string m_SendBuffer;
+			bool needAuth;
+			std::string user;
+			std::string pass;
 
-		protected:
-	
-			virtual void RunRequest ();
-			void HandleDestinationRequest(const std::string& address, const std::string& uri);
-			void SendToAddress (const std::string& address, int port, const char * buf, size_t len);
-			void HandleDestinationRequestTimeout (const boost::system::error_code& ecode, 
-				i2p::data::IdentHash destination, int port, const char * buf, size_t len);
-			void SendToDestination (const i2p::data::LeaseSet * remote, int port, const char * buf, size_t len);
-
-		public:
-
-			static const std::string itoopieImage;
-			static const std::string itoopieFavicon;
+			static std::map<uint32_t, uint32_t> m_Tokens; // token->timestamp in seconds
 	};
 
 	class HTTPServer
 	{
 		public:
 
-			HTTPServer (int port);
-			virtual ~HTTPServer ();
+			HTTPServer (const std::string& address, int port);
+			~HTTPServer ();
 
 			void Start ();
 			void Stop ();
@@ -114,22 +63,19 @@ namespace util
 
 			void Run ();
  			void Accept ();
-			void HandleAccept(const boost::system::error_code& ecode);
+			void HandleAccept(const boost::system::error_code& ecode,
+				std::shared_ptr<boost::asio::ip::tcp::socket> newSocket);
+			void CreateConnection(std::shared_ptr<boost::asio::ip::tcp::socket> newSocket);
 			
 		private:
 
-			std::thread * m_Thread;
+			bool m_IsRunning;
+			std::unique_ptr<std::thread> m_Thread;
 			boost::asio::io_service m_Service;
 			boost::asio::io_service::work m_Work;
 			boost::asio::ip::tcp::acceptor m_Acceptor;
-			boost::asio::ip::tcp::socket * m_NewSocket;
-
-		protected:
-			virtual void CreateConnection(boost::asio::ip::tcp::socket * m_NewSocket);
 	};
-}
-}
-
-#endif
-
+} // http
+} // i2p
 
+#endif /* HTTP_SERVER_H__ */

I2CP.cpp

@@ -0,0 +1,744 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/rand.h>
+#include "I2PEndian.h"
+#include "Log.h"
+#include "Timestamp.h"
+#include "LeaseSet.h"
+#include "ClientContext.h"
+#include "Transports.h"
+#include "Signature.h"
+#include "I2CP.h"
+
+namespace i2p
+{
+namespace client
+{
+
+	I2CPDestination::I2CPDestination (std::shared_ptr<I2CPSession> owner, std::shared_ptr<const i2p::data::IdentityEx> identity, bool isPublic, const std::map<std::string, std::string>& params): 
+		LeaseSetDestination (isPublic, &params), m_Owner (owner), m_Identity (identity) 
+	{
+	}
+
+	void I2CPDestination::SetEncryptionPrivateKey (const uint8_t * key)
+	{
+		memcpy (m_EncryptionPrivateKey, key, 256);
+	}
+
+	void I2CPDestination::HandleDataMessage (const uint8_t * buf, size_t len)
+	{
+		uint32_t length = bufbe32toh (buf);
+		if (length > len - 4) length = len - 4;
+		m_Owner->SendMessagePayloadMessage (buf + 4, length);
+	}
+
+	void I2CPDestination::CreateNewLeaseSet (std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels) 
+	{
+		i2p::data::LocalLeaseSet ls (m_Identity, m_EncryptionPrivateKey, tunnels); // we don't care about encryption key
+		m_LeaseSetExpirationTime = ls.GetExpirationTime ();
+		uint8_t * leases = ls.GetLeases ();
+		leases[-1] = tunnels.size ();
+		htobe16buf (leases - 3, m_Owner->GetSessionID ());
+		size_t l = 2/*sessionID*/ + 1/*num leases*/ + i2p::data::LEASE_SIZE*tunnels.size ();
+		m_Owner->SendI2CPMessage (I2CP_REQUEST_VARIABLE_LEASESET_MESSAGE, leases - 3, l); 
+	}
+	
+	void I2CPDestination::LeaseSetCreated (const uint8_t * buf, size_t len)
+	{
+		auto ls = new i2p::data::LocalLeaseSet (m_Identity, buf, len);
+		ls->SetExpirationTime (m_LeaseSetExpirationTime);
+		SetLeaseSet (ls);
+	}
+	
+	void I2CPDestination::SendMsgTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash& ident, uint32_t nonce)
+	{
+		auto msg = NewI2NPMessage ();
+		uint8_t * buf = msg->GetPayload ();
+		htobe32buf (buf, len);
+		memcpy (buf + 4, payload, len);
+		msg->len += len + 4; 
+		msg->FillI2NPMessageHeader (eI2NPData);
+		auto s = GetSharedFromThis ();
+		auto remote = FindLeaseSet (ident);
+		if (remote)
+		{
+			GetService ().post (
+				[s, msg, remote, nonce]()
+				{
+					bool sent = s->SendMsg (msg, remote);
+					s->m_Owner->SendMessageStatusMessage (nonce, sent ? eI2CPMessageStatusGuaranteedSuccess : eI2CPMessageStatusGuaranteedFailure);
+				});	
+		}
+		else
+		{
+			RequestDestination (ident,
+				[s, msg, nonce](std::shared_ptr<i2p::data::LeaseSet> ls)
+				{
+					if (ls)
+					{ 
+						bool sent = s->SendMsg (msg, ls);
+						s->m_Owner->SendMessageStatusMessage (nonce, sent ? eI2CPMessageStatusGuaranteedSuccess : eI2CPMessageStatusGuaranteedFailure);
+					}
+					else
+						s->m_Owner->SendMessageStatusMessage (nonce, eI2CPMessageStatusNoLeaseSet);
+				});
+		}
+	}
+
+	bool I2CPDestination::SendMsg (std::shared_ptr<I2NPMessage> msg, std::shared_ptr<const i2p::data::LeaseSet> remote)
+	{	
+		auto remoteSession = GetRoutingSession (remote, true); 	
+		if (!remoteSession)
+		{
+			LogPrint (eLogError, "I2CP: Failed to create remote session");
+			return false;
+		}
+		auto path = remoteSession->GetSharedRoutingPath ();
+		std::shared_ptr<i2p::tunnel::OutboundTunnel> outboundTunnel;
+		std::shared_ptr<const i2p::data::Lease> remoteLease;	
+		if (path)
+		{
+			if (!remoteSession->CleanupUnconfirmedTags ()) // no stuck tags
+			{
+				outboundTunnel = path->outboundTunnel;
+				remoteLease = path->remoteLease;
+			}
+			else
+				remoteSession->SetSharedRoutingPath (nullptr);
+		}
+		else
+		{
+			outboundTunnel = GetTunnelPool ()->GetNextOutboundTunnel ();
+			auto leases = remote->GetNonExpiredLeases ();
+			if (!leases.empty ())		
+				remoteLease = leases[rand () % leases.size ()];
+			if (remoteLease && outboundTunnel)
+				remoteSession->SetSharedRoutingPath (std::make_shared<i2p::garlic::GarlicRoutingPath> (
+					i2p::garlic::GarlicRoutingPath{outboundTunnel, remoteLease, 10000, 0, 0})); // 10 secs RTT
+			else
+				remoteSession->SetSharedRoutingPath (nullptr);
+		}	
+		if (remoteLease && outboundTunnel)
+		{
+			std::vector<i2p::tunnel::TunnelMessageBlock> msgs;			
+			auto garlic = remoteSession->WrapSingleMessage (msg);
+			msgs.push_back (i2p::tunnel::TunnelMessageBlock 
+				{ 
+					i2p::tunnel::eDeliveryTypeTunnel,
+					remoteLease->tunnelGateway, remoteLease->tunnelID,
+					garlic
+				});
+			outboundTunnel->SendTunnelDataMsg (msgs);
+			return true;
+		}		
+		else
+		{
+			if (outboundTunnel)
+				LogPrint (eLogWarning, "I2CP: Failed to send message. All leases expired");
+			else
+				LogPrint (eLogWarning, "I2CP: Failed to send message. No outbound tunnels");
+			return false;
+		}	
+	}
+
+	I2CPSession::I2CPSession (I2CPServer& owner, std::shared_ptr<proto::socket> socket):
+		m_Owner (owner), m_Socket (socket), m_Payload (nullptr),
+		m_SessionID (0xFFFF), m_MessageID (0), m_IsSendAccepted (true)
+	{
+	}
+		
+	I2CPSession::~I2CPSession ()
+	{
+		delete[] m_Payload;
+	}
+
+	void I2CPSession::Start ()
+	{
+		ReadProtocolByte ();
+	}
+
+	void I2CPSession::Stop ()
+	{
+		Terminate ();
+	}
+
+	void I2CPSession::ReadProtocolByte ()
+	{
+		if (m_Socket)
+		{
+			auto s = shared_from_this ();	
+			m_Socket->async_read_some (boost::asio::buffer (m_Header, 1), 
+				[s](const boost::system::error_code& ecode, std::size_t bytes_transferred)
+				    {
+						if (!ecode && bytes_transferred > 0 && s->m_Header[0] == I2CP_PROTOCOL_BYTE)
+							s->ReceiveHeader ();
+						else
+							s->Terminate ();
+					});
+		}
+	}
+
+	void I2CPSession::ReceiveHeader ()
+	{
+		boost::asio::async_read (*m_Socket, boost::asio::buffer (m_Header, I2CP_HEADER_SIZE),
+			boost::asio::transfer_all (),
+			std::bind (&I2CPSession::HandleReceivedHeader, shared_from_this (), std::placeholders::_1, std::placeholders::_2));
+	}
+
+	void I2CPSession::HandleReceivedHeader (const boost::system::error_code& ecode, std::size_t bytes_transferred)
+	{
+		if (ecode)
+			Terminate ();
+		else
+		{
+			m_PayloadLen = bufbe32toh (m_Header + I2CP_HEADER_LENGTH_OFFSET);
+			if (m_PayloadLen > 0)
+			{
+				m_Payload = new uint8_t[m_PayloadLen];
+				ReceivePayload ();
+			}
+			else // no following payload
+			{
+				HandleMessage ();
+				ReceiveHeader (); // next message
+			}
+		}
+	}
+
+	void I2CPSession::ReceivePayload ()
+	{
+		boost::asio::async_read (*m_Socket, boost::asio::buffer (m_Payload, m_PayloadLen),
+			boost::asio::transfer_all (),
+			std::bind (&I2CPSession::HandleReceivedPayload, shared_from_this (), std::placeholders::_1, std::placeholders::_2));
+	}
+
+	void I2CPSession::HandleReceivedPayload (const boost::system::error_code& ecode, std::size_t bytes_transferred)
+	{
+		if (ecode)
+			Terminate ();
+		else
+		{
+			HandleMessage ();
+			delete[] m_Payload;
+			m_Payload = nullptr;
+			m_PayloadLen = 0;	
+			ReceiveHeader (); // next message
+		}
+	}
+
+	void I2CPSession::HandleMessage ()
+	{
+		auto handler = m_Owner.GetMessagesHandlers ()[m_Header[I2CP_HEADER_TYPE_OFFSET]];
+		if (handler)
+			(this->*handler)(m_Payload, m_PayloadLen);
+		else
+			LogPrint (eLogError, "I2CP: Unknown I2CP messsage ", (int)m_Header[I2CP_HEADER_TYPE_OFFSET]);
+	}
+
+	void I2CPSession::Terminate ()
+	{
+		if (m_Destination)
+		{
+			m_Destination->Stop ();
+			m_Destination = nullptr;
+		}
+		if (m_Socket)
+		{
+			m_Socket->close ();
+			m_Socket = nullptr;
+		}
+		m_Owner.RemoveSession (GetSessionID ());
+		LogPrint (eLogDebug, "I2CP: session ", m_SessionID, " terminated");
+	}
+
+	void I2CPSession::SendI2CPMessage (uint8_t type, const uint8_t * payload, size_t len)
+	{
+		auto socket = m_Socket;
+		if (socket)
+		{	
+			auto l = len + I2CP_HEADER_SIZE;
+			uint8_t * buf = new uint8_t[l];
+			htobe32buf (buf + I2CP_HEADER_LENGTH_OFFSET, len);
+			buf[I2CP_HEADER_TYPE_OFFSET] = type;
+			memcpy (buf + I2CP_HEADER_SIZE, payload, len);
+			boost::asio::async_write (*socket, boost::asio::buffer (buf, l), boost::asio::transfer_all (),
+		    	std::bind(&I2CPSession::HandleI2CPMessageSent, shared_from_this (), 
+							std::placeholders::_1, std::placeholders::_2, buf));	
+		}	
+		else
+			LogPrint (eLogError, "I2CP: Can't write to the socket");
+	}
+
+	void I2CPSession::HandleI2CPMessageSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, const uint8_t * buf)
+	{
+		delete[] buf;
+		if (ecode && ecode != boost::asio::error::operation_aborted)
+			Terminate ();
+	}
+
+	std::string I2CPSession::ExtractString (const uint8_t * buf, size_t len)
+	{
+		uint8_t l = buf[0];
+		if (l > len) l = len;
+		return std::string ((const char *)(buf + 1), l);
+	}
+
+	size_t I2CPSession::PutString (uint8_t * buf, size_t len, const std::string& str)
+	{
+		auto l = str.length ();
+		if (l + 1 >= len) l = len - 1;
+		if (l > 255) l = 255; // 1 byte max
+		buf[0] = l;
+		memcpy (buf + 1, str.c_str (), l);	
+		return l + 1;
+	}
+
+	void I2CPSession::ExtractMapping (const uint8_t * buf, size_t len, std::map<std::string, std::string>& mapping)
+	// TODO: move to Base.cpp
+	{
+		size_t offset = 0;
+		while (offset < len)
+		{
+			std::string param = ExtractString (buf + offset, len - offset);
+			offset += param.length () + 1;
+			if (buf[offset] != '=') 
+			{
+				LogPrint (eLogWarning, "I2CP: Unexpected character ", buf[offset], " instead '=' after ", param);
+				break;	
+			}				
+			offset++;
+
+			std::string value = ExtractString (buf + offset, len - offset);
+			offset += value.length () + 1;
+			if (buf[offset] != ';') 
+			{
+				LogPrint (eLogWarning, "I2CP: Unexpected character ", buf[offset], " instead ';' after ", value);
+				break;	
+			}				
+			offset++;
+			mapping.insert (std::make_pair (param, value));
+		}
+	}
+
+	void I2CPSession::GetDateMessageHandler (const uint8_t * buf, size_t len)
+	{
+		// get version
+		auto version = ExtractString (buf, len);
+		auto l = version.length () + 1 + 8;
+		uint8_t * payload = new uint8_t[l];
+		// set date
+		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+		htobe64buf (payload, ts);
+		// echo vesrion back
+		PutString (payload + 8, l - 8, version);
+		SendI2CPMessage (I2CP_SET_DATE_MESSAGE, payload, l); 
+		delete[] payload;
+	}
+
+	void I2CPSession::CreateSessionMessageHandler (const uint8_t * buf, size_t len)
+	{
+		RAND_bytes ((uint8_t *)&m_SessionID, 2);
+		m_Owner.InsertSession (shared_from_this ());
+		auto identity = std::make_shared<i2p::data::IdentityEx>();
+		size_t offset = identity->FromBuffer (buf, len);
+		if (!offset)
+		{
+			LogPrint (eLogError, "I2CP: create session maformed identity");	
+			SendSessionStatusMessage (3); // invalid
+			return;
+		}	
+		uint16_t optionsSize = bufbe16toh (buf + offset);
+		offset += 2;
+		if (optionsSize > len - offset)
+		{
+			LogPrint (eLogError, "I2CP: options size ", optionsSize, "exceeds message size");	
+			SendSessionStatusMessage (3); // invalid
+			return;
+		}
+		std::map<std::string, std::string> params;
+		ExtractMapping (buf + offset, optionsSize, params);		
+		offset += optionsSize; // options
+		if (params[I2CP_PARAM_MESSAGE_RELIABILITY] == "none") m_IsSendAccepted = false;
+
+		offset += 8; // date
+		if (identity->Verify (buf, offset, buf + offset)) // signature
+		{	
+			bool isPublic = true;
+			if (params[I2CP_PARAM_DONT_PUBLISH_LEASESET] == "true") isPublic = false;
+			if (!m_Destination)
+			{
+				m_Destination = std::make_shared<I2CPDestination>(shared_from_this (), identity, isPublic, params);
+				SendSessionStatusMessage (1); // created
+				LogPrint (eLogDebug, "I2CP: session ", m_SessionID, " created");
+				m_Destination->Start ();	
+			}
+			else
+			{
+				LogPrint (eLogError, "I2CP: session already exists");	
+				SendSessionStatusMessage (4); // refused
+			}
+		}
+		else
+		{
+			LogPrint (eLogError, "I2CP: create session signature verification falied");	
+			SendSessionStatusMessage (3); // invalid
+		}
+	}
+
+	void I2CPSession::DestroySessionMessageHandler (const uint8_t * buf, size_t len)
+	{
+		SendSessionStatusMessage (0); // destroy
+		LogPrint (eLogDebug, "I2CP: session ", m_SessionID, " destroyed");
+		if (m_Destination)
+		{
+			m_Destination->Stop ();
+			m_Destination = 0;
+		}
+	}
+
+	void I2CPSession::ReconfigureSessionMessageHandler (const uint8_t * buf, size_t len)
+	{
+		// TODO: implement actual reconfiguration
+		SendSessionStatusMessage (2); // updated
+	}	
+
+	void I2CPSession::SendSessionStatusMessage (uint8_t status)
+	{
+		uint8_t buf[3];
+		htobe16buf (buf, m_SessionID);
+		buf[2] = status;
+		SendI2CPMessage (I2CP_SESSION_STATUS_MESSAGE, buf, 3); 
+	}
+
+	void I2CPSession::SendMessageStatusMessage (uint32_t nonce, I2CPMessageStatus status)
+	{
+		if (!nonce) return; // don't send status with zero nonce
+		uint8_t buf[15];
+		htobe16buf (buf, m_SessionID);
+		htobe32buf (buf + 2, m_MessageID++);
+		buf[6] = (uint8_t)status;
+		memset (buf + 7, 0, 4); // size
+		htobe32buf (buf + 11, nonce);	
+		SendI2CPMessage (I2CP_MESSAGE_STATUS_MESSAGE, buf, 15); 	
+	}
+
+	void I2CPSession::CreateLeaseSetMessageHandler (const uint8_t * buf, size_t len)
+	{
+		uint16_t sessionID = bufbe16toh (buf);
+		if (sessionID == m_SessionID)
+		{
+			size_t offset = 2;
+			if (m_Destination)
+			{
+				offset += i2p::crypto::DSA_PRIVATE_KEY_LENGTH; // skip signing private key
+				// we always assume this field as 20 bytes (DSA) regardless actual size
+				// instead of 	
+				//offset += m_Destination->GetIdentity ()->GetSigningPrivateKeyLen (); 
+				m_Destination->SetEncryptionPrivateKey (buf + offset);
+				offset += 256;
+				m_Destination->LeaseSetCreated (buf + offset, len - offset);
+			}
+		}	
+		else
+			LogPrint (eLogError, "I2CP: unexpected sessionID ", sessionID);
+	}
+
+	void I2CPSession::SendMessageMessageHandler (const uint8_t * buf, size_t len)
+	{
+		uint16_t sessionID = bufbe16toh (buf);
+		if (sessionID == m_SessionID)
+		{
+			size_t offset = 2;
+			if (m_Destination)
+			{
+				i2p::data::IdentityEx identity;
+				size_t identsize = identity.FromBuffer (buf + offset, len - offset);
+				if (identsize)
+				{
+					offset += identsize;
+					uint32_t payloadLen = bufbe32toh (buf + offset);
+					if (payloadLen + offset <= len)
+					{            
+						offset += 4;
+						uint32_t nonce = bufbe32toh (buf + offset + payloadLen);
+						if (m_IsSendAccepted) 
+						  SendMessageStatusMessage (nonce, eI2CPMessageStatusAccepted); // accepted
+						m_Destination->SendMsgTo (buf + offset, payloadLen, identity.GetIdentHash (), nonce);
+					}
+      				else
+        				LogPrint(eLogError, "I2CP: cannot send message, too big");
+   				}
+    			else
+      				LogPrint(eLogError, "I2CP: invalid identity");
+			} 
+		}	
+		else
+			LogPrint (eLogError, "I2CP: unexpected sessionID ", sessionID);
+	}
+
+	void I2CPSession::SendMessageExpiresMessageHandler (const uint8_t * buf, size_t len)
+	{
+		SendMessageMessageHandler (buf, len - 8); // ignore flags(2) and expiration(6) 
+	}	
+
+	void I2CPSession::HostLookupMessageHandler (const uint8_t * buf, size_t len)
+	{
+		uint16_t sessionID = bufbe16toh (buf);
+		if (sessionID == m_SessionID || sessionID == 0xFFFF) // -1 means without session
+		{
+			uint32_t requestID = bufbe32toh (buf + 2);
+			//uint32_t timeout = bufbe32toh (buf + 6);
+			i2p::data::IdentHash ident;
+			switch (buf[10]) 
+			{
+				case 0: // hash
+					ident = i2p::data::IdentHash (buf + 11);
+				break;
+				case 1: // address
+				{
+					auto name = ExtractString (buf + 11, len - 11);
+					if (!i2p::client::context.GetAddressBook ().GetIdentHash (name, ident))
+					{
+						LogPrint (eLogError, "I2CP: address ", name, " not found");
+						SendHostReplyMessage (requestID, nullptr);
+						return;
+					}
+					break;	
+				}
+				default:
+					LogPrint (eLogError, "I2CP: request type ", (int)buf[10], " is not supported");
+					SendHostReplyMessage (requestID, nullptr);
+					return;
+			}
+
+			std::shared_ptr<LeaseSetDestination> destination = m_Destination;
+			if(!destination) destination = i2p::client::context.GetSharedLocalDestination ();	
+			if (destination)
+			{
+				auto ls = destination->FindLeaseSet (ident);
+				if (ls)
+					SendHostReplyMessage (requestID, ls->GetIdentity ());
+				else
+				{
+					auto s = shared_from_this ();
+					destination->RequestDestination (ident,
+						[s, requestID](std::shared_ptr<i2p::data::LeaseSet> leaseSet)
+						{
+							s->SendHostReplyMessage (requestID, leaseSet ? leaseSet->GetIdentity () : nullptr);
+						});
+				}		
+			}
+			else
+				SendHostReplyMessage (requestID, nullptr);
+		}	
+		else
+			LogPrint (eLogError, "I2CP: unexpected sessionID ", sessionID);
+	}
+
+	void I2CPSession::SendHostReplyMessage (uint32_t requestID, std::shared_ptr<const i2p::data::IdentityEx> identity)
+	{
+		if (identity)
+		{
+			size_t l = identity->GetFullLen () + 7;
+			uint8_t * buf = new uint8_t[l];
+			htobe16buf (buf, m_SessionID);
+			htobe32buf (buf + 2, requestID);
+			buf[6] = 0; // result code
+			identity->ToBuffer (buf + 7, l - 7);
+			SendI2CPMessage (I2CP_HOST_REPLY_MESSAGE, buf, l); 
+			delete[] buf;
+		}
+		else
+		{
+			uint8_t buf[7];
+			htobe16buf (buf, m_SessionID);
+			htobe32buf (buf + 2, requestID);
+			buf[6] = 1; // result code
+			SendI2CPMessage (I2CP_HOST_REPLY_MESSAGE, buf, 7); 
+		}	
+	}
+
+	void I2CPSession::DestLookupMessageHandler (const uint8_t * buf, size_t len)
+	{
+		if (m_Destination)
+		{
+			auto ls = m_Destination->FindLeaseSet (buf);
+			if (ls)
+			{	
+				auto l = ls->GetIdentity ()->GetFullLen ();
+				uint8_t * identBuf = new uint8_t[l];
+				ls->GetIdentity ()->ToBuffer (identBuf, l);
+				SendI2CPMessage (I2CP_DEST_REPLY_MESSAGE, identBuf, l);
+				delete[] identBuf;
+			}
+			else
+			{
+				auto s = shared_from_this ();
+				i2p::data::IdentHash ident (buf);
+				m_Destination->RequestDestination (ident,
+					[s, ident](std::shared_ptr<i2p::data::LeaseSet> leaseSet)
+					{
+						if (leaseSet) // found
+						{
+							auto l = leaseSet->GetIdentity ()->GetFullLen ();
+							uint8_t * identBuf = new uint8_t[l];
+							leaseSet->GetIdentity ()->ToBuffer (identBuf, l);
+							s->SendI2CPMessage (I2CP_DEST_REPLY_MESSAGE, identBuf, l);
+							delete[] identBuf;
+						}
+						else
+							s->SendI2CPMessage (I2CP_DEST_REPLY_MESSAGE, ident, 32); // not found
+					});
+			}
+		}
+		else
+			SendI2CPMessage (I2CP_DEST_REPLY_MESSAGE, buf, 32); 
+	}	
+
+	void I2CPSession::GetBandwidthLimitsMessageHandler (const uint8_t * buf, size_t len)
+	{
+		uint8_t limits[64];
+		memset (limits, 0, 64);
+		htobe32buf (limits, i2p::transport::transports.GetInBandwidth ()); // inbound
+		htobe32buf (limits + 4, i2p::transport::transports.GetOutBandwidth ()); // outbound
+		SendI2CPMessage (I2CP_BANDWIDTH_LIMITS_MESSAGE, limits, 64);
+	}
+
+	void I2CPSession::SendMessagePayloadMessage (const uint8_t * payload, size_t len)
+	{
+		// we don't use SendI2CPMessage to eliminate additional copy
+		auto l = len + 10 + I2CP_HEADER_SIZE;
+		uint8_t * buf = new uint8_t[l];
+		htobe32buf (buf + I2CP_HEADER_LENGTH_OFFSET, len + 10);
+		buf[I2CP_HEADER_TYPE_OFFSET] = I2CP_MESSAGE_PAYLOAD_MESSAGE;
+		htobe16buf (buf + I2CP_HEADER_SIZE, m_SessionID);
+		htobe32buf (buf + I2CP_HEADER_SIZE + 2, m_MessageID++);
+		htobe32buf (buf + I2CP_HEADER_SIZE + 6, len);		
+		memcpy (buf + I2CP_HEADER_SIZE + 10, payload, len);
+		boost::asio::async_write (*m_Socket, boost::asio::buffer (buf, l), boost::asio::transfer_all (),
+        	std::bind(&I2CPSession::HandleI2CPMessageSent, shared_from_this (), 
+						std::placeholders::_1, std::placeholders::_2, buf));	
+	}
+
+	I2CPServer::I2CPServer (const std::string& interface, int port):
+		m_IsRunning (false), m_Thread (nullptr),
+		m_Acceptor (m_Service, 
+#ifdef ANDROID
+            I2CPSession::proto::endpoint(std::string (1, '\0') + interface)) // leading 0 for abstract address
+#else
+			I2CPSession::proto::endpoint(boost::asio::ip::address::from_string(interface), port))
+#endif
+	{
+		memset (m_MessagesHandlers, 0, sizeof (m_MessagesHandlers));
+		m_MessagesHandlers[I2CP_GET_DATE_MESSAGE] = &I2CPSession::GetDateMessageHandler;
+		m_MessagesHandlers[I2CP_CREATE_SESSION_MESSAGE] = &I2CPSession::CreateSessionMessageHandler;
+		m_MessagesHandlers[I2CP_DESTROY_SESSION_MESSAGE] = &I2CPSession::DestroySessionMessageHandler;
+		m_MessagesHandlers[I2CP_RECONFIGURE_SESSION_MESSAGE] = &I2CPSession::ReconfigureSessionMessageHandler;
+		m_MessagesHandlers[I2CP_CREATE_LEASESET_MESSAGE] = &I2CPSession::CreateLeaseSetMessageHandler;
+		m_MessagesHandlers[I2CP_SEND_MESSAGE_MESSAGE] = &I2CPSession::SendMessageMessageHandler;
+		m_MessagesHandlers[I2CP_SEND_MESSAGE_EXPIRES_MESSAGE] = &I2CPSession::SendMessageExpiresMessageHandler;	
+		m_MessagesHandlers[I2CP_HOST_LOOKUP_MESSAGE] = &I2CPSession::HostLookupMessageHandler;
+		m_MessagesHandlers[I2CP_DEST_LOOKUP_MESSAGE] = &I2CPSession::DestLookupMessageHandler;	
+		m_MessagesHandlers[I2CP_GET_BANDWIDTH_LIMITS_MESSAGE] = &I2CPSession::GetBandwidthLimitsMessageHandler;	
+	}
+
+	I2CPServer::~I2CPServer ()
+	{
+		if (m_IsRunning)
+			Stop ();
+	}
+
+	void I2CPServer::Start ()
+	{
+		Accept ();
+		m_IsRunning = true;
+		m_Thread = new std::thread (std::bind (&I2CPServer::Run, this));
+	}
+
+	void I2CPServer::Stop ()
+	{
+		m_IsRunning = false;
+		m_Acceptor.cancel ();
+		for (auto& it: m_Sessions)
+			it.second->Stop ();
+		m_Sessions.clear ();
+		m_Service.stop ();
+		if (m_Thread)
+		{	
+			m_Thread->join (); 
+			delete m_Thread;
+			m_Thread = nullptr;
+		}	
+	}
+
+	void I2CPServer::Run () 
+	{ 
+		while (m_IsRunning)
+		{
+			try
+			{	
+				m_Service.run ();
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "I2CP: runtime exception: ", ex.what ());
+			}	
+		}	
+	}
+
+	void I2CPServer::Accept ()
+	{
+		auto newSocket = std::make_shared<I2CPSession::proto::socket> (m_Service);
+		m_Acceptor.async_accept (*newSocket, std::bind (&I2CPServer::HandleAccept, this,
+			std::placeholders::_1, newSocket));
+	}
+
+	void I2CPServer::HandleAccept(const boost::system::error_code& ecode,
+		std::shared_ptr<I2CPSession::proto::socket> socket)
+	{
+		if (!ecode && socket)
+		{
+			boost::system::error_code ec;
+			auto ep = socket->remote_endpoint (ec);
+			if (!ec)
+			{	
+				LogPrint (eLogDebug, "I2CP: new connection from ", ep);
+				auto session = std::make_shared<I2CPSession>(*this, socket);
+				session->Start ();
+			}
+			else
+				LogPrint (eLogError, "I2CP: incoming connection error ", ec.message ());
+		}
+		else
+			LogPrint (eLogError, "I2CP: accept error: ", ecode.message ());
+
+		if (ecode != boost::asio::error::operation_aborted)
+			Accept ();
+	}
+
+	bool I2CPServer::InsertSession (std::shared_ptr<I2CPSession> session)
+	{
+		if (!session) return false;
+		if (!m_Sessions.insert({session->GetSessionID (), session}).second)
+		{	
+			LogPrint (eLogError, "I2CP: duplicate session id ", session->GetSessionID ());
+			return false;
+		}	
+		return true;
+	}
+
+	void I2CPServer::RemoveSession (uint16_t sessionID)
+	{
+		m_Sessions.erase (sessionID);
+	}	
+}
+}
+

I2CP.h

@@ -0,0 +1,209 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
+#ifndef I2CP_H__
+#define I2CP_H__
+
+#include <inttypes.h>
+#include <string>
+#include <memory>
+#include <thread>
+#include <map>
+#include <boost/asio.hpp>
+#include "Destination.h"
+
+namespace i2p
+{
+namespace client
+{
+	const uint8_t I2CP_PROTOCOL_BYTE = 0x2A;
+	const size_t I2CP_SESSION_BUFFER_SIZE = 4096;
+
+	const size_t I2CP_HEADER_LENGTH_OFFSET = 0;
+	const size_t I2CP_HEADER_TYPE_OFFSET = I2CP_HEADER_LENGTH_OFFSET + 4;
+	const size_t I2CP_HEADER_SIZE = I2CP_HEADER_TYPE_OFFSET + 1;	
+
+	const uint8_t I2CP_GET_DATE_MESSAGE = 32;
+	const uint8_t I2CP_SET_DATE_MESSAGE = 33;
+	const uint8_t I2CP_CREATE_SESSION_MESSAGE = 1;
+	const uint8_t I2CP_RECONFIGURE_SESSION_MESSAGE = 2;	
+	const uint8_t I2CP_SESSION_STATUS_MESSAGE = 20;	
+	const uint8_t I2CP_DESTROY_SESSION_MESSAGE = 3;
+	const uint8_t I2CP_REQUEST_VARIABLE_LEASESET_MESSAGE = 37;
+	const uint8_t I2CP_CREATE_LEASESET_MESSAGE = 4;	
+	const uint8_t I2CP_SEND_MESSAGE_MESSAGE = 5;
+	const uint8_t I2CP_SEND_MESSAGE_EXPIRES_MESSAGE = 36;	
+	const uint8_t I2CP_MESSAGE_PAYLOAD_MESSAGE = 31;
+	const uint8_t I2CP_MESSAGE_STATUS_MESSAGE = 22;	
+	const uint8_t I2CP_HOST_LOOKUP_MESSAGE = 38;
+	const uint8_t I2CP_HOST_REPLY_MESSAGE = 39;		
+	const uint8_t I2CP_DEST_LOOKUP_MESSAGE = 34;
+	const uint8_t I2CP_DEST_REPLY_MESSAGE = 35;	
+	const uint8_t I2CP_GET_BANDWIDTH_LIMITS_MESSAGE = 8;	
+	const uint8_t I2CP_BANDWIDTH_LIMITS_MESSAGE = 23;
+
+	enum I2CPMessageStatus
+	{
+		eI2CPMessageStatusAccepted = 1,
+		eI2CPMessageStatusGuaranteedSuccess = 4,
+		eI2CPMessageStatusGuaranteedFailure = 5,
+		eI2CPMessageStatusNoLeaseSet = 21
+	};
+
+	// params
+	const char I2CP_PARAM_DONT_PUBLISH_LEASESET[] = "i2cp.dontPublishLeaseSet";	
+	const char I2CP_PARAM_MESSAGE_RELIABILITY[] = "i2cp.messageReliability";	
+
+	class I2CPSession;
+	class I2CPDestination: public LeaseSetDestination
+	{
+		public:
+
+			I2CPDestination (std::shared_ptr<I2CPSession> owner, std::shared_ptr<const i2p::data::IdentityEx> identity, bool isPublic, const std::map<std::string, std::string>& params);
+
+			void SetEncryptionPrivateKey (const uint8_t * key);
+			void LeaseSetCreated (const uint8_t * buf, size_t len); // called from I2CPSession
+			void SendMsgTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash& ident, uint32_t nonce); // called from I2CPSession
+
+			// implements LocalDestination
+			const uint8_t * GetEncryptionPrivateKey () const { return m_EncryptionPrivateKey; };
+			std::shared_ptr<const i2p::data::IdentityEx> GetIdentity () const { return m_Identity; };
+
+		protected:
+
+			// I2CP
+			void HandleDataMessage (const uint8_t * buf, size_t len);
+			void CreateNewLeaseSet (std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels);
+
+		private:
+
+			std::shared_ptr<I2CPDestination> GetSharedFromThis ()
+			{ return std::static_pointer_cast<I2CPDestination>(shared_from_this ()); }  
+			bool SendMsg (std::shared_ptr<I2NPMessage> msg, std::shared_ptr<const i2p::data::LeaseSet> remote);
+
+		private:
+
+			std::shared_ptr<I2CPSession> m_Owner;
+			std::shared_ptr<const i2p::data::IdentityEx> m_Identity;
+			uint8_t m_EncryptionPrivateKey[256];
+			uint64_t m_LeaseSetExpirationTime;
+	};
+
+	class I2CPServer;
+	class I2CPSession: public std::enable_shared_from_this<I2CPSession>
+	{
+		public:
+
+#ifdef ANDROID 
+			typedef boost::asio::local::stream_protocol proto;
+#else
+			typedef boost::asio::ip::tcp proto;
+#endif		
+
+			I2CPSession (I2CPServer& owner, std::shared_ptr<proto::socket> socket);
+
+			~I2CPSession ();
+
+			void Start ();
+			void Stop ();
+			uint16_t GetSessionID () const { return m_SessionID; };
+			std::shared_ptr<const I2CPDestination> GetDestination () const { return m_Destination; };
+
+			// called from I2CPDestination	
+			void SendI2CPMessage (uint8_t type, const uint8_t * payload, size_t len);
+			void SendMessagePayloadMessage (const uint8_t * payload, size_t len); 		
+			void SendMessageStatusMessage (uint32_t nonce, I2CPMessageStatus status);
+
+			// message handlers
+			void GetDateMessageHandler (const uint8_t * buf, size_t len);
+			void CreateSessionMessageHandler (const uint8_t * buf, size_t len);
+			void DestroySessionMessageHandler (const uint8_t * buf, size_t len);
+			void ReconfigureSessionMessageHandler (const uint8_t * buf, size_t len);
+			void CreateLeaseSetMessageHandler (const uint8_t * buf, size_t len);
+			void SendMessageMessageHandler (const uint8_t * buf, size_t len);
+			void SendMessageExpiresMessageHandler (const uint8_t * buf, size_t len);
+			void HostLookupMessageHandler (const uint8_t * buf, size_t len);
+			void DestLookupMessageHandler (const uint8_t * buf, size_t len);
+			void GetBandwidthLimitsMessageHandler (const uint8_t * buf, size_t len);
+
+		private:
+			
+			void ReadProtocolByte ();
+			void ReceiveHeader ();
+			void HandleReceivedHeader (const boost::system::error_code& ecode, std::size_t bytes_transferred);
+			void ReceivePayload ();
+			void HandleReceivedPayload (const boost::system::error_code& ecode, std::size_t bytes_transferred);
+			void HandleMessage ();
+			void Terminate ();
+			
+			void HandleI2CPMessageSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, const uint8_t * buf);
+			std::string ExtractString (const uint8_t * buf, size_t len);
+			size_t PutString (uint8_t * buf, size_t len, const std::string& str);
+			void ExtractMapping (const uint8_t * buf, size_t len, std::map<std::string, std::string>& mapping);
+
+			void SendSessionStatusMessage (uint8_t status);
+			void SendHostReplyMessage (uint32_t requestID, std::shared_ptr<const i2p::data::IdentityEx> identity);
+
+		private:
+
+			I2CPServer& m_Owner;
+			std::shared_ptr<proto::socket> m_Socket;
+			uint8_t m_Header[I2CP_HEADER_SIZE], * m_Payload;
+			size_t m_PayloadLen;
+
+			std::shared_ptr<I2CPDestination> m_Destination;
+			uint16_t m_SessionID;
+			uint32_t m_MessageID;
+			bool m_IsSendAccepted;
+	};
+	typedef void (I2CPSession::*I2CPMessageHandler)(const uint8_t * buf, size_t len);
+	
+	class I2CPServer
+	{
+		public:
+
+			I2CPServer (const std::string& interface, int port);
+			~I2CPServer ();
+			
+			void Start ();
+			void Stop ();
+			boost::asio::io_service& GetService () { return m_Service; };
+
+			bool InsertSession (std::shared_ptr<I2CPSession> session);
+			void RemoveSession (uint16_t sessionID);
+
+		private:
+
+			void Run ();
+
+			void Accept ();
+
+			void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<I2CPSession::proto::socket> socket);
+
+		private:
+			
+			I2CPMessageHandler m_MessagesHandlers[256];
+			std::map<uint16_t, std::shared_ptr<I2CPSession> > m_Sessions;
+
+			bool m_IsRunning;
+			std::thread * m_Thread;	
+			boost::asio::io_service m_Service;
+			I2CPSession::proto::acceptor m_Acceptor;
+
+		public:
+
+			const decltype(m_MessagesHandlers)& GetMessagesHandlers () const { return m_MessagesHandlers; };
+
+			// for HTTP
+			const decltype(m_Sessions)& GetSessions () const { return m_Sessions; };
+	};	
+}
+}
+
+#endif
+

I2NPProtocol.cpp

@@ -1,321 +1,363 @@
 #include <string.h>
 #include <atomic>
+#include "Base.h"
+#include "Log.h"
+#include "Crypto.h"
 #include "I2PEndian.h"
-#include <cryptopp/sha.h>
-#include <cryptopp/gzip.h>
-#include "ElGamal.h"
 #include "Timestamp.h"
 #include "RouterContext.h"
 #include "NetDb.h"
 #include "Tunnel.h"
-#include "base64.h"
 #include "Transports.h"
 #include "Garlic.h"
 #include "I2NPProtocol.h"
+#include "version.h"
 
 using namespace i2p::transport;
 
 namespace i2p
 {
-	I2NPMessage * NewI2NPMessage ()
+	std::shared_ptr<I2NPMessage> NewI2NPMessage ()
 	{
-		return new I2NPMessageBuffer<I2NP_MAX_MESSAGE_SIZE>();
+		return std::make_shared<I2NPMessageBuffer<I2NP_MAX_MESSAGE_SIZE> >();
 	}
 	
-	I2NPMessage * NewI2NPShortMessage ()
+	std::shared_ptr<I2NPMessage> NewI2NPShortMessage ()
 	{
-		return new I2NPMessageBuffer<I2NP_MAX_SHORT_MESSAGE_SIZE>();
+		return std::make_shared<I2NPMessageBuffer<I2NP_MAX_SHORT_MESSAGE_SIZE> >();
 	}
 
-	I2NPMessage * NewI2NPMessage (size_t len)
+	std::shared_ptr<I2NPMessage> NewI2NPTunnelMessage ()
+	{
+		auto msg = new I2NPMessageBuffer<i2p::tunnel::TUNNEL_DATA_MSG_SIZE + I2NP_HEADER_SIZE + 34>(); // reserved for alignment and NTCP 16 + 6 + 12
+		msg->Align (12);
+		return std::shared_ptr<I2NPMessage>(msg);
+	}	
+	
+	std::shared_ptr<I2NPMessage> NewI2NPMessage (size_t len)
 	{
 		return (len < I2NP_MAX_SHORT_MESSAGE_SIZE/2) ? NewI2NPShortMessage () : NewI2NPMessage ();
 	}	
+
+	void I2NPMessage::FillI2NPMessageHeader (I2NPMessageType msgType, uint32_t replyMsgID)
+	{
+		SetTypeID (msgType);
+		if (!replyMsgID) RAND_bytes ((uint8_t *)&replyMsgID, 4);
+		SetMsgID (replyMsgID); 
+		SetExpiration (i2p::util::GetMillisecondsSinceEpoch () + I2NP_MESSAGE_EXPIRATION_TIMEOUT); 
+		UpdateSize ();
+		UpdateChks ();
+	}		
 	
-	void DeleteI2NPMessage (I2NPMessage * msg)
+	void I2NPMessage::RenewI2NPMessageHeader ()
 	{
-		delete msg;
-	}	
-
-	static std::atomic<uint32_t> I2NPmsgID(0); // TODO: create class
-	void FillI2NPMessageHeader (I2NPMessage * msg, I2NPMessageType msgType, uint32_t replyMsgID)
-	{
-		I2NPHeader * header = msg->GetHeader ();
-		header->typeID = msgType;
-		if (replyMsgID) // for tunnel creation
-			header->msgID = htobe32 (replyMsgID); 
-		else
-		{	
-			header->msgID = htobe32 (I2NPmsgID);
-			I2NPmsgID++;
-		}	
-		header->expiration = htobe64 (i2p::util::GetMillisecondsSinceEpoch () + 5000); // TODO: 5 secs is a magic number
-		int len = msg->GetLength () - sizeof (I2NPHeader);
-		header->size = htobe16 (len);
-		uint8_t hash[32];
-		CryptoPP::SHA256().CalculateDigest(hash, msg->GetPayload (), len);
-		header->chks = hash[0];
-	}	
-
-	void RenewI2NPMessageHeader (I2NPMessage * msg)
-	{
-		if (msg)
-		{
-			I2NPHeader * header = msg->GetHeader ();
-			header->msgID = htobe32 (I2NPmsgID);
-			I2NPmsgID++;
-			header->expiration = htobe64 (i2p::util::GetMillisecondsSinceEpoch () + 5000); 		
-		}
+		uint32_t msgID;
+		RAND_bytes ((uint8_t *)&msgID, 4);
+		SetMsgID (msgID);
+		SetExpiration (i2p::util::GetMillisecondsSinceEpoch () + I2NP_MESSAGE_EXPIRATION_TIMEOUT); 		
 	}
 
-	I2NPMessage * CreateI2NPMessage (I2NPMessageType msgType, const uint8_t * buf, int len, uint32_t replyMsgID)
+	bool I2NPMessage::IsExpired () const
 	{
-		I2NPMessage * msg = NewI2NPMessage (len);
-		memcpy (msg->GetPayload (), buf, len);
-		msg->len += len;
-		FillI2NPMessageHeader (msg, msgType, replyMsgID);
+		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+		auto exp = GetExpiration ();  	
+		return (ts > exp + I2NP_MESSAGE_CLOCK_SKEW) || (ts < exp - 3*I2NP_MESSAGE_CLOCK_SKEW); // check if expired or too far in future
+	}	
+	
+	std::shared_ptr<I2NPMessage> CreateI2NPMessage (I2NPMessageType msgType, const uint8_t * buf, size_t len, uint32_t replyMsgID)
+	{
+		auto msg = NewI2NPMessage (len);
+		if (msg->Concat (buf, len) < len)
+			LogPrint (eLogError, "I2NP: message length ", len, " exceeds max length ", msg->maxLen);
+		msg->FillI2NPMessageHeader (msgType, replyMsgID);
 		return msg;
 	}	
 
-	I2NPMessage * CreateI2NPMessage (const uint8_t * buf, int len, i2p::tunnel::InboundTunnel * from)
+	std::shared_ptr<I2NPMessage> CreateI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
-		I2NPMessage * msg = NewI2NPMessage ();
-		memcpy (msg->GetBuffer (), buf, len);
-		msg->len = msg->offset + len;
-		msg->from = from;
+		auto msg = NewI2NPMessage ();
+		if (msg->offset + len < msg->maxLen)
+		{
+			memcpy (msg->GetBuffer (), buf, len);
+			msg->len = msg->offset + len;
+			msg->from = from;
+		}
+		else
+			LogPrint (eLogError, "I2NP: message length ", len, " exceeds max length");
 		return msg;
 	}	
-	
-	I2NPMessage * CreateDeliveryStatusMsg (uint32_t msgID)
+
+	std::shared_ptr<I2NPMessage> CopyI2NPMessage (std::shared_ptr<I2NPMessage> msg)
 	{
-		I2NPDeliveryStatusMsg msg;
+		if (!msg) return nullptr;
+		auto newMsg = NewI2NPMessage (msg->len);
+		newMsg->offset = msg->offset;
+		*newMsg = *msg;
+		return newMsg;
+	}	
+	
+	std::shared_ptr<I2NPMessage> CreateDeliveryStatusMsg (uint32_t msgID)
+	{
+		auto m = NewI2NPShortMessage ();
+		uint8_t * buf = m->GetPayload ();
 		if (msgID)
 		{
-			msg.msgID = htobe32 (msgID);
-			msg.timestamp = htobe64 (i2p::util::GetMillisecondsSinceEpoch ());
+			htobe32buf (buf + DELIVERY_STATUS_MSGID_OFFSET, msgID);
+			htobe64buf (buf + DELIVERY_STATUS_TIMESTAMP_OFFSET, i2p::util::GetMillisecondsSinceEpoch ());
 		}
 		else // for SSU establishment
 		{
-			msg.msgID = htobe32 (i2p::context.GetRandomNumberGenerator ().GenerateWord32 ());
-			msg.timestamp = htobe64 (2); // netID = 2
- 		}
-		return CreateI2NPMessage (eI2NPDeliveryStatus, (uint8_t *)&msg, sizeof (msg));
+			RAND_bytes ((uint8_t *)&msgID, 4);
+			htobe32buf (buf + DELIVERY_STATUS_MSGID_OFFSET, msgID);
+			htobe64buf (buf + DELIVERY_STATUS_TIMESTAMP_OFFSET, i2p::context.GetNetID ()); 
+		}	
+		m->len += DELIVERY_STATUS_SIZE;
+		m->FillI2NPMessageHeader (eI2NPDeliveryStatus);
+		return m;
 	}
 
-	I2NPMessage * CreateDatabaseLookupMsg (const uint8_t * key, const uint8_t * from, 
-		uint32_t replyTunnelID, bool exploratory, std::set<i2p::data::IdentHash> * excludedPeers,
-	    bool encryption, i2p::tunnel::TunnelPool * pool)
+	std::shared_ptr<I2NPMessage> CreateRouterInfoDatabaseLookupMsg (const uint8_t * key, const uint8_t * from, 
+		uint32_t replyTunnelID, bool exploratory, std::set<i2p::data::IdentHash> * excludedPeers)
 	{
-		I2NPMessage * m = NewI2NPMessage ();
+		auto m = excludedPeers ? NewI2NPMessage () : NewI2NPShortMessage ();
 		uint8_t * buf = m->GetPayload ();
 		memcpy (buf, key, 32); // key
 		buf += 32;
 		memcpy (buf, from, 32); // from
 		buf += 32;
+		uint8_t flag = exploratory ? DATABASE_LOOKUP_TYPE_EXPLORATORY_LOOKUP : DATABASE_LOOKUP_TYPE_ROUTERINFO_LOOKUP; 
 		if (replyTunnelID)
 		{
-			*buf = encryption ? 0x03: 0x01; // set delivery flag
-			*(uint32_t *)(buf+1) = htobe32 (replyTunnelID);
+			*buf = flag | DATABASE_LOOKUP_DELIVERY_FLAG; // set delivery flag
+			htobe32buf (buf+1, replyTunnelID);
 			buf += 5;
 		}
 		else
 		{	
-			encryption = false; // encryption can we set for tunnels only
-			*buf = 0; // flag
+			*buf = flag; // flag
 			buf++;
 		}	
-		
-		if (exploratory)
+				
+		if (excludedPeers)
 		{
-			*(uint16_t *)buf = htobe16 (1); // one exlude record
+			int cnt = excludedPeers->size ();
+			htobe16buf (buf, cnt);
 			buf += 2;
-			// reply with non-floodfill routers only
-			memset (buf, 0, 32);
-			buf += 32;
+			for (auto& it: *excludedPeers)
+			{
+				memcpy (buf, it, 32);
+				buf += 32;
+			}	
 		}
 		else
-		{
-			if (excludedPeers)
-			{
-				int cnt = excludedPeers->size ();
-				*(uint16_t *)buf = htobe16 (cnt);
-				buf += 2;
-				for (auto& it: *excludedPeers)
-				{
-					memcpy (buf, it, 32);
-					buf += 32;
-				}	
-			}
-			else
-			{	
-				// nothing to exclude
-				*(uint16_t *)buf = htobe16 (0);
-				buf += 2;
-			}	
-		}	
-		if (encryption)
-		{
-			// session key and tag for reply
-			auto& rnd = i2p::context.GetRandomNumberGenerator ();
-			rnd.GenerateBlock (buf, 32); // key
-			buf[32] = 1; // 1 tag
-			rnd.GenerateBlock (buf + 33, 32); // tag
-			if (pool)
-				pool->GetGarlicDestination ().AddSessionKey (buf, buf + 33); // introduce new key-tag to garlic engine
-			else
-				LogPrint ("Destination for encrypteed reply not specified");
-			buf += 65;
-		}	
+		{	
+			// nothing to exclude
+			htobuf16 (buf, 0);
+			buf += 2;
+		}		
+		
 		m->len += (buf - m->GetPayload ()); 
-		FillI2NPMessageHeader (m, eI2NPDatabaseLookup);
+		m->FillI2NPMessageHeader (eI2NPDatabaseLookup);
 		return m; 
 	}	
 
-	I2NPMessage * CreateDatabaseSearchReply (const i2p::data::IdentHash& ident, 
-		const i2p::data::RouterInfo * floodfill)
+	std::shared_ptr<I2NPMessage> CreateLeaseSetDatabaseLookupMsg (const i2p::data::IdentHash& dest, 
+		const std::set<i2p::data::IdentHash>& excludedFloodfills,
+		std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel, const uint8_t * replyKey, const uint8_t * replyTag)
 	{
-		I2NPMessage * m = NewI2NPShortMessage ();
+		int cnt = excludedFloodfills.size ();
+		auto m = cnt > 0 ? NewI2NPMessage () : NewI2NPShortMessage ();
+		uint8_t * buf = m->GetPayload ();
+		memcpy (buf, dest, 32); // key
+		buf += 32;
+		memcpy (buf, replyTunnel->GetNextIdentHash (), 32); // reply tunnel GW
+		buf += 32;
+		*buf = DATABASE_LOOKUP_DELIVERY_FLAG | DATABASE_LOOKUP_ENCRYPTION_FLAG | DATABASE_LOOKUP_TYPE_LEASESET_LOOKUP; // flags
+		buf ++;
+		htobe32buf (buf, replyTunnel->GetNextTunnelID ()); // reply tunnel ID
+		buf += 4;
+		
+		// excluded
+		htobe16buf (buf, cnt);
+		buf += 2;
+		if (cnt > 0)
+		{
+			for (auto& it: excludedFloodfills)
+			{
+				memcpy (buf, it, 32);
+				buf += 32;
+			}
+		}	
+		// encryption
+		memcpy (buf, replyKey, 32);
+		buf[32] = uint8_t( 1 ); // 1 tag
+		memcpy (buf + 33, replyTag, 32);
+		buf += 65;
+
+		m->len += (buf - m->GetPayload ()); 
+		m->FillI2NPMessageHeader (eI2NPDatabaseLookup);
+		return m; 		  			
+	}			
+
+	std::shared_ptr<I2NPMessage> CreateDatabaseSearchReply (const i2p::data::IdentHash& ident, 
+		 std::vector<i2p::data::IdentHash> routers)
+	{
+		auto m = NewI2NPShortMessage ();
 		uint8_t * buf = m->GetPayload ();
 		size_t len = 0;
 		memcpy (buf, ident, 32);
 		len += 32;
-		buf[len] = floodfill ? 1 : 0; // 1 router for now
+		buf[len] = routers.size (); 
 		len++;
-		if (floodfill)
+		for (const auto& it: routers)
 		{
-			memcpy (buf + len, floodfill->GetIdentHash (), 32);
+			memcpy (buf + len, it, 32);
 			len += 32;
 		}	
 		memcpy (buf + len, i2p::context.GetRouterInfo ().GetIdentHash (), 32);
 		len += 32;	
 		m->len += len;
-		FillI2NPMessageHeader (m, eI2NPDatabaseSearchReply);
+		m->FillI2NPMessageHeader (eI2NPDatabaseSearchReply);
 		return m; 
 	}	
 	
-	I2NPMessage * CreateDatabaseStoreMsg (const i2p::data::RouterInfo * router)
+	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::RouterInfo> router, uint32_t replyToken)
 	{
 		if (!router) // we send own RouterInfo
-			router = &context.GetRouterInfo ();
+			router = context.GetSharedRouterInfo ();
 
-		I2NPMessage * m = NewI2NPShortMessage ();
-		I2NPDatabaseStoreMsg * msg = (I2NPDatabaseStoreMsg *)m->GetPayload ();		
+		auto m = NewI2NPShortMessage ();
+		uint8_t * payload = m->GetPayload ();		
 
-		memcpy (msg->key, router->GetIdentHash (), 32);
-		msg->type = 0;
-		msg->replyToken = 0;
-		
-		CryptoPP::Gzip compressor;
-		compressor.Put (router->GetBuffer (), router->GetBufferLen ());
-		compressor.MessageEnd();
-		auto size = compressor.MaxRetrievable ();
-		uint8_t * buf = m->GetPayload () + sizeof (I2NPDatabaseStoreMsg);
-		*(uint16_t *)buf = htobe16 (size); // size
+		memcpy (payload + DATABASE_STORE_KEY_OFFSET, router->GetIdentHash (), 32);
+		payload[DATABASE_STORE_TYPE_OFFSET] = 0; // RouterInfo
+		htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, replyToken);
+		uint8_t * buf = payload + DATABASE_STORE_HEADER_SIZE;
+		if (replyToken)
+		{
+			memset (buf, 0, 4); // zero tunnelID means direct reply
+			buf += 4;
+			memcpy (buf, router->GetIdentHash (), 32);
+			buf += 32;
+		}		
+
+		uint8_t * sizePtr = buf;
 		buf += 2;
-		// TODO: check if size doesn't exceed buffer
-		compressor.Get (buf, size); 
-		m->len += sizeof (I2NPDatabaseStoreMsg) + 2 + size; // payload size
-		FillI2NPMessageHeader (m, eI2NPDatabaseStore);
-		
+		m->len += (buf - payload); // payload size
+		i2p::data::GzipDeflator deflator;
+		size_t size = deflator.Deflate (router->GetBuffer (), router->GetBufferLen (), buf, m->maxLen -m->len);
+		if (size)
+		{	
+			htobe16buf (sizePtr, size); // size
+			m->len += size;
+		}	
+		else
+			m = nullptr;
+		if (m)
+			m->FillI2NPMessageHeader (eI2NPDatabaseStore);
 		return m;
 	}	
 
-	I2NPMessage * CreateDatabaseStoreMsg (const i2p::data::LeaseSet * leaseSet,  uint32_t replyToken)
+	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::LeaseSet> leaseSet)
 	{
 		if (!leaseSet) return nullptr;
-		I2NPMessage * m = NewI2NPShortMessage ();
+		auto m = NewI2NPShortMessage ();
 		uint8_t * payload = m->GetPayload ();	
-		I2NPDatabaseStoreMsg * msg = (I2NPDatabaseStoreMsg *)payload;
-		memcpy (msg->key, leaseSet->GetIdentHash (), 32);
-		msg->type = 1; // LeaseSet
-		msg->replyToken = htobe32 (replyToken);
-		size_t size = sizeof (I2NPDatabaseStoreMsg);
-		if (replyToken)
+		memcpy (payload + DATABASE_STORE_KEY_OFFSET, leaseSet->GetIdentHash (), 32);
+		payload[DATABASE_STORE_TYPE_OFFSET] = 1; // LeaseSet
+		htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, 0);
+		size_t size = DATABASE_STORE_HEADER_SIZE;
+		memcpy (payload + size, leaseSet->GetBuffer (), leaseSet->GetBufferLen ());
+		size += leaseSet->GetBufferLen ();
+		m->len += size;
+		m->FillI2NPMessageHeader (eI2NPDatabaseStore);
+		return m;
+	}
+
+	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::LocalLeaseSet> leaseSet,  uint32_t replyToken, std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel)
+	{
+		if (!leaseSet) return nullptr;
+		auto m = NewI2NPShortMessage ();
+		uint8_t * payload = m->GetPayload ();	
+		memcpy (payload + DATABASE_STORE_KEY_OFFSET, leaseSet->GetIdentHash (), 32);
+		payload[DATABASE_STORE_TYPE_OFFSET] = 1; // LeaseSet
+		htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, replyToken);
+		size_t size = DATABASE_STORE_HEADER_SIZE;
+		if (replyToken && replyTunnel)
 		{
-			auto leases = leaseSet->GetNonExpiredLeases ();
-			if (leases.size () > 0)
+			if (replyTunnel)
 			{
-				*(uint32_t *)(payload + size) = htobe32 (leases[0].tunnelID);
+				htobe32buf (payload + size, replyTunnel->GetNextTunnelID ());
 				size += 4; // reply tunnelID
-				memcpy (payload + size, leases[0].tunnelGateway, 32);
+				memcpy (payload + size, replyTunnel->GetNextIdentHash (), 32);
 				size += 32; // reply tunnel gateway
 			}
 			else
-				msg->replyToken = 0;
+				htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, 0);
 		}
 		memcpy (payload + size, leaseSet->GetBuffer (), leaseSet->GetBufferLen ());
 		size += leaseSet->GetBufferLen ();
 		m->len += size;
-		FillI2NPMessageHeader (m, eI2NPDatabaseStore);
+		m->FillI2NPMessageHeader (eI2NPDatabaseStore);
 		return m;
 	}
 
-	I2NPBuildRequestRecordClearText CreateBuildRequestRecord (
-		const uint8_t * ourIdent, uint32_t receiveTunnelID, 
-	    const uint8_t * nextIdent, uint32_t nextTunnelID, 
-	    const uint8_t * layerKey,const uint8_t * ivKey,                                                                 
-	    const uint8_t * replyKey, const uint8_t * replyIV, uint32_t nextMessageID,
-	          bool isGateway, bool isEndpoint)
+	bool IsRouterInfoMsg (std::shared_ptr<I2NPMessage> msg)
 	{
-		I2NPBuildRequestRecordClearText clearText;	
-		clearText.receiveTunnel = htobe32 (receiveTunnelID); 		
-		clearText.nextTunnel = htobe32(nextTunnelID);
-		memcpy (clearText.layerKey, layerKey, 32);
-		memcpy (clearText.ivKey, ivKey, 32);
-		memcpy (clearText.replyKey, replyKey, 32);
-		memcpy (clearText.replyIV, replyIV, 16);
-		clearText.flag = 0;
-		if (isGateway) clearText.flag |= 0x80;
-		if (isEndpoint) clearText.flag |= 0x40;
-		memcpy (clearText.ourIdent, ourIdent, 32);
-		memcpy (clearText.nextIdent, nextIdent, 32);
-		clearText.requestTime = htobe32 (i2p::util::GetHoursSinceEpoch ()); 
-		clearText.nextMessageID = htobe32(nextMessageID);
-		return clearText;
-	}	
-
-	void EncryptBuildRequestRecord (const i2p::data::RouterInfo& router, 
-		const I2NPBuildRequestRecordClearText& clearText,
-	    I2NPBuildRequestRecordElGamalEncrypted& record)
-	{
-		router.GetElGamalEncryption ()->Encrypt ((uint8_t *)&clearText, sizeof(clearText), record.encrypted);
-		memcpy (record.toPeer, (const uint8_t *)router.GetIdentHash (), 16);
+		if (!msg || msg->GetTypeID () != eI2NPDatabaseStore) return false;
+		return !msg->GetPayload ()[DATABASE_STORE_TYPE_OFFSET]; // 0- RouterInfo
 	}	
 	
-	bool HandleBuildRequestRecords (int num, I2NPBuildRequestRecordElGamalEncrypted * records, I2NPBuildRequestRecordClearText& clearText)
+	static uint16_t g_MaxNumTransitTunnels = DEFAULT_MAX_NUM_TRANSIT_TUNNELS; // TODO:
+	void SetMaxNumTransitTunnels (uint16_t maxNumTransitTunnels)
+	{
+		if (maxNumTransitTunnels > 0 && maxNumTransitTunnels <= 10000 && g_MaxNumTransitTunnels != maxNumTransitTunnels)
+		{
+			LogPrint (eLogDebug, "I2NP: Max number of  transit tunnels set to ", maxNumTransitTunnels);
+			g_MaxNumTransitTunnels = maxNumTransitTunnels;
+		}
+	}
+
+	bool HandleBuildRequestRecords (int num, uint8_t * records, uint8_t * clearText)
 	{
 		for (int i = 0; i < num; i++)
 		{	
-			if (!memcmp (records[i].toPeer, (const uint8_t *)i2p::context.GetRouterInfo ().GetIdentHash (), 16))
+			uint8_t * record = records + i*TUNNEL_BUILD_RECORD_SIZE;
+			if (!memcmp (record + BUILD_REQUEST_RECORD_TO_PEER_OFFSET, (const uint8_t *)i2p::context.GetRouterInfo ().GetIdentHash (), 16))
 			{	
-				LogPrint ("Record ",i," is ours");	
+				LogPrint (eLogDebug, "I2NP: Build request record ", i, " is ours");
 			
-				i2p::crypto::ElGamalDecrypt (i2p::context.GetEncryptionPrivateKey (), records[i].encrypted, (uint8_t *)&clearText);
-				// replace record to reply
-				I2NPBuildResponseRecord * reply = (I2NPBuildResponseRecord *)(records + i);				
-				if (i2p::context.AcceptsTunnels ())
+				i2p::crypto::ElGamalDecrypt (i2p::context.GetEncryptionPrivateKey (), record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET, clearText);
+				// replace record to reply			
+				if (i2p::context.AcceptsTunnels () && 
+					i2p::tunnel::tunnels.GetTransitTunnels ().size () <= g_MaxNumTransitTunnels &&
+					!i2p::transport::transports.IsBandwidthExceeded ())
 				{	
-					i2p::tunnel::TransitTunnel * transitTunnel = 
-						i2p::tunnel::CreateTransitTunnel (
-							be32toh (clearText.receiveTunnel), 
-							clearText.nextIdent, be32toh (clearText.nextTunnel),
-							clearText.layerKey, clearText.ivKey, 
-							clearText.flag & 0x80, clearText.flag & 0x40);
+					auto transitTunnel = i2p::tunnel::CreateTransitTunnel (
+							bufbe32toh (clearText + BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET), 
+							clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, 
+						    bufbe32toh (clearText + BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
+							clearText + BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET, 
+						    clearText + BUILD_REQUEST_RECORD_IV_KEY_OFFSET, 
+							clearText[BUILD_REQUEST_RECORD_FLAG_OFFSET] & 0x80, 
+						    clearText[BUILD_REQUEST_RECORD_FLAG_OFFSET ] & 0x40);
 					i2p::tunnel::tunnels.AddTransitTunnel (transitTunnel);
-					reply->ret = 0;
+					record[BUILD_RESPONSE_RECORD_RET_OFFSET] = 0;
 				}
 				else
-					reply->ret = 30; // always reject with bandwidth reason (30)
+					record[BUILD_RESPONSE_RECORD_RET_OFFSET] = 30; // always reject with bandwidth reason (30)
 				
 				//TODO: fill filler
-				CryptoPP::SHA256().CalculateDigest(reply->hash, reply->padding, sizeof (reply->padding) + 1); // + 1 byte of ret
+				SHA256 (record + BUILD_RESPONSE_RECORD_PADDING_OFFSET, BUILD_RESPONSE_RECORD_PADDING_SIZE + 1, // + 1 byte of ret
+					record + BUILD_RESPONSE_RECORD_HASH_OFFSET);       
 				// encrypt reply
 				i2p::crypto::CBCEncryption encryption;
 				for (int j = 0; j < num; j++)
 				{
-					encryption.SetKey (clearText.replyKey);
-					encryption.SetIV (clearText.replyIV);
-					encryption.Encrypt((uint8_t *)(records + j), sizeof (records[j]), (uint8_t *)(records + j)); 
+					encryption.SetKey (clearText + BUILD_REQUEST_RECORD_REPLY_KEY_OFFSET);
+					encryption.SetIV (clearText + BUILD_REQUEST_RECORD_REPLY_IV_OFFSET);
+					uint8_t * reply = records + j*TUNNEL_BUILD_RECORD_SIZE;
+					encryption.Encrypt(reply, TUNNEL_BUILD_RECORD_SIZE, reply); 
 				}
 				return true;
 			}	
@@ -326,247 +368,240 @@ namespace i2p
 	void HandleVariableTunnelBuildMsg (uint32_t replyMsgID, uint8_t * buf, size_t len)
 	{	
 		int num = buf[0];
-		LogPrint ("VariableTunnelBuild ", num, " records");
+		LogPrint (eLogDebug, "I2NP: VariableTunnelBuild ", num, " records");
+		if (len < num*BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE + 1)
+		{
+			LogPrint (eLogError, "VaribleTunnelBuild message of ", num, " records is too short ", len);
+			return;
+		}	
 
