Merge pull request #1641 from PurpleI2P/openssl

2.37.0

ChangeLog

@@ -1,6 +1,34 @@
 # for this file format description,
 # see https://github.com/olivierlacan/keep-a-changelog
 
+## [2.37.0] - 2021-03-15
+### Added
+- Address registration line for reg.i2p and stats.i2p through the web console
+- "4" and "6" caps for addresses without published IP address
+- Mesh and Proxy network statuses
+- Symmetric NAT network status error
+- Bind server tunnel connection to specified address
+- lookuplocal BOB extended command
+- address4 and address6 parameters to bind outgoing connections to 
+- Rekey of low-bandwidth routers to ECIES
+- Popup notification windows when unable to parse config for Windows
+### Changed
+- Floodfills with "U" cap are not ignored anymore
+- Check transports reachability between tunnel peers and between router and floodfill 
+- NTCP2 and reseed HTTP proxy support authorization now
+- Show actual IP addresses for proxy connections
+- Publish and handle SSU addreses without host
+- Outbound tunnel endpoint must be ipv4 compatible
+- Logging optimization
+- Removed Windows service
+### Fixed
+- Incoming SSU session terminates after 5 seconds
+- Outgoing NTCP2 ipv4 session even if ipv4 is disabled
+- No incoming Yggdrasil connection if connected through NTCP2 proxy
+- Race condition between tunnel build and floodfill requests decryption for ECIES routers
+- Numeric bandwidth limitation
+- Yggdrasil for Android
+
 ## [2.36.0] - 2021-02-15
 ### Added
 - Encrypted lookup and publications to ECIES-x25519 floodfiils

Makefile

@@ -39,7 +39,7 @@ else ifneq (, $(findstring freebsd, $(SYS))$(findstring openbsd, $(SYS)))
 	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
 	include Makefile.bsd
 else ifneq (, $(findstring mingw, $(SYS))$(findstring cygwin, $(SYS)))
-	DAEMON_SRC += Win32/DaemonWin32.cpp Win32/Win32Service.cpp Win32/Win32App.cpp Win32/Win32NetState.cpp
+	DAEMON_SRC += Win32/DaemonWin32.cpp Win32/Win32App.cpp Win32/Win32NetState.cpp
 	include Makefile.mingw
 else # not supported
 	$(error Not supported platform)

Win32/DaemonWin32.cpp

@@ -14,7 +14,6 @@
 #include "Log.h"
 
 #ifdef _WIN32
-#include "Win32Service.h"
 #ifdef WIN32_APP
 #include <windows.h>
 #include "Win32App.h"
@@ -35,45 +34,11 @@ namespace util
 		i2p::log::SetThrowFunction ([](const std::string& s)
 			{
 				MessageBox(0, TEXT(s.c_str ()), TEXT("i2pd"), MB_ICONERROR | MB_TASKMODAL | MB_OK );
-			});
+			}
+		);
 
 		if (!Daemon_Singleton::init(argc, argv))
 			return false;
-
-		std::string serviceControl; i2p::config::GetOption("svcctl", serviceControl);
-		if (serviceControl == "install")
-		{
-			LogPrint(eLogInfo, "WinSVC: installing ", SERVICE_NAME, " as service");
-			InstallService(
-				SERVICE_NAME,               // Name of service
-				SERVICE_DISPLAY_NAME,       // Name to display
-				SERVICE_START_TYPE,         // Service start type
-				SERVICE_DEPENDENCIES,       // Dependencies
-				SERVICE_ACCOUNT,            // Service running account
-				SERVICE_PASSWORD            // Password of the account
-				);
-			return false;
-		}
-		else if (serviceControl == "remove")
-		{
-			LogPrint(eLogInfo, "WinSVC: uninstalling ", SERVICE_NAME, " service");
-			UninstallService(SERVICE_NAME);
-			return false;
-		}
-
-		if (isDaemon)
-		{
-			LogPrint(eLogDebug, "Daemon: running as service");
-			I2PService service((PSTR)SERVICE_NAME);
-			if (!I2PService::Run(service))
-			{
-				LogPrint(eLogError, "Daemon: Service failed to run w/err 0x%08lx\n", GetLastError());
-				return false;
-			}
-			return false;
-		}
-		else
-			LogPrint(eLogDebug, "Daemon: running as user");
 		return true;
 	}
 
@@ -86,9 +51,6 @@ namespace util
 		setlocale(LC_TIME, "C");
 #ifdef WIN32_APP
 		if (!i2p::win32::StartWin32App ()) return false;
-
-		// override log
-		i2p::config::SetOption("log", std::string ("file"));
 #endif
 		bool ret = Daemon_Singleton::start();
 		if (ret && i2p::log::Logger().GetLogType() == eLogFile)

Win32/Win32Service.cpp

@@ -1,414 +0,0 @@
-/*
-* Copyright (c) 2013-2020, The PurpleI2P Project
-*
-* This file is part of Purple i2pd project and licensed under BSD3
-*
-* See full license text in LICENSE file at top of project tree
-*/
-
-#ifdef _WIN32
-#define _CRT_SECURE_NO_WARNINGS // to use freopen
-#endif
-
-#include "Win32Service.h"
-#include <assert.h>
-//#include <strsafe.h>
-#include <windows.h>
-
-#include "Daemon.h"
-#include "Log.h"
-
-I2PService *I2PService::s_service = NULL;
-
-BOOL I2PService::isService()
-{
-	BOOL bIsService = FALSE;
-	HWINSTA hWinStation = GetProcessWindowStation();
-	if (hWinStation != NULL)
-	{
-		USEROBJECTFLAGS uof = { 0 };
-		if (GetUserObjectInformation(hWinStation, UOI_FLAGS, &uof, sizeof(USEROBJECTFLAGS), NULL) && ((uof.dwFlags & WSF_VISIBLE) == 0))
-		{
-			bIsService = TRUE;
-		}
-	}
-	return bIsService;
-}
-
-BOOL I2PService::Run(I2PService &service)
-{
-	s_service = &service;
-	SERVICE_TABLE_ENTRY serviceTable[] =
-	{
-		{ service.m_name, ServiceMain },
-		{ NULL, NULL }
-	};
-	return StartServiceCtrlDispatcher(serviceTable);
-}
-
-void WINAPI I2PService::ServiceMain(DWORD dwArgc, PSTR *pszArgv)
-{
-	assert(s_service != NULL);
-	s_service->m_statusHandle = RegisterServiceCtrlHandler(
-		s_service->m_name, ServiceCtrlHandler);
-	if (s_service->m_statusHandle == NULL)
-	{
-		throw GetLastError();
-	}
-	s_service->Start(dwArgc, pszArgv);
-}
-
-
-void WINAPI I2PService::ServiceCtrlHandler(DWORD dwCtrl)
-{
-	switch (dwCtrl)
-	{
-		case SERVICE_CONTROL_STOP: s_service->Stop(); break;
-		case SERVICE_CONTROL_PAUSE: s_service->Pause(); break;
-		case SERVICE_CONTROL_CONTINUE: s_service->Continue(); break;
-		case SERVICE_CONTROL_SHUTDOWN: s_service->Shutdown(); break;
-		case SERVICE_CONTROL_INTERROGATE: break;
-		default: break;
-	}
-}
-
-I2PService::I2PService(PSTR pszServiceName,
-	BOOL fCanStop,
-	BOOL fCanShutdown,
-	BOOL fCanPauseContinue)
-{
-	m_name = (pszServiceName == NULL) ? (PSTR)"" : pszServiceName;
-	m_statusHandle = NULL;
-	m_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
-	m_status.dwCurrentState = SERVICE_START_PENDING;
-
-	DWORD dwControlsAccepted = 0;
-	if (fCanStop)
-		dwControlsAccepted |= SERVICE_ACCEPT_STOP;
-	if (fCanShutdown)
-		dwControlsAccepted |= SERVICE_ACCEPT_SHUTDOWN;
-	if (fCanPauseContinue)
-		dwControlsAccepted |= SERVICE_ACCEPT_PAUSE_CONTINUE;
-
-	m_status.dwControlsAccepted = dwControlsAccepted;
-	m_status.dwWin32ExitCode = NO_ERROR;
-	m_status.dwServiceSpecificExitCode = 0;
-	m_status.dwCheckPoint = 0;
-	m_status.dwWaitHint = 0;
-	m_fStopping = FALSE;
-	// Create a manual-reset event that is not signaled at first to indicate
-	// the stopped signal of the service.
-	m_hStoppedEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
-	if (m_hStoppedEvent == NULL)
-	{
-		throw GetLastError();
-	}
-}
-
-I2PService::~I2PService(void)
-{
-	if (m_hStoppedEvent)
-	{
-		CloseHandle(m_hStoppedEvent);
-		m_hStoppedEvent = NULL;
-	}
-}
-
-void I2PService::Start(DWORD dwArgc, PSTR *pszArgv)
-{
-	try
-	{
-		SetServiceStatus(SERVICE_START_PENDING);
-		OnStart(dwArgc, pszArgv);
-		SetServiceStatus(SERVICE_RUNNING);
-	}
-	catch (DWORD dwError)
-	{
-		LogPrint(eLogError, "Win32Service Start", dwError);
-		SetServiceStatus(SERVICE_STOPPED, dwError);
-	}
-	catch (...)
-	{
-		LogPrint(eLogError, "Win32Service failed to start.", EVENTLOG_ERROR_TYPE);
-		SetServiceStatus(SERVICE_STOPPED);
-	}
-}
-
-void I2PService::OnStart(DWORD dwArgc, PSTR *pszArgv)
-{
-	LogPrint(eLogInfo, "Win32Service in OnStart", EVENTLOG_INFORMATION_TYPE);
-	Daemon.start();
-	//i2p::util::config::OptionParser(dwArgc, pszArgv);
-	//i2p::util::filesystem::ReadConfigFile(i2p::util::config::mapArgs, i2p::util::config::mapMultiArgs);
-	//i2p::context.OverrideNTCPAddress(i2p::util::config::GetCharArg("-host", "127.0.0.1"),
-	//	i2p::util::config::GetArg("-port", 17070));
-	_worker = new std::thread(std::bind(&I2PService::WorkerThread, this));
-}
-
-void I2PService::WorkerThread()
-{
-	while (!m_fStopping)
-	{
-		::Sleep(1000); // Simulate some lengthy operations.
-	}
-	// Signal the stopped event.
-	SetEvent(m_hStoppedEvent);
-}
-
-void I2PService::Stop()
-{
-	DWORD dwOriginalState = m_status.dwCurrentState;
-	try
-	{
-		SetServiceStatus(SERVICE_STOP_PENDING);
-		OnStop();
-		SetServiceStatus(SERVICE_STOPPED);
-	}
-	catch (DWORD dwError)
-	{
-		LogPrint(eLogInfo, "Win32Service Stop", dwError);
-		SetServiceStatus(dwOriginalState);
-	}
-	catch (...)
-	{
-		LogPrint(eLogError, "Win32Service failed to stop.", EVENTLOG_ERROR_TYPE);
-		SetServiceStatus(dwOriginalState);
-	}
-}
-
-void I2PService::OnStop()
-{
-	// Log a service stop message to the Application log.
-	LogPrint(eLogInfo, "Win32Service in OnStop", EVENTLOG_INFORMATION_TYPE);
-	Daemon.stop();
-	m_fStopping = TRUE;
-	if (WaitForSingleObject(m_hStoppedEvent, INFINITE) != WAIT_OBJECT_0)
-	{
-		throw GetLastError();
-	}
-	_worker->join();
-	delete _worker;
-}
-
-void I2PService::Pause()
-{
-	try
-	{
-		SetServiceStatus(SERVICE_PAUSE_PENDING);
-		OnPause();
-		SetServiceStatus(SERVICE_PAUSED);
-	}
-	catch (DWORD dwError)
-	{
-		LogPrint(eLogError, "Win32Service Pause", dwError);
-		SetServiceStatus(SERVICE_RUNNING);
-	}
-	catch (...)
-	{
-		LogPrint(eLogError, "Win32Service failed to pause.", EVENTLOG_ERROR_TYPE);
-		SetServiceStatus(SERVICE_RUNNING);
-	}
-}
-
-void I2PService::OnPause()
-{
-}
-
-void I2PService::Continue()
-{
-	try
-	{
-		SetServiceStatus(SERVICE_CONTINUE_PENDING);
-		OnContinue();
-		SetServiceStatus(SERVICE_RUNNING);
-	}
-	catch (DWORD dwError)
-	{
-		LogPrint(eLogError, "Win32Service Continue", dwError);
-		SetServiceStatus(SERVICE_PAUSED);
-	}
-	catch (...)
-	{
-		LogPrint(eLogError, "Win32Service failed to resume.", EVENTLOG_ERROR_TYPE);
-		SetServiceStatus(SERVICE_PAUSED);
-	}
-}
-
-void I2PService::OnContinue()
-{
-}
-
-void I2PService::Shutdown()
-{
-	try
-	{
-		OnShutdown();
-		SetServiceStatus(SERVICE_STOPPED);
-	}
-	catch (DWORD dwError)
-	{
-		LogPrint(eLogError, "Win32Service Shutdown", dwError);
-	}
-	catch (...)
-	{
-		LogPrint(eLogError, "Win32Service failed to shut down.", EVENTLOG_ERROR_TYPE);
-	}
-}
-
-void I2PService::OnShutdown()
-{
-}
-
-void I2PService::SetServiceStatus(DWORD dwCurrentState,
-	DWORD dwWin32ExitCode,
-	DWORD dwWaitHint)
-{
-	static DWORD dwCheckPoint = 1;
-	m_status.dwCurrentState = dwCurrentState;
-	m_status.dwWin32ExitCode = dwWin32ExitCode;
-	m_status.dwWaitHint = dwWaitHint;
-	m_status.dwCheckPoint =
-		((dwCurrentState == SERVICE_RUNNING) ||
-		(dwCurrentState == SERVICE_STOPPED)) ?
-		0 : dwCheckPoint++;
-
-	::SetServiceStatus(m_statusHandle, &m_status);
-}
-
-//*****************************************************************************
-
-void FreeHandles(SC_HANDLE schSCManager, SC_HANDLE schService)
-{
-	if (schSCManager)
-	{
-		CloseServiceHandle(schSCManager);
-		schSCManager = NULL;
-	}
-	if (schService)
-	{
-		CloseServiceHandle(schService);
-		schService = NULL;
-	}
-}
-
-void InstallService(PCSTR pszServiceName, PCSTR pszDisplayName, DWORD dwStartType, PCSTR pszDependencies, PCSTR pszAccount, PCSTR pszPassword)
-{
-	printf("Try to install Win32Service (%s).\n", pszServiceName);
-
-	char szPath[MAX_PATH];
-	SC_HANDLE schSCManager = NULL;
-	SC_HANDLE schService = NULL;
-
-	if (GetModuleFileName(NULL, szPath, ARRAYSIZE(szPath)) == 0)
-	{
-		printf("GetModuleFileName failed w/err 0x%08lx\n", GetLastError());
-		FreeHandles(schSCManager, schService);
-		return;
-	}
-	char SvcOpt[] = " --daemon";
-	strncat(szPath, SvcOpt, strlen(SvcOpt));
-
-	// Open the local default service control manager database
-	schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT | SC_MANAGER_CREATE_SERVICE);
-	if (schSCManager == NULL)
-	{
-		printf("OpenSCManager failed w/err 0x%08lx\n", GetLastError());
-		FreeHandles(schSCManager, schService);
-		return;
-	}
-
-	// Install the service into SCM by calling CreateService
-	schService = CreateService(
-		schSCManager,                   // SCManager database
-		pszServiceName,                 // Name of service
-		pszDisplayName,                 // Name to display
-		SERVICE_QUERY_STATUS,           // Desired access
-		SERVICE_WIN32_OWN_PROCESS,      // Service type
-		dwStartType,                    // Service start type
-		SERVICE_ERROR_NORMAL,           // Error control type
-		szPath,                         // Service's binary
-		NULL,                           // No load ordering group
-		NULL,                           // No tag identifier
-		pszDependencies,                // Dependencies
-		pszAccount,                     // Service running account
-		pszPassword                     // Password of the account
-		);
-
-	if (schService == NULL)
-	{
-		printf("CreateService failed w/err 0x%08lx\n", GetLastError());
-		FreeHandles(schSCManager, schService);
-		return;
-	}
-
-	printf("Win32Service is installed as %s.\n", pszServiceName);
-
-	// Centralized cleanup for all allocated resources.
-	FreeHandles(schSCManager, schService);
-}
-
-void UninstallService(PCSTR pszServiceName)
-{
-	printf("Try to uninstall Win32Service (%s).\n", pszServiceName);
-
-	SC_HANDLE schSCManager = NULL;
-	SC_HANDLE schService = NULL;
-	SERVICE_STATUS ssSvcStatus = {};
-
-	// Open the local default service control manager database
-	schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
-	if (schSCManager == NULL)
-	{
-		printf("OpenSCManager failed w/err 0x%08lx\n", GetLastError());
-		FreeHandles(schSCManager, schService);
-		return;
-	}
-
-	// Open the service with delete, stop, and query status permissions
-	schService = OpenService(schSCManager, pszServiceName, SERVICE_STOP | SERVICE_QUERY_STATUS | DELETE);
-	if (schService == NULL)
-	{
-		printf("OpenService failed w/err 0x%08lx\n", GetLastError());
-		FreeHandles(schSCManager, schService);
-		return;
-	}
-
-	// Try to stop the service
-	if (ControlService(schService, SERVICE_CONTROL_STOP, &ssSvcStatus))
-	{
-		printf("Stopping %s.\n", pszServiceName);
-		Sleep(1000);
-
-		while (QueryServiceStatus(schService, &ssSvcStatus))
-		{
-			if (ssSvcStatus.dwCurrentState == SERVICE_STOP_PENDING)
-			{
-				printf(".");
-				Sleep(1000);
-			}
-			else break;
-		}
-
-		if (ssSvcStatus.dwCurrentState == SERVICE_STOPPED)
-		{
-			printf("\n%s is stopped.\n", pszServiceName);
-		}
-		else
-		{
-			printf("\n%s failed to stop.\n", pszServiceName);
-		}
-	}
-
-	// Now remove the service by calling DeleteService.
-	if (!DeleteService(schService))
-	{
-		printf("DeleteService failed w/err 0x%08lx\n", GetLastError());
-		FreeHandles(schSCManager, schService);
-		return;
-	}
-
-	printf("%s is removed.\n", pszServiceName);
-
-	// Centralized cleanup for all allocated resources.
-	FreeHandles(schSCManager, schService);
-}

