Support miniupnp-2.2.8 (fixes #2071 )

Use UPNP_GetValidIGD for getting external IP.
try to connect to introducer through any available address
155 changed files with 6936 additions and 3596 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -34,3 +34,6 @@ trim_trailing_whitespace = false
 [*.yml]
 indent_style = space
 indent_size = 2
+
+[*.patch]
+trim_trailing_whitespace = false
--- a/.github/workflows/build-deb.yml
+++ b/.github/workflows/build-deb.yml
@ -1,6 +1,24 @@
 name: Build Debian packages

-on: [push, pull_request]
+on:
+  push:
+    branches:
+    - '*'
+    paths:
+    - .github/workflows/build-deb.yml
+    - contrib/**
+    - daemon/**
+    - debian/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Makefile
+    - Makefile.linux
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'

 jobs:
  build:
@ -14,26 +32,30 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
      with:
        fetch-depth: 0

+    - name: Commit Hash
+      id: commit
+      uses: prompt/actions-commit-hash@v3.0.0
+
    - name: Build package
      uses: jtdor/build-deb-action@v1
      with:
        docker-image: debian:${{ matrix.dist }}-slim
        buildpackage-opts: --build=binary --no-sign
-        before-build-hook: debchange --controlmaint --local "+${{ github.sha }}~${{ matrix.dist }}" -b --distribution ${{ matrix.dist }} "CI build"
+        before-build-hook: debchange --controlmaint --local "+${{ steps.commit.outputs.short }}~${{ matrix.dist }}" -b --distribution ${{ matrix.dist }} "CI build"
        extra-build-deps: devscripts git

    - name: Upload package
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
      with:
        name: i2pd_${{ matrix.dist }}
        path: debian/artifacts/i2pd_*.deb

    - name: Upload debugging symbols
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
      with:
        name: i2pd-dbgsym_${{ matrix.dist }}
        path: debian/artifacts/i2pd-dbgsym_*.deb
--- a/.github/workflows/build-freebsd.yml
+++ b/.github/workflows/build-freebsd.yml
@ -1,19 +1,37 @@
 name: Build on FreeBSD

-on: [push, pull_request]
+on:
+  push:
+    branches:
+    - '*'
+    paths:
+    - .github/workflows/build-freebsd.yml
+    - build/CMakeLists.txt
+    - build/cmake_modules/**
+    - daemon/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Makefile
+    - Makefile.bsd
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'

 jobs:
  build:
-    runs-on: macos-12
+    runs-on: ubuntu-latest
    name: with UPnP

    steps:
    - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4

    - name: Test in FreeBSD
      id: test
-      uses: vmactions/freebsd-vm@v0.3.0
+      uses: vmactions/freebsd-vm@v1
      with:
        usesh: true
        mem: 2048
@ -26,7 +44,7 @@ jobs:
          gmake -j2

    - name: Upload artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
      with:
        name: i2pd-freebsd
        path: build/i2pd
--- a/.github/workflows/build-osx.yml
+++ b/.github/workflows/build-osx.yml
@ -1,6 +1,22 @@
 name: Build on OSX

-on: [push, pull_request]
+on:
+  push:
+    branches:
+    - '*'
+    paths:
+    - .github/workflows/build-osx.yml
+    - daemon/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Makefile
+    - Makefile.homebrew
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'

 jobs:
  build:
@ -14,13 +30,16 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4

-    - name: install packages
+    - name: Install required formulae
      run: |
        find /usr/local/bin -lname '*/Library/Frameworks/Python.framework/*' -delete
        brew update
        brew install boost miniupnpc openssl@1.1

-    - name: build application
+    - name: List installed formulae
+      run: brew list
+
+    - name: Build application
      run: make HOMEBREW=1 USE_UPNP=${{ matrix.with_upnp }} PREFIX=$GITHUB_WORKSPACE/output -j3
--- a/.github/workflows/build-windows-msvc.yml
+++ b/.github/workflows/build-windows-msvc.yml
@ -1,52 +0,0 @@
-name: Build on Windows with MSVC
-
-on: [push, pull_request]
-
-jobs:
-  build:
-    name: Build
-    runs-on: windows-latest
-
-    strategy:
-      fail-fast: false
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-
-    - name: Build and install zlib
-      run: |
-        powershell -Command "(Invoke-WebRequest -Uri https://raw.githubusercontent.com/r4sas/zlib.install/master/install.bat -OutFile install_zlib.bat)"
-        powershell -Command "(Get-Content install_zlib.bat) | Set-Content install_zlib.bat" # fixing line endings
-        set BUILD_TYPE=Debug
-        ./install_zlib.bat
-        set BUILD_TYPE=Release
-        ./install_zlib.bat
-        del install_zlib.bat
-
-    - name: Install Boost
-      uses: crazy-max/ghaction-chocolatey@v2
-      with:
-        args: install boost-msvc-14.3
-
-    - name: Install OpenSSL
-      uses: crazy-max/ghaction-chocolatey@v2
-      with:
-        args: install openssl
-
-    - name: Configure
-      working-directory: build
-      run: cmake -DWITH_STATIC=ON .
-
-    - name: Build
-      working-directory: build
-      run: cmake --build . --config Debug -- -m
-
-    - name: Upload artifacts
-      uses: actions/upload-artifact@v3
-      with:
-        name: i2pd-msvc
-        path: build/Debug/i2pd.*
-
--- a/.github/workflows/build-windows-msvc.yml-disabled
+++ b/.github/workflows/build-windows-msvc.yml-disabled
@ -0,0 +1,80 @@
+name: Build on Windows with MSVC
+
+on:
+  push:
+    branches:
+    - '*'
+    paths:
+    - .github/workflows/build-windows-msvc.yml
+    - build/CMakeLists.txt
+    - build/cmake_modules/**
+    - daemon/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Win32/**
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'
+
+jobs:
+  build:
+    name: Build
+    runs-on: windows-latest
+    env:
+      boost_path: ${{ github.workspace }}\boost_1_83_0
+      openssl_path: ${{ github.workspace }}\openssl_3_2_1
+
+    strategy:
+      fail-fast: false
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Build and install zlib
+      run: |
+        powershell -Command "(Invoke-WebRequest -Uri https://raw.githubusercontent.com/r4sas/zlib.install/master/install.bat -OutFile install_zlib.bat)"
+        powershell -Command "(Get-Content install_zlib.bat) | Set-Content install_zlib.bat" # fixing line endings
+        set BUILD_TYPE=Debug
+        ./install_zlib.bat
+        set BUILD_TYPE=Release
+        ./install_zlib.bat
+        del install_zlib.bat
+
+    - name: Install Boost
+      run: |
+        powershell -Command "(Start-BitsTransfer -Source https://sourceforge.net/projects/boost/files/boost-binaries/1.83.0/boost_1_83_0-msvc-14.3-64.exe/download -Destination boost_1_83_0-msvc-14.3-64.exe)"
+        ./boost_1_83_0-msvc-14.3-64.exe /DIR="${{env.boost_path}}" /VERYSILENT /SUPPRESSMSGBOXES /SP-
+
+    - name: Install OpenSSL
+      run: |
+        powershell -Command "(Start-BitsTransfer -Source https://slproweb.com/download/Win64OpenSSL-3_2_1.exe -Destination Win64OpenSSL-3_2_1.exe)"
+        ./Win64OpenSSL-3_2_1.exe /DIR="${{env.openssl_path}}" /TASKS="copytobin" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
+
+    - name: Make copy of the OpenSSL libraries for CMake
+      run: |
+        dir ${{ github.workspace }}
+        dir ${{env.openssl_path}}\lib\VC
+        dir ${{env.openssl_path}}\lib\VC\x64\
+        dir ${{env.openssl_path}}\lib\VC\x64\MTd\
+        xcopy /s /y "${{env.openssl_path}}\lib\VC\x64\MTd" "${{env.openssl_path}}\lib"
+
+    - name: Configure
+      working-directory: build
+      run: cmake -DBoost_ROOT="${{env.boost_path}}" -DOPENSSL_ROOT_DIR="${{env.openssl_path}}" -DWITH_STATIC=ON .
+
+    - name: Build
+      working-directory: build
+      run: cmake --build . --config Debug -- -m
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: i2pd-msvc
+        path: build/Debug/i2pd.*
+
--- a/.github/workflows/build-windows.yml
+++ b/.github/workflows/build-windows.yml
@ -1,6 +1,25 @@
 name: Build on Windows

-on: [push, pull_request]
+on:
+  push:
+    branches:
+    - '*'
+    paths:
+    - .github/workflows/build-windows.yml
+    - build/CMakeLists.txt
+    - build/cmake_modules/**
+    - daemon/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Win32/**
+    - Makefile
+    - Makefile.mingw
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'

 defaults:
  run:
@ -23,7 +42,7 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
      with:
        fetch-depth: 0

@ -44,7 +63,7 @@ jobs:
        make USE_UPNP=yes DEBUG=no USE_GIT_VERSION=yes -j3

    - name: Upload artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
      with:
        name: i2pd-${{ matrix.arch_short }}.exe
        path: i2pd.exe
@ -65,7 +84,7 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
      with:
        fetch-depth: 0

@ -83,7 +102,7 @@ jobs:
        cmake --build . -- -j3

    - name: Upload artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
      with:
        name: i2pd-cmake-${{ matrix.arch_short }}.exe
        path: build/i2pd.exe
@ -97,7 +116,7 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
      with:
        fetch-depth: 0

@ -106,34 +125,117 @@ jobs:
      with:
        msystem: MINGW32
        install: base-devel git mingw-w64-i686-gcc mingw-w64-i686-boost mingw-w64-i686-openssl mingw-w64-i686-miniupnpc
+        cache: true
        update: true

-    - name: Build WinXP-capable CRT packages
+    - name: Clone MinGW packages repository
+      run: git clone https://github.com/msys2/MINGW-packages
+
+    # headers
+    - name: Get headers package version
+      id:  version-headers
+      run: |
+        echo "version=$(pacman -Si mingw-w64-i686-headers-git | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
+    - name: Cache headers package
+      uses: actions/cache@v4
+      id: cache-headers
+      with:
+        path: MINGW-packages/mingw-w64-headers-git/*.zst
+        key: winxp-headers-${{ steps.version-headers.outputs.version }}
+    - name: Build WinXP-capable headers package
+      if: steps.cache-headers.outputs.cache-hit != 'true'
      run: |
-        git clone https://github.com/msys2/MINGW-packages
-        pushd MINGW-packages
-        pushd mingw-w64-headers-git
+        cd MINGW-packages/mingw-w64-headers-git
        sed -i 's/0x601/0x501/' PKGBUILD
-        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm
-        pacman --noconfirm -U mingw-w64-i686-headers-git-*-any.pkg.tar.zst
-        popd
-        pushd mingw-w64-crt-git
-        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm
-        pacman --noconfirm -U mingw-w64-i686-crt-git-*-any.pkg.tar.zst
-        popd
-        pushd mingw-w64-winpthreads-git
-        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm
-        pacman --noconfirm -U mingw-w64-i686-libwinpthread-git-*-any.pkg.tar.zst mingw-w64-i686-winpthreads-git-*-any.pkg.tar.zst
-        popd
-        popd
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
+    - name: Install headers package
+      run: pacman --noconfirm -U MINGW-packages/mingw-w64-headers-git/mingw-w64-i686-*-any.pkg.tar.zst
+
+    # CRT
+    - name: Get crt package version
+      id:  version-crt
+      run: |
+        echo "version=$(pacman -Si mingw-w64-i686-crt-git | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
+    - name: Cache crt package
+      uses: actions/cache@v4
+      id: cache-crt
+      with:
+        path: MINGW-packages/mingw-w64-crt-git/*.zst
+        key: winxp-crt-${{ steps.version-crt.outputs.version }}
+    - name: Build WinXP-capable crt package
+      if: steps.cache-crt.outputs.cache-hit != 'true'
+      run: |
+        cd MINGW-packages/mingw-w64-crt-git
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
+    - name: Install crt package
+      run: pacman --noconfirm -U MINGW-packages/mingw-w64-crt-git/mingw-w64-i686-*-any.pkg.tar.zst
+
+    # winpthreads
+    - name: Get winpthreads package version
+      id:  version-winpthreads
+      run: |
+        echo "version=$(pacman -Si mingw-w64-i686-winpthreads-git | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
+    - name: Cache winpthreads package
+      uses: actions/cache@v4
+      id: cache-winpthreads
+      with:
+        path: MINGW-packages/mingw-w64-winpthreads-git/*.zst
+        key: winxp-winpthreads-${{ steps.version-winpthreads.outputs.version }}
+    - name: Build WinXP-capable winpthreads package
+      if: steps.cache-winpthreads.outputs.cache-hit != 'true'
+      run: |
+        cd MINGW-packages/mingw-w64-winpthreads-git
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
+    - name: Install winpthreads package
+      run: pacman --noconfirm -U MINGW-packages/mingw-w64-winpthreads-git/mingw-w64-i686-*-any.pkg.tar.zst
+
+    # OpenSSL
+    - name: Get openssl package version
+      id:  version-openssl
+      run: |
+        echo "version=$(pacman -Si mingw-w64-i686-openssl | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
+    - name: Cache openssl package
+      uses: actions/cache@v4
+      id: cache-openssl
+      with:
+        path: MINGW-packages/mingw-w64-openssl/*.zst
+        key: winxp-openssl-${{ steps.version-openssl.outputs.version }}
+    - name: Build WinXP-capable openssl package
+      if: steps.cache-openssl.outputs.cache-hit != 'true'
+      run: |
+        cd MINGW-packages/mingw-w64-openssl
+        gpg --recv-keys D894E2CE8B3D79F5
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
+    - name: Install openssl package
+      run: pacman --noconfirm -U MINGW-packages/mingw-w64-openssl/mingw-w64-i686-*-any.pkg.tar.zst
+
+    # Boost
+    - name: Get boost package version
+      id:  version-boost
+      run: |
+        echo "version=$(pacman -Si mingw-w64-i686-boost | grep -Po '^Version\s*: \K.+')" >> $GITHUB_OUTPUT
+    - name: Cache boost package
+      uses: actions/cache@v4
+      id: cache-boost
+      with:
+        path: MINGW-packages/mingw-w64-boost/*.zst
+        key: winxp-winpthreads-${{ steps.version-boost.outputs.version }}
+    - name: Build WinXP-capable boost package
+      if: steps.cache-boost.outputs.cache-hit != 'true'
+      run: |
+        cd MINGW-packages/mingw-w64-boost
+        MINGW_ARCH=mingw32 makepkg-mingw -sCLf --noconfirm --nocheck
+    - name: Install boost package
+      run: pacman --noconfirm -U MINGW-packages/mingw-w64-boost/mingw-w64-i686-*-any.pkg.tar.zst

+    # Building i2pd
    - name: Build application
      run: |
        mkdir -p obj/Win32 obj/libi2pd obj/libi2pd_client obj/daemon
        make USE_UPNP=yes DEBUG=no USE_GIT_VERSION=yes USE_WINXP_FLAGS=yes -j3

    - name: Upload artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
      with:
        name: i2pd-xp.exe
        path: i2pd.exe
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -1,6 +1,24 @@
 name: Build on Ubuntu

-on: [push, pull_request]
+on:
+  push:
+    branches:
+    - '*'
+    paths:
+    - .github/workflows/build.yml
+    - build/CMakeLists.txt
+    - build/cmake_modules/**
+    - daemon/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Makefile
+    - Makefile.linux
+    tags:
+    - '*'
+  pull_request:
+    branches:
+    - '*'

 jobs:
  build-make:
@ -14,7 +32,7 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4

    - name: install packages
      run: |
@ -35,7 +53,7 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4

    - name: install packages
      run: |
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -5,6 +5,16 @@ on:
    branches:
    - openssl
    - docker
+    paths:
+    - .github/workflows/docker.yml
+    - contrib/docker/**
+    - contrib/certificates/**
+    - daemon/**
+    - i18n/**
+    - libi2pd/**
+    - libi2pd_client/**
+    - Makefile
+    - Makefile.linux
    tags:
    - '*'

@ -27,29 +37,29 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4

    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
+      uses: docker/setup-qemu-action@v3

    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3

    - name: Login to DockerHub
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}

    - name: Login to GitHub Container registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}

    - name: Build container for ${{ matrix.archname }}
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v5
      with:
        context: ./contrib/docker
        file: ./contrib/docker/Dockerfile
@ -72,22 +82,22 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4

    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
+      uses: docker/setup-qemu-action@v3

    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3

    - name: Login to DockerHub
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}

    - name: Login to GitHub Container registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
--- a/166
+++ b/166
@ -1,6 +1,172 @@
 # for this file format description,
 # see https://github.com/olivierlacan/keep-a-changelog