-		i2p::tunnel::Tunnel * tunnel =  i2p::tunnel::tunnels.GetPendingTunnel (replyMsgID);
+		auto tunnel =  i2p::tunnel::tunnels.GetPendingInboundTunnel (replyMsgID);
 		if (tunnel)
 		{
 			// endpoint of inbound tunnel
-			LogPrint ("VariableTunnelBuild reply for tunnel ", tunnel->GetTunnelID ());
+			LogPrint (eLogDebug, "I2NP: VariableTunnelBuild reply for tunnel ", tunnel->GetTunnelID ());
 			if (tunnel->HandleTunnelBuildResponse (buf, len))
 			{
-				LogPrint ("Inbound tunnel ", tunnel->GetTunnelID (), " has been created");
+				LogPrint (eLogInfo, "I2NP: Inbound tunnel ", tunnel->GetTunnelID (), " has been created");
 				tunnel->SetState (i2p::tunnel::eTunnelStateEstablished);	
-				i2p::tunnel::tunnels.AddInboundTunnel (static_cast<i2p::tunnel::InboundTunnel *>(tunnel));
+				i2p::tunnel::tunnels.AddInboundTunnel (tunnel);
 			}
 			else
 			{
-				LogPrint ("Inbound tunnel ", tunnel->GetTunnelID (), " has been declined");
+				LogPrint (eLogInfo, "I2NP: Inbound tunnel ", tunnel->GetTunnelID (), " has been declined");
 				tunnel->SetState (i2p::tunnel::eTunnelStateBuildFailed);	
 			}
 		}
 		else
 		{
-			I2NPBuildRequestRecordElGamalEncrypted * records = (I2NPBuildRequestRecordElGamalEncrypted *)(buf+1); 
-			I2NPBuildRequestRecordClearText clearText;	
-			if (HandleBuildRequestRecords (num, records, clearText))
+			uint8_t clearText[BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE];	
+			if (HandleBuildRequestRecords (num, buf + 1, clearText))
 			{
-				if (clearText.flag & 0x40) // we are endpoint of outboud tunnel
+				if (clearText[BUILD_REQUEST_RECORD_FLAG_OFFSET] & 0x40) // we are endpoint of outboud tunnel
 				{
 					// so we send it to reply tunnel 
-					transports.SendMessage (clearText.nextIdent, 
-						CreateTunnelGatewayMsg (be32toh (clearText.nextTunnel),
+					transports.SendMessage (clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, 
+						CreateTunnelGatewayMsg (bufbe32toh (clearText + BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
 							eI2NPVariableTunnelBuildReply, buf, len, 
-						    be32toh (clearText.nextMessageID)));                         
+						    bufbe32toh (clearText + BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET)));                         
 				}	
 				else	
-					transports.SendMessage (clearText.nextIdent, 
-						CreateI2NPMessage (eI2NPVariableTunnelBuild, buf, len, be32toh (clearText.nextMessageID)));
+					transports.SendMessage (clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, 
+						CreateI2NPMessage (eI2NPVariableTunnelBuild, buf, len, 
+							bufbe32toh (clearText + BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET)));
 			}	
 		}	
 	}
 
 	void HandleTunnelBuildMsg (uint8_t * buf, size_t len)
 	{
-		I2NPBuildRequestRecordClearText clearText;	
-		if (HandleBuildRequestRecords (NUM_TUNNEL_BUILD_RECORDS, (I2NPBuildRequestRecordElGamalEncrypted *)buf, clearText))
+		if (len < NUM_TUNNEL_BUILD_RECORDS*BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE)
 		{
-			if (clearText.flag & 0x40) // we are endpoint of outbound tunnel
+			LogPrint (eLogError, "TunnelBuild message is too short ", len);
+			return;
+		}	
+		uint8_t clearText[BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE];	
+		if (HandleBuildRequestRecords (NUM_TUNNEL_BUILD_RECORDS, buf, clearText))
+		{
+			if (clearText[BUILD_REQUEST_RECORD_FLAG_OFFSET] & 0x40) // we are endpoint of outbound tunnel
 			{
 				// so we send it to reply tunnel 
-				transports.SendMessage (clearText.nextIdent, 
-					CreateTunnelGatewayMsg (be32toh (clearText.nextTunnel),
+				transports.SendMessage (clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, 
+					CreateTunnelGatewayMsg (bufbe32toh (clearText + BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
 						eI2NPTunnelBuildReply, buf, len, 
-					    be32toh (clearText.nextMessageID)));                         
+					    bufbe32toh (clearText + BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET)));                         
 			}	
 			else	
-				transports.SendMessage (clearText.nextIdent, 
-					CreateI2NPMessage (eI2NPTunnelBuild, buf, len, be32toh (clearText.nextMessageID)));
+				transports.SendMessage (clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, 
+					CreateI2NPMessage (eI2NPTunnelBuild, buf, len, 
+						bufbe32toh (clearText + BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET)));
 		} 
 	}
 
 	void HandleVariableTunnelBuildReplyMsg (uint32_t replyMsgID, uint8_t * buf, size_t len)
 	{	
-		LogPrint ("VariableTunnelBuildReplyMsg replyMsgID=", replyMsgID);
-		i2p::tunnel::Tunnel * tunnel = i2p::tunnel::tunnels.GetPendingTunnel (replyMsgID);
+		int num = buf[0];
+		LogPrint (eLogDebug, "I2NP: VariableTunnelBuildReplyMsg of ", num, " records replyMsgID=", replyMsgID);
+		if (len < num*BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE + 1)
+		{
+			LogPrint (eLogError, "VaribleTunnelBuildReply message of ", num, " records is too short ", len);
+			return;
+		}	
+		
+		auto tunnel = i2p::tunnel::tunnels.GetPendingOutboundTunnel (replyMsgID);
 		if (tunnel)
 		{	
 			// reply for outbound tunnel
 			if (tunnel->HandleTunnelBuildResponse (buf, len))
 			{	
-				LogPrint ("Outbound tunnel ", tunnel->GetTunnelID (), " has been created");
+				LogPrint (eLogInfo, "I2NP: Outbound tunnel ", tunnel->GetTunnelID (), " has been created");
 				tunnel->SetState (i2p::tunnel::eTunnelStateEstablished);	
-				i2p::tunnel::tunnels.AddOutboundTunnel (static_cast<i2p::tunnel::OutboundTunnel *>(tunnel));
+				i2p::tunnel::tunnels.AddOutboundTunnel (tunnel);
 			}	
 			else
 			{
-				LogPrint ("Outbound tunnel ", tunnel->GetTunnelID (), " has been declined");
+				LogPrint (eLogInfo, "I2NP: Outbound tunnel ", tunnel->GetTunnelID (), " has been declined");
 				tunnel->SetState (i2p::tunnel::eTunnelStateBuildFailed);	
 			}
 		}	
 		else
-			LogPrint ("Pending tunnel for message ", replyMsgID, " not found");
+			LogPrint (eLogWarning, "I2NP: Pending tunnel for message ", replyMsgID, " not found");
 	}
 
 
-	I2NPMessage * CreateTunnelDataMsg (const uint8_t * buf)
+	std::shared_ptr<I2NPMessage> CreateTunnelDataMsg (const uint8_t * buf)
 	{
-		I2NPMessage * msg = NewI2NPMessage ();
-		memcpy (msg->GetPayload (), buf, i2p::tunnel::TUNNEL_DATA_MSG_SIZE);
-		msg->len += i2p::tunnel::TUNNEL_DATA_MSG_SIZE; 
-		FillI2NPMessageHeader (msg, eI2NPTunnelData);
+		auto msg = NewI2NPTunnelMessage ();
+		msg->Concat (buf, i2p::tunnel::TUNNEL_DATA_MSG_SIZE);	
+		msg->FillI2NPMessageHeader (eI2NPTunnelData);
 		return msg;
 	}	
 
-	I2NPMessage * CreateTunnelDataMsg (uint32_t tunnelID, const uint8_t * payload)	
+	std::shared_ptr<I2NPMessage> CreateTunnelDataMsg (uint32_t tunnelID, const uint8_t * payload)	
 	{
-		I2NPMessage * msg = NewI2NPMessage ();
-		memcpy (msg->GetPayload () + 4, payload, i2p::tunnel::TUNNEL_DATA_MSG_SIZE - 4);
-		*(uint32_t *)(msg->GetPayload ()) = htobe32 (tunnelID);
+		auto msg = NewI2NPTunnelMessage ();
+		htobe32buf (msg->GetPayload (), tunnelID);
+		msg->len += 4; // tunnelID
+		msg->Concat (payload, i2p::tunnel::TUNNEL_DATA_MSG_SIZE - 4);
+		msg->FillI2NPMessageHeader (eI2NPTunnelData);
+		return msg;
+	}	
+
+	std::shared_ptr<I2NPMessage> CreateEmptyTunnelDataMsg ()
+	{
+		auto msg = NewI2NPTunnelMessage ();
 		msg->len += i2p::tunnel::TUNNEL_DATA_MSG_SIZE; 
-		FillI2NPMessageHeader (msg, eI2NPTunnelData);
 		return msg;
 	}	
 	
-	I2NPMessage * CreateTunnelGatewayMsg (uint32_t tunnelID, const uint8_t * buf, size_t len)
+	std::shared_ptr<I2NPMessage> CreateTunnelGatewayMsg (uint32_t tunnelID, const uint8_t * buf, size_t len)
 	{
-		I2NPMessage * msg = NewI2NPMessage (len);
-		TunnelGatewayHeader * header = (TunnelGatewayHeader *)msg->GetPayload ();
-		header->tunnelID = htobe32 (tunnelID);
-		header->length = htobe16 (len);
-		memcpy (msg->GetPayload () + sizeof (TunnelGatewayHeader), buf, len);
-		msg->len += sizeof (TunnelGatewayHeader) + len;
-		FillI2NPMessageHeader (msg, eI2NPTunnelGateway);
+		auto msg = NewI2NPMessage (len);
+		uint8_t * payload = msg->GetPayload ();
+		htobe32buf (payload + TUNNEL_GATEWAY_HEADER_TUNNELID_OFFSET, tunnelID);
+		htobe16buf (payload + TUNNEL_GATEWAY_HEADER_LENGTH_OFFSET, len);
+		msg->len += TUNNEL_GATEWAY_HEADER_SIZE;
+		if (msg->Concat (buf, len) < len)
+			LogPrint (eLogError, "I2NP: tunnel gateway buffer overflow ", msg->maxLen);	
+		msg->FillI2NPMessageHeader (eI2NPTunnelGateway);
 		return msg;
 	}	
 
-	I2NPMessage * CreateTunnelGatewayMsg (uint32_t tunnelID, I2NPMessage * msg)
+	std::shared_ptr<I2NPMessage> CreateTunnelGatewayMsg (uint32_t tunnelID, std::shared_ptr<I2NPMessage> msg)
 	{
-		if (msg->offset >= sizeof (I2NPHeader) + sizeof (TunnelGatewayHeader))
+		if (msg->offset >= I2NP_HEADER_SIZE + TUNNEL_GATEWAY_HEADER_SIZE)
 		{
 			// message is capable to be used without copying
-			TunnelGatewayHeader * header = (TunnelGatewayHeader *)(msg->GetBuffer () - sizeof (TunnelGatewayHeader));
-			header->tunnelID = htobe32 (tunnelID);
+			uint8_t * payload = msg->GetBuffer () - TUNNEL_GATEWAY_HEADER_SIZE;
+			htobe32buf (payload + TUNNEL_GATEWAY_HEADER_TUNNELID_OFFSET, tunnelID);
 			int len = msg->GetLength ();
-			header->length = htobe16 (len);
-			msg->offset -= (sizeof (I2NPHeader) + sizeof (TunnelGatewayHeader));
-			msg->len = msg->offset + sizeof (I2NPHeader) + sizeof (TunnelGatewayHeader) +len;
-			FillI2NPMessageHeader (msg, eI2NPTunnelGateway);
+			htobe16buf (payload + TUNNEL_GATEWAY_HEADER_LENGTH_OFFSET, len);
+			msg->offset -= (I2NP_HEADER_SIZE + TUNNEL_GATEWAY_HEADER_SIZE);
+			msg->len = msg->offset + I2NP_HEADER_SIZE + TUNNEL_GATEWAY_HEADER_SIZE +len;
+			msg->FillI2NPMessageHeader (eI2NPTunnelGateway); 
 			return msg;
 		}
 		else
-		{	
-			I2NPMessage * msg1 = CreateTunnelGatewayMsg (tunnelID, msg->GetBuffer (), msg->GetLength ());
-			DeleteI2NPMessage (msg);
-			return msg1;
-		}	                               
+			return CreateTunnelGatewayMsg (tunnelID, msg->GetBuffer (), msg->GetLength ());                             
 	}
 
-	I2NPMessage * CreateTunnelGatewayMsg (uint32_t tunnelID, I2NPMessageType msgType, 
+	std::shared_ptr<I2NPMessage> CreateTunnelGatewayMsg (uint32_t tunnelID, I2NPMessageType msgType, 
 		const uint8_t * buf, size_t len, uint32_t replyMsgID)
 	{
-		I2NPMessage * msg = NewI2NPMessage (len);
-		size_t gatewayMsgOffset = sizeof (I2NPHeader) + sizeof (TunnelGatewayHeader);
+		auto msg = NewI2NPMessage (len);
+		size_t gatewayMsgOffset = I2NP_HEADER_SIZE + TUNNEL_GATEWAY_HEADER_SIZE;
 		msg->offset += gatewayMsgOffset;
 		msg->len += gatewayMsgOffset;
-		memcpy (msg->GetPayload (), buf, len);
-		msg->len += len;
-		FillI2NPMessageHeader (msg, msgType, replyMsgID); // create content message
+		if (msg->Concat (buf, len) < len)
+			LogPrint (eLogError, "I2NP: tunnel gateway buffer overflow ", msg->maxLen);
+		msg->FillI2NPMessageHeader (msgType, replyMsgID); // create content message
 		len = msg->GetLength ();
 		msg->offset -= gatewayMsgOffset;
-		TunnelGatewayHeader * header = (TunnelGatewayHeader *)msg->GetPayload ();
-		header->tunnelID = htobe32 (tunnelID);
-		header->length = htobe16 (len);
-		FillI2NPMessageHeader (msg, eI2NPTunnelGateway); // gateway message
+		uint8_t * payload = msg->GetPayload ();
+		htobe32buf (payload + TUNNEL_GATEWAY_HEADER_TUNNELID_OFFSET, tunnelID);
+		htobe16buf (payload + TUNNEL_GATEWAY_HEADER_LENGTH_OFFSET, len);
+		msg->FillI2NPMessageHeader (eI2NPTunnelGateway); // gateway message
 		return msg;
 	}	
-	
-	void HandleTunnelGatewayMsg (I2NPMessage * msg)
-	{		
-		TunnelGatewayHeader * header = (TunnelGatewayHeader *)msg->GetPayload ();
-		uint32_t tunnelID = be32toh(header->tunnelID);
-		uint16_t len = be16toh(header->length);
-		// we make payload as new I2NP message to send
-		msg->offset += sizeof (I2NPHeader) + sizeof (TunnelGatewayHeader);
-		msg->len = msg->offset + len;
-		LogPrint ("TunnelGateway of ", (int)len, " bytes for tunnel ", (unsigned int)tunnelID, ". Msg type ", (int)msg->GetHeader()->typeID);
-		if (msg->GetHeader()->typeID == eI2NPDatabaseStore ||
-		    msg->GetHeader()->typeID == eI2NPDatabaseSearchReply)
-		{
-			// transit DatabaseStore my contain new/updated RI 
-			// or DatabaseSearchReply with new routers
-			auto ds = NewI2NPMessage ();
-			*ds = *msg;
-			i2p::data::netdb.PostI2NPMsg (ds);
-		}	
-		i2p::tunnel::TransitTunnel * tunnel =  i2p::tunnel::tunnels.GetTransitTunnel (tunnelID);
-		if (tunnel)
-			tunnel->SendTunnelDataMsg (msg);
-		else
-		{	
-			LogPrint ("Tunnel ", (unsigned int)tunnelID, " not found");
-			i2p::DeleteI2NPMessage (msg);
-		}	
-	}	
 
 	size_t GetI2NPMessageLength (const uint8_t * msg)
 	{
-		I2NPHeader * header = (I2NPHeader *)msg;
-		return be16toh (header->size) + sizeof (I2NPHeader);
+		return bufbe16toh (msg + I2NP_HEADER_SIZE_OFFSET) + I2NP_HEADER_SIZE;
 	}	
 	
 	void HandleI2NPMessage (uint8_t * msg, size_t len)
 	{
-		I2NPHeader * header = (I2NPHeader *)msg;
-		uint32_t msgID = be32toh (header->msgID);	
-		LogPrint ("I2NP msg received len=", len,", type=", (int)header->typeID, ", msgID=", (unsigned int)msgID);
-
-		uint8_t * buf = msg + sizeof (I2NPHeader);
-		int size = be16toh (header->size);
-		switch (header->typeID)
+		uint8_t typeID = msg[I2NP_HEADER_TYPEID_OFFSET];
+		uint32_t msgID = bufbe32toh (msg + I2NP_HEADER_MSGID_OFFSET);	
+		LogPrint (eLogDebug, "I2NP: msg received len=", len,", type=", (int)typeID, ", msgID=", (unsigned int)msgID);
+		uint8_t * buf = msg + I2NP_HEADER_SIZE;
+		int size = bufbe16toh (msg + I2NP_HEADER_SIZE_OFFSET);
+		switch (typeID)
 		{	
 			case eI2NPVariableTunnelBuild:
-				LogPrint ("VariableTunnelBuild");
 				HandleVariableTunnelBuildMsg  (msgID, buf, size);
 			break;	
 			case eI2NPVariableTunnelBuildReply:
-				LogPrint ("VariableTunnelBuildReply");
 				HandleVariableTunnelBuildReplyMsg (msgID, buf, size);
 			break;	
 			case eI2NPTunnelBuild:
-				LogPrint ("TunnelBuild");
 				HandleTunnelBuildMsg  (buf, size);
 			break;	
 			case eI2NPTunnelBuildReply:
-				LogPrint ("TunnelBuildReply");
 				// TODO:
 			break;	
 			default:
-				LogPrint ("Unexpected message ", (int)header->typeID);
+				LogPrint (eLogWarning, "I2NP: Unexpected message ", (int)typeID);
 		}	
 	}
 
-	void HandleI2NPMessage (I2NPMessage * msg)
+	void HandleI2NPMessage (std::shared_ptr<I2NPMessage> msg)
 	{
 		if (msg)
 		{	
-			switch (msg->GetHeader ()->typeID)
+			uint8_t typeID = msg->GetTypeID ();
+			LogPrint (eLogDebug, "I2NP: Handling message with type ", (int)typeID);
+			switch (typeID)
 			{	
 				case eI2NPTunnelData:
-					LogPrint ("TunnelData");
 					i2p::tunnel::tunnels.PostTunnelData (msg);
 				break;	
 				case eI2NPTunnelGateway:
-					LogPrint ("TunnelGateway");
-					HandleTunnelGatewayMsg (msg);
+					i2p::tunnel::tunnels.PostTunnelData (msg);
 				break;
 				case eI2NPGarlic:
-					LogPrint ("Garlic");
-					if (msg->from && msg->from->GetTunnelPool ())
-						msg->from->GetTunnelPool ()->GetGarlicDestination ().ProcessGarlicMessage (msg);
+				{
+					if (msg->from)
+					{
+						if (msg->from->GetTunnelPool ())
+							msg->from->GetTunnelPool ()->ProcessGarlicMessage (msg);
+						else
+							LogPrint (eLogInfo, "I2NP: Local destination for garlic doesn't exist anymore");
+					}
 					else
 						i2p::context.ProcessGarlicMessage (msg); 
-				break;
+					break;
+				}
 				case eI2NPDatabaseStore:
 				case eI2NPDatabaseSearchReply:
 				case eI2NPDatabaseLookup:
@@ -574,16 +609,60 @@ namespace i2p
 					i2p::data::netdb.PostI2NPMsg (msg);
 				break;
 				case eI2NPDeliveryStatus:
-					LogPrint ("DeliveryStatus");
+				{
 					if (msg->from && msg->from->GetTunnelPool ())
 						msg->from->GetTunnelPool ()->ProcessDeliveryStatus (msg);
 					else
 						i2p::context.ProcessDeliveryStatusMessage (msg);
+					break;	
+				}
+				case eI2NPVariableTunnelBuild:		
+				case eI2NPVariableTunnelBuildReply:
+				case eI2NPTunnelBuild:
+				case eI2NPTunnelBuildReply:	
+					// forward to tunnel thread
+					i2p::tunnel::tunnels.PostTunnelData (msg);
 				break;	
 				default:
 					HandleI2NPMessage (msg->GetBuffer (), msg->GetLength ());
-					DeleteI2NPMessage (msg);
 			}	
 		}	
 	}	
+
+	I2NPMessagesHandler::~I2NPMessagesHandler ()
+	{
+		Flush ();
+	}
+	
+	void I2NPMessagesHandler::PutNextMessage (std::shared_ptr<I2NPMessage>  msg)
+	{
+		if (msg)
+		{
+			switch (msg->GetTypeID ())
+			{	
+				case eI2NPTunnelData:
+					m_TunnelMsgs.push_back (msg);
+				break;
+				case eI2NPTunnelGateway:	
+					m_TunnelGatewayMsgs.push_back (msg);
+				break;	
+				default:
+					HandleI2NPMessage (msg);
+			}		
+		}	
+	}
+	
+	void I2NPMessagesHandler::Flush ()
+	{
+		if (!m_TunnelMsgs.empty ())
+		{	
+			i2p::tunnel::tunnels.PostTunnelData (m_TunnelMsgs);
+			m_TunnelMsgs.clear ();
+		}	
+		if (!m_TunnelGatewayMsgs.empty ())
+		{	
+			i2p::tunnel::tunnels.PostTunnelData (m_TunnelGatewayMsgs);
+			m_TunnelGatewayMsgs.clear ();
+		}	
+	}	
 }

I2NPProtocol.h

@@ -2,81 +2,73 @@
 #define I2NP_PROTOCOL_H__
 
 #include <inttypes.h>
-#include <set>
 #include <string.h>
+#include <set>
+#include <memory>
+#include "Crypto.h"
 #include "I2PEndian.h"
+#include "Identity.h"
 #include "RouterInfo.h"
 #include "LeaseSet.h"
 
 namespace i2p
-{
-#pragma pack (1)
+{	
+	// I2NP header
+	const size_t I2NP_HEADER_TYPEID_OFFSET = 0;
+	const size_t I2NP_HEADER_MSGID_OFFSET = I2NP_HEADER_TYPEID_OFFSET + 1;
+	const size_t I2NP_HEADER_EXPIRATION_OFFSET = I2NP_HEADER_MSGID_OFFSET + 4;
+	const size_t I2NP_HEADER_SIZE_OFFSET = I2NP_HEADER_EXPIRATION_OFFSET + 8;
+	const size_t I2NP_HEADER_CHKS_OFFSET = I2NP_HEADER_SIZE_OFFSET + 2;
+	const size_t I2NP_HEADER_SIZE = I2NP_HEADER_CHKS_OFFSET + 1;
 
-	struct I2NPHeader
-	{
-		uint8_t typeID;
-		uint32_t msgID;
-		uint64_t expiration;
-		uint16_t size;
-		uint8_t chks;
-	};	
-
-	struct I2NPHeaderShort
-	{
-		uint8_t typeID;
-		uint32_t shortExpiration;
-	};	
-
-	struct I2NPDatabaseStoreMsg
-	{
-		uint8_t key[32];
-		uint8_t type;
-		uint32_t replyToken;	
-	};
-
-	struct I2NPDeliveryStatusMsg
-	{
-		uint32_t msgID;
-		uint64_t timestamp;
-	};
+	// I2NP short header
+	const size_t I2NP_SHORT_HEADER_TYPEID_OFFSET = 0;
+	const size_t I2NP_SHORT_HEADER_EXPIRATION_OFFSET = I2NP_SHORT_HEADER_TYPEID_OFFSET + 1;
+	const size_t I2NP_SHORT_HEADER_SIZE = I2NP_SHORT_HEADER_EXPIRATION_OFFSET + 4;
 	
-	struct I2NPBuildRequestRecordClearText
-	{
-		uint32_t receiveTunnel;
-		uint8_t ourIdent[32];
-		uint32_t nextTunnel;
-		uint8_t nextIdent[32];
-		uint8_t layerKey[32];
-		uint8_t ivKey[32];
-		uint8_t replyKey[32];
-		uint8_t replyIV[16];
-		uint8_t flag;
-		uint32_t requestTime;
-		uint32_t nextMessageID;	
-		uint8_t filler[29];
-	};
+	// Tunnel Gateway header
+	const size_t TUNNEL_GATEWAY_HEADER_TUNNELID_OFFSET = 0;
+	const size_t TUNNEL_GATEWAY_HEADER_LENGTH_OFFSET = TUNNEL_GATEWAY_HEADER_TUNNELID_OFFSET + 4;
+	const size_t TUNNEL_GATEWAY_HEADER_SIZE = TUNNEL_GATEWAY_HEADER_LENGTH_OFFSET + 2;
 
-	struct I2NPBuildResponseRecord
-	{
-		uint8_t hash[32];
-		uint8_t padding[495];
-		uint8_t ret;
-	};	
+	// DeliveryStatus	
+	const size_t DELIVERY_STATUS_MSGID_OFFSET = 0;
+	const size_t DELIVERY_STATUS_TIMESTAMP_OFFSET = DELIVERY_STATUS_MSGID_OFFSET + 4;
+	const size_t DELIVERY_STATUS_SIZE = DELIVERY_STATUS_TIMESTAMP_OFFSET + 8;
+
+	// DatabaseStore
+	const size_t DATABASE_STORE_KEY_OFFSET = 0;
+	const size_t DATABASE_STORE_TYPE_OFFSET = DATABASE_STORE_KEY_OFFSET + 32;
+	const size_t DATABASE_STORE_REPLY_TOKEN_OFFSET = DATABASE_STORE_TYPE_OFFSET + 1;
+	const size_t DATABASE_STORE_HEADER_SIZE = DATABASE_STORE_REPLY_TOKEN_OFFSET + 4;
+
+	// TunnelBuild	
+	const size_t TUNNEL_BUILD_RECORD_SIZE = 528;
+
+	//BuildRequestRecordClearText
+	const size_t BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET = 0;
+	const size_t BUILD_REQUEST_RECORD_OUR_IDENT_OFFSET = BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET + 4;
+	const size_t BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET = BUILD_REQUEST_RECORD_OUR_IDENT_OFFSET + 32;
+	const size_t BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET = BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET + 4;
+	const size_t BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET = BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET + 32;
+	const size_t BUILD_REQUEST_RECORD_IV_KEY_OFFSET = BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET + 32;
+	const size_t BUILD_REQUEST_RECORD_REPLY_KEY_OFFSET = BUILD_REQUEST_RECORD_IV_KEY_OFFSET + 32;
+	const size_t BUILD_REQUEST_RECORD_REPLY_IV_OFFSET = BUILD_REQUEST_RECORD_REPLY_KEY_OFFSET + 32;
+	const size_t BUILD_REQUEST_RECORD_FLAG_OFFSET = BUILD_REQUEST_RECORD_REPLY_IV_OFFSET + 16;
+	const size_t BUILD_REQUEST_RECORD_REQUEST_TIME_OFFSET = BUILD_REQUEST_RECORD_FLAG_OFFSET + 1;
+	const size_t BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET = BUILD_REQUEST_RECORD_REQUEST_TIME_OFFSET + 4;
+	const size_t BUILD_REQUEST_RECORD_PADDING_OFFSET = BUILD_REQUEST_RECORD_SEND_MSG_ID_OFFSET + 4;
+	const size_t BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE = 222;
 	
-	struct I2NPBuildRequestRecordElGamalEncrypted
-	{
-		uint8_t toPeer[16];
-		uint8_t encrypted[512];
-	};
-
-	struct TunnelGatewayHeader
-	{
-		uint32_t tunnelID;
-		uint16_t length;
-	};		
-
+	// BuildRequestRecordEncrypted	
+	const size_t BUILD_REQUEST_RECORD_TO_PEER_OFFSET = 0;
+	const size_t BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET = BUILD_REQUEST_RECORD_TO_PEER_OFFSET + 16;
 	
-#pragma pack ()	
+	// BuildResponseRecord
+	const size_t BUILD_RESPONSE_RECORD_HASH_OFFSET = 0;
+	const size_t BUILD_RESPONSE_RECORD_PADDING_OFFSET = 32;
+	const size_t BUILD_RESPONSE_RECORD_PADDING_SIZE = 495;
+	const size_t BUILD_RESPONSE_RECORD_RET_OFFSET = BUILD_RESPONSE_RECORD_PADDING_OFFSET + BUILD_RESPONSE_RECORD_PADDING_SIZE;
 
 	enum I2NPMessageType
 	{
@@ -96,6 +88,15 @@ namespace i2p
 
 	const int NUM_TUNNEL_BUILD_RECORDS = 8;	
 
+	// DatabaseLookup flags
+	const uint8_t DATABASE_LOOKUP_DELIVERY_FLAG = 0x01;
+	const uint8_t DATABASE_LOOKUP_ENCRYPTION_FLAG = 0x02;	
+	const uint8_t DATABASE_LOOKUP_TYPE_FLAGS_MASK = 0x0C;
+	const uint8_t DATABASE_LOOKUP_TYPE_NORMAL_LOOKUP = 0;
+	const uint8_t DATABASE_LOOKUP_TYPE_LEASESET_LOOKUP = 0x04; // 0100
+	const uint8_t DATABASE_LOOKUP_TYPE_ROUTERINFO_LOOKUP = 0x08; // 1000			
+	const uint8_t DATABASE_LOOKUP_TYPE_EXPLORATORY_LOOKUP = 0x0C; // 1100
+
 namespace tunnel
 {		
 	class InboundTunnel;
@@ -103,21 +104,66 @@ namespace tunnel
 }
 
 	const size_t I2NP_MAX_MESSAGE_SIZE = 32768; 
-	const size_t I2NP_MAX_SHORT_MESSAGE_SIZE = 2400; 
+	const size_t I2NP_MAX_SHORT_MESSAGE_SIZE = 4096; 
+	const unsigned int I2NP_MESSAGE_EXPIRATION_TIMEOUT = 8000; // in milliseconds (as initial RTT)
+	const unsigned int I2NP_MESSAGE_CLOCK_SKEW = 60*1000; // 1 minute in milliseconds 
+
 	struct I2NPMessage
 	{	
 		uint8_t * buf;	
 		size_t len, offset, maxLen;
-		i2p::tunnel::InboundTunnel * from;
+		std::shared_ptr<i2p::tunnel::InboundTunnel> from;
 		
-		I2NPMessage (): buf (nullptr),len (sizeof (I2NPHeader) + 2), 
-			offset(2), maxLen (0), from (nullptr) {}; 
-		// reserve 2 bytes for NTCP header
-		I2NPHeader * GetHeader () { return (I2NPHeader *)GetBuffer (); };
-		uint8_t * GetPayload () { return GetBuffer () + sizeof(I2NPHeader); };
+		I2NPMessage (): buf (nullptr),len (I2NP_HEADER_SIZE + 2), 
+			offset(2), maxLen (0), from (nullptr) {};  // reserve 2 bytes for NTCP header
+	
+		// header accessors
+		uint8_t * GetHeader () { return GetBuffer (); };
+		const uint8_t * GetHeader () const { return GetBuffer (); };
+		void SetTypeID (uint8_t typeID) { GetHeader ()[I2NP_HEADER_TYPEID_OFFSET] = typeID; };
+		uint8_t GetTypeID () const { return GetHeader ()[I2NP_HEADER_TYPEID_OFFSET]; };
+		void SetMsgID (uint32_t msgID) { htobe32buf (GetHeader () + I2NP_HEADER_MSGID_OFFSET, msgID); };
+		uint32_t GetMsgID () const { return bufbe32toh (GetHeader () + I2NP_HEADER_MSGID_OFFSET); };
+		void SetExpiration (uint64_t expiration) { htobe64buf (GetHeader () + I2NP_HEADER_EXPIRATION_OFFSET, expiration); };
+		uint64_t GetExpiration () const { return bufbe64toh (GetHeader () + I2NP_HEADER_EXPIRATION_OFFSET); };
+		void SetSize (uint16_t size) { htobe16buf (GetHeader () + I2NP_HEADER_SIZE_OFFSET, size); };
+		uint16_t GetSize () const { return bufbe16toh (GetHeader () + I2NP_HEADER_SIZE_OFFSET); };
+		void UpdateSize () { SetSize (GetPayloadLength ()); };	
+		void SetChks (uint8_t chks) { GetHeader ()[I2NP_HEADER_CHKS_OFFSET] = chks; };
+		void UpdateChks () 
+		{
+			uint8_t hash[32];
+			SHA256(GetPayload (), GetPayloadLength (), hash);
+			GetHeader ()[I2NP_HEADER_CHKS_OFFSET] = hash[0];
+		}	
+		
+		// payload
+		uint8_t * GetPayload () { return GetBuffer () + I2NP_HEADER_SIZE; };
+		const uint8_t * GetPayload () const { return GetBuffer () + I2NP_HEADER_SIZE; };
 		uint8_t * GetBuffer () { return buf + offset; };
 		const uint8_t * GetBuffer () const { return buf + offset; };
-		size_t GetLength () const { return len - offset; };
+		size_t GetLength () const { return len - offset; };	
+		size_t GetPayloadLength () const { return GetLength () - I2NP_HEADER_SIZE; };	
+			
+		void Align (size_t alignment) 
+		{
+			if (len + alignment > maxLen) return;
+			size_t rem = ((size_t)GetBuffer ()) % alignment;
+			if (rem)
+			{
+				offset += (alignment - rem);
+				len += (alignment - rem);
+			}	
+		}
+
+		size_t Concat (const uint8_t * buf1, size_t len1)
+		{
+			// make sure with don't write beyond maxLen
+			if (len + len1 > maxLen) len1 = maxLen - len;
+			memcpy (buf + len, buf1, len1);
+			len += len1;
+			return len1;
+		}
 
 		I2NPMessage& operator=(const I2NPMessage& other)
 		{
@@ -126,83 +172,95 @@ namespace tunnel
 			from = other.from;
 			return *this;
 		}	
-
+		
 		// for SSU only
-		uint8_t * GetSSUHeader () { return buf + offset + sizeof(I2NPHeader) - sizeof(I2NPHeaderShort); };	
+		uint8_t * GetSSUHeader () { return buf + offset + I2NP_HEADER_SIZE - I2NP_SHORT_HEADER_SIZE; };	
 		void FromSSU (uint32_t msgID) // we have received SSU message and convert it to regular
 		{
-			I2NPHeaderShort ssu = *(I2NPHeaderShort *)GetSSUHeader ();
-			I2NPHeader * header = GetHeader ();
-			header->typeID = ssu.typeID;
-			header->msgID = htobe32 (msgID);
-			header->expiration = htobe64 (be32toh (ssu.shortExpiration)*1000LL);
-			header->size = htobe16 (len - offset - sizeof (I2NPHeader));
-			header->chks = 0;
+			const uint8_t * ssu = GetSSUHeader ();
+			GetHeader ()[I2NP_HEADER_TYPEID_OFFSET] = ssu[I2NP_SHORT_HEADER_TYPEID_OFFSET]; // typeid
+			SetMsgID (msgID);
+			SetExpiration (bufbe32toh (ssu + I2NP_SHORT_HEADER_EXPIRATION_OFFSET)*1000LL);
+			SetSize (len - offset - I2NP_HEADER_SIZE);
+			SetChks (0);
 		}
 		uint32_t ToSSU () // return msgID
 		{
-			I2NPHeader header = *GetHeader ();
-			I2NPHeaderShort * ssu = (I2NPHeaderShort *)GetSSUHeader ();
-			ssu->typeID = header.typeID;
-			ssu->shortExpiration = htobe32 (be64toh (header.expiration)/1000LL); 
-			len = offset + sizeof (I2NPHeaderShort) + be16toh (header.size);
-			return be32toh (header.msgID);
+			uint8_t header[I2NP_HEADER_SIZE];
+			memcpy (header, GetHeader (), I2NP_HEADER_SIZE);
+			uint8_t * ssu = GetSSUHeader ();
+			ssu[I2NP_SHORT_HEADER_TYPEID_OFFSET] = header[I2NP_HEADER_TYPEID_OFFSET]; // typeid
+			htobe32buf (ssu + I2NP_SHORT_HEADER_EXPIRATION_OFFSET, bufbe64toh (header + I2NP_HEADER_EXPIRATION_OFFSET)/1000LL);
+			len = offset + I2NP_SHORT_HEADER_SIZE + bufbe16toh (header + I2NP_HEADER_SIZE_OFFSET);
+			return bufbe32toh (header + I2NP_HEADER_MSGID_OFFSET);
 		}	
+
+		void FillI2NPMessageHeader (I2NPMessageType msgType, uint32_t replyMsgID = 0);
+		void RenewI2NPMessageHeader ();
+		bool IsExpired () const;
 	};	
 
 	template<int sz>
 	struct I2NPMessageBuffer: public I2NPMessage
 	{
 		I2NPMessageBuffer () { buf = m_Buffer; maxLen = sz; };
-		uint8_t m_Buffer[sz];
+		uint8_t m_Buffer[sz + 32]; // 16 alignment + 16 padding
 	};
 
-	I2NPMessage * NewI2NPMessage ();
-	I2NPMessage * NewI2NPShortMessage ();
-	I2NPMessage * NewI2NPMessage (size_t len);
-	void DeleteI2NPMessage (I2NPMessage * msg);
-	void FillI2NPMessageHeader (I2NPMessage * msg, I2NPMessageType msgType, uint32_t replyMsgID = 0);
-	void RenewI2NPMessageHeader (I2NPMessage * msg);
-	I2NPMessage * CreateI2NPMessage (I2NPMessageType msgType, const uint8_t * buf, int len, uint32_t replyMsgID = 0);	
-	I2NPMessage * CreateI2NPMessage (const uint8_t * buf, int len, i2p::tunnel::InboundTunnel * from = nullptr);
+	std::shared_ptr<I2NPMessage> NewI2NPMessage ();
+	std::shared_ptr<I2NPMessage> NewI2NPShortMessage ();
+	std::shared_ptr<I2NPMessage> NewI2NPMessage (size_t len);
 	
-	I2NPMessage * CreateDeliveryStatusMsg (uint32_t msgID);
-	I2NPMessage * CreateDatabaseLookupMsg (const uint8_t * key, const uint8_t * from, 
-		uint32_t replyTunnelID, bool exploratory = false, 
-	    std::set<i2p::data::IdentHash> * excludedPeers = nullptr, bool encryption = false,
-	    i2p::tunnel::TunnelPool * pool = nullptr);
-	I2NPMessage * CreateDatabaseSearchReply (const i2p::data::IdentHash& ident, const i2p::data::RouterInfo * floodfill);
-	
-	I2NPMessage * CreateDatabaseStoreMsg (const i2p::data::RouterInfo * router = nullptr);
-	I2NPMessage * CreateDatabaseStoreMsg (const i2p::data::LeaseSet * leaseSet, uint32_t replyToken = 0);		
+	std::shared_ptr<I2NPMessage> CreateI2NPMessage (I2NPMessageType msgType, const uint8_t * buf, size_t len, uint32_t replyMsgID = 0);	
+	std::shared_ptr<I2NPMessage> CreateI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from = nullptr);
+	std::shared_ptr<I2NPMessage> CopyI2NPMessage (std::shared_ptr<I2NPMessage> msg);
 
-	I2NPBuildRequestRecordClearText CreateBuildRequestRecord (
-		const uint8_t * ourIdent, uint32_t receiveTunnelID, 
-	    const uint8_t * nextIdent, uint32_t nextTunnelID, 
-	    const uint8_t * layerKey,const uint8_t * ivKey,                                                                 
-	    const uint8_t * replyKey, const uint8_t * replyIV, uint32_t nextMessageID,
-	          bool isGateway, bool isEndpoint);
-	void EncryptBuildRequestRecord (const i2p::data::RouterInfo& router, 
-		const I2NPBuildRequestRecordClearText& clearText,
-	    I2NPBuildRequestRecordElGamalEncrypted& record);
+	std::shared_ptr<I2NPMessage> CreateDeliveryStatusMsg (uint32_t msgID);
+	std::shared_ptr<I2NPMessage> CreateRouterInfoDatabaseLookupMsg (const uint8_t * key, const uint8_t * from, 
+		uint32_t replyTunnelID, bool exploratory = false, std::set<i2p::data::IdentHash> * excludedPeers = nullptr);
+	std::shared_ptr<I2NPMessage> CreateLeaseSetDatabaseLookupMsg (const i2p::data::IdentHash& dest, 
+		const std::set<i2p::data::IdentHash>& excludedFloodfills,
+		std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel, const uint8_t * replyKey, const uint8_t * replyTag);
+	std::shared_ptr<I2NPMessage> CreateDatabaseSearchReply (const i2p::data::IdentHash& ident, std::vector<i2p::data::IdentHash> routers);
 	
-	bool HandleBuildRequestRecords (int num, I2NPBuildRequestRecordElGamalEncrypted * records, I2NPBuildRequestRecordClearText& clearText);
+	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::RouterInfo> router = nullptr, uint32_t replyToken = 0);
+	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::LeaseSet> leaseSet); // for floodfill only
+	std::shared_ptr<I2NPMessage> CreateDatabaseStoreMsg (std::shared_ptr<const i2p::data::LocalLeaseSet> leaseSet, uint32_t replyToken = 0, std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel = nullptr);		
+	bool IsRouterInfoMsg (std::shared_ptr<I2NPMessage> msg); 	
+
+	bool HandleBuildRequestRecords (int num, uint8_t * records, uint8_t * clearText);
 	void HandleVariableTunnelBuildMsg (uint32_t replyMsgID, uint8_t * buf, size_t len);
 	void HandleVariableTunnelBuildReplyMsg (uint32_t replyMsgID, uint8_t * buf, size_t len);
 	void HandleTunnelBuildMsg (uint8_t * buf, size_t len);	
 
-	I2NPMessage * CreateTunnelDataMsg (const uint8_t * buf);	
-	I2NPMessage * CreateTunnelDataMsg (uint32_t tunnelID, const uint8_t * payload);		
+	std::shared_ptr<I2NPMessage> CreateTunnelDataMsg (const uint8_t * buf);	
+	std::shared_ptr<I2NPMessage> CreateTunnelDataMsg (uint32_t tunnelID, const uint8_t * payload);		
+	std::shared_ptr<I2NPMessage> CreateEmptyTunnelDataMsg ();
 	
-	void HandleTunnelGatewayMsg (I2NPMessage * msg);
-	I2NPMessage * CreateTunnelGatewayMsg (uint32_t tunnelID, const uint8_t * buf, size_t len);
-	I2NPMessage * CreateTunnelGatewayMsg (uint32_t tunnelID, I2NPMessageType msgType, 
+	std::shared_ptr<I2NPMessage> CreateTunnelGatewayMsg (uint32_t tunnelID, const uint8_t * buf, size_t len);
+	std::shared_ptr<I2NPMessage> CreateTunnelGatewayMsg (uint32_t tunnelID, I2NPMessageType msgType, 
 		const uint8_t * buf, size_t len, uint32_t replyMsgID = 0);
-	I2NPMessage * CreateTunnelGatewayMsg (uint32_t tunnelID, I2NPMessage * msg);
+	std::shared_ptr<I2NPMessage> CreateTunnelGatewayMsg (uint32_t tunnelID, std::shared_ptr<I2NPMessage> msg);
 
 	size_t GetI2NPMessageLength (const uint8_t * msg);
 	void HandleI2NPMessage (uint8_t * msg, size_t len);
-	void HandleI2NPMessage (I2NPMessage * msg);
+	void HandleI2NPMessage (std::shared_ptr<I2NPMessage> msg);
+
+	class I2NPMessagesHandler
+	{
+		public:
+
+			~I2NPMessagesHandler ();
+			void PutNextMessage (std::shared_ptr<I2NPMessage> msg);
+			void Flush ();
+			
+		private:
+
+			std::vector<std::shared_ptr<I2NPMessage> > m_TunnelMsgs, m_TunnelGatewayMsgs;
+	};
+
+	const uint16_t DEFAULT_MAX_NUM_TRANSIT_TUNNELS = 2500;
+	void SetMaxNumTransitTunnels (uint16_t maxNumTransitTunnels);
 }	
 
 #endif

I2PControl.cpp

@@ -0,0 +1,590 @@
+#include <stdio.h>
+#include <sstream>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <boost/lexical_cast.hpp>
+#include <boost/date_time/local_time/local_time.hpp>
+#include <boost/date_time/posix_time/posix_time.hpp>
+#include <boost/property_tree/ini_parser.hpp>
+
+// There is bug in boost 1.49 with gcc 4.7 coming with Debian Wheezy
+#define GCC47_BOOST149 ((BOOST_VERSION == 104900) && (__GNUC__ == 4) && (__GNUC_MINOR__ >= 7))
+#if !GCC47_BOOST149
+#include <boost/property_tree/json_parser.hpp>
+#endif
+
+#include "Crypto.h"
+#include "FS.h"
+#include "Log.h"
+#include "Config.h"
+#include "NetDb.h"
+#include "RouterContext.h"
+#include "Daemon.h"
+#include "Tunnel.h"
+#include "Timestamp.h"
+#include "Transports.h"
+#include "version.h"
+#include "util.h"
+#include "ClientContext.h"
+#include "I2PControl.h"
+
+namespace i2p
+{
+namespace client
+{
+	I2PControlService::I2PControlService (const std::string& address, int port):
+		m_IsRunning (false), m_Thread (nullptr),
+		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint(boost::asio::ip::address::from_string(address), port)),
+		m_SSLContext (m_Service, boost::asio::ssl::context::sslv23),
+		m_ShutdownTimer (m_Service)
+	{
+		i2p::config::GetOption("i2pcontrol.password", m_Password);
+
+		// certificate / keys
+		std::string i2pcp_crt; i2p::config::GetOption("i2pcontrol.cert", i2pcp_crt);
+		std::string i2pcp_key; i2p::config::GetOption("i2pcontrol.key",  i2pcp_key);
+
+		if (i2pcp_crt.at(0) != '/')
+			i2pcp_crt = i2p::fs::DataDirPath(i2pcp_crt);
+		if (i2pcp_key.at(0) != '/')
+			i2pcp_key = i2p::fs::DataDirPath(i2pcp_key);
+		if (!i2p::fs::Exists (i2pcp_crt) || !i2p::fs::Exists (i2pcp_key)) {
+			LogPrint (eLogInfo, "I2PControl: creating new certificate for control connection");
+			CreateCertificate (i2pcp_crt.c_str(), i2pcp_key.c_str());
+		} else {
+			LogPrint(eLogDebug, "I2PControl: using cert from ", i2pcp_crt);
+		}
+		m_SSLContext.set_options (boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | boost::asio::ssl::context::single_dh_use);
+		m_SSLContext.use_certificate_file (i2pcp_crt, boost::asio::ssl::context::pem);
+		m_SSLContext.use_private_key_file (i2pcp_key, boost::asio::ssl::context::pem);
+
+		// handlers
+		m_MethodHandlers["Authenticate"]   = &I2PControlService::AuthenticateHandler;
+		m_MethodHandlers["Echo"]           = &I2PControlService::EchoHandler;
+		m_MethodHandlers["I2PControl"]     = &I2PControlService::I2PControlHandler;
+		m_MethodHandlers["RouterInfo"]     = &I2PControlService::RouterInfoHandler;
+		m_MethodHandlers["RouterManager"]  = &I2PControlService::RouterManagerHandler;
+		m_MethodHandlers["NetworkSetting"] = &I2PControlService::NetworkSettingHandler;
+
+		// I2PControl
+		m_I2PControlHandlers["i2pcontrol.password"] = &I2PControlService::PasswordHandler; 
+
+		// RouterInfo
+		m_RouterInfoHandlers["i2p.router.uptime"]  = &I2PControlService::UptimeHandler;
+		m_RouterInfoHandlers["i2p.router.version"] = &I2PControlService::VersionHandler;
+		m_RouterInfoHandlers["i2p.router.status"]  = &I2PControlService::StatusHandler;
+		m_RouterInfoHandlers["i2p.router.netdb.knownpeers"]   = &I2PControlService::NetDbKnownPeersHandler;
+		m_RouterInfoHandlers["i2p.router.netdb.activepeers"]  = &I2PControlService::NetDbActivePeersHandler;
+		m_RouterInfoHandlers["i2p.router.net.bw.inbound.1s"]  = &I2PControlService::InboundBandwidth1S;
+		m_RouterInfoHandlers["i2p.router.net.bw.outbound.1s"] = &I2PControlService::OutboundBandwidth1S;
+		m_RouterInfoHandlers["i2p.router.net.status"]         = &I2PControlService::NetStatusHandler;
+		m_RouterInfoHandlers["i2p.router.net.tunnels.participating"] = &I2PControlService::TunnelsParticipatingHandler;
+		m_RouterInfoHandlers["i2p.router.net.tunnels.successrate"] =
+&I2PControlService::TunnelsSuccessRateHandler;	
+		m_RouterInfoHandlers["i2p.router.net.total.received.bytes"]  = &I2PControlService::NetTotalReceivedBytes;
+		m_RouterInfoHandlers["i2p.router.net.total.sent.bytes"]      = &I2PControlService::NetTotalSentBytes;
+
+		// RouterManager	
+		m_RouterManagerHandlers["Reseed"]           = &I2PControlService::ReseedHandler;
+		m_RouterManagerHandlers["Shutdown"]         = &I2PControlService::ShutdownHandler; 
+		m_RouterManagerHandlers["ShutdownGraceful"] = &I2PControlService::ShutdownGracefulHandler;
+
+		// NetworkSetting
+		m_NetworkSettingHandlers["i2p.router.net.bw.in"]  = &I2PControlService::InboundBandwidthLimit;
+		m_NetworkSettingHandlers["i2p.router.net.bw.out"] = &I2PControlService::OutboundBandwidthLimit;
+	}
+
+	I2PControlService::~I2PControlService ()
+	{
+		Stop ();
+	}
+
+	void I2PControlService::Start ()
+	{
+		if (!m_IsRunning)
+		{
+			Accept ();
+			m_IsRunning = true;
+			m_Thread = new std::thread (std::bind (&I2PControlService::Run, this));
+		}
+	}
+
+	void I2PControlService::Stop ()
+	{
+		if (m_IsRunning)
+		{
+			m_IsRunning = false;
+			m_Acceptor.cancel ();
+			m_Service.stop ();
+			if (m_Thread)
+			{
+				m_Thread->join ();
+				delete m_Thread;
+				m_Thread = nullptr;
+			}
+		}
+	}
+
+	void I2PControlService::Run ()
+	{
+		while (m_IsRunning)
+		{
+			try {
+				m_Service.run ();
+			} catch (std::exception& ex) {
+				LogPrint (eLogError, "I2PControl: runtime exception: ", ex.what ());
+			}	
+		}	
+	}
+
+	void I2PControlService::Accept ()
+	{
+		auto newSocket = std::make_shared<ssl_socket> (m_Service, m_SSLContext);
+		m_Acceptor.async_accept (newSocket->lowest_layer(), std::bind (&I2PControlService::HandleAccept, this,
+			std::placeholders::_1, newSocket));
+	}
+
+	void I2PControlService::HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+			Accept ();
+
+		if (ecode) {
+			LogPrint (eLogError, "I2PControl: accept error: ",  ecode.message ());
+			return;
+		}
+		LogPrint (eLogDebug, "I2PControl: new request from ", socket->lowest_layer ().remote_endpoint ());
+		Handshake (socket);
+	}
+
+	void I2PControlService::Handshake (std::shared_ptr<ssl_socket> socket)
+	{
+		socket->async_handshake(boost::asio::ssl::stream_base::server,
+        	std::bind( &I2PControlService::HandleHandshake, this, std::placeholders::_1, socket));
+	}
+
+	void I2PControlService::HandleHandshake (const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket)
+	{
+		if (ecode) {
+			LogPrint (eLogError, "I2PControl: handshake error: ", ecode.message ());
+			return;
+		}	
+		//std::this_thread::sleep_for (std::chrono::milliseconds(5));
+		ReadRequest (socket);
+	}
+
+	void I2PControlService::ReadRequest (std::shared_ptr<ssl_socket> socket)
+	{
+		auto request = std::make_shared<I2PControlBuffer>();
+		socket->async_read_some (
+#if defined(BOOST_ASIO_HAS_STD_ARRAY)
+			boost::asio::buffer (*request),
+#else
+			boost::asio::buffer (request->data (), request->size ()),
+#endif
+			std::bind(&I2PControlService::HandleRequestReceived, this,
+			std::placeholders::_1, std::placeholders::_2, socket, request));
+	}
+
+	void I2PControlService::HandleRequestReceived (const boost::system::error_code& ecode,
+ 		size_t bytes_transferred, std::shared_ptr<ssl_socket> socket,
+		std::shared_ptr<I2PControlBuffer> buf)
+	{
+		if (ecode) 
+		{
+			LogPrint (eLogError, "I2PControl: read error: ", ecode.message ());
+			return;
+		} 
+		else 
+		{
+			bool isHtml = !memcmp (buf->data (), "POST", 4);
+			try
+			{
+				std::stringstream ss;
+				ss.write (buf->data (), bytes_transferred);
+				if (isHtml)
+				{
+					std::string header;
+					size_t contentLength = 0;
+					while (!ss.eof () && header != "\r")
+					{
+						std::getline(ss, header);
+						auto colon = header.find (':');
+						if (colon != std::string::npos && header.substr (0, colon) == "Content-Length")
+							contentLength = std::stoi (header.substr (colon + 1));
+					}
+					if (ss.eof ())
+					{
+						LogPrint (eLogError, "I2PControl: malformed request, HTTP header expected");
+						return; // TODO:
+					}
+					std::streamoff rem = contentLength + ss.tellg () - bytes_transferred; // more bytes to read
+					if (rem > 0)
+					{
+						bytes_transferred = boost::asio::read (*socket, boost::asio::buffer (buf->data (), rem));
+						ss.write (buf->data (), bytes_transferred);
+					}
+				}
+				std::ostringstream response;
+#if GCC47_BOOST149
+				LogPrint (eLogError, "I2PControl: json_read is not supported due bug in boost 1.49 with gcc 4.7");
+				response << "{\"id\":null,\"error\":";
+				response << "{\"code\":-32603,\"message\":\"JSON requests is not supported with this version of boost\"},";
+				response << "\"jsonrpc\":\"2.0\"}";
+#else
+				boost::property_tree::ptree pt;
+				boost::property_tree::read_json (ss, pt);
+
+				std::string id     = pt.get<std::string>("id");
+				std::string method = pt.get<std::string>("method");
+				auto it = m_MethodHandlers.find (method);
+				if (it != m_MethodHandlers.end ())
+				{
+					response << "{\"id\":" << id << ",\"result\":{";
+					(this->*(it->second))(pt.get_child ("params"), response);
+					response << "},\"jsonrpc\":\"2.0\"}";
+				} 
+				else 
+				{
+					LogPrint (eLogWarning, "I2PControl: unknown method ", method);
+					response << "{\"id\":null,\"error\":";
+					response << "{\"code\":-32601,\"message\":\"Method not found\"},";
+					response << "\"jsonrpc\":\"2.0\"}";
+				}
+#endif
+				SendResponse (socket, buf, response, isHtml);
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "I2PControl: exception when handle request: ", ex.what ());
+				std::ostringstream response;
+				response << "{\"id\":null,\"error\":";
+				response << "{\"code\":-32700,\"message\":\"" << ex.what () << "\"},";
+				response << "\"jsonrpc\":\"2.0\"}";
+				SendResponse (socket, buf, response, isHtml);
+			}
+			catch (...)
+			{
+				LogPrint (eLogError, "I2PControl: handle request unknown exception");
+			}
+		}
+	}
+
+	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, int value) const
+	{
+		ss << "\"" << name << "\":" << value;
+	}
+
+	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, const std::string& value) const
+	{
+		ss << "\"" << name << "\":";
+		if (value.length () > 0)
+			ss << "\"" << value << "\"";
+		else
+			ss << "null";
+	}
+
+	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, double value) const
+	{
+		ss << "\"" << name << "\":" << std::fixed << std::setprecision(2) << value;
+	}
+
+	void I2PControlService::SendResponse (std::shared_ptr<ssl_socket> socket,
+		std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml)
+	{
+		size_t len = response.str ().length (), offset = 0;
+		if (isHtml)
+		{
+			std::ostringstream header;
+			header << "HTTP/1.1 200 OK\r\n";
+			header << "Connection: close\r\n";
+			header << "Content-Length: " << boost::lexical_cast<std::string>(len) << "\r\n";
+			header << "Content-Type: application/json\r\n";
+			header << "Date: ";
+			auto facet = new boost::local_time::local_time_facet ("%a, %d %b %Y %H:%M:%S GMT");
+			header.imbue(std::locale (header.getloc(), facet));
+			header << boost::posix_time::second_clock::local_time() << "\r\n";
+			header << "\r\n";
+			offset = header.str ().size ();
+			memcpy (buf->data (), header.str ().c_str (), offset);
+		}
+		memcpy (buf->data () + offset, response.str ().c_str (), len);
+		boost::asio::async_write (*socket, boost::asio::buffer (buf->data (), offset + len),
+			boost::asio::transfer_all (),
+			std::bind(&I2PControlService::HandleResponseSent, this,
+				std::placeholders::_1, std::placeholders::_2, socket, buf));
+	}
+
+	void I2PControlService::HandleResponseSent (const boost::system::error_code& ecode, std::size_t bytes_transferred,
+		std::shared_ptr<ssl_socket> socket, std::shared_ptr<I2PControlBuffer> buf)
+	{
+		if (ecode) {
+			LogPrint (eLogError, "I2PControl: write error: ", ecode.message ());
+		}
+	}
+
+// handlers
+
+	void I2PControlService::AuthenticateHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		int api       = params.get<int> ("API");
+		auto password = params.get<std::string> ("Password");
+		LogPrint (eLogDebug, "I2PControl: Authenticate API=", api, " Password=", password);
+		if (password != m_Password) {
+			LogPrint (eLogError, "I2PControl: Authenticate - Invalid password: ", password);
+			return;
+		}
+		InsertParam (results, "API", api);
+		results << ",";
+		std::string token = boost::lexical_cast<std::string>(i2p::util::GetSecondsSinceEpoch ());
+		m_Tokens.insert (token);	
+		InsertParam (results, "Token", token);
+	}	
+
+	void I2PControlService::EchoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		auto echo = params.get<std::string> ("Echo");
+		LogPrint (eLogDebug, "I2PControl Echo Echo=", echo);
+		InsertParam (results, "Result", echo);
+	}
+
+
+// I2PControl
+
+	void I2PControlService::I2PControlHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		for (auto& it: params)
+		{
+			LogPrint (eLogDebug, "I2PControl: I2PControl request: ", it.first);
+			auto it1 = m_I2PControlHandlers.find (it.first);
+			if (it1 != m_I2PControlHandlers.end ())
+			{
+				(this->*(it1->second))(it.second.data ());
+				InsertParam (results, it.first, "");
+			}
+			else
+				LogPrint (eLogError, "I2PControl: I2PControl unknown request: ", it.first);
+		}	
+	}
+
+	void I2PControlService::PasswordHandler (const std::string& value)
+	{
+		LogPrint (eLogWarning, "I2PControl: new password=", value, ", to make it persistent you should update your config!");
+		m_Password = value;
+		m_Tokens.clear ();
+	}
+
+// RouterInfo
+
+	void I2PControlService::RouterInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		for (auto it = params.begin (); it != params.end (); it++)
+		{
+			LogPrint (eLogDebug, "I2PControl: RouterInfo request: ", it->first);
+			auto it1 = m_RouterInfoHandlers.find (it->first);
+			if (it1 != m_RouterInfoHandlers.end ())
+			{
+				if (it != params.begin ()) results << ",";
+				(this->*(it1->second))(results);
+			}
+			else
+				LogPrint (eLogError, "I2PControl: RouterInfo unknown request ", it->first);
+		}
+	}
+
+	void I2PControlService::UptimeHandler (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.uptime", (int)i2p::context.GetUptime ()*1000);	
+	}
+
+	void I2PControlService::VersionHandler (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.version", VERSION);
+	}	
+
+	void I2PControlService::StatusHandler (std::ostringstream& results)
+	{
+		auto dest = i2p::client::context.GetSharedLocalDestination ();
+		InsertParam (results, "i2p.router.status", (dest && dest->IsReady ()) ? "1" : "0"); 
+	}
+
+	void I2PControlService::NetDbKnownPeersHandler (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.netdb.knownpeers", i2p::data::netdb.GetNumRouters ());	
+	}
+
+	void I2PControlService::NetDbActivePeersHandler (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.netdb.activepeers", (int)i2p::transport::transports.GetPeers ().size ());	
+	}
+
+	void I2PControlService::NetStatusHandler (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.net.status", (int)i2p::context.GetStatus ());
+	}
+
+	void I2PControlService::TunnelsParticipatingHandler (std::ostringstream& results)
+	{
+		int transit = i2p::tunnel::tunnels.GetTransitTunnels ().size ();
+		InsertParam (results, "i2p.router.net.tunnels.participating", transit);
+	}
+
+	void I2PControlService::TunnelsSuccessRateHandler (std::ostringstream& results)
+	{
+		int rate = i2p::tunnel::tunnels.GetTunnelCreationSuccessRate ();
+		InsertParam (results, "i2p.router.net.tunnels.successrate", rate);
+	}
+
+	void I2PControlService::InboundBandwidth1S (std::ostringstream& results)
+	{
+		double bw = i2p::transport::transports.GetInBandwidth ();
+		InsertParam (results, "i2p.router.net.bw.inbound.1s", bw);
+	}
+
+	void I2PControlService::OutboundBandwidth1S (std::ostringstream& results)
+	{
+		double bw = i2p::transport::transports.GetOutBandwidth ();
+		InsertParam (results, "i2p.router.net.bw.outbound.1s", bw);
+	}
+
+	void I2PControlService::NetTotalReceivedBytes (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.net.total.received.bytes", (double)i2p::transport::transports.GetTotalReceivedBytes ());
+	}
+
+	void I2PControlService::NetTotalSentBytes (std::ostringstream& results)
+	{
+		InsertParam (results, "i2p.router.net.total.sent.bytes",     (double)i2p::transport::transports.GetTotalSentBytes ());
+	}
+
+// RouterManager
+
+	void I2PControlService::RouterManagerHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		for (auto it = params.begin (); it != params.end (); it++)
+		{
+			if (it != params.begin ()) results << ",";	
+			LogPrint (eLogDebug, "I2PControl: RouterManager request: ", it->first);
+			auto it1 = m_RouterManagerHandlers.find (it->first);
+			if (it1 != m_RouterManagerHandlers.end ()) {
+				(this->*(it1->second))(results);	
+			} else
+				LogPrint (eLogError, "I2PControl: RouterManager unknown request: ", it->first);
+		}
+	}
+
+
+	void I2PControlService::ShutdownHandler (std::ostringstream& results)
+	{
+		LogPrint (eLogInfo, "I2PControl: Shutdown requested");
+		InsertParam (results, "Shutdown", "");
+		m_ShutdownTimer.expires_from_now (boost::posix_time::seconds(1)); // 1 second to make sure response has been sent
+		m_ShutdownTimer.async_wait (
+			[](const boost::system::error_code& ecode)
+		    {
+				Daemon.running = 0;
+			});
+	}
+
+	void I2PControlService::ShutdownGracefulHandler (std::ostringstream& results)
+	{
+		i2p::context.SetAcceptsTunnels (false);
+		int timeout = i2p::tunnel::tunnels.GetTransitTunnelsExpirationTimeout ();
+		LogPrint (eLogInfo, "I2PControl: Graceful shutdown requested, ", timeout, " seconds remains");
+		InsertParam (results, "ShutdownGraceful", "");
+		m_ShutdownTimer.expires_from_now (boost::posix_time::seconds(timeout + 1)); // + 1 second
+		m_ShutdownTimer.async_wait (
+			[](const boost::system::error_code& ecode)
+		    {
+				Daemon.running = 0;
+			});
+	}
+
+	void I2PControlService::ReseedHandler (std::ostringstream& results)
+	{
+		LogPrint (eLogInfo, "I2PControl: Reseed requested");
+		InsertParam (results, "Reseed", "");
+		i2p::data::netdb.Reseed ();
+	}
+
+// network setting
+	void I2PControlService::NetworkSettingHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		for (auto it = params.begin (); it != params.end (); it++)
+		{
+			if (it != params.begin ()) results << ",";	
+			LogPrint (eLogDebug, "I2PControl: NetworkSetting request: ", it->first);
+			auto it1 = m_NetworkSettingHandlers.find (it->first);
+			if (it1 != m_NetworkSettingHandlers.end ()) {
+				(this->*(it1->second))(it->second.data (), results);	
+			} else
+				LogPrint (eLogError, "I2PControl: NetworkSetting unknown request: ", it->first);
+		}
+	}
+
+	void I2PControlService::InboundBandwidthLimit (const std::string& value, std::ostringstream& results)
+	{
+		if (value != "null")
+			i2p::context.SetBandwidth (std::atoi(value.c_str()));
+		int bw = i2p::context.GetBandwidthLimit();
+		InsertParam (results, "i2p.router.net.bw.in", bw);
+	}
+
+	void I2PControlService::OutboundBandwidthLimit (const std::string& value, std::ostringstream& results)
+	{
+		if (value != "null")
+			i2p::context.SetBandwidth (std::atoi(value.c_str()));
+		int bw = i2p::context.GetBandwidthLimit();
+		InsertParam (results, "i2p.router.net.bw.out", bw);
+	}
+
+	// certificate	
+	void I2PControlService::CreateCertificate (const char *crt_path, const char *key_path)
+	{
+		FILE *f = NULL;
+		EVP_PKEY * pkey = EVP_PKEY_new ();
+		RSA * rsa = RSA_new ();
+		BIGNUM * e = BN_dup (i2p::crypto::GetRSAE ());
+		RSA_generate_key_ex (rsa, 4096, e, NULL);
+		BN_free (e);
+		if (rsa)
+		{
+			EVP_PKEY_assign_RSA (pkey, rsa);
+			X509 * x509 = X509_new ();
+			ASN1_INTEGER_set (X509_get_serialNumber (x509), 1);
+			X509_gmtime_adj (X509_get_notBefore (x509), 0);
+			X509_gmtime_adj (X509_get_notAfter (x509), I2P_CONTROL_CERTIFICATE_VALIDITY*24*60*60); // expiration
+			X509_set_pubkey (x509, pkey); // public key
+			X509_NAME * name = X509_get_subject_name (x509);
+			X509_NAME_add_entry_by_txt (name, "C",  MBSTRING_ASC, (unsigned char *)"A1", -1, -1, 0); // country (Anonymous proxy)
+			X509_NAME_add_entry_by_txt (name, "O",  MBSTRING_ASC, (unsigned char *)I2P_CONTROL_CERTIFICATE_ORGANIZATION, -1, -1, 0); // organization
+			X509_NAME_add_entry_by_txt (name, "CN", MBSTRING_ASC, (unsigned char *)I2P_CONTROL_CERTIFICATE_COMMON_NAME, -1, -1, 0); // common name
+			X509_set_issuer_name (x509, name); // set issuer to ourselves
+			X509_sign (x509, pkey, EVP_sha1 ()); // sign
+
+			// save cert
+			if ((f = fopen (crt_path, "wb")) != NULL) {
+				LogPrint (eLogInfo, "I2PControl: saving new cert to ", crt_path);
+				PEM_write_X509 (f, x509);
+				fclose (f);
+			} else {
+				LogPrint (eLogError, "I2PControl: can't write cert: ", strerror(errno));
+			}
+
+			// save key
+			if ((f = fopen (key_path, "wb")) != NULL) {
+				LogPrint (eLogInfo, "I2PControl: saving cert key to ", key_path);
+				PEM_write_PrivateKey (f, pkey, NULL, NULL, 0, NULL, NULL);
+				fclose (f);
+			} else {
+				LogPrint (eLogError, "I2PControl: can't write key: ", strerror(errno));
+			}
+
+			X509_free (x509);
+		} else {
+			LogPrint (eLogError, "I2PControl: can't create RSA key for certificate");
+		}
+		EVP_PKEY_free (pkey);
+	}
+}
+}

I2PControl.h

@@ -0,0 +1,122 @@
+#ifndef I2P_CONTROL_H__
+#define I2P_CONTROL_H__
+
+#include <inttypes.h>
+#include <thread>
+#include <memory>
+#include <array>
+#include <string>
+#include <sstream>
+#include <map>
+#include <set>
+#include <boost/asio.hpp>
+#include <boost/asio/ssl.hpp> 
+#include <boost/property_tree/ptree.hpp>
+
+namespace i2p
+{
+namespace client
+{
+	const size_t I2P_CONTROL_MAX_REQUEST_SIZE = 1024;
+	typedef std::array<char, I2P_CONTROL_MAX_REQUEST_SIZE> I2PControlBuffer;
+
+	const long I2P_CONTROL_CERTIFICATE_VALIDITY = 365*10; // 10 years
+	const char I2P_CONTROL_CERTIFICATE_COMMON_NAME[] = "i2pd.i2pcontrol";
+	const char I2P_CONTROL_CERTIFICATE_ORGANIZATION[] = "Purple I2P";
+
+	class I2PControlService
+	{
+		typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> ssl_socket;
+		public:
+
+			I2PControlService (const std::string& address, int port);
+			~I2PControlService ();
+
+			void Start ();
+			void Stop ();
+
+		private:
+
+			void Run ();
+			void Accept ();
+			void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket);
+			void Handshake (std::shared_ptr<ssl_socket> socket);
+			void HandleHandshake (const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket);
+			void ReadRequest (std::shared_ptr<ssl_socket> socket);
+			void HandleRequestReceived (const boost::system::error_code& ecode, size_t bytes_transferred,
+				std::shared_ptr<ssl_socket> socket, std::shared_ptr<I2PControlBuffer> buf);
+			void SendResponse (std::shared_ptr<ssl_socket> socket,
+				std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml);
+			void HandleResponseSent (const boost::system::error_code& ecode, std::size_t bytes_transferred,
+				std::shared_ptr<ssl_socket> socket, std::shared_ptr<I2PControlBuffer> buf);
+
+			void CreateCertificate (const char *crt_path, const char *key_path);
+
+		private:
+
+			void InsertParam (std::ostringstream& ss, const std::string& name, int value) const;
+			void InsertParam (std::ostringstream& ss, const std::string& name, double value) const;
+			void InsertParam (std::ostringstream& ss, const std::string& name, const std::string& value) const;
+
+			// methods
+			typedef void (I2PControlService::*MethodHandler)(const boost::property_tree::ptree& params, std::ostringstream& results);
+
+			void AuthenticateHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void EchoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void I2PControlHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void RouterInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void RouterManagerHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void NetworkSettingHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+
+			// I2PControl
+			typedef void (I2PControlService::*I2PControlRequestHandler)(const std::string& value);
+			void PasswordHandler (const std::string& value);
+
+			// RouterInfo
+			typedef void (I2PControlService::*RouterInfoRequestHandler)(std::ostringstream& results);
+			void UptimeHandler (std::ostringstream& results);
+			void VersionHandler (std::ostringstream& results);
+			void StatusHandler (std::ostringstream& results);
+			void NetDbKnownPeersHandler (std::ostringstream& results);
+			void NetDbActivePeersHandler (std::ostringstream& results);
+			void NetStatusHandler (std::ostringstream& results);
+			void TunnelsParticipatingHandler (std::ostringstream& results);
+			void TunnelsSuccessRateHandler (std::ostringstream& results);
+			void InboundBandwidth1S (std::ostringstream& results);
+			void OutboundBandwidth1S (std::ostringstream& results);
+			void NetTotalReceivedBytes (std::ostringstream& results);
+			void NetTotalSentBytes (std::ostringstream& results);
+
+			// RouterManager
+			typedef void (I2PControlService::*RouterManagerRequestHandler)(std::ostringstream& results);
+			void ShutdownHandler (std::ostringstream& results);
+			void ShutdownGracefulHandler (std::ostringstream& results);
+			void ReseedHandler (std::ostringstream& results);
+
+			// NetworkSetting
+			typedef void (I2PControlService::*NetworkSettingRequestHandler)(const std::string& value, std::ostringstream& results);
+			void InboundBandwidthLimit  (const std::string& value, std::ostringstream& results);
+			void OutboundBandwidthLimit (const std::string& value, std::ostringstream& results);
+
+		private:
+
+			std::string m_Password;
+			bool m_IsRunning;
+			std::thread * m_Thread;
+
+			boost::asio::io_service m_Service;
+			boost::asio::ip::tcp::acceptor m_Acceptor;
+			boost::asio::ssl::context m_SSLContext;
+			boost::asio::deadline_timer m_ShutdownTimer;
+			std::set<std::string> m_Tokens;
+
+			std::map<std::string, MethodHandler> m_MethodHandlers;
+			std::map<std::string, I2PControlRequestHandler> m_I2PControlHandlers;
+			std::map<std::string, RouterInfoRequestHandler> m_RouterInfoHandlers;
+			std::map<std::string, RouterManagerRequestHandler> m_RouterManagerHandlers;
+			std::map<std::string, NetworkSettingRequestHandler> m_NetworkSettingHandlers;
+	};
+}
+}
+
+#endif

I2PEndian.cpp

@@ -5,6 +5,7 @@
 
 #include "LittleBigEndian.h"
 