Win32/Win32Service.h

@@ -1,92 +0,0 @@
-/*
-* Copyright (c) 2013-2020, The PurpleI2P Project
-*
-* This file is part of Purple i2pd project and licensed under BSD3
-*
-* See full license text in LICENSE file at top of project tree
-*/
-
-#ifndef WIN_32_SERVICE_H__
-#define WIN_32_SERVICE_H__
-
-#include <thread>
-#include <windows.h>
-
-#ifdef _WIN32
-// Internal name of the service
-#define SERVICE_NAME             "i2pdService"
-
-// Displayed name of the service
-#define SERVICE_DISPLAY_NAME     "i2pd router service"
-
-// Service start options.
-#define SERVICE_START_TYPE       SERVICE_DEMAND_START
-
-// List of service dependencies - "dep1\0dep2\0\0"
-#define SERVICE_DEPENDENCIES     ""
-
-// The name of the account under which the service should run
-#define SERVICE_ACCOUNT          "NT AUTHORITY\\LocalService"
-
-// The password to the service account name
-#define SERVICE_PASSWORD         NULL
-#endif
-
-class I2PService
-{
-	public:
-
-		I2PService(PSTR pszServiceName,
-			BOOL fCanStop = TRUE,
-			BOOL fCanShutdown = TRUE,
-			BOOL fCanPauseContinue = FALSE);
-
-		virtual ~I2PService(void);
-
-		static BOOL isService();
-		static BOOL Run(I2PService &service);
-		void Stop();
-
-	protected:
-
-		virtual void OnStart(DWORD dwArgc, PSTR *pszArgv);
-		virtual void OnStop();
-		virtual void OnPause();
-		virtual void OnContinue();
-		virtual void OnShutdown();
-		void SetServiceStatus(DWORD dwCurrentState,
-			DWORD dwWin32ExitCode = NO_ERROR,
-			DWORD dwWaitHint = 0);
-
-	private:
-
-		static void WINAPI ServiceMain(DWORD dwArgc, LPSTR *lpszArgv);
-		static void WINAPI ServiceCtrlHandler(DWORD dwCtrl);
-		void WorkerThread();
-		void Start(DWORD dwArgc, PSTR *pszArgv);
-		void Pause();
-		void Continue();
-		void Shutdown();
-		static I2PService* s_service;
-		PSTR m_name;
-		SERVICE_STATUS m_status;
-		SERVICE_STATUS_HANDLE m_statusHandle;
-
-		BOOL m_fStopping;
-		HANDLE m_hStoppedEvent;
-
-		std::thread* _worker;
-};
-
-void InstallService(
-	PCSTR pszServiceName,
-	PCSTR pszDisplayName,
-	DWORD dwStartType,
-	PCSTR pszDependencies,
-	PCSTR pszAccount,
-	PCSTR pszPassword
-);
-
-void UninstallService(PCSTR pszServiceName);
-
-#endif // WIN_32_SERVICE_H__

appveyor.yml

@@ -1,4 +1,4 @@
-version: 2.36.0.{build}
+version: 2.37.0.{build}
 pull_requests:
   do_not_increment_build_number: true
 branches:

contrib/rpm/i2pd-git.spec

@@ -1,7 +1,7 @@
 %define git_hash %(git rev-parse HEAD | cut -c -7)
 
 Name:          i2pd-git
-Version:       2.36.0
+Version:       2.37.0
 Release:       git%{git_hash}%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd
@@ -137,6 +137,9 @@ getent passwd i2pd >/dev/null || \
 
 
 %changelog
+* Mon Mar 15 2021 orignal <i2porignal@yandex.ru> - 2.37.0
+- update to 2.37.0
+
 * Mon Feb 15 2021 orignal <i2porignal@yandex.ru> - 2.36.0
 - update to 2.36.0
 

contrib/rpm/i2pd.spec

@@ -1,5 +1,5 @@
 Name:          i2pd
-Version:       2.36.0
+Version:       2.37.0
 Release:       1%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd-git
@@ -135,6 +135,9 @@ getent passwd i2pd >/dev/null || \
 
 
 %changelog
+* Mon Mar 15 2021 orignal <i2porignal@yandex.ru> - 2.37.0
+- update to 2.37.0
+
 * Mon Feb 15 2021 orignal <i2porignal@yandex.ru> - 2.36.0
 - update to 2.36.0
 

daemon/Daemon.cpp

@@ -102,8 +102,13 @@ namespace util
 		if (logclftime)
 			i2p::log::Logger().SetTimeFormat ("[%d/%b/%Y:%H:%M:%S %z]");
 
+#ifdef WIN32_APP
+		// Win32 app with GUI supports only logging to file
+		logs = "file";
+#else
 		if (isDaemon && (logs == "" || logs == "stdout"))
 			logs = "file";
+#endif
 
 		i2p::log::Logger().SetLogLevel(loglevel);
 		if (logstream) {
@@ -123,7 +128,7 @@ namespace util
 			// use stdout -- default
 		}
 
-		LogPrint(eLogInfo,  "i2pd v", VERSION, " starting");
+		LogPrint(eLogNone,  "i2pd v", VERSION, " starting");
 		LogPrint(eLogDebug, "FS: main config file: ", config);
 		LogPrint(eLogDebug, "FS: data directory: ", datadir);
 
@@ -144,6 +149,25 @@ namespace util
 		ipv4 = false;
 		ipv6 = true;
 #endif
+		// ifname -> address
+		std::string ifname;  i2p::config::GetOption("ifname", ifname);
+		if (ipv4 && i2p::config::IsDefault ("address4"))
+		{
+			std::string ifname4; i2p::config::GetOption("ifname4", ifname4);
+			if (!ifname4.empty ())
+				i2p::config::SetOption ("address4", i2p::util::net::GetInterfaceAddress(ifname4, false).to_string ()); // v4
+			else if (!ifname.empty ())
+				i2p::config::SetOption ("address4", i2p::util::net::GetInterfaceAddress(ifname, false).to_string ()); // v4 
+		}	
+		if (ipv6 && i2p::config::IsDefault ("address6"))
+		{
+			std::string ifname6; i2p::config::GetOption("ifname6", ifname6);
+			if (!ifname6.empty ())
+				i2p::config::SetOption ("address6", i2p::util::net::GetInterfaceAddress(ifname6, true).to_string ()); // v6
+			else if (!ifname.empty ())
+				i2p::config::SetOption ("address6", i2p::util::net::GetInterfaceAddress(ifname, true).to_string ()); // v6
+		}	
+		
 		bool ygg; i2p::config::GetOption("meshnets.yggdrasil", ygg);
 		boost::asio::ip::address_v6 yggaddr;
 		if (ygg)
@@ -186,6 +210,11 @@ namespace util
 		{
 			bool published; i2p::config::GetOption("ntcp2.published", published);
 			if (published)
+			{	
+				std::string ntcp2proxy; i2p::config::GetOption("ntcp2.proxy", ntcp2proxy);
+				if (!ntcp2proxy.empty ()) published = false;
+			}	
+			if (published)
 			{
 				uint16_t ntcp2port; i2p::config::GetOption("ntcp2.port", ntcp2port);
 				if (!ntcp2port) ntcp2port = port; // use standard port
@@ -206,6 +235,8 @@ namespace util
 			if (!ntcp2)
 				i2p::context.PublishNTCP2Address (port, true); 
 			i2p::context.UpdateNTCP2V6Address (yggaddr);
+			if (!ipv4 && !ipv6)
+				i2p::context.SetStatus (eRouterStatusMesh);		
 		}	
 		
 		bool transit; i2p::config::GetOption("notransit", transit);
@@ -343,7 +374,7 @@ namespace util
 		if(!ntcp2) LogPrint(eLogInfo, "Daemon: ntcp2 disabled");
 
 		i2p::transport::transports.SetCheckReserved(checkInReserved);
-		i2p::transport::transports.Start(ntcp2 || i2p::context.SupportsMesh (), ssu);
+		i2p::transport::transports.Start(ntcp2, ssu);
 		if (i2p::transport::transports.IsBoundSSU() || i2p::transport::transports.IsBoundNTCP2())
 			LogPrint(eLogInfo, "Daemon: Transports started");
 		else

daemon/HTTPServer.cpp

@@ -123,6 +123,7 @@ namespace http {
 	const char HTTP_COMMAND_LOGLEVEL[] = "set_loglevel";
 	const char HTTP_COMMAND_KILLSTREAM[] = "closestream";
 	const char HTTP_COMMAND_LIMITTRANSIT[] = "limittransit";
+	const char HTTP_COMMAND_GET_REG_STRING[] = "get_reg_string";
 	const char HTTP_PARAM_SAM_SESSION_ID[] = "id";
 	const char HTTP_PARAM_ADDRESS[] = "address";
 