+## [2.52.0] - 2024-05-12
+### Added
+- Separate threads for persisting RouterInfos and profiles to disk
+- Give preference to address with direct connection
+- Exclude addresses with incorrect static or intro key
+- Avoid two firewalled routers in the row in tunnel
+- Drop unsolicited database search replies
+### Changed
+- Increase number of hashes to 16 in exploratory lookup reply
+- Reduce number of a RouterInfo lookup attempts to 5
+- Reset stream RTO if outbound tunnel was changed
+- Insert previously excluded floodfill back when successfully connected
+- Increase maximum stream resend attempts to 9
+- Reply to exploratory lookups with only confirmed routers if low tunnel build rate
+- Don't accept too old RouterInfo
+- Build client tunnels through confirmed routers only if low tunnel build rate
+- Manage netDb requests more frequently
+- Don't reply with closer than us only floodfills for lookup
+### Fixed
+- Crash on router lookup if exploratory pool is not ready
+- Race condition in excluded peers for next lookup
+- Excessive number of lookups for same destination
+- Race condition with transport peers during shutdown
+- Corrupted RouterInfo files
+
+## [2.51.0] - 2024-04-06
+### Added
+- Non-blocking mode for UDP sockets
+- Set SSU2 socket buffer size based on bandwidth limit
+- Encrypted tunnel tests
+- Support for multiple UDP server tunnels on one destination
+- Publish medium congestion indication
+- Local domain sockets for SOCKS proxy upstream
+- Tunnel status "declined" in web console
+- SAM error reply "Incompatible crypto" if remote destination has incompatible crypto
+- Reduce amount of traffic by handling local message drops
+- Keep SSU2 socket open even if it fails to bind
+- Lower SSU2 resend traffic spikes
+- Expiration for messages in SSU2 send queue
+- Use EWMA for stream RTT estimation
+- Request choking delay if too many NACKs in stream
+- Allow 0ms latency for tunnel
+- Randomize tunnels selection for tests
+### Changed
+- Upstream SOCKS proxy from SOCKS4 to SOCKS5
+- Transit tunnels limit to 4 bytes. Default value to 10K
+- Reply CANT_REACH_PEER if connect to ourselves in SAM
+- Don't send already expired I2NP messages
+- Use monotonic timer to measure tunnel test latency
+- Standard NTCP2 frame doesn't exceed 16K
+- Always send request through tunnels in case of restricted routes
+- Don't delete connected routers from NetDb
+- Send lookup reply directly to reply tunnel gateway if possible
+- Reduce unreachable router ban interval to 8 minutes
+- Don't request banned routers / don't try to connect to unreachable router
+- Consider 'M' routers as low bandwidth
+- Limit minimal received SSU2 packet size to 40 bytes
+- Bob picks peer test session only if Charlie's address supports peer testing
+- Reject peer test msg 2 if peer testing is not supported
+- Don't request termination if SSU2 session was not established
+- Set maximum SSU2 queue size depending on RTT value
+- New streaming RTT calculation algorithm
+- Don't double initial RTO for streams when changing tunnels
+- Restore failed tunnel if test or data for inbound tunnel received
+- Don't fail last remaining tunnel in pool
+- Publish LeasetSet again if local destination was not ready or no tunnels
+- Make more attempts to pick high bandwidth hop for client tunnel
+- Reduced SSU2 session termination timeout to 165 seconds
+- Reseeds list
+### Fixed
+- ECIESx25519 symmetric key tagset early expiration
+- Encrypted LeaseSet lookup
+- Outbound tunnel build fails if it's endpoint is the same as reply tunnel gateway
+- I2PControl RouterManager returns invalid JSON when unknown params are passed
+- Mix of data between different UDP sessions on the same server
+- TARGET_OS_SIMULATOR check
+- Handling of "reservedrange" param
+- New NTCP2 session gets teminated upon termination of old one
+- New SSU2 session gets teminated upon termination of old one
+- Peer test to non-supporting router
+- Streaming ackThrough off 1 if number of NACKs exceeds 255
+- Race condition in ECIESx25519 tags table
+- Good tunnel becomes failed
+- Crash when packet comes to terminated stream
+- Stream hangs during LeaseSet update
+
+## [2.50.2] - 2024-01-06
+###Fixed
+- Crash with OpenSSL 3.2.0
+- False positive clock skew detection
+
+## [2.50.1] - 2023-12-23
+###Fixed
+- Support for new EdDSA usage behavior in OpenSSL 3.2.0
+
+## [2.50.0] - 2023-12-18
+### Added
+- Support of concurrent ACCEPTs on SAM 3.1
+- Haiku OS support
+- Low bandwidth and far routers can expire before 1 hour
+### Changed
+- Don't pick too active peer for first hop
+- Try peer test again if status is Unknown
+- Send peer tests with random delay
+- Reseeds list
+### Fixed
+- XSS vulnerability in addresshelper
+- Publishing NAT64 ipv6 addresses
+- Deadlock in AsyncSend callback
+
+## [2.49.0] - 2023-09-18
+### Added
+- Handle SOCK5 authorization with empty user/password
+- Drop incoming transport sessions from too old or from future routers
+- Memory pool for router profiles
+- Allow 0 hops in explicitPeers
+### Changed
+- Separate network and testing status
+- Remove AVX code
+- Improve NTCP2 transport session logging
+- Select router with ipv4 for tunnel endpoint
+- Consider all addresses non-published for U and H routers even if they have host/port
+- Don't pick completely unreachable routers for tunnels
+- Exclude SSU1 introducers from SSU2 addresses
+- Don't create paired inbound tunnel if length is different
+- Remove introducer from RouterInfo after 60 minutes
+- Reduce SSU2 keep alive interval and add keep alive interval variance
+- Don't pick too old sessions for introducer
+### Fixed
+- Version of the subnegotiation in user/password SOCKS5 response
+- Send keepalive for existing session with introducer
+- Buffer offset for EVP_EncryptFinal_ex() to include outlen
+- Termination block size processing for transport sessions
+- Crash if deleted BOB destination was shared between few BOB sessions
+- Introducers with zero tag
+- Padding for SSU2 path response
+
+## [2.48.0] - 2023-06-12
+### Added
+- Allow user/password authentication method for SOCK5 proxy
+- Publish reject all congestion cap 'G' if transit is not accepted
+- 'critical' log level
+- Print b32 on webconsole destination page
+- Webconsole button to drop a remote LeaseSet
+- limits.zombies param - minimum percentage of successfully created tunnels for routers cleanup
+- Recognize real routers if successfully connected or responded to tunnel build request
+### Changed
+- Bypass slow transport sessions for first hop selection
+- Limit AESNI inline asm to x86/x64
+- Create smaller I2NP packets if possible
+- Make router unreachable if AEAD tag verification fails in SessionCreated
+- Don't include a router to floodfills list until it's confirmed as real
+- Drop LeaseSet store request if not floodfill
+- Bypass medium congestion('D') routers for client tunnels
+- Publish encrypted RouterInfo through tunnels
+- Check if s is valid x25519 public key
+- Check if socket is open before sending data in SSU2
+### Fixed
+- Webconsole empty page if destination is not found
+- i2p.streaming.answerPings param
+- Reload tunnels
+- Address caps for unspecified ipv6 address
+- Incomplete HTTP headers in I2P tunnels
+- SSU2 socket network exceptions on Windows
+- Use of 'server' type tunnel port as inport (#1936)
+
 ## [2.47.0] - 2023-03-11
 ### Added
 - Congestion caps
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-Copyright (c) 2013-2020, The PurpleI2P Project
+Copyright (c) 2013-2023, The PurpleI2P Project

 All rights reserved.

--- a/5
+++ b/5
@ -67,6 +67,9 @@ else ifneq (, $(findstring linux, $(SYS))$(findstring gnu, $(SYS)))
 else ifneq (, $(findstring freebsd, $(SYS))$(findstring openbsd, $(SYS)))
 	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
 	include Makefile.bsd
+else ifneq (, $(findstring haiku, $(SYS)))
+	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
+	include Makefile.haiku
 else # not supported
 	$(error Not supported platform)
 endif
@ -118,7 +121,7 @@ obj/%.o: %.cpp | mk_obj_dir
 -include $(DEPS)

 $(I2PD): $(DAEMON_OBJS) $(ARLIB) $(ARLIB_CLIENT) $(ARLIB_LANG)
-	$(CXX) -o $@ $(DEFINES) $(LDFLAGS) $^ $(LDLIBS)
+	$(CXX) $(DEFINES) $(LDFLAGS) -o $@ $^ $(LDLIBS)

 $(SHLIB): $(LIB_OBJS)
 ifneq ($(USE_STATIC),yes)
--- a/Makefile.bsd
+++ b/Makefile.bsd
@ -6,7 +6,12 @@ CXXFLAGS ?= ${CXX_DEBUG} -Wall -Wextra -Wno-unused-parameter -pedantic -Wno-misl
 ## (e.g. -fstack-protector-strong -Wformat -Werror=format-security), we do not want to remove
 ## -std=c++11. If you want to remove this variable please do so in a way that allows setting
 ## custom FLAGS to work at build-time.
-NEEDED_CXXFLAGS = -std=c++11
+CXXVER := $(shell $(CXX) -dumpversion)
+ifeq (${CXXVER}, "4.2.1") # older clang always returned 4.2.1
+	NEEDED_CXXFLAGS = -std=c++11
+else # newer versions support C++17
+	NEEDED_CXXFLAGS = -std=c++17
+endif
 DEFINES = -D_GLIBCXX_USE_NANOSLEEP=1
 INCFLAGS = -I/usr/include/ -I/usr/local/include/
 LDFLAGS = ${LD_DEBUG} -Wl,-rpath,/usr/local/lib -L/usr/local/lib
--- a/Makefile.haiku
+++ b/Makefile.haiku
@ -0,0 +1,10 @@
+CXX = g++
+CXXFLAGS := -Wall -std=c++11
+INCFLAGS = -I/system/develop/headers
+DEFINES = -D_DEFAULT_SOURCE -D_GNU_SOURCE
+LDLIBS = -lbe -lbsd -lnetwork -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
+
+ifeq ($(USE_UPNP),yes)
+	DEFINES += -DUSE_UPNP
+	LDLIBS += -lminiupnpc
+endif
--- a/Makefile.homebrew
+++ b/Makefile.homebrew
@ -1,41 +1,40 @@
 # root directory holding homebrew
-BREWROOT = /usr/local
+BREWROOT = /opt/homebrew
 BOOSTROOT = ${BREWROOT}/opt/boost
 SSLROOT = ${BREWROOT}/opt/openssl@1.1
 UPNPROOT = ${BREWROOT}/opt/miniupnpc
-CXXFLAGS = ${CXX_DEBUG} -Wall -std=c++11 -DMAC_OSX -Wno-overloaded-virtual
-INCFLAGS = -I${SSLROOT}/include -I${BOOSTROOT}/include
-LDFLAGS = ${LD_DEBUG}

-ifndef TRAVIS
-	CXX = clang++
-endif
+CXXFLAGS ?= ${CXX_DEBUG} -Wall -Wno-overloaded-virtual
+NEEDED_CXXFLAGS ?= -std=c++11
+INCFLAGS ?= -I${SSLROOT}/include -I${BOOSTROOT}/include
+LDFLAGS ?= ${LD_DEBUG}
+DEFINES += -DMAC_OSX

 ifeq ($(USE_STATIC),yes)
-	LDLIBS = -lz ${SSLROOT}/lib/libcrypto.a ${SSLROOT}/lib/libssl.a ${BOOSTROOT}/lib/libboost_system.a ${BOOSTROOT}/lib/libboost_date_time.a ${BOOSTROOT}/lib/libboost_filesystem.a ${BOOSTROOT}/lib/libboost_program_options.a -lpthread
+	LDLIBS = -lz ${SSLROOT}/lib/libcrypto.a ${SSLROOT}/lib/libssl.a ${BOOSTROOT}/lib/libboost_system.a ${BOOSTROOT}/lib/libboost_date_time.a ${BOOSTROOT}/lib/libboost_filesystem.a ${BOOSTROOT}/lib/libboost_program_options.a
+ifeq ($(USE_UPNP),yes)
+	LDLIBS += ${UPNPROOT}/lib/libminiupnpc.a
+endif
+	LDLIBS +=  -lpthread -ldl
 else
 	LDFLAGS += -L${SSLROOT}/lib -L${BOOSTROOT}/lib
 	LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread
+ifeq ($(USE_UPNP),yes)
+	LDFLAGS += -L${UPNPROOT}/lib
+	LDLIBS += -lminiupnpc
+endif
 endif

 ifeq ($(USE_UPNP),yes)
-	LDFLAGS += -ldl
-	CXXFLAGS += -DUSE_UPNP
+	DEFINES += -DUSE_UPNP
 	INCFLAGS += -I${UPNPROOT}/include
-	ifeq ($(USE_STATIC),yes)
-		LDLIBS += ${UPNPROOT}/lib/libminiupnpc.a
-	else
-		LDFLAGS += -L${UPNPROOT}/lib
-		LDLIBS += -lminiupnpc
-	endif
 endif

-# OSX Notes
-# http://www.hutsby.net/2011/08/macs-with-aes-ni.html
-# Seems like all recent Mac's have AES-NI, after firmware upgrade 2.2
-# Found no good way to detect it from command line. TODO: Might be some osx sysinfo magic
 ifeq ($(USE_AESNI),yes)
-	CXXFLAGS += -D__AES__ -maes
+ifneq (, $(findstring i386, $(SYS))$(findstring i686, $(SYS))$(findstring x86_64, $(SYS))) # only x86-based CPU supports that
+	NEEDED_CXXFLAGS += -maes
+	DEFINES += -D__AES__
+endif
 endif

 install: all
--- a/Makefile.mingw
+++ b/Makefile.mingw
@ -5,14 +5,11 @@ WINDRES = windres

 CXXFLAGS := $(CXX_DEBUG) -fPIC -msse
 INCFLAGS := -I$(DAEMON_SRC_DIR) -IWin32
-LDFLAGS := ${LD_DEBUG} -static
+LDFLAGS := ${LD_DEBUG} -static -fPIC -msse

 NEEDED_CXXFLAGS += -std=c++17
 DEFINES += -DWIN32_LEAN_AND_MEAN

-# Boost libraries suffix
-BOOST_SUFFIX = -mt
-
 # UPNP Support
 ifeq ($(USE_UPNP),yes)
 	DEFINES += -DUSE_UPNP -DMINIUPNP_STATICLIB
@ -20,17 +17,18 @@ ifeq ($(USE_UPNP),yes)
 endif

 LDLIBS += \
-	-lboost_system$(BOOST_SUFFIX) \
-	-lboost_date_time$(BOOST_SUFFIX) \
-	-lboost_filesystem$(BOOST_SUFFIX) \
-	-lboost_program_options$(BOOST_SUFFIX) \
-	-lssl \
-	-lcrypto \
-	-lz \
+	$(MINGW_PREFIX)/lib/libboost_system-mt.a \
+	$(MINGW_PREFIX)/lib/libboost_date_time-mt.a \
+	$(MINGW_PREFIX)/lib/libboost_filesystem-mt.a \
+	$(MINGW_PREFIX)/lib/libboost_program_options-mt.a \
+	$(MINGW_PREFIX)/lib/libssl.a \
+	$(MINGW_PREFIX)/lib/libcrypto.a \
+	$(MINGW_PREFIX)/lib/libz.a \
 	-lwsock32 \
 	-lws2_32 \
-	-lgdi32 \
 	-liphlpapi \
+	-lcrypt32 \
+	-lgdi32 \
 	-lole32 \
 	-luuid \
 	-lpthread
@ -48,6 +46,7 @@ endif

 ifeq ($(USE_AESNI),yes)
 	NEEDED_CXXFLAGS += -maes
+	LDFLAGS += -maes
 	DEFINES += -D__AES__
 endif

--- a/Makefile.osx
+++ b/Makefile.osx
@ -5,7 +5,6 @@ DEFINES := -DMAC_OSX
 LDFLAGS := -Wl,-rpath,/usr/local/lib -L/usr/local/lib
 LDFLAGS += -Wl,-dead_strip
 LDFLAGS += -Wl,-dead_strip_dylibs
-LDFLAGS += -Wl,-bind_at_load

 ifeq ($(USE_STATIC),yes)
 	LDLIBS = -lz /usr/local/lib/libcrypto.a /usr/local/lib/libssl.a /usr/local/lib/libboost_system.a /usr/local/lib/libboost_date_time.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread
--- a/README.md
+++ b/README.md
@ -99,13 +99,23 @@ Current status: [![Crowdin](https://badges.crowdin.net/i2pd/localized.svg)](http
 Donations
 ---------

-BTC: 3MDoGJW9TLMTCDGrR9bLgWXfm6sjmgy86f  
-LTC: LKQirrYrDeTuAPnpYq5y7LVKtywfkkHi59  
-ETH: 0x9e5bac70d20d1079ceaa111127f4fb3bccce379d  
-DASH: Xw8YUrQpYzP9tZBmbjqxS3M97Q7v3vJKUF  
-ZEC: t1cTckLuXsr1dwVrK4NDzfhehss4NvMadAJ  
-GST: GbD2JSQHBHCKLa9WTHmigJRpyFgmBj4woG  
-XMR: 497pJc7X4xqKvcLBLpSUtRgWqMMyo24u4btCos3cak6gbMkpobgSU6492ztUcUBghyeHpYeczB55s38NpuHoH5WGNSPDRMH  
+**E-Mail**: ```i2porignal at yandex.com```
+
+**BTC**: ```3MDoGJW9TLMTCDGrR9bLgWXfm6sjmgy86f```
+
+**LTC**: ```LKQirrYrDeTuAPnpYq5y7LVKtywfkkHi59```
+
+**ETH**: ```0x9e5bac70d20d1079ceaa111127f4fb3bccce379d```
+
+**GST**: ```GbD2JSQHBHCKLa9WTHmigJRpyFgmBj4woG```
+
+**DASH**: ```Xw8YUrQpYzP9tZBmbjqxS3M97Q7v3vJKUF```
+
+**ZEC**: ```t1cTckLuXsr1dwVrK4NDzfhehss4NvMadAJ```
+
+**ANC**: ```AQJYweYYUqM1nVfLqfoSMpUMfzxvS4Xd7z```
+
+**XMR**: ```497pJc7X4xqKvcLBLpSUtRgWqMMyo24u4btCos3cak6gbMkpobgSU6492ztUcUBghyeHpYeczB55s38NpuHoH5WGNSPDRMH```

 License
 -------
--- a/Win32/DaemonWin32.cpp
+++ b/Win32/DaemonWin32.cpp
@ -47,7 +47,7 @@ namespace util
 			I2PService service((PSTR)SERVICE_NAME);
 			if (!I2PService::Run(service))
 			{
-				LogPrint(eLogError, "Daemon: Service failed to run w/err 0x%08lx\n", GetLastError());
+				LogPrint(eLogCritical, "Daemon: Service failed to run w/err 0x%08lx\n", GetLastError());
 				return false;
 			}
 			return false;
--- a/Win32/Win32App.cpp
+++ b/Win32/Win32App.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -145,30 +145,37 @@ namespace win32
 		s << bytes << " Bytes\n";
 	}

-	static void ShowNetworkStatus (std::stringstream& s, RouterStatus status)
+	static void ShowNetworkStatus (std::stringstream& s, RouterStatus status, bool testing, RouterError error)
 	{
 		switch (status)
 		{
 			case eRouterStatusOK: s << "OK"; break;
-			case eRouterStatusTesting: s << "Test"; break;
 			case eRouterStatusFirewalled: s << "FW"; break;
 			case eRouterStatusUnknown: s << "Unk"; break;
 			case eRouterStatusProxy: s << "Proxy"; break;
 			case eRouterStatusMesh: s << "Mesh"; break;
 			default: s << "Unk";
 		};
-		if (i2p::context.GetError () != eRouterErrorNone)
+		if (testing)
+			s << " (Test)";
+		if (error != eRouterErrorNone)
 		{
-			switch (i2p::context.GetError ())
+			switch (error)
 			{
 				case eRouterErrorClockSkew:
-					s << " - Clock skew";
+					s << " - " << tr("Clock skew");
 				break;
 				case eRouterErrorOffline:
-					s << " - Offline";
+					s << " - " << tr("Offline");
 				break;
 				case eRouterErrorSymmetricNAT:
-					s << " - Symmetric NAT";
+					s << " - " << tr("Symmetric NAT");
+				break;
+				case eRouterErrorFullConeNAT:
+					s << " - " << tr("Full cone NAT");
+				break;
+				case eRouterErrorNoDescriptors:
+					s << " - " << tr("No Descriptors");
 				break;
 				default: ;
 			}
@ -179,11 +186,11 @@ namespace win32
 	{
 		s << "\n";
 		s << "Status: ";
-		ShowNetworkStatus (s, i2p::context.GetStatus ());
+		ShowNetworkStatus (s, i2p::context.GetStatus (), i2p::context.GetTesting(), i2p::context.GetError ());
 		if (i2p::context.SupportsV6 ())
 		{
 			s << " / ";
-			ShowNetworkStatus (s, i2p::context.GetStatusV6 ());
+			ShowNetworkStatus (s, i2p::context.GetStatusV6 (), i2p::context.GetTestingV6(), i2p::context.GetErrorV6 ());
 		}
 		s << "; ";
 		s << "Success Rate: " << i2p::tunnel::tunnels.GetTunnelCreationSuccessRate() << "%\n";
@ -348,6 +355,9 @@ namespace win32
 						}
 					}
 				}
+#if (__cplusplus >= 201703L) // C++ 17 or higher
+				[[fallthrough]];
+#endif
 			}
 			case WM_TRAYICON:
 			{
--- a/Win32/Win32NetState.cpp
+++ b/Win32/Win32NetState.cpp
@ -73,16 +73,24 @@ void UnSubscribeFromEvents()
 		}

 		if (pNetEvent)
+		{
 			pNetEvent->Release();
+		}

 		if (pCPContainer)
+		{
 			pCPContainer->Release();
+		}

 		if (pNetworkListManager)
+		{
 			pNetworkListManager->Release();
+		}

 		if (pUnknown)
+		{
 			pUnknown->Release();
+		}

 		CoUninitialize();
 	}
--- a/Win32/Win32NetState.h
+++ b/Win32/Win32NetState.h
@ -15,10 +15,11 @@
 #include "Log.h"
 #include "Transports.h"