+#ifdef NEEDS_LOCAL_ENDIAN
 uint16_t htobe16(uint16_t int16)
 {
 	BigEndian<uint16_t> u16(int16);
@@ -40,6 +41,7 @@ uint64_t be64toh(uint64_t big64)
 	LittleEndian<uint64_t> u64(big64);
 	return u64.raw_value;
 }
+#endif
 
 /* it can be used in Windows 8
 #include <Winsock2.h>

I2PEndian.h

@@ -1,7 +1,9 @@
 #ifndef I2PENDIAN_H__
 #define I2PENDIAN_H__
+#include <inttypes.h>
+#include <string.h>
 
-#if defined(__linux__) || defined(__FreeBSD_kernel__)
+#if defined(__linux__) || defined(__FreeBSD_kernel__) || defined(__OpenBSD__)
 #include <endian.h>
 #elif __FreeBSD__
 #include <sys/endian.h>
@@ -25,6 +27,7 @@
 #define le64toh(x) OSSwapLittleToHostInt64(x)
 
 #else
+#define NEEDS_LOCAL_ENDIAN
 #include <cstdint>
 uint16_t htobe16(uint16_t int16);
 uint32_t htobe32(uint32_t int32);
@@ -44,5 +47,73 @@ uint64_t be64toh(uint64_t big64);
 
 #endif
 
+inline uint16_t buf16toh(const void *buf)
+{
+	uint16_t b16;
+	memcpy(&b16, buf, sizeof(uint16_t));
+	return b16;
+}
+
+inline uint32_t buf32toh(const void *buf)
+{
+	uint32_t b32;
+	memcpy(&b32, buf, sizeof(uint32_t));
+	return b32;
+}
+
+inline uint64_t buf64toh(const void *buf)
+{
+	uint64_t b64;
+	memcpy(&b64, buf, sizeof(uint64_t));
+	return b64;
+}
+
+inline uint16_t bufbe16toh(const void *buf)
+{
+	return be16toh(buf16toh(buf));
+}
+
+inline uint32_t bufbe32toh(const void *buf)
+{
+	return be32toh(buf32toh(buf));
+}
+
+inline uint64_t bufbe64toh(const void *buf)
+{
+	return be64toh(buf64toh(buf));
+}
+
+inline void htobuf16(void *buf, uint16_t b16)
+{
+	memcpy(buf, &b16, sizeof(uint16_t));
+}
+
+inline void htobuf32(void *buf, uint32_t b32)
+{
+	memcpy(buf, &b32, sizeof(uint32_t));
+}
+
+inline void htobuf64(void *buf, uint64_t b64)
+{
+	memcpy(buf, &b64, sizeof(uint64_t));
+}
+
+inline void htobe16buf(void *buf, uint16_t big16)
+{
+	htobuf16(buf, htobe16(big16));
+}
+
+inline void htobe32buf(void *buf, uint32_t big32)
+{
+	htobuf32(buf, htobe32(big32));
+}
+
+inline void htobe64buf(void *buf, uint64_t big64)
+{
+	htobuf64(buf, htobe64(big64));
+}
+
+
+
 #endif // I2PENDIAN_H__
 

I2PService.cpp

@@ -0,0 +1,216 @@
+#include "Destination.h"
+#include "Identity.h"
+#include "ClientContext.h"
+#include "I2PService.h"
+
+namespace i2p
+{
+namespace client
+{
+	static const i2p::data::SigningKeyType I2P_SERVICE_DEFAULT_KEY_TYPE = i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256;
+
+	I2PService::I2PService (std::shared_ptr<ClientDestination> localDestination):
+		m_LocalDestination (localDestination ? localDestination :
+					i2p::client::context.CreateNewLocalDestination (false, I2P_SERVICE_DEFAULT_KEY_TYPE))
+	{
+	}
+	
+	I2PService::I2PService (i2p::data::SigningKeyType kt):
+		m_LocalDestination (i2p::client::context.CreateNewLocalDestination (false, kt))
+	{
+	}
+	
+	void I2PService::CreateStream (StreamRequestComplete streamRequestComplete, const std::string& dest, int port) {
+		assert(streamRequestComplete);
+		i2p::data::IdentHash identHash;
+		if (i2p::client::context.GetAddressBook ().GetIdentHash (dest, identHash))
+			m_LocalDestination->CreateStream (streamRequestComplete, identHash, port);
+		else
+		{
+			LogPrint (eLogWarning, "I2PService: Remote destination not found: ", dest);
+			streamRequestComplete (nullptr);
+		}
+	}
+
+	TCPIPPipe::TCPIPPipe(I2PService * owner, std::shared_ptr<boost::asio::ip::tcp::socket> upstream, std::shared_ptr<boost::asio::ip::tcp::socket> downstream) : I2PServiceHandler(owner), m_up(upstream), m_down(downstream)
+	{
+		boost::asio::socket_base::receive_buffer_size option(TCP_IP_PIPE_BUFFER_SIZE);
+		upstream->set_option(option);
+		downstream->set_option(option);
+	}
+
+	TCPIPPipe::~TCPIPPipe()
+	{
+		Terminate();
+	}
+	
+	void TCPIPPipe::Start()
+	{
+		AsyncReceiveUpstream();
+		AsyncReceiveDownstream();
+	}
+
+	void TCPIPPipe::Terminate()
+	{
+		if(Kill()) return;
+		if (m_up) {
+			if (m_up->is_open()) {
+				m_up->close();
+			}
+			m_up = nullptr;
+		}
+		if (m_down) {
+			if (m_down->is_open()) {
+				m_down->close();
+			}
+			m_down = nullptr;
+		}
+		Done(shared_from_this());
+	}
+	
+	void TCPIPPipe::AsyncReceiveUpstream()
+	{
+		if (m_up) {
+			m_up->async_read_some(boost::asio::buffer(m_upstream_to_down_buf, TCP_IP_PIPE_BUFFER_SIZE),
+															std::bind(&TCPIPPipe::HandleUpstreamReceived, shared_from_this(),
+																				std::placeholders::_1, std::placeholders::_2));
+		} else {
+			LogPrint(eLogError, "TCPIPPipe: upstream receive: no socket");
+		}
+	}
+
+	void TCPIPPipe::AsyncReceiveDownstream()
+	{
+		if (m_down) {
+			m_down->async_read_some(boost::asio::buffer(m_downstream_to_up_buf, TCP_IP_PIPE_BUFFER_SIZE),
+															std::bind(&TCPIPPipe::HandleDownstreamReceived, shared_from_this(),
+																				std::placeholders::_1, std::placeholders::_2));
+		} else {
+			LogPrint(eLogError, "TCPIPPipe: downstream receive: no socket");
+		}
+	}
+
+	void TCPIPPipe::UpstreamWrite(size_t len)
+	{
+		if (m_up) {
+			LogPrint(eLogDebug, "TCPIPPipe: upstream: ", (int) len, " bytes written");
+			boost::asio::async_write(*m_up, boost::asio::buffer(m_upstream_buf, len),
+															 boost::asio::transfer_all(),
+															 std::bind(&TCPIPPipe::HandleUpstreamWrite,
+																				 shared_from_this(),
+																				 std::placeholders::_1)
+															 );
+		} else {
+			LogPrint(eLogError, "TCPIPPipe: upstream write: no socket");
+		}
+	}
+
+	void TCPIPPipe::DownstreamWrite(size_t len)
+	{
+		if (m_down) {
+			LogPrint(eLogDebug, "TCPIPPipe: downstream: ", (int) len, " bytes written");
+			boost::asio::async_write(*m_down, boost::asio::buffer(m_downstream_buf, len),
+															 boost::asio::transfer_all(),
+															 std::bind(&TCPIPPipe::HandleDownstreamWrite,
+																				 shared_from_this(),
+																				 std::placeholders::_1)
+															 );
+		} else { 
+			LogPrint(eLogError, "TCPIPPipe: downstream write: no socket");
+		}
+	}
+	
+	
+	void TCPIPPipe::HandleDownstreamReceived(const boost::system::error_code & ecode, std::size_t bytes_transfered)
+	{
+		LogPrint(eLogDebug, "TCPIPPipe: downstream: ", (int) bytes_transfered, " bytes received");
+		if (ecode) {
+			LogPrint(eLogError, "TCPIPPipe: downstream read error:" , ecode.message());
+			if (ecode != boost::asio::error::operation_aborted)
+				Terminate();
+		} else {
+			if (bytes_transfered > 0 ) {
+				memcpy(m_upstream_buf, m_downstream_to_up_buf, bytes_transfered);
+			}
+			UpstreamWrite(bytes_transfered);
+		}
+	}
+
+	void TCPIPPipe::HandleDownstreamWrite(const boost::system::error_code & ecode) {
+		if (ecode) {
+			LogPrint(eLogError, "TCPIPPipe: downstream write error:" , ecode.message());
+			if (ecode != boost::asio::error::operation_aborted)
+				Terminate();
+		} else {
+			AsyncReceiveUpstream();
+		}
+	}
+	
+	void TCPIPPipe::HandleUpstreamWrite(const boost::system::error_code & ecode) {
+		if (ecode) {
+			LogPrint(eLogError, "TCPIPPipe: upstream write error:" , ecode.message());
+			if (ecode != boost::asio::error::operation_aborted)
+				Terminate();
+		} else {
+			AsyncReceiveDownstream();
+		}
+	}
+	
+	void TCPIPPipe::HandleUpstreamReceived(const boost::system::error_code & ecode, std::size_t bytes_transfered)
+	{
+		LogPrint(eLogDebug, "TCPIPPipe: upstream ", (int)bytes_transfered, " bytes received");
+		if (ecode) {
+			LogPrint(eLogError, "TCPIPPipe: upstream read error:" , ecode.message());
+			if (ecode != boost::asio::error::operation_aborted)
+				Terminate();
+		} else {
+			if (bytes_transfered > 0 ) {
+				memcpy(m_downstream_buf, m_upstream_to_down_buf, bytes_transfered);
+			}
+			DownstreamWrite(bytes_transfered);
+		}
+	}
+	
+	void TCPIPAcceptor::Start ()
+	{
+		m_Acceptor.listen ();
+		Accept ();
+	}
+
+	void TCPIPAcceptor::Stop ()
+	{
+		m_Acceptor.close();
+		m_Timer.cancel ();
+		ClearHandlers();
+	}
+
+	void TCPIPAcceptor::Accept ()
+	{
+		auto newSocket = std::make_shared<boost::asio::ip::tcp::socket> (GetService ());
+		m_Acceptor.async_accept (*newSocket, std::bind (&TCPIPAcceptor::HandleAccept, this,
+			std::placeholders::_1, newSocket));
+	}
+
+	void TCPIPAcceptor::HandleAccept (const boost::system::error_code& ecode, std::shared_ptr<boost::asio::ip::tcp::socket> socket)
+	{
+		if (!ecode)
+		{
+			LogPrint(eLogDebug, "I2PService: ", GetName(), " accepted");
+			auto handler = CreateHandler(socket);
+			if (handler) 
+			{
+				AddHandler(handler);
+				handler->Handle();
+			} 
+			else 
+				socket->close();
+			Accept();
+		}
+		else
+		{
+			if (ecode != boost::asio::error::operation_aborted)
+				LogPrint (eLogError, "I2PService: ", GetName(), " closing socket on accept because: ", ecode.message ());
+		}
+	}
+}
+}

I2PService.h

@@ -0,0 +1,138 @@
+#ifndef I2PSERVICE_H__
+#define I2PSERVICE_H__
+
+#include <atomic>
+#include <mutex>
+#include <unordered_set>
+#include <memory>
+#include <boost/asio.hpp>
+#include "Destination.h"
+#include "Identity.h"
+
+namespace i2p
+{
+namespace client
+{
+	class I2PServiceHandler;
+	class I2PService
+	{
+		public:
+			I2PService (std::shared_ptr<ClientDestination> localDestination  = nullptr);
+			I2PService (i2p::data::SigningKeyType kt);
+			virtual ~I2PService () { ClearHandlers (); }
+
+			inline void AddHandler (std::shared_ptr<I2PServiceHandler> conn)
+			{
+				std::unique_lock<std::mutex> l(m_HandlersMutex);
+				m_Handlers.insert(conn);
+			}
+			inline void RemoveHandler (std::shared_ptr<I2PServiceHandler> conn)
+			{
+				std::unique_lock<std::mutex> l(m_HandlersMutex);
+				m_Handlers.erase(conn);
+			}
+			inline void ClearHandlers ()
+			{
+				std::unique_lock<std::mutex> l(m_HandlersMutex);
+				m_Handlers.clear();
+			}
+
+			inline std::shared_ptr<ClientDestination> GetLocalDestination () { return m_LocalDestination; }
+			inline std::shared_ptr<const ClientDestination> GetLocalDestination () const  { return m_LocalDestination; }
+			inline void SetLocalDestination (std::shared_ptr<ClientDestination> dest) { m_LocalDestination = dest; }
+			void CreateStream (StreamRequestComplete streamRequestComplete, const std::string& dest, int port = 0);
+
+			inline boost::asio::io_service& GetService () { return m_LocalDestination->GetService (); }
+
+			virtual void Start () = 0;
+			virtual void Stop () = 0;
+
+			virtual const char* GetName() { return "Generic I2P Service"; }
+		private:
+
+			std::shared_ptr<ClientDestination> m_LocalDestination;
+			std::unordered_set<std::shared_ptr<I2PServiceHandler> > m_Handlers;
+			std::mutex m_HandlersMutex;
+	};
+
+	/*Simple interface for I2PHandlers, allows detection of finalization amongst other things */
+	class I2PServiceHandler
+	{
+		public:
+			I2PServiceHandler(I2PService * parent) : m_Service(parent), m_Dead(false) { }
+			virtual ~I2PServiceHandler() { }
+			//If you override this make sure you call it from the children
+			virtual void Handle() {}; //Start handling the socket
+		protected:
+			// Call when terminating or handing over to avoid race conditions
+			inline bool Kill () { return m_Dead.exchange(true); }
+			// Call to know if the handler is dead
+			inline bool Dead () { return m_Dead; }
+			// Call when done to clean up (make sure Kill is called first)
+			inline void Done (std::shared_ptr<I2PServiceHandler> me) { if(m_Service) m_Service->RemoveHandler(me); }
+			// Call to talk with the owner
+			inline I2PService * GetOwner() { return m_Service; }
+		private:
+			I2PService *m_Service;
+			std::atomic<bool> m_Dead; //To avoid cleaning up multiple times
+	};
+
+	const size_t TCP_IP_PIPE_BUFFER_SIZE = 8192 * 8;
+
+	// bidirectional pipe for 2 tcp/ip sockets
+	class TCPIPPipe: public I2PServiceHandler, public std::enable_shared_from_this<TCPIPPipe> {
+	public:
+		TCPIPPipe(I2PService * owner, std::shared_ptr<boost::asio::ip::tcp::socket> upstream, std::shared_ptr<boost::asio::ip::tcp::socket> downstream);
+		~TCPIPPipe();
+		void Start();
+	protected:
+		void Terminate();
+		void AsyncReceiveUpstream();
+		void AsyncReceiveDownstream();
+		void HandleUpstreamReceived(const boost::system::error_code & ecode, std::size_t bytes_transferred);
+		void HandleDownstreamReceived(const boost::system::error_code & ecode, std::size_t bytes_transferred);
+		void HandleUpstreamWrite(const boost::system::error_code & ecode);
+		void HandleDownstreamWrite(const boost::system::error_code & ecode);
+		void UpstreamWrite(size_t len);
+		void DownstreamWrite(size_t len);
+	private:
+		uint8_t m_upstream_to_down_buf[TCP_IP_PIPE_BUFFER_SIZE], m_downstream_to_up_buf[TCP_IP_PIPE_BUFFER_SIZE];
+		uint8_t m_upstream_buf[TCP_IP_PIPE_BUFFER_SIZE], m_downstream_buf[TCP_IP_PIPE_BUFFER_SIZE];
+		std::shared_ptr<boost::asio::ip::tcp::socket> m_up, m_down;
+	};
+	
+	/* TODO: support IPv6 too */
+	//This is a service that listens for connections on the IP network and interacts with I2P
+	class TCPIPAcceptor: public I2PService
+	{
+		public:
+			TCPIPAcceptor (const std::string& address, int port, std::shared_ptr<ClientDestination> localDestination = nullptr) :
+				I2PService(localDestination),
+				m_Acceptor (GetService (), boost::asio::ip::tcp::endpoint (boost::asio::ip::address::from_string(address), port)),
+				m_Timer (GetService ()) {}
+			TCPIPAcceptor (const std::string& address, int port, i2p::data::SigningKeyType kt) :
+				I2PService(kt),
+				m_Acceptor (GetService (), boost::asio::ip::tcp::endpoint (boost::asio::ip::address::from_string(address), port)),
+				m_Timer (GetService ()) {}
+			virtual ~TCPIPAcceptor () { TCPIPAcceptor::Stop(); }
+			//If you override this make sure you call it from the children
+			void Start ();
+			//If you override this make sure you call it from the children
+			void Stop ();
+
+			const boost::asio::ip::tcp::acceptor& GetAcceptor () const { return m_Acceptor; };
+
+    virtual const char* GetName() { return "Generic TCP/IP accepting daemon"; }
+
+		protected:
+			virtual std::shared_ptr<I2PServiceHandler> CreateHandler(std::shared_ptr<boost::asio::ip::tcp::socket> socket) = 0;
+		private:
+			void Accept();
+			void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<boost::asio::ip::tcp::socket> socket);
+			boost::asio::ip::tcp::acceptor m_Acceptor;
+			boost::asio::deadline_timer m_Timer;
+	};
+}
+}
+
+#endif

I2PTunnel.h

@@ -4,120 +4,357 @@
 #include <inttypes.h>
 #include <string>
 #include <set>
+#include <tuple>
+#include <memory>
+#include <sstream>
 #include <boost/asio.hpp>
 #include "Identity.h"
 #include "Destination.h"
+#include "Datagram.h"
 #include "Streaming.h"
+#include "I2PService.h"
 
 namespace i2p
 {
 namespace client
 {
-	const size_t I2P_TUNNEL_CONNECTION_BUFFER_SIZE = 8192;
+	const size_t I2P_TUNNEL_CONNECTION_BUFFER_SIZE = 65536;
 	const int I2P_TUNNEL_CONNECTION_MAX_IDLE = 3600; // in seconds	
 	const int I2P_TUNNEL_DESTINATION_REQUEST_TIMEOUT = 10; // in seconds
+	// for HTTP tunnels		
+	const char X_I2P_DEST_HASH[] = "X-I2P-DestHash"; // hash  in base64
+	const char X_I2P_DEST_B64[] = "X-I2P-DestB64"; // full address in base64
+	const char X_I2P_DEST_B32[] = "X-I2P-DestB32"; // .b32.i2p address
 
-	class I2PTunnel;
-	class I2PTunnelConnection
+	class I2PTunnelConnection: public I2PServiceHandler, public std::enable_shared_from_this<I2PTunnelConnection>
 	{
 		public:
 
-			I2PTunnelConnection (I2PTunnel * owner, boost::asio::ip::tcp::socket * socket,
-				const i2p::data::LeaseSet * leaseSet);
-			I2PTunnelConnection (I2PTunnel * owner, i2p::stream::Stream * stream,  boost::asio::ip::tcp::socket * socket, 
-				const boost::asio::ip::tcp::endpoint& target); 
+			I2PTunnelConnection (I2PService * owner, std::shared_ptr<boost::asio::ip::tcp::socket> socket,
+				std::shared_ptr<const i2p::data::LeaseSet> leaseSet, int port = 0); // to I2P
+			I2PTunnelConnection (I2PService * owner, std::shared_ptr<boost::asio::ip::tcp::socket> socket,
+				std::shared_ptr<i2p::stream::Stream> stream); // to I2P using simplified API 
+			I2PTunnelConnection (I2PService * owner, std::shared_ptr<i2p::stream::Stream> stream,  std::shared_ptr<boost::asio::ip::tcp::socket> socket, 
+				const boost::asio::ip::tcp::endpoint& target, bool quiet = true); // from I2P
 			~I2PTunnelConnection ();
-
-		private:
+			void I2PConnect (const uint8_t * msg = nullptr, size_t len = 0);
+			void Connect (bool isUniqueLocal = true);
+			
+		protected:
 
 			void Terminate ();	
 
 			void Receive ();
 			void HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred);	
+			virtual void Write (const uint8_t * buf, size_t len); // can be overloaded
 			void HandleWrite (const boost::system::error_code& ecode);	
 
 			void StreamReceive ();
 			void HandleStreamReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 			void HandleConnect (const boost::system::error_code& ecode);
 
+			std::shared_ptr<const boost::asio::ip::tcp::socket> GetSocket () const { return m_Socket; };
+
 		private:
 
 			uint8_t m_Buffer[I2P_TUNNEL_CONNECTION_BUFFER_SIZE], m_StreamBuffer[I2P_TUNNEL_CONNECTION_BUFFER_SIZE];
-			boost::asio::ip::tcp::socket * m_Socket;
-			i2p::stream::Stream * m_Stream;
-			I2PTunnel * m_Owner;
-	};	
+			std::shared_ptr<boost::asio::ip::tcp::socket> m_Socket;
+			std::shared_ptr<i2p::stream::Stream> m_Stream;
+			boost::asio::ip::tcp::endpoint m_RemoteEndpoint;
+			bool m_IsQuiet; // don't send destination
+	};
 
-	class I2PTunnel
+	class I2PClientTunnelConnectionHTTP: public I2PTunnelConnection
 	{
 		public:
 
-			I2PTunnel (boost::asio::io_service& service, ClientDestination * localDestination): 
-				m_Service (service), m_LocalDestination (localDestination) {};
-			virtual ~I2PTunnel () { ClearConnections (); }; 
+			I2PClientTunnelConnectionHTTP (I2PService * owner, std::shared_ptr<boost::asio::ip::tcp::socket> socket,
+				std::shared_ptr<i2p::stream::Stream> stream):
+				I2PTunnelConnection (owner, socket, stream), m_HeaderSent (false),
+				m_ConnectionSent (false), m_ProxyConnectionSent (false) {};
 
-			void AddConnection (I2PTunnelConnection * conn);
-			void RemoveConnection (I2PTunnelConnection * conn);	
-			void ClearConnections ();
-			ClientDestination * GetLocalDestination () { return m_LocalDestination; };
-			void SetLocalDestination (ClientDestination * dest) { m_LocalDestination = dest; }; 			
+		protected:
 
-			boost::asio::io_service& GetService () { return m_Service; };
+			void Write (const uint8_t * buf, size_t len);	
+			
+		private:	
+
+			std::stringstream m_InHeader, m_OutHeader;
+			bool m_HeaderSent, m_ConnectionSent, m_ProxyConnectionSent;
+	};	
+	
+	class I2PServerTunnelConnectionHTTP: public I2PTunnelConnection
+	{
+		public:
+			
+			I2PServerTunnelConnectionHTTP (I2PService * owner, std::shared_ptr<i2p::stream::Stream> stream,
+				std::shared_ptr<boost::asio::ip::tcp::socket> socket, 
+				const boost::asio::ip::tcp::endpoint& target, const std::string& host); 
+
+		protected:
+
+			void Write (const uint8_t * buf, size_t len);
+
+		private:
+		
+			std::string m_Host;
+			std::stringstream m_InHeader, m_OutHeader;
+			bool m_HeaderSent;
+			std::shared_ptr<const i2p::data::IdentityEx> m_From;
+	};
+
+	class I2PTunnelConnectionIRC: public I2PTunnelConnection
+    {
+        public:
+                
+            I2PTunnelConnectionIRC (I2PService * owner, std::shared_ptr<i2p::stream::Stream> stream,
+                std::shared_ptr<boost::asio::ip::tcp::socket> socket, 
+                const boost::asio::ip::tcp::endpoint& target, const std::string& m_WebircPass); 
+
+        protected:
+
+            void Write (const uint8_t * buf, size_t len);
+
+        private:
+   
+            std::shared_ptr<const i2p::data::IdentityEx> m_From;
+            std::stringstream m_OutPacket, m_InPacket;
+			bool m_NeedsWebIrc;
+            std::string m_WebircPass; 
+    };
+
+
+	class I2PClientTunnel: public TCPIPAcceptor
+	{
+		protected:
+
+			// Implements TCPIPAcceptor
+			std::shared_ptr<I2PServiceHandler> CreateHandler(std::shared_ptr<boost::asio::ip::tcp::socket> socket);
+
+		public:
+
+			I2PClientTunnel (const std::string& name, const std::string& destination, 
+				const std::string& address, int port, std::shared_ptr<ClientDestination> localDestination, int destinationPort = 0);
+			~I2PClientTunnel () {}
+	
+			void Start ();
+			void Stop ();
+
+			const char* GetName() { return m_Name.c_str (); }	
 			
 		private:
 
-			boost::asio::io_service& m_Service;
-			ClientDestination * m_LocalDestination;
-			std::set<I2PTunnelConnection *> m_Connections;
-	};	
-	
-	class I2PClientTunnel: public I2PTunnel
-	{
-		public:
-
-			I2PClientTunnel (boost::asio::io_service& service, const std::string& destination, int port,
-				ClientDestination * localDestination = nullptr);
-			~I2PClientTunnel ();				
-	
-			void Start ();
-			void Stop ();
+			const i2p::data::IdentHash * GetIdentHash ();
 
 		private:
-
-			void Accept ();
-			void HandleAccept (const boost::system::error_code& ecode, boost::asio::ip::tcp::socket * socket);
-			void HandleDestinationRequestTimer (const boost::system::error_code& ecode, boost::asio::ip::tcp::socket * socket);
-			void CreateConnection (boost::asio::ip::tcp::socket * socket);				
-
-		private:
-
-			boost::asio::ip::tcp::acceptor m_Acceptor;
-			boost::asio::deadline_timer m_Timer;
-			std::string m_Destination;
+			
+			std::string m_Name, m_Destination;
 			const i2p::data::IdentHash * m_DestinationIdentHash;
-			const i2p::data::LeaseSet * m_RemoteLeaseSet;
-	};	
+			int m_DestinationPort;	
+	};
 
-	class I2PServerTunnel: public I2PTunnel
+
+	/** 2 minute timeout for udp sessions */
+	const uint64_t I2P_UDP_SESSION_TIMEOUT = 1000 * 60 * 2;
+
+	/** max size for i2p udp */
+	const size_t I2P_UDP_MAX_MTU = i2p::datagram::MAX_DATAGRAM_SIZE;
+
+	struct UDPSession
+	{
+		i2p::datagram::DatagramDestination * m_Destination;
+		boost::asio::ip::udp::socket IPSocket;
+		i2p::data::IdentHash Identity;
+		boost::asio::ip::udp::endpoint FromEndpoint;
+		boost::asio::ip::udp::endpoint SendEndpoint;
+		uint64_t LastActivity;
+
+		uint16_t LocalPort;
+		uint16_t RemotePort;
+
+		uint8_t m_Buffer[I2P_UDP_MAX_MTU];
+	
+		UDPSession(boost::asio::ip::udp::endpoint localEndpoint,
+							 const std::shared_ptr<i2p::client::ClientDestination> & localDestination,
+							 boost::asio::ip::udp::endpoint remote, const i2p::data::IdentHash * ident,
+							 uint16_t ourPort, uint16_t theirPort);
+		void HandleReceived(const boost::system::error_code & ecode, std::size_t len);
+		void Receive();
+	};
+
+  
+	/** read only info about a datagram session */
+	struct DatagramSessionInfo
+	{
+		/** the name of this forward */
+		std::string Name;
+		/** ident hash of local destination */
+		std::shared_ptr<const i2p::data::IdentHash> LocalIdent;
+		/** ident hash of remote destination */
+		std::shared_ptr<const i2p::data::IdentHash> RemoteIdent;
+		/** ident hash of IBGW in use currently in this session or nullptr if none is set */
+		std::shared_ptr<const i2p::data::IdentHash> CurrentIBGW;
+		/** ident hash of OBEP in use for this session or nullptr if none is set */
+		std::shared_ptr<const i2p::data::IdentHash> CurrentOBEP;
+		/** i2p router's udp endpoint */
+		boost::asio::ip::udp::endpoint LocalEndpoint;
+		/** client's udp endpoint */
+		boost::asio::ip::udp::endpoint RemoteEndpoint;
+		/** how long has this converstation been idle in ms */
+		uint64_t idle;
+	};
+
+	typedef std::shared_ptr<UDPSession> UDPSessionPtr;
+	
+	/** server side udp tunnel, many i2p inbound to 1 ip outbound */
+	class I2PUDPServerTunnel
+  {
+		public:
+			I2PUDPServerTunnel(const std::string & name,
+				std::shared_ptr<i2p::client::ClientDestination> localDestination,
+        boost::asio::ip::address localAddress,
+				boost::asio::ip::udp::endpoint forwardTo, uint16_t port);
+			~I2PUDPServerTunnel();
+			/** expire stale udp conversations */
+			void ExpireStale(const uint64_t delta=I2P_UDP_SESSION_TIMEOUT);
+			void Start();
+			const char * GetName() const { return m_Name.c_str(); }
+			std::vector<std::shared_ptr<DatagramSessionInfo> > GetSessions();
+			std::shared_ptr<ClientDestination> GetLocalDestination () const { return m_LocalDest; }
+
+			void SetUniqueLocal(bool isUniqueLocal = true) { m_IsUniqueLocal = isUniqueLocal; }
+
+		private:
+
+			void HandleRecvFromI2P(const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
+			UDPSessionPtr ObtainUDPSession(const i2p::data::IdentityEx& from, uint16_t localPort, uint16_t remotePort);
+
+		private:
+			bool m_IsUniqueLocal;
+			const std::string m_Name;
+			boost::asio::ip::address m_LocalAddress;
+			boost::asio::ip::udp::endpoint m_RemoteEndpoint;
+			std::mutex m_SessionsMutex;
+			std::vector<UDPSessionPtr> m_Sessions;
+			std::shared_ptr<i2p::client::ClientDestination> m_LocalDest;
+	};
+
+	class I2PUDPClientTunnel 
+	{
+		public:
+			I2PUDPClientTunnel(const std::string & name, const std::string &remoteDest,
+				boost::asio::ip::udp::endpoint localEndpoint, std::shared_ptr<i2p::client::ClientDestination> localDestination,
+				uint16_t remotePort);
+			~I2PUDPClientTunnel();
+			void Start();
+			const char * GetName() const { return m_Name.c_str(); }
+			std::vector<std::shared_ptr<DatagramSessionInfo> > GetSessions();
+			
+			bool IsLocalDestination(const i2p::data::IdentHash & destination) const { return destination == m_LocalDest->GetIdentHash(); }
+
+			std::shared_ptr<ClientDestination> GetLocalDestination () const { return m_LocalDest; }
+			void ExpireStale(const uint64_t delta=I2P_UDP_SESSION_TIMEOUT);
+
+		private:
+		typedef std::pair<boost::asio::ip::udp::endpoint, uint64_t> UDPConvo;
+		void RecvFromLocal();
+		void HandleRecvFromLocal(const boost::system::error_code & e, std::size_t transferred);
+			void HandleRecvFromI2P(const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
+			void TryResolving();
+			const std::string m_Name;
+		std::mutex m_SessionsMutex;
+		std::map<uint16_t, UDPConvo > m_Sessions; // maps i2p port -> local udp convo
+			const std::string m_RemoteDest;
+			std::shared_ptr<i2p::client::ClientDestination> m_LocalDest;
+			const boost::asio::ip::udp::endpoint m_LocalEndpoint;
+			i2p::data::IdentHash * m_RemoteIdent;
+			std::thread * m_ResolveThread;
+		boost::asio::ip::udp::socket m_LocalSocket;
+		boost::asio::ip::udp::endpoint m_RecvEndpoint;
+		uint8_t m_RecvBuff[I2P_UDP_MAX_MTU];
+			uint16_t RemotePort;
+			bool m_cancel_resolve;
+	};
+	
+	class I2PServerTunnel: public I2PService
 	{
 		public:
 
-			I2PServerTunnel (boost::asio::io_service& service, const std::string& address, int port, 
-				ClientDestination * localDestination);	
+			I2PServerTunnel (const std::string& name, const std::string& address, int port, 
+				std::shared_ptr<ClientDestination> localDestination, int inport = 0, bool gzip = true);	
 
 			void Start ();
 			void Stop ();
 
-		private:
+			void SetAccessList (const std::set<i2p::data::IdentHash>& accessList); 
+
+			void SetUniqueLocal (bool isUniqueLocal) { m_IsUniqueLocal = isUniqueLocal; }
+			bool IsUniqueLocal () const { return m_IsUniqueLocal; }
+
+			const std::string& GetAddress() const { return m_Address; }
+			int GetPort () const { return m_Port; };
+			uint16_t GetLocalPort () const { return m_PortDestination->GetLocalPort (); };
+			const boost::asio::ip::tcp::endpoint& GetEndpoint () const { return m_Endpoint; }
+
+			const char* GetName() { return m_Name.c_str (); }	
+
+      void SetMaxConnsPerMinute(const uint32_t conns) { m_PortDestination->SetMaxConnsPerMinute(conns); }
+
+  private:
+
+			void HandleResolve (const boost::system::error_code& ecode, boost::asio::ip::tcp::resolver::iterator it, 
+				std::shared_ptr<boost::asio::ip::tcp::resolver> resolver);
 
 			void Accept ();
-			void HandleAccept (i2p::stream::Stream * stream);
+			void HandleAccept (std::shared_ptr<i2p::stream::Stream> stream);
+			virtual std::shared_ptr<I2PTunnelConnection> CreateI2PConnection (std::shared_ptr<i2p::stream::Stream> stream);
+
+		private:
+			
+			bool m_IsUniqueLocal;
+			std::string m_Name, m_Address;
+			int m_Port;
+			boost::asio::ip::tcp::endpoint m_Endpoint;	
+			std::shared_ptr<i2p::stream::StreamingDestination> m_PortDestination;
+			std::set<i2p::data::IdentHash> m_AccessList;
+			bool m_IsAccessList;
+	};
+
+	class I2PServerTunnelHTTP: public I2PServerTunnel
+	{
+		public:
+
+			I2PServerTunnelHTTP (const std::string& name, const std::string& address, int port, 
+				std::shared_ptr<ClientDestination> localDestination, const std::string& host,
+			    int inport = 0, bool gzip = true);	
 
 		private:
 
-			boost::asio::ip::tcp::endpoint m_Endpoint;		
+			std::shared_ptr<I2PTunnelConnection> CreateI2PConnection (std::shared_ptr<i2p::stream::Stream> stream);
+
+		private:
+
+			std::string m_Host;
 	};
-}		
+	
+    class I2PServerTunnelIRC: public I2PServerTunnel
+    {
+        public:
+
+            I2PServerTunnelIRC (const std::string& name, const std::string& address, int port, 
+                std::shared_ptr<ClientDestination> localDestination, const std::string& webircpass,
+                int inport = 0, bool gzip = true);   
+
+        private:
+
+            std::shared_ptr<I2PTunnelConnection> CreateI2PConnection (std::shared_ptr<i2p::stream::Stream> stream);
+
+        private:
+
+        	std::string m_WebircPass;
+    };
+
+}
 }	
 
 #endif

Identity.cpp

@@ -1,13 +1,9 @@
 #include <time.h>
 #include <stdio.h>
-#include <cryptopp/sha.h>
-#include <cryptopp/osrng.h>
-#include <cryptopp/dsa.h>
-#include "base64.h"
-#include "CryptoConst.h"
-#include "RouterContext.h"
-#include "Identity.h"
+#include "Crypto.h"
 #include "I2PEndian.h"
+#include "Log.h"
+#include "Identity.h"
 
 namespace i2p
 {
@@ -17,12 +13,16 @@ namespace data
 	{
 		// copy public and signing keys together
 		memcpy (publicKey, keys.publicKey, sizeof (publicKey) + sizeof (signingKey));
-		memset (&certificate, 0, sizeof (certificate));		
+		memset (certificate, 0, sizeof (certificate));		
 		return *this;
 	}
 
 	size_t Identity::FromBuffer (const uint8_t * buf, size_t len)
 	{
+		if ( len < DEFAULT_IDENTITY_SIZE ) {
+			// buffer too small, don't overflow
+			return 0;
+		}
 		memcpy (publicKey, buf, DEFAULT_IDENTITY_SIZE);
 		return DEFAULT_IDENTITY_SIZE;
 	}
@@ -30,35 +30,104 @@ namespace data
 	IdentHash Identity::Hash () const
 	{
 		IdentHash hash;
-		CryptoPP::SHA256().CalculateDigest(hash, publicKey, DEFAULT_IDENTITY_SIZE);
+		SHA256(publicKey, DEFAULT_IDENTITY_SIZE, hash);
 		return hash;
 	}	
 	
 	IdentityEx::IdentityEx ():
-		m_Verifier (nullptr), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
+		m_IsVerifierCreated (false), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
 	{
 	}
 
-	IdentityEx::IdentityEx(const uint8_t * publicKey, const uint8_t * signingKey, SigningKeyType type)
+	IdentityEx::IdentityEx(const uint8_t * publicKey, const uint8_t * signingKey, SigningKeyType type):
+		m_IsVerifierCreated (false)
 	{	
 		memcpy (m_StandardIdentity.publicKey, publicKey, sizeof (m_StandardIdentity.publicKey));
-		if (type == SIGNING_KEY_TYPE_ECDSA_SHA256_P256)
+		if (type != SIGNING_KEY_TYPE_DSA_SHA1)
 		{
-			memcpy (m_StandardIdentity.signingKey + 64, signingKey, 64);
-			m_StandardIdentity.certificate.type = CERTIFICATE_TYPE_KEY;
-			m_ExtendedLen = 4; // 4 bytes extra
-			m_StandardIdentity.certificate.length = htobe16 (4); 
+			size_t excessLen = 0;
+			uint8_t * excessBuf = nullptr;
+			switch (type)
+			{
+				case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
+				{	
+					size_t padding =  128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
+					RAND_bytes (m_StandardIdentity.signingKey, padding);
+					memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP256_KEY_LENGTH);
+					break;
+				}
+				case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
+				{	
+					size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96
+					RAND_bytes (m_StandardIdentity.signingKey, padding);
+					memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP384_KEY_LENGTH);
+					break;
+				}	
+				case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
+				{
+					memcpy (m_StandardIdentity.signingKey, signingKey, 128);
+					excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132 - 128
+					excessBuf = new uint8_t[excessLen];
+					memcpy (excessBuf, signingKey + 128, excessLen);
+					break;
+				}	
+				case SIGNING_KEY_TYPE_RSA_SHA256_2048:
+				{
+					memcpy (m_StandardIdentity.signingKey, signingKey, 128);
+					excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256 - 128
+					excessBuf = new uint8_t[excessLen];
+					memcpy (excessBuf, signingKey + 128, excessLen);
+					break;
+				}	
+				case SIGNING_KEY_TYPE_RSA_SHA384_3072:
+				{
+					memcpy (m_StandardIdentity.signingKey, signingKey, 128);
+					excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384 - 128
+					excessBuf = new uint8_t[excessLen];
+					memcpy (excessBuf, signingKey + 128, excessLen);
+					break;
+				}	
+				case SIGNING_KEY_TYPE_RSA_SHA512_4096:
+				{
+					memcpy (m_StandardIdentity.signingKey, signingKey, 128);
+					excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512 - 128
+					excessBuf = new uint8_t[excessLen];
+					memcpy (excessBuf, signingKey + 128, excessLen);
+					break;
+				}	
+				case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
+				{
+					size_t padding =  128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
+					RAND_bytes (m_StandardIdentity.signingKey, padding);
+					memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH);
+					break;
+				}	
+				default:
+					LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported");
+			}	
+			m_ExtendedLen = 4 + excessLen; // 4 bytes extra + excess length
+			// fill certificate
+			m_StandardIdentity.certificate[0] = CERTIFICATE_TYPE_KEY;
+			htobe16buf (m_StandardIdentity.certificate + 1, m_ExtendedLen); 
+			// fill extended buffer
 			m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
-			*(uint16_t *)m_ExtendedBuffer = htobe16 (SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
-			*(uint16_t *)(m_ExtendedBuffer + 2) = htobe16 (CRYPTO_KEY_TYPE_ELGAMAL);
-			uint8_t buf[DEFAULT_IDENTITY_SIZE + 4];
-			ToBuffer (buf, DEFAULT_IDENTITY_SIZE + 4);
-			CryptoPP::SHA256().CalculateDigest(m_IdentHash, buf, GetFullLen ());
+			htobe16buf (m_ExtendedBuffer, type);
+			htobe16buf (m_ExtendedBuffer + 2, CRYPTO_KEY_TYPE_ELGAMAL);
+			if (excessLen && excessBuf)
+			{
+				memcpy (m_ExtendedBuffer + 4, excessBuf, excessLen);
+				delete[] excessBuf;
+			}	
+			// calculate ident hash
+			uint8_t * buf = new uint8_t[GetFullLen ()];
+			ToBuffer (buf, GetFullLen ());
+			SHA256(buf, GetFullLen (), m_IdentHash);
+			delete[] buf;
 		}
 		else // DSA-SHA1
 		{
 			memcpy (m_StandardIdentity.signingKey, signingKey, sizeof (m_StandardIdentity.signingKey));
-			memset (&m_StandardIdentity.certificate, 0, sizeof (m_StandardIdentity.certificate));
+			memset (m_StandardIdentity.certificate, 0, sizeof (m_StandardIdentity.certificate));
 			m_IdentHash = m_StandardIdentity.Hash ();
 			m_ExtendedLen = 0;
 			m_ExtendedBuffer = nullptr;
@@ -67,20 +136,25 @@ namespace data
 	}	
 		
 	IdentityEx::IdentityEx (const uint8_t * buf, size_t len):
-		m_Verifier (nullptr), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
+		m_IsVerifierCreated (false), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
 	{
 		FromBuffer (buf, len);
 	}
 
 	IdentityEx::IdentityEx (const IdentityEx& other):
-		m_Verifier (nullptr), m_ExtendedBuffer (nullptr)
+		m_IsVerifierCreated (false), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
 	{
 		*this = other;
 	}	
+
+	IdentityEx::IdentityEx (const Identity& standard):
+		m_IsVerifierCreated (false), m_ExtendedLen (0), m_ExtendedBuffer (nullptr)
+	{
+		*this = standard;
+	}	
 		
 	IdentityEx::~IdentityEx ()
 	{
-		delete m_Verifier;
 		delete[] m_ExtendedBuffer;
 	}	
 
@@ -99,8 +173,8 @@ namespace data
 		else
 			m_ExtendedBuffer = nullptr;
 		
-		delete m_Verifier;
 		m_Verifier = nullptr;
+		m_IsVerifierCreated = false;
 		
 		return *this;
 	}	
@@ -114,51 +188,80 @@ namespace data
 		m_ExtendedBuffer = nullptr;
 		m_ExtendedLen = 0;
 
-		delete m_Verifier;
 		m_Verifier = nullptr;
+		m_IsVerifierCreated = false;
 		
 		return *this;
 	}	
 		
 	size_t IdentityEx::FromBuffer (const uint8_t * buf, size_t len)
 	{
+		if (len < DEFAULT_IDENTITY_SIZE)
+		{
+			LogPrint (eLogError, "Identity: buffer length ", len, " is too small");
+			return 0;
+		}	
 		memcpy (&m_StandardIdentity, buf, DEFAULT_IDENTITY_SIZE);
 
-		delete[] m_ExtendedBuffer;
-		if (m_StandardIdentity.certificate.length)
+		if(m_ExtendedBuffer) delete[] m_ExtendedBuffer;
+		m_ExtendedBuffer = nullptr;
+
+		m_ExtendedLen = bufbe16toh (m_StandardIdentity.certificate + 1);
+		if (m_ExtendedLen)
 		{
-			m_ExtendedLen = be16toh (m_StandardIdentity.certificate.length);
-			m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
-			memcpy (m_ExtendedBuffer, buf + DEFAULT_IDENTITY_SIZE, m_ExtendedLen);
+			if (m_ExtendedLen + DEFAULT_IDENTITY_SIZE <= len)
+			{	
+				m_ExtendedBuffer = new uint8_t[m_ExtendedLen];
+				memcpy (m_ExtendedBuffer, buf + DEFAULT_IDENTITY_SIZE, m_ExtendedLen);
+			}	
+			else
+			{
+				LogPrint (eLogError, "Identity: Certificate length ", m_ExtendedLen, " exceeds buffer length ", len - DEFAULT_IDENTITY_SIZE);
+				m_ExtendedLen = 0;
+				return 0;
+			}	
 		}		
 		else
 		{
 			m_ExtendedLen = 0;
 			m_ExtendedBuffer = nullptr;
 		}	
-		CryptoPP::SHA256().CalculateDigest(m_IdentHash, buf, GetFullLen ());
+		SHA256(buf, GetFullLen (), m_IdentHash);
 		
-		delete m_Verifier;
 		m_Verifier = nullptr;
 		
 		return GetFullLen ();
 	}	
 
 	size_t IdentityEx::ToBuffer (uint8_t * buf, size_t len) const
-	{		
+	{
+		const size_t fullLen = GetFullLen();
+		if (fullLen > len) return 0; // buffer is too small and may overflow somewhere else
 		memcpy (buf, &m_StandardIdentity, DEFAULT_IDENTITY_SIZE);
 		if (m_ExtendedLen > 0 && m_ExtendedBuffer)
 			memcpy (buf + DEFAULT_IDENTITY_SIZE, m_ExtendedBuffer, m_ExtendedLen);
-		return GetFullLen ();
+		return fullLen;
 	}
 
 	size_t IdentityEx::FromBase64(const std::string& s)
 	{
-		uint8_t buf[512];
-		auto len = Base64ToByteStream (s.c_str(), s.length(), buf, 512);
-		return FromBuffer (buf, len);
+		const size_t slen = s.length();
+		std::vector<uint8_t> buf(slen); // binary data can't exceed base64
+		const size_t len = Base64ToByteStream (s.c_str(), slen, buf.data(), slen);
+		return FromBuffer (buf.data(), len);
 	}	
-		
+	
+	std::string IdentityEx::ToBase64 () const
+	{
+		const size_t bufLen = GetFullLen();
+		const size_t strLen = Base64EncodingBufferSize(bufLen);
+		std::vector<uint8_t> buf(bufLen);
+		std::vector<char> str(strLen);
+		size_t l = ToBuffer (buf.data(), bufLen);
+		size_t l1 = i2p::data::ByteStreamToBase64 (buf.data(), l, str.data(), strLen);
+		return std::string (str.data(), l1);
+	}
+	
 	size_t IdentityEx::GetSigningPublicKeyLen () const
 	{
 		if (!m_Verifier) CreateVerifier ();
@@ -167,12 +270,20 @@ namespace data
 		return 128;
 	}	
 
+	size_t IdentityEx::GetSigningPrivateKeyLen () const
+	{
+		if (!m_Verifier) CreateVerifier ();
+		if (m_Verifier)	
+			return m_Verifier->GetPrivateKeyLen ();
+		return GetSignatureLen ()/2;
+	}	
+		
 	size_t IdentityEx::GetSignatureLen () const
 	{	
 		if (!m_Verifier) CreateVerifier ();	
 		if (m_Verifier)
 			return m_Verifier->GetSignatureLen ();
-		return 40;
+		return i2p::crypto::DSA_SIGNATURE_LENGTH;
 	}	
 	bool IdentityEx::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const 
 	{
@@ -184,99 +295,267 @@ namespace data
 
 	SigningKeyType IdentityEx::GetSigningKeyType () const
 	{
-		if (m_StandardIdentity.certificate.type == CERTIFICATE_TYPE_KEY && m_ExtendedBuffer)				
-			return be16toh (*(const uint16_t *)m_ExtendedBuffer); // signing key
+		if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedBuffer)				
+			return bufbe16toh (m_ExtendedBuffer); // signing key
 		return SIGNING_KEY_TYPE_DSA_SHA1;
 	}	
+
+	CryptoKeyType IdentityEx::GetCryptoKeyType () const
+	{
+		if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedBuffer)				
+			return bufbe16toh (m_ExtendedBuffer + 2); // crypto key
+		return CRYPTO_KEY_TYPE_ELGAMAL;
+	}	
 		
 	void IdentityEx::CreateVerifier () const 
 	{
+		if (m_Verifier) return; // don't create again
 		auto keyType = GetSigningKeyType ();
 		switch (keyType)
 		{
 			case SIGNING_KEY_TYPE_DSA_SHA1:
-				m_Verifier = new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey);
+				UpdateVerifier (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey));
 			break;
 			case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
-				m_Verifier = new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + 64);
-			break;	
+			{	
+				size_t padding =  128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
+				UpdateVerifier (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding));
+				break;
+			}	
+			case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
+			{	
+				size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96
+				UpdateVerifier (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding));
+				break;
+			}	
+			case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
+			{	
+				uint8_t signingKey[i2p::crypto::ECDSAP521_KEY_LENGTH];
+				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
+				size_t excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132- 128
+				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
+				UpdateVerifier (new i2p::crypto::ECDSAP521Verifier (signingKey));
+				break;
+			}		
+			case SIGNING_KEY_TYPE_RSA_SHA256_2048:
+			{	
+				uint8_t signingKey[i2p::crypto::RSASHA2562048_KEY_LENGTH];
+				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
+				size_t excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256- 128
+				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
+				UpdateVerifier (new i2p::crypto:: RSASHA2562048Verifier (signingKey));
+				break;
+			}	
+			case SIGNING_KEY_TYPE_RSA_SHA384_3072:
+			{	
+				uint8_t signingKey[i2p::crypto::RSASHA3843072_KEY_LENGTH];
+				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
+				size_t excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384- 128
+				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
+				UpdateVerifier (new i2p::crypto:: RSASHA3843072Verifier (signingKey));
+				break;
+			}	
+			case SIGNING_KEY_TYPE_RSA_SHA512_4096:
+			{	
+				uint8_t signingKey[i2p::crypto::RSASHA5124096_KEY_LENGTH];
+				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
+				size_t excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512- 128
+				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
+				UpdateVerifier (new i2p::crypto:: RSASHA5124096Verifier (signingKey));
+				break;
+			}	
+			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
+			{
+				size_t padding =  128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
+				UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
+				break;
+			}	
 			default:
-				LogPrint ("Signing key type ", (int)keyType, " is not supported");
+				LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported");
 		}			
 	}	
-	
+
+	void IdentityEx::UpdateVerifier (i2p::crypto::Verifier * verifier) const
+	{
+		if (!m_Verifier)
+		{
+			auto created = m_IsVerifierCreated.exchange (true);
+			if (!created)
+				m_Verifier.reset (verifier);
+			else
+			{
+				delete verifier;
+				int count = 0;
+				while (!m_Verifier && count < 500) // 5 seconds
+				{	
+					std::this_thread::sleep_for (std::chrono::milliseconds(10)); 
+					count++;
+				}	
+				if (!m_Verifier)
+					LogPrint (eLogError, "Identity: couldn't get verifier in 5 seconds");
+			}
+		}	
+		else
+			delete verifier;
+	}	
+		
+	void IdentityEx::DropVerifier () const
+	{
+		// TODO: potential race condition with Verify
+		m_IsVerifierCreated = false; 
+		m_Verifier = nullptr;
+	}
+
 	PrivateKeys& PrivateKeys::operator=(const Keys& keys)
 	{
-		m_Public = Identity (keys);
+		m_Public = std::make_shared<IdentityEx>(Identity (keys));
 		memcpy (m_PrivateKey, keys.privateKey, 256); // 256 
-		memcpy (m_SigningPrivateKey, keys.signingPrivateKey, 20); // 20 - DSA
-		delete m_Signer;
+		memcpy (m_SigningPrivateKey, keys.signingPrivateKey, m_Public->GetSigningPrivateKeyLen ());
+		m_Signer = nullptr;
 		CreateSigner ();
 		return *this;
 	}
 
 	PrivateKeys& PrivateKeys::operator=(const PrivateKeys& other)
 	{		
-		m_Public = other.m_Public;
+		m_Public = std::make_shared<IdentityEx>(*other.m_Public);
 		memcpy (m_PrivateKey, other.m_PrivateKey, 256); // 256 
-		memcpy (m_SigningPrivateKey, other.m_SigningPrivateKey, 128); // 128
-		delete m_Signer;
+		memcpy (m_SigningPrivateKey, other.m_SigningPrivateKey, m_Public->GetSigningPrivateKeyLen ()); 
+		m_Signer = nullptr;
 		CreateSigner ();
 		return *this;
 	}	
 		
 	size_t PrivateKeys::FromBuffer (const uint8_t * buf, size_t len)
 	{
-		size_t ret = m_Public.FromBuffer (buf, len);
+		m_Public = std::make_shared<IdentityEx>(buf, len);
+		size_t ret = m_Public->GetFullLen ();
 		memcpy (m_PrivateKey, buf + ret, 256); // private key always 256
 		ret += 256;
-		size_t signingPrivateKeySize = m_Public.GetSignatureLen ()/2; // 20 for DSA
+		size_t signingPrivateKeySize = m_Public->GetSigningPrivateKeyLen ();
+		if(signingPrivateKeySize + ret > len) return 0; // overflow
 		memcpy (m_SigningPrivateKey, buf + ret, signingPrivateKeySize); 
 		ret += signingPrivateKeySize;
-		delete m_Signer;
+		m_Signer = nullptr;
 		CreateSigner ();
 		return ret;
 	}
 		
 	size_t PrivateKeys::ToBuffer (uint8_t * buf, size_t len) const
 	{
-		size_t ret = m_Public.ToBuffer (buf, len);
+		size_t ret = m_Public->ToBuffer (buf, len);
 		memcpy (buf + ret, m_PrivateKey, 256); // private key always 256
 		ret += 256;
-		size_t signingPrivateKeySize = m_Public.GetSignatureLen ()/2; // 20 for DSA
+		size_t signingPrivateKeySize = m_Public->GetSigningPrivateKeyLen ();
+		if(ret + signingPrivateKeySize > len) return 0; // overflow
 		memcpy (buf + ret, m_SigningPrivateKey, signingPrivateKeySize); 
 		ret += signingPrivateKeySize;
 		return ret;
 	}	
 
+	size_t PrivateKeys::FromBase64(const std::string& s)
+	{
+		uint8_t * buf = new uint8_t[s.length ()];
+		size_t l = i2p::data::Base64ToByteStream (s.c_str (), s.length (), buf, s.length ());
+		size_t ret = FromBuffer (buf, l);
+		delete[] buf;
+		return ret;
+	}	
+	
+	std::string PrivateKeys::ToBase64 () const
+	{
+		uint8_t * buf = new uint8_t[GetFullLen ()];
+		char * str = new char[GetFullLen ()*2];
+		size_t l = ToBuffer (buf, GetFullLen ());
+		size_t l1 = i2p::data::ByteStreamToBase64 (buf, l, str, GetFullLen ()*2);
+		str[l1] = 0;
+		delete[] buf;
+		std::string ret(str);
+		delete[] str;
+		return ret;
+	}
+
 	void PrivateKeys::Sign (const uint8_t * buf, int len, uint8_t * signature) const
 	{
-		if (m_Signer)
-			m_Signer->Sign (i2p::context.GetRandomNumberGenerator (), buf, len, signature);
+		if (!m_Signer)
+  			CreateSigner();
+		m_Signer->Sign (buf, len, signature);
 	}			
 
-	void PrivateKeys::CreateSigner ()
+	void PrivateKeys::CreateSigner () const
 	{
-		if (m_Public.GetSigningKeyType () == SIGNING_KEY_TYPE_ECDSA_SHA256_P256)
-			m_Signer = new i2p::crypto::ECDSAP256Signer (m_SigningPrivateKey);
-		else
-			m_Signer = new i2p::crypto::DSASigner (m_SigningPrivateKey);
+		if (m_Signer) return;
+		switch (m_Public->GetSigningKeyType ())
+		{	
+			case SIGNING_KEY_TYPE_DSA_SHA1:
+				m_Signer.reset (new i2p::crypto::DSASigner (m_SigningPrivateKey, m_Public->GetStandardIdentity ().signingKey));
+			break;	
+			case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
+				m_Signer.reset (new i2p::crypto::ECDSAP256Signer (m_SigningPrivateKey));
+			break;
+			case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
+				m_Signer.reset (new i2p::crypto::ECDSAP384Signer (m_SigningPrivateKey));
+			break;	
+			case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
+				m_Signer.reset (new i2p::crypto::ECDSAP521Signer (m_SigningPrivateKey));
+			break;	
+			case SIGNING_KEY_TYPE_RSA_SHA256_2048:
+				m_Signer.reset (new i2p::crypto::RSASHA2562048Signer (m_SigningPrivateKey));
+			break;
+			case SIGNING_KEY_TYPE_RSA_SHA384_3072:
+				m_Signer.reset (new i2p::crypto::RSASHA3843072Signer (m_SigningPrivateKey));
+			break;
+			case SIGNING_KEY_TYPE_RSA_SHA512_4096:
+				m_Signer.reset (new i2p::crypto::RSASHA5124096Signer (m_SigningPrivateKey));
+			break;	
+			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
+				m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH));
+			break;
+			default:
+				LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported");
+		}
 	}	
 		
 	PrivateKeys PrivateKeys::CreateRandomKeys (SigningKeyType type)
 	{
-		if (type == SIGNING_KEY_TYPE_ECDSA_SHA256_P256)
+		if (type != SIGNING_KEY_TYPE_DSA_SHA1)
 		{
 			PrivateKeys keys;
-			auto& rnd = i2p::context.GetRandomNumberGenerator ();
+			// signature
+			uint8_t signingPublicKey[512]; // signing public key is 512 bytes max 
+			switch (type)
+			{	
+				case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
+					i2p::crypto::CreateECDSAP256RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
+				break;	
+				case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
+					i2p::crypto::CreateECDSAP384RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);	
+				break;
+				case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
+					i2p::crypto::CreateECDSAP521RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);	
+				break;	
+				case SIGNING_KEY_TYPE_RSA_SHA256_2048:
+					i2p::crypto::CreateRSARandomKeys (i2p::crypto::RSASHA2562048_KEY_LENGTH, keys.m_SigningPrivateKey, signingPublicKey);	
+				break;
+				case SIGNING_KEY_TYPE_RSA_SHA384_3072:
+					i2p::crypto::CreateRSARandomKeys (i2p::crypto::RSASHA3843072_KEY_LENGTH, keys.m_SigningPrivateKey, signingPublicKey);	
+				break;
+				case SIGNING_KEY_TYPE_RSA_SHA512_4096:
+					i2p::crypto::CreateRSARandomKeys (i2p::crypto::RSASHA5124096_KEY_LENGTH, keys.m_SigningPrivateKey, signingPublicKey);	
+				break;	
+				case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
+					i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
+				break;
+				default:
+					LogPrint (eLogError, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1");
+					return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
+			}	
 			// encryption
 			uint8_t publicKey[256];
-			CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
-			dh.GenerateKeyPair(rnd, keys.m_PrivateKey, publicKey);
-			// signature
-			uint8_t signingPublicKey[64];
-			i2p::crypto::CreateECDSAP256RandomKeys (rnd, keys.m_SigningPrivateKey, signingPublicKey);
-			keys.m_Public = IdentityEx (publicKey, signingPublicKey, SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
+			i2p::crypto::GenerateElGamalKeyPair (keys.m_PrivateKey, publicKey);
+			// identity
+			keys.m_Public = std::make_shared<IdentityEx> (publicKey, signingPublicKey, type);
+
 			keys.CreateSigner ();
 			return keys;
 		}	
@@ -286,12 +565,10 @@ namespace data
 	Keys CreateRandomKeys ()
 	{
 		Keys keys;		
-		auto& rnd = i2p::context.GetRandomNumberGenerator ();
 		// encryption
-		CryptoPP::DH dh (i2p::crypto::elgp, i2p::crypto::elgg);
-		dh.GenerateKeyPair(rnd, keys.privateKey, keys.publicKey);
+		i2p::crypto::GenerateElGamalKeyPair(keys.privateKey, keys.publicKey);
 		// signing
-		i2p::crypto::CreateDSARandomKeys (rnd, keys.signingPrivateKey, keys.signingKey);	
+		i2p::crypto::CreateDSARandomKeys (keys.signingPrivateKey, keys.signingKey);	
 		return keys;
 	}	
 
@@ -309,18 +586,32 @@ namespace data
 		sprintf((char *)(buf + 32), "%04i%02i%02i", tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday);
 #endif		
 		IdentHash key;
-		CryptoPP::SHA256().CalculateDigest((uint8_t *)key, buf, 40);
+		SHA256(buf, 40, key);
 		return key;
 	}	
 	
 	XORMetric operator^(const IdentHash& key1, const IdentHash& key2)
 	{
 		XORMetric m;
+#if defined(__AVX__) // for AVX
+		__asm__
+		(
+			"vmovups %1, %%ymm0 \n"	
+			"vmovups %2, %%ymm1 \n"	
+			"vxorps %%ymm0, %%ymm1, %%ymm1 \n"
+			"vmovups %%ymm1, %0 \n"
+			: "=m"(*m.metric) 
+			: "m"(*key1), "m"(*key2)
+			: "memory", "%xmm0", "%xmm1" // should be replaced by %ymm0/1 once supported by compiler
+		);			
+#else
 		const uint64_t * hash1 = key1.GetLL (), * hash2 = key2.GetLL ();
 		m.metric_ll[0] = hash1[0] ^ hash2[0];
 		m.metric_ll[1] = hash1[1] ^ hash2[1];
 		m.metric_ll[2] = hash1[2] ^ hash2[2];
 		m.metric_ll[3] = hash1[3] ^ hash2[3];
+#endif
+
 		return m;
 	}	
 }

Identity.h

@@ -4,69 +4,21 @@
 #include <inttypes.h>
 #include <string.h>
 #include <string>
-#include "base64.h"
-#include "ElGamal.h"
+#include <memory>
+#include <atomic>
+#include "Base.h"
 #include "Signature.h"
 
 namespace i2p
 {
 namespace data
 {
-	template<int sz>
-	class Tag
-	{
-		public:
-
-			Tag (const uint8_t * buf) { memcpy (m_Buf, buf, sz); };
-			Tag (const Tag<sz>& ) = default;
-#ifndef _WIN32 // FIXME!!! msvs 2013 can't compile it
-			Tag (Tag<sz>&& ) = default;
-#endif
-			Tag () = default;
-			
-			Tag<sz>& operator= (const Tag<sz>& ) = default;
-#ifndef _WIN32
-			Tag<sz>& operator= (Tag<sz>&& ) = default;
-#endif
-			
-			uint8_t * operator()() { return m_Buf; };
-			const uint8_t * operator()() const { return m_Buf; };
-
-			operator uint8_t * () { return m_Buf; };
-			operator const uint8_t * () const { return m_Buf; };
-			
-			const uint64_t * GetLL () const { return ll; };
-
-			bool operator== (const Tag<sz>& other) const { return !memcmp (m_Buf, other.m_Buf, sz); };
-			bool operator< (const Tag<sz>& other) const { return memcmp (m_Buf, other.m_Buf, sz) < 0; };
-
-			std::string ToBase64 () const
-			{
-				char str[sz*2];
-				int l = i2p::data::ByteStreamToBase64 (m_Buf, sz, str, sz*2);
-				str[l] = 0;
-				return std::string (str);
-			}
-
-			std::string ToBase32 () const
-			{
-				char str[sz*2];
-				int l = i2p::data::ByteStreamToBase32 (m_Buf, sz, str, sz*2);
-				str[l] = 0;
-				return std::string (str);
-			}	
-
-		private:
-
-			union // 8 bytes alignment
-			{	
-				uint8_t m_Buf[sz];
-				uint64_t ll[sz/8];
-			};		
-	};	
 	typedef Tag<32> IdentHash;
+	inline std::string GetIdentHashAbbreviation (const IdentHash& ident) 
+	{ 
+		return ident.ToBase64 ().substr (0, 4); 
+	}
 
-#pragma pack(1)
 	struct Keys
 	{
 		uint8_t privateKey[256];
@@ -86,11 +38,7 @@ namespace data
 	{
 		uint8_t publicKey[256];
 		uint8_t signingKey[128];
-		struct
-		{
-			uint8_t type;
-			uint16_t length;
-		} certificate;	
+		uint8_t certificate[3];	// byte 1 - type, bytes 2-3 - length
 
 		Identity () = default;
 		Identity (const Keys& keys) { *this = keys; };
@@ -98,15 +46,22 @@ namespace data
 		size_t FromBuffer (const uint8_t * buf, size_t len);
 		IdentHash Hash () const;
 	};
-#pragma pack()
+
 	Keys CreateRandomKeys ();
 	
 	const size_t DEFAULT_IDENTITY_SIZE = sizeof (Identity); // 387 bytes
-
+	
 	const uint16_t CRYPTO_KEY_TYPE_ELGAMAL = 0;
 	const uint16_t SIGNING_KEY_TYPE_DSA_SHA1 = 0;
 	const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA256_P256 = 1;
+	const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA384_P384 = 2;
+	const uint16_t SIGNING_KEY_TYPE_ECDSA_SHA512_P521 = 3;
+	const uint16_t SIGNING_KEY_TYPE_RSA_SHA256_2048 = 4;
+	const uint16_t SIGNING_KEY_TYPE_RSA_SHA384_3072 = 5;
+	const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6;
+	const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 = 7;
 	typedef uint16_t SigningKeyType;
+	typedef uint16_t CryptoKeyType;	
 	
 	class IdentityEx
 	{
@@ -117,30 +72,40 @@ namespace data
 				SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1);
 			IdentityEx (const uint8_t * buf, size_t len);
 			IdentityEx (const IdentityEx& other);
+			IdentityEx (const Identity& standard);
 			~IdentityEx ();
 			IdentityEx& operator=(const IdentityEx& other);
 			IdentityEx& operator=(const Identity& standard);
 
-			size_t FromBase64(const std::string& s);
 			size_t FromBuffer (const uint8_t * buf, size_t len);
 			size_t ToBuffer (uint8_t * buf, size_t len) const;
+			size_t FromBase64(const std::string& s);
+			std::string ToBase64 () const;
 			const Identity& GetStandardIdentity () const { return m_StandardIdentity; };
 			const IdentHash& GetIdentHash () const { return m_IdentHash; };
+			const uint8_t * GetEncryptionPublicKey () const { return m_StandardIdentity.publicKey; };
 			size_t GetFullLen () const { return m_ExtendedLen + DEFAULT_IDENTITY_SIZE; };
 			size_t GetSigningPublicKeyLen () const;
+			size_t GetSigningPrivateKeyLen () const;
 			size_t GetSignatureLen () const;
 			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
 			SigningKeyType GetSigningKeyType () const;
-			
+			CryptoKeyType GetCryptoKeyType () const;
+			void DropVerifier () const; // to save memory			
+
+      bool operator == (const IdentityEx & other) const { return GetIdentHash() == other.GetIdentHash(); }
+      
 		private:
 
 			void CreateVerifier () const;
+			void UpdateVerifier (i2p::crypto::Verifier * verifier) const;
 			
 		private:
 
 			Identity m_StandardIdentity;
 			IdentHash m_IdentHash;
-			mutable i2p::crypto::Verifier * m_Verifier; 
+			mutable std::unique_ptr<i2p::crypto::Verifier> m_Verifier; 
+			mutable std::atomic_bool m_IsVerifierCreated; // make sure we don't create twice
 			size_t m_ExtendedLen;
 			uint8_t * m_ExtendedBuffer;
 	};	
@@ -149,34 +114,37 @@ namespace data
 	{
 		public:
 			
-			PrivateKeys (): m_Signer (nullptr) {};
-			PrivateKeys (const PrivateKeys& other): m_Signer (nullptr) { *this = other; };
-			PrivateKeys (const Keys& keys): m_Signer (nullptr) { *this = keys; };
+			PrivateKeys () = default;
+			PrivateKeys (const PrivateKeys& other) { *this = other; };
+			PrivateKeys (const Keys& keys) { *this = keys; };
 			PrivateKeys& operator=(const Keys& keys);
 			PrivateKeys& operator=(const PrivateKeys& other);
-			~PrivateKeys () { delete m_Signer; };
+			~PrivateKeys () = default;
 			
-			const IdentityEx& GetPublic () const { return m_Public; };
+			std::shared_ptr<const IdentityEx> GetPublic () const { return m_Public; };
 			const uint8_t * GetPrivateKey () const { return m_PrivateKey; };
 			const uint8_t * GetSigningPrivateKey () const { return m_SigningPrivateKey; };
 			void Sign (const uint8_t * buf, int len, uint8_t * signature) const;
 
-			size_t GetFullLen () const { return m_Public.GetFullLen () + 256 + m_Public.GetSignatureLen ()/2; };			
+			size_t GetFullLen () const { return m_Public->GetFullLen () + 256 + m_Public->GetSigningPrivateKeyLen (); }; 		
 			size_t FromBuffer (const uint8_t * buf, size_t len);
 			size_t ToBuffer (uint8_t * buf, size_t len) const;
 
+			size_t FromBase64(const std::string& s);
+			std::string ToBase64 () const;
+
 			static PrivateKeys CreateRandomKeys (SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1);
 	
 		private:
 
-			void CreateSigner ();
+			void CreateSigner () const;
 			
 		private:
 
-			IdentityEx m_Public;
+			std::shared_ptr<IdentityEx> m_Public;
 			uint8_t m_PrivateKey[256];
-			uint8_t m_SigningPrivateKey[128]; // assume private key doesn't exceed 128 bytes
-			i2p::crypto::Signer * m_Signer;
+			uint8_t m_SigningPrivateKey[1024]; // assume private key doesn't exceed 1024 bytes
+			mutable std::unique_ptr<i2p::crypto::Signer> m_Signer;
 	};
 
 	// kademlia
@@ -201,23 +169,12 @@ namespace data
 	{
 		public:
 
-			RoutingDestination (): m_ElGamalEncryption (nullptr) {};
-			virtual ~RoutingDestination () { delete m_ElGamalEncryption; };
+			RoutingDestination () {};
+			virtual ~RoutingDestination () {};
 			
 			virtual const IdentHash& GetIdentHash () const = 0;
 			virtual const uint8_t * GetEncryptionPublicKey () const = 0;
 			virtual bool IsDestination () const = 0; // for garlic 
-
-			i2p::crypto::ElGamalEncryption * GetElGamalEncryption () const
-			{
-				if (!m_ElGamalEncryption)
-					m_ElGamalEncryption = new i2p::crypto::ElGamalEncryption (GetEncryptionPublicKey ());
-				return m_ElGamalEncryption;
-			}
-			
-		private:
-
-			mutable i2p::crypto::ElGamalEncryption * m_ElGamalEncryption; // use lazy initialization
 	};	
 
 	class LocalDestination 
@@ -225,16 +182,10 @@ namespace data
 		public:
 
 			virtual ~LocalDestination() {};
-			virtual const PrivateKeys& GetPrivateKeys () const = 0;
 			virtual const uint8_t * GetEncryptionPrivateKey () const = 0; 
-			virtual const uint8_t * GetEncryptionPublicKey () const = 0; 
+			virtual std::shared_ptr<const IdentityEx> GetIdentity () const = 0;
 
-			const IdentityEx& GetIdentity () const { return GetPrivateKeys ().GetPublic (); };
-			const IdentHash& GetIdentHash () const { return GetIdentity ().GetIdentHash (); };  
-			void Sign (const uint8_t * buf, int len, uint8_t * signature) const 
-			{ 
-				GetPrivateKeys ().Sign (buf, len, signature); 
-			};
+			const IdentHash& GetIdentHash () const { return GetIdentity ()->GetIdentHash (); };  
 	};	
 }
 }

LICENSE

@@ -1,339 +1,27 @@
-GNU GENERAL PUBLIC LICENSE
-                       Version 2, June 1991
+Copyright (c) 2013-2015, The PurpleI2P Project
 
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
+All rights reserved.
 