@@ -252,6 +253,9 @@ namespace http {
 			case eRouterStatusOK: s << "OK"; break;
 			case eRouterStatusTesting: s << "Testing"; break;
 			case eRouterStatusFirewalled: s << "Firewalled"; break;
+			case eRouterStatusUnknown: s << "Unknown"; break;
+			case eRouterStatusProxy: s << "Proxy"; break;
+			case eRouterStatusMesh: s << "Mesh"; break;
 			case eRouterStatusError:
 			{
 				s << "Error";
@@ -405,9 +409,9 @@ namespace http {
 		}
 	}
 
-	static void ShowLeaseSetDestination (std::stringstream& s, std::shared_ptr<const i2p::client::LeaseSetDestination> dest)
+	static void ShowLeaseSetDestination (std::stringstream& s, std::shared_ptr<const i2p::client::LeaseSetDestination> dest, uint32_t token)
 	{
-		s << "<b>Base64:</b><br>\r\n<textarea readonly cols=\"80\" rows=\"8\" wrap=\"on\">";
+		s << "<b>Base64:</b><br>\r\n<textarea readonly cols=\"80\" rows=\"8\">";
 		s << dest->GetIdentity ()->ToBase64 () << "</textarea><br>\r\n<br>\r\n";
 		if (dest->IsEncryptedLeaseSet ())
 		{
@@ -417,6 +421,20 @@ namespace http {
 			s << "</div>\r\n</div>\r\n";
 		}
 
+		if(dest->IsPublic())
+		{
+			std::string webroot; i2p::config::GetOption("http.webroot", webroot);
+			auto base32 = dest->GetIdentHash ().ToBase32 ();
+			s << "<div class='slide'><label for='slide-regaddr'><b>Address registration line</b></label>\r\n<input type=\"checkbox\" id=\"slide-regaddr\" />\r\n<div class=\"slidecontent\">\r\n"
+			     "<form method=\"get\" action=\"" << webroot << "\">\r\n"
+			     "  <input type=\"hidden\" name=\"cmd\" value=\"" << HTTP_COMMAND_GET_REG_STRING << "\">\r\n"
+			     "  <input type=\"hidden\" name=\"token\" value=\"" << token << "\">\r\n"
+			     "  <input type=\"hidden\" name=\"b32\" value=\"" << base32 << "\">\r\n"
+			     "  <b>Domain:</b>\r\n<input type=\"text\" maxlength=\"67\" name=\"name\" placeholder=\"domain.i2p\" required>\r\n"
+			     "  <button type=\"submit\">Generate</button>\r\n"
+			     "</form>\r\n<small><b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.</small>\r\n</div>\r\n</div>\r\n<br>\r\n";
+		}
+
 		if(dest->GetNumRemoteLeaseSets())
 		{
 			s << "<div class='slide'><label for='slide-lease'><b>LeaseSets:</b> <i>" << dest->GetNumRemoteLeaseSets ()
@@ -492,7 +510,7 @@ namespace http {
 
 		if (dest)
 		{
-			ShowLeaseSetDestination (s, dest);
+			ShowLeaseSetDestination (s, dest, token);
 			// show streams
 			s << "<table>\r\n<caption>Streams</caption>\r\n<thead>\r\n<tr>";
 			s << "<th style=\"width:25px;\">StreamID</th>";
@@ -535,7 +553,7 @@ namespace http {
 		}
 	}
 
-    void ShowI2CPLocalDestination (std::stringstream& s, const std::string& id)
+	void ShowI2CPLocalDestination (std::stringstream& s, const std::string& id)
 	{
 		auto i2cpServer = i2p::client::context.GetI2CPServer ();
 		if (i2cpServer)
@@ -543,7 +561,7 @@ namespace http {
 			s << "<b>I2CP Local Destination:</b><br>\r\n<br>\r\n";
 			auto it = i2cpServer->GetSessions ().find (std::stoi (id));
 			if (it != i2cpServer->GetSessions ().end ())
-				ShowLeaseSetDestination (s, it->second->GetDestination ());
+				ShowLeaseSetDestination (s, it->second->GetDestination (), 0);
 			else
 				ShowError(s, "I2CP session not found");
 		}
@@ -823,7 +841,7 @@ namespace http {
 			s << "<b>SAM Sessions:</b> no sessions currently running.<br>\r\n";
 	}
 
-    void ShowSAMSession (std::stringstream& s, const std::string& id)
+	void ShowSAMSession (std::stringstream& s, const std::string& id)
 	{
 		auto sam = i2p::client::context.GetSAMBridge ();
 		if (!sam) {
@@ -1208,15 +1226,15 @@ namespace http {
 				if (dest)
 				{
 					if(dest->DeleteStream (streamID))
-						s << "<b>SUCCESS</b>:&nbsp;Stream closed<br><br>\r\n";
+						s << "<b>SUCCESS</b>:&nbsp;Stream closed<br>\r\n<br>\r\n";
 					else
-						s << "<b>ERROR</b>:&nbsp;Stream not found or already was closed<br><br>\r\n";
+						s << "<b>ERROR</b>:&nbsp;Stream not found or already was closed<br>\r\n<br>\r\n";
 				}
 				else
-					s << "<b>ERROR</b>:&nbsp;Destination not found<br><br>\r\n";
+					s << "<b>ERROR</b>:&nbsp;Destination not found<br>\r\n<br>\r\n";
 			}
 			else
-				s << "<b>ERROR</b>:&nbsp;StreamID can be null<br><br>\r\n";
+				s << "<b>ERROR</b>:&nbsp;StreamID can be null<br>\r\n<br>\r\n";
 
 			s << "<a href=\"" << webroot << "?page=local_destination&b32=" << b32 << "\">Return to destination page</a><br>\r\n";
 			s << "<p>You will be redirected back in 5 seconds</b>";
@@ -1230,13 +1248,62 @@ namespace http {
 			if (limit > 0 && limit <= 65535)
 				SetMaxNumTransitTunnels (limit);
 			else {
-				s << "<b>ERROR</b>:&nbsp;Transit tunnels count must not exceed 65535<br><br>\r\n";
+				s << "<b>ERROR</b>:&nbsp;Transit tunnels count must not exceed 65535\r\n<br>\r\n<br>\r\n";
-				s << "<a href=\"" << webroot << "?page=commands\">Back to commands list</a><br>\r\n";
+				s << "<a href=\"" << webroot << "?page=commands\">Back to commands list</a>\r\n<br>\r\n";
 				s << "<p>You will be redirected back in 5 seconds</b>";
 				res.add_header("Refresh", redirect.c_str());
 				return;
 			}
 		}
+		else if (cmd == HTTP_COMMAND_GET_REG_STRING)
+		{
+			std::string b32 = params["b32"];
+			std::string name = params["name"];
+
+			i2p::data::IdentHash ident;
+			ident.FromBase32 (b32);
+			auto dest = i2p::client::context.FindLocalDestination (ident);
+
+			if (dest) 
+			{
+				std::size_t pos;
+				pos = name.find (".i2p");
+				if (pos == (name.length () - 4)) 
+				{
+					pos = name.find (".b32.i2p");
+					if (pos == std::string::npos) 
+					{
+						auto signatureLen = dest->GetIdentity ()->GetSignatureLen ();
+						uint8_t * signature = new uint8_t[signatureLen];
+						char * sig = new char[signatureLen*2];
+						std::stringstream out;
+
+						out << name << "=" << dest->GetIdentity ()->ToBase64 ();
+						dest->Sign ((uint8_t *)out.str ().c_str (), out.str ().length (), signature);
+						auto len = i2p::data::ByteStreamToBase64 (signature, signatureLen, sig, signatureLen*2);
+						sig[len] = 0;
+						out << "#!sig=" << sig;
+						s << "<b>SUCCESS</b>:<br>\r\n<form action=\"http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/add\" method=\"post\" rel=\"noreferrer\" target=\"_blank\">\r\n"
+						     "<textarea readonly name=\"record\" cols=\"80\" rows=\"10\">" << out.str () << "</textarea>\r\n<br>\r\n<br>\r\n"
+						     "<b>Register at reg.i2p:</b>\r\n<br>\r\n"
+						     "<b>Description:</b>\r\n<input type=\"text\" maxlength=\"64\" name=\"desc\" placeholder=\"A bit information about service on domain\">\r\n"
+						     "<input type=\"submit\" value=\"Submit\">\r\n"
+						     "</form>\r\n<br>\r\n";
+						delete[] signature;
+						delete[] sig;
+					} 
+					else 
+						s << "<b>ERROR</b>:&nbsp;Domain can't end with .b32.i2p\r\n<br>\r\n<br>\r\n";
+				} 
+				else
+					s << "<b>ERROR</b>:&nbsp;Domain must end with .i2p\r\n<br>\r\n<br>\r\n";
+			} 
+			else
+				s << "<b>ERROR</b>:&nbsp;Such destination is not found\r\n<br>\r\n<br>\r\n";
+
+			s << "<a href=\"" << webroot << "?page=local_destination&b32=" << b32 << "\">Return to destination page</a>\r\n";
+			return;
+		}
 		else
 		{
 			res.code = 400;

debian/changelog

@@ -1,3 +1,9 @@
+i2pd (2.37.0-1) unstable; urgency=medium
+
+  * updated to version 2.37.0
+
+ -- orignal <orignal@i2pmail.org>  Mon, 15 Mar 2021 16:00:00 +0000
+
 i2pd (2.36.0-1) unstable; urgency=high
 
   * updated to version 2.36.0/0.9.49

libi2pd/Config.cpp

@@ -19,6 +19,7 @@
 #include "Identity.h"
 #include "Config.h"
 #include "version.h"
+#include "Log.h"
 
 using namespace boost::program_options;
 
@@ -65,7 +66,7 @@ namespace config {
 			("ssu", bool_switch()->default_value(true),                       "Enable SSU transport (default: enabled)")
 			("ntcpproxy", value<std::string>()->default_value(""),            "Ignored")
 #ifdef _WIN32
-			("svcctl", value<std::string>()->default_value(""),               "Windows service management ('install' or 'remove')")
+			("svcctl", value<std::string>()->default_value(""),               "Ignored")
 			("insomnia", bool_switch()->default_value(false),                 "Prevent system from sleeping (default: disabled)")
 			("close", value<std::string>()->default_value("ask"),             "Action on close: minimize, exit, ask")
 #endif
@@ -209,7 +210,7 @@ namespace config {
 			),                                                            "Reseed URLs, separated by comma")
 			("reseed.yggurls", value<std::string>()->default_value(
 				"http://[324:9de3:fea4:f6ac::ace]:7070/"
-			),        													  "Reseed URLs through the Yggdrasil, separated by comma") 	                                                
+			),                                                            "Reseed URLs through the Yggdrasil, separated by comma")
 		;
 
 		options_description addressbook("AddressBook options");
@@ -218,12 +219,12 @@ namespace config {
 				"http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt"
 			),                                                                     "AddressBook subscription URL for initial setup")
 			("addressbook.subscriptions", value<std::string>()->default_value(""), "AddressBook subscriptions URLs, separated by comma")
-			("addressbook.hostsfile", value<std::string>()->default_value(""), "File to dump addresses in hosts.txt format");
+			("addressbook.hostsfile", value<std::string>()->default_value(""),     "File to dump addresses in hosts.txt format");
 
 		options_description trust("Trust options");
 		trust.add_options()
 			("trust.enabled", value<bool>()->default_value(false),     "Enable explicit trust options")
-			("trust.family", value<std::string>()->default_value(""),  "Router Familiy to trust for first hops")
+			("trust.family", value<std::string>()->default_value(""),  "Router Family to trust for first hops")
 			("trust.routers", value<std::string>()->default_value(""), "Only Connect to these routers")
 			("trust.hidden", value<bool>()->default_value(false),      "Should we hide our router from other routers?")
 		;
@@ -281,9 +282,9 @@ namespace config {
 		options_description meshnets("Meshnet transports options");
 		meshnets.add_options()
 			("meshnets.yggdrasil", bool_switch()->default_value(false),              "Support transports through the Yggdrasil (deafult: false)")
-			("meshnets.yggaddress", value<std::string>()->default_value(""), 		 "Yggdrasil address to publish")
+			("meshnets.yggaddress", value<std::string>()->default_value(""),         "Yggdrasil address to publish")
-		;	
+		;
-		
+
 		m_OptionsDesc
 			.add(general)
 			.add(limits)
@@ -314,7 +315,7 @@ namespace config {
 		try
 		{
 			auto style = boost::program_options::command_line_style::unix_style
-				| boost::program_options::command_line_style::allow_long_disguise;
+			           | boost::program_options::command_line_style::allow_long_disguise;
 			style &=   ~ boost::program_options::command_line_style::allow_guessing;
 			if (ignoreUnknown)
 				store(command_line_parser(argc, argv).options(m_OptionsDesc).style (style).allow_unregistered().run(), m_Options);
@@ -323,6 +324,7 @@ namespace config {
 		}
 		catch (boost::program_options::error& e)
 		{
+			ThrowFatal ("Error while parsing arguments: ", e.what());
 			std::cerr << "args: " << e.what() << std::endl;
 			exit(EXIT_FAILURE);
 		}
@@ -360,6 +362,7 @@ namespace config {
 
 		if (!config.is_open())
 		{
+			ThrowFatal ("Missing or unreadable config file: ", path);
 			std::cerr << "missing/unreadable config file: " << path << std::endl;
 			exit(EXIT_FAILURE);
 		}
@@ -370,6 +373,7 @@ namespace config {
 		}
 		catch (boost::program_options::error& e)
 		{
+			ThrowFatal ("Error while parsing config file: ", e.what());
 			std::cerr << e.what() << std::endl;
 			exit(EXIT_FAILURE);
 		};

libi2pd/Destination.h

@@ -137,6 +137,8 @@ namespace client
 			void ProcessDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);
 			void SetLeaseSetUpdated ();
 