-class CNetworkListManagerEvent : public INetworkListManagerEvents
+class CNetworkListManagerEvent final : public INetworkListManagerEvents
 {
 public:
 	CNetworkListManagerEvent() : m_ref(1) { }
+	~CNetworkListManagerEvent() { }

 	HRESULT STDMETHODCALLTYPE QueryInterface(REFIID riid, void **ppvObject)
 	{
--- a/Win32/Win32Service.cpp
+++ b/Win32/Win32Service.cpp
@ -119,12 +119,12 @@ void I2PService::Start(DWORD dwArgc, PSTR *pszArgv)
 	}
 	catch (DWORD dwError)
 	{
-		LogPrint(eLogError, "Win32Service: Start error: ", dwError);
+		LogPrint(eLogCritical, "Win32Service: Start error: ", dwError);
 		SetServiceStatus(SERVICE_STOPPED, dwError);
 	}
 	catch (...)
 	{
-		LogPrint(eLogError, "Win32Service: failed to start: ", EVENTLOG_ERROR_TYPE);
+		LogPrint(eLogCritical, "Win32Service: failed to start: ", EVENTLOG_ERROR_TYPE);
 		SetServiceStatus(SERVICE_STOPPED);
 	}
 }
@ -162,7 +162,7 @@ void I2PService::Stop()
 	}
 	catch (...)
 	{
-		LogPrint(eLogError, "Win32Service: Failed to stop: ", EVENTLOG_ERROR_TYPE);
+		LogPrint(eLogCritical, "Win32Service: Failed to stop: ", EVENTLOG_ERROR_TYPE);
 		SetServiceStatus(dwOriginalState);
 	}
 }
@ -191,12 +191,12 @@ void I2PService::Pause()
 	}
 	catch (DWORD dwError)
 	{
-		LogPrint(eLogError, "Win32Service: Pause error: ", dwError);
+		LogPrint(eLogCritical, "Win32Service: Pause error: ", dwError);
 		SetServiceStatus(SERVICE_RUNNING);
 	}
 	catch (...)
 	{
-		LogPrint(eLogError, "Win32Service: Failed to pause: ", EVENTLOG_ERROR_TYPE);
+		LogPrint(eLogCritical, "Win32Service: Failed to pause: ", EVENTLOG_ERROR_TYPE);
 		SetServiceStatus(SERVICE_RUNNING);
 	}
 }
@ -215,12 +215,12 @@ void I2PService::Continue()
 	}
 	catch (DWORD dwError)
 	{
-		LogPrint(eLogError, "Win32Service: Continue error: ", dwError);
+		LogPrint(eLogCritical, "Win32Service: Continue error: ", dwError);
 		SetServiceStatus(SERVICE_PAUSED);
 	}
 	catch (...)
 	{
-		LogPrint(eLogError, "Win32Service: Failed to resume: ", EVENTLOG_ERROR_TYPE);
+		LogPrint(eLogCritical, "Win32Service: Failed to resume: ", EVENTLOG_ERROR_TYPE);
 		SetServiceStatus(SERVICE_PAUSED);
 	}
 }
@ -238,11 +238,11 @@ void I2PService::Shutdown()
 	}
 	catch (DWORD dwError)
 	{
-		LogPrint(eLogError, "Win32Service: Shutdown error: ", dwError);
+		LogPrint(eLogCritical, "Win32Service: Shutdown error: ", dwError);
 	}
 	catch (...)
 	{
-		LogPrint(eLogError, "Win32Service: Failed to shut down: ", EVENTLOG_ERROR_TYPE);
+		LogPrint(eLogCritical, "Win32Service: Failed to shut down: ", EVENTLOG_ERROR_TYPE);
 	}
 }

--- a/Win32/mask.bmp
+++ b/Win32/mask.bmp
--- a/build/CMakeLists.txt
+++ b/build/CMakeLists.txt
@ -25,7 +25,7 @@ project(
  i2pd
  VERSION ${PROJECT_VERSION}
  HOMEPAGE_URL "https://i2pd.website/"
-  LANGUAGES CXX
+  LANGUAGES C CXX
 )

 # configurable options
@ -121,7 +121,7 @@ if(WIN32)
  )

  file(GLOB WIN32_RC ${WIN32_SRC_DIR}/*.rc)
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWIN32_APP -DWIN32_LEAN_AND_MEAN")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWIN32_APP -DWIN32_LEAN_AND_MEAN -DNOMINMAX")

 endif()

@ -139,6 +139,10 @@ if(APPLE)
  add_definitions(-DMAC_OSX)
 endif()

+if(HAIKU)
+  add_definitions(-D_DEFAULT_SOURCE -D_GNU_SOURCE)
+endif()
+
 if(MSVC)
  add_definitions(-DWINVER=0x0600)
  add_definitions(-D_WIN32_WINNT=0x0600)
@ -197,14 +201,11 @@ endif()

 # Note: AES-NI and AVX is available on x86-based CPU's.
 # Here also ARM64 implementation, but currently we don't support it.
-# MSVC is not supported.
-if(MSVC)
-  message(STATUS "AES-NI is not supported on MSVC, option was disabled")
-  set(WITH_AESNI OFF)
-endif()
-
+# MSVC is not supported due to different ASM processing, so we hope OpenSSL has its own checks to run optimized code.
 if(WITH_AESNI AND (ARCHITECTURE MATCHES "x86_64" OR ARCHITECTURE MATCHES "i386"))
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -maes")
+  if(NOT MSVC)
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -maes")
+  endif()
  add_definitions(-D__AES__)
 endif()

@ -277,15 +278,19 @@ else()
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC")
  endif()
  add_definitions(-DBOOST_ATOMIC_DYN_LINK -DBOOST_SYSTEM_DYN_LINK -DBOOST_FILESYSTEM_DYN_LINK -DBOOST_PROGRAM_OPTIONS_DYN_LINK -DBOOST_DATE_TIME_DYN_LINK -DBOOST_REGEX_DYN_LINK)
+  if(WIN32)
+    set(Boost_USE_STATIC_LIBS OFF)
+    set(Boost_USE_STATIC_RUNTIME OFF)
+  endif()
 endif()

 find_package(Boost REQUIRED COMPONENTS system filesystem program_options date_time OPTIONAL_COMPONENTS atomic)
-if(NOT DEFINED Boost_INCLUDE_DIRS)
+if(NOT DEFINED Boost_FOUND)
  message(SEND_ERROR "Boost is not found, or your boost version was below 1.46. Please download Boost!")
 endif()

 find_package(OpenSSL REQUIRED)
-if(NOT DEFINED OPENSSL_INCLUDE_DIR)
+if(NOT DEFINED OPENSSL_FOUND)
  message(SEND_ERROR "Could not find OpenSSL. Please download and install it first!")
 endif()

@ -325,7 +330,11 @@ message(STATUS "  LIBRARY          : ${WITH_LIBRARY}")
 message(STATUS "  BINARY           : ${WITH_BINARY}")
 message(STATUS "  STATIC BUILD     : ${WITH_STATIC}")
 message(STATUS "  UPnP             : ${WITH_UPNP}")
+if(WITH_GIT_VERSION)
+message(STATUS "  GIT VERSION      : ${WITH_GIT_VERSION} (${GIT_VERSION})")
+else()
 message(STATUS "  GIT VERSION      : ${WITH_GIT_VERSION}")
+endif()
 message(STATUS "  ADDRSANITIZER    : ${WITH_ADDRSANITIZER}")
 message(STATUS "  THREADSANITIZER  : ${WITH_THREADSANITIZER}")
 message(STATUS "---------------------------------------")
--- a/contrib/apparmor/docker-i2pd
+++ b/contrib/apparmor/docker-i2pd
@ -0,0 +1,42 @@
+# _________________________________________
+# /  Copy this file to the right location   \
+# | then load with:                         |
+# |                                         |
+# | apparmor_parser -r -W                   |
+# | /etc/apparmor.d/docker-i2pd             |
+# |                                         |
+# | docker run --security-opt               |
+# | "apparmor=docker-i2pd" ...              |
+# | purplei2p/i2pd                          |
+# |                                         |
+# \ And "aa-status" to verify it's loaded.  /
+#  -----------------------------------------
+#         \   ^__^
+#          \  (oo)\_______
+#             (__)\       )\/\
+#                 ||----w |
+#                 ||     ||
+
+#include <tunables/global>
+
+profile docker-i2pd flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+  #include <abstractions/openssl>
+  #include <abstractions/nameservice>
+
+  /bin/busybox ix,
+  /usr/local/bin/i2pd ix,
+  /entrypoint.sh ixr,
+
+  /i2pd_certificates/** r,
+
+  /home/i2pd/data/** rw,
+
+  /home/i2pd/data/i2pd.pid k,
+
+  deny /home/i2pd/data/i2pd.conf w,
+  deny /home/i2pd/data/tunnels.conf w,
+  deny /home/i2pd/data/tunnels.d/** w,
+  deny /home/i2pd/data/certificates/** w,
+  deny /home/i2pd/data/i2pd.log r,
+}
--- a/contrib/certificates/reseed/admin_at_stormycloud.org.crt
+++ b/contrib/certificates/reseed/admin_at_stormycloud.org.crt
@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF1zCCA7+gAwIBAgIRAMDqFR09Xuj8ZUu+oetSvAEwDQYJKoZIhvcNAQELBQAw
+dTELMAkGA1UEBhMCWFgxCzAJBgNVBAcTAlhYMQswCQYDVQQJEwJYWDEeMBwGA1UE
+ChMVSTJQIEFub255bW91cyBOZXR3b3JrMQwwCgYDVQQLEwNJMlAxHjAcBgNVBAMM
+FWFkbWluQHN0b3JteWNsb3VkLm9yZzAeFw0yNDAxMjUxNDE1MzBaFw0zNDAxMjUx
+NDE1MzBaMHUxCzAJBgNVBAYTAlhYMQswCQYDVQQHEwJYWDELMAkGA1UECRMCWFgx
+HjAcBgNVBAoTFUkyUCBBbm9ueW1vdXMgTmV0d29yazEMMAoGA1UECxMDSTJQMR4w
+HAYDVQQDDBVhZG1pbkBzdG9ybXljbG91ZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDbGX+GikPzQXr9zvkrhfO9g0l49KHLNQhUKYqd6T+PfnGo
+Fm0d3ZZVVQZ045vWgroOXDGGZZWxUIlb2inRaR2DF1TxN3pPYt59RgY9ZQ9+TL7o
+isY91krCRygY8EcAmHIjlfZQ9dBVcL7CfyT0MYZA5Efee9+NDHSewTfQP9T2faIE
+83Fcyd93a2mIHYjKUbJnojng/wgsy8srbsEuuTok4MIQmDj+B5nz+za2FgI0/ydh
+srlMt4aGJF4/DIem9z9d0zBCOkwrmtFIzjNF1mOSA8ES4m5YnKA/y9rZlRidLPGu
+prbXhPVnqHeOnHMz2QCw1wbVo504kl0bMqyEz2tVWsO9ep7iZoQs2xkFAEaegYNT
+QLUpwVGlyuq3wXXwopFRffOSimGSazICwWI6j+K0pOtgefNJaWrqKYvtkj1SbK2L
+LBNUIENz6VnB7KPRckuX6zxC8PpOiBK9BcftfO+xAz/wC6qq3riBPw30KKSym0nC
+Zp5KciDn4Phtw9PGq8Bkl8SyWl0jtFnfTB1tzJkisf2qKcNHaFTEe2JW763YLbh/
+AU+8X8evFu40qLgvOgKoyy5DLy6i8zetX+3t9K0Fxt9+Vzzq6lm5V/RS8iIPPn+M
+q1/3Z5kD0KQBG9h/Gl8BH+lB71ZxPAOZ3SMu8DJZcxBLVmDWqQPCr5CKnoz0swID
+AQABo2IwYDAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG
+AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHgYDVR0OBBcEFWFkbWluQHN0b3JteWNs
+b3VkLm9yZzANBgkqhkiG9w0BAQsFAAOCAgEARWOJ69vTHMneSXYscha+4Ytjg0RM
+faewJNEGj8qy/Qvh9si2bWYNPRK6BlbHFS7pRYBLAnhaeLBGVv1CCR6GUMMe74zQ
+UuMeAoWU6qMDmB3GfYoZJh8sIxpwHqyJeTdeccRbZ4sX4F6u3IHPXYiU/AgbYqH7
+pYXQg2lCjXZYaDFAlEf5SlYUDOhhXe5kR8Edhlrsu32/JzA1DQK0JjxKCBp+DQmA
+ltdOpQtAg03fHP4ssdj7VvjIDl28iIlATwBvHrdNm7T0tYWn6TWhvxbRqvfTxfaH
+MvxnPdIJwNP4/9TyQkwjwHb1h+ucho3CnxI/AxspdOvT1ElMhP6Ce6rcS9pk11Rl
+x0ChsqpWwDg7KYpg0qZFSKCTBp4zBq9xoMJ6BQcgMfyl736WbsCzFTEyfifp8beg
+NxUa/Qk7w7cuSPGyMIKNOmOR7FLlFbtocy8sXVsUQdqnp/edelufdNe39U9uNtY6
+yoXI9//Tc6NgOwy2Oyia0slZ5qHRkB7e4USXMRzJ3p4q9eCVKjAJs81Utp7O2U+9
+vhbhwWP8CAnNTT1E5WS6EKtfrdqF7wjkV+noPGLDGmrXi01J1fSMAjMfVO+7/LOL
+UN+G4ybKWnEhhOO27yidN8Xx6UrCS23DBlPPQAeA74dTsTExiOxf1o1EXzcQiMyO
+LAj3/Ojbi1xkWhI=
+-----END CERTIFICATE-----
--- a/contrib/debian/README
+++ b/contrib/debian/README
@ -1,2 +1,5 @@
-This forder contain systemd unit files.
-To use systemd daemon control, place files from this directory to debian folder before building package.
+This forder contain files required for building debian packages.
+
+The trunk repository is contains the packaging files for the latest stable version of Debian (if we not forgot to update them).
+
+Files in subdirectories contains fixes to make possible to build package on specific versions of Debian/Ubuntu. They are used when building the release package.
--- a/contrib/debian/bionic/compat
+++ b/contrib/debian/bionic/compat
@ -0,0 +1 @@
+11
--- a/contrib/debian/bionic/control
+++ b/contrib/debian/bionic/control
@ -0,0 +1,18 @@
+Source: i2pd
+Section: net
+Priority: optional
+Maintainer: r4sas <r4sas@i2pmail.org>
+Build-Depends: debhelper (>= 11~), libboost-system-dev (>= 1.46), libboost-date-time-dev (>= 1.46), libboost-filesystem-dev (>= 1.46), libboost-program-options-dev (>= 1.46), libminiupnpc-dev, libssl-dev, zlib1g-dev
+Standards-Version: 4.2.0
+Homepage: http://i2pd.website/
+Vcs-Git: git://github.com/PurpleI2P/i2pd.git
+Vcs-Browser: https://github.com/PurpleI2P/i2pd
+
+Package: i2pd
+Architecture: any
+Pre-Depends: ${misc:Pre-Depends}, adduser
+Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base,
+Description: Full-featured C++ implementation of I2P client.
+ I2P (Invisible Internet Protocol) is a universal anonymous network layer. All
+ communications over I2P are anonymous and end-to-end encrypted, participants
+ don't reveal their real IP addresses.
--- a/contrib/debian/trusty/compat
+++ b/contrib/debian/trusty/compat
@ -0,0 +1 @@
+9
--- a/contrib/debian/trusty/control
+++ b/contrib/debian/trusty/control
@ -0,0 +1,18 @@
+Source: i2pd
+Section: net
+Priority: optional
+Maintainer: r4sas <r4sas@i2pmail.org>
+Build-Depends: debhelper (>= 9), libboost-system-dev (>= 1.46), libboost-date-time-dev (>= 1.46), libboost-filesystem-dev (>= 1.46), libboost-program-options-dev (>= 1.46), libminiupnpc-dev, libssl-dev, zlib1g-dev
+Standards-Version: 3.9.8
+Homepage: http://i2pd.website/
+Vcs-Git: git://github.com/PurpleI2P/i2pd.git
+Vcs-Browser: https://github.com/PurpleI2P/i2pd
+
+Package: i2pd
+Architecture: any
+Pre-Depends: ${misc:Pre-Depends}, adduser
+Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base,
+Description: Full-featured C++ implementation of I2P client.
+ I2P (Invisible Internet Protocol) is a universal anonymous network layer. All
+ communications over I2P are anonymous and end-to-end encrypted, participants
+ don't reveal their real IP addresses.
--- a/contrib/debian/trusty/patches/01-upnp.patch
+++ b/contrib/debian/trusty/patches/01-upnp.patch
@ -0,0 +1,17 @@
+Description: Enable UPnP usage in package
+Author: r4sas <r4sas@i2pmail.org>
+
+Reviewed-By: r4sas <r4sas@i2pmail.org>
+Last-Update: 2022-03-23
+
+--- i2pd.orig/Makefile
+++ i2pd/Makefile
+@@ -31,7 +31,7 @@ include filelist.mk
+ 
+ USE_AESNI       := $(or $(USE_AESNI),yes)
+ USE_STATIC      := $(or $(USE_STATIC),no)
+-USE_UPNP        := $(or $(USE_UPNP),no)
+USE_UPNP        := $(or $(USE_UPNP),yes)
+ DEBUG           := $(or $(DEBUG),yes)
+ 
+ # for debugging purposes only, when commit hash needed in trunk builds in i2pd version string
--- a/contrib/debian/trusty/patches/02-service.patch
+++ b/contrib/debian/trusty/patches/02-service.patch
@ -0,0 +1,19 @@
+Description: Disable LogsDirectory and LogsDirectoryMode options in service
+Author: r4sas <r4sas@i2pmail.org>
+
+Reviewed-By: r4sas <r4sas@i2pmail.org>
+Last-Update: 2023-05-17
+
+--- a/contrib/i2pd.service
+++ b/contrib/i2pd.service
+@@ -8,8 +8,8 @@ User=i2pd
+ Group=i2pd
+ RuntimeDirectory=i2pd
+ RuntimeDirectoryMode=0700
+-LogsDirectory=i2pd
+-LogsDirectoryMode=0700
+#LogsDirectory=i2pd
+#LogsDirectoryMode=0700
+ Type=forking
+ ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
+ ExecReload=/bin/sh -c "kill -HUP $MAINPID"
--- a/contrib/debian/trusty/patches/series
+++ b/contrib/debian/trusty/patches/series
@ -0,0 +1,2 @@
+01-upnp.patch
+02-service.patch
--- a/contrib/debian/trusty/rules
+++ b/contrib/debian/trusty/rules
@ -0,0 +1,18 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE=1
+
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+
+include /usr/share/dpkg/architecture.mk
+
+ifeq ($(DEB_HOST_ARCH),i386)
+    export DEB_BUILD_OPTIONS=parallel=1
+endif
+
+export DEB_CXXFLAGS_MAINT_APPEND=-Wall -pedantic
+export DEB_LDFLAGS_MAINT_APPEND=
+
+%:
+	dh $@ --parallel
+
+override_dh_auto_install:
--- a/contrib/debian/xenial/compat
+++ b/contrib/debian/xenial/compat
@ -0,0 +1 @@
+9
--- a/contrib/debian/xenial/control
+++ b/contrib/debian/xenial/control
@ -0,0 +1,18 @@
+Source: i2pd
+Section: net
+Priority: optional
+Maintainer: r4sas <r4sas@i2pmail.org>
+Build-Depends: debhelper (>= 9), libboost-system-dev (>= 1.46), libboost-date-time-dev (>= 1.46), libboost-filesystem-dev (>= 1.46), libboost-program-options-dev (>= 1.46), libminiupnpc-dev, libssl-dev, zlib1g-dev
+Standards-Version: 3.9.8
+Homepage: http://i2pd.website/
+Vcs-Git: git://github.com/PurpleI2P/i2pd.git
+Vcs-Browser: https://github.com/PurpleI2P/i2pd
+
+Package: i2pd
+Architecture: any
+Pre-Depends: ${misc:Pre-Depends}, adduser
+Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base,
+Description: Full-featured C++ implementation of I2P client.
+ I2P (Invisible Internet Protocol) is a universal anonymous network layer. All
+ communications over I2P are anonymous and end-to-end encrypted, participants
+ don't reveal their real IP addresses.
--- a/contrib/debian/xenial/patches/01-upnp.patch
+++ b/contrib/debian/xenial/patches/01-upnp.patch
@ -0,0 +1,17 @@
+Description: Enable UPnP usage in package
+Author: r4sas <r4sas@i2pmail.org>
+
+Reviewed-By: r4sas <r4sas@i2pmail.org>
+Last-Update: 2022-03-23
+
+--- i2pd.orig/Makefile
+++ i2pd/Makefile
+@@ -31,7 +31,7 @@ include filelist.mk
+ 
+ USE_AESNI       := $(or $(USE_AESNI),yes)
+ USE_STATIC      := $(or $(USE_STATIC),no)
+-USE_UPNP        := $(or $(USE_UPNP),no)
+USE_UPNP        := $(or $(USE_UPNP),yes)
+ DEBUG           := $(or $(DEBUG),yes)
+ 
+ # for debugging purposes only, when commit hash needed in trunk builds in i2pd version string
--- a/contrib/debian/xenial/patches/02-service.patch
+++ b/contrib/debian/xenial/patches/02-service.patch
@ -0,0 +1,19 @@
+Description: Disable LogsDirectory and LogsDirectoryMode options in service
+Author: r4sas <r4sas@i2pmail.org>
+
+Reviewed-By: r4sas <r4sas@i2pmail.org>
+Last-Update: 2023-05-17
+
+--- a/contrib/i2pd.service
+++ b/contrib/i2pd.service
+@@ -8,8 +8,8 @@ User=i2pd
+ Group=i2pd
+ RuntimeDirectory=i2pd
+ RuntimeDirectoryMode=0700
+-LogsDirectory=i2pd
+-LogsDirectoryMode=0700
+#LogsDirectory=i2pd
+#LogsDirectoryMode=0700
+ Type=forking
+ ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
+ ExecReload=/bin/sh -c "kill -HUP $MAINPID"
--- a/contrib/debian/xenial/patches/series
+++ b/contrib/debian/xenial/patches/series
@ -0,0 +1,2 @@
+01-upnp.patch
+02-service.patch
--- a/contrib/debian/xenial/rules
+++ b/contrib/debian/xenial/rules
@ -0,0 +1,13 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE=1
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+include /usr/share/dpkg/architecture.mk
+
+export DEB_CXXFLAGS_MAINT_APPEND  = -Wall -pedantic
+export DEB_LDFLAGS_MAINT_APPEND =
+
+%:
+	dh $@ --parallel
+
+override_dh_auto_install:
--- a/contrib/dinit/i2pd
+++ b/contrib/dinit/i2pd
@ -0,0 +1,8 @@
+type = bgprocess
+run-as = i2pd
+command = /usr/bin/i2pd --conf=/var/lib/i2pd/i2pd.conf --pidfile=/var/lib/i2pd/i2pd.pid --daemon --service
+smooth-recovery = true
+depends-on = ntpd
+# uncomment if you want to use i2pd with yggdrasil
+# depends-on = yggdrasil
+pid-file = /var/lib/i2pd/i2pd.pid
--- a/contrib/i18n/English.po
+++ b/contrib/i18n/English.po
@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: i2pd\n"
 "Report-Msgid-Bugs-To: https://github.com/PurpleI2P/i2pd/issues\n"
-"POT-Creation-Date: 2023-01-19 04:18\n"
+"POT-Creation-Date: 2023-06-10 01:25\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@ -18,28 +18,28 @@ msgstr ""
 "X-Poedit-SearchPath-0: daemon/HTTPServer.cpp\n"
 "X-Poedit-SearchPath-1: libi2pd_client/HTTPProxy.cpp\n"