-                            Preamble
+Redistribution and use in source and binary forms, with or without modification, are
+permitted provided that the following conditions are met:
 
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
-your programs, too.
+1. Redistributions of source code must retain the above copyright notice, this list of
+conditions and the following disclaimer.
 
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
+2. Redistributions in binary form must reproduce the above copyright notice, this list of
+conditions and the following disclaimer in the documentation and/or other materials
+provided with the distribution.
 
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
+3. Neither the name of the copyright holder nor the names of its contributors may be used
+to endorse or promote products derived from this software without specific prior written
+permission.
 
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-                            NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    i2p router for Linux written on C++
-    Copyright (C) 2013  orignal
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  {signature of Ty Coon}, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

LeaseSet.cpp

@@ -1,10 +1,10 @@
+#include <string.h>
 #include "I2PEndian.h"
-#include <cryptopp/dsa.h>
-#include "CryptoConst.h"
+#include "Crypto.h"
 #include "Log.h"
 #include "Timestamp.h"
 #include "NetDb.h"
-#include "TunnelPool.h"
+#include "Tunnel.h"
 #include "LeaseSet.h"
 
 namespace i2p
@@ -12,111 +12,251 @@ namespace i2p
 namespace data
 {
 	
-	LeaseSet::LeaseSet (const uint8_t * buf, int len)
+	LeaseSet::LeaseSet (const uint8_t * buf, size_t len, bool storeLeases):
+		m_IsValid (true), m_StoreLeases (storeLeases), m_ExpirationTime (0)
 	{
+		m_Buffer = new uint8_t[len];
 		memcpy (m_Buffer, buf, len);
 		m_BufferLen = len;
 		ReadFromBuffer ();
 	}
 
-	LeaseSet::LeaseSet (const i2p::tunnel::TunnelPool& pool)
+	void LeaseSet::Update (const uint8_t * buf, size_t len)
 	{	
-		// header
-		const i2p::data::LocalDestination& localDestination = pool.GetLocalDestination ();
-		m_BufferLen = localDestination.GetIdentity ().ToBuffer (m_Buffer, MAX_LS_BUFFER_SIZE);
-		memcpy (m_Buffer + m_BufferLen, localDestination.GetEncryptionPublicKey (), 256);
-		m_BufferLen += 256;
-		auto signingKeyLen = localDestination.GetIdentity ().GetSigningPublicKeyLen ();
-		memset (m_Buffer + m_BufferLen, 0, signingKeyLen);
-		m_BufferLen += signingKeyLen;
-		auto tunnels = pool.GetInboundTunnels (5); // 5 tunnels maximum
-		m_Buffer[m_BufferLen] = tunnels.size (); // num leases
-		m_BufferLen++;
-		// leases
-		for (auto it: tunnels)
-		{	
-			Lease * lease = (Lease *)(m_Buffer + m_BufferLen);
-			memcpy (lease->tunnelGateway, it->GetNextIdentHash (), 32);
-			lease->tunnelID = htobe32 (it->GetNextTunnelID ());
-			uint64_t ts = it->GetCreationTime () + i2p::tunnel::TUNNEL_EXPIRATION_TIMEOUT - 60; // 1 minute before expiration
-			ts *= 1000; // in milliseconds
-			lease->endDate = htobe64 (ts);
-			m_BufferLen += sizeof (Lease);
+		if (len > m_BufferLen)
+		{
+			auto oldBuffer = m_Buffer;
+			m_Buffer = new uint8_t[len];
+			delete[] oldBuffer;
 		}	
-		// signature
-		localDestination.Sign (m_Buffer, m_BufferLen, m_Buffer + m_BufferLen);
-		m_BufferLen += localDestination.GetIdentity ().GetSignatureLen (); 
-		LogPrint ("Local LeaseSet of ", tunnels.size (), " leases created");
-
-		ReadFromBuffer ();
-	}
-
-	void LeaseSet::Update (const uint8_t * buf, int len)
-	{	
-		m_Leases.clear ();
 		memcpy (m_Buffer, buf, len);
 		m_BufferLen = len;
-		ReadFromBuffer ();
+		ReadFromBuffer (false);
 	}
-	
-	void LeaseSet::ReadFromBuffer ()	
+
+	void LeaseSet::PopulateLeases ()
+	{
+		m_StoreLeases = true;
+		ReadFromBuffer (false);
+	}	
+		
+	void LeaseSet::ReadFromBuffer (bool readIdentity)	
 	{	
-		size_t size = m_Identity.FromBuffer (m_Buffer, m_BufferLen);
+		if (readIdentity || !m_Identity)
+			m_Identity = std::make_shared<IdentityEx>(m_Buffer, m_BufferLen);
+		size_t size = m_Identity->GetFullLen ();
+		if (size > m_BufferLen)
+		{
+			LogPrint (eLogError, "LeaseSet: identity length ", size, " exceeds buffer size ", m_BufferLen);
+			m_IsValid = false;
+			return;
+		}
 		memcpy (m_EncryptionKey, m_Buffer + size, 256);
 		size += 256; // encryption key
-		size += m_Identity.GetSigningPublicKeyLen (); // unused signing key
+		size += m_Identity->GetSigningPublicKeyLen (); // unused signing key
 		uint8_t num = m_Buffer[size];
 		size++; // num
-		LogPrint ("LeaseSet num=", (int)num);
+		LogPrint (eLogDebug, "LeaseSet: read num=", (int)num);
+		if (!num || num > MAX_NUM_LEASES)
+		{	  
+			LogPrint (eLogError, "LeaseSet: incorrect number of leases", (int)num);
+			m_IsValid = false;
+			return;
+		}	
+
+		// reset existing leases
+		if (m_StoreLeases)
+			for (auto& it: m_Leases)
+				it->isUpdated = false;
+		else	
+			m_Leases.clear ();
 
 		// process leases
+		m_ExpirationTime = 0;
+		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 		const uint8_t * leases = m_Buffer + size;
 		for (int i = 0; i < num; i++)
 		{
-			Lease lease = *(Lease *)leases;
-			lease.tunnelID = be32toh (lease.tunnelID);
-			lease.endDate = be64toh (lease.endDate);
-			m_Leases.push_back (lease);
-			leases += sizeof (Lease);
-
-			// check if lease's gateway is in our netDb
-			if (!netdb.FindRouter (lease.tunnelGateway))
-			{
-				// if not found request it
-				LogPrint ("Lease's tunnel gateway not found. Requested");
-				netdb.RequestDestination (lease.tunnelGateway);
-			}	
+			Lease lease;
+			lease.tunnelGateway = leases;
+			leases += 32; // gateway
+			lease.tunnelID = bufbe32toh (leases);
+			leases += 4; // tunnel ID
+			lease.endDate = bufbe64toh (leases); 
+			leases += 8; // end date
+			if (ts < lease.endDate + LEASE_ENDDATE_THRESHOLD)
+			{	
+				if (lease.endDate > m_ExpirationTime)
+					m_ExpirationTime = lease.endDate;
+				if (m_StoreLeases)
+				{	
+					auto ret = m_Leases.insert (std::make_shared<Lease>(lease));
+					if (!ret.second) (*ret.first)->endDate = lease.endDate; // update existing
+					(*ret.first)->isUpdated = true;
+					// check if lease's gateway is in our netDb
+					if (!netdb.FindRouter (lease.tunnelGateway))
+					{
+						// if not found request it
+						LogPrint (eLogInfo, "LeaseSet: Lease's tunnel gateway not found, requesting");
+						netdb.RequestDestination (lease.tunnelGateway);
+					}
+				}	
+			}
+			else
+				LogPrint (eLogWarning, "LeaseSet: Lease is expired already ");
 		}	
-		
+		if (!m_ExpirationTime)
+		{
+			LogPrint (eLogWarning, "LeaseSet: all leases are expired. Dropped");
+			m_IsValid = false;
+			return;
+		}	
+		m_ExpirationTime += LEASE_ENDDATE_THRESHOLD;
+		// delete old leases	
+		if (m_StoreLeases)
+		{	
+			for (auto it = m_Leases.begin (); it != m_Leases.end ();)
+			{	
+				if (!(*it)->isUpdated)
+				{
+					(*it)->endDate = 0; // somebody might still hold it
+					m_Leases.erase (it++);
+				}	
+				else
+					++it;
+			}
+		}
+
 		// verify
-		if (!m_Identity.Verify (m_Buffer, leases - m_Buffer, leases))
-			LogPrint ("LeaseSet verification failed");
+		if (!m_Identity->Verify (m_Buffer, leases - m_Buffer, leases))
+		{
+			LogPrint (eLogWarning, "LeaseSet: verification failed");
+			m_IsValid = false;
+		}
 	}				
-	
-	const std::vector<Lease> LeaseSet::GetNonExpiredLeases () const
+
+	uint64_t LeaseSet::ExtractTimestamp (const uint8_t * buf, size_t len) const 
+	{
+		if (!m_Identity) return 0;
+		size_t size = m_Identity->GetFullLen ();
+		if (size > len) return 0;
+		size += 256; // encryption key
+		size += m_Identity->GetSigningPublicKeyLen (); // unused signing key
+		if (size > len) return 0;
+		uint8_t num = buf[size];
+		size++; // num
+		if (size + num*LEASE_SIZE > len) return 0;
+		uint64_t timestamp= 0 ;
+		for (int i = 0; i < num; i++)
+		{
+			size += 36; // gateway (32) + tunnelId(4)
+			auto endDate = bufbe64toh (buf + size); 
+			size += 8; // end date
+			if (!timestamp || endDate < timestamp)
+				timestamp = endDate;
+		}	
+		return timestamp;
+	}	
+
+	bool LeaseSet::IsNewer (const uint8_t * buf, size_t len) const
+	{
+		return ExtractTimestamp (buf, len) > ExtractTimestamp (m_Buffer, m_BufferLen);
+	}	
+
+	bool LeaseSet::ExpiresSoon(const uint64_t dlt, const uint64_t fudge) const
+	{
+		auto now = i2p::util::GetMillisecondsSinceEpoch ();
+		if (fudge) now += rand() % fudge;
+		if (now >= m_ExpirationTime) return true;
+		return	m_ExpirationTime - now <= dlt;
+	}
+
+  const std::vector<std::shared_ptr<const Lease> > LeaseSet::GetNonExpiredLeases (bool withThreshold) const
+  {
+    return GetNonExpiredLeasesExcluding( [] (const Lease & l) -> bool { return false; }, withThreshold);
+  }
+  
+	const std::vector<std::shared_ptr<const Lease> > LeaseSet::GetNonExpiredLeasesExcluding (LeaseInspectFunc exclude, bool withThreshold) const
 	{
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
-		std::vector<Lease> leases;
-		for (auto& it: m_Leases)
-			if (ts < it.endDate)
+		std::vector<std::shared_ptr<const Lease> > leases;
+		for (const auto& it: m_Leases)
+		{
+			auto endDate = it->endDate;
+			if (withThreshold)
+				endDate += LEASE_ENDDATE_THRESHOLD;
+			else
+				endDate -= LEASE_ENDDATE_THRESHOLD;
+			if (ts < endDate && !exclude(*it))
 				leases.push_back (it);
+		}	
 		return leases;	
 	}	
 
 	bool LeaseSet::HasExpiredLeases () const
-	{
+ 	{
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
-		for (auto& it: m_Leases)
-			if (ts >= it.endDate) return true;
+		for (const auto& it: m_Leases)
+			if (ts >= it->endDate) return true;
 		return false;
-	}	
+ 	}	
 
-	bool LeaseSet::HasNonExpiredLeases () const
+	bool LeaseSet::IsExpired () const
+	{
+		if (m_StoreLeases && IsEmpty ()) return true;
+		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+		return ts > m_ExpirationTime;
+	}
+
+	LocalLeaseSet::LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * encryptionPublicKey, std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels):
+		m_ExpirationTime (0), m_Identity (identity)
+	{
+		int num = tunnels.size ();
+		if (num > MAX_NUM_LEASES) num = MAX_NUM_LEASES;
+		// identity
+		auto signingKeyLen = m_Identity->GetSigningPublicKeyLen ();
+		m_BufferLen = m_Identity->GetFullLen () + 256 + signingKeyLen + 1 + num*LEASE_SIZE + m_Identity->GetSignatureLen ();	
+		m_Buffer = new uint8_t[m_BufferLen];	
+		auto offset = m_Identity->ToBuffer (m_Buffer, m_BufferLen);
+		memcpy (m_Buffer + offset, encryptionPublicKey, 256);
+		offset += 256;
+		memset (m_Buffer + offset, 0, signingKeyLen);
+		offset += signingKeyLen;
+		// num leases
+		m_Buffer[offset] = num; 
+		offset++;
+		// leases
+		m_Leases = m_Buffer + offset;
+		auto currentTime = i2p::util::GetMillisecondsSinceEpoch ();
+		for (int i = 0; i < num; i++)
+		{
+			memcpy (m_Buffer + offset, tunnels[i]->GetNextIdentHash (), 32);
+			offset += 32; // gateway id
+			htobe32buf (m_Buffer + offset, tunnels[i]->GetNextTunnelID ());
+			offset += 4; // tunnel id
+			uint64_t ts = tunnels[i]->GetCreationTime () + i2p::tunnel::TUNNEL_EXPIRATION_TIMEOUT - i2p::tunnel::TUNNEL_EXPIRATION_THRESHOLD; // 1 minute before expiration
+			ts *= 1000; // in milliseconds
+			if (ts > m_ExpirationTime) m_ExpirationTime = ts;
+			// make sure leaseset is newer than previous, but adding some time to expiration date
+			ts += (currentTime - tunnels[i]->GetCreationTime ()*1000LL)*2/i2p::tunnel::TUNNEL_EXPIRATION_TIMEOUT; // up to 2 secs
+			htobe64buf (m_Buffer + offset, ts);
+			offset += 8; // end date
+		}
+		//  we don't sign it yet. must be signed later on
+	}
+
+	LocalLeaseSet::LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * buf, size_t len):
+		m_ExpirationTime (0), m_Identity (identity)
+	{
+		m_BufferLen = len;
+		m_Buffer = new uint8_t[m_BufferLen];
+		memcpy (m_Buffer, buf, len);		
+	}
+
+	bool LocalLeaseSet::IsExpired () const
 	{
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
-		for (auto& it: m_Leases)
-			if (ts < it.endDate) return true;
-		return false;
+		return ts > m_ExpirationTime;
 	}	
 }		
 }	

LeaseSet.h

@@ -4,74 +4,126 @@
 #include <inttypes.h>
 #include <string.h>
 #include <vector>
+#include <set>
+#include <memory>
 #include "Identity.h"
+#include "Timestamp.h"
 
 namespace i2p
 {
 
 namespace tunnel
 {
-	class TunnelPool;
+	class InboundTunnel;	
 }
 
 namespace data
 {	
-	
-#pragma pack(1)
-
+	const int LEASE_ENDDATE_THRESHOLD = 51000; // in milliseconds
 	struct Lease
 	{
-		uint8_t tunnelGateway[32];
+		IdentHash tunnelGateway;
 		uint32_t tunnelID;
-		uint64_t endDate;
-
-		bool operator< (const Lease& other) const 
-		{
-			if (endDate != other.endDate)
-				return endDate > other.endDate;
-			else
-				return tunnelID < other.tunnelID; 
-		}	
+		uint64_t endDate; // 0 means invalid
+		bool isUpdated; // trasient
+		/* return true if this lease expires within t millisecond + fudge factor */
+		bool ExpiresWithin( const uint64_t t, const uint64_t fudge = 1000 ) const {
+			auto expire = i2p::util::GetMillisecondsSinceEpoch ();
+			if(fudge) expire += rand() % fudge;
+			return endDate - expire >= t;
+		}
 	};	
-	
-#pragma pack()	
 
-	const int MAX_LS_BUFFER_SIZE = 2048;	
+	struct LeaseCmp
+	{
+		bool operator() (std::shared_ptr<const Lease> l1, std::shared_ptr<const Lease> l2) const
+  		{	
+			if (l1->tunnelID != l2->tunnelID)
+				return l1->tunnelID < l2->tunnelID; 
+			else
+				return l1->tunnelGateway < l2->tunnelGateway; 
+		};
+	};	
+
+  typedef std::function<bool(const Lease & l)> LeaseInspectFunc;
+  
+	const size_t MAX_LS_BUFFER_SIZE = 3072;
+	const size_t LEASE_SIZE = 44; // 32 + 4 + 8
+	const uint8_t MAX_NUM_LEASES = 16;		
 	class LeaseSet: public RoutingDestination
 	{
 		public:
 
-			LeaseSet (const uint8_t * buf, int len);
-			LeaseSet (const LeaseSet& ) = default;
-			LeaseSet (const i2p::tunnel::TunnelPool& pool);
-			LeaseSet& operator=(const LeaseSet& ) = default;
-			void Update (const uint8_t * buf, int len);
-			const IdentityEx& GetIdentity () const { return m_Identity; };			
+			LeaseSet (const uint8_t * buf, size_t len, bool storeLeases = true);
+			~LeaseSet () { delete[] m_Buffer; };
+			void Update (const uint8_t * buf, size_t len);
+			bool IsNewer (const uint8_t * buf, size_t len) const;
+			void PopulateLeases (); // from buffer
+			std::shared_ptr<const IdentityEx> GetIdentity () const { return m_Identity; };			
 
 			const uint8_t * GetBuffer () const { return m_Buffer; };
 			size_t GetBufferLen () const { return m_BufferLen; };	
+			bool IsValid () const { return m_IsValid; };
+			const std::vector<std::shared_ptr<const Lease> > GetNonExpiredLeases (bool withThreshold = true) const;
+      const std::vector<std::shared_ptr<const Lease> > GetNonExpiredLeasesExcluding (LeaseInspectFunc exclude, bool withThreshold = true)  const;
+			bool HasExpiredLeases () const;
+			bool IsExpired () const;
+			bool IsEmpty () const { return m_Leases.empty (); };
+			uint64_t GetExpirationTime () const { return m_ExpirationTime; };
+			bool ExpiresSoon(const uint64_t dlt=1000 * 5, const uint64_t fudge = 0) const ;
+			bool operator== (const LeaseSet& other) const 
+			{ return m_BufferLen == other.m_BufferLen && !memcmp (m_Buffer, other.m_Buffer, m_BufferLen); }; 
 
 			// implements RoutingDestination
-			const IdentHash& GetIdentHash () const { return m_Identity.GetIdentHash (); };
-			const std::vector<Lease>& GetLeases () const { return m_Leases; };
-			const std::vector<Lease> GetNonExpiredLeases () const;
-			bool HasExpiredLeases () const;
-			bool HasNonExpiredLeases () const;
+			const IdentHash& GetIdentHash () const { return m_Identity->GetIdentHash (); };
 			const uint8_t * GetEncryptionPublicKey () const { return m_EncryptionKey; };
 			bool IsDestination () const { return true; };
 
 		private:
 
-			void ReadFromBuffer ();
+			void ReadFromBuffer (bool readIdentity = true);
+			uint64_t ExtractTimestamp (const uint8_t * buf, size_t len) const; // min expiration time
 			
 		private:
 
-			std::vector<Lease> m_Leases;
-			IdentityEx m_Identity;
+			bool m_IsValid, m_StoreLeases; // we don't need to store leases for floodfill
+			std::set<std::shared_ptr<Lease>, LeaseCmp> m_Leases;
+			uint64_t m_ExpirationTime; // in milliseconds
+			std::shared_ptr<const IdentityEx> m_Identity;
 			uint8_t m_EncryptionKey[256];
-			uint8_t m_Buffer[MAX_LS_BUFFER_SIZE];
+			uint8_t * m_Buffer;
 			size_t m_BufferLen;
 	};	
+
+	class LocalLeaseSet
+	{
+		public:
+
+			LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * encryptionPublicKey, std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels);
+			LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * buf, size_t len);
+			~LocalLeaseSet () { delete[] m_Buffer; };
+
+			const uint8_t * GetBuffer () const { return m_Buffer; };
+			uint8_t * GetSignature () { return m_Buffer + m_BufferLen - GetSignatureLen (); }; 
+			size_t GetBufferLen () const { return m_BufferLen; };	
+			size_t GetSignatureLen () const { return m_Identity->GetSignatureLen (); };
+			uint8_t * GetLeases () { return m_Leases; }; 
+			
+			const IdentHash& GetIdentHash () const { return m_Identity->GetIdentHash (); };
+			bool IsExpired () const;
+			uint64_t GetExpirationTime () const { return m_ExpirationTime; };
+			void SetExpirationTime (uint64_t expirationTime) { m_ExpirationTime = expirationTime; };
+			bool operator== (const LeaseSet& other) const 
+			{ return m_BufferLen == other.GetBufferLen ()  && !memcmp (other.GetBuffer (), other.GetBuffer (), m_BufferLen); }; 
+
+
+		private:
+			
+			uint64_t m_ExpirationTime; // in milliseconds
+			std::shared_ptr<const IdentityEx> m_Identity;
+			uint8_t * m_Buffer, * m_Leases;
+			size_t m_BufferLen;
+	}; 
 }		
 }	
 

Log.cpp

@@ -1,38 +1,221 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
 #include "Log.h"
-#include <boost/date_time/posix_time/posix_time.hpp>
 
-Log * g_Log = nullptr;
-
-static const char * g_LogLevelStr[eNumLogLevels] =
-{
-	"error", // eLogError
-	"warn",  // eLogWarning
-	"info",  // eLogInfo
-	"debug"	 // eLogDebug 
-};
-
-void LogMsg::Process()
-{
-	output << boost::posix_time::second_clock::local_time().time_of_day () <<  
-		"/" << g_LogLevelStr[level] << " - ";
-	output << s.str();
-}
-
-void Log::Flush ()
-{
-	if (m_LogFile)
-		m_LogFile->flush();
-}
-
-void Log::SetLogFile (const std::string& fullFilePath)
-{
-	if (m_LogFile) delete m_LogFile;
-	m_LogFile = new std::ofstream (fullFilePath, std::ofstream::out | std::ofstream::binary | std::ofstream::trunc);
-	if (m_LogFile->is_open ())
-		LogPrint("Logging to file ",  fullFilePath, " enabled.");
-	else
+namespace i2p {
+namespace log {
+	static Log logger;
+	/**
+	 * @brief Maps our loglevel to their symbolic name
+	 */
+	static const char * g_LogLevelStr[eNumLogLevels] =
 	{
-		delete m_LogFile;
-		m_LogFile = nullptr;
+		"error", // eLogError
+		"warn",  // eLogWarn
+		"info",  // eLogInfo
+		"debug"	 // eLogDebug
+	};
+
+	/**
+	 * @brief Colorize log output -- array of terminal control sequences
+	 * @note Using ISO 6429 (ANSI) color sequences
+	 */
+#ifdef _WIN32
+	static const char *LogMsgColors[] = { "", "", "", "", "" };
+#else /* UNIX */
+	static const char *LogMsgColors[] = {
+		[eLogError]     = "\033[1;31m", /* red */
+		[eLogWarning]   = "\033[1;33m", /* yellow */
+		[eLogInfo]      = "\033[1;36m", /* cyan */
+		[eLogDebug]     = "\033[1;34m", /* blue */
+		[eNumLogLevels] = "\033[0m",    /* reset */
+	};
+#endif
+
+#ifndef _WIN32
+	/**
+	 * @brief  Maps our log levels to syslog one
+	 * @return syslog priority LOG_*, as defined in syslog.h
+	 */
+	static inline int GetSyslogPrio (enum LogLevel l) {
+		int priority = LOG_DEBUG;
+		switch (l) {
+			case eLogError   : priority = LOG_ERR;     break;
+			case eLogWarning : priority = LOG_WARNING; break;
+			case eLogInfo    : priority = LOG_INFO;    break;
+			case eLogDebug   : priority = LOG_DEBUG;   break;
+			default          : priority = LOG_DEBUG;   break;
+		}
+		return priority;
 	}
-}
+#endif
+
+	Log::Log():
+	m_Destination(eLogStdout), m_MinLevel(eLogInfo),
+	m_LogStream (nullptr), m_Logfile(""), m_HasColors(true),
+	m_IsRunning (false), m_Thread (nullptr)
+	{
+	}
+
+	Log::~Log ()
+	{
+		delete m_Thread;
+	}
+
+	void Log::Start ()
+	{
+		if (!m_IsRunning)
+		{	
+			m_IsRunning = true;	
+			m_Thread = new std::thread (std::bind (&Log::Run, this));
+		}
+	}
+
+	void Log::Stop ()	
+	{
+		switch (m_Destination) 
+		{
+#ifndef _WIN32
+			case eLogSyslog :
+				closelog();
+				break;
+#endif
+			case eLogFile:
+			case eLogStream:
+					if (m_LogStream) m_LogStream->flush();
+				break;
+			default:
+				/* do nothing */
+				break;
+		}
+		m_IsRunning = false;
+		m_Queue.WakeUp ();
+		if (m_Thread)
+		{	
+			m_Thread->join (); 
+			delete m_Thread;
+			m_Thread = nullptr;
+		}		
+	}
+
+	void Log::SetLogLevel (const std::string& level) {
+		if      (level == "error") { m_MinLevel = eLogError; }
+		else if (level == "warn")  { m_MinLevel = eLogWarning; }
+		else if (level == "info")  { m_MinLevel = eLogInfo;  }
+		else if (level == "debug") { m_MinLevel = eLogDebug; }
+		else {
+			LogPrint(eLogError, "Log: unknown loglevel: ", level);
+			return;
+		}
+		LogPrint(eLogInfo, "Log: min messages level set to ", level);
+	}
+	
+	const char * Log::TimeAsString(std::time_t t) {
+		if (t != m_LastTimestamp) {
+			strftime(m_LastDateTime, sizeof(m_LastDateTime), "%H:%M:%S", localtime(&t));
+			m_LastTimestamp = t;
+		}
+		return m_LastDateTime;
+	}
+
+	/**
+	 * @note This function better to be run in separate thread due to disk i/o.
+	 * Unfortunately, with current startup process with late fork() this
+	 * will give us nothing but pain. Maybe later. See in NetDb as example.
+	 */
+	void Log::Process(std::shared_ptr<LogMsg> msg) 
+	{
+		if (!msg) return;
+		std::hash<std::thread::id> hasher;
+		unsigned short short_tid;
+		short_tid = (short) (hasher(msg->tid) % 1000);
+		switch (m_Destination) {
+#ifndef _WIN32
+			case eLogSyslog:
+				syslog(GetSyslogPrio(msg->level), "[%03u] %s", short_tid, msg->text.c_str());
+				break;
+#endif
+			case eLogFile:
+			case eLogStream:
+				if (m_LogStream)
+					*m_LogStream << TimeAsString(msg->timestamp)
+						<< "@" << short_tid
+						<< "/" << g_LogLevelStr[msg->level]
+						<< " - " << msg->text << std::endl;
+				break;
+			case eLogStdout:
+			default:
+				std::cout    << TimeAsString(msg->timestamp)
+					<< "@" << short_tid
+					<< "/" << LogMsgColors[msg->level] << g_LogLevelStr[msg->level] << LogMsgColors[eNumLogLevels]
+					<< " - " << msg->text << std::endl;
+				break;
+		} // switch
+	}
+
+	void Log::Run ()
+	{
+		Reopen ();
+		while (m_IsRunning)
+		{
+			std::shared_ptr<LogMsg> msg;
+			while (msg = m_Queue.Get ())
+				Process (msg);
+			if (m_LogStream) m_LogStream->flush();
+			if (m_IsRunning)
+				m_Queue.Wait ();
+		}
+	}		
+
+	void Log::Append(std::shared_ptr<i2p::log::LogMsg> & msg) 
+	{
+		m_Queue.Put(msg);
+	}
+
+	void Log::SendTo (const std::string& path) 
+	{
+		if (m_LogStream) m_LogStream = nullptr; // close previous	
+		auto flags = std::ofstream::out | std::ofstream::app;
+		auto os = std::make_shared<std::ofstream> (path, flags);
+		if (os->is_open ()) 
+		{
+			m_HasColors = false;
+			m_Logfile = path;
+			m_Destination = eLogFile;
+			m_LogStream = os;
+			return;
+		}
+		LogPrint(eLogError, "Log: can't open file ", path);
+	}
+
+	void Log::SendTo (std::shared_ptr<std::ostream> os) {
+		m_HasColors = false;
+		m_Destination = eLogStream;
+		m_LogStream = os;
+	}
+
+#ifndef _WIN32
+	void Log::SendTo(const char *name, int facility) {
+		m_HasColors = false;
+		m_Destination = eLogSyslog;
+		m_LogStream = nullptr;
+		openlog(name, LOG_CONS | LOG_PID, facility);
+	}
+#endif
+
+	void Log::Reopen() {
+		if (m_Destination == eLogFile)
+			SendTo(m_Logfile);
+	}
+
+	Log & Logger() {
+		return logger;
+	}
+} // log
+} // i2p

Log.h

@@ -1,13 +1,28 @@
+/*
+* Copyright (c) 2013-2016, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
 #ifndef LOG_H__
 #define LOG_H__
 
+#include <ctime>
 #include <string>
 #include <iostream>
-#include <sstream>
 #include <fstream>
-#include <functional>
+#include <sstream>
+#include <chrono>
+#include <memory>
+#include <thread>
 #include "Queue.h"
 
+#ifndef _WIN32
+#include <syslog.h>
+#endif
+
 enum LogLevel
 {
 	eLogError = 0,
@@ -17,90 +32,155 @@ enum LogLevel
 	eNumLogLevels
 };
 
-struct LogMsg
-{
-	std::stringstream s;
-	std::ostream& output;	
-	LogLevel level;
-
-	LogMsg (std::ostream& o = std::cout, LogLevel l = eLogInfo): output (o), level (l) {};
-	
-	void Process();
-};
-
-class Log: public i2p::util::MsgQueue<LogMsg>
-{
-	public:
-
-		Log (): m_LogFile (nullptr) { SetOnEmpty (std::bind (&Log::Flush, this)); };
-		~Log () { delete m_LogFile; };
-
-		void SetLogFile (const std::string& fullFilePath);
-		std::ofstream * GetLogFile () const { return m_LogFile; };	
-
-	private:
-
-		void Flush ();
-
-	private:
-		
-		std::ofstream * m_LogFile;
-};
-
-extern Log * g_Log;
-
-inline void StartLog (const std::string& fullFilePath)
-{
-	if (!g_Log)
-	{	
-		g_Log = new Log ();
-		if (fullFilePath.length () > 0)
-			g_Log->SetLogFile (fullFilePath);
-	}	
-}
-
-inline void StopLog ()
-{
-	if (g_Log)
-	{
-		delete g_Log;
-		g_Log = nullptr;
-	}		
-}
-
-template<typename TValue>
-void LogPrint (std::stringstream& s, TValue arg) 
-{
-	s << arg;
-}
- 
-template<typename TValue, typename... TArgs>
-void LogPrint (std::stringstream& s, TValue arg, TArgs... args) 
-{
-	LogPrint (s, arg);
-	LogPrint (s, args...);
-}
-
-template<typename... TArgs>
-void LogPrint (LogLevel level, TArgs... args) 
-{
-	LogMsg * msg = (g_Log && g_Log->GetLogFile ()) ? new LogMsg (*g_Log->GetLogFile (), level) : 
-		new LogMsg (std::cout, level);
-	LogPrint (msg->s, args...);
-	msg->s << std::endl;
-	if (g_Log)	
-		g_Log->Put (msg);
-	else
-	{
-		msg->Process ();
-		delete msg;
-	}
-}
-
-template<typename... TArgs>
-void LogPrint (TArgs... args) 
-{
-	LogPrint (eLogInfo, args...);
-}	
-
+enum LogType {
+	eLogStdout = 0,
+	eLogStream,
+	eLogFile,
+#ifndef _WIN32
+	eLogSyslog,
 #endif
+};
+
+namespace i2p {
+namespace log {
+  
+	struct LogMsg; /* forward declaration */
+
+	class Log
+	{
+		private:
+
+			enum LogType  m_Destination;
+			enum LogLevel m_MinLevel;
+			std::shared_ptr<std::ostream> m_LogStream;
+			std::string m_Logfile;
+			std::time_t m_LastTimestamp;
+			char m_LastDateTime[64];
+			i2p::util::Queue<std::shared_ptr<LogMsg> > m_Queue;
+			bool m_HasColors;
+			volatile bool m_IsRunning;
+			std::thread * m_Thread;
+
+		private:
+
+			/** prevent making copies */
+			Log (const Log &);
+			const Log& operator=(const Log&);
+
+			void Run ();
+			void Process (std::shared_ptr<LogMsg> msg);
+
+			/**
+			 * @brief Makes formatted string from unix timestamp
+			 * @param ts  Second since epoch
+			 *
+			 * This function internally caches the result for last provided value
+			 */
+			const char * TimeAsString(std::time_t ts);
+
+		public:
+
+			Log ();
+			~Log ();
+
+			LogType  GetLogType  () { return m_Destination; };
+			LogLevel GetLogLevel () { return m_MinLevel; };
+
+			void Start ();
+			void Stop ();
+
+			/**
+			 * @brief  Sets minimal allowed level for log messages
+			 * @param  level  String with wanted minimal msg level
+			 */
+			void     SetLogLevel (const std::string& level);
+
+			/**
+			 * @brief Sets log destination to logfile
+			 * @param path  Path to logfile
+			 */
+			void SendTo (const std::string &path);
+
+			/**
+			 * @brief Sets log destination to given output stream
+			 * @param os  Output stream
+			 */
+			void SendTo (std::shared_ptr<std::ostream> os);
+
+	#ifndef _WIN32
+			/**
+			 * @brief Sets log destination to syslog
+			 * @param name     Wanted program name
+			 * @param facility Wanted log category
+			 */
+			void SendTo (const char *name, int facility);
+	#endif
+
+			/**
+			 * @brief  Format log message and write to output stream/syslog
+			 * @param  msg  Pointer to processed message
+			 */
+			void Append(std::shared_ptr<i2p::log::LogMsg> &);
+
+			/** @brief  Reopen log file */
+			void Reopen();
+	};
+
+	/**
+	 * @struct LogMsg
+	 * @brief Log message container
+	 *
+	 * We creating it somewhere with LogPrint(),
+	 * then put in MsgQueue for later processing.
+	 */
+	struct LogMsg {
+		std::time_t timestamp;
+		std::string text; /**< message text as single string */
+		LogLevel level;   /**< message level */
+		std::thread::id tid; /**< id of thread that generated message */
+    
+		LogMsg (LogLevel lvl, std::time_t ts, const std::string & txt): timestamp(ts), text(txt), level(lvl) {};
+	};
+
+	Log & Logger();
+} // log
+}
+
+/** internal usage only -- folding args array to single string */
+template<typename TValue>
+void LogPrint (std::stringstream& s, TValue&& arg) noexcept
+{
+	s << std::forward<TValue>(arg);
+}
+
+/** internal usage only -- folding args array to single string */
+template<typename TValue, typename... TArgs>
+void LogPrint (std::stringstream& s, TValue&& arg, TArgs&&... args) noexcept
+{
+	LogPrint (s, std::forward<TValue>(arg));
+	LogPrint (s, std::forward<TArgs>(args)...);
+}
+
+/**
+ * @brief Create log message and send it to queue
+ * @param level Message level (eLogError, eLogInfo, ...)
+ * @param args Array of message parts
+ */
+template<typename... TArgs>
+void LogPrint (LogLevel level, TArgs&&... args) noexcept
+{
+	i2p::log::Log &log = i2p::log::Logger();
+	if (level > log.GetLogLevel ())
+		return;
+
+	// fold message to single string
+	std::stringstream ss("");
+
+	LogPrint (ss, std::forward<TArgs>(args)...);
+  
+	auto msg = std::make_shared<i2p::log::LogMsg>(level, std::time(nullptr), ss.str());
+	msg->tid = std::this_thread::get_id();
+	log.Append(msg);
+}
+
+#endif // LOG_H__

Makefile

@@ -1,29 +1,117 @@
 UNAME := $(shell uname -s)
+SHLIB := libi2pd.so
+ARLIB := libi2pd.a
+SHLIB_CLIENT := libi2pdclient.so
+ARLIB_CLIENT := libi2pdclient.a
+I2PD  := i2pd
+GREP := grep
+DEPS := obj/make.dep
 
-ifeq ($(UNAME),Darwin)
-	include Makefile.osx
-else ifeq ($(UNAME), FreeBSD)
-	include Makefile.bsd
-else
-	include Makefile.linux
+include filelist.mk
+
+USE_AESNI	:= yes
+USE_AVX		:= yes
+USE_STATIC	:= no
+USE_MESHNET	:= no
+USE_UPNP	:= no
+
+ifeq ($(WEBSOCKETS),1)
+	NEEDED_CXXFLAGS += -DWITH_EVENTS
+	DAEMON_SRC += Websocket.cpp
 endif
 
-all: obj i2p
+ifeq ($(UNAME),Darwin)
+	DAEMON_SRC += DaemonLinux.cpp
+	ifeq ($(HOMEBREW),1)
+		include Makefile.homebrew
+	else
+		include Makefile.osx
+	endif
+else ifeq ($(shell echo $(UNAME) | $(GREP) -Ec '(Free|Open)BSD'),1)
+	DAEMON_SRC += DaemonLinux.cpp
+	include Makefile.bsd
+else ifeq ($(UNAME),Linux)
+	DAEMON_SRC += DaemonLinux.cpp
+	include Makefile.linux
+else # win32 mingw
+	DAEMON_SRC += DaemonWin32.cpp Win32/Win32Service.cpp Win32/Win32App.cpp
+	include Makefile.mingw
+endif
 
-i2p: $(OBJECTS:obj/%=obj/%)
-	$(CXX) -o $@ $^ $(LDLIBS) $(LDFLAGS) $(LIBS)
+ifeq ($(USE_MESHNET),yes)
+	NEEDED_CXXFLAGS += -DMESHNET
+endif
 
-.SUFFIXES:
-.SUFFIXES:	.c .cc .C .cpp .o
+all: mk_obj_dir $(ARLIB) $(ARLIB_CLIENT) $(I2PD)
 
-obj/%.o : %.cpp
-	$(CXX) -o $@ $< -c $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) $(CPU_FLAGS)
+mk_obj_dir:
+	@mkdir -p obj
+	@mkdir -p obj/Win32
 
-obj:
-	mkdir -p obj
+api: mk_obj_dir $(SHLIB) $(ARLIB)
+api_client: mk_obj_dir $(SHLIB) $(ARLIB) $(SHLIB_CLIENT) $(ARLIB_CLIENT)
+
+## NOTE: The NEEDED_CXXFLAGS are here so that CXXFLAGS can be specified at build time
+## **without** overwriting the CXXFLAGS which we need in order to build.
+## For example, when adding 'hardening flags' to the build
+## (e.g. -fstack-protector-strong -Wformat -Werror=format-security), we do not want to remove
+## -std=c++11. If you want to remove this variable please do so in a way that allows setting
+## custom FLAGS to work at build-time.
+
+deps: mk_obj_dir
+	$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) -MM *.cpp > $(DEPS)
+	@sed -i -e '/\.o:/ s/^/obj\//' $(DEPS)
+
+obj/%.o: %.cpp
+	$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) $(CPU_FLAGS) -c -o $@ $<
+
+# '-' is 'ignore if missing' on first run
+-include $(DEPS)
+
+DAEMON_OBJS += $(patsubst %.cpp,obj/%.o,$(DAEMON_SRC))
+$(I2PD): $(DAEMON_OBJS) $(ARLIB) $(ARLIB_CLIENT)
+	$(CXX) -o $@ $^ $(LDLIBS) $(LDFLAGS)
+
+$(SHLIB): $(patsubst %.cpp,obj/%.o,$(LIB_SRC))
+ifneq ($(USE_STATIC),yes)
+	$(CXX) $(LDFLAGS) $(LDLIBS) -shared -o $@ $^
+endif
+
+$(SHLIB_CLIENT): $(patsubst %.cpp,obj/%.o,$(LIB_CLIENT_SRC))
+	$(CXX) $(LDFLAGS) $(LDLIBS) -shared -o $@ $^
+
+$(ARLIB): $(patsubst %.cpp,obj/%.o,$(LIB_SRC))
+	ar -r $@ $^
+
+$(ARLIB_CLIENT): $(patsubst %.cpp,obj/%.o,$(LIB_CLIENT_SRC))
+	ar -r $@ $^
 
 clean:
-	rm -fr obj i2p
+	rm -rf obj
+	rm -rf docs/generated
+	$(RM) $(I2PD) $(SHLIB) $(ARLIB) $(SHLIB_CLIENT) $(ARLIB_CLIENT)
+
+strip: $(I2PD) $(SHLIB_CLIENT) $(SHLIB)
+	strip $^
+
+LATEST_TAG=$(shell git describe --tags --abbrev=0 openssl)
+BRANCH=$(shell git rev-parse --abbrev-ref HEAD)
+dist:
+	git archive --format=tar.gz -9 --worktree-attributes \
+	    --prefix=i2pd_$(LATEST_TAG)/ $(LATEST_TAG) -o i2pd_$(LATEST_TAG).tar.gz
+
+last-dist:
+	git archive --format=tar.gz -9 --worktree-attributes \
+	    --prefix=i2pd_$(LATEST_TAG)/ $(BRANCH) -o ../i2pd_$(LATEST_TAG).orig.tar.gz
+
+doxygen:
+	doxygen -s docs/Doxyfile
 
 .PHONY: all
 .PHONY: clean
+.PHONY: deps
+.PHONY: doxygen
+.PHONY: dist
+.PHONY: api
+.PHONY: api_client
+.PHONY: mk_obj_dir

Makefile.bsd

@@ -1,8 +1,12 @@
-CXX = g++
+CXX = clang++
 CXXFLAGS = -O2
-NEEDED_CXXFLAGS = -std=c++11
-include filelist.mk
+## NOTE: NEEDED_CXXFLAGS is here so that custom CXXFLAGS can be specified at build time
+## **without** overwriting the CXXFLAGS which we need in order to build.
+## For example, when adding 'hardening flags' to the build
+## (e.g. -fstack-protector-strong -Wformat -Werror=format-security), we do not want to remove
+## -std=c++11. If you want to remove this variable please do so in a way that allows setting
+## custom FLAGS to work at build-time.
+NEEDED_CXXFLAGS = -std=c++11 -D_GLIBCXX_USE_NANOSLEEP=1
 INCFLAGS = -I/usr/include/ -I/usr/local/include/
 LDFLAGS = -Wl,-rpath,/usr/local/lib -L/usr/local/lib
-LDLIBS = -lcryptopp -lboost_system -lboost_date_time -lboost_filesystem -lboost_regex -lboost_program_options -lpthread
-LIBS =
+LDLIBS = -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread

Makefile.homebrew

@@ -0,0 +1,29 @@
+# root directory holding homebrew
+BREWROOT = /usr/local/
+BOOSTROOT = ${BREWROOT}/opt/boost
+SSLROOT = ${BREWROOT}/opt/libressl
+CXX = clang++
+CXXFLAGS = -g -Wall -std=c++11 -DMAC_OSX
+INCFLAGS = -I${SSLROOT}/include -I${BOOSTROOT}/include
+LDFLAGS = -L${SSLROOT}/lib -L${BOOSTROOT}/lib
+LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
+
+ifeq ($(USE_UPNP),yes)
+  LDFLAGS += -ldl
+  CXXFLAGS += -DUSE_UPNP
+endif
+
+# OSX Notes
+# http://www.hutsby.net/2011/08/macs-with-aes-ni.html
+# Seems like all recent Mac's have AES-NI, after firmware upgrade 2.2
+# Found no good way to detect it from command line. TODO: Might be some osx sysinfo magic
+# note from psi: 2009 macbook does not have aesni
+#ifeq ($(USE_AESNI),yes)
+#  CXXFLAGS += -maes -DAESNI
+#endif
+
+# Disabled, since it will be the default make rule. I think its better
+# to define the default rule in Makefile and not Makefile.<ostype> - torkel
+#install: all
+#	test -d ${PREFIX} || mkdir -p ${PREFIX}/
+#	cp -r i2p ${PREFIX}/

Makefile.linux

@@ -1,43 +1,73 @@
-CXXFLAGS = -g -Wall
+# set defaults instead redefine
+CXXFLAGS ?= -g -Wall -Wextra -Wno-unused-parameter -pedantic -Wno-misleading-indentation
+INCFLAGS ?=
+
+## NOTE: The NEEDED_CXXFLAGS are here so that custom CXXFLAGS can be specified at build time
+## **without** overwriting the CXXFLAGS which we need in order to build.
+## For example, when adding 'hardening flags' to the build
+## (e.g. -fstack-protector-strong -Wformat -Werror=format-security), we do not want to remove
+## -std=c++11. If you want to remove this variable please do so in a way that allows setting
+## custom FLAGS to work at build-time.
+
+# detect proper flag for c++11 support by compilers
 CXXVER := $(shell $(CXX) -dumpversion)
-
-FGREP = fgrep
-IS_64 := $(shell $(CXX) -dumpmachine 2>&1 | $(FGREP) -c "64")
-USE_AESNI := yes
-ifeq ($(shell expr match ${CXXVER} "4\.[0-9][0-9]"),4) # >= 4.10
-NEEDED_CXXFLAGS += -std=c++11
+ifeq ($(shell expr match $(CXX) 'clang'),5)
+	NEEDED_CXXFLAGS += -std=c++11
+else ifeq ($(shell expr match ${CXXVER} "4\.[0-9][0-9]"),4) # gcc >= 4.10
+	NEEDED_CXXFLAGS += -std=c++11
 else ifeq ($(shell expr match ${CXXVER} "4\.[7-9]"),3) # >= 4.7
-NEEDED_CXXFLAGS += -std=c++11
+	NEEDED_CXXFLAGS += -std=c++11 -D_GLIBCXX_USE_NANOSLEEP=1
 else ifeq ($(shell expr match ${CXXVER} "4\.6"),3) # = 4.6
-NEEDED_CXXFLAGS += -std=c++0x
-else ifeq ($(shell expr match $(CXX) 'clang'),5)
-NEEDED_CXXFLAGS += -std=c++11
+	NEEDED_CXXFLAGS += -std=c++0x
+else ifeq ($(shell expr match ${CXXVER} "[5-6]\.[0-9]"),3) # gcc >= 5.0
+	NEEDED_CXXFLAGS += -std=c++11
 else # not supported
-$(error Compiler too old)
+	$(error Compiler too old)
 endif
 
-LIBDIR := /usr/lib
+NEEDED_CXXFLAGS += -fPIC
 
-include filelist.mk
-INCFLAGS =
-ifeq ($(STATIC),yes)
-LDLIBS += $(LIBDIR)/libcryptopp.a $(LIBDIR)/libboost_system.a
-LDLIBS += $(LIBDIR)/libboost_date_time.a $(LIBDIR)/libboost_filesystem.a
-LDLIBS += $(LIBDIR)/libboost_regex.a $(LIBDIR)/libboost_program_options.a
-LDLIBS += -lpthread -static-libstdc++ -static-libgcc
-USE_AESNI := no
+ifeq ($(USE_STATIC),yes)
+# NOTE: on glibc you will get this warning:
+#   Using 'getaddrinfo' in statically linked applications requires at runtime
+#   the shared libraries from the glibc version used for linking
+  LIBDIR := /usr/lib
+  LDLIBS  = $(LIBDIR)/libboost_system.a
+  LDLIBS += $(LIBDIR)/libboost_date_time.a
+  LDLIBS += $(LIBDIR)/libboost_filesystem.a
+  LDLIBS += $(LIBDIR)/libboost_program_options.a
+  LDLIBS += $(LIBDIR)/libssl.a
+  LDLIBS += $(LIBDIR)/libcrypto.a
+  LDLIBS += $(LIBDIR)/libz.a
+  LDLIBS += -lpthread -static-libstdc++ -static-libgcc -lrt -ldl
+  USE_AESNI := no
 else
-LDLIBS = -lcryptopp -lboost_system -lboost_date_time -lboost_filesystem -lboost_regex -lboost_program_options -lpthread
+  LDLIBS = -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
 endif
-LIBS =
 
+# UPNP Support (miniupnpc 1.5 and higher)
+ifeq ($(USE_UPNP),yes)
+  CXXFLAGS += -DUSE_UPNP
+ifeq ($(USE_STATIC),yes)
+  LDLIBS += $(LIBDIR)/libminiupnpc.a
+else
+  LDLIBS += -lminiupnpc
+endif
+endif
 
+IS_64 := $(shell $(CXX) -dumpmachine 2>&1 | $(GREP) -c "64")
 ifeq ($(USE_AESNI),yes)
 ifeq ($(IS_64),1)
 #check if AES-NI is supported by CPU
-ifneq ($(shell grep -c aes /proc/cpuinfo),0)
-	CPU_FLAGS = -maes -DAESNI
+ifneq ($(shell $(GREP) -c aes /proc/cpuinfo),0)
+	CPU_FLAGS += -maes -DAESNI
 endif
 endif
 endif
 
+ifeq ($(USE_AVX),yes)
+#check if AVX supported by CPU
+ifneq ($(shell $(GREP) -c avx /proc/cpuinfo),0)
+	CPU_FLAGS += -mavx
+endif
+endif

Makefile.mingw

@@ -0,0 +1,57 @@
+USE_WIN32_APP=yes
+CXX = g++
+WINDRES = windres
+CXXFLAGS = -Os -D_MT -DWIN32 -D_WINDOWS -DWIN32_LEAN_AND_MEAN
+NEEDED_CXXFLAGS = -std=c++11
+BOOST_SUFFIX = -mt
+INCFLAGS = -I/usr/include/ -I/usr/local/include/
+LDFLAGS = -Wl,-rpath,/usr/local/lib \
+  -L/usr/local/lib 
+
+# UPNP Support 
+ifeq ($(USE_UPNP),yes)
+  CXXFLAGS += -DUSE_UPNP -DMINIUPNP_STATICLIB
+  LDLIBS = -Wl,-Bstatic -lminiupnpc	
+endif
+
+LDLIBS += \
+  -Wl,-Bstatic -lboost_system$(BOOST_SUFFIX) \
+  -Wl,-Bstatic -lboost_date_time$(BOOST_SUFFIX) \
+  -Wl,-Bstatic -lboost_filesystem$(BOOST_SUFFIX) \
+  -Wl,-Bstatic -lboost_program_options$(BOOST_SUFFIX) \
+  -Wl,-Bstatic -lssl \
+  -Wl,-Bstatic -lcrypto \
+  -Wl,-Bstatic -lz \
+  -Wl,-Bstatic -lwsock32 \
+  -Wl,-Bstatic -lws2_32 \
+  -Wl,-Bstatic -lgdi32 \
+  -Wl,-Bstatic -liphlpapi \
+  -static-libgcc -static-libstdc++ \
+  -Wl,-Bstatic -lstdc++ \
+  -Wl,-Bstatic -lpthread
+
+ifeq ($(USE_WIN32_APP), yes)
+	CXXFLAGS += -DWIN32_APP
+	LDFLAGS += -mwindows -s
+	DAEMON_RC += Win32/Resource.rc
+	DAEMON_OBJS += $(patsubst %.rc,obj/%.o,$(DAEMON_RC))
+endif
+
+# don't change following line to ifeq ($(USE_AESNI),yes) !!!
+ifeq ($(USE_AESNI),1)
+	CPU_FLAGS += -maes -DAESNI
+else
+	CPU_FLAGS += -msse
+endif
+
+ifeq ($(USE_AVX),1)
+	CPU_FLAGS += -mavx
+endif
+
+ifeq ($(USE_ASLR),yes)
+	LDFLAGS += -Wl,--nxcompat -Wl,--high-entropy-va \
+      -Wl,--dynamicbase,--export-all-symbols
+endif
+
+obj/%.o : %.rc
+	$(WINDRES) -i $< -o $@

Makefile.osx

@@ -1,27 +1,32 @@
 CXX = clang++
-CXXFLAGS = -g -Wall -std=c++11 -lstdc++ -I/usr/local/include
-include filelist.mk
-INCFLAGS = -DCRYPTOPP_DISABLE_ASM
+CXXFLAGS = -Os -Wall -std=c++11 -DMAC_OSX
+#CXXFLAGS = -g -O2 -Wall -std=c++11
+INCFLAGS = -I/usr/local/include 
 LDFLAGS = -Wl,-rpath,/usr/local/lib -L/usr/local/lib
-LDLIBS = -lcryptopp -lboost_system -lboost_date_time -lboost_filesystem -lboost_regex -lboost_program_options -lpthread
-LIBS =
 
-# OSX Notes
-# http://www.hutsby.net/2011/08/macs-with-aes-ni.html
-# Seems like all recent Mac's have AES-NI, after firmware upgrade 2.2
-# Found no good way to detect it from command line. TODO: Might be some osx sysinfo magic
-CXXFLAGS += -maes -DAESNI
-
-
-${PREFIX}:
-
-install: all
-	mkdir -p ${PREFIX}/
-	cp -r i2p ${PREFIX}/
-
-
-
-# Apple Mac OSX
-UNAME_S := $(shell uname -s)
-ifeq ($(UNAME_S),Darwin)
+ifeq ($(USE_STATIC),yes)
+LDLIBS = -lz /usr/local/lib/libcrypto.a /usr/local/lib/libssl.a /usr/local/lib/libboost_system.a /usr/local/lib/libboost_date_time.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread
+else
+LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
 endif
+
+ifeq ($(USE_UPNP),yes)
+  LDFLAGS += -ldl
+  CXXFLAGS += -DUSE_UPNP
+endif
+
+ifeq ($(USE_AESNI),1)
+  CXXFLAGS += -maes -DAESNI
+else
+  CXXFLAGS += -msse
+endif
+
+ifeq ($(USE_AVX),1)
+  CXXFLAGS += -mavx
+endif
+
+# Disabled, since it will be the default make rule. I think its better
+# to define the default rule in Makefile and not Makefile.<ostype> - torkel
+#install: all
+#	test -d ${PREFIX} || mkdir -p ${PREFIX}/
+#	cp -r i2p ${PREFIX}/

NTCPSession.h

@@ -2,12 +2,12 @@
 #define NTCP_SESSION_H__
 
 #include <inttypes.h>
-#include <list>
+#include <map>
+#include <memory>
+#include <thread>
+#include <mutex>
 #include <boost/asio.hpp>
-#include <cryptopp/modes.h>
-#include <cryptopp/aes.h>
-#include <cryptopp/adler32.h>
-#include "aes.h"
+#include "Crypto.h"
 #include "Identity.h"
 #include "RouterInfo.h"
 #include "I2NPProtocol.h"
@@ -17,8 +17,6 @@ namespace i2p
 {
 namespace transport
 {
-
-#pragma pack(1)
 	struct NTCPPhase1
 	{
 		uint8_t pubKey[256];
@@ -31,74 +29,62 @@ namespace transport
 		struct
 		{
 			uint8_t hxy[32];
-			uint32_t timestamp;
+			uint8_t timestamp[4];
 			uint8_t filler[12];
 		} encrypted;	
 	};	
 
-	struct NTCPPhase3
-	{
-		uint16_t size;
-		i2p::data::Identity ident;
-		uint32_t timestamp; 
-		uint8_t padding[15];
-		uint8_t signature[40];
-	};
-
-
-	struct NTCPPhase4
-	{
-		uint8_t signature[40];
-		uint8_t padding[8];
-	};
-	
-#pragma pack()	
-
 	const size_t NTCP_MAX_MESSAGE_SIZE = 16384; 
-	const size_t NTCP_BUFFER_SIZE = 1040; // fits one tunnel message (1028)
+	const size_t NTCP_BUFFER_SIZE = 1028; // fits 1 tunnel data message
+	const int NTCP_CONNECT_TIMEOUT = 5; // 5 seconds
 	const int NTCP_TERMINATION_TIMEOUT = 120; // 2 minutes
+	const int NTCP_TERMINATION_CHECK_TIMEOUT = 30; // 30 seconds	
+	const size_t NTCP_DEFAULT_PHASE3_SIZE = 2/*size*/ + i2p::data::DEFAULT_IDENTITY_SIZE/*387*/ + 4/*ts*/ + 15/*padding*/ + 40/*signature*/; // 448 	
+	const int NTCP_CLOCK_SKEW = 60; // in seconds 
+	const int NTCP_MAX_OUTGOING_QUEUE_SIZE = 200; // how many messages we can queue up
 
-	class NTCPSession: public TransportSession
+	class NTCPServer;
+	class NTCPSession: public TransportSession, public std::enable_shared_from_this<NTCPSession>
 	{
 		public:
 
-			NTCPSession (boost::asio::io_service& service, std::shared_ptr<const i2p::data::RouterInfo> in_RemoteRouter = nullptr);
+			NTCPSession (NTCPServer& server, std::shared_ptr<const i2p::data::RouterInfo> in_RemoteRouter = nullptr);
 			~NTCPSession ();
+			void Terminate ();
+			void Done ();
 
 			boost::asio::ip::tcp::socket& GetSocket () { return m_Socket; };
-			bool IsEstablished () const { return m_IsEstablished; };
-			
+			bool IsEstablished () const { return m_IsEstablished; };	
+
 			void ClientLogin ();
 			void ServerLogin ();
-			void SendI2NPMessage (I2NPMessage * msg);
-
-			size_t GetNumSentBytes () const { return m_NumSentBytes; };
-			size_t GetNumReceivedBytes () const { return m_NumReceivedBytes; };
-			
-		protected:
-
-			void Terminate ();
-			virtual void Connected ();
-			void SendTimeSyncMessage ();
-			void SetIsEstablished (bool isEstablished) { m_IsEstablished = isEstablished; }
+			void SendI2NPMessages (const std::vector<std::shared_ptr<I2NPMessage> >& msgs);
 			
 		private:
 
-			void CreateAESKey (uint8_t * pubKey, i2p::crypto::AESKey& key);
+			void PostI2NPMessages (std::vector<std::shared_ptr<I2NPMessage> > msgs);
+			void Connected ();
+			void SendTimeSyncMessage ();
+			void SetIsEstablished (bool isEstablished) { m_IsEstablished = isEstablished; }
+
+			void CreateAESKey (uint8_t * pubKey);
 				
 			// client
 			void SendPhase3 ();
 			void HandlePhase1Sent (const boost::system::error_code& ecode,  std::size_t bytes_transferred);
 			void HandlePhase2Received (const boost::system::error_code& ecode, std::size_t bytes_transferred);
+			void HandlePhase2 ();
 			void HandlePhase3Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsA);
 			void HandlePhase4Received (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsA);
 
 			//server
 			void SendPhase2 ();
-			void SendPhase4 (uint32_t tsB);
+			void SendPhase4 (uint32_t tsA, uint32_t tsB);
 			void HandlePhase1Received (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 			void HandlePhase2Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB);
 			void HandlePhase3Received (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB);
+			void HandlePhase3ExtraReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB, size_t paddingLen);
+			void HandlePhase3 (uint32_t tsB, size_t paddingLen);
 			void HandlePhase4Sent (const boost::system::error_code& ecode,  std::size_t bytes_transferred);
 			
 			// common
@@ -106,68 +92,85 @@ namespace transport
 			void HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 			bool DecryptNextBlock (const uint8_t * encrypted);	
 		
-			void Send (i2p::I2NPMessage * msg);
-			void HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, i2p::I2NPMessage * msg);
-
-
-			// timer
-			void ScheduleTermination ();
-			void HandleTerminationTimer (const boost::system::error_code& ecode);
+			void Send (std::shared_ptr<i2p::I2NPMessage> msg);
+			boost::asio::const_buffers_1 CreateMsgBuffer (std::shared_ptr<I2NPMessage> msg);
+			void Send (const std::vector<std::shared_ptr<I2NPMessage> >& msgs);
+			void HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, std::vector<std::shared_ptr<I2NPMessage> > msgs);
 			
 		private:
 
+			NTCPServer& m_Server;
 			boost::asio::ip::tcp::socket m_Socket;
-			boost::asio::deadline_timer m_TerminationTimer;
-			bool m_IsEstablished;
+			bool m_IsEstablished, m_IsTerminated;
 			
 			i2p::crypto::CBCDecryption m_Decryption;
 			i2p::crypto::CBCEncryption m_Encryption;
-			CryptoPP::Adler32 m_Adler;
 
 			struct Establisher
 			{	
 				NTCPPhase1 phase1;
 				NTCPPhase2 phase2;
-				NTCPPhase3 phase3;
-				NTCPPhase4 phase4;
 			} * m_Establisher;	
 			
-			uint8_t m_ReceiveBuffer[NTCP_BUFFER_SIZE + 16], m_TimeSyncBuffer[16];
+			i2p::crypto::AESAlignedBuffer<NTCP_BUFFER_SIZE + 16> m_ReceiveBuffer;
+			i2p::crypto::AESAlignedBuffer<16> m_TimeSyncBuffer;
 			int m_ReceiveBufferOffset; 
 
-			i2p::I2NPMessage * m_NextMessage;
-			std::list<i2p::I2NPMessage *> m_DelayedMessages;
+			std::shared_ptr<I2NPMessage> m_NextMessage;
 			size_t m_NextMessageOffset;
+			i2p::I2NPMessagesHandler m_Handler;
 
-			size_t m_NumSentBytes, m_NumReceivedBytes;
+			bool m_IsSending;
+			std::vector<std::shared_ptr<I2NPMessage> > m_SendQueue;
 	};	
 
-	class NTCPClient: public NTCPSession
+	// TODO: move to NTCP.h/.cpp
+	class NTCPServer
 	{
 		public:
 
-			NTCPClient (boost::asio::io_service& service, const boost::asio::ip::address& address, int port, std::shared_ptr<const i2p::data::RouterInfo> in_RouterInfo);
+			NTCPServer ();
+			~NTCPServer ();
+
+			void Start ();
+			void Stop ();
+
+			bool AddNTCPSession (std::shared_ptr<NTCPSession> session);
+			void RemoveNTCPSession (std::shared_ptr<NTCPSession> session);
+			std::shared_ptr<NTCPSession> FindNTCPSession (const i2p::data::IdentHash& ident);
+			void Connect (const boost::asio::ip::address& address, int port, std::shared_ptr<NTCPSession> conn);
+
+      		bool IsBoundV4() const { return m_NTCPAcceptor != nullptr; };
+      		bool IsBoundV6() const { return m_NTCPV6Acceptor != nullptr; };
+      
+			boost::asio::io_service& GetService () { return m_Service; };	
 
 		private:
 
-			void Connect ();
-			void HandleConnect (const boost::system::error_code& ecode);
+			void Run ();
+			void HandleAccept (std::shared_ptr<NTCPSession> conn, const boost::system::error_code& error);
+			void HandleAcceptV6 (std::shared_ptr<NTCPSession> conn, const boost::system::error_code& error);
+
+			void HandleConnect (const boost::system::error_code& ecode, std::shared_ptr<NTCPSession> conn, std::shared_ptr<boost::asio::deadline_timer> timer);
+
+			// timer
+			void ScheduleTermination ();
+			void HandleTerminationTimer (const boost::system::error_code& ecode);
 			
-		private:
+		private:	
 
-			boost::asio::ip::tcp::endpoint m_Endpoint;
-	};	
+			bool m_IsRunning;
+			std::thread * m_Thread;	
+			boost::asio::io_service m_Service;
+			boost::asio::io_service::work m_Work;
+			boost::asio::deadline_timer m_TerminationTimer;
+			boost::asio::ip::tcp::acceptor * m_NTCPAcceptor, * m_NTCPV6Acceptor;
+			std::map<i2p::data::IdentHash, std::shared_ptr<NTCPSession> > m_NTCPSessions; // access from m_Thread only
 
-	class NTCPServerConnection: public NTCPSession
-	{
 		public:
 
-			NTCPServerConnection (boost::asio::io_service& service): 
-				NTCPSession (service) {};
-			
-		protected:
-
-			virtual void Connected ();
+			// for HTTP/I2PControl
+			const decltype(m_NTCPSessions)& GetNTCPSessions () const { return m_NTCPSessions; };
 	};	
 }	
 }	

NetDb.h

@@ -8,50 +8,40 @@
 #include <string>
 #include <thread>
 #include <mutex>
-#include <boost/filesystem.hpp>
+
+#include "Base.h"
+#include "Gzip.h"
+#include "FS.h"
 #include "Queue.h"
 #include "I2NPProtocol.h"
 #include "RouterInfo.h"
 #include "LeaseSet.h"
 #include "Tunnel.h"
 #include "TunnelPool.h"
+#include "Reseed.h"
+#include "NetDbRequests.h"
+#include "Family.h"
 
 namespace i2p
 {
 namespace data
 {		
-	class RequestedDestination
-	{
-		public:
+	const int NETDB_MIN_ROUTERS = 90;
+	const int NETDB_FLOODFILL_EXPIRATION_TIMEOUT = 60*60; // 1 hour, in seconds
+	const int NETDB_INTRODUCEE_EXPIRATION_TIMEOUT = 65*60;
+	const int NETDB_MIN_EXPIRATION_TIMEOUT = 90*60; // 1.5 hours
+	const int NETDB_MAX_EXPIRATION_TIMEOUT = 27*60*60; // 27 hours
+	const int NETDB_PUBLISH_INTERVAL = 60*40;
 
-			RequestedDestination (const IdentHash& destination, bool isLeaseSet, 
-			    bool isExploratory = false, i2p::tunnel::TunnelPool * pool = nullptr):
-				m_Destination (destination), m_IsLeaseSet (isLeaseSet), m_IsExploratory (isExploratory), 
-				m_Pool (pool), m_CreationTime (0) {};
-			
-			const IdentHash& GetDestination () const { return m_Destination; };
-			int GetNumExcludedPeers () const { return m_ExcludedPeers.size (); };
-			const std::set<IdentHash>& GetExcludedPeers () { return m_ExcludedPeers; };
-			void ClearExcludedPeers ();
-			std::shared_ptr<const RouterInfo> GetLastRouter () const { return m_LastRouter; };
-			i2p::tunnel::TunnelPool * GetTunnelPool () { return m_Pool; };
-			bool IsExploratory () const { return m_IsExploratory; };
-			bool IsLeaseSet () const { return m_IsLeaseSet; };
-			bool IsExcluded (const IdentHash& ident) const { return m_ExcludedPeers.count (ident); };
-			uint64_t GetCreationTime () const { return m_CreationTime; };
-			I2NPMessage * CreateRequestMessage (std::shared_ptr<const RouterInfo>, const i2p::tunnel::InboundTunnel * replyTunnel);
-			I2NPMessage * CreateRequestMessage (const IdentHash& floodfill);
-						
-		private:
+	/** function for visiting a leaseset stored in a floodfill */
+	typedef std::function<void(const IdentHash, std::shared_ptr<LeaseSet>)> LeaseSetVisitor;
 
-			IdentHash m_Destination;
-			bool m_IsLeaseSet, m_IsExploratory;
-			i2p::tunnel::TunnelPool * m_Pool;
-			std::set<IdentHash> m_ExcludedPeers;
-			std::shared_ptr<const RouterInfo> m_LastRouter;
-			uint64_t m_CreationTime;
-	};	
-	
+	/** function for visiting a router info we have locally */
+	typedef std::function<void(std::shared_ptr<const i2p::data::RouterInfo>)> RouterInfoVisitor; 
+
+	/** function for visiting a router info and determining if we want to use it */
+	typedef std::function<bool(std::shared_ptr<const i2p::data::RouterInfo>)> RouterInfoFilter;
+  
 	class NetDb
 	{
 		public:
@@ -61,67 +51,101 @@ namespace data
 
 			void Start ();
 			void Stop ();
-			
-			void AddRouterInfo (const IdentHash& ident, const uint8_t * buf, int len);
-			void AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len, i2p::tunnel::InboundTunnel * from);
+    
+			bool AddRouterInfo (const uint8_t * buf, int len);
+			bool AddRouterInfo (const IdentHash& ident, const uint8_t * buf, int len);
+			bool AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
 			std::shared_ptr<RouterInfo> FindRouter (const IdentHash& ident) const;
-			LeaseSet * FindLeaseSet (const IdentHash& destination) const;
+			std::shared_ptr<LeaseSet> FindLeaseSet (const IdentHash& destination) const;
+			std::shared_ptr<RouterProfile> FindRouterProfile (const IdentHash& ident) const;
 
-			void PublishLeaseSet (const LeaseSet * leaseSet, i2p::tunnel::TunnelPool * pool);
-			void RequestDestination (const IdentHash& destination, bool isLeaseSet = false, 
-				i2p::tunnel::TunnelPool * pool = nullptr);			
+			void RequestDestination (const IdentHash& destination, RequestedDestination::RequestComplete requestComplete = nullptr);			
+		void RequestDestinationFrom (const IdentHash& destination, const IdentHash & from, bool exploritory, RequestedDestination::RequestComplete requestComplete = nullptr);			
 			