+			bool IsPublic () const { return m_IsPublic; };
+
 		protected:
 
 			// implements GarlicDestination
@@ -147,7 +149,6 @@ namespace client
 			int GetLeaseSetType () const { return m_LeaseSetType; };
 			void SetLeaseSetType (int leaseSetType) { m_LeaseSetType = leaseSetType; };
 			int GetAuthType () const { return m_AuthType; };
-			bool IsPublic () const { return m_IsPublic; };
 			virtual void CleanupDestination () {}; // additional clean up in derived classes
 			// I2CP
 			virtual void HandleDataMessage (const uint8_t * buf, size_t len) = 0;

libi2pd/ECIESX25519AEADRatchetSession.cpp

@@ -227,7 +227,7 @@ namespace garlic
 		if (!GetOwner ()) return false;
 		// we are Bob
 		// KDF1
-		i2p::crypto::InitNoiseIKState (*this, GetOwner ()->GetEncryptionPublicKey (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)); // bpk
+		i2p::crypto::InitNoiseIKState (GetNoiseState (), GetOwner ()->GetEncryptionPublicKey (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)); // bpk
 		
 		if (!i2p::crypto::GetElligator ()->Decode (buf, m_Aepk))
 		{
@@ -460,7 +460,7 @@ namespace garlic
 		offset += 32;
 
 		// KDF1
-		i2p::crypto::InitNoiseIKState (*this, m_RemoteStaticKey); // bpk
+		i2p::crypto::InitNoiseIKState (GetNoiseState (), m_RemoteStaticKey); // bpk
 		MixHash (m_EphemeralKeys->GetPublicKey (), 32); // h = SHA256(h || aepk)
 		uint8_t sharedSecret[32];
 		if (!m_EphemeralKeys->Agree (m_RemoteStaticKey, sharedSecret)) // x25519(aesk, bpk)
@@ -520,7 +520,7 @@ namespace garlic
 	bool ECIESX25519AEADRatchetSession::NewOutgoingMessageForRouter (const uint8_t * payload, size_t len, uint8_t * out, size_t outLen)
 	{
 		// we are Alice, router's bpk is m_RemoteStaticKey
-		i2p::crypto::InitNoiseNState (*this, m_RemoteStaticKey);
+		i2p::crypto::InitNoiseNState (GetNoiseState (), m_RemoteStaticKey);
 		size_t offset = 0;
 		m_EphemeralKeys = i2p::transport::transports.GetNextX25519KeysPair ();
 		memcpy (out + offset, m_EphemeralKeys->GetPublicKey (), 32);
@@ -656,7 +656,7 @@ namespace garlic
 		}
 		buf += 32; len -= 32;
 		// KDF for Reply Key Section
-		i2p::util::SaveStateHelper<i2p::crypto::NoiseSymmetricState> s(*this); // restore noise state on exit
+		i2p::util::SaveStateHelper<i2p::crypto::NoiseSymmetricState> s(GetNoiseState ()); // restore noise state on exit
 		MixHash (tag, 8); // h = SHA256(h || tag)
 		MixHash (bepk, 32); // h = SHA256(h || bepk)
 		uint8_t sharedSecret[32];
@@ -820,32 +820,6 @@ namespace garlic
 		}
 		return true;
 	}
-
-	bool ECIESX25519AEADRatchetSession::HandleNextMessageForRouter (const uint8_t * buf, size_t len)
-	{
-		if (!GetOwner ()) return false;
-		// we are Bob
-		i2p::crypto::InitNoiseNState (*this, GetOwner ()->GetEncryptionPublicKey (i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)); // bpk
-		MixHash (buf, 32);
-		uint8_t sharedSecret[32];
-		if (!GetOwner ()->Decrypt (buf, sharedSecret, nullptr, i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)) // x25519(bsk, aepk)
-		{
-			LogPrint (eLogWarning, "Garlic: Incorrect N ephemeral public key");
-			return false;
-		}	
-		MixKey (sharedSecret);
-		buf += 32; len -= 32;	
-		uint8_t nonce[12];
-		CreateNonce (0, nonce);
-		std::vector<uint8_t> payload (len - 16); 
-		if (!i2p::crypto::AEADChaCha20Poly1305 (buf, len - 16, m_H, 32, m_CK + 32, nonce, payload.data (), len - 16, false)) // decrypt
-		{
-			LogPrint (eLogWarning, "Garlic: Payload for router AEAD verification failed");
-			return false;
-		}
-		HandlePayload (payload.data (), len - 16, nullptr, 0);
-		return true;
-	}	
 		
 	std::shared_ptr<I2NPMessage> ECIESX25519AEADRatchetSession::WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg)
 	{
@@ -1124,6 +1098,38 @@ namespace garlic
 			ts*1000 > m_LastSentTimestamp + ECIESX25519_SEND_EXPIRATION_TIMEOUT*1000; // milliseconds
 	}
 
+	RouterIncomingRatchetSession::RouterIncomingRatchetSession (const i2p::crypto::NoiseSymmetricState& initState):
+		ECIESX25519AEADRatchetSession (&i2p::context, false)
+	{
+		SetNoiseState (initState);
+	}	
+
+	bool RouterIncomingRatchetSession::HandleNextMessage (const uint8_t * buf, size_t len)
+	{
+		if (!GetOwner ()) return false;
+		i2p::crypto::NoiseSymmetricState state (GetNoiseState ());
+		// we are Bob
+		state.MixHash (buf, 32);
+		uint8_t sharedSecret[32];
+		if (!GetOwner ()->Decrypt (buf, sharedSecret, nullptr, i2p::data::CRYPTO_KEY_TYPE_ECIES_X25519_AEAD)) // x25519(bsk, aepk)
+		{
+			LogPrint (eLogWarning, "Garlic: Incorrect N ephemeral public key");
+			return false;
+		}	
+		state.MixKey (sharedSecret);
+		buf += 32; len -= 32;	
+		uint8_t nonce[12];
+		CreateNonce (0, nonce);
+		std::vector<uint8_t> payload (len - 16); 
+		if (!i2p::crypto::AEADChaCha20Poly1305 (buf, len - 16, state.m_H, 32, state.m_CK + 32, nonce, payload.data (), len - 16, false)) // decrypt
+		{
+			LogPrint (eLogWarning, "Garlic: Payload for router AEAD verification failed");
+			return false;
+		}
+		HandlePayload (payload.data (), len - 16, nullptr, 0);
+		return true;
+	}	
+		
 	std::shared_ptr<I2NPMessage> WrapECIESX25519AEADRatchetMessage (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag)
 	{
 		auto m = NewI2NPMessage ();

libi2pd/ECIESX25519AEADRatchetSession.h

@@ -164,7 +164,6 @@ namespace garlic
 			~ECIESX25519AEADRatchetSession ();
 
 			bool HandleNextMessage (uint8_t * buf, size_t len, std::shared_ptr<ReceiveRatchetTagSet> receiveTagset, int index = 0);
-			bool HandleNextMessageForRouter (const uint8_t * buf, size_t len);
 			std::shared_ptr<I2NPMessage> WrapSingleMessage (std::shared_ptr<const I2NPMessage> msg);
 			std::shared_ptr<I2NPMessage> WrapOneTimeMessage (std::shared_ptr<const I2NPMessage> msg, bool isForRouter = false);
 			
@@ -186,16 +185,21 @@ namespace garlic
 			bool IsTerminated () const { return m_IsTerminated; }
 			uint64_t GetLastActivityTimestamp () const { return m_LastActivityTimestamp; };
 
+		protected:	
+			
+			i2p::crypto::NoiseSymmetricState& GetNoiseState () { return *this; };
+			void SetNoiseState (const i2p::crypto::NoiseSymmetricState& state) { GetNoiseState () = state; };
+			void CreateNonce (uint64_t seqn, uint8_t * nonce);
+			void HandlePayload (const uint8_t * buf, size_t len, const std::shared_ptr<ReceiveRatchetTagSet>& receiveTagset, int index);
+			
 		private:
 
-			void CreateNonce (uint64_t seqn, uint8_t * nonce);
 			bool GenerateEphemeralKeysAndEncode (uint8_t * buf); // buf is 32 bytes
 			void InitNewSessionTagset (std::shared_ptr<RatchetTagSet> tagsetNsr) const;
 
 			bool HandleNewIncomingSession (const uint8_t * buf, size_t len);
 			bool HandleNewOutgoingSessionReply (uint8_t * buf, size_t len);
 			bool HandleExistingSessionMessage (uint8_t * buf, size_t len, std::shared_ptr<ReceiveRatchetTagSet> receiveTagset, int index);
-			void HandlePayload (const uint8_t * buf, size_t len, const std::shared_ptr<ReceiveRatchetTagSet>& receiveTagset, int index);
 			void HandleNextKey (const uint8_t * buf, size_t len, const std::shared_ptr<ReceiveRatchetTagSet>& receiveTagset);
 
 			bool NewOutgoingSessionMessage (const uint8_t * payload, size_t len, uint8_t * out, size_t outLen, bool isStatic = true);
@@ -237,6 +241,15 @@ namespace garlic
 			}
 	 };
 
+	// single session for all incoming messages
+	class RouterIncomingRatchetSession: public ECIESX25519AEADRatchetSession
+	{
+		public:
+
+			RouterIncomingRatchetSession (const i2p::crypto::NoiseSymmetricState& initState);
+			bool HandleNextMessage (const uint8_t * buf, size_t len);
+	};	
+	
 	std::shared_ptr<I2NPMessage> WrapECIESX25519AEADRatchetMessage (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag);
 }
 }

libi2pd/HTTP.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -9,12 +9,15 @@
 #include <algorithm>
 #include <utility>
 #include <stdio.h>
-#include "util.h"
-#include "HTTP.h"
 #include <ctime>
+#include "util.h"
+#include "Base.h"
+#include "HTTP.h"
 
-namespace i2p {
+namespace i2p 
-namespace http {
+{
+namespace http 
+{
 	const std::vector<std::string> HTTP_METHODS = {
 		"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "CONNECT", // HTTP basic methods
 		"COPY", "LOCK", "MKCOL", "MOVE", "PROPFIND", "PROPPATCH", "UNLOCK", "SEARCH" // WebDAV methods, for SEARCH see rfc5323
@@ -471,12 +474,15 @@ namespace http {
 		return ptr;
 	}
 
-	std::string UrlDecode(const std::string& data, bool allow_null) {
+	std::string UrlDecode(const std::string& data, bool allow_null) 
+	{
 		std::string decoded(data);
 		size_t pos = 0;
-		while ((pos = decoded.find('%', pos)) != std::string::npos) {
+		while ((pos = decoded.find('%', pos)) != std::string::npos) 
+		{
 			char c = strtol(decoded.substr(pos + 1, 2).c_str(), NULL, 16);
-			if (c == '\0' && !allow_null) {
+			if (c == '\0' && !allow_null) 
+			{
 				pos += 3;
 				continue;
 			}
@@ -486,9 +492,11 @@ namespace http {
 		return decoded;
 	}
 
-	bool MergeChunkedResponse (std::istream& in, std::ostream& out) {
+	bool MergeChunkedResponse (std::istream& in, std::ostream& out) 
+	{
 		std::string hexLen;
-		while (!in.eof ()) {
+		while (!in.eof ()) 
+		{
 			std::getline (in, hexLen);
 			errno = 0;
 			long int len = strtoul(hexLen.c_str(), (char **) NULL, 16);
@@ -506,5 +514,12 @@ namespace http {
 		}
 		return true;
 	}
+
+	std::string CreateBasicAuthorizationString (const std::string& user, const std::string& pass)
+	{
+		if (user.empty () && pass.empty ()) return "";
+		return "Basic " + i2p::data::ToBase64Standard (user + ":" + pass);
+	}
+	
 } // http
 } // i2p

libi2pd/HTTP.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -166,6 +166,9 @@ namespace http
 	 * @return true on success, false otherwise
 	 */
 	bool MergeChunkedResponse (std::istream& in, std::ostream& out);
+
+	std::string CreateBasicAuthorizationString (const std::string& user, const std::string& pass); 
+		
 } // http
 } // i2p
 

libi2pd/Log.h

@@ -148,7 +148,7 @@ namespace log {
 		LogLevel level;   /**< message level */
 		std::thread::id tid; /**< id of thread that generated message */
 
-		LogMsg (LogLevel lvl, std::time_t ts, const std::string & txt): timestamp(ts), text(txt), level(lvl) {};
+		LogMsg (LogLevel lvl, std::time_t ts, std::string&& txt): timestamp(ts), text(std::move(txt)), level(lvl) {}
 	};
 
 	Log & Logger();
@@ -189,7 +189,7 @@ void LogPrint (LogLevel level, TArgs&&... args) noexcept
 		return;
 
 	// fold message to single string
-	std::stringstream ss("");
+	std::stringstream ss;
 