-#: daemon/HTTPServer.cpp:106
+#: daemon/HTTPServer.cpp:107
 #, c-format
 msgid "%d day"
 msgid_plural "%d days"
 msgstr[0] ""
 msgstr[1] ""

-#: daemon/HTTPServer.cpp:110
+#: daemon/HTTPServer.cpp:111
 #, c-format
 msgid "%d hour"
 msgid_plural "%d hours"
 msgstr[0] ""
 msgstr[1] ""

-#: daemon/HTTPServer.cpp:114
+#: daemon/HTTPServer.cpp:115
 #, c-format
 msgid "%d minute"
 msgid_plural "%d minutes"
 msgstr[0] ""
 msgstr[1] ""

-#: daemon/HTTPServer.cpp:117
+#: daemon/HTTPServer.cpp:118
 #, c-format
 msgid "%d second"
 msgid_plural "%d seconds"
@ -47,560 +47,578 @@ msgstr[0] ""
 msgstr[1] ""

 #. tr: Kibibyte
-#: daemon/HTTPServer.cpp:125 daemon/HTTPServer.cpp:153
+#: daemon/HTTPServer.cpp:126
 #, c-format
 msgid "%.2f KiB"
 msgstr ""

 #. tr: Mebibyte
-#: daemon/HTTPServer.cpp:127
+#: daemon/HTTPServer.cpp:128
 #, c-format
 msgid "%.2f MiB"
 msgstr ""

 #. tr: Gibibyte
-#: daemon/HTTPServer.cpp:129
+#: daemon/HTTPServer.cpp:130
 #, c-format
 msgid "%.2f GiB"
 msgstr ""

-#: daemon/HTTPServer.cpp:146
+#: daemon/HTTPServer.cpp:147
 msgid "building"
 msgstr ""

-#: daemon/HTTPServer.cpp:147
+#: daemon/HTTPServer.cpp:148
 msgid "failed"
 msgstr ""

-#: daemon/HTTPServer.cpp:148
+#: daemon/HTTPServer.cpp:149
 msgid "expiring"
 msgstr ""

-#: daemon/HTTPServer.cpp:149
+#: daemon/HTTPServer.cpp:150
 msgid "established"
 msgstr ""

-#: daemon/HTTPServer.cpp:150
+#: daemon/HTTPServer.cpp:151
 msgid "unknown"
 msgstr ""

-#: daemon/HTTPServer.cpp:152
+#: daemon/HTTPServer.cpp:153
 msgid "exploratory"
 msgstr ""

 #. tr: Webconsole page title
-#: daemon/HTTPServer.cpp:183
+#: daemon/HTTPServer.cpp:185
 msgid "Purple I2P Webconsole"
 msgstr ""

-#: daemon/HTTPServer.cpp:188
+#: daemon/HTTPServer.cpp:190
 msgid "<b>i2pd</b> webconsole"
 msgstr ""

-#: daemon/HTTPServer.cpp:191
+#: daemon/HTTPServer.cpp:193
 msgid "Main page"
 msgstr ""

-#: daemon/HTTPServer.cpp:192 daemon/HTTPServer.cpp:712
+#: daemon/HTTPServer.cpp:194 daemon/HTTPServer.cpp:742
 msgid "Router commands"
 msgstr ""

-#: daemon/HTTPServer.cpp:193 daemon/HTTPServer.cpp:387
-#: daemon/HTTPServer.cpp:399
+#: daemon/HTTPServer.cpp:195 daemon/HTTPServer.cpp:395
+#: daemon/HTTPServer.cpp:407
 msgid "Local Destinations"
 msgstr ""

-#: daemon/HTTPServer.cpp:195 daemon/HTTPServer.cpp:357
-#: daemon/HTTPServer.cpp:443 daemon/HTTPServer.cpp:449
-#: daemon/HTTPServer.cpp:609 daemon/HTTPServer.cpp:652
-#: daemon/HTTPServer.cpp:656
+#: daemon/HTTPServer.cpp:197 daemon/HTTPServer.cpp:365
+#: daemon/HTTPServer.cpp:454 daemon/HTTPServer.cpp:474
+#: daemon/HTTPServer.cpp:636 daemon/HTTPServer.cpp:682
+#: daemon/HTTPServer.cpp:686
 msgid "LeaseSets"
 msgstr ""

-#: daemon/HTTPServer.cpp:197 daemon/HTTPServer.cpp:662
+#: daemon/HTTPServer.cpp:199 daemon/HTTPServer.cpp:692
 msgid "Tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:199 daemon/HTTPServer.cpp:364
-#: daemon/HTTPServer.cpp:781 daemon/HTTPServer.cpp:797
+#: daemon/HTTPServer.cpp:201 daemon/HTTPServer.cpp:372
+#: daemon/HTTPServer.cpp:813 daemon/HTTPServer.cpp:830
 msgid "Transit Tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:201 daemon/HTTPServer.cpp:855
+#: daemon/HTTPServer.cpp:203 daemon/HTTPServer.cpp:898
 msgid "Transports"
 msgstr ""

-#: daemon/HTTPServer.cpp:202
+#: daemon/HTTPServer.cpp:204
 msgid "I2P tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:204 daemon/HTTPServer.cpp:884
-#: daemon/HTTPServer.cpp:894
+#: daemon/HTTPServer.cpp:206 daemon/HTTPServer.cpp:927
+#: daemon/HTTPServer.cpp:937
 msgid "SAM sessions"
 msgstr ""

-#: daemon/HTTPServer.cpp:220 daemon/HTTPServer.cpp:1278
-#: daemon/HTTPServer.cpp:1281 daemon/HTTPServer.cpp:1284
-#: daemon/HTTPServer.cpp:1298 daemon/HTTPServer.cpp:1343
-#: daemon/HTTPServer.cpp:1346 daemon/HTTPServer.cpp:1349
+#: daemon/HTTPServer.cpp:222 daemon/HTTPServer.cpp:1329
+#: daemon/HTTPServer.cpp:1332 daemon/HTTPServer.cpp:1335
+#: daemon/HTTPServer.cpp:1362 daemon/HTTPServer.cpp:1365
+#: daemon/HTTPServer.cpp:1379 daemon/HTTPServer.cpp:1424
+#: daemon/HTTPServer.cpp:1427 daemon/HTTPServer.cpp:1430
 msgid "ERROR"
 msgstr ""

-#: daemon/HTTPServer.cpp:227
+#: daemon/HTTPServer.cpp:229
 msgid "OK"
 msgstr ""

-#: daemon/HTTPServer.cpp:228
+#: daemon/HTTPServer.cpp:230
 msgid "Testing"
 msgstr ""

-#: daemon/HTTPServer.cpp:229
+#: daemon/HTTPServer.cpp:231
 msgid "Firewalled"
 msgstr ""

-#: daemon/HTTPServer.cpp:230 daemon/HTTPServer.cpp:233
-#: daemon/HTTPServer.cpp:329
+#: daemon/HTTPServer.cpp:232 daemon/HTTPServer.cpp:235
+#: daemon/HTTPServer.cpp:336
 msgid "Unknown"
 msgstr ""

-#: daemon/HTTPServer.cpp:231 daemon/HTTPServer.cpp:374
-#: daemon/HTTPServer.cpp:375 daemon/HTTPServer.cpp:952
-#: daemon/HTTPServer.cpp:961
+#: daemon/HTTPServer.cpp:233 daemon/HTTPServer.cpp:382
+#: daemon/HTTPServer.cpp:383 daemon/HTTPServer.cpp:1003
+#: daemon/HTTPServer.cpp:1011
 msgid "Proxy"
 msgstr ""

-#: daemon/HTTPServer.cpp:232
+#: daemon/HTTPServer.cpp:234
 msgid "Mesh"
 msgstr ""

-#: daemon/HTTPServer.cpp:240
+#: daemon/HTTPServer.cpp:242
 msgid "Clock skew"
 msgstr ""

-#: daemon/HTTPServer.cpp:243
+#: daemon/HTTPServer.cpp:245
 msgid "Offline"
 msgstr ""

-#: daemon/HTTPServer.cpp:246
+#: daemon/HTTPServer.cpp:248
 msgid "Symmetric NAT"
 msgstr ""

-#: daemon/HTTPServer.cpp:249
+#: daemon/HTTPServer.cpp:251
 msgid "Full cone NAT"
 msgstr ""

-#: daemon/HTTPServer.cpp:252
+#: daemon/HTTPServer.cpp:254
 msgid "No Descriptors"
 msgstr ""

-#: daemon/HTTPServer.cpp:261
+#: daemon/HTTPServer.cpp:263
 msgid "Uptime"
 msgstr ""

-#: daemon/HTTPServer.cpp:264
+#: daemon/HTTPServer.cpp:266
 msgid "Network status"
 msgstr ""

-#: daemon/HTTPServer.cpp:269
+#: daemon/HTTPServer.cpp:271
 msgid "Network status v6"
 msgstr ""

-#: daemon/HTTPServer.cpp:275 daemon/HTTPServer.cpp:282
+#: daemon/HTTPServer.cpp:277 daemon/HTTPServer.cpp:284
 msgid "Stopping in"
 msgstr ""

-#: daemon/HTTPServer.cpp:289
+#: daemon/HTTPServer.cpp:291
 msgid "Family"
 msgstr ""

-#: daemon/HTTPServer.cpp:290
+#: daemon/HTTPServer.cpp:292
 msgid "Tunnel creation success rate"
 msgstr ""

-#: daemon/HTTPServer.cpp:291
+#: daemon/HTTPServer.cpp:296
+msgid "Total tunnel creation success rate"
+msgstr ""
+
+#: daemon/HTTPServer.cpp:298
 msgid "Received"
 msgstr ""

 #. tr: Kibibyte/s
-#: daemon/HTTPServer.cpp:293 daemon/HTTPServer.cpp:296
-#: daemon/HTTPServer.cpp:299
+#: daemon/HTTPServer.cpp:300 daemon/HTTPServer.cpp:303
+#: daemon/HTTPServer.cpp:306
 #, c-format
 msgid "%.2f KiB/s"
 msgstr ""

-#: daemon/HTTPServer.cpp:294
+#: daemon/HTTPServer.cpp:301
 msgid "Sent"
 msgstr ""

-#: daemon/HTTPServer.cpp:297
+#: daemon/HTTPServer.cpp:304
 msgid "Transit"
 msgstr ""

-#: daemon/HTTPServer.cpp:300
+#: daemon/HTTPServer.cpp:307
 msgid "Data path"
 msgstr ""

-#: daemon/HTTPServer.cpp:303
+#: daemon/HTTPServer.cpp:310
 msgid "Hidden content. Press on text to see."
 msgstr ""

-#: daemon/HTTPServer.cpp:307
+#: daemon/HTTPServer.cpp:314
 msgid "Router Ident"
 msgstr ""

-#: daemon/HTTPServer.cpp:309
+#: daemon/HTTPServer.cpp:316
 msgid "Router Family"
 msgstr ""

-#: daemon/HTTPServer.cpp:310
+#: daemon/HTTPServer.cpp:317
 msgid "Router Caps"
 msgstr ""

-#: daemon/HTTPServer.cpp:311
+#: daemon/HTTPServer.cpp:318
 msgid "Version"
 msgstr ""

-#: daemon/HTTPServer.cpp:312
+#: daemon/HTTPServer.cpp:319
 msgid "Our external address"
 msgstr ""

 #. tr: Shown when router doesn't publish itself and have "Firewalled" state
-#: daemon/HTTPServer.cpp:341
+#: daemon/HTTPServer.cpp:349
 msgid "supported"
 msgstr ""

-#: daemon/HTTPServer.cpp:355
+#: daemon/HTTPServer.cpp:363
 msgid "Routers"
 msgstr ""

-#: daemon/HTTPServer.cpp:356
+#: daemon/HTTPServer.cpp:364
 msgid "Floodfills"
 msgstr ""

-#: daemon/HTTPServer.cpp:363 daemon/HTTPServer.cpp:938
+#: daemon/HTTPServer.cpp:371 daemon/HTTPServer.cpp:987
 msgid "Client Tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:373
+#: daemon/HTTPServer.cpp:381
 msgid "Services"
 msgstr ""