-			void HandleDatabaseStoreMsg (I2NPMessage * msg);
-			void HandleDatabaseSearchReplyMsg (I2NPMessage * msg);
-			void HandleDatabaseLookupMsg (I2NPMessage * msg);			
+			void HandleDatabaseStoreMsg (std::shared_ptr<const I2NPMessage> msg);
+			void HandleDatabaseSearchReplyMsg (std::shared_ptr<const I2NPMessage> msg);
+			void HandleDatabaseLookupMsg (std::shared_ptr<const I2NPMessage> msg);			
 
 			std::shared_ptr<const RouterInfo> GetRandomRouter () const;
 			std::shared_ptr<const RouterInfo> GetRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith) const;
 			std::shared_ptr<const RouterInfo> GetHighBandwidthRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith) const;
+			std::shared_ptr<const RouterInfo> GetRandomPeerTestRouter (bool v4only = true) const;
+			std::shared_ptr<const RouterInfo> GetRandomIntroducer () const;
+			std::shared_ptr<const RouterInfo> GetClosestFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded, bool closeThanUsOnly = false) const;
+			std::vector<IdentHash> GetClosestFloodfills (const IdentHash& destination, size_t num,
+				std::set<IdentHash>& excluded, bool closeThanUsOnly = false) const;
+			std::shared_ptr<const RouterInfo> GetClosestNonFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded) const;
+      std::shared_ptr<const RouterInfo> GetRandomRouterInFamily(const std::string & fam) const;
 			void SetUnreachable (const IdentHash& ident, bool unreachable);			
 
-			void PostI2NPMsg (I2NPMessage * msg);
+			void PostI2NPMsg (std::shared_ptr<const I2NPMessage> msg);
+
+      /** set hidden mode, aka don't publish our RI to netdb and don't explore */
+      void SetHidden(bool hide); 
+      
+			void Reseed ();
+			Families& GetFamilies () { return m_Families; };
 
 			// for web interface
 			int GetNumRouters () const { return m_RouterInfos.size (); };
 			int GetNumFloodfills () const { return m_Floodfills.size (); };
 			int GetNumLeaseSets () const { return m_LeaseSets.size (); };
-			
+
+			/** visit all lease sets we currently store */
+			void VisitLeaseSets(LeaseSetVisitor v);
+			/** visit all router infos we have currently on disk, usually insanely expensive, does not access in memory RI */
+			void VisitStoredRouterInfos(RouterInfoVisitor v);
+			/** visit all router infos we have loaded in memory, cheaper than VisitLocalRouterInfos but locks access while visiting */
+			void VisitRouterInfos(RouterInfoVisitor v);
+			/** visit N random router that match using filter, then visit them with a visitor, return number of RouterInfos that were visited */
+			size_t VisitRandomRouterInfos(RouterInfoFilter f, RouterInfoVisitor v, size_t n);
+
+			void ClearRouterInfos () { m_RouterInfos.clear (); };
+
 		private:
 
-			bool CreateNetDb(boost::filesystem::path directory);
-			void Load (const char * directory);
-			void SaveUpdated (const char * directory);
+			void Load ();
+			bool LoadRouterInfo (const std::string & path);
+			void SaveUpdated ();
 			void Run (); // exploratory thread
-			void Explore (int numDestinations);
+			void Explore (int numDestinations);	
 			void Publish ();
-			std::shared_ptr<const RouterInfo> GetClosestFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded) const;
 			void ManageLeaseSets ();
+			void ManageRequests ();
 
-			RequestedDestination * CreateRequestedDestination (const IdentHash& dest, 
-				bool isLeaseSet, bool isExploratory = false, i2p::tunnel::TunnelPool * pool = nullptr);
-			bool DeleteRequestedDestination (const IdentHash& dest); // returns true if found
-			void DeleteRequestedDestination (RequestedDestination * dest);
-
-			template<typename Filter>
-			std::shared_ptr<const RouterInfo> GetRandomRouter (Filter filter) const;	
+		void ReseedFromFloodfill(const RouterInfo & ri, int numRouters=40, int numFloodfills=20);
+		
+    	template<typename Filter>
+        std::shared_ptr<const RouterInfo> GetRandomRouter (Filter filter) const;	
 		
 		private:
-
-			std::map<IdentHash, LeaseSet *> m_LeaseSets;
+		
+			mutable std::mutex m_LeaseSetsMutex;
+			std::map<IdentHash, std::shared_ptr<LeaseSet> > m_LeaseSets;
 			mutable std::mutex m_RouterInfosMutex;
 			std::map<IdentHash, std::shared_ptr<RouterInfo> > m_RouterInfos;
 			mutable std::mutex m_FloodfillsMutex;
 			std::list<std::shared_ptr<RouterInfo> > m_Floodfills;
-			std::mutex m_RequestedDestinationsMutex;
-			std::map<IdentHash, RequestedDestination *> m_RequestedDestinations;
 			
 			bool m_IsRunning;
-			int m_ReseedRetries;
+			uint64_t m_LastLoad;
 			std::thread * m_Thread;	
-			i2p::util::Queue<I2NPMessage> m_Queue; // of I2NPDatabaseStoreMsg
+			i2p::util::Queue<std::shared_ptr<const I2NPMessage> > m_Queue; // of I2NPDatabaseStoreMsg
 
-			static const char m_NetDbPath[];
+			GzipInflator m_Inflator;
+			Reseeder * m_Reseeder;
+			Families m_Families;
+			i2p::fs::HashedStorage m_Storage;
+
+			friend class NetDbRequests; 
+			NetDbRequests m_Requests;
+
+		/** router info we are bootstrapping from or nullptr if we are not currently doing that*/
+		std::shared_ptr<RouterInfo> m_FloodfillBootstrap;
+				
+
+      /** true if in hidden mode */
+      bool m_HiddenMode;
 	};
 
 	extern NetDb netdb;

NetDbRequests.cpp

@@ -0,0 +1,161 @@
+#include "Log.h"
+#include "I2NPProtocol.h"
+#include "Transports.h"
+#include "NetDb.h"
+#include "NetDbRequests.h"
+
+namespace i2p
+{
+namespace data
+{
+	std::shared_ptr<I2NPMessage> RequestedDestination::CreateRequestMessage (std::shared_ptr<const RouterInfo> router,
+		std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel)
+	{
+		std::shared_ptr<I2NPMessage> msg;
+		if(replyTunnel)
+			msg = i2p::CreateRouterInfoDatabaseLookupMsg (m_Destination, 
+			replyTunnel->GetNextIdentHash (), replyTunnel->GetNextTunnelID (), m_IsExploratory, 
+		    &m_ExcludedPeers);
+		else
+			msg = i2p::CreateRouterInfoDatabaseLookupMsg(m_Destination, i2p::context.GetIdentHash(), 0, m_IsExploratory, &m_ExcludedPeers);
+		if(router)
+			m_ExcludedPeers.insert (router->GetIdentHash ());
+		m_CreationTime = i2p::util::GetSecondsSinceEpoch ();
+		return msg;
+	}	
+
+	std::shared_ptr<I2NPMessage> RequestedDestination::CreateRequestMessage (const IdentHash& floodfill)
+	{
+		auto msg = i2p::CreateRouterInfoDatabaseLookupMsg (m_Destination, 
+			i2p::context.GetRouterInfo ().GetIdentHash () , 0, false, &m_ExcludedPeers);
+		m_ExcludedPeers.insert (floodfill);
+		m_CreationTime = i2p::util::GetSecondsSinceEpoch ();
+		return msg;
+	}	
+
+	void RequestedDestination::ClearExcludedPeers ()
+	{
+		m_ExcludedPeers.clear ();
+	}	
+	
+	void RequestedDestination::Success (std::shared_ptr<RouterInfo> r)
+	{
+		if (m_RequestComplete)
+		{
+			m_RequestComplete (r);
+			m_RequestComplete = nullptr;
+		}
+	}
+
+	void RequestedDestination::Fail ()
+	{
+		if (m_RequestComplete)
+		{
+			m_RequestComplete (nullptr);
+			m_RequestComplete = nullptr;
+		}
+	}
+
+	void NetDbRequests::Start ()
+	{
+	}
+
+	void NetDbRequests::Stop ()
+	{
+		m_RequestedDestinations.clear ();
+	}
+
+
+	std::shared_ptr<RequestedDestination> NetDbRequests::CreateRequest (const IdentHash& destination, bool isExploratory, RequestedDestination::RequestComplete requestComplete)
+	{
+		// request RouterInfo directly
+		auto dest = std::make_shared<RequestedDestination> (destination, isExploratory); 
+		dest->SetRequestComplete (requestComplete);
+		{
+			std::unique_lock<std::mutex> l(m_RequestedDestinationsMutex);
+			if (!m_RequestedDestinations.insert (std::make_pair (destination, dest)).second) // not inserted
+				return nullptr; 
+		}
+		return dest;
+	}	
+
+	void NetDbRequests::RequestComplete (const IdentHash& ident, std::shared_ptr<RouterInfo> r)
+	{
+		std::shared_ptr<RequestedDestination> request;
+		{
+			std::unique_lock<std::mutex> l(m_RequestedDestinationsMutex);
+			auto it = m_RequestedDestinations.find (ident);
+			if (it != m_RequestedDestinations.end ())
+			{	
+				request = it->second;
+				m_RequestedDestinations.erase (it);
+			}	
+		}	
+		if (request)
+		{
+			if (r)
+				request->Success (r);
+			else
+				request->Fail ();
+		}	
+	}
+
+	std::shared_ptr<RequestedDestination> NetDbRequests::FindRequest (const IdentHash& ident) const
+	{
+		std::unique_lock<std::mutex> l(m_RequestedDestinationsMutex);
+		auto it = m_RequestedDestinations.find (ident);
+		if (it != m_RequestedDestinations.end ())
+			return it->second;
+		return nullptr;
+	}	
+
+	void NetDbRequests::ManageRequests ()
+	{
+		uint64_t ts = i2p::util::GetSecondsSinceEpoch ();	
+		std::unique_lock<std::mutex> l(m_RequestedDestinationsMutex);	
+		for (auto it = m_RequestedDestinations.begin (); it != m_RequestedDestinations.end ();)
+		{
+			auto& dest = it->second;
+			bool done = false;
+			if (ts < dest->GetCreationTime () + 60) // request is worthless after 1 minute
+			{
+				if (ts > dest->GetCreationTime () + 5) // no response for 5 seconds
+				{
+					auto count = dest->GetExcludedPeers ().size ();
+					if (!dest->IsExploratory () && count < 7)
+					{
+						auto pool = i2p::tunnel::tunnels.GetExploratoryPool ();
+						auto outbound = pool->GetNextOutboundTunnel ();
+						auto inbound = pool->GetNextInboundTunnel ();	
+						auto nextFloodfill = netdb.GetClosestFloodfill (dest->GetDestination (), dest->GetExcludedPeers ());
+						if (nextFloodfill && outbound && inbound)
+							outbound->SendTunnelDataMsg (nextFloodfill->GetIdentHash (), 0,
+								dest->CreateRequestMessage (nextFloodfill, inbound));
+						else
+						{
+							done = true;
+							if (!inbound) LogPrint (eLogWarning, "NetDbReq: No inbound tunnels");
+							if (!outbound) LogPrint (eLogWarning, "NetDbReq: No outbound tunnels");
+							if (!nextFloodfill) LogPrint (eLogWarning, "NetDbReq: No more floodfills");
+						}
+					}	
+					else
+					{
+						if (!dest->IsExploratory ())
+							LogPrint (eLogWarning, "NetDbReq: ", dest->GetDestination ().ToBase64 (), " not found after 7 attempts");
+						done = true;
+					}	 
+				}	
+			}	
+			else // delete obsolete request
+				done = true;
+
+			if (done)
+				it = m_RequestedDestinations.erase (it);
+			else
+				++it;
+		}	
+	}
+}
+}
+

NetDbRequests.h

@@ -0,0 +1,69 @@
+#ifndef NETDB_REQUESTS_H__
+#define NETDB_REQUESTS_H__
+
+#include <memory>
+#include <set>
+#include <map>
+#include "Identity.h"
+#include "RouterInfo.h"
+
+namespace i2p
+{
+namespace data
+{
+	class RequestedDestination
+	{	
+		public:
+
+			typedef std::function<void (std::shared_ptr<RouterInfo>)> RequestComplete;
+
+			RequestedDestination (const IdentHash& destination, bool isExploratory = false):
+				m_Destination (destination), m_IsExploratory (isExploratory), m_CreationTime (0) {};
+			~RequestedDestination () { if (m_RequestComplete) m_RequestComplete (nullptr); };			
+
+			const IdentHash& GetDestination () const { return m_Destination; };
+			int GetNumExcludedPeers () const { return m_ExcludedPeers.size (); };
+			const std::set<IdentHash>& GetExcludedPeers () { return m_ExcludedPeers; };
+			void ClearExcludedPeers ();
+			bool IsExploratory () const { return m_IsExploratory; };
+			bool IsExcluded (const IdentHash& ident) const { return m_ExcludedPeers.count (ident); };
+			uint64_t GetCreationTime () const { return m_CreationTime; };
+			std::shared_ptr<I2NPMessage> CreateRequestMessage (std::shared_ptr<const RouterInfo>, std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel);
+			std::shared_ptr<I2NPMessage> CreateRequestMessage (const IdentHash& floodfill);
+			
+			void SetRequestComplete (const RequestComplete& requestComplete) { m_RequestComplete = requestComplete; };
+			bool IsRequestComplete () const { return m_RequestComplete != nullptr; };
+			void Success (std::shared_ptr<RouterInfo> r);
+			void Fail ();
+			
+		private:
+
+			IdentHash m_Destination;
+			bool m_IsExploratory;
+			std::set<IdentHash> m_ExcludedPeers;
+			uint64_t m_CreationTime;
+			RequestComplete m_RequestComplete;
+	};	
+
+	class NetDbRequests
+	{
+		public:
+
+			void Start ();
+			void Stop ();
+
+			 std::shared_ptr<RequestedDestination> CreateRequest (const IdentHash& destination, bool isExploratory, RequestedDestination::RequestComplete requestComplete = nullptr);
+			void RequestComplete (const IdentHash& ident, std::shared_ptr<RouterInfo> r);
+			std::shared_ptr<RequestedDestination> FindRequest (const IdentHash& ident) const;
+			void ManageRequests ();
+
+		private:
+
+			mutable std::mutex m_RequestedDestinationsMutex;
+			std::map<IdentHash, std::shared_ptr<RequestedDestination> > m_RequestedDestinations;
+	};
+}
+}
+
+#endif
+

Profiling.cpp

@@ -0,0 +1,195 @@
+#include <sys/stat.h>
+#include <boost/property_tree/ptree.hpp>
+#include <boost/property_tree/ini_parser.hpp>
+#include "Base.h"
+#include "FS.h"
+#include "Log.h"
+#include "Profiling.h"
+
+namespace i2p
+{
+namespace data
+{
+	i2p::fs::HashedStorage m_ProfilesStorage("peerProfiles", "p", "profile-", "txt");
+
+	RouterProfile::RouterProfile ():
+		m_LastUpdateTime (boost::posix_time::second_clock::local_time()),
+		m_NumTunnelsAgreed (0), m_NumTunnelsDeclined (0), m_NumTunnelsNonReplied (0),
+		m_NumTimesTaken (0), m_NumTimesRejected (0) 
+	{
+	}
+
+	boost::posix_time::ptime RouterProfile::GetTime () const
+	{
+		return boost::posix_time::second_clock::local_time();
+	}	
+		
+	void RouterProfile::UpdateTime ()
+	{
+		m_LastUpdateTime = GetTime ();
+	}	
+		
+	void RouterProfile::Save (const IdentHash& identHash)
+	{
+		// fill sections
+		boost::property_tree::ptree participation;
+		participation.put (PEER_PROFILE_PARTICIPATION_AGREED, m_NumTunnelsAgreed);
+		participation.put (PEER_PROFILE_PARTICIPATION_DECLINED, m_NumTunnelsDeclined);
+		participation.put (PEER_PROFILE_PARTICIPATION_NON_REPLIED, m_NumTunnelsNonReplied);
+		boost::property_tree::ptree usage;
+		usage.put (PEER_PROFILE_USAGE_TAKEN, m_NumTimesTaken);
+		usage.put (PEER_PROFILE_USAGE_REJECTED, m_NumTimesRejected);
+		// fill property tree
+		boost::property_tree::ptree pt;
+		pt.put (PEER_PROFILE_LAST_UPDATE_TIME, boost::posix_time::to_simple_string (m_LastUpdateTime));
+		pt.put_child (PEER_PROFILE_SECTION_PARTICIPATION, participation);
+		pt.put_child (PEER_PROFILE_SECTION_USAGE, usage);
+
+		// save to file
+		std::string ident = identHash.ToBase64 ();
+		std::string path = m_ProfilesStorage.Path(ident);
+
+		try {
+			boost::property_tree::write_ini (path, pt);
+		} catch (std::exception& ex) {
+			/* boost exception verbose enough */
+			LogPrint (eLogError, "Profiling: ", ex.what ());
+		}
+	}
+
+	void RouterProfile::Load (const IdentHash& identHash)
+	{
+		std::string ident = identHash.ToBase64 ();
+		std::string path = m_ProfilesStorage.Path(ident);
+		boost::property_tree::ptree pt;
+
+		if (!i2p::fs::Exists(path)) 
+		{
+			LogPrint(eLogWarning, "Profiling: no profile yet for ", ident);
+			return;
+		}
+
+		try 
+		{
+			boost::property_tree::read_ini (path, pt);
+		} catch (std::exception& ex) 
+		{
+			/* boost exception verbose enough */
+			LogPrint (eLogError, "Profiling: ", ex.what ());
+			return;
+		}
+
+		try 
+		{
+			auto t = pt.get (PEER_PROFILE_LAST_UPDATE_TIME, "");
+			if (t.length () > 0)
+				m_LastUpdateTime = boost::posix_time::time_from_string (t);
+			if ((GetTime () - m_LastUpdateTime).hours () < PEER_PROFILE_EXPIRATION_TIMEOUT) 
+			{
+				try 
+				{	
+					// read participations
+					auto participations = pt.get_child (PEER_PROFILE_SECTION_PARTICIPATION);
+					m_NumTunnelsAgreed = participations.get (PEER_PROFILE_PARTICIPATION_AGREED, 0);
+					m_NumTunnelsDeclined = participations.get (PEER_PROFILE_PARTICIPATION_DECLINED, 0);
+					m_NumTunnelsNonReplied = participations.get (PEER_PROFILE_PARTICIPATION_NON_REPLIED, 0);
+				}	
+				catch (boost::property_tree::ptree_bad_path& ex) 
+				{
+					LogPrint (eLogWarning, "Profiling: Missing section ", PEER_PROFILE_SECTION_PARTICIPATION, " in profile for ", ident);
+				}	
+				try 
+				{
+					// read usage
+					auto usage = pt.get_child (PEER_PROFILE_SECTION_USAGE);
+					m_NumTimesTaken = usage.get (PEER_PROFILE_USAGE_TAKEN, 0);
+					m_NumTimesRejected = usage.get (PEER_PROFILE_USAGE_REJECTED, 0);
+				}	
+				catch (boost::property_tree::ptree_bad_path& ex) 
+				{
+					LogPrint (eLogWarning, "Missing section ", PEER_PROFILE_SECTION_USAGE, " in profile for ", ident);
+				}
+			} 
+			else 
+				*this = RouterProfile ();
+		} 
+		catch (std::exception& ex) 
+		{
+			LogPrint (eLogError, "Profiling: Can't read profile ", ident, " :", ex.what ());
+		}
+	}
+
+	void RouterProfile::TunnelBuildResponse (uint8_t ret)
+	{
+		UpdateTime ();
+		if (ret > 0)
+			m_NumTunnelsDeclined++;
+		else
+			m_NumTunnelsAgreed++;
+	}	
+
+	void RouterProfile::TunnelNonReplied ()
+	{
+		m_NumTunnelsNonReplied++;
+		UpdateTime ();
+	}	
+
+	bool RouterProfile::IsLowPartcipationRate () const
+	{
+		return 4*m_NumTunnelsAgreed < m_NumTunnelsDeclined; // < 20% rate
+	}	
+
+	bool RouterProfile::IsLowReplyRate () const
+	{
+		auto total = m_NumTunnelsAgreed + m_NumTunnelsDeclined;
+		return m_NumTunnelsNonReplied > 10*(total + 1);
+	}	
+		
+	bool RouterProfile::IsBad ()
+	{ 
+		auto isBad = IsAlwaysDeclining () || IsLowPartcipationRate () /*|| IsLowReplyRate ()*/;
+		if (isBad && m_NumTimesRejected > 10*(m_NumTimesTaken + 1)) 
+		{
+			// reset profile
+			m_NumTunnelsAgreed = 0;
+			m_NumTunnelsDeclined = 0;
+			m_NumTunnelsNonReplied = 0;
+			isBad = false;
+		}		
+		if (isBad) m_NumTimesRejected++; else m_NumTimesTaken++;
+		return isBad;	
+	}
+		
+	std::shared_ptr<RouterProfile> GetRouterProfile (const IdentHash& identHash)
+	{
+		auto profile = std::make_shared<RouterProfile> ();
+		profile->Load (identHash); // if possible
+		return profile;
+	}		
+
+	void InitProfilesStorage ()
+	{
+		m_ProfilesStorage.SetPlace(i2p::fs::GetDataDir());
+		m_ProfilesStorage.Init(i2p::data::GetBase64SubstitutionTable(), 64);
+	}
+
+	void DeleteObsoleteProfiles ()
+	{
+		struct stat st;
+		std::time_t now = std::time(nullptr);
+
+		std::vector<std::string> files;
+		m_ProfilesStorage.Traverse(files);
+		for (const auto& path: files) {
+			if (stat(path.c_str(), &st) != 0) {
+				LogPrint(eLogWarning, "Profiling: Can't stat(): ", path);
+				continue;
+			}
+			if (((now - st.st_mtime) / 3600) >= PEER_PROFILE_EXPIRATION_TIMEOUT) {
+				LogPrint(eLogDebug, "Profiling: removing expired peer profile: ", path);
+				i2p::fs::Remove(path);
+			}
+		}
+	}
+}		
+}	

Profiling.h

@@ -0,0 +1,67 @@
+#ifndef PROFILING_H__
+#define PROFILING_H__
+
+#include <memory>
+#include <boost/date_time/posix_time/posix_time.hpp>
+#include "Identity.h"
+
+namespace i2p
+{
+namespace data
+{	
+	// sections
+	const char PEER_PROFILE_SECTION_PARTICIPATION[] = "participation";
+	const char PEER_PROFILE_SECTION_USAGE[] = "usage";
+	// params	
+	const char PEER_PROFILE_LAST_UPDATE_TIME[] = "lastupdatetime";
+	const char PEER_PROFILE_PARTICIPATION_AGREED[] = "agreed";
+	const char PEER_PROFILE_PARTICIPATION_DECLINED[] = "declined";
+	const char PEER_PROFILE_PARTICIPATION_NON_REPLIED[] = "nonreplied";	
+	const char PEER_PROFILE_USAGE_TAKEN[] = "taken";
+	const char PEER_PROFILE_USAGE_REJECTED[] = "rejected";
+
+	const int PEER_PROFILE_EXPIRATION_TIMEOUT = 72; // in hours (3 days)
+	
+	class RouterProfile
+	{
+		public:
+
+			RouterProfile ();
+			RouterProfile& operator= (const RouterProfile& ) = default;
+			
+			void Save (const IdentHash& identHash);
+			void Load (const IdentHash& identHash);
+
+			bool IsBad ();
+			
+			void TunnelBuildResponse (uint8_t ret);
+			void TunnelNonReplied ();
+
+		private:
+
+			boost::posix_time::ptime GetTime () const;
+			void UpdateTime ();
+
+			bool IsAlwaysDeclining () const { return !m_NumTunnelsAgreed && m_NumTunnelsDeclined >= 5; };
+			bool IsLowPartcipationRate () const;
+			bool IsLowReplyRate () const;
+			
+		private:	
+
+			boost::posix_time::ptime m_LastUpdateTime;
+			// participation
+			uint32_t m_NumTunnelsAgreed;
+			uint32_t m_NumTunnelsDeclined;	
+			uint32_t m_NumTunnelsNonReplied;
+			// usage
+			uint32_t m_NumTimesTaken;
+			uint32_t m_NumTimesRejected;	
+	};	
+
+	std::shared_ptr<RouterProfile> GetRouterProfile (const IdentHash& identHash); 
+	void InitProfilesStorage ();
+	void DeleteObsoleteProfiles ();
+}		
+}	
+
+#endif

Queue.h

@@ -2,10 +2,12 @@
 #define QUEUE_H__
 
 #include <queue>
+#include <vector>
 #include <mutex>
 #include <thread>
 #include <condition_variable>
 #include <functional>
+#include <utility>
 
 namespace i2p
 {
@@ -16,17 +18,29 @@ namespace util
 	{	
 		public:
 
-			void Put (Element * e)
+			void Put (Element e)
 			{
 				std::unique_lock<std::mutex>  l(m_QueueMutex);
-				m_Queue.push (e);	
+				m_Queue.push (std::move(e));
 				m_NonEmpty.notify_one ();
 			}
 
-			Element * GetNext ()
+			template<template<typename, typename...>class Container, typename... R>
+			void Put (const Container<Element, R...>& vec)
+			{
+				if (!vec.empty ())
+				{	
+					std::unique_lock<std::mutex>  l(m_QueueMutex);
+					for (const auto& it: vec)
+						m_Queue.push (it);	
+					m_NonEmpty.notify_one ();
+				}	
+			}
+			
+			Element GetNext ()
 			{
 				std::unique_lock<std::mutex> l(m_QueueMutex);
-				Element * el = GetNonThreadSafe ();
+				auto el = GetNonThreadSafe ();
 				if (!el)
 				{
 					m_NonEmpty.wait (l);
@@ -35,10 +49,10 @@ namespace util
 				return el;
 			}
 
-			Element * GetNextWithTimeout (int usec)
+			Element GetNextWithTimeout (int usec)
 			{
 				std::unique_lock<std::mutex> l(m_QueueMutex);
-				Element * el = GetNonThreadSafe ();
+				auto el = GetNonThreadSafe ();
 				if (!el)
 				{
 					m_NonEmpty.wait_for (l, std::chrono::milliseconds (usec));
@@ -64,16 +78,22 @@ namespace util
 				std::unique_lock<std::mutex> l(m_QueueMutex);
 				return m_Queue.empty ();
 			}
-			
+
+			int GetSize () 
+			{
+				std::unique_lock<std::mutex> l(m_QueueMutex);
+				return m_Queue.size ();
+			}			
+
 			void WakeUp () { m_NonEmpty.notify_all (); };
 
-			Element * Get ()
+			Element Get ()
 			{
 				std::unique_lock<std::mutex> l(m_QueueMutex);
 				return GetNonThreadSafe ();
 			}	
 
-			Element * Peek ()
+			Element Peek ()
 			{
 				std::unique_lock<std::mutex> l(m_QueueMutex);
 				return GetNonThreadSafe (true);
@@ -81,11 +101,11 @@ namespace util
 			
 		private:
 
-			Element * GetNonThreadSafe (bool peek = false)
+			Element GetNonThreadSafe (bool peek = false)
 			{
 				if (!m_Queue.empty ())
 				{
-					Element * el = m_Queue.front ();
+					auto el = m_Queue.front ();
 					if (!peek)
 						m_Queue.pop ();
 					return el;
@@ -95,56 +115,10 @@ namespace util
 			
 		private:
 
-			std::queue<Element *> m_Queue;
+			std::queue<Element> m_Queue;
 			std::mutex m_QueueMutex;
 			std::condition_variable m_NonEmpty;
 	};	
-
-	template<class Msg>
-	class MsgQueue: public Queue<Msg>
-	{
-		public:
-
-			typedef std::function<void()> OnEmpty;
-
-			MsgQueue (): m_IsRunning (true), m_Thread (std::bind (&MsgQueue<Msg>::Run, this))  {};
-			~MsgQueue () { Stop (); };
-			void Stop()
-			{
-				if (m_IsRunning)
-				{
-					m_IsRunning = false;
-					Queue<Msg>::WakeUp ();					
-					m_Thread.join();
-				}
-			}
-
-			void SetOnEmpty (OnEmpty const & e) { m_OnEmpty = e; };
-
-		private:
-
-			void Run ()
-			{
-				while (m_IsRunning)
-				{
-					while (Msg * msg = Queue<Msg>::Get ())
-					{
-						msg->Process ();
-						delete msg;
-					}
-					if (m_OnEmpty != nullptr)
-						m_OnEmpty ();
-					if (m_IsRunning)
-						Queue<Msg>::Wait ();
-				}	
-			}	
-			
-		private:
-			
-			volatile bool m_IsRunning;
-			std::thread m_Thread;	
-			OnEmpty m_OnEmpty;
-	};	
 }		
 }	
 

README.md

@@ -1,71 +1,63 @@
 i2pd
 ====
 
-I2P router written in C++
+[Русская версия](https://github.com/PurpleI2P/i2pd_docs_ru/blob/master/README.md)
 
-Requirements for Linux/FreeBSD/OSX
-----------------------------------
+i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client.
 
-GCC 4.6 or newer, Boost 1.46 or newer, crypto++. Clang can be used instead of
-GCC.
+I2P (Invisible Internet Protocol) is a universal anonymous network layer. 
+All communications over I2P are anonymous and end-to-end encrypted, participants
+don't reveal their real IP addresses. 
 
-Requirements for Windows
-------------------------
+I2P client is a software used for building and using anonymous I2P 
+networks. Such networks are commonly used for anonymous peer-to-peer 
+applications (filesharing, cryptocurrencies) and anonymous client-server 
+applications (websites, instant messengers, chat-servers).
 
-VS2013 (known to work with 12.0.21005.1 or newer), Boost 1.46 or newer,
-crypto++ 5.62. See Win32/README-Build.txt for instructions on how to build i2pd
-and its dependencies.
+I2P allows people from all around the world to communicate and share information
+without restrictions.
 
-Build Statuses
----------------
+* [Website](http://i2pd.website)
+* [Documentation](https://i2pd.readthedocs.io/en/latest/)
+* [Wiki](https://github.com/PurpleI2P/i2pd/wiki)
+* [Tickets/Issues](https://github.com/PurpleI2P/i2pd/issues)
+* [Specifications](https://geti2p.net/spec)
+* [Twitter](https://twitter.com/hashtag/i2pd)
 
-- Linux x64      - [![Build Status](https://jenkins.nordcloud.no/buildStatus/icon?job=i2pd-linux)](https://jenkins.nordcloud.no/job/i2pd-linux/)
-- Linux ARM      - To be added
-- Mac OS X       - To be added
-- Microsoft VC13 - To be added
+Installing
+----------
 
+The easiest way to install i2pd is by using 
+[precompiled binaries](https://github.com/PurpleI2P/i2pd/releases/latest). 
+See [documentation](https://i2pd.readthedocs.io/en/latest/) for how to build 
+i2pd from source on your OS.
 
-Testing
+**Supported systems:**
+
+* Linux x86/x64  - [![Build Status](https://travis-ci.org/PurpleI2P/i2pd.svg?branch=openssl)](https://travis-ci.org/PurpleI2P/i2pd)  
+* Windows        - [![Build status](https://ci.appveyor.com/api/projects/status/1908qe4p48ff1x23?svg=true)](https://ci.appveyor.com/project/PurpleI2P/i2pd)  
+* Mac OS X
+* FreeBSD
+* Android 
+* iOS
+
+Using i2pd
+----------
+
+See [documentation](https://i2pd.readthedocs.io/en/latest/usage.html) and 
+[example config file](https://github.com/PurpleI2P/i2pd/blob/openssl/docs/i2pd.conf).
+
+Donations
+---------
+
+BTC: 1K7Ds6KUeR8ya287UC4rYTjvC96vXyZbDY  
+DASH: Xw8YUrQpYzP9tZBmbjqxS3M97Q7v3vJKUF  
+LTC: LKQirrYrDeTuAPnpYq5y7LVKtywfkkHi59  
+ANC: AQJYweYYUqM1nVfLqfoSMpUMfzxvS4Xd7z  
+DOGE: DNXLQKziRPAsD9H3DFNjk4fLQrdaSX893Y 
+
+License
 -------
 
-First, build it.
-
-* $ cd i2pd
-* $ make
-
-Next, find out your public ip. (find it for example at http://www.whatismyip.com/)
-
-Then, run it with:
-
-$ ./i2p --host=YOUR_PUBLIC_IP
-
-The client should now reseed by itself.
-
-To visit an I2P page, you need to find the b32 address of your destination.
-After that, go to the webconsole and add it behind the url. (Remove http:// from the address)
-
-This should resulting in for example:
-http://localhost:7070/4oes3rlgrpbkmzv4lqcfili23h3cvpwslqcfjlk6vvguxyggspwa.b32.i2p
-
-
-Options
--------
-
-* --host=               - The external IP
-* --port=               - The port to listen on
-* --httpport=           - The http port to listen on
-* --log=                - Enable or disable logging to file. 1 for yes, 0 for no.
-* --daemon=             - Enable or disable daemon mode. 1 for yes, 0 for no.
-* --service=            - 1 if uses system folders (/var/run/i2pd.pid, /var/log/i2pd.log, /var/lib/i2pd).
-* --unreachable=        - 1 if router is declared as unreachable and works through introducers.
-* --v6=                 - 1 if supports communication through ipv6, off by default
-* --httpproxyport=      - The port to listen on (HTTP Proxy)
-* --socksproxyport=     - The port to listen on (SOCKS Proxy)
-* --ircport=            - The local port of IRC tunnel to listen on. 6668 by default
-* --ircdest=            - I2P destination address of IRC server. For example irc.postman.i2p
-* --irckeys=            - optional keys file for local destination
-* --eepkeys=            - File name containing destination keys. For example privKeys.dat
-* --eephost=            - Address incoming trafic forward to. 127.0.0.1 by default
-* --eepport=            - Port incoming trafic forward to. 80 by default
-* --samport=            - Port of SAM bridge. Usually 7656. SAM is off if not specified
-
+This project is licensed under the BSD 3-clause license, which can be found in the file
+LICENSE in the root of the project source code.

Reseed.cpp

@@ -1,48 +1,29 @@
-#include <iostream>
+#include <string.h>
 #include <fstream>
-#include <boost/regex.hpp>
-#include <boost/filesystem.hpp>
-#include <cryptopp/gzip.h>
+#include <sstream>
+#include <boost/asio.hpp>
+#include <boost/asio/ssl.hpp> 
+#include <boost/algorithm/string.hpp>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <zlib.h>
+
+#include "Crypto.h"
 #include "I2PEndian.h"
 #include "Reseed.h"
+#include "FS.h"
 #include "Log.h"
+#include "Identity.h"
+#include "NetDb.h"
+#include "HTTP.h"
 #include "util.h"
-
+#include "Config.h"
 
 namespace i2p
 {
 namespace data
 {
-
-	static std::vector<std::string> httpReseedHostList = {
-				"http://193.150.121.66/netDb/",
-				"http://netdb.i2p2.no/",
-				"http://reseed.i2p-projekt.de/",
-				"http://cowpuncher.drollette.com/netdb/",
-				"http://i2p.mooo.com/netDb/",
-				"http://reseed.info/",
-				"http://uk.reseed.i2p2.no/",
-				"http://us.reseed.i2p2.no/",
-				"http://jp.reseed.i2p2.no/",
-				"http://i2p-netdb.innovatio.no/",
-				"http://ieb9oopo.mooo.com"
-			};
-
-	//TODO: Remember to add custom port support. Not all serves on 443
-	static std::vector<std::string> httpsReseedHostList = {
-				"https://193.150.121.66/netDb/",
-				"https://netdb.i2p2.no/",
-				"https://reseed.i2p-projekt.de/",
-				"https://cowpuncher.drollette.com/netdb/",
-				"https://i2p.mooo.com/netDb/",
-				"https://reseed.info/",
-				"https://i2p-netdb.innovatio.no/",
-				"https://ieb9oopo.mooo.com/",
-				"https://ssl.webpack.de/ivae2he9.sg4.e-plaza.de/" // Only HTTPS and SU3 (v2) support
-			};
-	
-	//TODO: Implement v2 reseeding. Lightweight zip library is needed.
-	//TODO: Implement SU3, utils.
+ 
 	Reseeder::Reseeder()
 	{
 	}
@@ -51,129 +32,536 @@ namespace data
 	{
 	}
 
-	bool Reseeder::reseedNow()
-	{
-		try
-		{
-			// Seems like the best place to try to intercept with SSL
-			/*ssl_server = true;
-			try {
-				// SSL
-			}
-			catch (std::exception& e)
-			{
-				LogPrint("Exception in SSL: ", e.what());
-			}*/
-			std::string reseedHost = httpReseedHostList[(rand() % httpReseedHostList.size())];
-			LogPrint("Reseeding from ", reseedHost);
-			std::string content = i2p::util::http::httpRequest(reseedHost);
-			if (content == "")
-			{
-				LogPrint("Reseed failed");
-				return false;
-			}
-			boost::regex e("<\\s*A\\s+[^>]*href\\s*=\\s*\"([^\"]*)\"", boost::regex::normal | boost::regbase::icase);
-			boost::sregex_token_iterator i(content.begin(), content.end(), e, 1);
-			boost::sregex_token_iterator j;
-			//TODO: Ugly code, try to clean up.
-			//TODO: Try to reduce N number of variables
-			std::string name;
-			std::string routerInfo;
-			std::string tmpUrl;
-			std::string filename;
-			std::string ignoreFileSuffix = ".su3";
-			boost::filesystem::path root = i2p::util::filesystem::GetDataDir();
-			while (i != j)
-			{
-				name = *i++;
-				if (name.find(ignoreFileSuffix)!=std::string::npos)
-					continue;
-				LogPrint("Downloading ", name);
-				tmpUrl = reseedHost;
-				tmpUrl.append(name);
-				routerInfo = i2p::util::http::httpRequest(tmpUrl);
-				if (routerInfo.size()==0)
-					continue;
-				filename = root.string();
-#ifndef _WIN32
-				filename += "/netDb/r";
-#else
-				filename += "\\netDb\\r";
-#endif
-				filename += name.at(11); // first char in id
-#ifndef _WIN32
-				filename.append("/");
-#else
-				filename.append("\\");
-#endif
-				filename.append(name.c_str());
-				std::ofstream outfile (filename, std::ios::binary);
-				outfile << routerInfo;
-				outfile.close();
-			}
-			return true;
-		}
-		catch (std::exception& ex)
-		{
-			//TODO: error reporting
-			return false;
-		}
-		return false;
-	}	
+        /** @brief tries to bootstrap into I2P network (from local files and servers, with respect of options)
+         */
+        void Reseeder::Bootstrap ()
+        {
+            std::string su3FileName; i2p::config::GetOption("reseed.file", su3FileName);
+            std::string zipFileName; i2p::config::GetOption("reseed.zipfile", zipFileName);
 
-	void ProcessSU3File (const char * filename)
-	{
-		static uint32_t headerSignature = htole32 (0x04044B50);
+            if (su3FileName.length() > 0) // bootstrap from SU3 file or URL
+            {
+                int num;
+                if (su3FileName.length() > 8 && su3FileName.substr(0, 8) == "https://")
+                {
+                    num = ReseedFromSU3Url (su3FileName); // from https URL
+                }
+                else
+                {
+                    num = ProcessSU3File (su3FileName.c_str ());
+                }
+                if (num == 0)
+                    LogPrint (eLogWarning, "Reseed: failed to reseed from ", su3FileName);
+            }
+            else if (zipFileName.length() > 0) // bootstrap from ZIP file
+            {
+                int num = ProcessZIPFile (zipFileName.c_str ());
+                if (num == 0)
+                    LogPrint (eLogWarning, "Reseed: failed to reseed from ", zipFileName);
+            }
+            else // bootstrap from reseed servers
+            {
+                int num = ReseedFromServers ();
+                if (num == 0)
+                    LogPrint (eLogWarning, "Reseed: failed to reseed from servers");
+            }
+        }
 
+        /** @brief bootstrap from random server, retry 10 times
+         *  @return number of entries added to netDb
+         */
+	int Reseeder::ReseedFromServers ()
+	{
+		std::string reseedURLs; i2p::config::GetOption("reseed.urls", reseedURLs);
+                std::vector<std::string> httpsReseedHostList;
+                boost::split(httpsReseedHostList, reseedURLs, boost::is_any_of(","), boost::token_compress_on);
+
+                if (reseedURLs.length () == 0)
+                {
+                    LogPrint (eLogWarning, "Reseed: No reseed servers specified");
+                    return 0;
+                }
+
+                int reseedRetries = 0;
+                while (reseedRetries < 10)
+                {
+                    auto ind = rand () % httpsReseedHostList.size ();
+                    std::string reseedUrl = httpsReseedHostList[ind] + "i2pseeds.su3";
+                    auto num = ReseedFromSU3Url (reseedUrl);
+                    if (num > 0) return num; // success
+                    reseedRetries++;
+                }
+                LogPrint (eLogWarning, "Reseed: failed to reseed from servers after 10 attempts");
+                return 0;
+	}
+
+        /** @brief bootstrap from HTTPS URL with SU3 file
+         *  @param url
+         *  @return number of entries added to netDb
+         */
+	int Reseeder::ReseedFromSU3Url (const std::string& url)
+	{
+		LogPrint (eLogInfo, "Reseed: Downloading SU3 from ", url);
+		std::string su3 = HttpsRequest (url);
+		if (su3.length () > 0)
+		{
+			std::stringstream s(su3);
+			return ProcessSU3Stream (s);
+		}
+		else
+		{
+			LogPrint (eLogWarning, "Reseed: SU3 download failed");
+			return 0;
+		}
+	}
+	
+	int Reseeder::ProcessSU3File (const char * filename)
+	{
+		std::ifstream s(filename, std::ifstream::binary);
+		if (s.is_open ())	
+			return ProcessSU3Stream (s);
+		else
+		{
+			LogPrint (eLogError, "Reseed: Can't open file ", filename);
+			return 0;
+		}
+	}
+
+	int Reseeder::ProcessZIPFile (const char * filename)
+	{
 		std::ifstream s(filename, std::ifstream::binary);
 		if (s.is_open ())	
 		{	
-			while (!s.eof ())
-			{
-				uint32_t signature;
-				s.read ((char *)&signature, 4);
-				if (signature == headerSignature)
-				{
-					// next local file
-					s.seekg (14, std::ios::cur); // skip field we don't care about
-					uint32_t compressedSize, uncompressedSize; 
-					s.read ((char *)&compressedSize, 4);	
-					compressedSize = le32toh (compressedSize);	
-					s.read ((char *)&uncompressedSize, 4);
-					uncompressedSize = le32toh (uncompressedSize);	
-					uint16_t fileNameLength, extraFieldLength; 
-					s.read ((char *)&fileNameLength, 2);	
-					fileNameLength = le32toh (fileNameLength);
-					s.read ((char *)&extraFieldLength, 2);
-					extraFieldLength = le32toh (extraFieldLength);
-					char localFileName[255];
-					s.read (localFileName, fileNameLength);
-					localFileName[fileNameLength] = 0;
-					s.seekg (extraFieldLength, std::ios::cur);
+			s.seekg (0, std::ios::end);
+			auto len = s.tellg ();
+			s.seekg (0, std::ios::beg);
+			return ProcessZIPStream (s, len);
+		}	
+		else
+		{
+			LogPrint (eLogError, "Reseed: Can't open file ", filename);
+			return 0;
+		}
+	}		
+	
+	const char SU3_MAGIC_NUMBER[]="I2Psu3";	
+	int Reseeder::ProcessSU3Stream (std::istream& s)
+	{
+		char magicNumber[7];
+		s.read (magicNumber, 7); // magic number and zero byte 6
+		if (strcmp (magicNumber, SU3_MAGIC_NUMBER))
+		{
+			LogPrint (eLogError, "Reseed: Unexpected SU3 magic number");
+			return 0;
+		}			
+		s.seekg (1, std::ios::cur); // su3 file format version
+		SigningKeyType signatureType;
+		s.read ((char *)&signatureType, 2);  // signature type
+		signatureType = be16toh (signatureType);
+		uint16_t signatureLength;
+		s.read ((char *)&signatureLength, 2);  // signature length
+		signatureLength = be16toh (signatureLength);
+		s.seekg (1, std::ios::cur); // unused
+		uint8_t versionLength;
+		s.read ((char *)&versionLength, 1);  // version length	
+		s.seekg (1, std::ios::cur); // unused
+		uint8_t signerIDLength;
+		s.read ((char *)&signerIDLength, 1);  // signer ID length	
+		uint64_t contentLength;
+		s.read ((char *)&contentLength, 8);  // content length	
+		contentLength = be64toh (contentLength);
+		s.seekg (1, std::ios::cur); // unused
+		uint8_t fileType;
+		s.read ((char *)&fileType, 1);  // file type	
+		if (fileType != 0x00) //  zip file
+		{
+			LogPrint (eLogError, "Reseed: Can't handle file type ", (int)fileType);
+			return 0;
+		}
+		s.seekg (1, std::ios::cur); // unused
+		uint8_t contentType;
+		s.read ((char *)&contentType, 1);  // content type	
+		if (contentType != 0x03) // reseed data
+		{
+			LogPrint (eLogError, "Reseed: Unexpected content type ", (int)contentType);
+			return 0;
+		}
+		s.seekg (12, std::ios::cur); // unused
 
-					uint8_t * compressed = new uint8_t[compressedSize];
-					s.read ((char *)compressed, compressedSize);
-					CryptoPP::Gunzip decompressor;
-					decompressor.Put (compressed, compressedSize);
-					delete[] compressed;	
-					if (decompressor.MaxRetrievable () <= uncompressedSize)
+		s.seekg (versionLength, std::ios::cur); // skip version
+		char signerID[256];
+		s.read (signerID, signerIDLength); // signerID
+		signerID[signerIDLength] = 0;
+		
+		bool verify; i2p::config::GetOption("reseed.verify", verify);
+		if (verify)
+		{ 
+			//try to verify signature
+			auto it = m_SigningKeys.find (signerID);
+			if (it != m_SigningKeys.end ())
+			{
+				// TODO: implement all signature types
+				if (signatureType == SIGNING_KEY_TYPE_RSA_SHA512_4096)
+				{
+					size_t pos = s.tellg ();
+					size_t tbsLen = pos + contentLength;
+					uint8_t * tbs = new uint8_t[tbsLen];
+					s.seekg (0, std::ios::beg);
+					s.read ((char *)tbs, tbsLen);
+					uint8_t * signature = new uint8_t[signatureLength];
+					s.read ((char *)signature, signatureLength);
+					// RSA-raw
 					{
-						uint8_t * uncompressed = new uint8_t[uncompressedSize];	
-						decompressor.Get (uncompressed, decompressor.MaxRetrievable ());	
-						// TODO: save file		
-						delete[] uncompressed;
-					}
-					else
-						LogPrint (eLogError, "Actual uncompressed size ", decompressor.MaxRetrievable (), " exceed ", uncompressedSize, " from header");
+						// calculate digest
+						uint8_t digest[64];
+						SHA512 (tbs, tbsLen, digest);
+						// encrypt signature
+						BN_CTX * bnctx = BN_CTX_new ();
+						BIGNUM * s = BN_new (), * n = BN_new ();
+						BN_bin2bn (signature, signatureLength, s);
+						BN_bin2bn (it->second, i2p::crypto::RSASHA5124096_KEY_LENGTH, n);
+						BN_mod_exp (s, s, i2p::crypto::GetRSAE (), n, bnctx); // s = s^e mod n 
+						uint8_t * enSigBuf = new uint8_t[signatureLength];
+						i2p::crypto::bn2buf (s, enSigBuf, signatureLength);
+						// digest is right aligned
+						// we can't use RSA_verify due wrong padding in SU3
+						if (memcmp (enSigBuf + (signatureLength - 64), digest, 64))
+							LogPrint (eLogWarning, "Reseed: SU3 signature verification failed");
+						else
+							verify = false; // verified
+						delete[] enSigBuf;
+						BN_free (s); BN_free (n);
+						BN_CTX_free (bnctx);
+					}	
+					
+					delete[] signature;
+					delete[] tbs;
+					s.seekg (pos, std::ios::beg);
 				}
 				else
-					break; // no more files
+					LogPrint (eLogWarning, "Reseed: Signature type ", signatureType, " is not supported");
 			}
+			else
+				LogPrint (eLogWarning, "Reseed: Certificate for ", signerID, " not loaded");
 		}
-		else
-			LogPrint (eLogError, "Can't open file ", filename);
+
+		if (verify) // not verified
+		{
+			LogPrint (eLogError, "Reseed: SU3 verification failed");
+			return 0;
+		}	
+
+		// handle content
+		return ProcessZIPStream (s, contentLength);
 	}
 
+	const uint32_t ZIP_HEADER_SIGNATURE = 0x04034B50;
+	const uint32_t ZIP_CENTRAL_DIRECTORY_HEADER_SIGNATURE = 0x02014B50;	
+	const uint16_t ZIP_BIT_FLAG_DATA_DESCRIPTOR = 0x0008;
+	int Reseeder::ProcessZIPStream (std::istream& s, uint64_t contentLength)
+	{	
+		int numFiles = 0;
+		size_t contentPos = s.tellg ();
+		while (!s.eof ())
+		{	
+			uint32_t signature;
+			s.read ((char *)&signature, 4);
+			signature = le32toh (signature);
+			if (signature == ZIP_HEADER_SIGNATURE)
+			{
+				// next local file
+				s.seekg (2, std::ios::cur); // version
+				uint16_t bitFlag;
+				s.read ((char *)&bitFlag, 2);	
+				bitFlag = le16toh (bitFlag);
+				uint16_t compressionMethod;
+				s.read ((char *)&compressionMethod, 2);	
+				compressionMethod = le16toh (compressionMethod);
+				s.seekg (4, std::ios::cur); // skip fields we don't care about
+				uint32_t compressedSize, uncompressedSize; 
+				uint32_t crc_32;
+				s.read ((char *)&crc_32, 4);
+				crc_32 = le32toh (crc_32);
+				s.read ((char *)&compressedSize, 4);	
+				compressedSize = le32toh (compressedSize);	
+				s.read ((char *)&uncompressedSize, 4);
+				uncompressedSize = le32toh (uncompressedSize);	
+				uint16_t fileNameLength, extraFieldLength; 
+				s.read ((char *)&fileNameLength, 2);	
+				fileNameLength = le16toh (fileNameLength);
+				if ( fileNameLength > 255 ) {
+					// too big
+					LogPrint(eLogError, "Reseed: SU3 fileNameLength too large: ", fileNameLength);
+					return numFiles;
+				}
+				s.read ((char *)&extraFieldLength, 2);
+				extraFieldLength = le16toh (extraFieldLength);
+				char localFileName[255];
+				s.read (localFileName, fileNameLength);
+				localFileName[fileNameLength] = 0;
+				s.seekg (extraFieldLength, std::ios::cur);
+				// take care about data desriptor if presented
+				if (bitFlag & ZIP_BIT_FLAG_DATA_DESCRIPTOR)
+				{
+					size_t pos = s.tellg ();
+					if (!FindZipDataDescriptor (s))
+					{
+						LogPrint (eLogError, "Reseed: SU3 archive data descriptor not found");
+						return numFiles;
+					}									
+					s.read ((char *)&crc_32, 4);	
+					crc_32 = le32toh (crc_32);
+					s.read ((char *)&compressedSize, 4);	
+					compressedSize = le32toh (compressedSize) + 4; // ??? we must consider signature as part of compressed data
+					s.read ((char *)&uncompressedSize, 4);
+					uncompressedSize = le32toh (uncompressedSize);	
+
+					// now we know compressed and uncompressed size
+					s.seekg (pos, std::ios::beg); // back to compressed data
+				}
+
+				LogPrint (eLogDebug, "Reseed: Proccessing file ", localFileName, " ", compressedSize, " bytes");
+				if (!compressedSize)
+				{
+					LogPrint (eLogWarning, "Reseed: Unexpected size 0. Skipped");
+					continue;
+				}	
+				
+				uint8_t * compressed = new uint8_t[compressedSize];
+				s.read ((char *)compressed, compressedSize);
+				if (compressionMethod) // we assume Deflate
+				{
+					z_stream inflator;
+					memset (&inflator, 0, sizeof (inflator));
+					inflateInit2 (&inflator, -MAX_WBITS); // no zlib header
+					uint8_t * uncompressed = new uint8_t[uncompressedSize];
+					inflator.next_in = compressed;
+					inflator.avail_in = compressedSize;
+					inflator.next_out = uncompressed;
+					inflator.avail_out = uncompressedSize; 
+					int err;
+					if ((err = inflate (&inflator, Z_SYNC_FLUSH)) >= 0)
+					{	
+						uncompressedSize -= inflator.avail_out;
+						if (crc32 (0, uncompressed, uncompressedSize) == crc_32)
+						{
+							i2p::data::netdb.AddRouterInfo (uncompressed, uncompressedSize);
+							numFiles++;
+						}	
+						else
+							LogPrint (eLogError, "Reseed: CRC32 verification failed");
+					}	
+					else
+						LogPrint (eLogError, "Reseed: SU3 decompression error ", err);
+					delete[] uncompressed;      
+					inflateEnd (&inflator);
+				}
+				else // no compression
+				{
+					i2p::data::netdb.AddRouterInfo (compressed, compressedSize);
+					numFiles++;
+				}	
+				delete[] compressed;
+				if (bitFlag & ZIP_BIT_FLAG_DATA_DESCRIPTOR)
+					s.seekg (12, std::ios::cur); // skip data descriptor section if presented (12 = 16 - 4)
+			}
+			else
+			{
+				if (signature != ZIP_CENTRAL_DIRECTORY_HEADER_SIGNATURE)
+					LogPrint (eLogWarning, "Reseed: Missing zip central directory header");
+				break; // no more files
+			}
+			size_t end = s.tellg ();
+			if (end - contentPos >= contentLength)
+				break; // we are beyond contentLength
+		}
+		if (numFiles) // check if  routers are not outdated
+		{
+			auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+			int numOutdated = 0;
+			i2p::data::netdb.VisitRouterInfos (
+				[&numOutdated, ts](std::shared_ptr<const RouterInfo> r)
+				{
+					if (r && ts > r->GetTimestamp () + 10*i2p::data::NETDB_MAX_EXPIRATION_TIMEOUT*1000LL) // 270 hours
+					{
+						LogPrint (eLogError, "Reseed: router ", r->GetIdentHash().ToBase64 (), " is outdated by ", (ts - r->GetTimestamp ())/1000LL/3600LL, " hours");
+						numOutdated++;
+					}
+				});
+			if (numOutdated > numFiles/2) // more than half
+			{
+				LogPrint (eLogError, "Reseed: mammoth's shit\n"
+				"	   *_____*\n"
+				"	  *_*****_*\n"
+				"	 *_(O)_(O)_*\n"
+				"	**____V____**\n"
+				"	**_________**\n"
+				"	**_________**\n"
+				"	 *_________*\n"
+				"	  ***___***");
+				i2p::data::netdb.ClearRouterInfos ();
+				numFiles = 0;
+			}
+		}
+		return numFiles;
+	}
+
+	const uint8_t ZIP_DATA_DESCRIPTOR_SIGNATURE[] = { 0x50, 0x4B, 0x07, 0x08 };	
+	bool Reseeder::FindZipDataDescriptor (std::istream& s)
+	{
+		size_t nextInd = 0;	
+		while (!s.eof ())
+		{
+			uint8_t nextByte;
+			s.read ((char *)&nextByte, 1);
+			if (nextByte == ZIP_DATA_DESCRIPTOR_SIGNATURE[nextInd])	
+			{
+				nextInd++;
+				if (nextInd >= sizeof (ZIP_DATA_DESCRIPTOR_SIGNATURE))
+					return true;
+			}
+			else
+				nextInd = 0;
+		}
+		return false;
+	}
+
+	void Reseeder::LoadCertificate (const std::string& filename)
+	{
+		SSL_CTX * ctx = SSL_CTX_new (TLS_method ());
+		int ret = SSL_CTX_use_certificate_file (ctx, filename.c_str (), SSL_FILETYPE_PEM); 
+		if (ret)
+		{	
+			SSL * ssl = SSL_new (ctx);
+			X509 * cert = SSL_get_certificate (ssl);
+			// verify
+			if (cert)
+			{	
+				// extract issuer name
+				char name[100];
+				X509_NAME_oneline (X509_get_issuer_name(cert), name, 100);
+				char * cn = strstr (name, "CN=");
+				if (cn)
+				{	
+					cn += 3;
+					char * terminator = strchr (cn, '/');
+					if (terminator) terminator[0] = 0;
+				}	
+				// extract RSA key (we need n only, e = 65537)
+				RSA * key = EVP_PKEY_get0_RSA (X509_get_pubkey (cert));
+				const BIGNUM * n, * e, * d;
+				RSA_get0_key(key, &n, &e, &d);
+				PublicKey value;
+				i2p::crypto::bn2buf (n, value, 512);
+				if (cn)
+					m_SigningKeys[cn] = value;
+				else
+					LogPrint (eLogError, "Reseed: Can't find CN field in ", filename);
+			}	
+			SSL_free (ssl);			
+		}	
+		else
+			LogPrint (eLogError, "Reseed: Can't open certificate file ", filename);
+		SSL_CTX_free (ctx);		
+	}
+
+	void Reseeder::LoadCertificates ()
+	{
+		std::string certDir = i2p::fs::DataDirPath("certificates", "reseed");
+		std::vector<std::string> files;
+		int numCertificates = 0;
+
+		if (!i2p::fs::ReadDir(certDir, files)) {
+			LogPrint(eLogWarning, "Reseed: Can't load reseed certificates from ", certDir);
+			return;
+		}
+
+		for (const std::string & file : files) {
+			if (file.compare(file.size() - 4, 4, ".crt") != 0) {
+				LogPrint(eLogWarning, "Reseed: ignoring file ", file);
+				continue;
+			}
+			LoadCertificate (file);
+			numCertificates++;
+		}	
+		LogPrint (eLogInfo, "Reseed: ", numCertificates, " certificates loaded");
+	}	
+
+	std::string Reseeder::HttpsRequest (const std::string& address)
+	{
+		i2p::http::URL url;
+		if (!url.parse(address)) {
+			LogPrint(eLogError, "Reseed: failed to parse url: ", address);
+			return "";
+		}
+		url.schema = "https";
+		if (!url.port)
+			url.port = 443;
+
+		boost::asio::io_service service;
+		boost::system::error_code ecode;
+		auto it = boost::asio::ip::tcp::resolver(service).resolve (
+			boost::asio::ip::tcp::resolver::query (url.host, std::to_string(url.port)), ecode);
+		if (!ecode)
+		{
+			boost::asio::ssl::context ctx(service, boost::asio::ssl::context::sslv23);
+			ctx.set_verify_mode(boost::asio::ssl::context::verify_none);
+			boost::asio::ssl::stream<boost::asio::ip::tcp::socket> s(service, ctx);
+			s.lowest_layer().connect (*it, ecode);
+			if (!ecode)
+			{
+				SSL_set_tlsext_host_name(s.native_handle(), url.host.c_str ());
+				s.handshake (boost::asio::ssl::stream_base::client, ecode);
+				if (!ecode)
+				{
+					LogPrint (eLogDebug, "Reseed: Connected to ", url.host, ":", url.port);
+					i2p::http::HTTPReq req;
+					req.uri = url.to_string();
+					req.AddHeader("User-Agent", "Wget/1.11.4");
+					req.AddHeader("Connection", "close");
+					s.write_some (boost::asio::buffer (req.to_string()));
+					// read response
+					std::stringstream rs;
+					char recv_buf[1024]; size_t l = 0;
+					do {
+						l = s.read_some (boost::asio::buffer (recv_buf, sizeof(recv_buf)), ecode);
+						if (l) rs.write (recv_buf, l);
+					} while (!ecode && l);
+					// process response
+					std::string data = rs.str();
+					i2p::http::HTTPRes res;
+					int len = res.parse(data);
+					if (len <= 0) {
+						LogPrint(eLogWarning, "Reseed: incomplete/broken response from ", url.host);
+						return "";
+					}
+					if (res.code != 200) {
+						LogPrint(eLogError, "Reseed: failed to reseed from ", url.host, ", http code ", res.code);
+						return "";
+					}
+					data.erase(0, len); /* drop http headers from response */
+					LogPrint(eLogDebug, "Reseed: got ", data.length(), " bytes of data from ", url.host);
+					if (res.is_chunked()) {
+						std::stringstream in(data), out;
+						if (!i2p::http::MergeChunkedResponse(in, out)) {
+							LogPrint(eLogWarning, "Reseed: failed to merge chunked response from ", url.host);
+							return "";
+						}
+						LogPrint(eLogDebug, "Reseed: got ", data.length(), "(", out.tellg(), ") bytes of data from ", url.host);
+						data = out.str();
+					}
+					return data;
+				}
+				else
+					LogPrint (eLogError, "Reseed: SSL handshake failed: ", ecode.message ());
+			}
+			else
+				LogPrint (eLogError, "Reseed: Couldn't connect to ", url.host, ": ", ecode.message ());
+		}
+		else
+			LogPrint (eLogError, "Reseed: Couldn't resolve address ", url.host, ": ", ecode.message ());
+		return "";
+	}	
 }
 }
 

Reseed.h

@@ -1,8 +1,12 @@
 #ifndef RESEED_H
 #define RESEED_H
 
+#include <iostream>
 #include <string>
 #include <vector>
+#include <map>
+#include "Identity.h"
+#include "Crypto.h"
 
 namespace i2p
 {
@@ -11,13 +15,35 @@ namespace data
 
 	class Reseeder
 	{
+		typedef Tag<512> PublicKey;	
+		
 		public:
+		
 			Reseeder();
 			~Reseeder();
-			bool reseedNow();
-	};
+                        void Bootstrap ();
+			int ReseedFromServers ();
+			int ReseedFromSU3Url (const std::string& url);
+			int ProcessSU3File (const char * filename);
+			int ProcessZIPFile (const char * filename);
 
-	void ProcessSU3File (const char * filename);	
+			void LoadCertificates ();
+			
+		private:
+
+			void LoadCertificate (const std::string& filename);
+						
+			int ProcessSU3Stream (std::istream& s);	
+			int ProcessZIPStream (std::istream& s, uint64_t contentLength);	
+			
+			bool FindZipDataDescriptor (std::istream& s);
+			
+			std::string HttpsRequest (const std::string& address);
+
+		private:	
+
+			std::map<std::string, PublicKey> m_SigningKeys;
+	};
 }
 }
 

RouterContext.cpp

@@ -1,24 +1,31 @@
 #include <fstream>
-#include <cryptopp/dh.h>
-#include <cryptopp/dsa.h>
-#include "CryptoConst.h"
-#include "RouterContext.h"
+#include "Config.h"
+#include "Crypto.h"
 #include "Timestamp.h"
 #include "I2NPProtocol.h"
+#include "NetDb.h"
+#include "FS.h"
 #include "util.h"
 #include "version.h"
+#include "Log.h"
+#include "Family.h"
+#include "RouterContext.h"
 
 namespace i2p
 {
 	RouterContext context;
 
 	RouterContext::RouterContext ():
-		m_LastUpdateTime (0), m_IsUnreachable (false), m_AcceptsTunnels (true)
+		m_LastUpdateTime (0), m_AcceptsTunnels (true), m_IsFloodfill (false), 
+		m_StartupTime (0), m_Status (eRouterStatusOK), m_Error (eRouterErrorNone),
+		m_NetID (I2PD_NET_ID)
 	{
 	}
 
 	void RouterContext::Init ()
 	{
+		srand (i2p::util::GetMillisecondsSinceEpoch () % 1000);
+		m_StartupTime = i2p::util::GetSecondsSinceEpoch ();
 		if (!Load ())
 			CreateNewRouter ();
 		UpdateRouterInfo ();
@@ -26,7 +33,11 @@ namespace i2p
 
 	void RouterContext::CreateNewRouter ()
 	{
-		m_Keys = i2p::data::CreateRandomKeys ();
+#if defined(__x86_64__) || defined(__i386__) || defined(_MSC_VER)			
+		m_Keys = i2p::data::PrivateKeys::CreateRandomKeys (i2p::data::SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519);
+#else
+		m_Keys = i2p::data::PrivateKeys::CreateRandomKeys (i2p::data::SIGNING_KEY_TYPE_DSA_SHA1);
+#endif		
 		SaveKeys ();
 		NewRouterInfo ();
 	}
@@ -35,36 +46,89 @@ namespace i2p
 	{
 		i2p::data::RouterInfo routerInfo;
 		routerInfo.SetRouterIdentity (GetIdentity ());
-		int port = i2p::util::config::GetArg("-port", 0);
+		uint16_t port; i2p::config::GetOption("port", port);
 		if (!port)
-			port = m_Rnd.GenerateWord32 (9111, 30777); // I2P network ports range
-		routerInfo.AddSSUAddress (i2p::util::config::GetCharArg("-host", "127.0.0.1"), port, routerInfo.GetIdentHash ());
-		routerInfo.AddNTCPAddress (i2p::util::config::GetCharArg("-host", "127.0.0.1"), port);
+			port = rand () % (30777 - 9111) + 9111; // I2P network ports range
+		bool ipv4; i2p::config::GetOption("ipv4", ipv4);
+		bool ipv6; i2p::config::GetOption("ipv6", ipv6);
+		bool nat;  i2p::config::GetOption("nat", nat);
+		std::string ifname; i2p::config::GetOption("ifname", ifname);
+		std::string ifname4; i2p::config::GetOption("ifname4", ifname4);
+		std::string ifname6; i2p::config::GetOption("ifname6", ifname6);
+		if (ipv4)
+		{
+			std::string host = "127.0.0.1";
+			if (!i2p::config::IsDefault("host"))
+				i2p::config::GetOption("host", host);
+			else if (!nat && !ifname.empty())
+				/* bind to interface, we have no NAT so set external address too */
+				host = i2p::util::net::GetInterfaceAddress(ifname, false).to_string(); // v4
+
+			if(ifname4.size())
+				host = i2p::util::net::GetInterfaceAddress(ifname4, false).to_string();
+
+			routerInfo.AddSSUAddress (host.c_str(), port, routerInfo.GetIdentHash ());
+			routerInfo.AddNTCPAddress (host.c_str(), port);
+		}
+		if (ipv6)
+		{
+			std::string host = "::";
+			if (!i2p::config::IsDefault("host") && !ipv4) // override if v6 only
+				i2p::config::GetOption("host", host);
+			else if (!ifname.empty()) 
+				host = i2p::util::net::GetInterfaceAddress(ifname, true).to_string(); // v6
+
+			if(ifname6.size())
+				host = i2p::util::net::GetInterfaceAddress(ifname6, true).to_string();
+
+			routerInfo.AddSSUAddress (host.c_str(), port, routerInfo.GetIdentHash ());
+			routerInfo.AddNTCPAddress (host.c_str(), port);
+		}
+		
 		routerInfo.SetCaps (i2p::data::RouterInfo::eReachable | 
 			i2p::data::RouterInfo::eSSUTesting | i2p::data::RouterInfo::eSSUIntroducer); // LR, BC
-		routerInfo.SetProperty ("coreVersion", I2P_VERSION);
-		routerInfo.SetProperty ("netId", "2");
+        routerInfo.SetProperty ("netId", std::to_string (m_NetID));
 		routerInfo.SetProperty ("router.version", I2P_VERSION);
-		routerInfo.SetProperty ("stat_uptime", "90m");
 		routerInfo.CreateBuffer (m_Keys);
+		m_RouterInfo.SetRouterIdentity (GetIdentity ());
 		m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
 	}
 
 	void RouterContext::UpdateRouterInfo ()
 	{
 		m_RouterInfo.CreateBuffer (m_Keys);
-		m_RouterInfo.SaveToFile (i2p::util::filesystem::GetFullPath (ROUTER_INFO));
+		m_RouterInfo.SaveToFile (i2p::fs::DataDirPath (ROUTER_INFO));
 		m_LastUpdateTime = i2p::util::GetSecondsSinceEpoch ();
 	}	
 
+	void RouterContext::SetStatus (RouterStatus status) 
+	{ 
+		if (status != m_Status)
+		{	
+			m_Status = status;
+			m_Error = eRouterErrorNone;
+			switch (m_Status)
+			{	
+				case eRouterStatusOK:
+					SetReachable ();
+				break;
+				case eRouterStatusFirewalled:
+					SetUnreachable ();
+				break;	
+				default:
+					;
+			}
+		}	
+	}
+		
 	void RouterContext::UpdatePort (int port)
 	{
 		bool updated = false;
 		for (auto& address : m_RouterInfo.GetAddresses ())
 		{
-			if (address.port != port)
+			if (address->port != port)
 			{	
-				address.port = port;
+				address->port = port;
 				updated = true;
 			}	
 		}	
@@ -77,9 +141,9 @@ namespace i2p
 		bool updated = false;
 		for (auto& address : m_RouterInfo.GetAddresses ())
 		{
-			if (address.host != host && address.IsCompatible (host))
+			if (address->host != host && address->IsCompatible (host))
 			{	
-				address.host = host;
+				address->host = host;
 				updated = true;
 			}	
 		}	
@@ -88,16 +152,11 @@ namespace i2p
 			UpdateRouterInfo ();
 	}
 
-	bool RouterContext::AddIntroducer (const i2p::data::RouterInfo& routerInfo, uint32_t tag)
+	bool RouterContext::AddIntroducer (const i2p::data::RouterInfo::Introducer& introducer)
 	{
-		bool ret = false;
-		auto address = routerInfo.GetSSUAddress ();
-		if (address)
-		{	
-			ret = m_RouterInfo.AddIntroducer (address, tag);
-			if (ret)
-				UpdateRouterInfo ();
-		}	
+		bool ret = m_RouterInfo.AddIntroducer (introducer);
+		if (ret)
+			UpdateRouterInfo ();	
 		return ret;
 	}	
 