 #if (__cplusplus >= 201703L) // C++ 17 or higher
 	(LogPrint (ss, std::forward<TArgs>(args)), ...);
@@ -197,7 +197,7 @@ void LogPrint (LogLevel level, TArgs&&... args) noexcept
 	LogPrint (ss, std::forward<TArgs>(args)...);
 #endif
 
-	auto msg = std::make_shared<i2p::log::LogMsg>(level, std::time(nullptr), ss.str());
+	auto msg = std::make_shared<i2p::log::LogMsg>(level, std::time(nullptr), std::move(ss).str());
 	msg->tid = std::this_thread::get_id();
 	log.Append(msg);
 }

libi2pd/NTCP2.cpp

@@ -1158,54 +1158,53 @@ namespace transport
 				}
 			}
 			else
-			{
 				LogPrint(eLogInfo, "NTCP2: Proxy is not used");
-				auto& addresses = context.GetRouterInfo ().GetAddresses ();
+			// start acceptors
-				for (const auto& address: addresses)
+			auto& addresses = context.GetRouterInfo ().GetAddresses ();
+			for (const auto& address: addresses)
+			{
+				if (!address) continue;
+				if (address->IsPublishedNTCP2 () && address->port)
 				{
-					if (!address) continue;
+					if (address->host.is_v4())
-					if (address->IsPublishedNTCP2 ())
 					{
-						if (address->host.is_v4())
+						try
 						{
-							try
+							auto ep = m_Address4 ? boost::asio::ip::tcp::endpoint (m_Address4->address(), address->port):
-							{
+								boost::asio::ip::tcp::endpoint (boost::asio::ip::tcp::v4(), address->port);
-								auto ep = m_Address4 ? boost::asio::ip::tcp::endpoint (m_Address4->address(), address->port):
+							m_NTCP2Acceptor.reset (new boost::asio::ip::tcp::acceptor (GetService (), ep));
-									boost::asio::ip::tcp::endpoint (boost::asio::ip::tcp::v4(), address->port);
-								m_NTCP2Acceptor.reset (new boost::asio::ip::tcp::acceptor (GetService (), ep));
-							}
-							catch ( std::exception & ex )
-							{
-								LogPrint(eLogError, "NTCP2: Failed to bind to v4 port ", address->port, ex.what());
-								ThrowFatal ("Unable to start IPv4 NTCP2 transport at port ", address->port, ": ", ex.what ());
-								continue;
-							}
-
-							LogPrint (eLogInfo, "NTCP2: Start listening v4 TCP port ", address->port);
-							auto conn = std::make_shared<NTCP2Session>(*this);
-							m_NTCP2Acceptor->async_accept(conn->GetSocket (), std::bind (&NTCP2Server::HandleAccept, this, conn, std::placeholders::_1));
 						}
-						else if (address->host.is_v6() && (context.SupportsV6 () || context.SupportsMesh ()))
+						catch ( std::exception & ex )
 						{
-							m_NTCP2V6Acceptor.reset (new boost::asio::ip::tcp::acceptor (GetService ()));
+							LogPrint(eLogError, "NTCP2: Failed to bind to v4 port ", address->port, ex.what());
-							try
+							ThrowFatal ("Unable to start IPv4 NTCP2 transport at port ", address->port, ": ", ex.what ());
-							{
+							continue;
-								m_NTCP2V6Acceptor->open (boost::asio::ip::tcp::v6());
+						}
-								m_NTCP2V6Acceptor->set_option (boost::asio::ip::v6_only (true));
-								m_NTCP2V6Acceptor->set_option (boost::asio::socket_base::reuse_address (true));
-								m_NTCP2V6Acceptor->bind (boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v6(), address->port));
-								m_NTCP2V6Acceptor->listen ();
 
-								LogPrint (eLogInfo, "NTCP2: Start listening v6 TCP port ", address->port);
+						LogPrint (eLogInfo, "NTCP2: Start listening v4 TCP port ", address->port);
-								auto conn = std::make_shared<NTCP2Session> (*this);
+						auto conn = std::make_shared<NTCP2Session>(*this);
-								m_NTCP2V6Acceptor->async_accept(conn->GetSocket (), std::bind (&NTCP2Server::HandleAcceptV6, this, conn, std::placeholders::_1));
+						m_NTCP2Acceptor->async_accept(conn->GetSocket (), std::bind (&NTCP2Server::HandleAccept, this, conn, std::placeholders::_1));
-							}
+					}
-							catch ( std::exception & ex )
+					else if (address->host.is_v6() && (context.SupportsV6 () || context.SupportsMesh ()))
-							{
+					{
-								LogPrint(eLogError, "NTCP2: failed to bind to v6 port ", address->port, ": ", ex.what());
+						m_NTCP2V6Acceptor.reset (new boost::asio::ip::tcp::acceptor (GetService ()));
-								ThrowFatal ("Unable to start IPv6 NTCP2 transport at port ", address->port, ": ", ex.what ());
+						try
-								continue;
+						{
-							}
+							m_NTCP2V6Acceptor->open (boost::asio::ip::tcp::v6());
+							m_NTCP2V6Acceptor->set_option (boost::asio::ip::v6_only (true));
+							m_NTCP2V6Acceptor->set_option (boost::asio::socket_base::reuse_address (true));
+							m_NTCP2V6Acceptor->bind (boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v6(), address->port));
+							m_NTCP2V6Acceptor->listen ();
+
+							LogPrint (eLogInfo, "NTCP2: Start listening v6 TCP port ", address->port);
+							auto conn = std::make_shared<NTCP2Session> (*this);
+							m_NTCP2V6Acceptor->async_accept(conn->GetSocket (), std::bind (&NTCP2Server::HandleAcceptV6, this, conn, std::placeholders::_1));
+						}
+						catch ( std::exception & ex )
+						{
+							LogPrint(eLogError, "NTCP2: failed to bind to v6 port ", address->port, ": ", ex.what());
+							ThrowFatal ("Unable to start IPv6 NTCP2 transport at port ", address->port, ": ", ex.what ());
+							continue;
 						}
 					}
 				}
@@ -1466,11 +1465,14 @@ namespace transport
 		});
 	}
 
-	void NTCP2Server::UseProxy(ProxyType proxytype, const std::string & addr, uint16_t port)
+	void NTCP2Server::UseProxy(ProxyType proxytype, const std::string& addr, uint16_t port,
+		const std::string& user, const std::string& pass)
 	{
 		m_ProxyType = proxytype;
 		m_ProxyAddress = addr;
 		m_ProxyPort = port;
+		if (m_ProxyType == eHTTPProxy )
+			m_ProxyAuthorization = i2p::http::CreateBasicAuthorizationString (user, pass);
 	}
 
 	void NTCP2Server::HandleProxyConnect(const boost::system::error_code& ecode, std::shared_ptr<NTCP2Session> conn, std::shared_ptr<boost::asio::deadline_timer> timer)
@@ -1539,8 +1541,10 @@ namespace transport
 				if(ep.address ().is_v6 ())
 					req.uri = "[" + ep.address ().to_string() + "]:" + std::to_string(ep.port ());
 				else
-					req.uri = ep.address ().to_string() + ":" + std::to_string(ep.port ());
+					req.uri = ep.address ().to_string() + ":" + std::to_string(ep.port ());	
-
+				if (!m_ProxyAuthorization.empty ())
+					req.AddHeader("Proxy-Authorization", m_ProxyAuthorization);
+				
 				boost::asio::streambuf writebuff;
 				std::ostream out(&writebuff);
 				out << req.to_string();

libi2pd/NTCP2.h

@@ -246,7 +246,7 @@ namespace transport
 			void Connect(std::shared_ptr<NTCP2Session> conn);
 
 			bool UsingProxy() const { return m_ProxyType != eNoProxy; };
-			void UseProxy(ProxyType proxy, const std::string & address, uint16_t port);
+			void UseProxy(ProxyType proxy, const std::string& address, uint16_t port, const std::string& user, const std::string& pass);
 
 			void SetLocalAddress (const boost::asio::ip::address& localAddress);
 			
@@ -271,7 +271,7 @@ namespace transport
 			std::list<std::shared_ptr<NTCP2Session> > m_PendingIncomingSessions;
 
 			ProxyType m_ProxyType;
-			std::string m_ProxyAddress;
+			std::string m_ProxyAddress, m_ProxyAuthorization;
 			uint16_t m_ProxyPort;
 			boost::asio::ip::tcp::resolver m_Resolver;
 			std::unique_ptr<boost::asio::ip::tcp::endpoint> m_ProxyEndpoint;

libi2pd/NetDb.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -57,7 +57,7 @@ namespace data
 		uint16_t threshold; i2p::config::GetOption("reseed.threshold", threshold);
 		if (m_RouterInfos.size () < threshold) // reseed if # of router less than threshold
 			Reseed ();
-		else if (!GetRandomRouter (i2p::context.GetSharedRouterInfo ()))
+		else if (!GetRandomRouter (i2p::context.GetSharedRouterInfo (), false))
 			Reseed (); // we don't have a router we can connect to. Trying to reseed
 		
 		i2p::config::GetOption("persist.profiles", m_PersistProfiles);
@@ -645,7 +645,9 @@ namespace data
 		auto floodfill = GetClosestFloodfill (destination, dest->GetExcludedPeers ());
 		if (floodfill)
 		{
-			if (direct && !floodfill->IsCompatible (i2p::context.GetRouterInfo ())) direct = false; // check if fllodfill is reachable
+			if (direct && !floodfill->IsReachableFrom (i2p::context.GetRouterInfo ()) &&
+			    !i2p::transport::transports.IsConnected (floodfill->GetIdentHash ())) 
+				direct = false; // floodfill can't be reached directly
 			if (direct)
 				transports.SendMessage (floodfill->GetIdentHash (), dest->CreateRequestMessage (floodfill->GetIdentHash ()));
 			else
@@ -1090,7 +1092,8 @@ namespace data
 			LogPrint (eLogInfo, "NetDb: Publishing our RouterInfo to ", i2p::data::GetIdentHashAbbreviation(floodfill->GetIdentHash ()), ". reply token=", replyToken);
 			m_PublishExcluded.insert (floodfill->GetIdentHash ());
 			m_PublishReplyToken = replyToken;
-			if (floodfill->IsCompatible (i2p::context.GetRouterInfo ())) // able to connect?
+			if (floodfill->IsReachableFrom (i2p::context.GetRouterInfo ()) || // are we able to connect?
+			    i2p::transport::transports.IsConnected (floodfill->GetIdentHash ()))  // already connected ?    
 				// send directly
 				transports.SendMessage (floodfill->GetIdentHash (), CreateDatabaseStoreMsg (i2p::context.GetSharedRouterInfo (), replyToken));
 			else
@@ -1135,13 +1138,14 @@ namespace data
 			});
 	}
 
-	std::shared_ptr<const RouterInfo> NetDb::GetRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith) const
+	std::shared_ptr<const RouterInfo> NetDb::GetRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith, bool reverse) const
 	{
 		return GetRandomRouter (
-			[compatibleWith](std::shared_ptr<const RouterInfo> router)->bool
+			[compatibleWith, reverse](std::shared_ptr<const RouterInfo> router)->bool
 			{
 				return !router->IsHidden () && router != compatibleWith &&
-					router->IsCompatible (*compatibleWith);
+					(reverse ? compatibleWith->IsReachableFrom (*router) :
+						router->IsReachableFrom (*compatibleWith));
 			});
 	}
 
@@ -1168,17 +1172,18 @@ namespace data
 		return GetRandomRouter (
 			[](std::shared_ptr<const RouterInfo> router)->bool
 			{
-				return !router->IsHidden () && router->IsIntroducer ();
+				return router->IsIntroducer () && !router->IsHidden () && !router->IsFloodfill (); // floodfills don't send relay tag
 			});
 	}
 
-	std::shared_ptr<const RouterInfo> NetDb::GetHighBandwidthRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith) const
+	std::shared_ptr<const RouterInfo> NetDb::GetHighBandwidthRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith, bool reverse) const
 	{
 		return GetRandomRouter (
-			[compatibleWith](std::shared_ptr<const RouterInfo> router)->bool
+			[compatibleWith, reverse](std::shared_ptr<const RouterInfo> router)->bool
 			{
 				return !router->IsHidden () && router != compatibleWith &&
-					router->IsCompatible (*compatibleWith) &&
+					(reverse ? compatibleWith->IsReachableFrom (*router) :
+						router->IsReachableFrom (*compatibleWith)) &&
 					(router->GetCaps () & RouterInfo::eHighBandwidth) &&
 					router->GetVersion () >= NETDB_MIN_HIGHBANDWIDTH_VERSION;
 			});

libi2pd/NetDb.hpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -83,8 +83,8 @@ namespace data
 			void HandleDeliveryStatusMsg (std::shared_ptr<const I2NPMessage> msg);
 
 			std::shared_ptr<const RouterInfo> GetRandomRouter () const;
-			std::shared_ptr<const RouterInfo> GetRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith) const;
+			std::shared_ptr<const RouterInfo> GetRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith, bool reverse) const;
-			std::shared_ptr<const RouterInfo> GetHighBandwidthRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith) const;
+			std::shared_ptr<const RouterInfo> GetHighBandwidthRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith, bool reverse) const;
 			std::shared_ptr<const RouterInfo> GetRandomPeerTestRouter (bool v4only = true) const;
 			std::shared_ptr<const RouterInfo> GetRandomSSUV6Router () const; // TODO: change to v6 peer test later
 			std::shared_ptr<const RouterInfo> GetRandomIntroducer () const;

libi2pd/Reseed.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -574,9 +574,11 @@ namespace data
 						proxyReq.method = "CONNECT";
 						proxyReq.version = "HTTP/1.1";
 						proxyReq.uri = url.host + ":" + std::to_string(url.port);
+						auto auth = i2p::http::CreateBasicAuthorizationString (proxyUrl.user, proxyUrl.pass);
+						if (!auth.empty ())
+							proxyReq.AddHeader("Proxy-Authorization", auth);
 
 						boost::asio::streambuf writebuf, readbuf;
-
 						std::ostream out(&writebuf);
 						out << proxyReq.to_string();
 

libi2pd/RouterContext.cpp

@@ -48,6 +48,7 @@ namespace i2p
 			auto initState = new i2p::crypto::NoiseSymmetricState ();
 			i2p::crypto::InitNoiseNState (*initState, GetIdentity ()->GetEncryptionPublicKey ());
 			m_InitialNoiseState.reset (initState);	
+			m_ECIESSession = std::make_shared<i2p::garlic::RouterIncomingRatchetSession>(*initState);
 		}	
 	}
 