-#: daemon/HTTPServer.cpp:374 daemon/HTTPServer.cpp:375
-#: daemon/HTTPServer.cpp:376 daemon/HTTPServer.cpp:377
-#: daemon/HTTPServer.cpp:378 daemon/HTTPServer.cpp:379
+#: daemon/HTTPServer.cpp:382 daemon/HTTPServer.cpp:383
+#: daemon/HTTPServer.cpp:384 daemon/HTTPServer.cpp:385
+#: daemon/HTTPServer.cpp:386 daemon/HTTPServer.cpp:387
 msgid "Enabled"
 msgstr ""

-#: daemon/HTTPServer.cpp:374 daemon/HTTPServer.cpp:375
-#: daemon/HTTPServer.cpp:376 daemon/HTTPServer.cpp:377
-#: daemon/HTTPServer.cpp:378 daemon/HTTPServer.cpp:379
+#: daemon/HTTPServer.cpp:382 daemon/HTTPServer.cpp:383
+#: daemon/HTTPServer.cpp:384 daemon/HTTPServer.cpp:385
+#: daemon/HTTPServer.cpp:386 daemon/HTTPServer.cpp:387
 msgid "Disabled"
 msgstr ""

-#: daemon/HTTPServer.cpp:422
+#: daemon/HTTPServer.cpp:434
 msgid "Encrypted B33 address"
 msgstr ""

-#: daemon/HTTPServer.cpp:431
+#: daemon/HTTPServer.cpp:442
 msgid "Address registration line"
 msgstr ""

-#: daemon/HTTPServer.cpp:436
+#: daemon/HTTPServer.cpp:447
 msgid "Domain"
 msgstr ""

-#: daemon/HTTPServer.cpp:437
+#: daemon/HTTPServer.cpp:448
 msgid "Generate"
 msgstr ""

-#: daemon/HTTPServer.cpp:438
+#: daemon/HTTPServer.cpp:449
 msgid ""
 "<b>Note:</b> result string can be used only for registering 2LD domains "
 "(example.i2p). For registering subdomains please use i2pd-tools."
 msgstr ""

-#: daemon/HTTPServer.cpp:444
+#: daemon/HTTPServer.cpp:457
 msgid "Address"
 msgstr ""

-#: daemon/HTTPServer.cpp:444
+#: daemon/HTTPServer.cpp:459
 msgid "Type"
 msgstr ""

-#: daemon/HTTPServer.cpp:444
+#: daemon/HTTPServer.cpp:460
 msgid "EncType"
 msgstr ""

-#: daemon/HTTPServer.cpp:454 daemon/HTTPServer.cpp:667
+#: daemon/HTTPServer.cpp:467
+msgid "Expire LeaseSet"
+msgstr ""
+
+#: daemon/HTTPServer.cpp:479 daemon/HTTPServer.cpp:697
 msgid "Inbound tunnels"
 msgstr ""

 #. tr: Milliseconds
-#: daemon/HTTPServer.cpp:469 daemon/HTTPServer.cpp:489
-#: daemon/HTTPServer.cpp:681 daemon/HTTPServer.cpp:701
+#: daemon/HTTPServer.cpp:494 daemon/HTTPServer.cpp:514
+#: daemon/HTTPServer.cpp:711 daemon/HTTPServer.cpp:731
 #, c-format
 msgid "%dms"
 msgstr ""

-#: daemon/HTTPServer.cpp:474 daemon/HTTPServer.cpp:686
+#: daemon/HTTPServer.cpp:499 daemon/HTTPServer.cpp:716
 msgid "Outbound tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:496
+#: daemon/HTTPServer.cpp:521
 msgid "Tags"
 msgstr ""

-#: daemon/HTTPServer.cpp:497
+#: daemon/HTTPServer.cpp:522
 msgid "Incoming"
 msgstr ""

-#: daemon/HTTPServer.cpp:504 daemon/HTTPServer.cpp:510
+#: daemon/HTTPServer.cpp:529 daemon/HTTPServer.cpp:535
 msgid "Outgoing"
 msgstr ""

-#: daemon/HTTPServer.cpp:507 daemon/HTTPServer.cpp:526
+#: daemon/HTTPServer.cpp:532 daemon/HTTPServer.cpp:551
 msgid "Destination"
 msgstr ""

-#: daemon/HTTPServer.cpp:507
+#: daemon/HTTPServer.cpp:532 daemon/HTTPServer.cpp:814
 msgid "Amount"
 msgstr ""

-#: daemon/HTTPServer.cpp:515
+#: daemon/HTTPServer.cpp:540
 msgid "Incoming Tags"
 msgstr ""

-#: daemon/HTTPServer.cpp:523 daemon/HTTPServer.cpp:529
+#: daemon/HTTPServer.cpp:548 daemon/HTTPServer.cpp:554
 msgid "Tags sessions"
 msgstr ""

-#: daemon/HTTPServer.cpp:526
+#: daemon/HTTPServer.cpp:551
 msgid "Status"
 msgstr ""

-#: daemon/HTTPServer.cpp:536 daemon/HTTPServer.cpp:594
+#: daemon/HTTPServer.cpp:561 daemon/HTTPServer.cpp:621
 msgid "Local Destination"
 msgstr ""

-#: daemon/HTTPServer.cpp:547 daemon/HTTPServer.cpp:917
+#: daemon/HTTPServer.cpp:572 daemon/HTTPServer.cpp:960
 msgid "Streams"
 msgstr ""

-#: daemon/HTTPServer.cpp:570
+#: daemon/HTTPServer.cpp:595
 msgid "Close stream"
 msgstr ""

-#: daemon/HTTPServer.cpp:599
+#: daemon/HTTPServer.cpp:613 daemon/HTTPServer.cpp:1430
+msgid "Such destination is not found"
+msgstr ""
+
+#: daemon/HTTPServer.cpp:626
 msgid "I2CP session not found"
 msgstr ""

-#: daemon/HTTPServer.cpp:602
+#: daemon/HTTPServer.cpp:629
 msgid "I2CP is not enabled"
 msgstr ""

-#: daemon/HTTPServer.cpp:628
+#: daemon/HTTPServer.cpp:658
 msgid "Invalid"
 msgstr ""

-#: daemon/HTTPServer.cpp:631
+#: daemon/HTTPServer.cpp:661
 msgid "Store type"
 msgstr ""

-#: daemon/HTTPServer.cpp:632
+#: daemon/HTTPServer.cpp:662
 msgid "Expires"
 msgstr ""

-#: daemon/HTTPServer.cpp:637
+#: daemon/HTTPServer.cpp:667
 msgid "Non Expired Leases"
 msgstr ""

-#: daemon/HTTPServer.cpp:640
+#: daemon/HTTPServer.cpp:670
 msgid "Gateway"
 msgstr ""

-#: daemon/HTTPServer.cpp:641
+#: daemon/HTTPServer.cpp:671
 msgid "TunnelID"
 msgstr ""

-#: daemon/HTTPServer.cpp:642
+#: daemon/HTTPServer.cpp:672
 msgid "EndDate"
 msgstr ""

-#: daemon/HTTPServer.cpp:652
+#: daemon/HTTPServer.cpp:682
 msgid "floodfill mode is disabled"
 msgstr ""

-#: daemon/HTTPServer.cpp:663
+#: daemon/HTTPServer.cpp:693
 msgid "Queue size"
 msgstr ""

-#: daemon/HTTPServer.cpp:713
+#: daemon/HTTPServer.cpp:743
 msgid "Run peer test"
 msgstr ""

-#: daemon/HTTPServer.cpp:714
+#: daemon/HTTPServer.cpp:744
 msgid "Reload tunnels configuration"
 msgstr ""

-#: daemon/HTTPServer.cpp:717
+#: daemon/HTTPServer.cpp:747
 msgid "Decline transit tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:719
+#: daemon/HTTPServer.cpp:749
 msgid "Accept transit tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:723 daemon/HTTPServer.cpp:728
+#: daemon/HTTPServer.cpp:753 daemon/HTTPServer.cpp:758
 msgid "Cancel graceful shutdown"
 msgstr ""

-#: daemon/HTTPServer.cpp:725 daemon/HTTPServer.cpp:730
+#: daemon/HTTPServer.cpp:755 daemon/HTTPServer.cpp:760
 msgid "Start graceful shutdown"
 msgstr ""

-#: daemon/HTTPServer.cpp:733
+#: daemon/HTTPServer.cpp:763
 msgid "Force shutdown"
 msgstr ""

-#: daemon/HTTPServer.cpp:734
+#: daemon/HTTPServer.cpp:764
 msgid "Reload external CSS styles"
 msgstr ""

-#: daemon/HTTPServer.cpp:737
+#: daemon/HTTPServer.cpp:767
 msgid ""
 "<b>Note:</b> any action done here are not persistent and not changes your "
 "config files."
 msgstr ""

-#: daemon/HTTPServer.cpp:739
+#: daemon/HTTPServer.cpp:770
 msgid "Logging level"
 msgstr ""

-#: daemon/HTTPServer.cpp:747
+#: daemon/HTTPServer.cpp:779
 msgid "Transit tunnels limit"
 msgstr ""

-#: daemon/HTTPServer.cpp:752 daemon/HTTPServer.cpp:771
+#: daemon/HTTPServer.cpp:784 daemon/HTTPServer.cpp:803
 msgid "Change"
 msgstr ""

-#: daemon/HTTPServer.cpp:759
+#: daemon/HTTPServer.cpp:791
 msgid "Change language"
 msgstr ""

-#: daemon/HTTPServer.cpp:797
+#: daemon/HTTPServer.cpp:830
 msgid "no transit tunnels currently built"
 msgstr ""

-#: daemon/HTTPServer.cpp:878 daemon/HTTPServer.cpp:901
+#: daemon/HTTPServer.cpp:921 daemon/HTTPServer.cpp:944
 msgid "SAM disabled"
 msgstr ""

-#: daemon/HTTPServer.cpp:894
+#: daemon/HTTPServer.cpp:937
 msgid "no sessions currently running"
 msgstr ""

-#: daemon/HTTPServer.cpp:907
+#: daemon/HTTPServer.cpp:950
 msgid "SAM session not found"
 msgstr ""

-#: daemon/HTTPServer.cpp:912
+#: daemon/HTTPServer.cpp:955
 msgid "SAM Session"
 msgstr ""

-#: daemon/HTTPServer.cpp:969
+#: daemon/HTTPServer.cpp:1020
 msgid "Server Tunnels"
 msgstr ""

-#: daemon/HTTPServer.cpp:985
+#: daemon/HTTPServer.cpp:1036
 msgid "Client Forwards"
 msgstr ""

-#: daemon/HTTPServer.cpp:999
+#: daemon/HTTPServer.cpp:1050
 msgid "Server Forwards"
 msgstr ""

-#: daemon/HTTPServer.cpp:1199
+#: daemon/HTTPServer.cpp:1250
 msgid "Unknown page"
 msgstr ""

-#: daemon/HTTPServer.cpp:1218
+#: daemon/HTTPServer.cpp:1269
 msgid "Invalid token"
 msgstr ""

-#: daemon/HTTPServer.cpp:1276 daemon/HTTPServer.cpp:1333
-#: daemon/HTTPServer.cpp:1373
+#: daemon/HTTPServer.cpp:1327 daemon/HTTPServer.cpp:1359
+#: daemon/HTTPServer.cpp:1414 daemon/HTTPServer.cpp:1454
 msgid "SUCCESS"
 msgstr ""

-#: daemon/HTTPServer.cpp:1276
+#: daemon/HTTPServer.cpp:1327
 msgid "Stream closed"
 msgstr ""

-#: daemon/HTTPServer.cpp:1278
+#: daemon/HTTPServer.cpp:1329
 msgid "Stream not found or already was closed"
 msgstr ""

-#: daemon/HTTPServer.cpp:1281
+#: daemon/HTTPServer.cpp:1332 daemon/HTTPServer.cpp:1365
 msgid "Destination not found"
 msgstr ""

-#: daemon/HTTPServer.cpp:1284
+#: daemon/HTTPServer.cpp:1335
 msgid "StreamID can't be null"
 msgstr ""

-#: daemon/HTTPServer.cpp:1286 daemon/HTTPServer.cpp:1351
+#: daemon/HTTPServer.cpp:1337 daemon/HTTPServer.cpp:1367
+#: daemon/HTTPServer.cpp:1432
 msgid "Return to destination page"
 msgstr ""

-#: daemon/HTTPServer.cpp:1287 daemon/HTTPServer.cpp:1300
-#: daemon/HTTPServer.cpp:1375
+#: daemon/HTTPServer.cpp:1338 daemon/HTTPServer.cpp:1368
+#: daemon/HTTPServer.cpp:1381 daemon/HTTPServer.cpp:1456
 #, c-format
 msgid "You will be redirected in %d seconds"
 msgstr ""

-#: daemon/HTTPServer.cpp:1298
+#: daemon/HTTPServer.cpp:1359
+msgid "LeaseSet expiration time updated"
+msgstr ""
+
+#: daemon/HTTPServer.cpp:1362
+msgid "LeaseSet is not found or already expired"
+msgstr ""
+
+#: daemon/HTTPServer.cpp:1379
 #, c-format
 msgid "Transit tunnels count must not exceed %d"
 msgstr ""

-#: daemon/HTTPServer.cpp:1299 daemon/HTTPServer.cpp:1374
+#: daemon/HTTPServer.cpp:1380 daemon/HTTPServer.cpp:1455
 msgid "Back to commands list"
 msgstr ""

-#: daemon/HTTPServer.cpp:1335
+#: daemon/HTTPServer.cpp:1416
 msgid "Register at reg.i2p"
 msgstr ""

-#: daemon/HTTPServer.cpp:1336
+#: daemon/HTTPServer.cpp:1417
 msgid "Description"
 msgstr ""

-#: daemon/HTTPServer.cpp:1336
+#: daemon/HTTPServer.cpp:1417
 msgid "A bit information about service on domain"
 msgstr ""

-#: daemon/HTTPServer.cpp:1337
+#: daemon/HTTPServer.cpp:1418
 msgid "Submit"
 msgstr ""

-#: daemon/HTTPServer.cpp:1343
+#: daemon/HTTPServer.cpp:1424
 msgid "Domain can't end with .b32.i2p"
 msgstr ""

-#: daemon/HTTPServer.cpp:1346
+#: daemon/HTTPServer.cpp:1427
 msgid "Domain must end with .i2p"
 msgstr ""

-#: daemon/HTTPServer.cpp:1349
-msgid "Such destination is not found"
-msgstr ""
-
-#: daemon/HTTPServer.cpp:1369
+#: daemon/HTTPServer.cpp:1450
 msgid "Unknown command"
 msgstr ""

-#: daemon/HTTPServer.cpp:1373
+#: daemon/HTTPServer.cpp:1454
 msgid "Command accepted"
 msgstr ""

@ -624,20 +642,20 @@ msgstr ""
 msgid "You may try to find this host on jump services below"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:309 libi2pd_client/HTTPProxy.cpp:324
-#: libi2pd_client/HTTPProxy.cpp:392 libi2pd_client/HTTPProxy.cpp:435
+#: libi2pd_client/HTTPProxy.cpp:333 libi2pd_client/HTTPProxy.cpp:348
+#: libi2pd_client/HTTPProxy.cpp:417 libi2pd_client/HTTPProxy.cpp:460
 msgid "Invalid request"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:309
+#: libi2pd_client/HTTPProxy.cpp:333
 msgid "Proxy unable to parse your request"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:324
+#: libi2pd_client/HTTPProxy.cpp:348
 msgid "Addresshelper is not supported"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:349
+#: libi2pd_client/HTTPProxy.cpp:373
 #, c-format
 msgid ""
 "Host %s is <font color=red>already in router's addressbook</font>. <b>Be "
@ -645,121 +663,121 @@ msgid ""
 "<a href=\"%s%s%s&update=true\">Continue</a>."
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:351
+#: libi2pd_client/HTTPProxy.cpp:375
 msgid "Addresshelper forced update rejected"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:358
+#: libi2pd_client/HTTPProxy.cpp:382
 #, c-format
 msgid ""
-"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s"
-"\">Continue</a>."
+"To add host <b>%s</b> in router's addressbook, click here: <a "
+"href=\"%s%s%s\">Continue</a>."
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:360
+#: libi2pd_client/HTTPProxy.cpp:384
 msgid "Addresshelper request"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:369
+#: libi2pd_client/HTTPProxy.cpp:393
 #, c-format
 msgid ""
 "Host %s added to router's addressbook from helper. Click here to proceed: <a "
 "href=\"%s\">Continue</a>."
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:370
+#: libi2pd_client/HTTPProxy.cpp:395
 msgid "Addresshelper adding"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:377
+#: libi2pd_client/HTTPProxy.cpp:402
 #, c-format
 msgid ""
 "Host %s is <font color=red>already in router's addressbook</font>. Click "
 "here to update record: <a href=\"%s%s%s&update=true\">Continue</a>."
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:379
+#: libi2pd_client/HTTPProxy.cpp:404
 msgid "Addresshelper update"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:392
+#: libi2pd_client/HTTPProxy.cpp:417
 msgid "Invalid request URI"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:435
+#: libi2pd_client/HTTPProxy.cpp:460
 msgid "Can't detect destination host from request"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:452 libi2pd_client/HTTPProxy.cpp:456
+#: libi2pd_client/HTTPProxy.cpp:477 libi2pd_client/HTTPProxy.cpp:481
 msgid "Outproxy failure"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:452
+#: libi2pd_client/HTTPProxy.cpp:477
 msgid "Bad outproxy settings"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:455
+#: libi2pd_client/HTTPProxy.cpp:480
 #, c-format
 msgid "Host %s is not inside I2P network, but outproxy is not enabled"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:544
+#: libi2pd_client/HTTPProxy.cpp:569
 msgid "Unknown outproxy URL"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:550
+#: libi2pd_client/HTTPProxy.cpp:575
 msgid "Cannot resolve upstream proxy"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:558
+#: libi2pd_client/HTTPProxy.cpp:583
 msgid "Hostname is too long"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:585
+#: libi2pd_client/HTTPProxy.cpp:610
 msgid "Cannot connect to upstream SOCKS proxy"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:591
+#: libi2pd_client/HTTPProxy.cpp:616
 msgid "Cannot negotiate with SOCKS proxy"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:633
+#: libi2pd_client/HTTPProxy.cpp:658
 msgid "CONNECT error"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:633
+#: libi2pd_client/HTTPProxy.cpp:658
 msgid "Failed to connect"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:644 libi2pd_client/HTTPProxy.cpp:670
+#: libi2pd_client/HTTPProxy.cpp:669 libi2pd_client/HTTPProxy.cpp:695
 msgid "SOCKS proxy error"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:652
+#: libi2pd_client/HTTPProxy.cpp:677
 msgid "Failed to send request to upstream"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:673
+#: libi2pd_client/HTTPProxy.cpp:698
 msgid "No reply from SOCKS proxy"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:680
+#: libi2pd_client/HTTPProxy.cpp:705
 msgid "Cannot connect"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:680
+#: libi2pd_client/HTTPProxy.cpp:705
 msgid "HTTP out proxy not implemented"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:681
+#: libi2pd_client/HTTPProxy.cpp:706
 msgid "Cannot connect to upstream HTTP proxy"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:714
+#: libi2pd_client/HTTPProxy.cpp:739
 msgid "Host is down"
 msgstr ""