@@ -107,29 +166,152 @@ namespace i2p
 			UpdateRouterInfo ();
 	}	
 	
+	void RouterContext::SetFloodfill (bool floodfill)
+	{
+		m_IsFloodfill = floodfill;
+		if (floodfill)
+			m_RouterInfo.SetCaps (m_RouterInfo.GetCaps () | i2p::data::RouterInfo::eFloodfill);
+		else
+		{
+			m_RouterInfo.SetCaps (m_RouterInfo.GetCaps () & ~i2p::data::RouterInfo::eFloodfill);
+			// we don't publish number of routers and leaseset for non-floodfill
+			m_RouterInfo.DeleteProperty (i2p::data::ROUTER_INFO_PROPERTY_LEASESETS);
+			m_RouterInfo.DeleteProperty (i2p::data::ROUTER_INFO_PROPERTY_ROUTERS);
+		}
+		UpdateRouterInfo ();
+	}
+
+	std::string RouterContext::GetFamily () const
+	{
+		return m_RouterInfo.GetProperty (i2p::data::ROUTER_INFO_PROPERTY_FAMILY);
+	}
+
+	void RouterContext::SetFamily (const std::string& family)
+	{
+		std::string signature;
+		if (family.length () > 0)
+			signature = i2p::data::CreateFamilySignature (family, GetIdentHash ());
+		if (signature.length () > 0)
+		{
+			m_RouterInfo.SetProperty (i2p::data::ROUTER_INFO_PROPERTY_FAMILY, family);
+			m_RouterInfo.SetProperty (i2p::data::ROUTER_INFO_PROPERTY_FAMILY_SIG, signature);
+		}	
+		else
+		{
+			m_RouterInfo.DeleteProperty (i2p::data::ROUTER_INFO_PROPERTY_FAMILY);
+			m_RouterInfo.DeleteProperty (i2p::data::ROUTER_INFO_PROPERTY_FAMILY_SIG);
+		}	
+	}	
+
+	void RouterContext::SetBandwidth (char L) {
+		uint16_t limit = 0;
+		enum { low, high, extra, unlim } type = high;
+		/* detect parameters */
+		switch (L) 
+		{
+			case i2p::data::CAPS_FLAG_LOW_BANDWIDTH1   : limit =   12; type = low;   break;
+			case i2p::data::CAPS_FLAG_LOW_BANDWIDTH2   : limit =   48; type = low;   break;
+			case i2p::data::CAPS_FLAG_HIGH_BANDWIDTH1  : limit =   64; type = high;  break;
+			case i2p::data::CAPS_FLAG_HIGH_BANDWIDTH2  : limit =  128; type = high;  break;
+			case i2p::data::CAPS_FLAG_HIGH_BANDWIDTH3  : limit =  256; type = high;  break;
+			case i2p::data::CAPS_FLAG_EXTRA_BANDWIDTH1 : limit = 2048; type = extra; break;
+			case i2p::data::CAPS_FLAG_EXTRA_BANDWIDTH2 : limit = 9999; type = unlim; break;
+			default:
+				 limit =  48; type = low;
+		}
+		/* update caps & flags in RI */
+		auto caps = m_RouterInfo.GetCaps ();
+		caps &= ~i2p::data::RouterInfo::eHighBandwidth;
+		caps &= ~i2p::data::RouterInfo::eExtraBandwidth;
+		switch (type) 
+		{
+			case low   : /* not set */; break;
+			case extra : caps |= i2p::data::RouterInfo::eExtraBandwidth; break; // 'P'
+			case unlim : caps |= i2p::data::RouterInfo::eExtraBandwidth; //  no break here, extra + high means 'X'
+			case high  : caps |= i2p::data::RouterInfo::eHighBandwidth;  break;
+		}
+		m_RouterInfo.SetCaps (caps);
+		UpdateRouterInfo ();
+		m_BandwidthLimit = limit;
+	}
+
+	void RouterContext::SetBandwidth (int limit) 
+	{
+		if      (limit > 2000) { SetBandwidth('X'); }
+		else if (limit >  256) { SetBandwidth('P'); }
+		else if (limit >  128) { SetBandwidth('O'); }
+		else if (limit >   64) { SetBandwidth('N'); }
+		else if (limit >   48) { SetBandwidth('M'); }
+		else if (limit >   12) { SetBandwidth('L'); }
+		else                   { SetBandwidth('K'); }
+	}
+
+	bool RouterContext::IsUnreachable () const
+	{
+		return m_RouterInfo.GetCaps () & i2p::data::RouterInfo::eUnreachable;
+	}	
+		
 	void RouterContext::SetUnreachable ()
 	{
-		m_IsUnreachable = true;	
 		// set caps
-		m_RouterInfo.SetCaps (i2p::data::RouterInfo::eUnreachable | i2p::data::RouterInfo::eSSUTesting); // LU, B
+		uint8_t caps = m_RouterInfo.GetCaps ();
+		caps &= ~i2p::data::RouterInfo::eReachable;
+		caps |= i2p::data::RouterInfo::eUnreachable;
+		caps &= ~i2p::data::RouterInfo::eFloodfill;	// can't be floodfill
+		caps &= ~i2p::data::RouterInfo::eSSUIntroducer; // can't be introducer
+		m_RouterInfo.SetCaps (caps); 
 		// remove NTCP address
 		auto& addresses = m_RouterInfo.GetAddresses ();
-		for (size_t i = 0; i < addresses.size (); i++)
+		for (auto it = addresses.begin (); it != addresses.end (); ++it)
 		{
-			if (addresses[i].transportStyle == i2p::data::RouterInfo::eTransportNTCP)
+			if ((*it)->transportStyle == i2p::data::RouterInfo::eTransportNTCP &&
+				(*it)->host.is_v4 ())
 			{
-				addresses.erase (addresses.begin () + i);
+				addresses.erase (it);
 				break;
 			}
 		}	
 		// delete previous introducers
-		for (auto& addr : addresses)
-			addr.introducers.clear ();
-		
+		for (auto& addr : addresses)	
+			if (addr->ssu)
+				addr->ssu->introducers.clear ();
+	
 		// update
 		UpdateRouterInfo ();
 	}
 
+	void RouterContext::SetReachable ()
+	{
+		// update caps
+		uint8_t caps = m_RouterInfo.GetCaps ();
+		caps &= ~i2p::data::RouterInfo::eUnreachable;
+		caps |= i2p::data::RouterInfo::eReachable;
+		caps |= i2p::data::RouterInfo::eSSUIntroducer;
+		if (m_IsFloodfill)
+			caps |= i2p::data::RouterInfo::eFloodfill;
+		m_RouterInfo.SetCaps (caps);
+		
+		// insert NTCP back
+		auto& addresses = m_RouterInfo.GetAddresses ();
+		for (const auto& addr : addresses)
+		{
+			if (addr->transportStyle == i2p::data::RouterInfo::eTransportSSU &&
+				addr->host.is_v4 ())
+			{
+				// insert NTCP address with host/port from SSU
+				m_RouterInfo.AddNTCPAddress (addr->host.to_string ().c_str (), addr->port);
+				break;
+			}
+		}		
+		// delete previous introducers
+		for (auto& addr : addresses)
+			if (addr->ssu)
+				addr->ssu->introducers.clear ();
+		
+		// update
+		UpdateRouterInfo ();
+	}	
+		
 	void RouterContext::SetSupportsV6 (bool supportsV6)
 	{
 		if (supportsV6)
@@ -137,26 +319,36 @@ namespace i2p
 		else
 			m_RouterInfo.DisableV6 ();
 		UpdateRouterInfo ();
-	}	
+	}
+  	
+	void RouterContext::SetSupportsV4 (bool supportsV4)
+	{
+		if (supportsV4)
+			m_RouterInfo.EnableV4 ();
+		else
+			m_RouterInfo.DisableV4 ();
+		UpdateRouterInfo ();
+	}
+  
 
 	void RouterContext::UpdateNTCPV6Address (const boost::asio::ip::address& host)
 	{
 		bool updated = false, found = false;	
 		int port = 0;
 		auto& addresses = m_RouterInfo.GetAddresses ();
-		for (auto& addr : addresses)
+		for (auto& addr: addresses)
 		{
-			if (addr.host.is_v6 () && addr.transportStyle == i2p::data::RouterInfo::eTransportNTCP)
+			if (addr->host.is_v6 () && addr->transportStyle == i2p::data::RouterInfo::eTransportNTCP)
 			{
-				if (addr.host != host)
+				if (addr->host != host)
 				{
-					addr.host = host;
+					addr->host = host;
 					updated = true;
 				}
 				found = true;	
 			}	
 			else
-				port = addr.port;	
+				port = addr->port;	
 		}	
 		if (!found)
 		{
@@ -165,8 +357,11 @@ namespace i2p
 			auto mtu = i2p::util::net::GetMTU (host);
 			if (mtu)
 			{	
-				LogPrint ("Our v6 MTU=", mtu);
-				if (mtu > 1472) mtu = 1472; 
+				LogPrint (eLogDebug, "Router: Our v6 MTU=", mtu);
+				if (mtu > 1472) { // TODO: magic constant
+					mtu = 1472;
+					LogPrint(eLogWarning, "Router: MTU dropped to upper limit of 1472 bytes");
+				}
 			}	
 			m_RouterInfo.AddSSUAddress (host.to_string ().c_str (), port, GetIdentHash (), mtu ? mtu : 1472); // TODO
 			updated = true;
@@ -174,38 +369,105 @@ namespace i2p
 		if (updated)
 			UpdateRouterInfo ();
 	}
+
+	void RouterContext::UpdateStats ()
+	{
+		if (m_IsFloodfill)
+		{
+			// update routers and leasesets
+			m_RouterInfo.SetProperty (i2p::data::ROUTER_INFO_PROPERTY_LEASESETS, std::to_string(i2p::data::netdb.GetNumLeaseSets ()));
+			m_RouterInfo.SetProperty (i2p::data::ROUTER_INFO_PROPERTY_ROUTERS,   std::to_string(i2p::data::netdb.GetNumRouters ()));
+			UpdateRouterInfo (); 
+		}
+	}
 		
 	bool RouterContext::Load ()
 	{
-		std::ifstream fk (i2p::util::filesystem::GetFullPath (ROUTER_KEYS).c_str (), std::ifstream::binary | std::ofstream::in);
+		std::ifstream fk (i2p::fs::DataDirPath (ROUTER_KEYS), std::ifstream::in | std::ifstream::binary);
 		if (!fk.is_open ())	return false;
-		
-		i2p::data::Keys keys;	
-		fk.read ((char *)&keys, sizeof (keys));
-		m_Keys = keys;
+		fk.seekg (0, std::ios::end);
+		size_t len = fk.tellg();
+		fk.seekg (0, std::ios::beg);		
 
-		i2p::data::RouterInfo routerInfo(i2p::util::filesystem::GetFullPath (ROUTER_INFO)); // TODO
-		m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
-		m_RouterInfo.SetProperty ("coreVersion", I2P_VERSION);
-		m_RouterInfo.SetProperty ("router.version", I2P_VERSION);
+		if (len == sizeof (i2p::data::Keys)) // old keys file format
+		{
+			i2p::data::Keys keys;	
+			fk.read ((char *)&keys, sizeof (keys));
+			m_Keys = keys;
+		}
+		else // new keys file format
+		{
+			uint8_t * buf = new uint8_t[len];
+			fk.read ((char *)buf, len);
+			m_Keys.FromBuffer (buf, len);
+			delete[] buf;
+		}
+
+		m_RouterInfo.SetRouterIdentity (GetIdentity ());
+		i2p::data::RouterInfo routerInfo(i2p::fs::DataDirPath (ROUTER_INFO)); 
+		if (!routerInfo.IsUnreachable ()) // router.info looks good
+		{
+			m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
+			m_RouterInfo.SetProperty ("coreVersion", I2P_VERSION);
+			m_RouterInfo.SetProperty ("router.version", I2P_VERSION);
+
+			// Migration to 0.9.24. TODO: remove later
+			m_RouterInfo.DeleteProperty ("coreVersion");
+			m_RouterInfo.DeleteProperty ("stat_uptime");
+		}
+		else
+		{
+			LogPrint (eLogError, ROUTER_INFO, " is malformed. Creating new");
+			NewRouterInfo ();
+		}			
+
+		if (IsUnreachable ())
+			SetReachable (); // we assume reachable until we discover firewall through peer tests
 		
 		return true;
 	}
 
 	void RouterContext::SaveKeys ()
 	{	
-		std::ofstream fk (i2p::util::filesystem::GetFullPath (ROUTER_KEYS).c_str (), std::ofstream::binary | std::ofstream::out);
-		i2p::data::Keys keys;
-		memcpy (keys.privateKey, m_Keys.GetPrivateKey (), sizeof (keys.privateKey));
-		memcpy (keys.signingPrivateKey, m_Keys.GetSigningPrivateKey (), sizeof (keys.signingPrivateKey));
-		auto& ident = GetIdentity ().GetStandardIdentity ();	
-		memcpy (keys.publicKey, ident.publicKey, sizeof (keys.publicKey));
-		memcpy (keys.signingKey, ident.signingKey, sizeof (keys.signingKey));
-		fk.write ((char *)&keys, sizeof (keys));	
+		// save in the same format as .dat files
+		std::ofstream fk (i2p::fs::DataDirPath (ROUTER_KEYS), std::ofstream::binary | std::ofstream::out);
+		size_t len = m_Keys.GetFullLen ();
+		uint8_t * buf = new uint8_t[len];
+		m_Keys.ToBuffer (buf, len);
+		fk.write ((char *)buf, len);
+		delete[] buf;
 	}
 
-	void RouterContext::HandleI2NPMessage (const uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from)
+	std::shared_ptr<i2p::tunnel::TunnelPool> RouterContext::GetTunnelPool () const
+	{
+		return i2p::tunnel::tunnels.GetExploratoryPool (); 
+	}	
+		
+	void RouterContext::HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from)
 	{
 		i2p::HandleI2NPMessage (CreateI2NPMessage (buf, GetI2NPMessageLength (buf), from));
+	}
+
+	void RouterContext::ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg)
+	{
+		std::unique_lock<std::mutex> l(m_GarlicMutex);
+		i2p::garlic::GarlicDestination::ProcessGarlicMessage (msg);
+	}	
+			
+	void RouterContext::ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg)
+	{
+		std::unique_lock<std::mutex> l(m_GarlicMutex);
+		i2p::garlic::GarlicDestination::ProcessDeliveryStatusMessage (msg);
+	}	
+
+	void RouterContext::CleanupDestination ()
+	{
+		std::unique_lock<std::mutex> l(m_GarlicMutex);
+		i2p::garlic::GarlicDestination::CleanupExpiredTags ();
+	}
+		
+	uint32_t RouterContext::GetUptime () const
+	{
+		return i2p::util::GetSecondsSinceEpoch () - m_StartupTime;
 	}	
 }

RouterContext.h

@@ -4,9 +4,8 @@
 #include <inttypes.h>
 #include <string>
 #include <memory>
+#include <mutex>
 #include <boost/asio.hpp>
-#include <cryptopp/dsa.h>
-#include <cryptopp/osrng.h>
 #include "Identity.h"
 #include "RouterInfo.h"
 #include "Garlic.h"
@@ -16,6 +15,20 @@ namespace i2p
 	const char ROUTER_INFO[] = "router.info";
 	const char ROUTER_KEYS[] = "router.keys";	
 	const int ROUTER_INFO_UPDATE_INTERVAL = 1800; // 30 minutes
+
+	enum RouterStatus
+	{
+		eRouterStatusOK = 0,
+		eRouterStatusTesting = 1,
+		eRouterStatusFirewalled = 2,
+		eRouterStatusError = 3 
+	};	
+
+	enum RouterError
+	{
+		eRouterErrorNone = 0,
+		eRouterErrorClockSkew = 1
+	};	
 	
 	class RouterContext: public i2p::garlic::GarlicDestination 
 	{
@@ -24,35 +37,69 @@ namespace i2p
 			RouterContext ();
 			void Init ();
 
+			const i2p::data::PrivateKeys& GetPrivateKeys () const { return m_Keys; };
 			i2p::data::RouterInfo& GetRouterInfo () { return m_RouterInfo; };
 			std::shared_ptr<const i2p::data::RouterInfo> GetSharedRouterInfo () const 
 			{ 
 				return std::shared_ptr<const i2p::data::RouterInfo> (&m_RouterInfo, 
 					[](const i2p::data::RouterInfo *) {});
 			}
-			CryptoPP::RandomNumberGenerator& GetRandomNumberGenerator () { return m_Rnd; };	
+			std::shared_ptr<i2p::garlic::GarlicDestination> GetSharedDestination () 
+			{
+				return std::shared_ptr<i2p::garlic::GarlicDestination> (this, 
+					[](i2p::garlic::GarlicDestination *) {});
+			}
+
+			uint32_t GetUptime () const;
+			uint32_t GetStartupTime () const { return m_StartupTime; };
+			uint64_t GetLastUpdateTime () const { return m_LastUpdateTime; };
+			uint64_t GetBandwidthLimit () const { return m_BandwidthLimit; };
+			RouterStatus GetStatus () const { return m_Status; };
+			void SetStatus (RouterStatus status);
+			RouterError GetError () const { return m_Error; };
+			void SetError (RouterError error) { m_Status = eRouterStatusError; m_Error = error; };
+			int GetNetID () const { return m_NetID; };
+			void SetNetID (int netID) { m_NetID = netID; };			
 
 			void UpdatePort (int port); // called from Daemon
 			void UpdateAddress (const boost::asio::ip::address& host);	// called from SSU or Daemon
-			bool AddIntroducer (const i2p::data::RouterInfo& routerInfo, uint32_t tag);
+			bool AddIntroducer (const i2p::data::RouterInfo::Introducer& introducer);
 			void RemoveIntroducer (const boost::asio::ip::udp::endpoint& e);
-			bool IsUnreachable () const { return m_IsUnreachable; };
-			void SetUnreachable ();				
+			bool IsUnreachable () const;
+			void SetUnreachable ();		
+			void SetReachable ();
+			bool IsFloodfill () const { return m_IsFloodfill; };	
+			void SetFloodfill (bool floodfill);	
+			void SetFamily (const std::string& family);
+			std::string GetFamily () const;
+			void SetBandwidth (int limit); /* in kilobytes */
+			void SetBandwidth (char L); /* by letter */
 			bool AcceptsTunnels () const { return m_AcceptsTunnels; };
 			void SetAcceptsTunnels (bool acceptsTunnels) { m_AcceptsTunnels = acceptsTunnels; };
 			bool SupportsV6 () const { return m_RouterInfo.IsV6 (); };
+			bool SupportsV4 () const { return m_RouterInfo.IsV4 (); };
 			void SetSupportsV6 (bool supportsV6);
-			void UpdateNTCPV6Address (const boost::asio::ip::address& host); // called from NTCP session				
+			void SetSupportsV4 (bool supportsV4);
+
+			void UpdateNTCPV6Address (const boost::asio::ip::address& host); // called from NTCP session		
+			void UpdateStats ();	
+			void CleanupDestination ();	// garlic destination
 
 			// implements LocalDestination
-			const i2p::data::PrivateKeys& GetPrivateKeys () const { return m_Keys; };
+			std::shared_ptr<const i2p::data::IdentityEx> GetIdentity () const { return m_Keys.GetPublic (); };
 			const uint8_t * GetEncryptionPrivateKey () const { return m_Keys.GetPrivateKey (); };
-			const uint8_t * GetEncryptionPublicKey () const { return GetIdentity ().GetStandardIdentity ().publicKey; };
+			const uint8_t * GetEncryptionPublicKey () const { return GetIdentity ()->GetStandardIdentity ().publicKey; };
+			void Sign (const uint8_t * buf, int len, uint8_t * signature) const { m_Keys.Sign (buf, len, signature); }; 
 			void SetLeaseSetUpdated () {};
 
 			// implements GarlicDestination
-			const i2p::data::LeaseSet * GetLeaseSet () { return nullptr; };
-			void HandleI2NPMessage (const uint8_t * buf, size_t len, i2p::tunnel::InboundTunnel * from);
+			std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSet () { return nullptr; };
+			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () const;
+			void HandleI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
+
+			// override GarlicDestination
+			void ProcessGarlicMessage (std::shared_ptr<I2NPMessage> msg);
+			void ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);	
 			
 		private:
 
@@ -66,9 +113,14 @@ namespace i2p
 
 			i2p::data::RouterInfo m_RouterInfo;
 			i2p::data::PrivateKeys m_Keys; 
-			CryptoPP::AutoSeededRandomPool m_Rnd;
 			uint64_t m_LastUpdateTime;
-			bool m_IsUnreachable, m_AcceptsTunnels;
+			bool m_AcceptsTunnels, m_IsFloodfill;
+			uint64_t m_StartupTime; // in seconds since epoch
+			uint32_t m_BandwidthLimit; // allowed bandwidth
+			RouterStatus m_Status;
+			RouterError m_Error;
+			int m_NetID;
+			std::mutex m_GarlicMutex;
 	};
 
 	extern RouterContext context;

RouterInfo.cpp

@@ -3,24 +3,33 @@
 #include "I2PEndian.h"
 #include <fstream>
 #include <boost/lexical_cast.hpp>
-#include <cryptopp/sha.h>
-#include <cryptopp/dsa.h>
-#include "CryptoConst.h"
-#include "base64.h"
+#include <boost/make_shared.hpp>
+#if (BOOST_VERSION >= 105300)
+#include <boost/atomic.hpp>
+#endif
+#include "version.h"
+#include "Crypto.h"
+#include "Base.h"
 #include "Timestamp.h"
 #include "Log.h"
-#include "RouterInfo.h"
+#include "NetDb.h"
 #include "RouterContext.h"
-
+#include "RouterInfo.h"
 
 namespace i2p
 {
 namespace data
 {		
+	RouterInfo::RouterInfo (): m_Buffer (nullptr) 
+	{ 
+		m_Addresses = boost::make_shared<Addresses>(); // create empty list
+	}
+	
 	RouterInfo::RouterInfo (const std::string& fullPath):
 		m_FullPath (fullPath), m_IsUpdated (false), m_IsUnreachable (false), 
 		m_SupportedTransports (0), m_Caps (0)
 	{
+		m_Addresses = boost::make_shared<Addresses>(); // create empty list
 		m_Buffer = new uint8_t[MAX_RI_BUFFER_SIZE];
 		ReadFromFile ();
 	}	
@@ -28,6 +37,7 @@ namespace data
 	RouterInfo::RouterInfo (const uint8_t * buf, int len):
 		m_IsUpdated (true), m_IsUnreachable (false), m_SupportedTransports (0), m_Caps (0)
 	{
+		m_Addresses = boost::make_shared<Addresses>(); // create empty list
 		m_Buffer = new uint8_t[MAX_RI_BUFFER_SIZE];
 		memcpy (m_Buffer, buf, len);
 		m_BufferLen = len;
@@ -36,26 +46,42 @@ namespace data
 
 	RouterInfo::~RouterInfo ()
 	{
-		delete m_Buffer;
+		delete[] m_Buffer;
 	}	
 		
 	void RouterInfo::Update (const uint8_t * buf, int len)
 	{
-		if (!m_Buffer)	
-			m_Buffer = new uint8_t[MAX_RI_BUFFER_SIZE];
-		m_IsUpdated = true;
-		m_IsUnreachable = false;
-		m_SupportedTransports = 0;
-		m_Caps = 0;
-		m_Addresses.clear ();
-		m_Properties.clear ();
-		memcpy (m_Buffer, buf, len);
-		m_BufferLen = len;
-		ReadFromBuffer (true);
-		// don't delete buffer until save to file
+		// verify signature since we have indentity already
+		int l = len - m_RouterIdentity->GetSignatureLen ();
+		if (m_RouterIdentity->Verify (buf, l, buf + l))
+		{
+			// clean up
+			m_IsUpdated = true;
+			m_IsUnreachable = false;
+			m_SupportedTransports = 0;
+			m_Caps = 0;
+			// don't clean up m_Addresses, it will be replaced in ReadFromStream
+			m_Properties.clear ();
+			// copy buffer
+			if (!m_Buffer)	
+				m_Buffer = new uint8_t[MAX_RI_BUFFER_SIZE];
+			memcpy (m_Buffer, buf, len);
+			m_BufferLen = len;
+			// skip identity
+			size_t identityLen = m_RouterIdentity->GetFullLen ();
+			// read new RI	
+			std::stringstream str (std::string ((char *)m_Buffer + identityLen, m_BufferLen - identityLen));
+			ReadFromStream (str);
+			// don't delete buffer until saved to the file
+		}
+		else
+		{	
+			LogPrint (eLogError, "RouterInfo: signature verification failed");
+			m_IsUnreachable = true;
+		}
 	}	
 		
-	void RouterInfo::SetRouterIdentity (const IdentityEx& identity)
+	void RouterInfo::SetRouterIdentity (std::shared_ptr<const IdentityEx> identity)
 	{	
 		m_RouterIdentity = identity;
 		m_Timestamp = i2p::util::GetMillisecondsSinceEpoch ();
@@ -63,14 +89,14 @@ namespace data
 	
 	bool RouterInfo::LoadFile ()
 	{
-		std::ifstream s(m_FullPath.c_str (), std::ifstream::binary);
+		std::ifstream s(m_FullPath, std::ifstream::binary);
 		if (s.is_open ())	
 		{	
 			s.seekg (0,std::ios::end);
 			m_BufferLen = s.tellg ();
-			if (m_BufferLen < 40)
+			if (m_BufferLen < 40 || m_BufferLen > MAX_RI_BUFFER_SIZE)
 			{
-				LogPrint(eLogError, "File", m_FullPath, " is malformed");
+				LogPrint(eLogError, "RouterInfo: File", m_FullPath, " is malformed");
 				return false;
 			}
 			s.seekg(0, std::ios::beg);
@@ -80,7 +106,7 @@ namespace data
 		}	
 		else
 		{
-			LogPrint (eLogError, "Can't open file ", m_FullPath);
+			LogPrint (eLogError, "RouterInfo: Can't open file ", m_FullPath);
 			return false;		
 		}
 		return true;
@@ -90,20 +116,42 @@ namespace data
 	{
 		if (LoadFile ())
 			ReadFromBuffer (false); 
+		else
+			m_IsUnreachable = true;	
 	}	
 
 	void RouterInfo::ReadFromBuffer (bool verifySignature)
 	{
-		size_t identityLen = m_RouterIdentity.FromBuffer (m_Buffer, m_BufferLen);
-		std::stringstream str (std::string ((char *)m_Buffer + identityLen, m_BufferLen - identityLen));
-		ReadFromStream (str);
+		m_RouterIdentity = std::make_shared<IdentityEx>(m_Buffer, m_BufferLen);
+		size_t identityLen = m_RouterIdentity->GetFullLen ();
+		if (identityLen >= m_BufferLen)
+		{
+			LogPrint (eLogError, "RouterInfo: identity length ", identityLen, " exceeds buffer size ", m_BufferLen);
+			m_IsUnreachable = true;
+			return;
+		}
 		if (verifySignature)
 		{	
 			// verify signature
-			int l = m_BufferLen - m_RouterIdentity.GetSignatureLen ();
-			if (!m_RouterIdentity.Verify ((uint8_t *)m_Buffer, l, (uint8_t *)m_Buffer + l))	
-				LogPrint (eLogError, "signature verification failed");
+			int l = m_BufferLen - m_RouterIdentity->GetSignatureLen ();	
+			if (l < 0 || !m_RouterIdentity->Verify ((uint8_t *)m_Buffer, l, (uint8_t *)m_Buffer + l))
+			{	
+				LogPrint (eLogError, "RouterInfo: signature verification failed");
+				m_IsUnreachable = true;
+				return;
+			}
+			m_RouterIdentity->DropVerifier ();
 		}	
+		// parse RI
+		std::stringstream str;
+		str.write ((const char *)m_Buffer + identityLen, m_BufferLen - identityLen);
+		ReadFromStream (str);
+		if (!str)
+		{
+			LogPrint (eLogError, "RouterInfo: malformed message");
+			m_IsUnreachable = true;
+		}
+		
 	}	
 	
 	void RouterInfo::ReadFromStream (std::istream& s)
@@ -111,60 +159,83 @@ namespace data
 		s.read ((char *)&m_Timestamp, sizeof (m_Timestamp));
 		m_Timestamp = be64toh (m_Timestamp);
 		// read addresses
+		auto addresses = boost::make_shared<Addresses>(); 
 		uint8_t numAddresses;
-		s.read ((char *)&numAddresses, sizeof (numAddresses));
+		s.read ((char *)&numAddresses, sizeof (numAddresses)); if (!s) return;	
 		bool introducers = false;
 		for (int i = 0; i < numAddresses; i++)
 		{
+			uint8_t supportedTransports = 0;
 			bool isValidAddress = true;
-			Address address;
-			s.read ((char *)&address.cost, sizeof (address.cost));
-			s.read ((char *)&address.date, sizeof (address.date));
+			auto address = std::make_shared<Address>();
+			s.read ((char *)&address->cost, sizeof (address->cost));
+			s.read ((char *)&address->date, sizeof (address->date));
 			char transportStyle[5];
-			ReadString (transportStyle, s);
+			ReadString (transportStyle, 5, s);
 			if (!strcmp (transportStyle, "NTCP"))
-				address.transportStyle = eTransportNTCP;
+				address->transportStyle = eTransportNTCP;
 			else if (!strcmp (transportStyle, "SSU"))
-				address.transportStyle = eTransportSSU;
+			{	
+				address->transportStyle = eTransportSSU;
+				address->ssu.reset (new SSUExt ());
+				address->ssu->mtu = 0;
+			}	
 			else
-				address.transportStyle = eTransportUnknown;
-			address.port = 0;
-			address.mtu = 0;
+				address->transportStyle = eTransportUnknown;
+			address->port = 0;
 			uint16_t size, r = 0;
-			s.read ((char *)&size, sizeof (size));
+			s.read ((char *)&size, sizeof (size)); if (!s) return;
 			size = be16toh (size);
 			while (r < size)
 			{
-				char key[500], value[500];
-				r += ReadString (key, s);
+				char key[255], value[255];
+				r += ReadString (key, 255, s);
 				s.seekg (1, std::ios_base::cur); r++; // =
-				r += ReadString (value, s); 
+				r += ReadString (value, 255, s); 
 				s.seekg (1, std::ios_base::cur); r++; // ;
+				if (!s) return;
 				if (!strcmp (key, "host"))
 				{	
 					boost::system::error_code ecode;
-					address.host = boost::asio::ip::address::from_string (value, ecode);
+					address->host = boost::asio::ip::address::from_string (value, ecode);
 					if (ecode)
 					{	
-						// TODO: we should try to resolve address here
-						LogPrint (eLogWarning, "Unexpected address ", value);
-						isValidAddress = false;
+						if (address->transportStyle == eTransportNTCP)
+						{
+							supportedTransports |= eNTCPV4; // TODO:
+							address->addressString = value;
+						}
+						else
+						{	
+							supportedTransports |= eSSUV4; // TODO:
+							address->addressString = value;
+						}	
 					}	
 					else
 					{
 						// add supported protocol
-						if (address.host.is_v4 ())
-							m_SupportedTransports |= (address.transportStyle == eTransportNTCP) ? eNTCPV4 : eSSUV4;	
+						if (address->host.is_v4 ())
+							supportedTransports |= (address->transportStyle == eTransportNTCP) ? eNTCPV4 : eSSUV4;	
 						else
-							m_SupportedTransports |= (address.transportStyle == eTransportNTCP) ? eNTCPV6 : eSSUV6;
+							supportedTransports |= (address->transportStyle == eTransportNTCP) ? eNTCPV6 : eSSUV6;
  					}	
 				}	
 				else if (!strcmp (key, "port"))
-					address.port = boost::lexical_cast<int>(value);
+					address->port = boost::lexical_cast<int>(value);
 				else if (!strcmp (key, "mtu"))
-					address.mtu = boost::lexical_cast<int>(value);
+				{
+					if (address->ssu)
+						address->ssu->mtu = boost::lexical_cast<int>(value);
+					else
+						LogPrint (eLogWarning, "RouterInfo: Unexpected field 'mtu' for NTCP");
+				}	
 				else if (!strcmp (key, "key"))
-					Base64ToByteStream (value, strlen (value), address.key, 32);
+				{	
+					if (address->ssu)
+						Base64ToByteStream (value, strlen (value), address->ssu->key, 32);
+					else
+						LogPrint (eLogWarning, "RouterInfo: Unexpected field 'key' for NTCP");
+				}	
 				else if (!strcmp (key, "caps"))
 					ExtractCaps (value);
 				else if (key[0] == 'i')
@@ -174,9 +245,14 @@ namespace data
 					size_t l = strlen(key); 	
 					unsigned char index = key[l-1] - '0'; // TODO:
 					key[l-1] = 0;
-					if (index >= address.introducers.size ())
-						address.introducers.resize (index + 1); 
-					Introducer& introducer = address.introducers.at (index);
+					if (index > 9)
+					{
+						LogPrint (eLogError, "RouterInfo: Unexpected introducer's index ", index, " skipped");
+						if (s) continue; else return;
+					}
+					if (index >= address->ssu->introducers.size ())
+						address->ssu->introducers.resize (index + 1); 
+					Introducer& introducer = address->ssu->introducers.at (index);
 					if (!strcmp (key, "ihost"))
 					{
 						boost::system::error_code ecode;
@@ -189,41 +265,71 @@ namespace data
 					else if (!strcmp (key, "ikey"))
 						Base64ToByteStream (value, strlen (value), introducer.iKey, 32);
 				}
+				if (!s) return;
 			}	
 			if (isValidAddress)
-				m_Addresses.push_back(address);
+			{
+				addresses->push_back(address);
+				m_SupportedTransports |= supportedTransports;
+			}
 		}	
+#if (BOOST_VERSION >= 105300)		
+		boost::atomic_store (&m_Addresses, addresses);
+#else
+		m_Addresses = addresses; // race condition
+#endif		
 		// read peers
 		uint8_t numPeers;
-		s.read ((char *)&numPeers, sizeof (numPeers));
+		s.read ((char *)&numPeers, sizeof (numPeers)); if (!s) return;
 		s.seekg (numPeers*32, std::ios_base::cur); // TODO: read peers
 		// read properties
 		uint16_t size, r = 0;
-		s.read ((char *)&size, sizeof (size));
+		s.read ((char *)&size, sizeof (size)); if (!s) return;
 		size = be16toh (size);
 		while (r < size)
 		{
-#ifdef _WIN32			
-			char key[500], value[500];
-			// TODO: investigate why properties get read as one long string under Windows
-			// length should not be more than 44
-#else
-			char key[50], value[50];
-#endif			
-			r += ReadString (key, s);
+			char key[255], value[255];		
+			r += ReadString (key, 255, s);
 			s.seekg (1, std::ios_base::cur); r++; // =
-			r += ReadString (value, s); 
+			r += ReadString (value, 255, s); 
 			s.seekg (1, std::ios_base::cur); r++; // ;
+			if (!s) return;
 			m_Properties[key] = value;
 			
 			// extract caps	
 			if (!strcmp (key, "caps"))
 				ExtractCaps (value);
+			// check netId
+			else if (!strcmp (key, ROUTER_INFO_PROPERTY_NETID) && atoi (value) != i2p::context.GetNetID ())
+			{
+				LogPrint (eLogError, "RouterInfo: Unexpected ", ROUTER_INFO_PROPERTY_NETID, "=", value);
+				m_IsUnreachable = true;		
+			}	
+			// family
+			else if (!strcmp (key, ROUTER_INFO_PROPERTY_FAMILY))
+			{
+				m_Family = value;
+				boost::to_lower (m_Family);
+			}
+			else if (!strcmp (key, ROUTER_INFO_PROPERTY_FAMILY_SIG))
+			{
+				if (!netdb.GetFamilies ().VerifyFamily (m_Family, GetIdentHash (), value))
+				{
+					LogPrint (eLogWarning, "RouterInfo: family signature verification failed");
+					m_Family.clear ();
+				}
+			}				
+
+			if (!s) return;
 		}		
 
-		if (!m_SupportedTransports || !m_Addresses.size() || (UsesIntroducer () && !introducers))
+		if (!m_SupportedTransports || !m_Addresses->size() || (UsesIntroducer () && !introducers))
 			SetUnreachable (true);
-	}	
+	}
+
+  bool RouterInfo::IsFamily(const std::string & fam) const {
+    return m_Family == fam;
+  }
 
 	void RouterInfo::ExtractCaps (const char * value)
 	{
@@ -240,6 +346,10 @@ namespace data
 				case CAPS_FLAG_HIGH_BANDWIDTH3:
 					m_Caps |= Caps::eHighBandwidth;
 				break;
+				case CAPS_FLAG_EXTRA_BANDWIDTH1:
+				case CAPS_FLAG_EXTRA_BANDWIDTH2:
+					m_Caps |= Caps::eExtraBandwidth;
+				break;	
 				case CAPS_FLAG_HIDDEN:
 					m_Caps |= Caps::eHidden;
 				break;	
@@ -264,27 +374,44 @@ namespace data
 	void RouterInfo::UpdateCapsProperty ()
 	{	
 		std::string caps;
-		caps += (m_Caps & eHighBandwidth) ? CAPS_FLAG_HIGH_BANDWIDTH1 : CAPS_FLAG_LOW_BANDWIDTH2; // bandwidth
-		if (m_Caps & eFloodfill) caps += CAPS_FLAG_FLOODFILL; // floodfill
+		if (m_Caps & eFloodfill) 
+		{
+			if (m_Caps & eExtraBandwidth) caps += (m_Caps & eHighBandwidth) ?
+				CAPS_FLAG_EXTRA_BANDWIDTH2 : // 'X'
+				CAPS_FLAG_EXTRA_BANDWIDTH1; // 'P'
+			caps += CAPS_FLAG_HIGH_BANDWIDTH3; // 'O'
+			caps += CAPS_FLAG_FLOODFILL; // floodfill  
+		} 
+		else 
+		{
+			if (m_Caps & eExtraBandwidth) 
+			{	
+				caps += (m_Caps & eHighBandwidth) ? CAPS_FLAG_EXTRA_BANDWIDTH2 /* 'X' */ : CAPS_FLAG_EXTRA_BANDWIDTH1; /*'P' */
+				caps += CAPS_FLAG_HIGH_BANDWIDTH3; // 'O'
+			}
+			else	
+				caps += (m_Caps & eHighBandwidth) ? CAPS_FLAG_HIGH_BANDWIDTH3 /* 'O' */: CAPS_FLAG_LOW_BANDWIDTH2 /* 'L' */; // bandwidth	
+		}	
 		if (m_Caps & eHidden) caps += CAPS_FLAG_HIDDEN; // hidden
 		if (m_Caps & eReachable) caps += CAPS_FLAG_REACHABLE; // reachable
 		if (m_Caps & eUnreachable) caps += CAPS_FLAG_UNREACHABLE; // unreachable
 
-		SetProperty ("caps", caps.c_str ());
+		SetProperty ("caps", caps);
 	}
 		
-	void RouterInfo::WriteToStream (std::ostream& s)
+	void RouterInfo::WriteToStream (std::ostream& s) const
 	{
 		uint64_t ts = htobe64 (m_Timestamp);
-		s.write ((char *)&ts, sizeof (ts));
+		s.write ((const char *)&ts, sizeof (ts));
 
 		// addresses
-		uint8_t numAddresses = m_Addresses.size ();
+		uint8_t numAddresses = m_Addresses->size ();
 		s.write ((char *)&numAddresses, sizeof (numAddresses));
-		for (auto& address : m_Addresses)
+		for (const auto& addr_ptr : *m_Addresses)
 		{
-			s.write ((char *)&address.cost, sizeof (address.cost));
-			s.write ((char *)&address.date, sizeof (address.date));
+			const Address& address = *addr_ptr;
+			s.write ((const char *)&address.cost, sizeof (address.cost));
+			s.write ((const char *)&address.date, sizeof (address.date));
 			std::stringstream properties;
 			if (address.transportStyle == eTransportNTCP)
 				WriteString ("NTCP", s);
@@ -310,10 +437,10 @@ namespace data
 			if (address.transportStyle == eTransportSSU)
 			{
 				// write introducers if any
-				if (address.introducers.size () > 0)
+				if (address.ssu->introducers.size () > 0)
 				{	
 					int i = 0;
-					for (auto introducer: address.introducers)
+					for (const auto& introducer: address.ssu->introducers)
 					{
 						WriteString ("ihost" + boost::lexical_cast<std::string>(i), properties);
 						properties << '=';
@@ -322,7 +449,7 @@ namespace data
 						i++;
 					}	
 					i = 0;
-					for (auto introducer: address.introducers)
+					for (const auto& introducer: address.ssu->introducers)
 					{
 						WriteString ("ikey" + boost::lexical_cast<std::string>(i), properties);
 						properties << '=';
@@ -334,7 +461,7 @@ namespace data
 						i++;
 					}	
 					i = 0;
-					for (auto introducer: address.introducers)
+					for (const auto& introducer: address.ssu->introducers)
 					{
 						WriteString ("iport" + boost::lexical_cast<std::string>(i), properties);
 						properties << '=';
@@ -343,7 +470,7 @@ namespace data
 						i++;
 					}	
 					i = 0;
-					for (auto introducer: address.introducers)
+					for (const auto& introducer: address.ssu->introducers)
 					{
 						WriteString ("itag" + boost::lexical_cast<std::string>(i), properties);
 						properties << '=';
@@ -356,16 +483,16 @@ namespace data
 				WriteString ("key", properties);
 				properties << '=';
 				char value[64];
-				size_t l = ByteStreamToBase64 (address.key, 32, value, 64);
+				size_t l = ByteStreamToBase64 (address.ssu->key, 32, value, 64);
 				value[l] = 0;
 				WriteString (value, properties);
 				properties << ';';
 				// write mtu
-				if (address.mtu)
+				if (address.ssu->mtu)
 				{
 					WriteString ("mtu", properties);
 					properties << '=';
-					WriteString (boost::lexical_cast<std::string>(address.mtu), properties);
+					WriteString (boost::lexical_cast<std::string>(address.ssu->mtu), properties);
 					properties << ';';
 				}	
 			}	
@@ -385,7 +512,7 @@ namespace data
 
 		// properties
 		std::stringstream properties;
-		for (auto& p : m_Properties)
+		for (const auto& p : m_Properties)
 		{
 			WriteString (p.first, properties);
 			properties << '=';
@@ -397,12 +524,20 @@ namespace data
 		s.write (properties.str ().c_str (), properties.str ().size ());
 	}	
 
+	bool RouterInfo::IsNewer (const uint8_t * buf, size_t len) const
+	{
+		if (!m_RouterIdentity) return false;
+		size_t size = m_RouterIdentity->GetFullLen ();
+		if (size + 8 > len) return false;
+		return bufbe64toh (buf + size) > m_Timestamp; 
+	}
+
 	const uint8_t * RouterInfo::LoadBuffer ()
 	{
 		if (!m_Buffer)
 		{
 			if (LoadFile ())
-				LogPrint ("Buffer for ", GetIdentHashAbbreviation (), " loaded from file");
+				LogPrint (eLogDebug, "RouterInfo: Buffer for ", GetIdentHashAbbreviation (GetIdentHash ()), " loaded from file");
 		} 
 		return m_Buffer; 
 	}
@@ -412,7 +547,7 @@ namespace data
 		m_Timestamp = i2p::util::GetMillisecondsSinceEpoch (); // refresh timstamp
 		std::stringstream s;
 		uint8_t ident[1024];
-		auto identLen = privateKeys.GetPublic ().ToBuffer (ident, 1024);
+		auto identLen = privateKeys.GetPublic ()->ToBuffer (ident, 1024);
 		s.write ((char *)ident, identLen);			
 		WriteToStream (s);
 		m_BufferLen = s.str ().size ();
@@ -421,31 +556,45 @@ namespace data
 		memcpy (m_Buffer, s.str ().c_str (), m_BufferLen);
 		// signature
 		privateKeys.Sign ((uint8_t *)m_Buffer, m_BufferLen, (uint8_t *)m_Buffer + m_BufferLen);
-		m_BufferLen += privateKeys.GetPublic ().GetSignatureLen ();
+		m_BufferLen += privateKeys.GetPublic ()->GetSignatureLen ();
 	}	
 
-	void RouterInfo::SaveToFile (const std::string& fullPath)
+	bool RouterInfo::SaveToFile (const std::string& fullPath)
 	{
 		m_FullPath = fullPath;
-		if (m_Buffer)
-		{	
-			std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
-			f.write ((char *)m_Buffer, m_BufferLen);
-		}	
-		else
-			LogPrint (eLogError, "Can't save to file");
+		if (!m_Buffer) {
+			LogPrint (eLogError, "RouterInfo: Can't save, m_Buffer == NULL");
+			return false;
+		}
+		std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
+		if (!f.is_open ()) {
+			LogPrint(eLogError, "RouterInfo: Can't save to ", fullPath);
+			return false;
+		}
+		f.write ((char *)m_Buffer, m_BufferLen);
+		return true;
 	}
 	
-	size_t RouterInfo::ReadString (char * str, std::istream& s)
+	size_t RouterInfo::ReadString (char * str, size_t len, std::istream& s) const
 	{
-		uint8_t len;
-		s.read ((char *)&len, 1);
-		s.read (str, len);
-		str[len] = 0;
-		return len+1;
+		uint8_t l;
+		s.read ((char *)&l, 1);
+		if (l < len)
+		{	
+			s.read (str, l);
+			if (!s) l = 0; // failed, return empty string
+			str[l] = 0;
+		}
+		else
+		{
+			LogPrint (eLogWarning, "RouterInfo: string length ", (int)l, " exceeds buffer size ", len);
+			s.seekg (l, std::ios::cur); // skip
+			str[0] = 0;
+		}	
+		return l+1;
 	}	
 
-	void RouterInfo::WriteString (const std::string& str, std::ostream& s)
+	void RouterInfo::WriteString (const std::string& str, std::ostream& s) const
 	{
 		uint8_t len = str.size ();
 		s.write ((char *)&len, 1);
@@ -454,47 +603,47 @@ namespace data
 
 	void RouterInfo::AddNTCPAddress (const char * host, int port)
 	{
-		Address addr;
-		addr.host = boost::asio::ip::address::from_string (host);
-		addr.port = port;
-		addr.transportStyle = eTransportNTCP;
-		addr.cost = 2;
-		addr.date = 0;
-		addr.mtu = 0;
-		m_Addresses.push_back(addr);	
-		m_SupportedTransports |= addr.host.is_v6 () ? eNTCPV6 : eNTCPV4;
+		auto addr = std::make_shared<Address>();
+		addr->host = boost::asio::ip::address::from_string (host);
+		addr->port = port;
+		addr->transportStyle = eTransportNTCP;
+		addr->cost = 2;
+		addr->date = 0;
+		for (const auto& it: *m_Addresses) // don't insert same address twice
+			if (*it == *addr) return;
+		m_SupportedTransports |= addr->host.is_v6 () ? eNTCPV6 : eNTCPV4;
+		m_Addresses->push_back(std::move(addr));
 	}	
 
 	void RouterInfo::AddSSUAddress (const char * host, int port, const uint8_t * key, int mtu)
 	{
-		Address addr;
-		addr.host = boost::asio::ip::address::from_string (host);
-		addr.port = port;
-		addr.transportStyle = eTransportSSU;
-		addr.cost = 10; // NTCP should have priority over SSU
-		addr.date = 0;
-		addr.mtu = mtu; 
-		memcpy (addr.key, key, 32);
-		m_Addresses.push_back(addr);	
-		m_SupportedTransports |= addr.host.is_v6 () ? eNTCPV6 : eSSUV4;
-		m_Caps |= eSSUTesting; 
-		m_Caps |= eSSUIntroducer; 
+		auto addr = std::make_shared<Address>();
+		addr->host = boost::asio::ip::address::from_string (host);
+		addr->port = port;
+		addr->transportStyle = eTransportSSU;
+		addr->cost = 10; // NTCP should have priority over SSU
+		addr->date = 0;
+		addr->ssu.reset (new SSUExt ());
+		addr->ssu->mtu = mtu; 
+		memcpy (addr->ssu->key, key, 32);
+		for (const auto& it: *m_Addresses) // don't insert same address twice
+			if (*it == *addr) return;
+		m_SupportedTransports |= addr->host.is_v6 () ? eSSUV6 : eSSUV4;
+		m_Addresses->push_back(std::move(addr));
+
+		m_Caps |= eSSUTesting;
+		m_Caps |= eSSUIntroducer;
 	}	
 
-	bool RouterInfo::AddIntroducer (const Address * address, uint32_t tag)
+	bool RouterInfo::AddIntroducer (const Introducer& introducer)
 	{
-		for (auto& addr : m_Addresses)
+		for (auto& addr : *m_Addresses)
 		{
-			if (addr.transportStyle == eTransportSSU && addr.host.is_v4 ())
+			if (addr->transportStyle == eTransportSSU && addr->host.is_v4 ())
 			{	
-				for (auto intro: addr.introducers)
-					if (intro.iTag == tag) return false; // already presented
-				Introducer x;
-				x.iHost = address->host;
-				x.iPort = address->port;
-				x.iTag = tag;
-				memcpy (x.iKey, address->key, 32); // TODO: replace to Tag<32>
-				addr.introducers.push_back (x);
+				for (auto& intro: addr->ssu->introducers)
+					if (intro.iTag == introducer.iTag) return false; // already presented
+				addr->ssu->introducers.push_back (introducer);
 				return true;
 			}	
 		}	
@@ -503,16 +652,16 @@ namespace data
 
 	bool RouterInfo::RemoveIntroducer (const boost::asio::ip::udp::endpoint& e)
 	{		
-		for (auto& addr : m_Addresses)
+		for (auto& addr: *m_Addresses)
 		{
-			if (addr.transportStyle == eTransportSSU && addr.host.is_v4 ())
+			if (addr->transportStyle == eTransportSSU && addr->host.is_v4 ())
 			{	
-				for (std::vector<Introducer>::iterator it = addr.introducers.begin (); it != addr.introducers.end (); it++)
+				for (auto it = addr->ssu->introducers.begin (); it != addr->ssu->introducers.end (); ++it)
 					if ( boost::asio::ip::udp::endpoint (it->iHost, it->iPort) == e) 
 					{
-						addr.introducers.erase (it);
+						addr->ssu->introducers.erase (it);
 						return true;
-					}	
+					}
 			}	
 		}	
 		return false;
@@ -531,24 +680,24 @@ namespace data
 		ExtractCaps (caps);
 	}	
 		
-	void RouterInfo::SetProperty (const char * key, const char * value)
+	void RouterInfo::SetProperty (const std::string& key, const std::string& value)
 	{
 		m_Properties[key] = value;
 	}	
 
-	const char * RouterInfo::GetProperty (const char * key) const
+	void RouterInfo::DeleteProperty (const std::string& key)
+	{
+		m_Properties.erase (key);
+	}
+
+	std::string RouterInfo::GetProperty (const std::string& key) const 
 	{
 		auto it = m_Properties.find (key);
 		if (it != m_Properties.end ())
-			return it->second.c_str ();
-		return 0;
+			return it->second;
+		return "";
 	}	
-
-	bool RouterInfo::IsFloodfill () const
-	{
-		return m_Caps & Caps::eFloodfill;
-	}	
-
+		
 	bool RouterInfo::IsNTCP (bool v4only) const
 	{
 		if (v4only)
@@ -570,73 +719,100 @@ namespace data
 		return m_SupportedTransports & (eNTCPV6 | eSSUV6);
 	}
 
+	bool RouterInfo::IsV4 () const
+	{
+		return m_SupportedTransports & (eNTCPV4 | eSSUV4);
+	}
+	
 	void RouterInfo::EnableV6 ()
 	{
 		if (!IsV6 ())
 			m_SupportedTransports |= eNTCPV6 | eSSUV6;
 	}
-		
+
+  void RouterInfo::EnableV4 ()
+	{
+		if (!IsV4 ())
+			m_SupportedTransports |= eNTCPV4 | eSSUV4;
+	}
+	
+  
 	void RouterInfo::DisableV6 ()
 	{		
 		if (IsV6 ())
 		{	
-			// NTCP
-			m_SupportedTransports &= ~eNTCPV6; 
-			for (size_t i = 0; i < m_Addresses.size (); i++)
+			m_SupportedTransports &= ~(eNTCPV6 | eSSUV6); 
+			for (auto it = m_Addresses->begin (); it != m_Addresses->end ();)
 			{
-				if (m_Addresses[i].transportStyle == i2p::data::RouterInfo::eTransportNTCP &&
-					m_Addresses[i].host.is_v6 ())
-				{
-					m_Addresses.erase (m_Addresses.begin () + i);
-					break;
-				}
-			}	
-			
-			// SSU
-			m_SupportedTransports &= ~eSSUV6; 
-			for (size_t i = 0; i < m_Addresses.size (); i++)
-			{
-				if (m_Addresses[i].transportStyle == i2p::data::RouterInfo::eTransportSSU &&
-					m_Addresses[i].host.is_v6 ())
-				{
-					m_Addresses.erase (m_Addresses.begin () + i);
-					break;
-				}
+				auto addr = *it;
+				if (addr->host.is_v6 ())
+					it = m_Addresses->erase (it);
+				else
+					++it;
 			}	
 		}	
 	}
-		
+
+  void RouterInfo::DisableV4 ()
+	{		
+		if (IsV4 ())
+		{	
+			m_SupportedTransports &= ~(eNTCPV4 | eSSUV4); 
+			for (auto it = m_Addresses->begin (); it != m_Addresses->end ();)
+			{
+				auto addr = *it;
+				if (addr->host.is_v4 ())
+					it = m_Addresses->erase (it);
+				else
+					++it;
+			}	
+		}	
+	}
+	
+  
 	bool RouterInfo::UsesIntroducer () const
 	{
 		return m_Caps & Caps::eUnreachable; // non-reachable
 	}		
 		
-	const RouterInfo::Address * RouterInfo::GetNTCPAddress (bool v4only) const
+	std::shared_ptr<const RouterInfo::Address> RouterInfo::GetNTCPAddress (bool v4only) const
 	{
 		return GetAddress (eTransportNTCP, v4only);
 	}	
 
-	const RouterInfo::Address * RouterInfo::GetSSUAddress (bool v4only) const 
+	std::shared_ptr<const RouterInfo::Address> RouterInfo::GetSSUAddress (bool v4only) const 
 	{
 		return GetAddress (eTransportSSU, v4only);
 	}	
 
-	const RouterInfo::Address * RouterInfo::GetSSUV6Address () const 
+	std::shared_ptr<const RouterInfo::Address> RouterInfo::GetSSUV6Address () const 
 	{
 		return GetAddress (eTransportSSU, false, true);
 	}	
 		
-	const RouterInfo::Address * RouterInfo::GetAddress (TransportStyle s, bool v4only, bool v6only) const
+	std::shared_ptr<const RouterInfo::Address> RouterInfo::GetAddress (TransportStyle s, bool v4only, bool v6only) const
 	{
-		for (auto& address : m_Addresses)
+#if (BOOST_VERSION >= 105300)
+		auto addresses = boost::atomic_load (&m_Addresses);
+#else		
+		auto addresses = m_Addresses;
+#endif		
+		for (const auto& address : *addresses)
 		{
-			if (address.transportStyle == s)
+			if (address->transportStyle == s)
 			{	
-				if ((!v4only || address.host.is_v4 ()) && (!v6only || address.host.is_v6 ()))
-					return &address;
+				if ((!v4only || address->host.is_v4 ()) && (!v6only || address->host.is_v6 ()))
+					return address;
 			}	
 		}	
 		return nullptr;
 	}	
+
+	std::shared_ptr<RouterProfile> RouterInfo::GetProfile () const 
+	{
+		if (!m_Profile)
+			m_Profile = GetRouterProfile (GetIdentHash ());
+		return m_Profile;
+	}	
 }
 }

RouterInfo.h

@@ -5,24 +5,36 @@
 #include <string>
 #include <map>
 #include <vector>
+#include <list>
 #include <iostream>
 #include <boost/asio.hpp>
+#include <boost/shared_ptr.hpp> 
 #include "Identity.h"
+#include "Profiling.h"
 
 namespace i2p
 {
 namespace data
 {
+	const char ROUTER_INFO_PROPERTY_LEASESETS[] = "netdb.knownLeaseSets";
+	const char ROUTER_INFO_PROPERTY_ROUTERS[] = "netdb.knownRouters";	
+	const char ROUTER_INFO_PROPERTY_NETID[] = "netId";
+	const char ROUTER_INFO_PROPERTY_FAMILY[] = "family";	
+	const char ROUTER_INFO_PROPERTY_FAMILY_SIG[] = "family.sig";
+	
 	const char CAPS_FLAG_FLOODFILL = 'f';
 	const char CAPS_FLAG_HIDDEN = 'H';
 	const char CAPS_FLAG_REACHABLE = 'R';
 	const char CAPS_FLAG_UNREACHABLE = 'U';	
-	const char CAPS_FLAG_LOW_BANDWIDTH1 = 'K';		
-	const char CAPS_FLAG_LOW_BANDWIDTH2 = 'L';	
-	const char CAPS_FLAG_HIGH_BANDWIDTH1 = 'M';	
-	const char CAPS_FLAG_HIGH_BANDWIDTH2 = 'N';
-	const char CAPS_FLAG_HIGH_BANDWIDTH3 = 'O';
-
+	/* bandwidth flags */
+	const char CAPS_FLAG_LOW_BANDWIDTH1   = 'K'; /*   < 12 KBps */
+	const char CAPS_FLAG_LOW_BANDWIDTH2   = 'L'; /*  12-48 KBps */
+	const char CAPS_FLAG_HIGH_BANDWIDTH1  = 'M'; /*  48-64 KBps */
+	const char CAPS_FLAG_HIGH_BANDWIDTH2  = 'N'; /*  64-128 KBps */
+	const char CAPS_FLAG_HIGH_BANDWIDTH3  = 'O'; /* 128-256 KBps */
+	const char CAPS_FLAG_EXTRA_BANDWIDTH1 = 'P'; /* 256-2000 KBps */
+	const char CAPS_FLAG_EXTRA_BANDWIDTH2 = 'X'; /*   > 2000 KBps */
+	
 	const char CAPS_FLAG_SSU_TESTING = 'B';
 	const char CAPS_FLAG_SSU_INTRODUCER = 'C';
 
@@ -43,11 +55,12 @@ namespace data
 			{
 				eFloodfill = 0x01,
 				eHighBandwidth = 0x02,
-				eReachable = 0x04,
-				eSSUTesting = 0x08,
-				eSSUIntroducer = 0x10,
-				eHidden = 0x20,
-				eUnreachable = 0x40
+				eExtraBandwidth = 0x04,
+				eReachable = 0x08,
+				eSSUTesting = 0x10,
+				eSSUIntroducer = 0x20,
+				eHidden = 0x40,
+				eUnreachable = 0x80
 			};
 
 			enum TransportStyle
@@ -57,67 +70,92 @@ namespace data
 				eTransportSSU
 			};
 
+			typedef Tag<32> IntroKey; // should be castable to MacKey and AESKey
 			struct Introducer			
 			{
 				boost::asio::ip::address iHost;
 				int iPort;
-				Tag<32> iKey;
+				IntroKey iKey;
 				uint32_t iTag;
 			};
 
+			struct SSUExt
+			{
+				int mtu;
+				IntroKey key; // intro key for SSU
+				std::vector<Introducer> introducers;		
+			};
+			
 			struct Address
 			{
 				TransportStyle transportStyle;
 				boost::asio::ip::address host;
-				int port, mtu;
+				std::string addressString;
+				int port;
 				uint64_t date;
 				uint8_t cost;
-				// SSU only
-				Tag<32> key; // intro key for SSU
-				std::vector<Introducer> introducers;
+				std::unique_ptr<SSUExt> ssu; // not null for SSU
 
 				bool IsCompatible (const boost::asio::ip::address& other) const 
 				{
 					return (host.is_v4 () && other.is_v4 ()) ||
 						(host.is_v6 () && other.is_v6 ());
 				}	
+
+				bool operator==(const Address& other) const
+				{
+					return transportStyle == other.transportStyle && host == other.host && port == other.port;
+				}	
+
+				bool operator!=(const Address& other) const
+				{
+					return !(*this == other);
+				}	
 			};
-			
+			typedef std::list<std::shared_ptr<Address> > Addresses;			
+
+			RouterInfo ();
 			RouterInfo (const std::string& fullPath);
-			RouterInfo (): m_Buffer (nullptr) { };
 			RouterInfo (const RouterInfo& ) = default;
 			RouterInfo& operator=(const RouterInfo& ) = default;
 			RouterInfo (const uint8_t * buf, int len);
 			~RouterInfo ();
 			
-			const IdentityEx& GetRouterIdentity () const { return m_RouterIdentity; };
-			void SetRouterIdentity (const IdentityEx& identity);
+			std::shared_ptr<const IdentityEx> GetRouterIdentity () const { return m_RouterIdentity; };
+			void SetRouterIdentity (std::shared_ptr<const IdentityEx> identity);
 			std::string GetIdentHashBase64 () const { return GetIdentHash ().ToBase64 (); };
-			std::string GetIdentHashAbbreviation () const { return GetIdentHash ().ToBase64 ().substr (0, 4); };
 			uint64_t GetTimestamp () const { return m_Timestamp; };
-			std::vector<Address>& GetAddresses () { return m_Addresses; };
-			const Address * GetNTCPAddress (bool v4only = true) const;
-			const Address * GetSSUAddress (bool v4only = true) const;
-			const Address * GetSSUV6Address () const;
+			Addresses& GetAddresses () { return *m_Addresses; }; // should be called for local RI only, otherwise must return shared_ptr
+			std::shared_ptr<const Address> GetNTCPAddress (bool v4only = true) const;
+			std::shared_ptr<const Address> GetSSUAddress (bool v4only = true) const;
+			std::shared_ptr<const Address> GetSSUV6Address () const;
 			
 			void AddNTCPAddress (const char * host, int port);
 			void AddSSUAddress (const char * host, int port, const uint8_t * key, int mtu = 0);
-			bool AddIntroducer (const Address * address, uint32_t tag);
+			bool AddIntroducer (const Introducer& introducer);
 			bool RemoveIntroducer (const boost::asio::ip::udp::endpoint& e);
-			void SetProperty (const char * key, const char * value);
-			const char * GetProperty (const char * key) const;
-			bool IsFloodfill () const;
+			void SetProperty (const std::string& key, const std::string& value); // called from RouterContext only
+			void DeleteProperty (const std::string& key); // called from RouterContext only
+			std::string GetProperty (const std::string& key) const; // called from RouterContext only
+			void ClearProperties () { m_Properties.clear (); };
+			bool IsFloodfill () const { return m_Caps & Caps::eFloodfill; };
+			bool IsReachable () const { return m_Caps & Caps::eReachable; };
 			bool IsNTCP (bool v4only = true) const;
 			bool IsSSU (bool v4only = true) const;
 			bool IsV6 () const;
+			bool IsV4 () const;
 			void EnableV6 ();
 			void DisableV6 ();
+			void EnableV4 ();
+			void DisableV4 ();
 			bool IsCompatible (const RouterInfo& other) const { return m_SupportedTransports & other.m_SupportedTransports; };
 			bool UsesIntroducer () const;
 			bool IsIntroducer () const { return m_Caps & eSSUIntroducer; };
 			bool IsPeerTesting () const { return m_Caps & eSSUTesting; };
 			bool IsHidden () const { return m_Caps & eHidden; };
-
+			bool IsHighBandwidth () const { return m_Caps & RouterInfo::eHighBandwidth; };
+			bool IsExtraBandwidth () const { return m_Caps & RouterInfo::eExtraBandwidth; };	
+			
 			uint8_t GetCaps () const { return m_Caps; };	
 			void SetCaps (uint8_t caps);
 			void SetCaps (const char * caps);
@@ -132,41 +170,48 @@ namespace data
 
 			bool IsUpdated () const { return m_IsUpdated; };
 			void SetUpdated (bool updated) { m_IsUpdated = updated; }; 
-			void SaveToFile (const std::string& fullPath);
+			bool SaveToFile (const std::string& fullPath);
 
-			void Update (const uint8_t * buf, int len);
-			void DeleteBuffer () { delete m_Buffer; m_Buffer = nullptr; };
+			std::shared_ptr<RouterProfile> GetProfile () const;
+			void SaveProfile () { if (m_Profile) m_Profile->Save (GetIdentHash ()); };
 			
+			void Update (const uint8_t * buf, int len);
+			void DeleteBuffer () { delete[] m_Buffer; m_Buffer = nullptr; };
+			bool IsNewer (const uint8_t * buf, size_t len) const;			
+
+      /** return true if we are in a router family and the signature is valid */
+      bool IsFamily(const std::string & fam) const;
+      
 			// implements RoutingDestination
-			const IdentHash& GetIdentHash () const { return m_RouterIdentity.GetIdentHash (); };
-			const uint8_t * GetEncryptionPublicKey () const { return m_RouterIdentity.GetStandardIdentity ().publicKey; };
+			const IdentHash& GetIdentHash () const { return m_RouterIdentity->GetIdentHash (); };
+			const uint8_t * GetEncryptionPublicKey () const { return m_RouterIdentity->GetStandardIdentity ().publicKey; };
 			bool IsDestination () const { return false; };
 
-			
 		private:
 
 			bool LoadFile ();
 			void ReadFromFile ();
 			void ReadFromStream (std::istream& s);
 			void ReadFromBuffer (bool verifySignature);
-			void WriteToStream (std::ostream& s);
-			size_t ReadString (char * str, std::istream& s);
-			void WriteString (const std::string& str, std::ostream& s);
+			void WriteToStream (std::ostream& s) const;
+			size_t ReadString (char* str, size_t len, std::istream& s) const;
+			void WriteString (const std::string& str, std::ostream& s) const;
 			void ExtractCaps (const char * value);
-			const Address * GetAddress (TransportStyle s, bool v4only, bool v6only = false) const;
+			std::shared_ptr<const Address> GetAddress (TransportStyle s, bool v4only, bool v6only = false) const;
 			void UpdateCapsProperty ();			
 
 		private:
 
-			std::string m_FullPath;
-			IdentityEx m_RouterIdentity;
+			std::string m_FullPath, m_Family;
+			std::shared_ptr<const IdentityEx> m_RouterIdentity;
 			uint8_t * m_Buffer;
-			int m_BufferLen;
+			size_t m_BufferLen;
 			uint64_t m_Timestamp;
-			std::vector<Address> m_Addresses;
+			boost::shared_ptr<Addresses> m_Addresses; // TODO: use std::shared_ptr and std::atomic_store for gcc >= 4.9 
 			std::map<std::string, std::string> m_Properties;
 			bool m_IsUpdated, m_IsUnreachable;
 			uint8_t m_SupportedTransports, m_Caps;
+			mutable std::shared_ptr<RouterProfile> m_Profile;
 	};	
 }	
 }

SAM.h

@@ -18,62 +18,74 @@ namespace i2p
 {
 namespace client
 {
-	const size_t SAM_SOCKET_BUFFER_SIZE = 4096;
-	const int SAM_SOCKET_CONNECTION_MAX_IDLE = 3600; // in seconds	
-	const int SAM_CONNECT_TIMEOUT = 5; // in seconds
-	const int SAM_NAMING_LOOKUP_TIMEOUT = 5; // in seconds
-	const int SAM_SESSION_READINESS_CHECK_INTERVAL = 20; // in seconds	
+	const size_t SAM_SOCKET_BUFFER_SIZE = 8192;
+	const int SAM_SOCKET_CONNECTION_MAX_IDLE = 3600; // in seconds
+	const int SAM_SESSION_READINESS_CHECK_INTERVAL = 20; // in seconds
 	const char SAM_HANDSHAKE[] = "HELLO VERSION";
-	const char SAM_HANDSHAKE_REPLY[] = "HELLO REPLY RESULT=OK VERSION=3.0\n";
+	const char SAM_HANDSHAKE_REPLY[] = "HELLO REPLY RESULT=OK VERSION=%s\n";
+	const char SAM_HANDSHAKE_I2P_ERROR[] = "HELLO REPLY RESULT=I2P_ERROR\n";
 	const char SAM_SESSION_CREATE[] = "SESSION CREATE";
 	const char SAM_SESSION_CREATE_REPLY_OK[] = "SESSION STATUS RESULT=OK DESTINATION=%s\n";
 	const char SAM_SESSION_CREATE_DUPLICATED_ID[] = "SESSION STATUS RESULT=DUPLICATED_ID\n";
-	const char SAM_SESSION_CREATE_DUPLICATED_DEST[] = "SESSION STATUS RESULT=DUPLICATED_DEST\n";	
+	const char SAM_SESSION_CREATE_DUPLICATED_DEST[] = "SESSION STATUS RESULT=DUPLICATED_DEST\n";
+	const char SAM_SESSION_STATUS_INVALID_KEY[] = "SESSION STATUS RESULT=INVALID_KEY\n";
+	const char SAM_SESSION_STATUS_I2P_ERROR[] = "SESSION STATUS RESULT=I2P_ERROR MESSAGE=%s\n";
 	const char SAM_STREAM_CONNECT[] = "STREAM CONNECT";
 	const char SAM_STREAM_STATUS_OK[] = "STREAM STATUS RESULT=OK\n";
 	const char SAM_STREAM_STATUS_INVALID_ID[] = "STREAM STATUS RESULT=INVALID_ID\n";
 	const char SAM_STREAM_STATUS_CANT_REACH_PEER[] = "STREAM STATUS RESULT=CANT_REACH_PEER\n";
 	const char SAM_STREAM_STATUS_I2P_ERROR[] = "STREAM STATUS RESULT=I2P_ERROR\n";
-	const char SAM_STREAM_ACCEPT[] = "STREAM ACCEPT";	
+	const char SAM_STREAM_ACCEPT[] = "STREAM ACCEPT";
+	const char SAM_DATAGRAM_SEND[] = "DATAGRAM SEND";
 	const char SAM_DEST_GENERATE[] = "DEST GENERATE";
-	const char SAM_DEST_REPLY[] = "DEST REPLY PUB=%s PRIV=%s\n";	
+	const char SAM_DEST_REPLY[] = "DEST REPLY PUB=%s PRIV=%s\n";
 	const char SAM_DEST_REPLY_I2P_ERROR[] = "DEST REPLY RESULT=I2P_ERROR\n";
 	const char SAM_NAMING_LOOKUP[] = "NAMING LOOKUP";
 	const char SAM_NAMING_REPLY[] = "NAMING REPLY RESULT=OK NAME=ME VALUE=%s\n";
-	const char SAM_DATAGRAM_RECEIVED[] = "DATAGRAM_RECEIVED DESTINATION=%s SIZE=%lu\n";	
+	const char SAM_DATAGRAM_RECEIVED[] = "DATAGRAM RECEIVED DESTINATION=%s SIZE=%lu\n";
 	const char SAM_NAMING_REPLY_INVALID_KEY[] = "NAMING REPLY RESULT=INVALID_KEY NAME=%s\n";
-	const char SAM_NAMING_REPLY_KEY_NOT_FOUND[] = "NAMING REPLY RESULT=INVALID_KEY_NOT_FOUND NAME=%s\n";		
-	const char SAM_PARAM_STYLE[] = "STYLE";		
-	const char SAM_PARAM_ID[] = "ID";	
+	const char SAM_NAMING_REPLY_KEY_NOT_FOUND[] = "NAMING REPLY RESULT=INVALID_KEY_NOT_FOUND NAME=%s\n";
+	const char SAM_PARAM_MIN[] = "MIN";
+	const char SAM_PARAM_MAX[] = "MAX";
+	const char SAM_PARAM_STYLE[] = "STYLE";
+	const char SAM_PARAM_ID[] = "ID";
 	const char SAM_PARAM_SILENT[] = "SILENT";
-	const char SAM_PARAM_DESTINATION[] = "DESTINATION";	
-	const char SAM_PARAM_NAME[] = "NAME";		
-	const char SAM_VALUE_TRANSIENT[] = "TRANSIENT";	
+	const char SAM_PARAM_DESTINATION[] = "DESTINATION";
+	const char SAM_PARAM_NAME[] = "NAME";
+	const char SAM_PARAM_SIGNATURE_TYPE[] = "SIGNATURE_TYPE";
+	const char SAM_PARAM_SIZE[] = "SIZE";
+	const char SAM_VALUE_TRANSIENT[] = "TRANSIENT";
 	const char SAM_VALUE_STREAM[] = "STREAM";
 	const char SAM_VALUE_DATAGRAM[] = "DATAGRAM";
-	const char SAM_VALUE_RAW[] = "RAW";	
-	const char SAM_VALUE_TRUE[] = "true";	
-	const char SAM_VALUE_FALSE[] = "false";	
+	const char SAM_VALUE_RAW[] = "RAW";
+	const char SAM_VALUE_TRUE[] = "true";
+	const char SAM_VALUE_FALSE[] = "false";
+	const char SAM_VALUE_HOST[] = "HOST";
+	const char SAM_VALUE_PORT[] = "PORT";
 
 	enum SAMSocketType
 	{
 		eSAMSocketTypeUnknown,
 		eSAMSocketTypeSession,
 		eSAMSocketTypeStream,
-		eSAMSocketTypeAcceptor	
+		eSAMSocketTypeAcceptor,
+		eSAMSocketTypeTerminated
 	};
 
 	class SAMBridge;
-	class SAMSession;
+	struct SAMSession;
 	class SAMSocket: public std::enable_shared_from_this<SAMSocket>
 	{
 		public:
 