@@ -75,33 +76,41 @@ namespace i2p
 		bool ntcp2;          i2p::config::GetOption("ntcp2.enabled", ntcp2);
 		bool ygg; 			 i2p::config::GetOption("meshnets.yggdrasil", ygg);
 		bool nat;            i2p::config::GetOption("nat", nat);
-		std::string ifname;  i2p::config::GetOption("ifname", ifname);
-		std::string ifname4; i2p::config::GetOption("ifname4", ifname4);
-		std::string ifname6; i2p::config::GetOption("ifname6", ifname6);
 		
 		if ((ntcp2 || ygg) && !m_NTCP2Keys)
 		    NewNTCP2Keys ();
 		bool ntcp2Published = false; 
 		if (ntcp2)
+		{	
 			i2p::config::GetOption("ntcp2.published", ntcp2Published);
-		uint8_t caps = 0;
+			if (ntcp2Published)
+			{
+				std::string ntcp2proxy; i2p::config::GetOption("ntcp2.proxy", ntcp2proxy);
+				if (!ntcp2proxy.empty ()) ntcp2Published = false;
+			}	
+		}	
+		uint8_t caps = 0, addressCaps = 0;
 		if (ipv4)
 		{
 			std::string host = "127.0.0.1";
 			if (!i2p::config::IsDefault("host"))
 				i2p::config::GetOption("host", host);
-			else if (!nat && !ifname.empty())
+			else if (!nat)
-				/* bind to interface, we have no NAT so set external address too */
+			{
-				host = i2p::util::net::GetInterfaceAddress(ifname, false).to_string(); // v4
+				// we have no NAT so set external address from local address
-			if(ifname4.size())
+				std::string address4; i2p::config::GetOption("address4", address4);
-				host = i2p::util::net::GetInterfaceAddress(ifname4, false).to_string();
+				if (!address4.empty ()) host = address4;
-
+			}	
+				
 			if (ntcp2)
 			{
 				if (ntcp2Published)
 					routerInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv, boost::asio::ip::address_v4::from_string (host), port);
 				else // add non-published NTCP2 address
+				{
+					addressCaps = i2p::data::RouterInfo::AddressCaps::eV4;
 					routerInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv); 
+				}		
 			}	
 			if (ssu)
 			{	
@@ -114,10 +123,11 @@ namespace i2p
 			std::string host = "::1";
 			if (!i2p::config::IsDefault("host") && !ipv4) // override if v6 only
 				i2p::config::GetOption("host", host);
-			else if (!ifname.empty())
+			else 
-				host = i2p::util::net::GetInterfaceAddress(ifname, true).to_string(); // v6
+			{
-			if(ifname6.size())
+				std::string address6; i2p::config::GetOption("address6", address6);
-				host = i2p::util::net::GetInterfaceAddress(ifname6, true).to_string();
+				if (!address6.empty ()) host = address6;
+			}
 			
 			if (ntcp2)
 			{
@@ -130,8 +140,12 @@ namespace i2p
 						ntcp2Host = host;
 					routerInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv, boost::asio::ip::address_v6::from_string (ntcp2Host), port);
 				}
-				else if (!ipv4) // no other ntcp2 addresses yet
+				else 
-					routerInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv);
+				{	
+					if (!ipv4) // no other ntcp2 addresses yet
+						routerInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv);
+					addressCaps |= i2p::data::RouterInfo::AddressCaps::eV6;
+				}	
 			}	
 			if (ssu)
 			{	
@@ -145,7 +159,9 @@ namespace i2p
 			if (!yggaddr.is_unspecified ())
 				routerInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv, yggaddr, port);
 		}	
-		
+
+		if (addressCaps)
+			routerInfo.SetUnreachableAddressesTransportCaps (addressCaps);
 		routerInfo.SetCaps (caps); // caps + L 
 		routerInfo.SetProperty ("netId", std::to_string (m_NetID));
 		routerInfo.SetProperty ("router.version", I2P_VERSION);
@@ -215,7 +231,7 @@ namespace i2p
 		bool updated = false;
 		for (auto& address : m_RouterInfo.GetAddresses ())
 		{
-			if (address->IsNTCP2 () && (address->port != port || address->ntcp2->isPublished != publish) && (!v4only || address->host.is_v4 ()))
+			if (address->IsNTCP2 () && (address->port != port || address->ntcp2->isPublished != publish) && (!v4only || address->IsV4 ()))
 			{
 				if (!port && !address->port)
 				{
@@ -388,6 +404,7 @@ namespace i2p
 		else if (limit >   48) { SetBandwidth('M'); }
 		else if (limit >   12) { SetBandwidth('L'); }
 		else                   { SetBandwidth('K'); }
+		m_BandwidthLimit = limit; // set precise limit
 	}
 
 	void RouterContext::SetShareRatio (int percents)
@@ -485,14 +502,13 @@ namespace i2p
 	{
 		if (supportsV6)
 		{
-			m_RouterInfo.EnableV6 ();
 			// insert v6 addresses if necessary
 			bool foundSSU = false, foundNTCP2 = false;
 			uint16_t port = 0;
 			auto& addresses = m_RouterInfo.GetAddresses ();
 			for (auto& addr: addresses)
 			{
-				if (addr->host.is_v6 ())
+				if (addr->IsV6 () && !i2p::util::net::IsYggdrasilAddress (addr->host))
 				{
 					if (addr->transportStyle == i2p::data::RouterInfo::eTransportSSU)
 						foundSSU = true;
@@ -529,6 +545,7 @@ namespace i2p
 					m_RouterInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv, boost::asio::ip::address::from_string (ntcp2Host), ntcp2Port);
 				}
 			}
+			m_RouterInfo.EnableV6 ();
 		}
 		else
 			m_RouterInfo.DisableV6 ();
@@ -537,8 +554,54 @@ namespace i2p
 
 	void RouterContext::SetSupportsV4 (bool supportsV4)
 	{
+		// check if updates
+		if (supportsV4 && SupportsV4 ()) return;
+		if (!supportsV4 && !SupportsV4 ()) return;
+		// update
 		if (supportsV4)
+		{
+			bool foundSSU = false, foundNTCP2 = false;
+			std::string host = "127.0.0.1"; 
+			uint16_t port = 0;
+			auto& addresses = m_RouterInfo.GetAddresses ();
+			for (auto& addr: addresses)
+			{
+				if (addr->IsV4 ())
+				{
+					if (addr->transportStyle == i2p::data::RouterInfo::eTransportSSU)
+						foundSSU = true;
+					else if (addr->transportStyle == i2p::data::RouterInfo::eTransportNTCP)
+						foundNTCP2 = true;
+				}
+				if (addr->port) port = addr->port;
+			}
+			if (!port) i2p::config::GetOption("port", port);
+			// SSU
+			if (!foundSSU)
+			{
+				bool ssu; i2p::config::GetOption("ssu", ssu);
+				if (ssu)
+					m_RouterInfo.AddSSUAddress (host.c_str (), port, nullptr);
+			}
+			// NTCP2
+			if (!foundNTCP2)
+			{
+				bool ntcp2; i2p::config::GetOption("ntcp2.enabled", ntcp2);
+				if (ntcp2)
+				{
+					bool ntcp2Published; i2p::config::GetOption("ntcp2.published", ntcp2Published);
+					if (ntcp2Published)
+					{	
+						uint16_t ntcp2Port; i2p::config::GetOption ("ntcp2.port", ntcp2Port);
+						if (!ntcp2Port) ntcp2Port = port;
+						m_RouterInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv, boost::asio::ip::address::from_string (host), ntcp2Port);
+					}	
+					else
+						m_RouterInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv);
+				}	
+			}		
 			m_RouterInfo.EnableV4 ();
+		}	
 		else
 			m_RouterInfo.DisableV4 ();
 		UpdateRouterInfo ();
@@ -638,7 +701,14 @@ namespace i2p
 			}
 		}
 		std::shared_ptr<const i2p::data::IdentityEx> oldIdentity;
-		if (m_Keys.GetPublic ()->GetSigningKeyType () == i2p::data::SIGNING_KEY_TYPE_DSA_SHA1)
+		bool rekey = m_Keys.GetPublic ()->GetSigningKeyType () == i2p::data::SIGNING_KEY_TYPE_DSA_SHA1;
+		if (!rekey && m_Keys.GetPublic ()->GetCryptoKeyType () == i2p::data::CRYPTO_KEY_TYPE_ELGAMAL)
+		{
+			// rekey routers with bandwidth = L (or default) this time
+			std::string bandwidth; i2p::config::GetOption("bandwidth", bandwidth);
+			if (bandwidth.empty () || bandwidth[0] == 'L') rekey = true;
+		}	
+		if (rekey)
 		{
 			// update keys
 			LogPrint (eLogInfo, "Router: router keys are obsolete. Creating new");
@@ -669,8 +739,8 @@ namespace i2p
 			m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
 			if (oldIdentity)
 				m_RouterInfo.SetRouterIdentity (GetIdentity ()); // from new keys
-			m_RouterInfo.SetProperty ("coreVersion", I2P_VERSION);
 			m_RouterInfo.SetProperty ("router.version", I2P_VERSION);
+			m_RouterInfo.DeleteProperty ("coreVersion"); // TODO: remove later
 		}
 		else
 		{
@@ -738,8 +808,10 @@ namespace i2p
 				return;
 			}
 			buf += 4;
-			auto session = std::make_shared<i2p::garlic::ECIESX25519AEADRatchetSession>(this, false);
+			if (m_ECIESSession)
-			session->HandleNextMessageForRouter (buf, len);
+				m_ECIESSession->HandleNextMessage (buf, len);
+			else
+				LogPrint (eLogError, "Router: Session is not set for ECIES router");
 		}	
 		else	
 			i2p::garlic::GarlicDestination::ProcessGarlicMessage (msg);

libi2pd/RouterContext.h

@@ -21,6 +21,11 @@
 
 namespace i2p
 {
+namespace garlic
+{
+	class RouterIncomingRatchetSession;
+}	
+
 	const char ROUTER_INFO[] = "router.info";
 	const char ROUTER_KEYS[] = "router.keys";
 	const char NTCP2_KEYS[] = "ntcp2.keys";
@@ -32,7 +37,9 @@ namespace i2p
 		eRouterStatusTesting = 1,
 		eRouterStatusFirewalled = 2,
 		eRouterStatusError = 3,
-		eRouterStatusUnknown = 4
+		eRouterStatusUnknown = 4,
+		eRouterStatusProxy = 5,
+		eRouterStatusMesh = 6	
 	};
 
 	enum RouterError
@@ -42,7 +49,7 @@ namespace i2p
 		eRouterErrorOffline = 2,
 		eRouterErrorSymmetricNAT = 3
 	};
-
+	
 	class RouterContext: public i2p::garlic::GarlicDestination
 	{
 		private:
@@ -155,6 +162,7 @@ namespace i2p
 			i2p::data::RouterInfo m_RouterInfo;
 			i2p::data::PrivateKeys m_Keys;
 			std::shared_ptr<i2p::crypto::CryptoKeyDecryptor> m_Decryptor, m_TunnelDecryptor;
+			std::shared_ptr<i2p::garlic::RouterIncomingRatchetSession> m_ECIESSession;
 			uint64_t m_LastUpdateTime; // in seconds
 			bool m_AcceptsTunnels, m_IsFloodfill;
 			std::chrono::time_point<std::chrono::steady_clock> m_StartupTime;

libi2pd/RouterInfo.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -193,7 +193,6 @@ namespace data
 		auto addresses = boost::make_shared<Addresses>();
 		uint8_t numAddresses;
 		s.read ((char *)&numAddresses, sizeof (numAddresses)); if (!s) return;
-		bool introducers = false;
 		for (int i = 0; i < numAddresses; i++)
 		{
 			uint8_t supportedTransports = 0;
@@ -271,7 +270,6 @@ namespace data
 						LogPrint (eLogError, "RouterInfo: Introducer is presented for non-SSU address. Skipped");
 						continue;
 					}
-					introducers = true;
 					size_t l = strlen(key);
 					unsigned char index = key[l-1] - '0'; // TODO:
 					key[l-1] = 0;
@@ -314,8 +312,8 @@ namespace data
 					{
 						if (address->caps)
 						{	
-							if (address->caps | AddressCaps::eV4) supportedTransports |= eNTCP2V4;
+							if (address->caps & AddressCaps::eV4) supportedTransports |= eNTCP2V4;
-							if (address->caps | AddressCaps::eV6) supportedTransports |= eNTCP2V6;
+							if (address->caps & AddressCaps::eV6) supportedTransports |= eNTCP2V6;
 						}
 						else
 							supportedTransports |= eNTCP2V4; // most likely, since we don't have host
@@ -328,8 +326,13 @@ namespace data
 				{
 					if (isHost)
 						supportedTransports |= address->host.is_v4 () ? eSSUV4 :  eSSUV6;
+					else if (address->caps & AddressCaps::eV6) 
+					{	
+						supportedTransports |= eSSUV6;
+						if (address->caps & AddressCaps::eV4) supportedTransports |= eSSUV4; // in additional to v6
+					}	
 					else 
-						if (introducers) supportedTransports |= eSSUV4; // in case if host is not presented	
+						supportedTransports |= eSSUV4; // in case if host or 6 caps is not preasented, we assume 4
 				}	
 			}	
 			if (supportedTransports)
@@ -403,7 +406,7 @@ namespace data
 			if (!s) return;
 		}
 