-#: libi2pd_client/HTTPProxy.cpp:714
+#: libi2pd_client/HTTPProxy.cpp:739
 msgid ""
 "Can't create connection to requested host, it may be down. Please try again "
 "later."
--- a/contrib/i18n/README.md
+++ b/contrib/i18n/README.md
@ -2,12 +2,17 @@
 ---

 ```
-xgettext --omit-header -ctr: -ktr -ktr:1,2 daemon/HTTPServer.cpp libi2pd_client/HTTPProxy.cpp
+xgettext --omit-header -ctr: -ktr -kntr:1,2 daemon/HTTPServer.cpp libi2pd_client/HTTPProxy.cpp
 ```

 Regex for transforming gettext translations to our format:
 ---

+```
+in:  ^(\"|#[:.,]|msgctxt)(.*)$\n
+out: <to empty line>
+```
+
 ```
 in:  msgid\ \"(.*)\"\nmsgid_plural\ \"(.*)\"\nmsgstr\[0\]\ \"(.*)\"\n(msgstr\[1\]\ \"(.*)\"\n)?(msgstr\[2\]\ \"(.*)\"\n)?(msgstr\[3\]\ \"(.*)\"\n)?(msgstr\[4\]\ \"(.*)\"\n)?(msgstr\[5\]\ \"(.*)\"\n)?
 out: #{"$2", {"$3", "$5", "$7", "$9", "$11"}},\n
@ -18,10 +23,6 @@ in:  msgid\ \"(.*)\"\nmsgstr\ \"(.*)\"\n
 out: {"$1", "$2"},\n
 ```