 			SAMSocket (SAMBridge& owner);
-			~SAMSocket ();			
+			~SAMSocket ();
+			void CloseStream (); // TODO: implement it better
 
 			boost::asio::ip::tcp::socket& GetSocket () { return m_Socket; };
 			void ReceiveHandshake ();
+			void SetSocketType (SAMSocketType socketType) { m_SocketType = socketType; };
+			SAMSocketType GetSocketType () const { return m_SocketType; };
 
 		private:
 
@@ -81,28 +93,30 @@ namespace client
 			void HandleHandshakeReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 			void HandleHandshakeReplySent (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 			void HandleMessage (const boost::system::error_code& ecode, std::size_t bytes_transferred);
-			void SendMessageReply (const char * msg, size_t len, bool close);			
+			void SendMessageReply (const char * msg, size_t len, bool close);
 			void HandleMessageReplySent (const boost::system::error_code& ecode, std::size_t bytes_transferred, bool close);
 			void Receive ();
 			void HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 
-			void I2PReceive ();	
+			void I2PReceive ();
 			void HandleI2PReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
-			void HandleI2PAccept (i2p::stream::Stream * stream);
+			void HandleI2PAccept (std::shared_ptr<i2p::stream::Stream> stream);
 			void HandleWriteI2PData (const boost::system::error_code& ecode);
-			void HandleI2PDatagramReceive (const i2p::data::IdentityEx& ident, const uint8_t * buf, size_t len);
+			void HandleI2PDatagramReceive (const i2p::data::IdentityEx& from, uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
 
 			void ProcessSessionCreate (char * buf, size_t len);
 			void ProcessStreamConnect (char * buf, size_t len);
 			void ProcessStreamAccept (char * buf, size_t len);
 			void ProcessDestGenerate ();
 			void ProcessNamingLookup (char * buf, size_t len);
-			void ExtractParams (char * buf, size_t len, std::map<std::string, std::string>& params);
+			void SendI2PError(const std::string & msg);
+			size_t ProcessDatagramSend (char * buf, size_t len, const char * data); // from SAM 1.0
+			void ExtractParams (char * buf, std::map<std::string, std::string>& params);
 
-			void Connect (const i2p::data::LeaseSet& remote);
-			void HandleStreamDestinationRequestTimer (const boost::system::error_code& ecode, i2p::data::IdentHash ident);
-			void HandleNamingLookupDestinationRequestTimer (const boost::system::error_code& ecode, i2p::data::IdentHash ident);
-			void SendNamingLookupReply (const i2p::data::LeaseSet * leaseSet);
+			void Connect (std::shared_ptr<const i2p::data::LeaseSet> remote);
+			void HandleConnectLeaseSetRequestComplete (std::shared_ptr<i2p::data::LeaseSet> leaseSet);
+			void SendNamingLookupReply (std::shared_ptr<const i2p::data::IdentityEx> identity);
+			void HandleNamingLookupLeaseSetRequestComplete (std::shared_ptr<i2p::data::LeaseSet> leaseSet, i2p::data::IdentHash ident);
 			void HandleSessionReadinessCheckTimer (const boost::system::error_code& ecode);
 			void SendSessionCreateReplyOk ();
 
@@ -112,34 +126,68 @@ namespace client
 			boost::asio::ip::tcp::socket m_Socket;
 			boost::asio::deadline_timer m_Timer;
 			char m_Buffer[SAM_SOCKET_BUFFER_SIZE + 1];
+			size_t m_BufferOffset;
 			uint8_t m_StreamBuffer[SAM_SOCKET_BUFFER_SIZE];
 			SAMSocketType m_SocketType;
 			std::string m_ID; // nickname
 			bool m_IsSilent;
-			i2p::stream::Stream * m_Stream;
-			SAMSession * m_Session;
-	};	
+			std::shared_ptr<i2p::stream::Stream> m_Stream;
+			std::shared_ptr<SAMSession> m_Session;
+	};
 
 	struct SAMSession
 	{
-		ClientDestination * localDestination;
-		std::list<std::shared_ptr<SAMSocket> > sockets;
+		std::shared_ptr<ClientDestination> localDestination;
+		std::list<std::shared_ptr<SAMSocket> > m_Sockets;
+		std::shared_ptr<boost::asio::ip::udp::endpoint> UDPEndpoint;
+		std::mutex m_SocketsMutex;
+
+		/** safely add a socket to this session */
+		void AddSocket(std::shared_ptr<SAMSocket> sock) {
+			std::lock_guard<std::mutex> lock(m_SocketsMutex);
+			m_Sockets.push_back(sock);
+		}
+
+		/** safely remove a socket from this session */
+		void DelSocket(std::shared_ptr<SAMSocket> sock) {
+			std::lock_guard<std::mutex> lock(m_SocketsMutex);
+			m_Sockets.remove(sock);
+		}
+
+		/** get a list holding a copy of all sam sockets from this session */
+		std::list<std::shared_ptr<SAMSocket> > ListSockets() {
+			std::list<std::shared_ptr<SAMSocket> > l;
+			{
+				std::lock_guard<std::mutex> lock(m_SocketsMutex);
+				for(const auto& sock : m_Sockets ) l.push_back(sock);
+			}
+			return l;
+		}
+
+		SAMSession (std::shared_ptr<ClientDestination> dest);
+		~SAMSession ();
+
+		void CloseStreams ();
 	};
 
 	class SAMBridge
 	{
 		public:
 
-			SAMBridge (int port);
+			SAMBridge (const std::string& address, int port);
 			~SAMBridge ();
 
 			void Start ();
 			void Stop ();
-			
+
 			boost::asio::io_service& GetService () { return m_Service; };
-			SAMSession * CreateSession (const std::string& id, const std::string& destination = ""); // empty string  means transient
+			std::shared_ptr<SAMSession> CreateSession (const std::string& id, const std::string& destination, // empty string  means transient
+				const std::map<std::string, std::string> * params);
 			void CloseSession (const std::string& id);
-			SAMSession * FindSession (const std::string& id);
+			std::shared_ptr<SAMSession> FindSession (const std::string& id) const;
+
+			/** send raw data to remote endpoint from our UDP Socket */
+			void SendTo(const uint8_t * buf, size_t len, std::shared_ptr<boost::asio::ip::udp::endpoint> remote);
 
 		private:
 
@@ -154,17 +202,21 @@ namespace client
 		private:
 
 			bool m_IsRunning;
-			std::thread * m_Thread;	
+			std::thread * m_Thread;
 			boost::asio::io_service m_Service;
 			boost::asio::ip::tcp::acceptor m_Acceptor;
 			boost::asio::ip::udp::endpoint m_DatagramEndpoint, m_SenderEndpoint;
 			boost::asio::ip::udp::socket m_DatagramSocket;
-			std::mutex m_SessionsMutex;
-			std::map<std::string, SAMSession> m_Sessions;
+			mutable std::mutex m_SessionsMutex;
+			std::map<std::string, std::shared_ptr<SAMSession> > m_Sessions;
 			uint8_t m_DatagramReceiveBuffer[i2p::datagram::MAX_DATAGRAM_SIZE+1];
-	};		
+
+		public:
+
+			// for HTTP
+			const decltype(m_Sessions)& GetSessions () const { return m_Sessions; };
+	};
 }
 }
 
 #endif
-

SOCKS.h

@@ -1,97 +1,38 @@
-#ifndef SOCKS4A_H__
-#define SOCKS4A_H__
+#ifndef SOCKS_H__
+#define SOCKS_H__
 
-#include <thread>
+#include <memory>
+#include <set>
 #include <boost/asio.hpp>
-#include <vector>
 #include <mutex>
-
-#include "Identity.h"
-#include "Streaming.h"
+#include "I2PService.h"
 
 namespace i2p
 {
 namespace proxy
 {
-
-	const size_t socks_buffer_size = 8192;
-
-	class SOCKS4AHandler {
-
-		private:
-            enum state {
-                    INITIAL,
-                    OKAY,
-                    END
-            };
-
-            void GotClientRequest(boost::system::error_code & ecode, std::string & host, uint16_t port);
-            void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered);
-            void HandleSockForward(const boost::system::error_code & ecode, std::size_t bytes_transfered);
-            void HandleStreamRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered);
-            void Terminate();
-            void CloseSock();
-            void CloseStream();
-            void AsyncSockRead();
-            void AsyncStreamRead();
-            void SocksFailed();
-            void LeaseSetTimeout(const boost::system::error_code & ecode);
-            void StreamWrote(const boost::system::error_code & ecode);		  
-            void SockWrote(const boost::system::error_code & ecode);
-            void SentConnectionSuccess(const boost::system::error_code & ecode);
-            void ConnectionSuccess();
-            
-            uint8_t m_sock_buff[socks_buffer_size];
-            uint8_t m_stream_buff[socks_buffer_size];
-            
-            boost::asio::io_service * m_ios;
-            boost::asio::ip::tcp::socket * m_sock;
-            boost::asio::deadline_timer m_ls_timer;
-            i2p::stream::Stream * m_stream;
-            i2p::data::LeaseSet * m_ls;
-            i2p::data::IdentHash m_dest;
-            state m_state;
-		
-            
+	class SOCKSServer: public i2p::client::TCPIPAcceptor
+	{
 		public:
-			SOCKS4AHandler(boost::asio::io_service * ios, boost::asio::ip::tcp::socket * sock) : 
-				m_ios(ios), m_sock(sock), m_ls_timer(*ios),
-				m_stream(nullptr), m_ls(nullptr), m_state(INITIAL) { AsyncSockRead(); }
 
-			~SOCKS4AHandler() { CloseSock(); CloseStream(); }
-			bool isComplete() { return m_state == END; }
+			SOCKSServer(const std::string& address, int port, const std::string& outAddress, uint16_t outPort,
+				std::shared_ptr<i2p::client::ClientDestination> localDestination = nullptr);
+			~SOCKSServer() {};
+
+			void SetUpstreamProxy(const std::string & addr, const uint16_t port);
+		
+		protected:
+			// Implements TCPIPAcceptor
+			std::shared_ptr<i2p::client::I2PServiceHandler> CreateHandler(std::shared_ptr<boost::asio::ip::tcp::socket> socket);
+			const char* GetName() { return "SOCKS"; }
+
+	private:
+		std::string m_UpstreamProxyAddress;
+		uint16_t m_UpstreamProxyPort;
+		bool m_UseUpstreamProxy;
 	};
 
-	class SOCKS4AServer {
-		public:
-			SOCKS4AServer(int port) : m_run(false), 
-									  m_thread(nullptr), 
-									  m_work(m_ios),
-									  m_acceptor(m_ios, boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v4(), port)),
-									  m_new_sock(nullptr) { }
-			~SOCKS4AServer() { Stop(); }
-			void Start();
-			void Stop();
-		
-			boost::asio::io_service& GetService () { return m_ios; };	
-
-		private:
-		
-			void Run();
-			void Accept();
-			void HandleAccept(const boost::system::error_code& ecode);
-
-			bool m_run;
-			std::thread * m_thread;
-			boost::asio::io_service m_ios;
-			boost::asio::io_service::work m_work;
-            boost::asio::ip::tcp::acceptor m_acceptor;
-			boost::asio::ip::tcp::socket * m_new_sock;
-		
-
-	};
-
-	typedef SOCKS4AServer SOCKSProxy;
+	typedef SOCKSServer SOCKSProxy;
 }
 }
 

SSU.cpp

@@ -3,57 +3,120 @@
 #include "Log.h"
 #include "Timestamp.h"
 #include "RouterContext.h"
+#include "NetDb.h"
 #include "SSU.h"
 
 namespace i2p
 {
 namespace transport
 {
-	SSUServer::SSUServer (int port): m_Thread (nullptr), m_Work (m_Service),
-		m_Endpoint (boost::asio::ip::udp::v4 (), port), m_EndpointV6 (boost::asio::ip::udp::v6 (), port),
-		m_Socket (m_Service, m_Endpoint), m_SocketV6 (m_Service), m_IntroducersUpdateTimer (m_Service)	
+
+	SSUServer::SSUServer (const boost::asio::ip::address & addr, int port):
+		m_OnlyV6(true), m_IsRunning(false),
+		m_Thread (nullptr), m_ThreadV6 (nullptr), m_ReceiversThread (nullptr), 
+		m_ReceiversThreadV6 (nullptr), m_Work (m_Service), m_WorkV6 (m_ServiceV6), 
+		m_ReceiversWork (m_ReceiversService), m_ReceiversWorkV6 (m_ReceiversServiceV6),
+		m_EndpointV6 (addr, port), m_Socket (m_ReceiversService, m_Endpoint), 
+		m_SocketV6 (m_ReceiversServiceV6), m_IntroducersUpdateTimer (m_Service), 
+		m_PeerTestsCleanupTimer (m_Service), m_TerminationTimer (m_Service), 
+		m_TerminationTimerV6 (m_ServiceV6)	
 	{
-		m_Socket.set_option (boost::asio::socket_base::receive_buffer_size (65535));
-		m_Socket.set_option (boost::asio::socket_base::send_buffer_size (65535));
+		OpenSocketV6 ();
+	}
+	
+	SSUServer::SSUServer (int port):
+		m_OnlyV6(false), m_IsRunning(false),
+		m_Thread (nullptr), m_ThreadV6 (nullptr), m_ReceiversThread (nullptr),
+		m_ReceiversThreadV6 (nullptr), 	m_Work (m_Service), m_WorkV6 (m_ServiceV6), 
+		m_ReceiversWork (m_ReceiversService), m_ReceiversWorkV6 (m_ReceiversServiceV6),
+		m_Endpoint (boost::asio::ip::udp::v4 (), port), m_EndpointV6 (boost::asio::ip::udp::v6 (), port), 
+		m_Socket (m_ReceiversService), m_SocketV6 (m_ReceiversServiceV6), 
+		m_IntroducersUpdateTimer (m_Service), m_PeerTestsCleanupTimer (m_Service),
+		m_TerminationTimer (m_Service), m_TerminationTimerV6 (m_ServiceV6)	
+	{
+		OpenSocket ();
 		if (context.SupportsV6 ())
-		{
-			m_SocketV6.open (boost::asio::ip::udp::v6());
-			m_SocketV6.set_option (boost::asio::ip::v6_only (true));
-			m_SocketV6.set_option (boost::asio::socket_base::receive_buffer_size (65535));
-			m_SocketV6.set_option (boost::asio::socket_base::send_buffer_size (65535));
-			m_SocketV6.bind (m_EndpointV6);
-		}
+			OpenSocketV6 ();
 	}
 	
 	SSUServer::~SSUServer ()
 	{
-		for (auto it: m_Sessions)
-			delete it.second;
 	}
 
+	void SSUServer::OpenSocket ()
+	{
+		m_Socket.open (boost::asio::ip::udp::v4());
+		m_Socket.set_option (boost::asio::socket_base::receive_buffer_size (SSU_SOCKET_RECEIVE_BUFFER_SIZE)); 
+		m_Socket.set_option (boost::asio::socket_base::send_buffer_size (SSU_SOCKET_SEND_BUFFER_SIZE));
+		m_Socket.bind (m_Endpoint);
+	}
+		
+	void SSUServer::OpenSocketV6 ()
+	{
+		m_SocketV6.open (boost::asio::ip::udp::v6());
+		m_SocketV6.set_option (boost::asio::ip::v6_only (true));
+		m_SocketV6.set_option (boost::asio::socket_base::receive_buffer_size (SSU_SOCKET_RECEIVE_BUFFER_SIZE));
+		m_SocketV6.set_option (boost::asio::socket_base::send_buffer_size (SSU_SOCKET_SEND_BUFFER_SIZE));
+		m_SocketV6.bind (m_EndpointV6);
+	}	
+		
 	void SSUServer::Start ()
 	{
 		m_IsRunning = true;
-		m_Thread = new std::thread (std::bind (&SSUServer::Run, this));
-		m_Service.post (boost::bind (&SSUServer::Receive, this));  
+		if (!m_OnlyV6)
+		{
+			m_ReceiversThread = new std::thread (std::bind (&SSUServer::RunReceivers, this));
+			m_Thread = new std::thread (std::bind (&SSUServer::Run, this));
+			m_ReceiversService.post (std::bind (&SSUServer::Receive, this));
+			ScheduleTermination ();		
+		}
 		if (context.SupportsV6 ())
-			m_Service.post (boost::bind (&SSUServer::ReceiveV6, this));  
-		if (i2p::context.IsUnreachable ())
-			ScheduleIntroducersUpdateTimer ();
+		{	
+			m_ReceiversThreadV6 = new std::thread (std::bind (&SSUServer::RunReceiversV6, this));
+			m_ThreadV6 = new std::thread (std::bind (&SSUServer::RunV6, this));
+			m_ReceiversServiceV6.post (std::bind (&SSUServer::ReceiveV6, this));	
+			ScheduleTerminationV6 ();	
+		}
+		SchedulePeerTestsCleanupTimer ();	
+		ScheduleIntroducersUpdateTimer (); // wait for 30 seconds and decide if we need introducers
 	}
 
 	void SSUServer::Stop ()
 	{
 		DeleteAllSessions ();
 		m_IsRunning = false;
+		m_TerminationTimer.cancel ();
+ 		m_TerminationTimerV6.cancel ();
 		m_Service.stop ();
 		m_Socket.close ();
+		m_ServiceV6.stop ();
+		m_SocketV6.close ();
+		m_ReceiversService.stop ();
+		m_ReceiversServiceV6.stop ();
+		if (m_ReceiversThread)
+		{	
+			m_ReceiversThread->join (); 
+			delete m_ReceiversThread;
+			m_ReceiversThread = nullptr;
+		}
 		if (m_Thread)
 		{	
 			m_Thread->join (); 
 			delete m_Thread;
-			m_Thread = 0;
-		}	
+			m_Thread = nullptr;
+		}
+		if (m_ReceiversThreadV6)
+		{	
+			m_ReceiversThreadV6->join (); 
+			delete m_ReceiversThreadV6;
+			m_ReceiversThreadV6 = nullptr;
+		}
+		if (m_ThreadV6)
+		{	
+			m_ThreadV6->join (); 
+			delete m_ThreadV6;
+			m_ThreadV6 = nullptr;
+		}
 	}
 
 	void SSUServer::Run () 
@@ -66,21 +129,76 @@ namespace transport
 			}
 			catch (std::exception& ex)
 			{
-				LogPrint (eLogError, "SSU server: ", ex.what ());
+				LogPrint (eLogError, "SSU: server runtime exception: ", ex.what ());
 			}	
 		}	
 	}
-		
-	void SSUServer::AddRelay (uint32_t tag, const boost::asio::ip::udp::endpoint& relay)
+
+	void SSUServer::RunV6 () 
+	{ 
+		while (m_IsRunning)
+		{
+			try
+			{	
+				m_ServiceV6.run ();
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "SSU: v6 server runtime exception: ", ex.what ());
+			}	
+		}	
+	}	
+
+	void SSUServer::RunReceivers () 
+	{ 
+		while (m_IsRunning)
+		{
+			try
+			{	
+				m_ReceiversService.run ();
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "SSU: receivers runtime exception: ", ex.what ());
+			}	
+		}	
+	}	
+	
+	void SSUServer::RunReceiversV6 () 
+	{ 
+		while (m_IsRunning)
+		{
+			try
+			{	
+				m_ReceiversServiceV6.run ();
+			}
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "SSU: v6 receivers runtime exception: ", ex.what ());
+			}	
+		}	
+	}	
+
+	void SSUServer::AddRelay (uint32_t tag, std::shared_ptr<SSUSession> relay)
 	{
 		m_Relays[tag] = relay;
 	}	
 
-	SSUSession * SSUServer::FindRelaySession (uint32_t tag)
+	void SSUServer::RemoveRelay (uint32_t tag)
+	{
+		m_Relays.erase (tag);
+	}	
+		
+	std::shared_ptr<SSUSession> SSUServer::FindRelaySession (uint32_t tag)
 	{
 		auto it = m_Relays.find (tag);
 		if (it != m_Relays.end ())
-			return FindSession (it->second);
+		{	
+			if (it->second->GetState () == eSessionStateEstablished)
+				return it->second;
+			else
+				m_Relays.erase (it);	
+		}	
 		return nullptr;
 	}
 
@@ -94,54 +212,148 @@ namespace transport
 
 	void SSUServer::Receive ()
 	{
-		m_Socket.async_receive_from (boost::asio::buffer (m_ReceiveBuffer, SSU_MTU_V4), m_SenderEndpoint,
-			boost::bind (&SSUServer::HandleReceivedFrom, this, boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred)); 
+		SSUPacket * packet = new SSUPacket ();
+		m_Socket.async_receive_from (boost::asio::buffer (packet->buf, SSU_MTU_V4), packet->from,
+			std::bind (&SSUServer::HandleReceivedFrom, this, std::placeholders::_1, std::placeholders::_2, packet)); 
 	}
 
 	void SSUServer::ReceiveV6 ()
 	{
-		m_SocketV6.async_receive_from (boost::asio::buffer (m_ReceiveBufferV6, SSU_MTU_V6), m_SenderEndpointV6,
-			boost::bind (&SSUServer::HandleReceivedFromV6, this, boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred)); 
+		SSUPacket * packet = new SSUPacket ();
+		m_SocketV6.async_receive_from (boost::asio::buffer (packet->buf, SSU_MTU_V6), packet->from,
+			std::bind (&SSUServer::HandleReceivedFromV6, this, std::placeholders::_1, std::placeholders::_2, packet)); 
 	}	
 
-	void SSUServer::HandleReceivedFrom (const boost::system::error_code& ecode, std::size_t bytes_transferred)
+	void SSUServer::HandleReceivedFrom (const boost::system::error_code& ecode, std::size_t bytes_transferred, SSUPacket * packet)
 	{
 		if (!ecode)
 		{
-			HandleReceivedBuffer (m_SenderEndpoint, m_ReceiveBuffer, bytes_transferred);
+			packet->len = bytes_transferred;
+			std::vector<SSUPacket *> packets;
+			packets.push_back (packet);
+
+			boost::system::error_code ec;
+			size_t moreBytes = m_Socket.available(ec);
+			if (!ec)
+			{	
+				while (moreBytes && packets.size () < 25)
+				{
+					packet = new SSUPacket ();
+					packet->len = m_Socket.receive_from (boost::asio::buffer (packet->buf, SSU_MTU_V4), packet->from, 0, ec);
+					if (!ec)
+					{	
+						packets.push_back (packet);
+						moreBytes = m_Socket.available(ec);
+						if (ec) break;
+					}
+					else
+					{
+						LogPrint (eLogError, "SSU: receive_from error: ", ec.message ());
+						delete packet;
+						break;
+					}	
+				}
+			}	
+
+			m_Service.post (std::bind (&SSUServer::HandleReceivedPackets, this, packets, &m_Sessions));
 			Receive ();
 		}
 		else
-			LogPrint ("SSU receive error: ", ecode.message ());
+		{	
+			delete packet;
+			if (ecode != boost::asio::error::operation_aborted)
+			{
+				LogPrint (eLogError, "SSU: receive error: ", ecode.message ());
+				m_Socket.close ();
+				OpenSocket ();
+				Receive ();
+			}
+		}	
 	}
 
-	void SSUServer::HandleReceivedFromV6 (const boost::system::error_code& ecode, std::size_t bytes_transferred)
+	void SSUServer::HandleReceivedFromV6 (const boost::system::error_code& ecode, std::size_t bytes_transferred, SSUPacket * packet)
 	{
 		if (!ecode)
 		{
-			HandleReceivedBuffer (m_SenderEndpointV6, m_ReceiveBufferV6, bytes_transferred);
+			packet->len = bytes_transferred;
+			std::vector<SSUPacket *> packets;
+			packets.push_back (packet);
+
+			boost::system::error_code ec;
+			size_t moreBytes = m_SocketV6.available (ec);
+			if (!ec)
+			{
+				while (moreBytes && packets.size () < 25)
+				{
+					packet = new SSUPacket ();
+					packet->len = m_SocketV6.receive_from (boost::asio::buffer (packet->buf, SSU_MTU_V6), packet->from, 0, ec);
+					if (!ec)
+					{
+						packets.push_back (packet);
+						moreBytes = m_SocketV6.available(ec);
+						if (ec) break;
+					}
+					else
+					{
+						LogPrint (eLogError, "SSU: v6 receive_from error: ", ec.message ());
+						delete packet;
+						break;
+					}	
+				}
+			}
+			
+			m_ServiceV6.post (std::bind (&SSUServer::HandleReceivedPackets, this, packets, &m_SessionsV6));
 			ReceiveV6 ();
 		}
 		else
-			LogPrint ("SSU V6 receive error: ", ecode.message ());
+		{	
+			delete packet;
+			if (ecode != boost::asio::error::operation_aborted)
+			{
+				LogPrint (eLogError, "SSU: v6 receive error: ", ecode.message ());
+				m_SocketV6.close ();
+				OpenSocketV6 ();
+				ReceiveV6 ();
+			}
+		}	
 	}
 
-	void SSUServer::HandleReceivedBuffer (boost::asio::ip::udp::endpoint& from, uint8_t * buf, std::size_t bytes_transferred)
+	void SSUServer::HandleReceivedPackets (std::vector<SSUPacket *> packets, 
+		std::map<boost::asio::ip::udp::endpoint, std::shared_ptr<SSUSession> > * sessions)
 	{
-		SSUSession * session = nullptr;
-		auto it = m_Sessions.find (from);
-		if (it != m_Sessions.end ())
-			session = it->second;
-		if (!session)
+		std::shared_ptr<SSUSession> session;	
+		for (auto& packet: packets)
 		{
-			session = new SSUSession (*this, from);
-			m_Sessions[from] = session;
-			LogPrint ("New SSU session from ", from.address ().to_string (), ":", from.port (), " created");
+			try
+			{	
+				if (!session || session->GetRemoteEndpoint () != packet->from) // we received packet for other session than previous
+				{
+					if (session) session->FlushData ();
+					auto it = sessions->find (packet->from);
+					if (it != sessions->end ())
+						session = it->second;
+					if (!session)
+					{
+						session = std::make_shared<SSUSession> (*this, packet->from);
+						session->WaitForConnect ();
+						(*sessions)[packet->from] = session;
+						LogPrint (eLogDebug, "SSU: new session from ", packet->from.address ().to_string (), ":", packet->from.port (), " created");
+					}
+				}
+				session->ProcessNextMessage (packet->buf, packet->len, packet->from);
+			}	
+			catch (std::exception& ex)
+			{
+				LogPrint (eLogError, "SSU: HandleReceivedPackets ", ex.what ());
+				if (session) session->FlushData ();
+				session = nullptr;
+			}	
+			delete packet;
 		}
-		session->ProcessNextMessage (buf, bytes_transferred, from);
+		if (session) session->FlushData ();
 	}
 
-	SSUSession * SSUServer::FindSession (const i2p::data::RouterInfo * router) const
+	std::shared_ptr<SSUSession> SSUServer::FindSession (std::shared_ptr<const i2p::data::RouterInfo> router) const
 	{
 		if (!router) return nullptr;
 		auto address = router->GetSSUAddress (true); // v4 only
@@ -155,135 +367,207 @@ namespace transport
 		return FindSession (boost::asio::ip::udp::endpoint (address->host, address->port));
 	}	
 
-	SSUSession * SSUServer::FindSession (const boost::asio::ip::udp::endpoint& e) const
+	std::shared_ptr<SSUSession> SSUServer::FindSession (const boost::asio::ip::udp::endpoint& e) const
 	{
-		auto it = m_Sessions.find (e);
-		if (it != m_Sessions.end ())
+		auto& sessions = e.address ().is_v6 () ?  m_SessionsV6 : m_Sessions; 
+		auto it = sessions.find (e);
+		if (it != sessions.end ())
 			return it->second;
 		else
 			return nullptr;
 	}
-		
-	SSUSession * SSUServer::GetSession (std::shared_ptr<const i2p::data::RouterInfo> router, bool peerTest)
+	
+	void SSUServer::CreateSession (std::shared_ptr<const i2p::data::RouterInfo> router, bool peerTest, bool v4only)
+	{
+		auto address = router->GetSSUAddress (v4only || !context.SupportsV6 ());
+		if (address)
+			CreateSession (router, address->host, address->port, peerTest);
+		else
+			LogPrint (eLogWarning, "SSU: Router ", i2p::data::GetIdentHashAbbreviation (router->GetIdentHash ()), " doesn't have SSU address");
+	}
+	
+	void SSUServer::CreateSession (std::shared_ptr<const i2p::data::RouterInfo> router,
+		const boost::asio::ip::address& addr, int port, bool peerTest)
 	{
-		SSUSession * session = nullptr;
 		if (router)
 		{
-			auto address = router->GetSSUAddress (!context.SupportsV6 ());
+			if (router->UsesIntroducer ())
+				m_Service.post (std::bind (&SSUServer::CreateSessionThroughIntroducer, this, router, peerTest)); // always V4 thread
+			else
+			{
+				boost::asio::ip::udp::endpoint remoteEndpoint (addr, port);
+				auto& s = addr.is_v6 () ? m_ServiceV6 : m_Service;
+				s.post (std::bind (&SSUServer::CreateDirectSession, this, router, remoteEndpoint, peerTest));
+			}
+		}
+	}
+
+	void SSUServer::CreateDirectSession (std::shared_ptr<const i2p::data::RouterInfo> router, boost::asio::ip::udp::endpoint remoteEndpoint, bool peerTest)
+	{	
+		auto& sessions = remoteEndpoint.address ().is_v6 () ? m_SessionsV6 : m_Sessions;	
+		auto it = sessions.find (remoteEndpoint);
+		if (it != sessions.end ())
+		{	
+			auto session = it->second;
+			if (peerTest && session->GetState () == eSessionStateEstablished)
+				session->SendPeerTest ();
+		}	
+		else
+		{
+			// otherwise create new session					
+			auto session = std::make_shared<SSUSession> (*this, remoteEndpoint, router, peerTest);
+			sessions[remoteEndpoint] = session;
+			// connect 					
+			LogPrint (eLogDebug, "SSU: Creating new session to [", i2p::data::GetIdentHashAbbreviation (router->GetIdentHash ()), "] ",
+				remoteEndpoint.address ().to_string (), ":", remoteEndpoint.port ());
+			session->Connect ();
+		}
+	}
+	
+	void SSUServer::CreateSessionThroughIntroducer (std::shared_ptr<const i2p::data::RouterInfo> router, bool peerTest)
+	{
+		if (router && router->UsesIntroducer ())
+		{
+			auto address = router->GetSSUAddress (true); // v4 only for now
 			if (address)
 			{
 				boost::asio::ip::udp::endpoint remoteEndpoint (address->host, address->port);
 				auto it = m_Sessions.find (remoteEndpoint);
+				// check if session if presented alredy
 				if (it != m_Sessions.end ())
-					session = it->second;
-				else
+				{	
+					auto session = it->second;
+					if (peerTest && session->GetState () == eSessionStateEstablished)
+						session->SendPeerTest ();
+					return; 
+				}		
+				// create new session					
+				int numIntroducers = address->ssu->introducers.size ();
+				if (numIntroducers > 0)
 				{
-					// otherwise create new session					
-					session = new SSUSession (*this, remoteEndpoint, router, peerTest);
-					m_Sessions[remoteEndpoint] = session;
-					
-					if (!router->UsesIntroducer ())
+					std::shared_ptr<SSUSession> introducerSession;
+					const i2p::data::RouterInfo::Introducer * introducer = nullptr;
+					// we might have a session to introducer already
+					for (int i = 0; i < numIntroducers; i++)
 					{
-						// connect directly						
-						LogPrint ("Creating new SSU session to [", router->GetIdentHashAbbreviation (), "] ",
-							remoteEndpoint.address ().to_string (), ":", remoteEndpoint.port ());
-						session->Connect ();
-					}
-					else
-					{
-						// connect through introducer
-						int numIntroducers = address->introducers.size ();
-						if (numIntroducers > 0)
-						{
-							SSUSession * introducerSession = nullptr;
-							const i2p::data::RouterInfo::Introducer * introducer = nullptr;
-							// we might have a session to introducer already
-							for (int i = 0; i < numIntroducers; i++)
-							{
-								introducer = &(address->introducers[i]);
-								it = m_Sessions.find (boost::asio::ip::udp::endpoint (introducer->iHost, introducer->iPort));
-								if (it != m_Sessions.end ())
-								{
-									introducerSession = it->second;
-									break; 
-								}	
-							}
-
-							if (introducerSession) // session found 
-								LogPrint ("Session to introducer already exists");
-							else // create new
-							{
-								LogPrint ("Creating new session to introducer");
-								introducer = &(address->introducers[0]); // TODO:
-								boost::asio::ip::udp::endpoint introducerEndpoint (introducer->iHost, introducer->iPort);
-								introducerSession = new SSUSession (*this, introducerEndpoint, router);
-								m_Sessions[introducerEndpoint] = introducerSession;													
-							}	
-							// introduce
-							LogPrint ("Introduce new SSU session to [", router->GetIdentHashAbbreviation (), 
-									"] through introducer ", introducer->iHost, ":", introducer->iPort);
-							session->WaitForIntroduction ();	
-							if (i2p::context.GetRouterInfo ().UsesIntroducer ()) // if we are unreachable
-								Send (m_ReceiveBuffer, 0, remoteEndpoint); // send HolePunch
-							introducerSession->Introduce (introducer->iTag, introducer->iKey);
-						}
-						else
+						auto intr = &(address->ssu->introducers[i]);
+						boost::asio::ip::udp::endpoint ep (intr->iHost, intr->iPort);
+						if (ep.address ().is_v4 ()) // ipv4 only
 						{	
-							LogPrint (eLogWarning, "Can't connect to unreachable router. No introducers presented");
-							m_Sessions.erase (remoteEndpoint);
-							delete session;
-							session = nullptr;
-						}	
+							if (!introducer) introducer = intr; // we pick first one for now
+							it = m_Sessions.find (ep); 
+							if (it != m_Sessions.end ())
+							{
+								introducerSession = it->second;
+								break; 
+							}	
+						}
 					}
+					if (!introducer)
+					{
+						LogPrint (eLogWarning, "SSU: Can't connect to unreachable router and no ipv4 introducers present");
+						return;
+					}				
+
+					if (introducerSession) // session found 
+						LogPrint (eLogWarning, "SSU: Session to introducer already exists");
+					else // create new
+					{
+						LogPrint (eLogDebug, "SSU: Creating new session to introducer ", introducer->iHost);
+						boost::asio::ip::udp::endpoint introducerEndpoint (introducer->iHost, introducer->iPort);
+						introducerSession = std::make_shared<SSUSession> (*this, introducerEndpoint, router);
+						m_Sessions[introducerEndpoint] = introducerSession;													
+					}
+					// create session	
+					auto session = std::make_shared<SSUSession> (*this, remoteEndpoint, router, peerTest);
+					m_Sessions[remoteEndpoint] = session;
+					// introduce
+					LogPrint (eLogInfo, "SSU: Introduce new session to [", i2p::data::GetIdentHashAbbreviation (router->GetIdentHash ()),
+							"] through introducer ", introducer->iHost, ":", introducer->iPort);
+					session->WaitForIntroduction ();	
+					if (i2p::context.GetRouterInfo ().UsesIntroducer ()) // if we are unreachable
+					{
+						uint8_t buf[1];
+						Send (buf, 0, remoteEndpoint); // send HolePunch
+					}	
+					introducerSession->Introduce (*introducer, router);
 				}
+				else	
+					LogPrint (eLogWarning, "SSU: Can't connect to unreachable router and no introducers present");
 			}
 			else
-				LogPrint (eLogWarning, "Router ", router->GetIdentHashAbbreviation (), " doesn't have SSU address");
+				LogPrint (eLogWarning, "SSU: Router ", i2p::data::GetIdentHashAbbreviation (router->GetIdentHash ()), " doesn't have SSU address");
 		}
-		return session;
 	}
 
-	void SSUServer::DeleteSession (SSUSession * session)
+	void SSUServer::DeleteSession (std::shared_ptr<SSUSession> session)
 	{
 		if (session)
 		{
 			session->Close ();
-			m_Sessions.erase (session->GetRemoteEndpoint ());
-			delete session;
+			auto& ep = session->GetRemoteEndpoint ();
+			if (ep.address ().is_v6 ())
+				m_SessionsV6.erase (ep);
+			else
+				m_Sessions.erase (ep);
 		}	
 	}	
 
 	void SSUServer::DeleteAllSessions ()
 	{
-		for (auto it: m_Sessions)
-		{
+		for (auto& it: m_Sessions)
 			it.second->Close ();
-			delete it.second;			
-		}	
 		m_Sessions.clear ();
+
+		for (auto& it: m_SessionsV6)
+			it.second->Close ();
+		m_SessionsV6.clear ();
 	}
 
 	template<typename Filter>
-	SSUSession * SSUServer::GetRandomSession (Filter filter)
+	std::shared_ptr<SSUSession> SSUServer::GetRandomV4Session (Filter filter) // v4 only
 	{
-		std::vector<SSUSession *> filteredSessions;
-		for (auto s :m_Sessions)
+		std::vector<std::shared_ptr<SSUSession> > filteredSessions;
+		for (const auto& s :m_Sessions)
 			if (filter (s.second)) filteredSessions.push_back (s.second);
 		if (filteredSessions.size () > 0)
 		{
-			auto ind = i2p::context.GetRandomNumberGenerator ().GenerateWord32 (0, filteredSessions.size ()-1);
+			auto ind = rand () % filteredSessions.size ();
 			return filteredSessions[ind];
 		}
 		return nullptr;	
 	}
 
-	SSUSession * SSUServer::GetRandomEstablishedSession (const SSUSession * excluded)
+	std::shared_ptr<SSUSession> SSUServer::GetRandomEstablishedV4Session (std::shared_ptr<const SSUSession> excluded) // v4 only
 	{
-		return GetRandomSession (
-			[excluded](SSUSession * session)->bool 
+		return GetRandomV4Session (
+			[excluded](std::shared_ptr<SSUSession> session)->bool 
 			{ 
-				return session->GetState () == eSessionStateEstablished &&
-					session != excluded; 
+				return session->GetState () == eSessionStateEstablished && session != excluded; 
+			}
+								);
+	}
+
+	template<typename Filter>
+	std::shared_ptr<SSUSession> SSUServer::GetRandomV6Session (Filter filter) // v6 only
+	{
+		std::vector<std::shared_ptr<SSUSession> > filteredSessions;
+		for (const auto& s :m_SessionsV6)
+			if (filter (s.second)) filteredSessions.push_back (s.second);
+		if (filteredSessions.size () > 0)
+		{
+			auto ind = rand () % filteredSessions.size ();
+			return filteredSessions[ind];
+		}
+		return nullptr;	
+	}
+
+	std::shared_ptr<SSUSession> SSUServer::GetRandomEstablishedV6Session (std::shared_ptr<const SSUSession> excluded) // v6 only
+	{
+		return GetRandomV6Session (
+			[excluded](std::shared_ptr<SSUSession> session)->bool 
+			{ 
+				return session->GetState () == eSessionStateEstablished && session != excluded; 
 			}
 								);
 	}
@@ -294,17 +578,17 @@ namespace transport
 		std::set<SSUSession *> ret;
 		for (int i = 0; i < maxNumIntroducers; i++)
 		{
-			auto session = GetRandomSession (
-				[&ret, ts](SSUSession * session)->bool 
+			auto session = GetRandomV4Session (
+				[&ret, ts](std::shared_ptr<SSUSession> session)->bool 
 				{ 
-					return session->GetRelayTag () && !ret.count (session) &&
+					return session->GetRelayTag () && !ret.count (session.get ()) &&
 						session->GetState () == eSessionStateEstablished &&
 						ts < session->GetCreationTime () + SSU_TO_INTRODUCER_SESSION_DURATION; 
 				}
 											);	
 			if (session)
 			{
-				ret.insert (session);
+				ret.insert (session.get ());
 				break;
 			}	
 		}
@@ -314,19 +598,28 @@ namespace transport
 	void SSUServer::ScheduleIntroducersUpdateTimer ()
 	{
 		m_IntroducersUpdateTimer.expires_from_now (boost::posix_time::seconds(SSU_KEEP_ALIVE_INTERVAL));
-		m_IntroducersUpdateTimer.async_wait (boost::bind (&SSUServer::HandleIntroducersUpdateTimer,
-			this, boost::asio::placeholders::error));	
+		m_IntroducersUpdateTimer.async_wait (std::bind (&SSUServer::HandleIntroducersUpdateTimer,
+			this, std::placeholders::_1));	
 	}
 
 	void SSUServer::HandleIntroducersUpdateTimer (const boost::system::error_code& ecode)
 	{
-		if (!ecode)
+		if (ecode != boost::asio::error::operation_aborted)
 		{
 			// timeout expired
+			if (i2p::context.GetStatus () == eRouterStatusTesting)
+			{
+				// we still don't know if we need introducers
+				ScheduleIntroducersUpdateTimer ();
+				return;
+			}	
+			if (i2p::context.GetStatus () == eRouterStatusOK) return; // we don't need introducers anymore
+			// we are firewalled
+			if (!i2p::context.IsUnreachable ()) i2p::context.SetUnreachable ();
 			std::list<boost::asio::ip::udp::endpoint> newList;
 			size_t numIntroducers = 0;
 			uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
-			for (auto it :m_Introducers)
+			for (const auto& it : m_Introducers)
 			{	
 				auto session = FindSession (it);
 				if (session && ts < session->GetCreationTime () + SSU_TO_INTRODUCER_SESSION_DURATION)
@@ -343,22 +636,146 @@ namespace transport
 			{
 				// create new
 				auto introducers = FindIntroducers (SSU_MAX_NUM_INTRODUCERS);
-				if (introducers.size () > 0)
+				for (const auto& it1: introducers)
 				{
-					for (auto it1: introducers)
+					const auto& ep = it1->GetRemoteEndpoint ();
+					i2p::data::RouterInfo::Introducer introducer;
+					introducer.iHost = ep.address ();
+					introducer.iPort = ep.port ();
+					introducer.iTag = it1->GetRelayTag ();
+					introducer.iKey = it1->GetIntroKey ();
+					if (i2p::context.AddIntroducer (introducer))
 					{
-						auto router = it1->GetRemoteRouter ();
-						if (router && i2p::context.AddIntroducer (*router, it1->GetRelayTag ()))
-						{	
-							newList.push_back (it1->GetRemoteEndpoint ());
-							if (newList.size () >= SSU_MAX_NUM_INTRODUCERS) break;
-						}	
-					}	
-				}	
+						newList.push_back (ep);
+						if (newList.size () >= SSU_MAX_NUM_INTRODUCERS) break;
+					}
+				}
 			}	
 			m_Introducers = newList;
+			if (m_Introducers.size () < SSU_MAX_NUM_INTRODUCERS)
+			{
+				auto introducer = i2p::data::netdb.GetRandomIntroducer ();
+				if (introducer)
+					CreateSession (introducer);
+			}	
 			ScheduleIntroducersUpdateTimer ();
 		}	
+	}
+
+	void SSUServer::NewPeerTest (uint32_t nonce, PeerTestParticipant role, std::shared_ptr<SSUSession> session)
+	{
+		m_PeerTests[nonce] = { i2p::util::GetMillisecondsSinceEpoch (), role, session };
+	}
+
+	PeerTestParticipant SSUServer::GetPeerTestParticipant (uint32_t nonce)
+	{
+		auto it = m_PeerTests.find (nonce);
+		if (it != m_PeerTests.end ())
+			return it->second.role;
+		else
+			return ePeerTestParticipantUnknown;
+	}	
+
+	std::shared_ptr<SSUSession> SSUServer::GetPeerTestSession (uint32_t nonce)
+	{
+		auto it = m_PeerTests.find (nonce);
+		if (it != m_PeerTests.end ())
+			return it->second.session;
+		else
+			return nullptr;
+	}
+
+	void SSUServer::UpdatePeerTest (uint32_t nonce, PeerTestParticipant role)
+	{
+		auto it = m_PeerTests.find (nonce);
+		if (it != m_PeerTests.end ())
+			it->second.role = role;
+	}	
+	
+	void SSUServer::RemovePeerTest (uint32_t nonce)
+	{
+		m_PeerTests.erase (nonce);
+	}	
+
+	void SSUServer::SchedulePeerTestsCleanupTimer ()
+	{
+		m_PeerTestsCleanupTimer.expires_from_now (boost::posix_time::seconds(SSU_PEER_TEST_TIMEOUT));
+		m_PeerTestsCleanupTimer.async_wait (std::bind (&SSUServer::HandlePeerTestsCleanupTimer,
+			this, std::placeholders::_1));	
+	}
+
+	void SSUServer::HandlePeerTestsCleanupTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			int numDeleted = 0;	
+			uint64_t ts = i2p::util::GetMillisecondsSinceEpoch ();	
+			for (auto it = m_PeerTests.begin (); it != m_PeerTests.end ();)
+			{
+				if (ts > it->second.creationTime + SSU_PEER_TEST_TIMEOUT*1000LL)
+				{
+					numDeleted++;
+					it = m_PeerTests.erase (it);
+				}
+				else
+					++it;
+			}
+			if (numDeleted > 0)
+				LogPrint (eLogDebug, "SSU: ", numDeleted, " peer tests have been expired");
+			SchedulePeerTestsCleanupTimer ();
+		}
+	}
+
+	void SSUServer::ScheduleTermination ()
+	{
+		m_TerminationTimer.expires_from_now (boost::posix_time::seconds(SSU_TERMINATION_CHECK_TIMEOUT));
+		m_TerminationTimer.async_wait (std::bind (&SSUServer::HandleTerminationTimer,
+			this, std::placeholders::_1));
+	}
+
+	void SSUServer::HandleTerminationTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{	
+			auto ts = i2p::util::GetSecondsSinceEpoch ();
+			for (auto& it: m_Sessions)
+ 				if (it.second->IsTerminationTimeoutExpired (ts))
+				{
+					auto session = it.second;
+					m_Service.post ([session] 
+						{ 
+							LogPrint (eLogWarning, "SSU: no activity with ", session->GetRemoteEndpoint (), " for ", session->GetTerminationTimeout (), " seconds");
+							session->Failed ();
+						});	
+				}
+			ScheduleTermination ();	
+		}	
+	}	
+
+	void SSUServer::ScheduleTerminationV6 ()
+	{
+		m_TerminationTimerV6.expires_from_now (boost::posix_time::seconds(SSU_TERMINATION_CHECK_TIMEOUT));
+		m_TerminationTimerV6.async_wait (std::bind (&SSUServer::HandleTerminationTimerV6,
+			this, std::placeholders::_1));
+	}
+
+	void SSUServer::HandleTerminationTimerV6 (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{	
+			auto ts = i2p::util::GetSecondsSinceEpoch ();
+			for (auto& it: m_SessionsV6)
+ 				if (it.second->IsTerminationTimeoutExpired (ts))
+				{
+					auto session = it.second;
+					m_ServiceV6.post ([session] 
+						{ 
+							LogPrint (eLogWarning, "SSU: no activity with ", session->GetRemoteEndpoint (), " for ", session->GetTerminationTimeout (), " seconds");
+							session->Failed ();
+						});	
+				}
+			ScheduleTerminationV6 ();	
+		}	
 	}	
 }
 }

SSU.h

@@ -7,8 +7,9 @@
 #include <list>
 #include <set>
 #include <thread>
+#include <mutex>
 #include <boost/asio.hpp>
-#include "aes.h"
+#include "Crypto.h"
 #include "I2PEndian.h"
 #include "Identity.h"
 #include "RouterInfo.h"
@@ -20,65 +21,115 @@ namespace i2p
 namespace transport
 {
 	const int SSU_KEEP_ALIVE_INTERVAL = 30; // 30 seconds	
+	const int SSU_PEER_TEST_TIMEOUT = 60; // 60 seconds		
 	const int SSU_TO_INTRODUCER_SESSION_DURATION = 3600; // 1 hour
+	const int SSU_TERMINATION_CHECK_TIMEOUT = 30; // 30 seconds
 	const size_t SSU_MAX_NUM_INTRODUCERS = 3;
+	const size_t SSU_SOCKET_RECEIVE_BUFFER_SIZE = 0x1FFFF; // 128K
+	const size_t SSU_SOCKET_SEND_BUFFER_SIZE = 0x1FFFF; // 128K
+
+	struct SSUPacket
+	{
+		i2p::crypto::AESAlignedBuffer<SSU_MTU_V6 + 18> buf; // max MTU + iv + size
+		boost::asio::ip::udp::endpoint from;
+		size_t len;
+	};	
 	
 	class SSUServer
 	{
 		public:
 
 			SSUServer (int port);
+			SSUServer (const boost::asio::ip::address & addr, int port);			// ipv6 only constructor
 			~SSUServer ();
 			void Start ();
 			void Stop ();
-			SSUSession * GetSession (std::shared_ptr<const i2p::data::RouterInfo> router, bool peerTest = false);
-			SSUSession * FindSession (const i2p::data::RouterInfo * router) const;
-			SSUSession * FindSession (const boost::asio::ip::udp::endpoint& e) const;
-			SSUSession * GetRandomEstablishedSession (const SSUSession * excluded);
-			void DeleteSession (SSUSession * session);
+			void CreateSession (std::shared_ptr<const i2p::data::RouterInfo> router, bool peerTest = false, bool v4only = false);
+			void CreateSession (std::shared_ptr<const i2p::data::RouterInfo> router, 
+				const boost::asio::ip::address& addr, int port, bool peerTest = false);
+			void CreateDirectSession (std::shared_ptr<const i2p::data::RouterInfo> router, boost::asio::ip::udp::endpoint remoteEndpoint, bool peerTest);
+			std::shared_ptr<SSUSession> FindSession (std::shared_ptr<const i2p::data::RouterInfo> router) const;
+			std::shared_ptr<SSUSession> FindSession (const boost::asio::ip::udp::endpoint& e) const;
+			std::shared_ptr<SSUSession> GetRandomEstablishedV4Session (std::shared_ptr<const SSUSession> excluded);
+			std::shared_ptr<SSUSession> GetRandomEstablishedV6Session (std::shared_ptr<const SSUSession> excluded);
+			void DeleteSession (std::shared_ptr<SSUSession> session);
 			void DeleteAllSessions ();			
 
-			boost::asio::io_service& GetService () { return m_Socket.get_io_service(); };
+			boost::asio::io_service& GetService () { return m_Service; };
+			boost::asio::io_service& GetServiceV6 () { return m_ServiceV6; };
 			const boost::asio::ip::udp::endpoint& GetEndpoint () const { return m_Endpoint; };			
 			void Send (const uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& to);
-			void AddRelay (uint32_t tag, const boost::asio::ip::udp::endpoint& relay);
-			SSUSession * FindRelaySession (uint32_t tag);
+			void AddRelay (uint32_t tag, std::shared_ptr<SSUSession> relay);
+			void RemoveRelay (uint32_t tag);
+			std::shared_ptr<SSUSession> FindRelaySession (uint32_t tag);
 
+			void NewPeerTest (uint32_t nonce, PeerTestParticipant role, std::shared_ptr<SSUSession> session = nullptr);
+			PeerTestParticipant GetPeerTestParticipant (uint32_t nonce);
+			std::shared_ptr<SSUSession> GetPeerTestSession (uint32_t nonce);
+			void UpdatePeerTest (uint32_t nonce, PeerTestParticipant role);
+			void RemovePeerTest (uint32_t nonce);
+      
 		private:
 
+			void OpenSocket ();
+			void OpenSocketV6 ();
 			void Run ();
+			void RunV6 ();
+			void RunReceivers ();
+			void RunReceiversV6 ();
 			void Receive ();
 			void ReceiveV6 ();
-			void HandleReceivedFrom (const boost::system::error_code& ecode, std::size_t bytes_transferred);
-			void HandleReceivedFromV6 (const boost::system::error_code& ecode, std::size_t bytes_transferred);
-			void HandleReceivedBuffer (boost::asio::ip::udp::endpoint& from, uint8_t * buf, std::size_t bytes_transferred);
+			void HandleReceivedFrom (const boost::system::error_code& ecode, std::size_t bytes_transferred, SSUPacket * packet);
+			void HandleReceivedFromV6 (const boost::system::error_code& ecode, std::size_t bytes_transferred, SSUPacket * packet);
+			void HandleReceivedPackets (std::vector<SSUPacket *> packets,
+				std::map<boost::asio::ip::udp::endpoint, std::shared_ptr<SSUSession> >* sessions);
 
+			void CreateSessionThroughIntroducer (std::shared_ptr<const i2p::data::RouterInfo> router, bool peerTest = false);			
 			template<typename Filter>
-			SSUSession * GetRandomSession (Filter filter);
-			
+			std::shared_ptr<SSUSession> GetRandomV4Session (Filter filter);
+			template<typename Filter>
+			std::shared_ptr<SSUSession> GetRandomV6Session (Filter filter);			
+
 			std::set<SSUSession *> FindIntroducers (int maxNumIntroducers);	
 			void ScheduleIntroducersUpdateTimer ();
 			void HandleIntroducersUpdateTimer (const boost::system::error_code& ecode);
-			
+
+			void SchedulePeerTestsCleanupTimer ();
+			void HandlePeerTestsCleanupTimer (const boost::system::error_code& ecode);
+
+			// timer
+			void ScheduleTermination ();
+			void HandleTerminationTimer (const boost::system::error_code& ecode);
+			void ScheduleTerminationV6 ();
+			void HandleTerminationTimerV6 (const boost::system::error_code& ecode);
+
 		private:
 
+			struct PeerTest
+			{
+				uint64_t creationTime;
+				PeerTestParticipant role;
+				std::shared_ptr<SSUSession> session; // for Bob to Alice
+			};
+			
+			bool m_OnlyV6;			
 			bool m_IsRunning;
-			std::thread * m_Thread;	
-			boost::asio::io_service m_Service;
-			boost::asio::io_service::work m_Work;
+			std::thread * m_Thread, * m_ThreadV6, * m_ReceiversThread, * m_ReceiversThreadV6;	
+			boost::asio::io_service m_Service, m_ServiceV6, m_ReceiversService, m_ReceiversServiceV6;
+			boost::asio::io_service::work m_Work, m_WorkV6, m_ReceiversWork, m_ReceiversWorkV6;
 			boost::asio::ip::udp::endpoint m_Endpoint, m_EndpointV6;
 			boost::asio::ip::udp::socket m_Socket, m_SocketV6;
-			boost::asio::ip::udp::endpoint m_SenderEndpoint, m_SenderEndpointV6;
-			boost::asio::deadline_timer m_IntroducersUpdateTimer;
+			boost::asio::deadline_timer m_IntroducersUpdateTimer, m_PeerTestsCleanupTimer,
+				m_TerminationTimer, m_TerminationTimerV6;
 			std::list<boost::asio::ip::udp::endpoint> m_Introducers; // introducers we are connected to
-			i2p::crypto::AESAlignedBuffer<2*SSU_MTU_V4> m_ReceiveBuffer;
-			i2p::crypto::AESAlignedBuffer<2*SSU_MTU_V6> m_ReceiveBufferV6; 
-			std::map<boost::asio::ip::udp::endpoint, SSUSession *> m_Sessions;
-			std::map<uint32_t, boost::asio::ip::udp::endpoint> m_Relays; // we are introducer
-
+			std::map<boost::asio::ip::udp::endpoint, std::shared_ptr<SSUSession> > m_Sessions, m_SessionsV6;
+			std::map<uint32_t, std::shared_ptr<SSUSession> > m_Relays; // we are introducer
+			std::map<uint32_t, PeerTest> m_PeerTests; // nonce -> creation time in milliseconds
+			
 		public:
 			// for HTTP only
 			const decltype(m_Sessions)& GetSessions () const { return m_Sessions; };
+			const decltype(m_SessionsV6)& GetSessionsV6 () const { return m_SessionsV6; };
 	};
 }
 }

SSUData.cpp

@@ -5,53 +5,72 @@
 #include "NetDb.h"
 #include "SSU.h"
 #include "SSUData.h"
+#ifdef WITH_EVENTS
+#include "Event.h"
+#endif
 
 namespace i2p
 {
 namespace transport
 {
-	SSUData::SSUData (SSUSession& session):
-		m_Session (session), m_ResendTimer (session.m_Server.GetService ())
+	void IncompleteMessage::AttachNextFragment (const uint8_t * fragment, size_t fragmentSize)
+	{
+		if (msg->len + fragmentSize > msg->maxLen)
+		{
+			LogPrint (eLogWarning, "SSU: I2NP message size ", msg->maxLen, " is not enough");
+			auto newMsg = NewI2NPMessage ();
+			*newMsg = *msg;
+			msg = newMsg;
+		}
+		if (msg->Concat (fragment, fragmentSize) < fragmentSize)
+			LogPrint (eLogError, "SSU: I2NP buffer overflow ", msg->maxLen);
+		nextFragmentNum++;
+	}
+
+	SSUData::SSUData (SSUSession& session):
+		m_Session (session), m_ResendTimer (session.GetService ()), 
+		m_IncompleteMessagesCleanupTimer (session.GetService ()), 
+		m_MaxPacketSize (session.IsV6 () ? SSU_V6_MAX_PACKET_SIZE : SSU_V4_MAX_PACKET_SIZE), 
+		m_PacketSize (m_MaxPacketSize), m_LastMessageReceivedTime (0)
 	{
-		m_MaxPacketSize = session.IsV6 () ? SSU_V6_MAX_PACKET_SIZE : SSU_V4_MAX_PACKET_SIZE;
-		m_PacketSize = m_MaxPacketSize;
-		auto remoteRouter = session.GetRemoteRouter ();
-		if (remoteRouter)
-			AdjustPacketSize (*remoteRouter);
 	}
 
 	SSUData::~SSUData ()
 	{
-		for (auto it: m_IncomleteMessages)
-			if (it.second)
-			{
-				DeleteI2NPMessage (it.second->msg);
-				delete it.second;
-			}	
-		for (auto it: m_SentMessages)
-			delete it.second;
 	}
 
-	void SSUData::AdjustPacketSize (const i2p::data::RouterInfo& remoteRouter)
+	void SSUData::Start ()
 	{
-		auto ssuAddress = remoteRouter.GetSSUAddress ();
-		if (ssuAddress && ssuAddress->mtu)
+		ScheduleIncompleteMessagesCleanup ();
+	}	
+		
+	void SSUData::Stop ()
+	{
+		m_ResendTimer.cancel ();
+		m_IncompleteMessagesCleanupTimer.cancel ();
+	}	
+		
+	void SSUData::AdjustPacketSize (std::shared_ptr<const i2p::data::RouterInfo> remoteRouter)
+	{
+		if (!remoteRouter) return;
+		auto ssuAddress = remoteRouter->GetSSUAddress ();
+		if (ssuAddress && ssuAddress->ssu->mtu)
 		{
 			if (m_Session.IsV6 ())
-				m_PacketSize = ssuAddress->mtu - IPV6_HEADER_SIZE - UDP_HEADER_SIZE;
+				m_PacketSize = ssuAddress->ssu->mtu - IPV6_HEADER_SIZE - UDP_HEADER_SIZE;
 			else
-				m_PacketSize = ssuAddress->mtu - IPV4_HEADER_SIZE - UDP_HEADER_SIZE;
+				m_PacketSize = ssuAddress->ssu->mtu - IPV4_HEADER_SIZE - UDP_HEADER_SIZE;
 			if (m_PacketSize > 0)
 			{
 				// make sure packet size multiple of 16
 				m_PacketSize >>= 4;
 				m_PacketSize <<= 4;
 				if (m_PacketSize > m_MaxPacketSize) m_PacketSize = m_MaxPacketSize;
-				LogPrint ("MTU=", ssuAddress->mtu, " packet size=", m_PacketSize); 
+				LogPrint (eLogDebug, "SSU: MTU=", ssuAddress->ssu->mtu, " packet size=", m_PacketSize);
 			}
 			else
 			{	
-				LogPrint (eLogWarning, "Unexpected MTU ", ssuAddress->mtu);
+				LogPrint (eLogWarning, "SSU: Unexpected MTU ", ssuAddress->ssu->mtu);
 				m_PacketSize = m_MaxPacketSize;
 			}	
 		}		
@@ -61,7 +80,7 @@ namespace transport
 	{
  		auto routerInfo = i2p::data::netdb.FindRouter (remoteIdent);
 		if (routerInfo)
-			AdjustPacketSize (*routerInfo);
+			AdjustPacketSize (routerInfo);
 	}
 
 	void SSUData::ProcessSentMessageAck (uint32_t msgID)
@@ -69,7 +88,6 @@ namespace transport
 		auto it = m_SentMessages.find (msgID);
 		if (it != m_SentMessages.end ())
 		{
-			delete it->second;
 			m_SentMessages.erase (it);	
 			if (m_SentMessages.empty ())
 				m_ResendTimer.cancel ();
@@ -84,7 +102,7 @@ namespace transport
 			uint8_t numAcks =*buf;
 			buf++;
 			for (int i = 0; i < numAcks; i++)
-				ProcessSentMessageAck (be32toh (((uint32_t *)buf)[i]));
+				ProcessSentMessageAck (bufbe32toh (buf+i*4));
 			buf += numAcks*4;
 		}
 		if (flag & DATA_FLAG_ACK_BITFIELDS_INCLUDED)
@@ -94,7 +112,7 @@ namespace transport
 			buf++;
 			for (int i = 0; i < numBitfields; i++)
 			{
-				uint32_t msgID = be32toh (*(uint32_t *)buf);
+				uint32_t msgID = bufbe32toh (buf);
 				buf += 4; // msgID
 				auto it = m_SentMessages.find (msgID);		
 				// process individual Ack bitfields
@@ -115,10 +133,7 @@ namespace transport
 							if (bitfield & mask)
 							{
 								if (fragment < numSentFragments)
-								{
-									delete it->second->fragments[fragment];
-									it->second->fragments[fragment] = nullptr;
-								}	
+									it->second->fragments[fragment].reset (nullptr);
 							}				
 							fragment++;
 							mask <<= 1;
@@ -137,86 +152,71 @@ namespace transport
 		buf++;
 		for (int i = 0; i < numFragments; i++)
 		{	
-			uint32_t msgID = be32toh (*(uint32_t *)buf); // message ID
+			uint32_t msgID = bufbe32toh (buf); // message ID
 			buf += 4;
-			uint8_t frag[4];
-			frag[0] = 0;
+			uint8_t frag[4] = {0};
 			memcpy (frag + 1, buf, 3);
 			buf += 3;
-			uint32_t fragmentInfo = be32toh (*(uint32_t *)frag); // fragment info
-			uint16_t fragmentSize = fragmentInfo & 0x1FFF; // bits 0 - 13
+			uint32_t fragmentInfo = bufbe32toh (frag); // fragment info
+			uint16_t fragmentSize = fragmentInfo & 0x3FFF; // bits 0 - 13
 			bool isLast = fragmentInfo & 0x010000; // bit 16	
-			uint8_t fragmentNum = fragmentInfo >> 17; // bits 23 - 17
-			LogPrint (eLogDebug, "SSU data fragment ", (int)fragmentNum, " of message ", msgID, " size=", (int)fragmentSize, isLast ? " last" : " non-last"); 		
+			uint8_t fragmentNum = fragmentInfo >> 17; // bits 23 - 17 		
 			if (fragmentSize >= SSU_V4_MAX_PACKET_SIZE)
 			{
-				LogPrint (eLogError, "Fragment size ", fragmentSize, "exceeds max SSU packet size");
+				LogPrint (eLogError, "SSU: Fragment size ", fragmentSize, " exceeds max SSU packet size");
 				return;
 			}
 
 			//  find message with msgID
-			I2NPMessage * msg = nullptr;
-			IncompleteMessage * incompleteMessage = nullptr;
-			auto it = m_IncomleteMessages.find (msgID);
-			if (it != m_IncomleteMessages.end ()) 
-			{	
-				// message exists
-				incompleteMessage = it->second;
-				msg = incompleteMessage->msg;
-			}	
-			else
+			auto it = m_IncompleteMessages.find (msgID);
+			if (it == m_IncompleteMessages.end ()) 
 			{
 				// create new message
-				msg = NewI2NPMessage ();
-				msg->len -= sizeof (I2NPHeaderShort);
-				incompleteMessage = new IncompleteMessage (msg);
-				m_IncomleteMessages[msgID] = incompleteMessage;
-			}	
+				auto msg = NewI2NPShortMessage ();
+				msg->len -= I2NP_SHORT_HEADER_SIZE;
+				it = m_IncompleteMessages.insert (std::make_pair (msgID, 
+					std::unique_ptr<IncompleteMessage>(new IncompleteMessage (msg)))).first;
+			}
+			std::unique_ptr<IncompleteMessage>& incompleteMessage = it->second;
 
 			// handle current fragment
 			if (fragmentNum == incompleteMessage->nextFragmentNum)
 			{
 				// expected fragment
-				memcpy (msg->buf + msg->len, buf, fragmentSize);
-				msg->len += fragmentSize;
-				incompleteMessage->nextFragmentNum++;
+				incompleteMessage->AttachNextFragment (buf, fragmentSize);
 				if (!isLast && !incompleteMessage->savedFragments.empty ())
 				{
 					// try saved fragments
 					for (auto it1 = incompleteMessage->savedFragments.begin (); it1 != incompleteMessage->savedFragments.end ();)
 					{
-						auto savedFragment = *it1;
+						auto& savedFragment = *it1;
 						if (savedFragment->fragmentNum == incompleteMessage->nextFragmentNum)
 						{
-							memcpy (msg->buf + msg->len, savedFragment->buf, savedFragment->len);
-							msg->len += savedFragment->len;
+							incompleteMessage->AttachNextFragment (savedFragment->buf, savedFragment->len);
 							isLast = savedFragment->isLast;
-							incompleteMessage->nextFragmentNum++;
 							incompleteMessage->savedFragments.erase (it1++);
-							delete savedFragment;
 						}
 						else
 							break;
 					}
 					if (isLast)
-						LogPrint (eLogDebug, "Message ", msgID, " complete");
+						LogPrint (eLogDebug, "SSU: Message ", msgID, " complete");
 				}	
 			}	
 			else
 			{	
 				if (fragmentNum < incompleteMessage->nextFragmentNum)
 					// duplicate fragment
-					LogPrint (eLogWarning, "Duplicate fragment ", (int)fragmentNum, " of message ", msgID, ". Ignored");	
+					LogPrint (eLogWarning, "SSU: Duplicate fragment ", (int)fragmentNum, " of message ", msgID, ", ignored");
 				else
 				{
 					// missing fragment
-					LogPrint (eLogWarning, "Missing fragments from ", (int)incompleteMessage->nextFragmentNum, " to ", fragmentNum - 1, " of message ", msgID);	
+					LogPrint (eLogWarning, "SSU: Missing fragments from ", (int)incompleteMessage->nextFragmentNum, " to ", fragmentNum - 1, " of message ", msgID);
 					auto savedFragment = new Fragment (fragmentNum, buf, fragmentSize, isLast);
-					if (!incompleteMessage->savedFragments.insert (savedFragment).second)
-					{
-						LogPrint (eLogWarning, "Fragment ", (int)fragmentNum, " of message ", msgID, " already saved");
-						delete savedFragment;
-					}	
+					if (incompleteMessage->savedFragments.insert (std::unique_ptr<Fragment>(savedFragment)).second)
+						incompleteMessage->lastFragmentInsertTime = i2p::util::GetSecondsSinceEpoch ();
+					else	
+						LogPrint (eLogWarning, "SSU: Fragment ", (int)fragmentNum, " of message ", msgID, " already saved");
 				}
 				isLast = false;
 			}	
@@ -224,8 +224,9 @@ namespace transport
 			if (isLast)
 			{
 				// delete incomplete message
-				delete incompleteMessage;
-				m_IncomleteMessages.erase (msgID);				
+				auto msg = incompleteMessage->msg;
+				incompleteMessage->msg = nullptr;
+				m_IncompleteMessages.erase (msgID);				
 				// process message
 				SendMsgAck (msgID);
 				msg->FromSSU (msgID);
@@ -233,27 +234,31 @@ namespace transport
 				{
 					if (!m_ReceivedMessages.count (msgID))
 					{	
-						if (m_ReceivedMessages.size () > 100) m_ReceivedMessages.clear ();
 						m_ReceivedMessages.insert (msgID);
-						i2p::HandleI2NPMessage (msg);
+						m_LastMessageReceivedTime = i2p::util::GetSecondsSinceEpoch ();
+						if (!msg->IsExpired ()) 
+						{
+#ifdef WITH_EVENTS
+							QueueIntEvent("transport.recvmsg", m_Session.GetIdentHashBase64(), 1);
+#endif
+							m_Handler.PutNextMessage (msg);
+						}
+						else
+							LogPrint (eLogDebug, "SSU: message expired");
 					}	
 					else
-					{
-						LogPrint (eLogWarning, "SSU message ", msgID, " already received");						
-						i2p::DeleteI2NPMessage (msg);
-					}	
+						LogPrint (eLogWarning, "SSU: Message ", msgID, " already received");
 				}	
 				else
 				{
 					// we expect DeliveryStatus
-					if (msg->GetHeader ()->typeID == eI2NPDeliveryStatus)
+					if (msg->GetTypeID () == eI2NPDeliveryStatus)
 					{
-						LogPrint ("SSU session established");
+						LogPrint (eLogDebug, "SSU: session established");
 						m_Session.Established ();
 					}	
 					else
-						LogPrint (eLogError, "SSU unexpected message ", (int)msg->GetHeader ()->typeID);
-					DeleteI2NPMessage (msg);
+						LogPrint (eLogError, "SSU: unexpected message ", (int)msg->GetTypeID ());
 				}	
 			}	
 			else
@@ -262,12 +267,17 @@ namespace transport
 		}	
 	}
 