-		if (!m_SupportedTransports || !m_Addresses->size() || (UsesIntroducer () && !introducers))
+		if (!m_SupportedTransports)
 			SetUnreachable (true);
 	}
 
@@ -519,7 +522,7 @@ namespace data
 				if (address.IsNTCP2 ())
 				{	
 					WriteString ("NTCP2", s);
-					if (address.IsPublishedNTCP2 ())
+					if (address.IsPublishedNTCP2 () && !address.host.is_unspecified ())
 						 isPublished = true;
 					else
 					{
@@ -542,13 +545,26 @@ namespace data
 				// caps
 				WriteString ("caps", properties);
 				properties << '=';
-				std::string caps;
+				std::string caps;	
 				if (address.IsPeerTesting ()) caps += CAPS_FLAG_SSU_TESTING;
-				if (address.IsIntroducer ()) caps += CAPS_FLAG_SSU_INTRODUCER;
+				if (address.host.is_v4 ())
-				if (IsReachable ())
+				{	
+					if (IsReachable ())
+					{	
+						isPublished = true;
+						if (address.IsIntroducer ()) caps += CAPS_FLAG_SSU_INTRODUCER;
+					}	
+					else
+						caps += CAPS_FLAG_V4;
+				}
+				else if (address.host.is_v6 ())
 					isPublished = true;
 				else
-					caps += CAPS_FLAG_V4;
+				{
+					if (address.caps & AddressCaps::eV4) caps += CAPS_FLAG_V4;
+					if (address.caps & AddressCaps::eV6) caps += CAPS_FLAG_V6;
+					if (caps.empty ()) caps += CAPS_FLAG_V4;
+				}	
 				WriteString (caps, properties);
 				properties << ';';
 			}
@@ -637,7 +653,7 @@ namespace data
 				}
 			}
 
-			if (address.IsPublishedNTCP2 ())
+			if (address.IsNTCP2 () && isPublished)
 			{
 				// publish i for NTCP2
 				WriteString ("i", properties); properties << '=';
@@ -785,9 +801,6 @@ namespace data
 			if (*it == *addr) return;
 		m_SupportedTransports |= addr->host.is_v6 () ? eSSUV6 : eSSUV4;
 		m_Addresses->push_back(std::move(addr));
-
-		m_Caps |= eSSUTesting;
-		m_Caps |= eSSUIntroducer;
 	}
 
 	void RouterInfo::AddNTCP2Address (const uint8_t * staticKey, const uint8_t * iv, const boost::asio::ip::address& host, int port)
@@ -913,13 +926,23 @@ namespace data
 	void RouterInfo::EnableV6 ()
 	{
 		if (!IsV6 ())
+		{	
 			m_SupportedTransports |= eSSUV6 | eNTCP2V6;
+			uint8_t addressCaps = AddressCaps::eV6;
+			if (IsV4 ()) addressCaps |= AddressCaps::eV4;
+			SetUnreachableAddressesTransportCaps (addressCaps);
+		}	
 	}
 
 	void RouterInfo::EnableV4 ()
 	{
 		if (!IsV4 ())
+		{	
 			m_SupportedTransports |= eSSUV4 | eNTCP2V4;
+			uint8_t addressCaps = AddressCaps::eV4;
+			if (IsV6 ()) addressCaps |= AddressCaps::eV6;
+			SetUnreachableAddressesTransportCaps (addressCaps);
+		}	
 	}
 
 
@@ -931,6 +954,7 @@ namespace data
 			for (auto it = m_Addresses->begin (); it != m_Addresses->end ();)
 			{
 				auto addr = *it;
+				addr->caps &= ~AddressCaps::eV6;
 				if (addr->host.is_v6 ())
 					it = m_Addresses->erase (it);
 				else
@@ -947,6 +971,7 @@ namespace data
 			for (auto it = m_Addresses->begin (); it != m_Addresses->end ();)
 			{
 				auto addr = *it;
+				addr->caps &= ~AddressCaps::eV4;
 				if (addr->host.is_v4 ())
 					it = m_Addresses->erase (it);
 				else
@@ -1069,8 +1094,9 @@ namespace data
 
 	bool RouterInfo::IsEligibleFloodfill () const 
 	{
-		// floodfill must be reachable, >= 0.9.28 and not DSA
+		// floodfill must be reachable somehow, >= 0.9.28 and not DSA
-		return IsReachable () && m_Version >= NETDB_MIN_FLOODFILL_VERSION &&
+		return (IsReachable () || (m_SupportedTransports & eSSUV4)) && 
+			m_Version >= NETDB_MIN_FLOODFILL_VERSION &&
 			GetIdentity ()->GetSigningKeyType () != SIGNING_KEY_TYPE_DSA_SHA1; 
 	}	
 
@@ -1079,22 +1105,57 @@ namespace data
 		auto supportedTransports = m_SupportedTransports & (eSSUV4 | eSSUV6);
 		if (!supportedTransports) return false; // no SSU
 		if (v4only && !(supportedTransports & eSSUV4)) return false; // no SSU v4
-		return GetAddress (
+		return (bool)GetAddress (
 			[](std::shared_ptr<const RouterInfo::Address> address)->bool
 			{			
 				return (address->transportStyle == eTransportSSU) && address->IsPeerTesting ();
-			}) != nullptr;	
+			});	
 	}
 
 	bool RouterInfo::IsIntroducer () const
 	{
 		// TODO: support ipv6
 		if (!(m_SupportedTransports & eSSUV4)) return false;
-		return GetAddress (
+		return (bool)GetAddress (
 			[](std::shared_ptr<const RouterInfo::Address> address)->bool
 			{			
 				return (address->transportStyle == eTransportSSU) && address->IsIntroducer ();
-			}) != nullptr;
+			});
 	}	
+
+	bool RouterInfo::IsReachableFrom (const RouterInfo& other) const
+	{
+		auto commonTransports = m_SupportedTransports & other.m_SupportedTransports;
+		if (!commonTransports) return false;
+		if (commonTransports & eNTCP2V6Mesh) return true;
+		return (bool)GetAddress (
+			[commonTransports](std::shared_ptr<const RouterInfo::Address> address)->bool
+			{	
+				if (address->IsPublishedNTCP2 ())
+				{
+					if ((commonTransports & eNTCP2V4) && address->IsV4 ()) return true;
+					if ((commonTransports & eNTCP2V6) && address->IsV6 ()) return true;
+				}	
+				else if (address->IsReachableSSU ())
+				{
+					if ((commonTransports & eSSUV4) && address->IsV4 ()) return true;
+					if ((commonTransports & eSSUV6) && address->IsV6 ()) return true;
+				}	
+				return false;
+			});
+	}	
+
+	void RouterInfo::SetUnreachableAddressesTransportCaps (uint8_t transports)
+	{
+		for (auto& addr: *m_Addresses)
+		{
+			// TODO: implement SSU
+			if (addr->transportStyle == eTransportNTCP && (!addr->IsPublishedNTCP2 () || addr->port))
+			{
+				addr->caps &= ~(eV4 | eV6);
+				addr->caps |= transports;
+			}
+		}
+	}
 }
 }

libi2pd/RouterInfo.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -130,8 +130,8 @@ namespace data
 
 				bool IsCompatible (const boost::asio::ip::address& other) const
 				{
-					return (host.is_v4 () && other.is_v4 ()) ||
+					return (IsV4 () && other.is_v4 ()) ||
-						(host.is_v6 () && other.is_v6 ());
+						(IsV6 () && other.is_v6 ());
 				}
 
 				bool operator==(const Address& other) const
@@ -147,9 +147,13 @@ namespace data
 
 				bool IsNTCP2 () const { return (bool)ntcp2; };
 				bool IsPublishedNTCP2 () const { return IsNTCP2 () && ntcp2->isPublished; };
-
+				bool IsReachableSSU () const { return (bool)ssu && (!host.is_unspecified () || !ssu->introducers.empty ()); };
+				
 				bool IsIntroducer () const { return caps & eSSUIntroducer; };
 				bool IsPeerTesting () const { return caps & eSSUTesting; };
+
+				bool IsV4 () const { return (caps & AddressCaps::eV4) || host.is_v4 (); };
+				bool IsV6 () const { return (caps & AddressCaps::eV6) || host.is_v6 (); };
 			};
 			typedef std::list<std::shared_ptr<Address> > Addresses;
 
@@ -181,6 +185,7 @@ namespace data
 			void DeleteProperty (const std::string& key); // called from RouterContext only
 			std::string GetProperty (const std::string& key) const; // called from RouterContext only
 			void ClearProperties () { m_Properties.clear (); };
+			void SetUnreachableAddressesTransportCaps (uint8_t transports); // bitmask of AddressCaps
 			bool IsFloodfill () const { return m_Caps & Caps::eFloodfill; };
 			bool IsReachable () const { return m_Caps & Caps::eReachable; };
 			bool IsSSU (bool v4only = true) const;
@@ -196,7 +201,8 @@ namespace data
 			void DisableV4 ();
 			void EnableMesh ();
 			void DisableMesh ();	
-			bool IsCompatible (const RouterInfo& other) const { return m_SupportedTransports & other.m_SupportedTransports; };		
+			bool IsCompatible (const RouterInfo& other) const { return m_SupportedTransports & other.m_SupportedTransports; };	
+			bool IsReachableFrom (const RouterInfo& other) const;	
 			bool HasValidAddresses () const { return m_SupportedTransports; };
 			bool UsesIntroducer () const;
 			bool IsHidden () const { return m_Caps & eHidden; };

libi2pd/SSU.cpp

@@ -653,6 +653,14 @@ namespace transport
 		return ret;
 	}
 
+	void SSUServer::RescheduleIntroducersUpdateTimer ()
+	{
+		m_IntroducersUpdateTimer.cancel ();
+		m_IntroducersUpdateTimer.expires_from_now (boost::posix_time::seconds(SSU_KEEP_ALIVE_INTERVAL/2));
+		m_IntroducersUpdateTimer.async_wait (std::bind (&SSUServer::HandleIntroducersUpdateTimer,
+			this, std::placeholders::_1));
+	}	
+		
 	void SSUServer::ScheduleIntroducersUpdateTimer ()
 	{
 		m_IntroducersUpdateTimer.expires_from_now (boost::posix_time::seconds(SSU_KEEP_ALIVE_INTERVAL));
@@ -671,7 +679,12 @@ namespace transport
 				ScheduleIntroducersUpdateTimer ();
 				return;
 			}
-			if (i2p::context.GetStatus () == eRouterStatusOK) return; // we don't need introducers anymore
+			if (i2p::context.GetStatus () != eRouterStatusFirewalled)
+			{	
+				// we don't need introducers
+				m_Introducers.clear ();
+				return; 
+			}	
 			// we are firewalled
 			if (!i2p::context.IsUnreachable ()) i2p::context.SetUnreachable ();
 			std::list<boost::asio::ip::udp::endpoint> newList;
@@ -712,9 +725,24 @@ namespace transport
 			m_Introducers = newList;
 			if (m_Introducers.size () < SSU_MAX_NUM_INTRODUCERS)
 			{
-				auto introducer = i2p::data::netdb.GetRandomIntroducer ();
+				std::set<std::shared_ptr<const i2p::data::RouterInfo> > requested;
-				if (introducer)
+				for (auto i = m_Introducers.size (); i < SSU_MAX_NUM_INTRODUCERS; i++)
-					CreateSession (introducer);
+				{	
+					auto introducer = i2p::data::netdb.GetRandomIntroducer ();
+					if (introducer && !requested.count (introducer)) // not requested already
+					{	
+						auto address = introducer->GetSSUAddress (true); // v4
+						if (address && !address->host.is_unspecified ())
+						{
+							boost::asio::ip::udp::endpoint ep (address->host, address->port);
+							if (std::find (m_Introducers.begin (), m_Introducers.end (), ep) == m_Introducers.end ()) // not connected yet
+							{	
+								CreateDirectSession  (introducer, ep, false);
+								requested.insert (introducer);
+							}	
+						}	
+					}	
+				}	
 			}
 			ScheduleIntroducersUpdateTimer ();
 		}

libi2pd/SSU.h

@@ -70,7 +70,8 @@ namespace transport
 			void AddRelay (uint32_t tag, std::shared_ptr<SSUSession> relay);
 			void RemoveRelay (uint32_t tag);
 			std::shared_ptr<SSUSession> FindRelaySession (uint32_t tag);
-
+			void RescheduleIntroducersUpdateTimer ();
+			
 			void NewPeerTest (uint32_t nonce, PeerTestParticipant role, std::shared_ptr<SSUSession> session = nullptr);
 			PeerTestParticipant GetPeerTestParticipant (uint32_t nonce);
 			std::shared_ptr<SSUSession> GetPeerTestSession (uint32_t nonce);