-```
-in:  ^#[:.,](.*)$\n
-out: <to empty line>
-```

 ```
 in:  \n\n
--- a/contrib/i2pd.conf
+++ b/contrib/i2pd.conf
@ -19,7 +19,7 @@
 ## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
 # certsdir = /var/lib/i2pd/certificates

-## Where to write pidfile (default: i2pd.pid, not used in Windows)
+## Where to write pidfile (default: /run/i2pd.pid, not used in Windows)
 # pidfile = /run/i2pd.pid

 ## Logging configuration section
@ -31,15 +31,16 @@
 ##  * file - log entries to a file
 ##  * syslog - use syslog, see man 3 syslog
 # log = file
-## Path to logfile (default - autodetect)
+## Path to logfile (default: autodetect)
 # logfile = /var/log/i2pd/i2pd.log
-## Log messages above this level (debug, info, *warn, error, none)
+## Log messages above this level (debug, info, *warn, error, critical, none)
 ## If you set it to none, logging will be disabled
 # loglevel = warn
 ## Write full CLF-formatted date and time to log (default: write only time)
 # logclftime = true

 ## Daemon mode. Router will go to background after start. Ignored on Windows
+## (default: true)
 # daemon = true

 ## Specify a family, router belongs to (default - none)
@ -70,58 +71,60 @@
 ## don't just uncomment this
 # port = 4567

-## Enable communication through ipv4
+## Enable communication through ipv4 (default: true)
 ipv4 = true
-## Enable communication through ipv6
+## Enable communication through ipv6 (default: false)
 ipv6 = false

-## Enable SSU transport
-ssu = false
-
 ## Bandwidth configuration
-## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec,
+## L limit bandwidth to 32 KB/sec, O - to 256 KB/sec, P - to 2048 KB/sec,
 ## X - unlimited
-## Default is L (regular node) and X if floodfill mode enabled. If you want to
-## share more bandwidth without floodfill mode, uncomment that line and adjust
-## value to your possibilities
+## Default is L (regular node) and X if floodfill mode enabled.
+## If you want to share more bandwidth without floodfill mode, uncomment
+## that line and adjust value to your possibilities. Value can be set to
+## integer in kilobytes, it will apply that limit and flag will be used
+## from next upper limit (example: if you set 4096 flag will be X, but real
+## limit will be 4096 KB/s). Same can be done when floodfill mode is used,
+## but keep in mind that low values may be negatively evaluated by Java
+## router algorithms.
 # bandwidth = L
-## Max % of bandwidth limit for transit. 0-100. 100 by default
+## Max % of bandwidth limit for transit. 0-100 (default: 100)
 # share = 100

 ## Router will not accept transit tunnels, disabling transit traffic completely
-## (default = false)
+## (default: false)
 # notransit = true

-## Router will be floodfill
+## Router will be floodfill (default: false)
 ## Note: that mode uses much more network connections and CPU!
 # floodfill = true

 [ntcp2]
-## Enable NTCP2 transport (default = true)
+## Enable NTCP2 transport (default: true)
 # enabled = true
-## Publish address in RouterInfo (default = true)
+## Publish address in RouterInfo (default: true)
 # published = true
 ## Port for incoming connections (default is global port option value)
 # port = 4567

 [ssu2]
-## Enable SSU2 transport
+## Enable SSU2 transport (default: true)
 # enabled = true
-## Publish address in RouterInfo
+## Publish address in RouterInfo (default: true)
 # published = true
-## Port for incoming connections (default is global port option value or port + 1 if SSU is enabled)
+## Port for incoming connections (default is global port option value)
 # port = 4567

 [http]
 ## Web Console settings
-## Uncomment and set to 'false' to disable Web Console
+## Enable the Web Console (default: true)
 # enabled = true
-## Address and port service will listen on
-address = 127.0.0.1
-port = 7070
-## Path to web console, default "/"
+## Address and port service will listen on (default: 127.0.0.1:7070)
+# address = 127.0.0.1
+# port = 7070
+## Path to web console (default: /)
 # webroot = /
-## Uncomment following lines to enable Web Console authentication
+## Enable Web Console authentication (default: false)
 ## You should not use Web Console via public networks without additional encryption.
 ## HTTP authentication is not encryption layer!
 # auth = true
@ -134,12 +137,12 @@ port = 7070
 # lang = english

 [httpproxy]
-## Uncomment and set to 'false' to disable HTTP Proxy
+## Enable the HTTP proxy (default: true)
 # enabled = true
-## Address and port service will listen on
-address = 127.0.0.1
-port = 4444
-## Optional keys file for proxy local destination
+## Address and port service will listen on (default: 127.0.0.1:4444)
+# address = 127.0.0.1
+# port = 4444
+## Optional keys file for proxy local destination (default: http-proxy-keys.dat)
 # keys = http-proxy-keys.dat
 ## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
 ## You should disable this feature if your i2pd HTTP Proxy is public,
@ -150,15 +153,15 @@ port = 4444
 ## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.

 [socksproxy]
-## Uncomment and set to 'false' to disable SOCKS Proxy
+## Enable the SOCKS proxy (default: true)
 # enabled = true
-## Address and port service will listen on
-address = 127.0.0.1
-port = 4447
-## Optional keys file for proxy local destination
+## Address and port service will listen on (default: 127.0.0.1:4447)
+# address = 127.0.0.1
+# port = 4447
+## Optional keys file for proxy local destination (default: socks-proxy-keys.dat)
 # keys = socks-proxy-keys.dat
 ## Socks outproxy. Example below is set to use Tor for all connections except i2p
-## Uncomment and set to 'true' to enable using of SOCKS outproxy
+## Enable using of SOCKS outproxy (works only with SOCKS4, default: false)
 # outproxy.enabled = false
 ## Address and port of outproxy
 # outproxy = 127.0.0.1
@ -166,34 +169,34 @@ port = 4447
 ## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.

 [sam]
-## Comment or set to 'false' to disable SAM Bridge
-enabled = true
-## Address and ports service will listen on
+## Enable the SAM bridge (default: true)
+# enabled = false
+## Address and ports service will listen on (default: 127.0.0.1:7656, udp: 7655)
 # address = 127.0.0.1
 # port = 7656
 # portudp = 7655

 [bob]
-## Uncomment and set to 'true' to enable BOB command channel
+## Enable the BOB command channel (default: false)
 # enabled = false
-## Address and port service will listen on
+## Address and port service will listen on (default: 127.0.0.1:2827)
 # address = 127.0.0.1
 # port = 2827

 [i2cp]
-## Uncomment and set to 'true' to enable I2CP protocol
+## Enable the I2CP protocol (default: false)
 # enabled = false
-## Address and port service will listen on
+## Address and port service will listen on (default: 127.0.0.1:7654)
 # address = 127.0.0.1
 # port = 7654

 [i2pcontrol]
-## Uncomment and set to 'true' to enable I2PControl protocol
+## Enable the I2PControl protocol (default: false)
 # enabled = false
-## Address and port service will listen on
+## Address and port service will listen on (default: 127.0.0.1:7650)
 # address = 127.0.0.1
 # port = 7650
-## Authentication password. "itoopie" by default
+## Authentication password (default: itoopie)
 # password = itoopie

 [precomputation]
@ -204,11 +207,11 @@ enabled = true
 [upnp]
 ## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
 # enabled = false
-## Name i2pd appears in UPnP forwardings list (default = I2Pd)
+## Name i2pd appears in UPnP forwardings list (default: I2Pd)
 # name = I2Pd

 [meshnets]
-## Enable connectivity over the Yggdrasil network
+## Enable connectivity over the Yggdrasil network  (default: false)
 # yggdrasil = false
 ## You can bind address from your Yggdrasil subnet 300::/64
 ## The address must first be added to the network interface
@ -216,13 +219,13 @@ enabled = true

 [reseed]
 ## Options for bootstrapping into I2P network, aka reseeding
-## Enable or disable reseed data verification.
+## Enable reseed data verification (default: true)
 verify = true
 ## URLs to request reseed data from, separated by comma
 ## Default: "mainline" I2P Network reseeds
 # urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
 ## Reseed URLs through the Yggdrasil, separated by comma
-# yggurls = http://[324:9de3:fea4:f6ac::ace]:7070/
+# yggurls = http://[324:71e:281a:9ed3::ace]:7070/
 ## Path to local reseed data file (.su3) for manual reseeding
 # file = /path/to/i2pseeds.su3
 ## or HTTPS URL to reseed from
@ -232,7 +235,7 @@ verify = true
 ## If you run i2pd behind a proxy server, set proxy server for reseeding here
 ## Should be http://address:port or socks://address:port
 # proxy = http://127.0.0.1:8118
-## Minimum number of known routers, below which i2pd triggers reseeding. 25 by default
+## Minimum number of known routers, below which i2pd triggers reseeding (default: 25)
 # threshold = 25

 [addressbook]
@ -252,13 +255,13 @@ verify = true
 # coresize = 0

 [trust]
-## Enable explicit trust options. false by default
+## Enable explicit trust options. (default: false)
 # enabled = true
 ## Make direct I2P connections only to routers in specified Family.
 # family = MyFamily
 ## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
 # routers =
-## Should we hide our router from other routers? false by default
+## Should we hide our router from other routers? (default: false)
 # hidden = true

 [exploratory]
@ -277,8 +280,6 @@ verify = true
 [cpuext]
 ## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
 # aesni = true
-## Use CPU AVX instructions set when work with cryptography when available (default: true)
-# avx = true
-## Force usage of CPU instructions set, even if they not found
+## Force usage of CPU instructions set, even if they not found (default: false)
 ## DO NOT TOUCH that option if you really don't know what are you doing!
 # force = false
--- a/contrib/rpm/i2pd-git.spec
+++ b/contrib/rpm/i2pd-git.spec
@ -1,7 +1,7 @@
 %define git_hash %(git rev-parse HEAD | cut -c -7)

 Name:          i2pd-git
-Version:       2.47.0
+Version:       2.52.0
 Release:       git%{git_hash}%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd
@ -28,9 +28,11 @@ Requires:      logrotate
 Requires:      systemd
 Requires(pre): %{_sbindir}/useradd %{_sbindir}/groupadd

+
 %description
 C++ implementation of I2P.

+
 %prep
 %setup -q -n i2pd-openssl

@ -38,72 +40,56 @@ C++ implementation of I2P.
 %build
 cd build
 %if 0%{?rhel} == 7
-%cmake3 \
+  %cmake3 \
    -DWITH_LIBRARY=OFF \
    -DWITH_UPNP=ON \
    -DWITH_HARDENING=ON \
    -DBUILD_SHARED_LIBS:BOOL=OFF
 %else
-%cmake \
+  %cmake \
    -DWITH_LIBRARY=OFF \
    -DWITH_UPNP=ON \
    -DWITH_HARDENING=ON \
-%if 0%{?fedora} > 29
+  %if 0%{?fedora} > 29
    -DBUILD_SHARED_LIBS:BOOL=OFF \
    .
-%else
+  %else
    -DBUILD_SHARED_LIBS:BOOL=OFF
-%endif
-%endif
-
-
-%if 0%{?rhel} == 9
-pushd redhat-linux-build
+  %endif
 %endif

-%if 0%{?fedora} >= 35
-pushd redhat-linux-build
+%if 0%{?rhel} == 9 || 0%{?fedora} >= 35 || 0%{?eln}
+  pushd redhat-linux-build
 %else
-%if 0%{?fedora} >= 33
-pushd %{_target_platform}
-%endif
-%endif
+  %if 0%{?fedora} >= 33
+    pushd %{_target_platform}
+  %endif

-%if 0%{?mageia} > 7
-pushd build
+  %if 0%{?mageia} > 7
+    pushd build
+  %endif
 %endif

 make %{?_smp_mflags}

-%if 0%{?rhel} == 9
-popd
+%if 0%{?rhel} == 9 || 0%{?fedora} >= 33 || 0%{?mageia} > 7
+  popd
 %endif

-%if 0%{?fedora} >= 33
-popd
-%endif
-
-%if 0%{?mageia} > 7
-popd
-%endif

 %install
 pushd build

-%if 0%{?rhel} == 9
-pushd redhat-linux-build
-%endif
-
-%if 0%{?fedora} >= 35
-pushd redhat-linux-build
+%if 0%{?rhel} == 9 || 0%{?fedora} >= 35 || 0%{?eln}
+  pushd redhat-linux-build
 %else
-%if 0%{?fedora} >= 33
-pushd %{_target_platform}
-%endif
-%endif
+  %if 0%{?fedora} >= 33
+    pushd %{_target_platform}
+  %endif

-%if 0%{?mageia}
-pushd build
+  %if 0%{?mageia}
+    pushd build
+  %endif
 %endif

 chrpath -d i2pd
@ -158,6 +144,27 @@ getent passwd i2pd >/dev/null || \


 %changelog
+* Sun May 12 2024 orignal <orignal@i2pmail.org> - 2.52.0
+- update to 2.52.0
+
+* Sat Apr 06 2024 orignal <orignal@i2pmail.org> - 2.51.0
+- update to 2.51.0
+
+* Sat Jan 06 2024 orignal <orignal@i2pmail.org> - 2.50.2
+- update to 2.50.2
+
+* Sat Dec 23 2023 r4sas <r4sas@i2pmail.org> - 2.50.1
+- update to 2.50.1
+
+* Mon Dec 18 2023 orignal <orignal@i2pmail.org> - 2.50.0
+- update to 2.50.0
+
+* Mon Sep 18 2023 orignal <orignal@i2pmail.org> - 2.49.0
+- update to 2.49.0
+
+* Mon Jun 12 2023 orignal <orignal@i2pmail.org> - 2.48.0
+- update to 2.48.0
+
 * Sat Mar 11 2023 orignal <orignal@i2pmail.org> - 2.47.0
 - update to 2.47.0

--- a/contrib/rpm/i2pd.spec
+++ b/contrib/rpm/i2pd.spec
@ -1,5 +1,5 @@
 Name:          i2pd
-Version:       2.47.0
+Version:       2.52.0
 Release:       1%{?dist}
 Summary:       I2P router written in C++
 Conflicts:     i2pd-git
@ -26,9 +26,11 @@ Requires:      logrotate
 Requires:      systemd
 Requires(pre): %{_sbindir}/useradd %{_sbindir}/groupadd

+
 %description
 C++ implementation of I2P.

+
 %prep
 %setup -q

@ -36,71 +38,56 @@ C++ implementation of I2P.
 %build
 cd build
 %if 0%{?rhel} == 7
-%cmake3 \
+  %cmake3 \
    -DWITH_LIBRARY=OFF \
    -DWITH_UPNP=ON \
    -DWITH_HARDENING=ON \
    -DBUILD_SHARED_LIBS:BOOL=OFF
 %else
-%cmake \
+  %cmake \
    -DWITH_LIBRARY=OFF \
    -DWITH_UPNP=ON \
    -DWITH_HARDENING=ON \
-%if 0%{?fedora} > 29
+  %if 0%{?fedora} > 29
    -DBUILD_SHARED_LIBS:BOOL=OFF \
    .
-%else
+  %else
    -DBUILD_SHARED_LIBS:BOOL=OFF
-%endif
-%endif
-
-%if 0%{?rhel} == 9
-pushd redhat-linux-build
+  %endif
 %endif

-%if 0%{?fedora} >= 35
-pushd redhat-linux-build
+%if 0%{?rhel} == 9 || 0%{?fedora} >= 35 || 0%{?eln}
+  pushd redhat-linux-build
 %else
-%if 0%{?fedora} >= 33
-pushd %{_target_platform}
-%endif
-%endif
+  %if 0%{?fedora} >= 33
+    pushd %{_target_platform}
+  %endif

-%if 0%{?mageia} > 7
-pushd build
+  %if 0%{?mageia} > 7
+    pushd build
+  %endif
 %endif

 make %{?_smp_mflags}

-%if 0%{?rhel} == 9
-popd
+%if 0%{?rhel} == 9 || 0%{?fedora} >= 33 || 0%{?mageia} > 7
+  popd
 %endif

-%if 0%{?fedora} >= 33
-popd
-%endif
-
-%if 0%{?mageia} > 7
-popd
-%endif

 %install
 pushd build

-%if 0%{?rhel} == 9
-pushd redhat-linux-build
-%endif
-
-%if 0%{?fedora} >= 35
-pushd redhat-linux-build
+%if 0%{?rhel} == 9 || 0%{?fedora} >= 35 || 0%{?eln}
+  pushd redhat-linux-build
 %else
-%if 0%{?fedora} >= 33
-pushd %{_target_platform}
-%endif
-%endif
+  %if 0%{?fedora} >= 33
+    pushd %{_target_platform}
+  %endif

-%if 0%{?mageia}
-pushd build
+  %if 0%{?mageia}
+    pushd build
+  %endif
 %endif

 chrpath -d i2pd
@ -155,6 +142,27 @@ getent passwd i2pd >/dev/null || \


 %changelog
+* Sun May 12 2024 orignal <orignal@i2pmail.org> - 2.52.0
+- update to 2.52.0
+
+* Sat Apr 06 2024 orignal <orignal@i2pmail.org> - 2.51.0
+- update to 2.51.0
+
+* Sat Jan 06 2024 orignal <orignal@i2pmail.org> - 2.50.2
+- update to 2.50.2
+
+* Sat Dec 23 2023 r4sas <r4sas@i2pmail.org> - 2.50.1
+- update to 2.50.1
+
+* Mon Dec 18 2023 orignal <orignal@i2pmail.org> - 2.50.0
+- update to 2.50.0
+
+* Mon Sep 18 2023 orignal <orignal@i2pmail.org> - 2.49.0
+- update to 2.49.0
+
+* Mon Jun 12 2023 orignal <orignal@i2pmail.org> - 2.48.0
+- update to 2.48.0
+
 * Sat Mar 11 2023 orignal <orignal@i2pmail.org> - 2.47.0
 - update to 2.47.0

--- a/daemon/Daemon.cpp
+++ b/daemon/Daemon.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -150,17 +150,20 @@ namespace util

 		bool precomputation; i2p::config::GetOption("precomputation.elgamal", precomputation);
 		bool aesni; i2p::config::GetOption("cpuext.aesni", aesni);
-		bool avx; i2p::config::GetOption("cpuext.avx", avx);
 		bool forceCpuExt; i2p::config::GetOption("cpuext.force", forceCpuExt);
 		bool ssu; i2p::config::GetOption("ssu", ssu);
 		if (!ssu && i2p::config::IsDefault ("precomputation.elgamal"))
 			precomputation = false; // we don't elgamal table if no ssu, unless it's specified explicitly
-		i2p::crypto::InitCrypto (precomputation, aesni, avx, forceCpuExt);
+		i2p::crypto::InitCrypto (precomputation, aesni, forceCpuExt);

 		i2p::transport::InitAddressFromIface (); // get address4/6 from interfaces

 		int netID; i2p::config::GetOption("netid", netID);
 		i2p::context.SetNetID (netID);
+
+		bool checkReserved; i2p::config::GetOption("reservedrange", checkReserved);
+		i2p::transport::transports.SetCheckReserved(checkReserved);
+
 		i2p::context.Init ();

 		i2p::transport::InitTransports ();
@ -176,7 +179,7 @@ namespace util

 		bool transit; i2p::config::GetOption("notransit", transit);
 		i2p::context.SetAcceptsTunnels (!transit);
-		uint16_t transitTunnels; i2p::config::GetOption("limits.transittunnels", transitTunnels);
+		uint32_t transitTunnels; i2p::config::GetOption("limits.transittunnels", transitTunnels);
 		if (isFloodfill && i2p::config::IsDefault ("limits.transittunnels"))
 			transitTunnels *= 2; // double default number of transit tunnels for floodfill
 		i2p::tunnel::tunnels.SetMaxNumTransitTunnels (transitTunnels);
@ -185,7 +188,7 @@ namespace util
 		std::string bandwidth; i2p::config::GetOption("bandwidth", bandwidth);
 		if (bandwidth.length () > 0)
 		{
-			if (bandwidth[0] >= 'K' && bandwidth[0] <= 'X')
+			if (bandwidth.length () == 1 && ((bandwidth[0] >= 'K' && bandwidth[0] <= 'P') || bandwidth[0] == 'X' ))
 			{
 				i2p::context.SetBandwidth (bandwidth[0]);
 				LogPrint(eLogInfo, "Daemon: Bandwidth set to ", i2p::context.GetBandwidthLimit (), "KBps");
@ -299,18 +302,16 @@ namespace util

 		bool ntcp2; i2p::config::GetOption("ntcp2.enabled", ntcp2);
 		bool ssu2; i2p::config::GetOption("ssu2.enabled", ssu2);
-		bool checkInReserved; i2p::config::GetOption("reservedrange", checkInReserved);
 		LogPrint(eLogInfo, "Daemon: Starting Transports");
 		if(!ssu2) LogPrint(eLogInfo, "Daemon: SSU2 disabled");
 		if(!ntcp2) LogPrint(eLogInfo, "Daemon: NTCP2 disabled");

-		i2p::transport::transports.SetCheckReserved(checkInReserved);
 		i2p::transport::transports.Start(ntcp2, ssu2);
 		if (i2p::transport::transports.IsBoundSSU2() || i2p::transport::transports.IsBoundNTCP2())
 			LogPrint(eLogInfo, "Daemon: Transports started");
 		else
 		{
-			LogPrint(eLogError, "Daemon: Failed to start Transports");
+			LogPrint(eLogCritical, "Daemon: Failed to start Transports");
 			/** shut down netdb right away */
 			i2p::transport::transports.Stop();
 			i2p::data::netdb.Stop();
@ -329,7 +330,7 @@ namespace util
 			}
 			catch (std::exception& ex)
 			{
-				LogPrint (eLogError, "Daemon: Failed to start Webconsole: ", ex.what ());
+				LogPrint (eLogCritical, "Daemon: Failed to start Webconsole: ", ex.what ());
 				ThrowFatal ("Unable to start webconsole at ", httpAddr, ":", httpPort, ": ", ex.what ());
 			}
 		}
@ -338,8 +339,8 @@ namespace util
 		i2p::tunnel::tunnels.Start();

 		LogPrint(eLogInfo, "Daemon: Starting Router context");
-		i2p::context.Start();			
-		
+		i2p::context.Start();
+
 		LogPrint(eLogInfo, "Daemon: Starting Client");
 		i2p::client::context.Start ();

@ -356,7 +357,7 @@ namespace util
 			}
 			catch (std::exception& ex)
 			{
-				LogPrint (eLogError, "Daemon: Failed to start I2PControl: ", ex.what ());
+				LogPrint (eLogCritical, "Daemon: Failed to start I2PControl: ", ex.what ());
 				ThrowFatal ("Unable to start I2PControl service at ", i2pcpAddr, ":", i2pcpPort, ": ", ex.what ());
 			}
 		}
--- a/daemon/HTTPServer.cpp
+++ b/daemon/HTTPServer.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -87,6 +87,7 @@ namespace http {
 	const char HTTP_COMMAND_GET_REG_STRING[] = "get_reg_string";
 	const char HTTP_COMMAND_SETLANGUAGE[] = "setlanguage";
 	const char HTTP_COMMAND_RELOAD_CSS[] = "reload_css";
+	const char HTTP_COMMAND_EXPIRELEASE[] = "expirelease";

 	static std::string ConvertTime (uint64_t time)
 	{
@ -132,23 +133,19 @@ namespace http {
 	static void ShowTunnelDetails (std::stringstream& s, enum i2p::tunnel::TunnelState eState, bool explr, int bytes)
 	{
 		std::string state, stateText;
-		switch (eState) {
+		switch (eState) 
+		{
 			case i2p::tunnel::eTunnelStateBuildReplyReceived :
 			case i2p::tunnel::eTunnelStatePending     : state = "building";    break;
-			case i2p::tunnel::eTunnelStateBuildFailed :
-			case i2p::tunnel::eTunnelStateTestFailed  :
+			case i2p::tunnel::eTunnelStateBuildFailed : state = "failed"; stateText = "declined"; break;
+			case i2p::tunnel::eTunnelStateTestFailed  : state = "failed"; stateText = "test failed";  break;
 			case i2p::tunnel::eTunnelStateFailed      : state = "failed";      break;
 			case i2p::tunnel::eTunnelStateExpiring    : state = "expiring";    break;
 			case i2p::tunnel::eTunnelStateEstablished : state = "established"; break;
 			default: state = "unknown"; break;
 		}
-
-		if      (state == "building")    stateText = tr("building");
-		else if (state == "failed")      stateText = tr("failed");
-		else if (state == "expiring")    stateText = tr("expiring");
-		else if (state == "established") stateText = tr("established");
-		else stateText = tr("unknown");
-
+		if (stateText.empty ()) stateText = tr(state);
+		
 		s << "<span class=\"tunnel " << state << "\"> " << stateText << ((explr) ? " (" + tr("exploratory") + ")" : "") << "</span>, ";
 		ShowTraffic(s, bytes);
 		s << "\r\n";
@ -156,7 +153,7 @@ namespace http {

 	static void SetLogLevel (const std::string& level)
 	{
-		if (level == "none" || level == "error" || level == "warn" || level == "info" || level == "debug")
+		if (level == "none" || level == "critical" || level == "error" || level == "warn" || level == "info" || level == "debug")
 			i2p::log::Logger().SetLogLevel(level);
 		else {
 			LogPrint(eLogError, "HTTPServer: Unknown loglevel set attempted");
@ -221,18 +218,19 @@ namespace http {
 		s << "<b>" << tr("ERROR") << ":</b>&nbsp;" << string << "<br>\r\n";
 	}

-	static void ShowNetworkStatus (std::stringstream& s, RouterStatus status, RouterError error)
+	static void ShowNetworkStatus (std::stringstream& s, RouterStatus status, bool testing, RouterError error)
 	{
 		switch (status)
 		{
 			case eRouterStatusOK: s << tr("OK"); break;
-			case eRouterStatusTesting: s << tr("Testing"); break;
 			case eRouterStatusFirewalled: s << tr("Firewalled"); break;
 			case eRouterStatusUnknown: s << tr("Unknown"); break;
 			case eRouterStatusProxy: s << tr("Proxy"); break;
 			case eRouterStatusMesh: s << tr("Mesh"); break;
 			default: s << tr("Unknown");
 		}
+		if (testing)
+			s << " (" << tr("Testing") << ")";
 		if (error != eRouterErrorNone)
 		{
 			switch (error)
@ -263,12 +261,12 @@ namespace http {
 		ShowUptime(s, i2p::context.GetUptime ());
 		s << "<br>\r\n";
 		s << "<b>" << tr("Network status") << ":</b> ";