+	void SSUData::FlushReceivedMessage ()
+	{
+		m_Handler.Flush ();
+	}	
+		
 	void SSUData::ProcessMessage (uint8_t * buf, size_t len)
 	{
 		//uint8_t * start = buf;
 		uint8_t flag = *buf;
 		buf++;
-		LogPrint (eLogDebug, "Process SSU data flags=", (int)flag);
+		LogPrint (eLogDebug, "SSU: Process data, flags=", (int)flag, ", len=", len);
 		// process acks if presented
 		if (flag & (DATA_FLAG_ACK_BITFIELDS_INCLUDED | DATA_FLAG_EXPLICIT_ACKS_INCLUDED))
 			ProcessAcks (buf, flag);
@@ -276,30 +286,32 @@ namespace transport
 		{
 			uint8_t extendedDataSize = *buf;
 			buf++; // size
-			LogPrint (eLogDebug, "SSU extended data of ", extendedDataSize, " bytes presented");
+			LogPrint (eLogDebug, "SSU: extended data of ", extendedDataSize, " bytes present");
 			buf += extendedDataSize;
 		}
 		// process data
 		ProcessFragments (buf);
 	}
 
-	void SSUData::Send (i2p::I2NPMessage * msg)
+	void SSUData::Send (std::shared_ptr<i2p::I2NPMessage> msg)
 	{
 		uint32_t msgID = msg->ToSSU ();
 		if (m_SentMessages.count (msgID) > 0)
 		{
-			LogPrint (eLogWarning, "SSU message ", msgID, " already sent");
-			DeleteI2NPMessage (msg);
+			LogPrint (eLogWarning, "SSU: message ", msgID, " already sent");
 			return;
 		}	
 		if (m_SentMessages.empty ()) // schedule resend at first message only
 			ScheduleResend ();
-		SentMessage * sentMessage = new SentMessage;
-		m_SentMessages[msgID] = sentMessage; 
-		sentMessage->nextResendTime = i2p::util::GetSecondsSinceEpoch () + RESEND_INTERVAL;
-		sentMessage->numResends = 0;
+		
+		auto ret = m_SentMessages.insert (std::make_pair (msgID, std::unique_ptr<SentMessage>(new SentMessage))); 
+		std::unique_ptr<SentMessage>& sentMessage = ret.first->second;
+		if (ret.second)	
+		{
+			sentMessage->nextResendTime = i2p::util::GetSecondsSinceEpoch () + RESEND_INTERVAL;
+			sentMessage->numResends = 0;
+		}	
 		auto& fragments = sentMessage->fragments;
-		msgID = htobe32 (msgID);	
 		size_t payloadSize = m_PacketSize - sizeof (SSUHeader) - 9; // 9  =  flag + #frg(1) + messageID(4) + frag info (3) 
 		size_t len = msg->GetLength ();
 		uint8_t * msgBuf = msg->GetSSUHeader ();
@@ -310,13 +322,12 @@ namespace transport
 			Fragment * fragment = new Fragment;
 			fragment->fragmentNum = fragmentNum;
 			uint8_t * buf = fragment->buf;
-			fragments.push_back (fragment);
 			uint8_t	* payload = buf + sizeof (SSUHeader);
 			*payload = DATA_FLAG_WANT_REPLY; // for compatibility
 			payload++;
 			*payload = 1; // always 1 message fragment per message
 			payload++;
-			*(uint32_t *)payload = msgID;
+			htobe32buf (payload, msgID);
 			payload += 4;
 			bool isLast = (len <= payloadSize);
 			size_t size = isLast ? len : payloadSize;
@@ -334,11 +345,18 @@ namespace transport
 			if (size & 0x0F) // make sure 16 bytes boundary
 				size = ((size >> 4) + 1) << 4; // (/16 + 1)*16
 			fragment->len = size; 
+			fragments.push_back (std::unique_ptr<Fragment> (fragment));
 			
 			// encrypt message with session key
 			m_Session.FillHeaderAndEncrypt (PAYLOAD_TYPE_DATA, buf, size);
-			m_Session.Send (buf, size);
-
+			try
+			{	
+				m_Session.Send (buf, size);
+			}
+			catch (boost::system::system_error& ec)
+			{
+				LogPrint (eLogWarning, "SSU: Can't send data fragment ", ec.what ());
+			}	
 			if (!isLast)
 			{	
 				len -= payloadSize;
@@ -348,18 +366,17 @@ namespace transport
 				len = 0;
 			fragmentNum++;
 		}	
-		DeleteI2NPMessage (msg);
 	}		
 
 	void SSUData::SendMsgAck (uint32_t msgID)
 	{
-		uint8_t buf[48 + 18]; // actual length is 44 = 37 + 7 but pad it to multiple of 16
+		uint8_t buf[48 + 18] = {0}; // actual length is 44 = 37 + 7 but pad it to multiple of 16
 		uint8_t * payload = buf + sizeof (SSUHeader);
 		*payload = DATA_FLAG_EXPLICIT_ACKS_INCLUDED; // flag
 		payload++;
 		*payload = 1; // number of ACKs
 		payload++;
-		*(uint32_t *)(payload) = htobe32 (msgID); // msgID	
+		htobe32buf (payload, msgID); // msgID
 		payload += 4;
 		*payload = 0; // number of fragments
 
@@ -372,10 +389,10 @@ namespace transport
 	{
 		if (fragmentNum > 64)
 		{
-			LogPrint (eLogWarning, "Fragment number ", fragmentNum, " exceeds 64");
+			LogPrint (eLogWarning, "SSU: Fragment number ", fragmentNum, " exceeds 64");
 			return;
 		}
-		uint8_t buf[64 + 18];
+		uint8_t buf[64 + 18] = {0};
 		uint8_t * payload = buf + sizeof (SSUHeader);
 		*payload = DATA_FLAG_ACK_BITFIELDS_INCLUDED; // flag
 		payload++;	
@@ -401,27 +418,91 @@ namespace transport
 	{		
 		m_ResendTimer.cancel ();
 		m_ResendTimer.expires_from_now (boost::posix_time::seconds(RESEND_INTERVAL));
-		m_ResendTimer.async_wait (boost::bind (&SSUData::HandleResendTimer,
-			this, boost::asio::placeholders::error));
+		auto s = m_Session.shared_from_this();
+		m_ResendTimer.async_wait ([s](const boost::system::error_code& ecode)
+			{ s->m_Data.HandleResendTimer (ecode); });
 	}
-		
+
 	void SSUData::HandleResendTimer (const boost::system::error_code& ecode)
 	{
 		if (ecode != boost::asio::error::operation_aborted)
 		{
 			uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
-			for (auto it : m_SentMessages)
+			int numResent = 0;
+			for (auto it = m_SentMessages.begin (); it != m_SentMessages.end ();)
 			{
-				if (ts >= it.second->nextResendTime && it.second->numResends < MAX_NUM_RESENDS)
+				if (ts >= it->second->nextResendTime)
 				{	
-					for (auto f: it.second->fragments)
-						if (f) m_Session.Send (f->buf, f->len); // resend
+					if (it->second->numResends < MAX_NUM_RESENDS)
+					{
+						for (auto& f: it->second->fragments)
+							if (f)
+							{
+								try
+								{
+									m_Session.Send (f->buf, f->len); // resend
+									numResent++;
+								}
+								catch (boost::system::system_error& ec)
+								{
+									LogPrint (eLogWarning, "SSU: Can't resend data fragment ", ec.what ());
+								}
+							}
 
-					it.second->numResends++;
-					it.second->nextResendTime += it.second->numResends*RESEND_INTERVAL;
+						it->second->numResends++;
+						it->second->nextResendTime += it->second->numResends*RESEND_INTERVAL;
+						++it;
+					}	
+					else
+					{
+						LogPrint (eLogInfo, "SSU: message has not been ACKed after ", MAX_NUM_RESENDS, " attempts, deleted");
+						it = m_SentMessages.erase (it);
+					}	
 				}	
+				else
+					++it;
 			}
-			ScheduleResend ();	
+			if (m_SentMessages.empty ()) return; // nothing to resend
+			if (numResent < MAX_OUTGOING_WINDOW_SIZE)
+				ScheduleResend ();
+			else
+			{
+				LogPrint (eLogError, "SSU: resend window exceeds max size. Session terminated");
+				m_Session.Close ();
+			}	
+		}	
+	}	
+
+	void SSUData::ScheduleIncompleteMessagesCleanup ()
+	{
+		m_IncompleteMessagesCleanupTimer.cancel ();
+		m_IncompleteMessagesCleanupTimer.expires_from_now (boost::posix_time::seconds(INCOMPLETE_MESSAGES_CLEANUP_TIMEOUT));
+		auto s = m_Session.shared_from_this();
+		m_IncompleteMessagesCleanupTimer.async_wait ([s](const boost::system::error_code& ecode)
+			{ s->m_Data.HandleIncompleteMessagesCleanupTimer (ecode); });
+	}
+		
+	void SSUData::HandleIncompleteMessagesCleanupTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
+			for (auto it = m_IncompleteMessages.begin (); it != m_IncompleteMessages.end ();)
+			{
+				if (ts > it->second->lastFragmentInsertTime + INCOMPLETE_MESSAGES_CLEANUP_TIMEOUT)
+				{
+					LogPrint (eLogWarning, "SSU: message ", it->first, " was not completed  in ", INCOMPLETE_MESSAGES_CLEANUP_TIMEOUT, " seconds, deleted");
+					it = m_IncompleteMessages.erase (it);
+				}	
+				else
+					++it;
+			}	
+			// decay
+			if (m_ReceivedMessages.size () > MAX_NUM_RECEIVED_MESSAGES ||
+			    i2p::util::GetSecondsSinceEpoch () > m_LastMessageReceivedTime + DECAY_INTERVAL)
+				m_ReceivedMessages.clear ();
+			
+			ScheduleIncompleteMessagesCleanup ();
 		}	
 	}	
 }

SSUData.h

@@ -5,7 +5,8 @@
 #include <string.h>
 #include <map>
 #include <vector>
-#include <set>
+#include <unordered_set>
+#include <memory>
 #include <boost/asio.hpp>
 #include "I2NPProtocol.h"
 #include "Identity.h"
@@ -17,14 +18,22 @@ namespace transport
 {
 
 	const size_t SSU_MTU_V4 = 1484;
-	const size_t SSU_MTU_V6 = 1472;
+	#ifdef MESHNET
+	const size_t SSU_MTU_V6 = 1286;
+	#else
+	const size_t SSU_MTU_V6 = 1488;
+	#endif
 	const size_t IPV4_HEADER_SIZE = 20;
 	const size_t IPV6_HEADER_SIZE = 40;	
 	const size_t UDP_HEADER_SIZE = 8;
 	const size_t SSU_V4_MAX_PACKET_SIZE = SSU_MTU_V4 - IPV4_HEADER_SIZE - UDP_HEADER_SIZE; // 1456
-	const size_t SSU_V6_MAX_PACKET_SIZE = SSU_MTU_V6 - IPV6_HEADER_SIZE - UDP_HEADER_SIZE; // 1424
+	const size_t SSU_V6_MAX_PACKET_SIZE = SSU_MTU_V6 - IPV6_HEADER_SIZE - UDP_HEADER_SIZE; // 1440
 	const int RESEND_INTERVAL = 3; // in seconds
 	const int MAX_NUM_RESENDS = 5;
+	const int DECAY_INTERVAL = 20; // in seconds
+	const int INCOMPLETE_MESSAGES_CLEANUP_TIMEOUT = 30; // in seconds
+	const unsigned int MAX_NUM_RECEIVED_MESSAGES = 1000; // how many msgID we store for duplicates check
+	const int MAX_OUTGOING_WINDOW_SIZE = 200; // how many unacked message we can store
 	// data flags
 	const uint8_t DATA_FLAG_EXTENDED_DATA_INCLUDED = 0x02;
 	const uint8_t DATA_FLAG_WANT_REPLY = 0x04;
@@ -47,7 +56,7 @@ namespace transport
 
 	struct FragmentCmp
 	{
-		bool operator() (const Fragment * f1, const Fragment * f2) const
+		bool operator() (const std::unique_ptr<Fragment>& f1, const std::unique_ptr<Fragment>& f2) const
   		{	
 			return f1->fragmentNum < f2->fragmentNum; 
 		};
@@ -55,21 +64,20 @@ namespace transport
 	
 	struct IncompleteMessage
 	{
-		I2NPMessage * msg;
+		std::shared_ptr<I2NPMessage> msg;
 		int nextFragmentNum;	
-		std::set<Fragment *, FragmentCmp> savedFragments;
+		uint32_t lastFragmentInsertTime; // in seconds
+		std::set<std::unique_ptr<Fragment>, FragmentCmp> savedFragments;
 		
-		IncompleteMessage (I2NPMessage * m): msg (m), nextFragmentNum (0) {};
-		~IncompleteMessage () { for (auto it: savedFragments) { delete it; }; };
+		IncompleteMessage (std::shared_ptr<I2NPMessage> m): msg (m), nextFragmentNum (0), lastFragmentInsertTime (0) {};
+		void AttachNextFragment (const uint8_t * fragment, size_t fragmentSize);	
 	};
 
 	struct SentMessage
 	{
-		std::vector<Fragment *> fragments;
+		std::vector<std::unique_ptr<Fragment> > fragments;
 		uint32_t nextResendTime; // in seconds
 		int numResends;
-
-		~SentMessage () { for (auto it: fragments) { delete it; }; };
 	};	
 	
 	class SSUSession;
@@ -77,12 +85,17 @@ namespace transport
 	{
 		public:
 
-			SSUData (SSUSession& session);
+			SSUData (SSUSession& session); 
 			~SSUData ();
 
+			void Start ();
+			void Stop ();	
+			
 			void ProcessMessage (uint8_t * buf, size_t len);
-			void Send (i2p::I2NPMessage * msg);
+			void FlushReceivedMessage ();
+			void Send (std::shared_ptr<i2p::I2NPMessage> msg);
 
+			void AdjustPacketSize (std::shared_ptr<const i2p::data::RouterInfo> remoteRouter);	
 			void UpdatePacketSize (const i2p::data::IdentHash& remoteIdent);
 
 		private:
@@ -95,17 +108,21 @@ namespace transport
 
 			void ScheduleResend ();
 			void HandleResendTimer (const boost::system::error_code& ecode);	
+
+			void ScheduleIncompleteMessagesCleanup ();
+			void HandleIncompleteMessagesCleanupTimer (const boost::system::error_code& ecode);	
 			
-			void AdjustPacketSize (const i2p::data::RouterInfo& remoteRouter);	
 			
 		private:	
 
 			SSUSession& m_Session;
-			std::map<uint32_t, IncompleteMessage *> m_IncomleteMessages;
-			std::map<uint32_t, SentMessage *> m_SentMessages;
-			std::set<uint32_t> m_ReceivedMessages;
-			boost::asio::deadline_timer m_ResendTimer;
+			std::map<uint32_t, std::unique_ptr<IncompleteMessage> > m_IncompleteMessages;
+			std::map<uint32_t, std::unique_ptr<SentMessage> > m_SentMessages;
+			std::unordered_set<uint32_t> m_ReceivedMessages;
+			boost::asio::deadline_timer m_ResendTimer, m_IncompleteMessagesCleanupTimer;
 			int m_MaxPacketSize, m_PacketSize;
+			i2p::I2NPMessagesHandler m_Handler;
+			uint32_t m_LastMessageReceivedTime; // in second
 	};	
 }
 }

SSUSession.h

@@ -3,10 +3,8 @@
 
 #include <inttypes.h>
 #include <set>
-#include <list>
-#include <boost/asio.hpp>
-#include "aes.h"
-#include "hmac.h"
+#include <memory>
+#include "Crypto.h"
 #include "I2NPProtocol.h"
 #include "TransportSession.h"
 #include "SSUData.h"
@@ -15,20 +13,21 @@ namespace i2p
 {
 namespace transport
 {
-#pragma pack(1)
+	const uint8_t SSU_HEADER_EXTENDED_OPTIONS_INCLUDED = 0x04;
 	struct SSUHeader
 	{
 		uint8_t mac[16];
 		uint8_t iv[16];
 		uint8_t flag;
-		uint32_t time;	
+		uint8_t time[4];	
 
 		uint8_t GetPayloadType () const { return flag >> 4; };
+		bool IsExtendedOptions () const { return flag & SSU_HEADER_EXTENDED_OPTIONS_INCLUDED; };	
 	};
-#pragma pack()
 
 	const int SSU_CONNECT_TIMEOUT = 5; // 5 seconds
 	const int SSU_TERMINATION_TIMEOUT = 330; // 5.5 minutes
+	const int SSU_CLOCK_SKEW = 60; // in seconds 
 
 	// payload types (4 bits)
 	const uint8_t PAYLOAD_TYPE_SESSION_REQUEST = 0;
@@ -41,16 +40,29 @@ namespace transport
 	const uint8_t PAYLOAD_TYPE_PEER_TEST = 7;
 	const uint8_t PAYLOAD_TYPE_SESSION_DESTROYED = 8;
 
+	// extended options
+	const uint16_t EXTENDED_OPTIONS_FLAG_REQUEST_RELAY_TAG = 0x0001;
+
 	enum SessionState
 	{
 		eSessionStateUnknown,	
 		eSessionStateIntroduced,
 		eSessionStateEstablished,
+		eSessionStateClosed,
 		eSessionStateFailed
 	};	
 
+	enum PeerTestParticipant
+	{
+		ePeerTestParticipantUnknown = 0,
+		ePeerTestParticipantAlice1,
+		ePeerTestParticipantAlice2,
+		ePeerTestParticipantBob,
+		ePeerTestParticipantCharlie
+	};
+	
 	class SSUServer;
-	class SSUSession: public TransportSession
+	class SSUSession: public TransportSession, public std::enable_shared_from_this<SSUSession>
 	{
 		public:
 
@@ -60,12 +72,16 @@ namespace transport
 			~SSUSession ();
 			
 			void Connect ();
-			void Introduce (uint32_t iTag, const uint8_t * iKey);
+			void WaitForConnect ();
+			void Introduce (const i2p::data::RouterInfo::Introducer& introducer, 
+				std::shared_ptr<const i2p::data::RouterInfo> to); // Alice to Charlie
 			void WaitForIntroduction ();
 			void Close ();
+			void Done ();
+			void Failed ();
 			boost::asio::ip::udp::endpoint& GetRemoteEndpoint () { return m_RemoteEndpoint; };
 			bool IsV6 () const { return m_RemoteEndpoint.address ().is_v6 (); };
-			void SendI2NPMessage (I2NPMessage * msg);
+			void SendI2NPMessages (const std::vector<std::shared_ptr<I2NPMessage> >& msgs);
 			void SendPeerTest (); // Alice			
 
 			SessionState GetState () const  { return m_State; };
@@ -74,67 +90,69 @@ namespace transport
 			
 			void SendKeepAlive ();	
 			uint32_t GetRelayTag () const { return m_RelayTag; };	
+			const i2p::data::RouterInfo::IntroKey& GetIntroKey () const { return m_IntroKey; };
 			uint32_t GetCreationTime () const { return m_CreationTime; };
 
+			void FlushData ();
+			
 		private:
 
+			boost::asio::io_service& GetService ();
 			void CreateAESandMacKey (const uint8_t * pubKey); 
-
-			void PostI2NPMessage (I2NPMessage * msg);
+			size_t GetSSUHeaderSize (const uint8_t * buf) const;
+			void PostI2NPMessages (std::vector<std::shared_ptr<I2NPMessage> > msgs);
 			void ProcessMessage (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint); // call for established session
-			void ProcessSessionRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
+			void ProcessSessionRequest (const uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
 			void SendSessionRequest ();
-			void SendRelayRequest (uint32_t iTag, const uint8_t * iKey);
+			void SendRelayRequest (const i2p::data::RouterInfo::Introducer& introducer, uint32_t nonce);
 			void ProcessSessionCreated (uint8_t * buf, size_t len);
-			void SendSessionCreated (const uint8_t * x);
-			void ProcessSessionConfirmed (uint8_t * buf, size_t len);
+			void SendSessionCreated (const uint8_t * x, bool sendRelayTag = true);
+			void ProcessSessionConfirmed (const uint8_t * buf, size_t len);
 			void SendSessionConfirmed (const uint8_t * y, const uint8_t * ourAddress, size_t ourAddressLen);
-			void ProcessRelayRequest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& from);
+			void ProcessRelayRequest (const uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& from);
 			void SendRelayResponse (uint32_t nonce, const boost::asio::ip::udp::endpoint& from,
 				const uint8_t * introKey, const boost::asio::ip::udp::endpoint& to);
-			void SendRelayIntro (SSUSession * session, const boost::asio::ip::udp::endpoint& from);
-			void ProcessRelayResponse (uint8_t * buf, size_t len);
-			void ProcessRelayIntro (uint8_t * buf, size_t len);
+			void SendRelayIntro (std::shared_ptr<SSUSession> session, const boost::asio::ip::udp::endpoint& from);
+			void ProcessRelayResponse (const uint8_t * buf, size_t len);
+			void ProcessRelayIntro (const uint8_t * buf, size_t len);
 			void Established ();
-			void Failed ();
 			void ScheduleConnectTimer ();
 			void HandleConnectTimer (const boost::system::error_code& ecode);
-			void ProcessPeerTest (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
-			void SendPeerTest (uint32_t nonce, uint32_t address, uint16_t port, const uint8_t * introKey, bool toAddress = true); 
+			void ProcessPeerTest (const uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& senderEndpoint);
+			void SendPeerTest (uint32_t nonce, const boost::asio::ip::address& address, uint16_t port, const uint8_t * introKey, bool toAddress = true, bool sendAddress = true); 
 			void ProcessData (uint8_t * buf, size_t len);		
 			void SendSesionDestroyed ();
 			void Send (uint8_t type, const uint8_t * payload, size_t len); // with session key
 			void Send (const uint8_t * buf, size_t size); 
 			
-			void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, const uint8_t * aesKey, const uint8_t * iv, const uint8_t * macKey);
+			void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len, const i2p::crypto::AESKey& aesKey, 
+				const uint8_t * iv, const i2p::crypto::MACKey& macKey, uint8_t flag = 0);
 			void FillHeaderAndEncrypt (uint8_t payloadType, uint8_t * buf, size_t len); // with session key 
-			void Decrypt (uint8_t * buf, size_t len, const uint8_t * aesKey);
+			void Decrypt (uint8_t * buf, size_t len, const i2p::crypto::AESKey& aesKey);
 			void DecryptSessionKey (uint8_t * buf, size_t len);
-			bool Validate (uint8_t * buf, size_t len, const uint8_t * macKey);			
-			const uint8_t * GetIntroKey () const; 
-
-			void ScheduleTermination ();
-			void HandleTerminationTimer (const boost::system::error_code& ecode);
+			bool Validate (uint8_t * buf, size_t len, const i2p::crypto::MACKey& macKey);			
 
 		private:
 	
 			friend class SSUData; // TODO: change in later
 			SSUServer& m_Server;
 			boost::asio::ip::udp::endpoint m_RemoteEndpoint;
-			boost::asio::deadline_timer m_Timer;
-			bool m_PeerTest;
+			boost::asio::deadline_timer m_ConnectTimer;
+			bool m_IsPeerTest;
 			SessionState m_State;
 			bool m_IsSessionKey;
-			uint32_t m_RelayTag;	
-			std::set<uint32_t> m_PeerTestNonces;
+			uint32_t m_RelayTag; // received from peer
+			uint32_t m_SentRelayTag; // sent by us
 			i2p::crypto::CBCEncryption m_SessionKeyEncryption;
 			i2p::crypto::CBCDecryption m_SessionKeyDecryption;
 			i2p::crypto::AESKey m_SessionKey;
 			i2p::crypto::MACKey m_MacKey;
-			std::list<i2p::I2NPMessage *> m_DelayedMessages;
-			SSUData m_Data;
-			size_t m_NumSentBytes, m_NumReceivedBytes;
+			i2p::data::RouterInfo::IntroKey m_IntroKey;
 			uint32_t m_CreationTime; // seconds since epoch
+			SSUData m_Data;
+			bool m_IsDataReceived;
+			std::unique_ptr<SignedData> m_SignedData; // we need it for SessionConfirmed only
+			std::map<uint32_t, std::shared_ptr<const i2p::data::RouterInfo> > m_RelayRequests; // nonce->Charlie
 	};
 
 

Signature.cpp

@@ -0,0 +1,501 @@
+#include <memory>
+#include "Log.h"
+#include "Signature.h"
+
+namespace i2p
+{
+namespace crypto
+{
+	class Ed25519
+	{
+		public:
+
+			Ed25519 ()
+			{
+				BN_CTX * ctx = BN_CTX_new ();
+				BIGNUM * tmp = BN_new ();
+
+				q = BN_new ();
+				// 2^255-19				
+				BN_set_bit (q, 255); // 2^255 
+				BN_sub_word (q, 19);
+				
+				l = BN_new ();
+				// 2^252 + 27742317777372353535851937790883648493
+				BN_set_bit (l, 252);
+				two_252_2 = BN_dup (l);
+				BN_dec2bn (&tmp, "27742317777372353535851937790883648493");
+				BN_add (l, l, tmp);		
+				BN_sub_word (two_252_2, 2); // 2^252 - 2		
+
+				 // -121665*inv(121666)
+				d = BN_new ();
+				BN_set_word (tmp, 121666);
+				BN_mod_inverse (tmp, tmp, q, ctx);	
+				BN_set_word (d, 121665);
+				BN_set_negative (d, 1);							
+				BN_mul (d, d, tmp, ctx);
+
+				// 2^((q-1)/4)
+				I = BN_new ();
+				BN_free (tmp);
+				tmp = BN_dup (q);
+				BN_sub_word (tmp, 1);
+				BN_div_word (tmp, 4);	
+				BN_set_word (I, 2);
+				BN_mod_exp (I, I, tmp, q, ctx);
+				BN_free (tmp);	
+				
+				// 4*inv(5)	
+				BIGNUM * By = BN_new ();		
+				BN_set_word (By, 5);
+				BN_mod_inverse (By, By, q, ctx);	
+				BN_mul_word (By, 4);
+				BIGNUM * Bx = RecoverX (By, ctx);	
+				BN_mod (Bx, Bx, q, ctx); // % q
+				BN_mod (By, By, q, ctx); // % q										
+			
+				// precalculate Bi256 table
+				Bi256Carry = { Bx, By };  // B
+				for (int i = 0; i < 32; i++)
+				{
+					Bi256[i][0] = Bi256Carry; // first point
+					for (int j = 1; j < 128; j++)
+						Bi256[i][j] = Sum (Bi256[i][j-1], Bi256[i][0], ctx); // (256+j+1)^i*B
+					Bi256Carry = Bi256[i][127];
+					for (int j = 0; j < 128; j++) // add first point 128 more times
+						Bi256Carry = Sum (Bi256Carry, Bi256[i][0], ctx);
+				}
+
+				BN_CTX_free (ctx);
+			}
+
+			Ed25519 (const Ed25519& other): q (BN_dup (other.q)), l (BN_dup (other.l)), 
+				d (BN_dup (other.d)), I (BN_dup (other.I)), two_252_2 (BN_dup (other.two_252_2)),
+				Bi256Carry (other.Bi256Carry)
+			{
+				for (int i = 0; i < 32; i++)
+					for (int j = 0; j < 128; j++)
+						Bi256[i][j] = other.Bi256[i][j];
+			}
+
+			~Ed25519 ()
+			{
+				BN_free (q);
+				BN_free (l);
+				BN_free (d);
+				BN_free (I);
+				BN_free (two_252_2);
+			}
+
+
+			EDDSAPoint GeneratePublicKey (const uint8_t * expandedPrivateKey, BN_CTX * ctx) const
+			{
+				return MulB (expandedPrivateKey, ctx); // left half of expanded key, considered as Little Endian
+			}
+
+			EDDSAPoint DecodePublicKey (const uint8_t * buf, BN_CTX * ctx) const
+			{
+				return DecodePoint (buf, ctx);
+			}
+
+			void EncodePublicKey (const EDDSAPoint& publicKey, uint8_t * buf, BN_CTX * ctx) const
+			{
+				EncodePoint (Normalize (publicKey, ctx), buf);
+			}
+
+			bool Verify (const EDDSAPoint& publicKey, const uint8_t * digest, const uint8_t * signature) const
+			{
+				BN_CTX * ctx = BN_CTX_new ();	
+				BIGNUM * h = DecodeBN<64> (digest);
+				// signature 0..31 - R, 32..63 - S 
+				// B*S = R + PK*h => R = B*S - PK*h
+				// we don't decode R, but encode (B*S - PK*h)
+				auto Bs = MulB (signature + EDDSA25519_SIGNATURE_LENGTH/2, ctx); // B*S;
+				BN_mod (h, h, l, ctx); // public key is multiple of B, but B%l = 0
+				auto PKh = Mul (publicKey, h, ctx); // PK*h
+				uint8_t diff[32];
+				EncodePoint (Normalize (Sum (Bs, -PKh, ctx), ctx), diff); // Bs - PKh encoded
+				bool passed = !memcmp (signature, diff, 32); // R
+				BN_free (h); 
+				BN_CTX_free (ctx);
+				if (!passed)
+					LogPrint (eLogError, "25519 signature verification failed");
+				return passed; 
+			}
+
+			void Sign (const uint8_t * expandedPrivateKey, const uint8_t * publicKeyEncoded, const uint8_t * buf, size_t len, 
+				uint8_t * signature) const
+			{
+				BN_CTX * bnCtx = BN_CTX_new ();
+				// calculate r
+				SHA512_CTX ctx;
+				SHA512_Init (&ctx);
+				SHA512_Update (&ctx, expandedPrivateKey + EDDSA25519_PRIVATE_KEY_LENGTH, EDDSA25519_PRIVATE_KEY_LENGTH); // right half of expanded key
+				SHA512_Update (&ctx, buf, len); // data
+				uint8_t digest[64];
+				SHA512_Final (digest, &ctx);
+				BIGNUM * r = DecodeBN<32> (digest); // DecodeBN<64> (digest); // for test vectors
+				// calculate R
+				uint8_t R[EDDSA25519_SIGNATURE_LENGTH/2]; // we must use separate buffer because signature might be inside buf
+				EncodePoint (Normalize (MulB (digest, bnCtx), bnCtx), R); // EncodePoint (Mul (B, r, bnCtx), R); // for test vectors 
+				// calculate S
+				SHA512_Init (&ctx);
+				SHA512_Update (&ctx, R, EDDSA25519_SIGNATURE_LENGTH/2); // R
+				SHA512_Update (&ctx, publicKeyEncoded, EDDSA25519_PUBLIC_KEY_LENGTH); // public key
+				SHA512_Update (&ctx, buf, len); // data
+				SHA512_Final (digest, &ctx);
+				BIGNUM * h = DecodeBN<64> (digest);			
+				// S = (r + h*a) % l
+				BIGNUM * a = DecodeBN<EDDSA25519_PRIVATE_KEY_LENGTH> (expandedPrivateKey); // left half of expanded key
+				BN_mod_mul (h, h, a, l, bnCtx); // %l
+				BN_mod_add (h, h, r, l, bnCtx); // %l
+				memcpy (signature, R, EDDSA25519_SIGNATURE_LENGTH/2);
+				EncodeBN (h, signature + EDDSA25519_SIGNATURE_LENGTH/2, EDDSA25519_SIGNATURE_LENGTH/2); // S
+				BN_free (r); BN_free (h); BN_free (a);
+				BN_CTX_free (bnCtx);
+			}
+
+		private:		
+
+			EDDSAPoint Sum (const EDDSAPoint& p1, const EDDSAPoint& p2, BN_CTX * ctx) const
+			{
+				// x3 = (x1*y2+y1*x2)*(z1*z2-d*t1*t2)
+				// y3 = (y1*y2+x1*x2)*(z1*z2+d*t1*t2)
+				// z3 = (z1*z2-d*t1*t2)*(z1*z2+d*t1*t2)
+				// t3 = (y1*y2+x1*x2)*(x1*y2+y1*x2)
+				BIGNUM * x3 = BN_new (), * y3 = BN_new (), * z3 = BN_new (), * t3 = BN_new ();
+				
+				BN_mul (x3, p1.x, p2.x, ctx); // A = x1*x2		
+				BN_mul (y3, p1.y, p2.y, ctx); // B = y1*y2	
+				
+				BIGNUM * t1 = p1.t, * t2 = p2.t;
+				if (!t1) { t1 = BN_new (); BN_mul (t1, p1.x, p1.y, ctx); }
+				if (!t2) { t2 = BN_new (); BN_mul (t2, p2.x, p2.y, ctx); }
+				BN_mul (t3, t1, t2, ctx);
+				BN_mul (t3, t3, d, ctx);  // C = d*t1*t2
+				if (!p1.t) BN_free (t1);
+				if (!p2.t) BN_free (t2);
+
+				if (p1.z)
+				{
+					if (p2.z)
+						BN_mul (z3, p1.z, p2.z, ctx); // D = z1*z2
+					else
+						BN_copy (z3, p1.z); // D = z1
+				}
+				else
+				{
+					if (p2.z)
+						BN_copy (z3, p2.z); // D = z2
+					else
+						BN_one (z3); // D = 1
+				}	
+
+				BIGNUM * E = BN_new (), * F = BN_new (), * G = BN_new (), * H = BN_new ();
+				BN_add (E, p1.x, p1.y);				
+				BN_add (F, p2.x, p2.y);
+				BN_mul (E, E, F, ctx); // (x1 + y1)*(x2 + y2)
+				BN_sub (E, E, x3);
+				BN_sub (E, E, y3); // E = (x1 + y1)*(x2 + y2) - A - B
+				BN_sub (F, z3, t3); // F = D - C
+				BN_add (G, z3, t3); // G = D + C
+				BN_add (H, y3, x3); // H = B + A
+
+				BN_mod_mul (x3, E, F, q, ctx); // x3 = E*F
+				BN_mod_mul (y3, G, H, q, ctx); // y3 = G*H	
+				BN_mod_mul (z3, F, G, q, ctx); // z3 = F*G	
+				BN_mod_mul (t3, E, H, q, ctx); // t3 = E*H	
+
+				BN_free (E); BN_free (F); BN_free (G); BN_free (H);
+
+				return EDDSAPoint {x3, y3, z3, t3};
+			}
+
+			EDDSAPoint Double (const EDDSAPoint& p, BN_CTX * ctx) const
+			{
+				BIGNUM * x2 = BN_new (), * y2 = BN_new (), * z2 = BN_new (), * t2 = BN_new ();
+				
+				BN_sqr (x2, p.x, ctx); // x2 = A = x^2		
+				BN_sqr (y2, p.y, ctx); // y2 = B = y^2	
+				if (p.t)
+					BN_sqr (t2, p.t, ctx); // t2 = t^2
+				else
+				{
+					BN_mul (t2, p.x, p.y, ctx); // t = x*y
+					BN_sqr (t2, t2, ctx);  // t2 = t^2
+				}	
+				BN_mul (t2, t2, d, ctx);  // t2 = C = d*t^2 	
+				if (p.z)
+					BN_sqr (z2, p.z, ctx); // z2 = D = z^2 		
+				else
+					BN_one (z2); // z2 = 1
+
+				BIGNUM * E = BN_new (), * F = BN_new (), * G = BN_new (), * H = BN_new ();
+				// E = (x+y)*(x+y)-A-B = x^2+y^2+2xy-A-B = 2xy
+				BN_mul (E, p.x, p.y, ctx);
+				BN_lshift1 (E, E);	// E =2*x*y							
+				BN_sub (F, z2, t2); // F = D - C
+				BN_add (G, z2, t2); // G = D + C 
+				BN_add (H, y2, x2); // H = B + A
+
+				BN_mod_mul (x2, E, F, q, ctx); // x2 = E*F
+				BN_mod_mul (y2, G, H, q, ctx); // y2 = G*H	
+				BN_mod_mul (z2, F, G, q, ctx); // z2 = F*G	
+				BN_mod_mul (t2, E, H, q, ctx); // t2 = E*H	
+
+				BN_free (E); BN_free (F); BN_free (G); BN_free (H);
+
+				return EDDSAPoint {x2, y2, z2, t2};
+			}
+			
+			EDDSAPoint Mul (const EDDSAPoint& p, const BIGNUM * e, BN_CTX * ctx) const
+			{
+				BIGNUM * zero = BN_new (), * one = BN_new ();
+				BN_zero (zero); BN_one (one);
+				EDDSAPoint res {zero, one};
+				if (!BN_is_zero (e))
+				{
+					int bitCount = BN_num_bits (e);
+					for (int i = bitCount - 1; i >= 0; i--)
+					{
+						res = Double (res, ctx);
+						if (BN_is_bit_set (e, i)) res = Sum (res, p, ctx);
+					}
+				}	
+				return res;
+			} 
+			
+			EDDSAPoint MulB (const uint8_t * e, BN_CTX * ctx) const // B*e, e is 32 bytes Little Endian
+			{
+				BIGNUM * zero = BN_new (), * one = BN_new ();
+				BN_zero (zero); BN_one (one);
+				EDDSAPoint res {zero, one};
+				bool carry = false;
+				for (int i = 0; i < 32; i++)
+				{
+					uint8_t x = e[i];
+					if (carry) 
+					{ 
+						if (x < 255) 
+						{ 
+							x++; 
+							carry = false;
+						} 
+						else 
+							x = 0; 
+					}
+					if (x > 0)
+					{
+						if (x <= 128)
+							res = Sum (res, Bi256[i][x-1], ctx);
+						else
+						{
+							res = Sum (res, -Bi256[i][255-x], ctx); // -Bi[256-x]
+							carry = true;
+						}		
+					}
+				}
+				if (carry) res = Sum (res, Bi256Carry, ctx);
+				return res;
+			}
+
+			EDDSAPoint Normalize (const EDDSAPoint& p, BN_CTX * ctx) const
+			{
+				if (p.z)
+				{
+					BIGNUM * x = BN_new (), * y = BN_new ();
+					BN_mod_inverse (y, p.z, q, ctx);
+					BN_mod_mul (x, p.x, y, q, ctx); // x = x/z
+					BN_mod_mul (y, p.y, y, q, ctx); // y = y/z
+					return  EDDSAPoint{x, y};
+				}
+				else
+					return EDDSAPoint{BN_dup (p.x), BN_dup (p.y)};
+			}
+
+			bool IsOnCurve (const EDDSAPoint& p, BN_CTX * ctx) const
+			{
+				BIGNUM * x2 = BN_new ();
+				BN_sqr (x2, p.x, ctx); // x^2
+				BIGNUM * y2 = BN_new ();
+				BN_sqr (y2, p.y, ctx); // y^2
+				// y^2 - x^2 - 1 - d*x^2*y^2 
+				BIGNUM * tmp = BN_new ();				
+				BN_mul (tmp, d, x2, ctx);
+				BN_mul (tmp, tmp, y2, ctx);	
+				BN_sub (tmp, y2, tmp);
+				BN_sub (tmp, tmp, x2);
+				BN_sub_word (tmp, 1);
+				BN_mod (tmp, tmp, q, ctx); // % q
+				bool ret = BN_is_zero (tmp);
+				BN_free (x2);
+				BN_free (y2);
+				BN_free (tmp);
+				return ret;
+			}	
+
+			BIGNUM * RecoverX (const BIGNUM * y, BN_CTX * ctx) const
+			{
+				BIGNUM * y2 = BN_new ();
+				BN_sqr (y2, y, ctx); // y^2
+				// xx = (y^2 -1)*inv(d*y^2 +1) 
+				BIGNUM * xx = BN_new ();
+				BN_mul (xx, d, y2, ctx);
+				BN_add_word (xx, 1);
+				BN_mod_inverse (xx, xx, q, ctx);
+				BN_sub_word (y2, 1);
+				BN_mul (xx, y2, xx, ctx);
+				// x = srqt(xx) = xx^(2^252-2)		
+				BIGNUM * x = BN_new ();
+				BN_mod_exp (x, xx, two_252_2, q, ctx);
+				// check (x^2 -xx) % q	
+				BN_sqr (y2, x, ctx);
+				BN_mod_sub (y2, y2, xx, q, ctx); 
+				if (!BN_is_zero (y2))
+					BN_mod_mul (x, x, I, q, ctx);
+				if (BN_is_odd (x))
+					BN_sub (x, q, x);
+				BN_free (y2);
+				BN_free (xx);
+				return x;
+			}
+
+			EDDSAPoint DecodePoint (const uint8_t * buf, BN_CTX * ctx) const
+			{
+				// buf is 32 bytes Little Endian, convert it to Big Endian
+				uint8_t buf1[EDDSA25519_PUBLIC_KEY_LENGTH];
+				for (size_t i = 0; i < EDDSA25519_PUBLIC_KEY_LENGTH/2; i++) // invert bytes
+				{
+					buf1[i] = buf[EDDSA25519_PUBLIC_KEY_LENGTH -1 - i];
+					buf1[EDDSA25519_PUBLIC_KEY_LENGTH -1 - i] = buf[i];
+				}
+				bool isHighestBitSet = buf1[0] & 0x80;
+				if (isHighestBitSet)
+					buf1[0] &= 0x7f; // clear highest bit
+				BIGNUM * y = BN_new ();
+				BN_bin2bn (buf1, EDDSA25519_PUBLIC_KEY_LENGTH, y);
+				auto x = RecoverX (y, ctx);
+				if (BN_is_bit_set (x, 0) != isHighestBitSet)
+					BN_sub (x, q, x); // x = q - x 
+				BIGNUM * z = BN_new (), * t = BN_new (); 
+				BN_one (z); BN_mod_mul (t, x, y, q, ctx); // pre-calculate t
+				EDDSAPoint p {x, y, z, t};
+				if (!IsOnCurve (p, ctx)) 
+					LogPrint (eLogError, "Decoded point is not on 25519");
+				return p;
+			}
+			
+			void EncodePoint (const EDDSAPoint& p, uint8_t * buf) const
+			{
+				EncodeBN (p.y, buf,EDDSA25519_PUBLIC_KEY_LENGTH); 
+				if (BN_is_bit_set (p.x, 0)) // highest bit
+					buf[EDDSA25519_PUBLIC_KEY_LENGTH - 1] |= 0x80; // set highest bit
+			}
+
+			template<int len>
+			BIGNUM * DecodeBN (const uint8_t * buf) const
+			{
+				// buf is Little Endian convert it to Big Endian
+				uint8_t buf1[len];
+				for (size_t i = 0; i < len/2; i++) // invert bytes
+				{
+					buf1[i] = buf[len -1 - i];
+					buf1[len -1 - i] = buf[i];
+				}
+				BIGNUM * res = BN_new ();
+				BN_bin2bn (buf1, len, res);
+				return res;
+			}
+
+			void EncodeBN (const BIGNUM * bn, uint8_t * buf, size_t len) const
+			{
+				bn2buf (bn, buf, len);
+				// To Little Endian
+				for (size_t i = 0; i < len/2; i++) // invert bytes
+				{
+					uint8_t tmp = buf[i];
+					buf[i] = buf[len -1 - i];
+					buf[len -1 - i] = tmp;
+				}	
+			}
+
+		private:
+			
+			BIGNUM * q, * l, * d, * I; 
+			// transient values
+			BIGNUM * two_252_2; // 2^252-2
+			EDDSAPoint Bi256[32][128]; // per byte, Bi256[i][j] = (256+j+1)^i*B, we don't store zeroes
+			// if j > 128 we use 256 - j and carry 1 to next byte
+			// Bi256[0][0] = B, base point
+			EDDSAPoint Bi256Carry; // Bi256[32][0]
+	};
+
+	static std::unique_ptr<Ed25519> g_Ed25519;
+	std::unique_ptr<Ed25519>& GetEd25519 ()
+	{
+		if (!g_Ed25519)
+		{
+			auto c = new Ed25519();
+			if (!g_Ed25519) // make sure it was not created already
+				g_Ed25519.reset (c);
+			else
+				delete c;
+		}	
+		return g_Ed25519; 
+	}	
+	
+
+	EDDSA25519Verifier::EDDSA25519Verifier (const uint8_t * signingKey)
+	{
+		memcpy (m_PublicKeyEncoded, signingKey, EDDSA25519_PUBLIC_KEY_LENGTH); 
+		BN_CTX * ctx = BN_CTX_new ();
+		m_PublicKey = GetEd25519 ()->DecodePublicKey (m_PublicKeyEncoded, ctx);
+		BN_CTX_free (ctx);
+	}
+
+	bool EDDSA25519Verifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
+	{
+		uint8_t digest[64];
+		SHA512_CTX ctx;
+		SHA512_Init (&ctx);
+		SHA512_Update (&ctx, signature, EDDSA25519_SIGNATURE_LENGTH/2); // R
+		SHA512_Update (&ctx, m_PublicKeyEncoded, EDDSA25519_PUBLIC_KEY_LENGTH); // public key
+		SHA512_Update (&ctx, buf, len); // data	
+		SHA512_Final (digest, &ctx);
+		
+		return GetEd25519 ()->Verify (m_PublicKey, digest, signature);
+	}
+
+	EDDSA25519Signer::EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey)
+	{ 
+		// expand key
+		SHA512 (signingPrivateKey, EDDSA25519_PRIVATE_KEY_LENGTH, m_ExpandedPrivateKey);
+		m_ExpandedPrivateKey[0] &= 0xF8; // drop last 3 bits 
+		m_ExpandedPrivateKey[EDDSA25519_PRIVATE_KEY_LENGTH - 1] &= 0x3F; // drop first 2 bits
+		m_ExpandedPrivateKey[EDDSA25519_PRIVATE_KEY_LENGTH - 1] |= 0x40; // set second bit
+		
+		// generate and encode public key
+		BN_CTX * ctx = BN_CTX_new ();	
+		auto publicKey = GetEd25519 ()->GeneratePublicKey (m_ExpandedPrivateKey, ctx);
+		GetEd25519 ()->EncodePublicKey (publicKey, m_PublicKeyEncoded, ctx);	
+		
+		if (signingPublicKey && memcmp (m_PublicKeyEncoded, signingPublicKey, EDDSA25519_PUBLIC_KEY_LENGTH))
+		{
+			// keys don't match, it means older key with 0x1F
+			LogPrint (eLogWarning, "Older EdDSA key detected");
+			m_ExpandedPrivateKey[EDDSA25519_PRIVATE_KEY_LENGTH - 1] &= 0xDF; // drop third bit 
+			publicKey = GetEd25519 ()->GeneratePublicKey (m_ExpandedPrivateKey, ctx);
+			GetEd25519 ()->EncodePublicKey (publicKey, m_PublicKeyEncoded, ctx);	
+		}
+		BN_CTX_free (ctx);
+	} 
+		
+	void EDDSA25519Signer::Sign (const uint8_t * buf, int len, uint8_t * signature) const
+	{
+		GetEd25519 ()->Sign (m_ExpandedPrivateKey, m_PublicKeyEncoded, buf, len, signature);
+	}	
+}
+}
+
+

Signature.h

@@ -2,12 +2,13 @@
 #define SIGNATURE_H__
 
 #include <inttypes.h>
-#include <cryptopp/dsa.h>
-#include <cryptopp/asn.h>
-#include <cryptopp/oids.h>
-#include <cryptopp/osrng.h>
-#include <cryptopp/eccrypto.h>
-#include "CryptoConst.h"
+#include <string.h>
+#include <openssl/dsa.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include "Crypto.h"
 
 namespace i2p
 {
@@ -21,6 +22,7 @@ namespace crypto
 			virtual bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const = 0;
 			virtual size_t GetPublicKeyLen () const = 0;
 			virtual size_t GetSignatureLen () const = 0;
+			virtual size_t GetPrivateKeyLen () const { return GetSignatureLen ()/2; };
 	};
 
 	class Signer
@@ -28,7 +30,7 @@ namespace crypto
 		public:
 
 			virtual ~Signer () {};		
-			virtual void Sign (CryptoPP::RandomNumberGenerator& rnd, const uint8_t * buf, int len, uint8_t * signature) const = 0; 
+			virtual void Sign (const uint8_t * buf, int len, uint8_t * signature) const = 0; 
 	};
 
 	const size_t DSA_PUBLIC_KEY_LENGTH = 128;
@@ -40,13 +42,27 @@ namespace crypto
 
 			DSAVerifier (const uint8_t * signingKey)
 			{
-				m_PublicKey.Initialize (dsap, dsaq, dsag, CryptoPP::Integer (signingKey, DSA_PUBLIC_KEY_LENGTH));
+				m_PublicKey = CreateDSA ();
+				DSA_set0_key (m_PublicKey, BN_bin2bn (signingKey, DSA_PUBLIC_KEY_LENGTH, NULL), NULL);
 			}
-	
+
+			~DSAVerifier ()
+			{
+				DSA_free (m_PublicKey);
+			}
+			
 			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
 			{
-				CryptoPP::DSA::Verifier verifier (m_PublicKey);
-				return verifier.VerifyMessage (buf, len, signature, DSA_SIGNATURE_LENGTH);
+				// calculate SHA1 digest
+				uint8_t digest[20];
+				SHA1 (buf, len, digest);
+				// signature
+				DSA_SIG * sig = DSA_SIG_new();
+				DSA_SIG_set0 (sig, BN_bin2bn (signature, DSA_SIGNATURE_LENGTH/2, NULL), BN_bin2bn (signature + DSA_SIGNATURE_LENGTH/2, DSA_SIGNATURE_LENGTH/2, NULL));
+				// DSA verification
+				int ret = DSA_do_verify (digest, 20, sig, m_PublicKey);
+				DSA_SIG_free(sig);
+				return ret;
 			}	
 
 			size_t GetPublicKeyLen () const { return DSA_PUBLIC_KEY_LENGTH; };
@@ -54,100 +70,377 @@ namespace crypto
 			
 		private:
 
-			CryptoPP::DSA::PublicKey m_PublicKey;
+			DSA * m_PublicKey;
 	};
 
 	class DSASigner: public Signer
 	{
 		public:
 
-			DSASigner (const uint8_t * signingPrivateKey)
+			DSASigner (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey)
+			// openssl 1.1 always requires DSA public key even for signing
 			{
-				m_PrivateKey.Initialize (dsap, dsaq, dsag, CryptoPP::Integer (signingPrivateKey, DSA_PRIVATE_KEY_LENGTH));
+				m_PrivateKey = CreateDSA ();
+				DSA_set0_key (m_PrivateKey, BN_bin2bn (signingPublicKey, DSA_PUBLIC_KEY_LENGTH, NULL), BN_bin2bn (signingPrivateKey, DSA_PRIVATE_KEY_LENGTH, NULL));
 			}
 
-			void Sign (CryptoPP::RandomNumberGenerator& rnd, const uint8_t * buf, int len, uint8_t * signature) const
+			~DSASigner ()
 			{
-				CryptoPP::DSA::Signer signer (m_PrivateKey);
-				signer.SignMessage (rnd, buf, len, signature);
+				DSA_free (m_PrivateKey);
+			}
+			
+			void Sign (const uint8_t * buf, int len, uint8_t * signature) const
+			{
+				uint8_t digest[20];
+				SHA1 (buf, len, digest);
+				DSA_SIG * sig = DSA_do_sign (digest, 20, m_PrivateKey);
+				const BIGNUM * r, * s;
+				DSA_SIG_get0 (sig, &r, &s);
+				bn2buf (r, signature, DSA_SIGNATURE_LENGTH/2);
+				bn2buf (s, signature + DSA_SIGNATURE_LENGTH/2, DSA_SIGNATURE_LENGTH/2);
+				DSA_SIG_free(sig);
 			}
 
 		private:
 
-			CryptoPP::DSA::PrivateKey m_PrivateKey;
+			DSA * m_PrivateKey;
 	};
 
-	inline void CreateDSARandomKeys (CryptoPP::RandomNumberGenerator& rnd, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
+	inline void CreateDSARandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
 	{
-		CryptoPP::DSA::PrivateKey privateKey;
-		CryptoPP::DSA::PublicKey publicKey;
-		privateKey.Initialize (rnd, dsap, dsaq, dsag);
-		privateKey.MakePublicKey (publicKey);
-		privateKey.GetPrivateExponent ().Encode (signingPrivateKey, DSA_PRIVATE_KEY_LENGTH);	
-		publicKey.GetPublicElement ().Encode (signingPublicKey, DSA_PUBLIC_KEY_LENGTH);
+		DSA * dsa = CreateDSA ();
+		DSA_generate_key (dsa);
+		const BIGNUM * pub_key, * priv_key;
+		DSA_get0_key(dsa, &pub_key, &priv_key);
+		bn2buf (priv_key, signingPrivateKey, DSA_PRIVATE_KEY_LENGTH);
+		bn2buf (pub_key, signingPublicKey, DSA_PUBLIC_KEY_LENGTH);
+		DSA_free (dsa);	
 	}	
 
+	struct SHA256Hash
+	{	
+		static void CalculateHash (const uint8_t * buf, size_t len, uint8_t * digest)
+		{
+			SHA256 (buf, len, digest);
+		}
 
-	const size_t ECDSAP256_PUBLIC_KEY_LENGTH = 64;
-	const size_t ECDSAP256_PUBLIC_KEY_HALF_LENGTH = ECDSAP256_PUBLIC_KEY_LENGTH/2;
-	const size_t ECDSAP256_SIGNATURE_LENGTH = 64;
-	const size_t ECDSAP256_PRIVATE_KEY_LENGTH = ECDSAP256_SIGNATURE_LENGTH/2;		
-	class ECDSAP256Verifier: public Verifier
-	{
+		enum { hashLen = 32 };
+	};	
+
+	struct SHA384Hash
+	{	
+		static void CalculateHash (const uint8_t * buf, size_t len, uint8_t * digest)
+		{
+			SHA384 (buf, len, digest);
+		}
+
+		enum { hashLen = 48 };
+	};
+
+	struct SHA512Hash
+	{	
+		static void CalculateHash (const uint8_t * buf, size_t len, uint8_t * digest)
+		{
+			SHA512 (buf, len, digest);
+		}
+
+		enum { hashLen = 64 };
+	};
+	
+	template<typename Hash, int curve, size_t keyLen>
+	class ECDSAVerifier: public Verifier
+	{		
 		public:
 
-			ECDSAP256Verifier (const uint8_t * signingKey)
+			ECDSAVerifier (const uint8_t * signingKey)
 			{
-				m_PublicKey.Initialize (CryptoPP::ASN1::secp256r1(), 
-					CryptoPP::ECP::Point (CryptoPP::Integer (signingKey, ECDSAP256_PUBLIC_KEY_HALF_LENGTH), 
-					CryptoPP::Integer (signingKey + ECDSAP256_PUBLIC_KEY_HALF_LENGTH, ECDSAP256_PUBLIC_KEY_HALF_LENGTH)));
-			}			
+				m_PublicKey = EC_KEY_new_by_curve_name (curve);
+				BIGNUM * x = BN_bin2bn (signingKey, keyLen/2, NULL);
+				BIGNUM * y = BN_bin2bn (signingKey + keyLen/2, keyLen/2, NULL);
+				EC_KEY_set_public_key_affine_coordinates (m_PublicKey, x, y);
+				BN_free (x); BN_free (y);
+			}
 
+			~ECDSAVerifier ()
+			{
+				EC_KEY_free (m_PublicKey);
+			}
+			
 			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
 			{
-				CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::Verifier verifier (m_PublicKey);
-				return verifier.VerifyMessage (buf, len, signature, ECDSAP256_SIGNATURE_LENGTH);
+				uint8_t digest[Hash::hashLen];
+				Hash::CalculateHash (buf, len, digest);
+				ECDSA_SIG * sig = ECDSA_SIG_new();
+				auto r = BN_bin2bn (signature, GetSignatureLen ()/2, NULL);
+				auto s = BN_bin2bn (signature + GetSignatureLen ()/2, GetSignatureLen ()/2, NULL);
+				ECDSA_SIG_set0(sig, r, s);
+				// ECDSA verification
+				int ret = ECDSA_do_verify (digest, Hash::hashLen, sig, m_PublicKey);
+				ECDSA_SIG_free(sig);
+				return ret;
 			}	
+			
+			size_t GetPublicKeyLen () const { return keyLen; };
+			size_t GetSignatureLen () const { return keyLen; }; // signature length = key length
 
-			size_t GetPublicKeyLen () const { return ECDSAP256_PUBLIC_KEY_LENGTH; };
-			size_t GetSignatureLen () const { return ECDSAP256_SIGNATURE_LENGTH; };
 			
 		private:
 
-			CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::PublicKey m_PublicKey;
-	};	
+			EC_KEY * m_PublicKey;
+	};
 
-	class ECDSAP256Signer: public Signer
+	template<typename Hash, int curve, size_t keyLen>
+	class ECDSASigner: public Signer
 	{
 		public:
 
-			ECDSAP256Signer (const uint8_t * signingPrivateKey)
+			ECDSASigner (const uint8_t * signingPrivateKey)
 			{
-				m_PrivateKey.Initialize (CryptoPP::ASN1::secp256r1(), CryptoPP::Integer (signingPrivateKey, ECDSAP256_PRIVATE_KEY_LENGTH));
+				m_PrivateKey = EC_KEY_new_by_curve_name (curve);
+				EC_KEY_set_private_key (m_PrivateKey, BN_bin2bn (signingPrivateKey, keyLen/2, NULL));			
 			}
 
-			void Sign (CryptoPP::RandomNumberGenerator& rnd, const uint8_t * buf, int len, uint8_t * signature) const
+			~ECDSASigner ()
 			{
-				CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::Signer signer (m_PrivateKey);
-				signer.SignMessage (rnd, buf, len, signature);
+				EC_KEY_free (m_PrivateKey);
+			}
+			
+			void Sign (const uint8_t * buf, int len, uint8_t * signature) const
+			{
+				uint8_t digest[Hash::hashLen];
+				Hash::CalculateHash (buf, len, digest);
+				ECDSA_SIG * sig = ECDSA_do_sign (digest, Hash::hashLen, m_PrivateKey);
+				const BIGNUM * r, * s;
+				ECDSA_SIG_get0 (sig, &r, &s);
+				// signatureLen = keyLen
+				bn2buf (r, signature, keyLen/2);
+				bn2buf (s, signature + keyLen/2, keyLen/2);
+				ECDSA_SIG_free(sig);
 			}
 
 		private:
 
-			CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::PrivateKey m_PrivateKey;
+			EC_KEY * m_PrivateKey;
 	};
 
-	inline void CreateECDSAP256RandomKeys (CryptoPP::RandomNumberGenerator& rnd, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
+	inline void CreateECDSARandomKeys (int curve, size_t keyLen, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
 	{
-		CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::PrivateKey privateKey;
-		CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::PublicKey publicKey;
-		privateKey.Initialize (rnd, CryptoPP::ASN1::secp256r1());
-		privateKey.MakePublicKey (publicKey);
-		privateKey.GetPrivateExponent ().Encode (signingPrivateKey, ECDSAP256_PRIVATE_KEY_LENGTH);	
-		auto q = publicKey.GetPublicElement ();
-		q.x.Encode (signingPublicKey, ECDSAP256_PUBLIC_KEY_HALF_LENGTH);
-		q.y.Encode (signingPublicKey + ECDSAP256_PUBLIC_KEY_HALF_LENGTH, ECDSAP256_PUBLIC_KEY_HALF_LENGTH);
+		EC_KEY * signingKey = EC_KEY_new_by_curve_name (curve);
+		EC_KEY_generate_key (signingKey);
+		bn2buf (EC_KEY_get0_private_key (signingKey), signingPrivateKey, keyLen/2);
+		BIGNUM * x = BN_new(), * y = BN_new();
+		EC_POINT_get_affine_coordinates_GFp (EC_KEY_get0_group(signingKey),
+			EC_KEY_get0_public_key (signingKey), x, y, NULL);
+		bn2buf (x, signingPublicKey, keyLen/2);
+		bn2buf (y, signingPublicKey + keyLen/2, keyLen/2);
+		BN_free (x); BN_free (y);
+		EC_KEY_free (signingKey);		
+	}
+
+// ECDSA_SHA256_P256
+	const size_t ECDSAP256_KEY_LENGTH = 64;	
+	typedef ECDSAVerifier<SHA256Hash, NID_X9_62_prime256v1, ECDSAP256_KEY_LENGTH> ECDSAP256Verifier;
+	typedef ECDSASigner<SHA256Hash, NID_X9_62_prime256v1, ECDSAP256_KEY_LENGTH> ECDSAP256Signer;
+
+	inline void CreateECDSAP256RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
+	{
+		CreateECDSARandomKeys (NID_X9_62_prime256v1, ECDSAP256_KEY_LENGTH, signingPrivateKey, signingPublicKey);
 	}	
+
+// ECDSA_SHA384_P384
+	const size_t ECDSAP384_KEY_LENGTH = 96;
+	typedef ECDSAVerifier<SHA384Hash, NID_secp384r1, ECDSAP384_KEY_LENGTH> ECDSAP384Verifier;
+	typedef ECDSASigner<SHA384Hash, NID_secp384r1, ECDSAP384_KEY_LENGTH> ECDSAP384Signer;
+
+	inline void CreateECDSAP384RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
+	{
+		CreateECDSARandomKeys (NID_secp384r1, ECDSAP384_KEY_LENGTH, signingPrivateKey, signingPublicKey);
+	}	
+
+// ECDSA_SHA512_P521
+	const size_t ECDSAP521_KEY_LENGTH = 132;
+	typedef ECDSAVerifier<SHA512Hash, NID_secp521r1, ECDSAP521_KEY_LENGTH> ECDSAP521Verifier;
+	typedef ECDSASigner<SHA512Hash, NID_secp521r1, ECDSAP521_KEY_LENGTH> ECDSAP521Signer;
+
+	inline void CreateECDSAP521RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
+	{
+		CreateECDSARandomKeys (NID_secp521r1, ECDSAP521_KEY_LENGTH, signingPrivateKey, signingPublicKey);
+	}
+
+// RSA
+	template<typename Hash, int type, size_t keyLen>	
+	class RSAVerifier: public Verifier
+	{
+		public:
+
+			RSAVerifier (const uint8_t * signingKey)
+			{
+				m_PublicKey = RSA_new ();
+				RSA_set0_key (m_PublicKey, BN_bin2bn (signingKey, keyLen, NULL) /* n */ , BN_dup (GetRSAE ()) /* d */, NULL);
+			}
+
+			~RSAVerifier ()
+			{
+				RSA_free (m_PublicKey);
+			}
+			
+			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const 
+			{
+				uint8_t digest[Hash::hashLen];
+				Hash::CalculateHash (buf, len, digest);
+				return RSA_verify (type, digest, Hash::hashLen, signature, GetSignatureLen (), m_PublicKey);
+			}
+			size_t GetPublicKeyLen () const { return keyLen; }
+			size_t GetSignatureLen () const { return keyLen; }	
+			size_t GetPrivateKeyLen () const { return GetSignatureLen ()*2; };
+
+		private:
+			
+			RSA * m_PublicKey;			
+	};	
+
+	
+	template<typename Hash, int type, size_t keyLen>
+	class RSASigner: public Signer
+	{
+		public:
+
+			RSASigner (const uint8_t * signingPrivateKey)
+			{
+				m_PrivateKey = RSA_new ();
+				RSA_set0_key (m_PrivateKey, BN_bin2bn (signingPrivateKey, keyLen, NULL), /* n */
+					BN_dup (GetRSAE ()) /* e */, BN_bin2bn (signingPrivateKey + keyLen, keyLen, NULL) /* d */);
+			}
+
+			~RSASigner ()
+			{
+				RSA_free (m_PrivateKey);
+			}
+			
+			void Sign (const uint8_t * buf, int len, uint8_t * signature) const
+			{
+				uint8_t digest[Hash::hashLen];
+				Hash::CalculateHash (buf, len, digest);
+				unsigned int signatureLen = keyLen;
+				RSA_sign (type, digest, Hash::hashLen, signature, &signatureLen, m_PrivateKey);
+			}
+			
+		private:
+
+			RSA * m_PrivateKey;
+	};		
+
+	inline void CreateRSARandomKeys (size_t publicKeyLen, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
+	{
+		RSA * rsa = RSA_new ();
+		BIGNUM * e = BN_dup (GetRSAE ()); // make it non-const
+		RSA_generate_key_ex (rsa, publicKeyLen*8, e, NULL);
+		const BIGNUM * n, * d, * e1;
+		RSA_get0_key (rsa, &n, &e1, &d);	
+		bn2buf (n, signingPrivateKey, publicKeyLen);
+		bn2buf (d, signingPrivateKey + publicKeyLen, publicKeyLen);
+		bn2buf (n, signingPublicKey, publicKeyLen);
+		BN_free (e); // this e is not assigned to rsa->e
+		RSA_free (rsa);
+	}	
+	
+//  RSA_SHA256_2048
+	const size_t RSASHA2562048_KEY_LENGTH = 256;
+	typedef RSAVerifier<SHA256Hash, NID_sha256, RSASHA2562048_KEY_LENGTH> RSASHA2562048Verifier;
+	typedef RSASigner<SHA256Hash, NID_sha256, RSASHA2562048_KEY_LENGTH> RSASHA2562048Signer;
+
+//  RSA_SHA384_3072
+	const size_t RSASHA3843072_KEY_LENGTH = 384;
+	typedef RSAVerifier<SHA384Hash, NID_sha384, RSASHA3843072_KEY_LENGTH> RSASHA3843072Verifier;
+	typedef RSASigner<SHA384Hash, NID_sha384, RSASHA3843072_KEY_LENGTH> RSASHA3843072Signer;	
+
+//  RSA_SHA512_4096
+	const size_t RSASHA5124096_KEY_LENGTH = 512;
+	typedef RSAVerifier<SHA512Hash, NID_sha512, RSASHA5124096_KEY_LENGTH> RSASHA5124096Verifier;
+	typedef RSASigner<SHA512Hash, NID_sha512, RSASHA5124096_KEY_LENGTH> RSASHA5124096Signer;
+
+	// EdDSA
+	struct EDDSAPoint
+	{
+		BIGNUM * x, * y;
+		BIGNUM * z, * t; // projective coordinates
+		EDDSAPoint (): x(nullptr), y(nullptr), z(nullptr), t(nullptr) {};
+		EDDSAPoint (const EDDSAPoint& other): x(nullptr), y(nullptr), z(nullptr), t(nullptr) 
+		{ *this = other; };	
+		EDDSAPoint (EDDSAPoint&& other): x(nullptr), y(nullptr), z(nullptr), t(nullptr)  
+		{ *this = std::move (other); };	
+		EDDSAPoint (BIGNUM * x1, BIGNUM * y1, BIGNUM * z1 = nullptr, BIGNUM * t1 = nullptr): x(x1), y(y1), z(z1), t(t1) {};	
+		~EDDSAPoint () { BN_free (x); BN_free (y); BN_free(z); BN_free(t); };
+
+		EDDSAPoint& operator=(EDDSAPoint&& other) 
+		{
+			if (x) BN_free (x); x = other.x; other.x = nullptr;
+			if (y) BN_free (y); y = other.y; other.y = nullptr;
+			if (z) BN_free (z); z = other.z; other.z = nullptr;
+			if (t) BN_free (t); t = other.t; other.t = nullptr;
+			return *this;
+		} 	
+
+		EDDSAPoint& operator=(const EDDSAPoint& other) 
+		{
+			if (x) BN_free (x); x = other.x ? BN_dup (other.x) : nullptr;
+			if (y) BN_free (y); y = other.y ? BN_dup (other.y) : nullptr;
+			if (z) BN_free (z); z = other.z ? BN_dup (other.z) : nullptr;
+			if (t) BN_free (t); t = other.t ? BN_dup (other.t) : nullptr;
+			return *this;
+		}
+
+		EDDSAPoint operator-() const
+		{
+			BIGNUM * x1 = NULL, * y1 = NULL, * z1 = NULL, * t1 = NULL;
+			if (x) { x1 = BN_dup (x); BN_set_negative (x1, !BN_is_negative (x)); };
+			if (y) y1 = BN_dup (y);
+			if (z) z1 = BN_dup (z);
+			if (t) { t1 = BN_dup (t); BN_set_negative (t1, !BN_is_negative (t)); };
+			return EDDSAPoint {x1, y1, z1, t1};
+		}
+	};	
+
+	const size_t EDDSA25519_PUBLIC_KEY_LENGTH = 32;
+	const size_t EDDSA25519_SIGNATURE_LENGTH = 64;
+	const size_t EDDSA25519_PRIVATE_KEY_LENGTH = 32;		
+	class EDDSA25519Verifier: public Verifier
+	{
+		public:
+
+			EDDSA25519Verifier (const uint8_t * signingKey);
+			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
+
+			size_t GetPublicKeyLen () const { return EDDSA25519_PUBLIC_KEY_LENGTH; };
+			size_t GetSignatureLen () const { return EDDSA25519_SIGNATURE_LENGTH; };
+
+		private:
+
+			EDDSAPoint m_PublicKey;	
+			uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH];
+	};
+
+	class EDDSA25519Signer: public Signer
+	{
+		public:
+
+			EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey = nullptr); 
+			// we pass signingPublicKey to check if it matches private key 
+			void Sign (const uint8_t * buf, int len, uint8_t * signature) const; 
+			const uint8_t * GetPublicKey () const { return m_PublicKeyEncoded; };
+			
+		private:
+
+			uint8_t m_ExpandedPrivateKey[64]; 
+			uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH];
+	};
+
+	inline void CreateEDDSA25519RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
+	{
+		RAND_bytes (signingPrivateKey, EDDSA25519_PRIVATE_KEY_LENGTH);
+		EDDSA25519Signer signer (signingPrivateKey);
+		memcpy (signingPublicKey, signer.GetPublicKey (), EDDSA25519_PUBLIC_KEY_LENGTH);
+	}
 }
 }