libi2pd/SSUSession.cpp

@@ -685,7 +685,12 @@ namespace transport
 		LogPrint (eLogInfo, "SSU: Our external address is ", ourIP.to_string (), ":", ourPort);
 		i2p::context.UpdateAddress (ourIP);
 		if (ourPort != m_Server.GetPort ())
-			i2p::context.SetError (eRouterErrorSymmetricNAT);
+		{	
+			if (i2p::context.GetStatus () == eRouterStatusTesting)
+				i2p::context.SetError (eRouterErrorSymmetricNAT);
+		}
+		else if (i2p::context.GetStatus () == eRouterStatusError && i2p::context.GetError () == eRouterErrorSymmetricNAT)
+			i2p::context.SetStatus (eRouterStatusTesting);
 		uint32_t nonce = bufbe32toh (buf);
 		buf += 4; // nonce
 		auto it = m_RelayRequests.find (nonce);
@@ -999,7 +1004,10 @@ namespace transport
 				{
 					LogPrint (eLogDebug, "SSU: peer test from Bob. We are Alice");
 					if (i2p::context.GetStatus () == eRouterStatusTesting) // still not OK
+					{	
 						i2p::context.SetStatus (eRouterStatusFirewalled);
+						m_Server.RescheduleIntroducersUpdateTimer ();
+					}	
 				}
 				else
 				{

libi2pd/Transports.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -174,9 +174,9 @@ namespace transport
 		std::string ntcp2proxy; i2p::config::GetOption("ntcp2.proxy", ntcp2proxy);
 		i2p::http::URL proxyurl;
 		// create NTCP2. TODO: move to acceptor
-		if (enableNTCP2)
+		if (enableNTCP2 || i2p::context.SupportsMesh ())
 		{
-			if(!ntcp2proxy.empty())
+			if(!ntcp2proxy.empty() && enableNTCP2)
 			{
 				if(proxyurl.parse(ntcp2proxy))
 				{
@@ -188,14 +188,14 @@ namespace transport
 						if (proxyurl.schema == "http")
 							proxytype = NTCP2Server::eHTTPProxy;
 
-						m_NTCP2Server->UseProxy(proxytype, proxyurl.host, proxyurl.port);
+						m_NTCP2Server->UseProxy(proxytype, proxyurl.host, proxyurl.port, proxyurl.user, proxyurl.pass);
+						i2p::context.SetStatus (eRouterStatusProxy);
 					}
 					else
 						LogPrint(eLogError, "Transports: unsupported NTCP2 proxy URL ", ntcp2proxy);
 				}
 				else
 					LogPrint(eLogError, "Transports: invalid NTCP2 proxy url ", ntcp2proxy);
-				return;
 			}
 			else
 				m_NTCP2Server = new NTCP2Server ();
@@ -503,7 +503,7 @@ namespace transport
 						}
 						peer.numAttempts++;
 					}
-					if (address)
+					if (address && address->IsReachableSSU ())
 					{
 						m_SSUServer->CreateSession (peer.router, address);
 						return true;

libi2pd/Tunnel.cpp

@@ -698,7 +698,7 @@ namespace tunnel
 			auto inboundTunnel = GetNextInboundTunnel ();
 			auto router = i2p::transport::transports.RoutesRestricted() ?
 				i2p::transport::transports.GetRestrictedPeer() :
-				i2p::data::netdb.GetRandomRouter ();
+				i2p::data::netdb.GetRandomRouter (i2p::context.GetSharedRouterInfo (), false); // reachable by us
 			if (!inboundTunnel || !router) return;
 			LogPrint (eLogDebug, "Tunnel: creating one hop outbound tunnel");
 			CreateTunnel<OutboundTunnel> (
@@ -771,7 +771,8 @@ namespace tunnel
 			// trying to create one more inbound tunnel
 			auto router = i2p::transport::transports.RoutesRestricted() ?
 				i2p::transport::transports.GetRestrictedPeer() :
-				i2p::data::netdb.GetRandomRouter ();
+				// should be reachable by us because we send build request directly
+				i2p::data::netdb.GetRandomRouter (i2p::context.GetSharedRouterInfo (), false);
 			if (!router) {
 				LogPrint (eLogWarning, "Tunnel: can't find any router, skip creating tunnel");
 				return;

libi2pd/TunnelPool.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -393,14 +393,14 @@ namespace tunnel
 		}
 	}
 
-	std::shared_ptr<const i2p::data::RouterInfo> TunnelPool::SelectNextHop (std::shared_ptr<const i2p::data::RouterInfo> prevHop) const
+	std::shared_ptr<const i2p::data::RouterInfo> TunnelPool::SelectNextHop (std::shared_ptr<const i2p::data::RouterInfo> prevHop, bool reverse) const
 	{
 		bool isExploratory = (i2p::tunnel::tunnels.GetExploratoryPool () == shared_from_this ());
-		auto hop = isExploratory ? i2p::data::netdb.GetRandomRouter (prevHop):
+		auto hop = isExploratory ? i2p::data::netdb.GetRandomRouter (prevHop, reverse):
-			i2p::data::netdb.GetHighBandwidthRandomRouter (prevHop);
+			i2p::data::netdb.GetHighBandwidthRandomRouter (prevHop, reverse);
 
 		if (!hop || hop->GetProfile ()->IsBad ())
-			hop = i2p::data::netdb.GetRandomRouter (prevHop);
+			hop = i2p::data::netdb.GetRandomRouter (prevHop, reverse);
 		return hop;
 	}
 
@@ -419,7 +419,7 @@ namespace tunnel
 		{
 			auto r = i2p::transport::transports.GetRandomPeer ();
 			if (r && !r->GetProfile ()->IsBad () && 
-				(numHops > 1 || !inbound || r->IsReachable ())) // first must be reachable
+				(numHops > 1 || (!inbound && r->IsV4 ()) || r->IsReachable ())) // first inbound must be reachable
 			{
 				prevHop = r;
 				peers.push_back (r->GetRouterIdentity ());
@@ -429,16 +429,22 @@ namespace tunnel
 
 		for(int i = 0; i < numHops; i++ )
 		{
-			auto hop = nextHop (prevHop);
+			auto hop = nextHop (prevHop, inbound);
+			if (!hop && !i) // if no suitable peer found for first hop, try already connected
+			{	
+				LogPrint (eLogInfo, "Tunnels: Can't select first hop for a tunnel. Trying already connected");
+				hop = i2p::transport::transports.GetRandomPeer ();
+			}	
 			if (!hop)
 			{
 				LogPrint (eLogError, "Tunnels: Can't select next hop for ", prevHop->GetIdentHashBase64 ());
 				return false;
 			}
-			if (inbound && (i == numHops - 1) && !hop->IsReachable ())
+			if ((i == numHops - 1) &&
+				((inbound && !hop->IsReachable ()) ||  // IBGW is not reachable
+				(!inbound && !hop->IsV4 ())))	// OBEP is not ipv4
 			{
-				// if first is not reachable try again
+				auto hop1 = nextHop (prevHop, true);
-				auto hop1 = nextHop (prevHop);
 				if (hop1) hop = hop1;
 			}	
 			prevHop = hop;
@@ -460,7 +466,7 @@ namespace tunnel
 		}
 		// explicit peers in use
 		if (m_ExplicitPeers) return SelectExplicitPeers (peers, isInbound);
-		return StandardSelectPeers(peers, numHops, isInbound, std::bind(&TunnelPool::SelectNextHop, this, std::placeholders::_1));
+		return StandardSelectPeers(peers, numHops, isInbound, std::bind(&TunnelPool::SelectNextHop, this, std::placeholders::_1, std::placeholders::_2));
 	}
 
 	bool TunnelPool::SelectExplicitPeers (std::vector<std::shared_ptr<const i2p::data::IdentityEx> >& peers, bool isInbound)

libi2pd/TunnelPool.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -46,7 +46,7 @@ namespace tunnel
 	};
 
 
-	typedef std::function<std::shared_ptr<const i2p::data::RouterInfo>(std::shared_ptr<const i2p::data::RouterInfo>)> SelectHopFunc;
+	typedef std::function<std::shared_ptr<const i2p::data::RouterInfo>(std::shared_ptr<const i2p::data::RouterInfo>, bool)> SelectHopFunc;
 	// standard peer selection algorithm
 	bool StandardSelectPeers(Path & path, int hops, bool inbound, SelectHopFunc nextHop);
 
@@ -104,7 +104,7 @@ namespace tunnel
 			std::shared_ptr<OutboundTunnel> GetLowestLatencyOutboundTunnel(std::shared_ptr<OutboundTunnel> exclude = nullptr) const;
 
 			// for overriding tunnel peer selection
-			std::shared_ptr<const i2p::data::RouterInfo> SelectNextHop (std::shared_ptr<const i2p::data::RouterInfo> prevHop) const;
+			std::shared_ptr<const i2p::data::RouterInfo> SelectNextHop (std::shared_ptr<const i2p::data::RouterInfo> prevHop, bool reverse) const;
 
 		private:
 

libi2pd/util.cpp

@@ -67,8 +67,12 @@ int inet_pton_xp (int af, const char *src, void *dst)
 }
 #else /* !_WIN32 => UNIX */
 #include <sys/types.h>
+#ifdef ANDROID
+#include "ifaddrs.h"
+#else
 #include <ifaddrs.h>
 #endif
+#endif
 
 #define address_pair_v4(a,b) { boost::asio::ip::address_v4::from_string (a).to_ulong (), boost::asio::ip::address_v4::from_string (b).to_ulong () }
 #define address_pair_v6(a,b) { boost::asio::ip::address_v6::from_string (a).to_bytes (), boost::asio::ip::address_v6::from_string (b).to_bytes () }
@@ -380,11 +384,11 @@ namespace net
 			return boost::asio::ip::address::from_string("127.0.0.1");
 #else
 		int af = (ipv6 ? AF_INET6 : AF_INET);
-		ifaddrs * addrs = nullptr;
+		ifaddrs *addrs, *cur = nullptr;
 		if(getifaddrs(&addrs) == 0)
 		{
 			// got ifaddrs
-			ifaddrs * cur = addrs;
+			cur = addrs;
 			while(cur)
 			{
 				std::string cur_ifname(cur->ifa_name);
@@ -431,10 +435,7 @@ namespace net
 	
 	boost::asio::ip::address_v6 GetYggdrasilAddress ()
 	{
-#if defined(ANDROID)
+#if defined(_WIN32)
-		// TODO: implement
-		return boost::asio::ip::address_v6 ();
-#elif defined(_WIN32)
 		ULONG outBufLen = 0;
 		PIP_ADAPTER_ADDRESSES pAddresses = nullptr;
 		PIP_ADAPTER_ADDRESSES pCurrAddresses = nullptr;
@@ -482,11 +483,11 @@ namespace net
 		FREE(pAddresses);
 		return boost::asio::ip::address_v6 ();
 #else
-		ifaddrs * addrs = nullptr;
+		ifaddrs *addrs, *cur = nullptr;
 		auto err = getifaddrs(&addrs);
 		if (!err)
 		{
-			ifaddrs * cur = addrs;
+			cur = addrs;
 			while(cur)
 			{
 				if (cur->ifa_addr && cur->ifa_addr->sa_family == AF_INET6)

libi2pd/version.h

@@ -16,7 +16,7 @@
 #define MAKE_VERSION_NUMBER(a,b,c) ((a*100+b)*100+c)
 
 #define I2PD_VERSION_MAJOR 2
-#define I2PD_VERSION_MINOR 36
+#define I2PD_VERSION_MINOR 37
 #define I2PD_VERSION_MICRO 0
 #define I2PD_VERSION_PATCH 0
 #define I2PD_VERSION MAKE_VERSION(I2PD_VERSION_MAJOR, I2PD_VERSION_MINOR, I2PD_VERSION_MICRO)

libi2pd_client/HTTPProxy.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -433,13 +433,13 @@ namespace proxy {
 			if (m_ProxyURL.is_i2p())
 			{
 				m_ClientRequest.uri = origURI;
-				if (!m_ProxyURL.user.empty () || !m_ProxyURL.pass.empty ())
+				auto auth = i2p::http::CreateBasicAuthorizationString (m_ProxyURL.user, m_ProxyURL.pass);
+				if (!auth.empty ())
 				{
 					// remove existing authorization if any
 					m_ClientRequest.RemoveHeader("Proxy-");
 					// add own http proxy authorization
-					std::string s = "Basic " + i2p::data::ToBase64Standard (m_ProxyURL.user + ":" + m_ProxyURL.pass);
+					m_ClientRequest.AddHeader("Proxy-Authorization", auth);
-					m_ClientRequest.AddHeader("Proxy-Authorization", s);
 				}
 				m_send_buf = m_ClientRequest.to_string();
 				m_recv_buf.erase(0, m_req_len);

libi2pd_client/MatchedDestination.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2021, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -72,7 +72,8 @@ namespace client
 	bool MatchedTunnelDestination::SelectPeers(i2p::tunnel::Path & path, int hops, bool inbound)
 	{
 		auto pool = GetTunnelPool();
-		if(!i2p::tunnel::StandardSelectPeers(path, hops, inbound, std::bind(&i2p::tunnel::TunnelPool::SelectNextHop, pool, std::placeholders::_1)))
+		if(!i2p::tunnel::StandardSelectPeers(path, hops, inbound, 
+			std::bind(&i2p::tunnel::TunnelPool::SelectNextHop, pool, std::placeholders::_1, std::placeholders::_2)))
 			return false;
 		// more here for outbound tunnels
 		if(!inbound && m_RemoteLeaseSet)