-		ShowNetworkStatus (s, i2p::context.GetStatus (), i2p::context.GetError ());
+		ShowNetworkStatus (s, i2p::context.GetStatus (), i2p::context.GetTesting(), i2p::context.GetError ());
 		s << "<br>\r\n";
 		if (i2p::context.SupportsV6 ())
 		{
 			s << "<b>" << tr("Network status v6") << ":</b> ";
-			ShowNetworkStatus (s, i2p::context.GetStatusV6 (), i2p::context.GetErrorV6 ());
+			ShowNetworkStatus (s, i2p::context.GetStatusV6 (), i2p::context.GetTestingV6(), i2p::context.GetErrorV6 ());
 			s << "<br>\r\n";
 		}
 #if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID)) || defined(ANDROID_BINARY))
@ -421,8 +419,12 @@ namespace http {

 	static void ShowLeaseSetDestination (std::stringstream& s, std::shared_ptr<const i2p::client::LeaseSetDestination> dest, uint32_t token)
 	{
+		s << "<b>Base32:</b><br>\r\n<textarea readonly cols=\"80\" rows=\"1\">";
+		s << dest->GetIdentHash ().ToBase32 () << "</textarea><br>\r\n<br>\r\n";
+
 		s << "<b>Base64:</b><br>\r\n<textarea readonly cols=\"80\" rows=\"8\">";
 		s << dest->GetIdentity ()->ToBase64 () << "</textarea><br>\r\n<br>\r\n";
+
 		if (dest->IsEncryptedLeaseSet ())
 		{
 			i2p::data::BlindedPublicKey blinded (dest->GetIdentity (), dest->IsPerClientAuth ());
@ -434,12 +436,11 @@ namespace http {
 		if (dest->IsPublic() && token && !dest->IsEncryptedLeaseSet ())
 		{
 			std::string webroot; i2p::config::GetOption("http.webroot", webroot);
-			auto base32 = dest->GetIdentHash ().ToBase32 ();
 			s << "<div class='slide'><label for='slide-regaddr'><b>" << tr("Address registration line") << "</b></label>\r\n<input type=\"checkbox\" id=\"slide-regaddr\" />\r\n<div class=\"slidecontent\">\r\n"
 			     "<form method=\"get\" action=\"" << webroot << "\">\r\n"
 			     "  <input type=\"hidden\" name=\"cmd\" value=\"" << HTTP_COMMAND_GET_REG_STRING << "\">\r\n"
 			     "  <input type=\"hidden\" name=\"token\" value=\"" << token << "\">\r\n"
-			     "  <input type=\"hidden\" name=\"b32\" value=\"" << base32 << "\">\r\n"
+			     "  <input type=\"hidden\" name=\"b32\" value=\"" << dest->GetIdentHash ().ToBase32 () << "\">\r\n"
 			     "  <b>" << tr("Domain") << ":</b>\r\n<input type=\"text\" maxlength=\"67\" name=\"name\" placeholder=\"domain.i2p\" required>\r\n"
 			     "  <button type=\"submit\">" << tr("Generate") << "</button>\r\n"
 			     "</form>\r\n<small>" << tr("<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.") << "</small>\r\n</div>\r\n</div>\r\n<br>\r\n";
@ -448,9 +449,23 @@ namespace http {
 		if (dest->GetNumRemoteLeaseSets())
 		{
 			s << "<div class='slide'><label for='slide-lease'><b>" << tr("LeaseSets") << ":</b> <i>" << dest->GetNumRemoteLeaseSets ()
-			  << "</i></label>\r\n<input type=\"checkbox\" id=\"slide-lease\" />\r\n<div class=\"slidecontent\">\r\n<table><thead><th>"<< tr("Address") << "</th><th>" << tr("Type") << "</th><th>" << tr("EncType") << "</th></thead><tbody class=\"tableitem\">";
+			  << "</i></label>\r\n<input type=\"checkbox\" id=\"slide-lease\" />\r\n<div class=\"slidecontent\">\r\n"
+			  << "<table><thead>"
+			  << "<th>" << tr("Address") << "</th>"
+			  << "<th style=\"width:5px;\">&nbsp;</th>" // LeaseSet expiration button column
+			  << "<th>" << tr("Type") << "</th>"
+			  << "<th>" << tr("EncType") << "</th>"
+			  << "</thead><tbody class=\"tableitem\">";
 			for(auto& it: dest->GetLeaseSets ())
-				s << "<tr><td>" << it.first.ToBase32 () << "</td><td>" << (int)it.second->GetStoreType () << "</td><td>" << (int)it.second->GetEncryptionType () <<"</td></tr>\r\n";
+			{
+				s << "<tr>"
+				  << "<td>" << it.first.ToBase32 () << "</td>"
+				  << "<td><a class=\"button\" href=\"/?cmd=" << HTTP_COMMAND_EXPIRELEASE<< "&b32=" << dest->GetIdentHash ().ToBase32 ()
+				  << "&lease=" << it.first.ToBase32 () << "&token=" << token << "\" title=\"" << tr("Expire LeaseSet") << "\"> &#10008; </a></td>"
+				  << "<td>" << (int)it.second->GetStoreType () << "</td>"
+				  << "<td>" << (int)it.second->GetEncryptionType () <<"</td>"
+				  << "</tr>\r\n";
+			}
 			s << "</tbody></table>\r\n</div>\r\n</div>\r\n<br>\r\n";
 		} else
 			s << "<b>" << tr("LeaseSets") << ":</b> <i>0</i><br>\r\n<br>\r\n";
@ -591,6 +606,8 @@ namespace http {
 			}
 			s << "</tbody>\r\n</table>";
 		}
+		else
+			ShowError(s, tr("Such destination is not found"));
 	}

 	void ShowI2CPLocalDestination (std::stringstream& s, const std::string& id)
@ -625,10 +642,10 @@ namespace http {
 					if (storeType == i2p::data::NETDB_STORE_TYPE_LEASESET)
 						ls.reset (new i2p::data::LeaseSet (leaseSet->GetBuffer(), leaseSet->GetBufferLen()));
 					else
-					{	
+					{
 						ls.reset (new i2p::data::LeaseSet2 (storeType));
 						ls->Update (leaseSet->GetBuffer(), leaseSet->GetBufferLen(), false);
-					}		
+					}
 					if (!ls) return;
 					s << "<div class=\"leaseset listitem";
 					if (ls->IsExpired())
@ -748,13 +765,14 @@ namespace http {

 		auto loglevel = i2p::log::Logger().GetLogLevel();
 		s << "<b>" << tr("Logging level") << "</b><br>\r\n";
-		s << "  <a class=\"button" << (loglevel == eLogNone    ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=none&token=" << token << "\"> none </a> \r\n";
-		s << "  <a class=\"button" << (loglevel == eLogError   ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=error&token=" << token << "\"> error </a> \r\n";
-		s << "  <a class=\"button" << (loglevel == eLogWarning ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=warn&token=" << token << "\"> warn </a> \r\n";
-		s << "  <a class=\"button" << (loglevel == eLogInfo    ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=info&token=" << token << "\"> info </a> \r\n";
-		s << "  <a class=\"button" << (loglevel == eLogDebug   ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=debug&token=" << token << "\"> debug </a><br>\r\n<br>\r\n";
-
-		uint16_t maxTunnels = i2p::tunnel::tunnels.GetMaxNumTransitTunnels ();
+		s << "  <a class=\"button" << (loglevel == eLogNone     ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=none&token=" << token << "\"> none </a> \r\n";
+		s << "  <a class=\"button" << (loglevel == eLogCritical ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=critical&token=" << token << "\"> critical </a> \r\n";
+		s << "  <a class=\"button" << (loglevel == eLogError    ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=error&token=" << token << "\"> error </a> \r\n";
+		s << "  <a class=\"button" << (loglevel == eLogWarning  ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=warn&token=" << token << "\"> warn </a> \r\n";
+		s << "  <a class=\"button" << (loglevel == eLogInfo     ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=info&token=" << token << "\"> info </a> \r\n";
+		s << "  <a class=\"button" << (loglevel == eLogDebug    ? " selected" : "") << "\" href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=debug&token=" << token << "\"> debug </a><br>\r\n<br>\r\n";
+
+		uint32_t maxTunnels = i2p::tunnel::tunnels.GetMaxNumTransitTunnels ();
 		s << "<b>" << tr("Transit tunnels limit") << "</b><br>\r\n";
 		s << "<form method=\"get\" action=\"" << webroot << "\">\r\n";
 		s << "  <input type=\"hidden\" name=\"cmd\" value=\"" << HTTP_COMMAND_LIMITTRANSIT << "\">\r\n";
@ -838,6 +856,7 @@ namespace http {
 					tmp_s << " [itag:" << it->GetRelayTag () << "]";
 				if (it->GetSendQueueSize () > 0)
 					tmp_s << " [queue:" << it->GetSendQueueSize () << "]";
+				if (it->IsSlow ()) tmp_s << " [slow]";
 				tmp_s << "</div>\r\n" << std::endl;
 				cnt++;
 			}
@ -956,34 +975,42 @@ namespace http {
 	void ShowI2PTunnels (std::stringstream& s)
 	{
 		std::string webroot; i2p::config::GetOption("http.webroot", webroot);
-		s << "<b>" << tr("Client Tunnels") << ":</b><br>\r\n<div class=\"list\">\r\n";
-		for (auto& it: i2p::client::context.GetClientTunnels ())
-		{
-			auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-			s << "<div class=\"listitem\"><a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
-			s << it.second->GetName () << "</a> &#8656; ";
-			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
-			s << "</div>\r\n"<< std::endl;
-		}
+
+		auto& clientTunnels = i2p::client::context.GetClientTunnels ();
 		auto httpProxy = i2p::client::context.GetHttpProxy ();
-		if (httpProxy)
-		{
-			auto& ident = httpProxy->GetLocalDestination ()->GetIdentHash();
-			s << "<div class=\"listitem\"><a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
-			s << "HTTP " << tr("Proxy") << "</a> &#8656; ";
-			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
-			s << "</div>\r\n"<< std::endl;
-		}
 		auto socksProxy = i2p::client::context.GetSocksProxy ();
-		if (socksProxy)
+		if (!clientTunnels.empty () || httpProxy || socksProxy)
 		{
-			auto& ident = socksProxy->GetLocalDestination ()->GetIdentHash();
-			s << "<div class=\"listitem\"><a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
-			s << "SOCKS " << tr("Proxy") << "</a> &#8656; ";
-			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
-			s << "</div>\r\n"<< std::endl;
+			s << "<b>" << tr("Client Tunnels") << ":</b><br>\r\n<div class=\"list\">\r\n";
+			if (!clientTunnels.empty ())
+			{
+				for (auto& it: clientTunnels)
+				{
+					auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+					s << "<div class=\"listitem\"><a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
+					s << it.second->GetName () << "</a> &#8656; ";
+					s << i2p::client::context.GetAddressBook ().ToAddress(ident);
+					s << "</div>\r\n"<< std::endl;
+				}
+			}
+			if (httpProxy)
+			{
+				auto& ident = httpProxy->GetLocalDestination ()->GetIdentHash();
+				s << "<div class=\"listitem\"><a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
+				s << "HTTP " << tr("Proxy") << "</a> &#8656; ";
+				s << i2p::client::context.GetAddressBook ().ToAddress(ident);
+				s << "</div>\r\n"<< std::endl;
+			}
+			if (socksProxy)
+			{
+				auto& ident = socksProxy->GetLocalDestination ()->GetIdentHash();
+				s << "<div class=\"listitem\"><a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
+				s << "SOCKS " << tr("Proxy") << "</a> &#8656; ";
+				s << i2p::client::context.GetAddressBook ().ToAddress(ident);
+				s << "</div>\r\n"<< std::endl;
+			}
+			s << "</div>\r\n";
 		}
-		s << "</div>\r\n";

 		auto& serverTunnels = i2p::client::context.GetServerTunnels ();
 		if (!serverTunnels.empty ()) {
@ -1310,6 +1337,36 @@ namespace http {
 			res.add_header("Refresh", redirect.c_str());
 			return;
 		}
+		else if (cmd == HTTP_COMMAND_EXPIRELEASE)
+		{
+			std::string b32 = params["b32"];
+			std::string lease = params["lease"];
+
+			i2p::data::IdentHash ident, leaseident;
+			ident.FromBase32 (b32);
+			leaseident.FromBase32 (lease);
+			auto dest = i2p::client::context.FindLocalDestination (ident);
+
+			if (dest)
+			{
+				auto leaseset = dest->FindLeaseSet (leaseident);
+				if (leaseset)
+				{
+					leaseset->ExpireLease ();
+					s << "<b>" << tr("SUCCESS") << "</b>:&nbsp;" << tr("LeaseSet expiration time updated") << "<br>\r\n<br>\r\n";
+				}
+				else
+					s << "<b>" << tr("ERROR") << "</b>:&nbsp;" << tr("LeaseSet is not found or already expired") << "<br>\r\n<br>\r\n";
+			}
+			else
+				s << "<b>" << tr("ERROR") << "</b>:&nbsp;" << tr("Destination not found") << "<br>\r\n<br>\r\n";
+
+			s << "<a href=\"" << webroot << "?page=local_destination&b32=" << b32 << "\">" << tr("Return to destination page") << "</a><br>\r\n";
+			s << "<p>" << tr("You will be redirected in %d seconds", COMMAND_REDIRECT_TIMEOUT) << "</b>";
+			redirect = std::to_string(COMMAND_REDIRECT_TIMEOUT) + "; url=" + webroot + "?page=local_destination&b32=" + b32;
+			res.add_header("Refresh", redirect.c_str());
+			return;
+		}
 		else if (cmd == HTTP_COMMAND_LIMITTRANSIT)
 		{
 			uint32_t limit = std::stoul(params["limit"], nullptr);
--- a/daemon/HTTPServer.h
+++ b/daemon/HTTPServer.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -25,7 +25,7 @@ namespace http
 	const size_t HTTP_CONNECTION_BUFFER_SIZE = 8192;
 	const int TOKEN_EXPIRATION_TIMEOUT = 30; // in seconds
 	const int COMMAND_REDIRECT_TIMEOUT = 5; // in seconds
-	const int TRANSIT_TUNNELS_LIMIT = 65535;
+	const int TRANSIT_TUNNELS_LIMIT = 1000000;

 	class HTTPConnection: public std::enable_shared_from_this<HTTPConnection>
 	{
--- a/daemon/I2PControl.cpp
+++ b/daemon/I2PControl.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -338,10 +338,11 @@ namespace client
 	{
 		for (auto it = params.begin (); it != params.end (); it++)
 		{
-			if (it != params.begin ()) results << ",";
 			LogPrint (eLogDebug, "I2PControl: RouterManager request: ", it->first);
 			auto it1 = m_RouterManagerHandlers.find (it->first);
-			if (it1 != m_RouterManagerHandlers.end ()) {
+			if (it1 != m_RouterManagerHandlers.end ()) 
+			{
+				if (it != params.begin ()) results << ",";
 				(this->*(it1->second))(results);
 			} else
 				LogPrint (eLogError, "I2PControl: RouterManager unknown request: ", it->first);
--- a/daemon/UPnP.cpp
+++ b/daemon/UPnP.cpp
@ -1,10 +1,15 @@
+/*
+* Copyright (c) 2013-2024, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*/
+
 #ifdef USE_UPNP
 #include <string>
 #include <thread>

-#include <boost/thread/thread.hpp>
-#include <boost/asio.hpp>
-
 #include "Log.h"

 #include "RouterContext.h"
@ -110,10 +115,16 @@ namespace transport
 			return;
 		}

+#if (MINIUPNPC_API_VERSION >= 18)
+		err = UPNP_GetValidIGD (m_Devlist, &m_upnpUrls, &m_upnpData, m_NetworkAddr, sizeof (m_NetworkAddr),
+					m_externalIPAddress, sizeof (m_externalIPAddress));
+#else
 		err = UPNP_GetValidIGD (m_Devlist, &m_upnpUrls, &m_upnpData, m_NetworkAddr, sizeof (m_NetworkAddr));
+#endif
 		m_upnpUrlsInitialized=err!=0;
 		if (err == UPNP_IGD_VALID_CONNECTED)
 		{
+#if (MINIUPNPC_API_VERSION < 18)
 			err = UPNP_GetExternalIPAddress (m_upnpUrls.controlURL, m_upnpData.first.servicetype, m_externalIPAddress);
 			if(err != UPNPCOMMAND_SUCCESS)
 			{
@ -121,6 +132,7 @@ namespace transport
 				return;
 			}
 			else
+#endif
 			{
 				LogPrint (eLogError, "UPnP: Found Internet Gateway Device ", m_upnpUrls.controlURL);
 				if (!m_externalIPAddress[0])
@ -166,11 +178,11 @@ namespace transport
 			if (address && !address->host.is_v6 () && address->port)
 				TryPortMapping (address);
 		}
-		m_Timer.expires_from_now (boost::posix_time::minutes(20)); // every 20 minutes
+		m_Timer.expires_from_now (boost::posix_time::minutes(UPNP_PORT_FORWARDING_INTERVAL)); // every 20 minutes
 		m_Timer.async_wait ([this](const boost::system::error_code& ecode)
 		{
 			if (ecode != boost::asio::error::operation_aborted)
-			PortMapping ();
+				PortMapping ();
 		});
 	}

--- a/daemon/UPnP.h
+++ b/daemon/UPnP.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -28,7 +28,8 @@ namespace i2p
 namespace transport
 {
 	const int UPNP_RESPONSE_TIMEOUT = 2000; // in milliseconds
-
+	const int UPNP_PORT_FORWARDING_INTERVAL = 20; // in minutes
+	
 	enum
 	{
 		UPNP_IGD_NONE = 0,
--- a/daemon/UnixDaemon.cpp
+++ b/daemon/UnixDaemon.cpp
@ -162,18 +162,27 @@ namespace i2p

 #ifndef ANDROID
 				if (lockf(pidFH, F_TLOCK, 0) != 0)
+#else
+				struct flock fl;
+				fl.l_len = 0;
+				fl.l_type = F_WRLCK;
+				fl.l_whence = SEEK_SET;
+				fl.l_start = 0;
+
+				if (fcntl(pidFH, F_SETLK, &fl) != 0)
+#endif
 				{
 					LogPrint(eLogError, "Daemon: Could not lock pid file ", pidfile, ": ", strerror(errno));
 					std::cerr << "i2pd: Could not lock pid file " << pidfile << ": " << strerror(errno) << std::endl;
 					return false;
 				}
-#endif
+
 				char pid[10];
 				sprintf(pid, "%d\n", getpid());
 				ftruncate(pidFH, 0);
 				if (write(pidFH, pid, strlen(pid)) < 0)
 				{
-					LogPrint(eLogError, "Daemon: Could not write pidfile ", pidfile, ": ", strerror(errno));
+					LogPrint(eLogCritical, "Daemon: Could not write pidfile ", pidfile, ": ", strerror(errno));
 					std::cerr << "i2pd: Could not write pidfile " << pidfile << ": " << strerror(errno) << std::endl;
 					return false;
 				}
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,45 @@
+i2pd (2.52.0-1) unstable; urgency=medium
+
+  * updated to version 2.52.0
+
+ -- orignal <orignal@i2pmail.org>  Sun, 12 May 2024 16:00:00 +0000
+
+i2pd (2.51.0-1) unstable; urgency=medium
+
+  * updated to version 2.51.0/0.9.62
+
+ -- orignal <orignal@i2pmail.org>  Sat, 06 Apr 2024 16:00:00 +0000
+
+i2pd (2.50.2-1) unstable; urgency=medium
+
+  * updated to version 2.50.2/0.9.61
+
+ -- orignal <orignal@i2pmail.org>  Sat, 06 Jan 2024 16:00:00 +0000
+
+i2pd (2.50.1-1) unstable; urgency=medium
+
+  * updated to version 2.50.1/0.9.61
+
+ -- r4sas <r4sas@i2pmail.org>  Sat, 23 Dec 2023 18:30:00 +0000
+
+i2pd (2.50.0-1) unstable; urgency=medium
+
+  * updated to version 2.50.0/0.9.61
+
+ -- orignal <orignal@i2pmail.org>  Mon, 18 Dec 2023 16:00:00 +0000
+
+i2pd (2.49.0-1) unstable; urgency=medium
+
+  * updated to version 2.49.0/0.9.60
+
+ -- orignal <orignal@i2pmail.org>  Mon, 18 Sep 2023 16:00:00 +0000
+
+i2pd (2.48.0-1) unstable; urgency=high
+
+  * updated to version 2.48.0/0.9.59
+
+ -- orignal <orignal@i2pmail.org>  Mon, 12 Jun 2023 16:00:00 +0000
+
 i2pd (2.47.0-1) unstable; urgency=high

  * updated to version 2.47.0/0.9.58
--- a/debian/i2pd.1
+++ b/debian/i2pd.1
@ -64,7 +64,7 @@ The network interface to bind to for IPv4 connections
 The network interface to bind to for IPv6 connections
 .TP
 \fB\-\-ipv4=\fR
-Enable communication through ipv6 (\fIenabled\fR by default)
+Enable communication through ipv4 (\fIenabled\fR by default)
 .TP
 \fB\-\-ipv6\fR
 Enable communication through ipv6 (\fIdisabled\fR by default)
--- a/i18n/Chinese.cpp
+++ b/i18n/Chinese.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2023, The PurpleI2P Project
+* Copyright (c) 2022-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -69,6 +69,7 @@ namespace chinese // language namespace
 		{"Stopping in", "距停止还有："},
 		{"Family", "家族"},
 		{"Tunnel creation success rate", "隧道创建成功率"},
+		{"Total tunnel creation success rate", "当前隧道创建成功率"},
 		{"Received", "已接收"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "已发送"},
@ -95,6 +96,7 @@ namespace chinese // language namespace
 		{"Address", "地址"},
 		{"Type", "类型"},
 		{"EncType", "加密类型"},
+		{"Expire LeaseSet", "到期租约集"},
 		{"Inbound tunnels", "入站隧道"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "出站隧道"},
@ -109,6 +111,7 @@ namespace chinese // language namespace
 		{"Local Destination", "本地目标"},
 		{"Streams", "流"},
 		{"Close stream", "断开流"},
+		{"Such destination is not found", "找不到此目标"},
 		{"I2CP session not found", "未找到 I2CP 会话"},
 		{"I2CP is not enabled", "I2CP 未启用"},
 		{"Invalid", "无效"},
@ -150,6 +153,8 @@ namespace chinese // language namespace
 		{"StreamID can't be null", "StreamID 不能为空"},
 		{"Return to destination page", "返回目标页面"},
 		{"You will be redirected in %d seconds", "您将在%d秒内被重定向"},
+		{"LeaseSet expiration time updated", "租约集到期时间已更新"},
+		{"LeaseSet is not found or already expired", "租约集未找到或已过期"},
 		{"Transit tunnels count must not exceed %d", "中转隧道数量限制为 %d"},
 		{"Back to commands list", "返回命令列表"},
 		{"Register at reg.i2p", "在 reg.i2p 注册域名"},
@ -158,7 +163,6 @@ namespace chinese // language namespace
 		{"Submit", "提交"},
 		{"Domain can't end with .b32.i2p", "域名不能以 .b32.i2p 结尾"},
 		{"Domain must end with .i2p", "域名必须以 .i2p 结尾"},
-		{"Such destination is not found", "找不到此目标"},
 		{"Unknown command", "未知指令"},
 		{"Command accepted", "已接受指令"},
 		{"Proxy error", "代理错误"},
--- a/i18n/Czech.cpp
+++ b/i18n/Czech.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2023, The PurpleI2P Project
+* Copyright (c) 2022-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -36,18 +36,18 @@ namespace czech // language namespace
 		{"%.2f GiB", "%.2f GiB"},
 		{"building", "vytváří se"},
 		{"failed", "selhalo"},
-		{"expiring", "končící"},
+		{"expiring", "vyprší platnost"},
 		{"established", "vytvořeno"},
 		{"unknown", "neznámý"},
 		{"exploratory", "průzkumné"},
-		{"Purple I2P Webconsole", "Purple I2P Webkonsole"},
-		{"<b>i2pd</b> webconsole", "<b>i2pd</b> webkonsole"},
+		{"Purple I2P Webconsole", "Purple I2P webová konzole"},
+		{"<b>i2pd</b> webconsole", "<b>i2pd</b> webová konzole"},
 		{"Main page", "Hlavní stránka"},
 		{"Router commands", "Router příkazy"},
-		{"Local Destinations", "Lokální destinace"},
-		{"LeaseSets", "LeaseSety"},
+		{"Local Destinations", "Místní cíle"},
+		{"LeaseSets", "Sety pronájmu"},
 		{"Tunnels", "Tunely"},
-		{"Transit Tunnels", "Transitní tunely"},
+		{"Transit Tunnels", "Tranzitní tunely"},
 		{"Transports", "Transporty"},
 		{"I2P tunnels", "I2P tunely"},
 		{"SAM sessions", "SAM relace"},
@ -61,18 +61,21 @@ namespace czech // language namespace
 		{"Clock skew", "Časová nesrovnalost"},
 		{"Offline", "Offline"},
 		{"Symmetric NAT", "Symetrický NAT"},
+		{"Full cone NAT", "Full cone NAT"},
+		{"No Descriptors", "Žádné popisovače"},
 		{"Uptime", "Doba provozu"},
-		{"Network status", "Status sítě"},
-		{"Network status v6", "Status sítě v6"},
+		{"Network status", "Stav sítě"},
+		{"Network status v6", "Stav sítě v6"},
 		{"Stopping in", "Zastavuji za"},
 		{"Family", "Rodina"},
 		{"Tunnel creation success rate", "Úspěšnost vytváření tunelů"},
+		{"Total tunnel creation success rate", "Celková míra úspěšnosti vytváření tunelů"},
 		{"Received", "Přijato"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Odesláno"},
 		{"Transit", "Tranzit"},
-		{"Data path", "Cesta k data souborům"},
-		{"Hidden content. Press on text to see.", "Skrytý kontent. Pro zobrazení, klikni na text."},
+		{"Data path", "Cesta k datovým souborům"},
+		{"Hidden content. Press on text to see.", "Skrytý obsah. Pro zobrazení klikněte sem."},
 		{"Router Ident", "Routerová Identita"},
 		{"Router Family", "Rodina routerů"},
 		{"Router Caps", "Omezení Routerů"},
@ -93,6 +96,7 @@ namespace czech // language namespace
 		{"Address", "Adresa"},
 		{"Type", "Typ"},
 		{"EncType", "EncType"},
+		{"Expire LeaseSet", "Zrušit platnost setu pronájmu"},
 		{"Inbound tunnels", "Příchozí tunely"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "Odchozí tunely"},
@ -103,21 +107,24 @@ namespace czech // language namespace
 		{"Amount", "Množství"},
 		{"Incoming Tags", "Příchozí štítky"},
 		{"Tags sessions", "Relace štítků"},
-		{"Status", "Status"},
-		{"Local Destination", "Lokální Destinace"},
+		{"Status", "Stav"},
+		{"Local Destination", "Místní cíl"},
 		{"Streams", "Toky"},
 		{"Close stream", "Uzavřít tok"},
+		{"Such destination is not found", "Takováto destinace nebyla nalezena"},
 		{"I2CP session not found", "I2CP relace nenalezena"},
 		{"I2CP is not enabled", "I2CP není zapnuto"},
 		{"Invalid", "Neplatný"},
 		{"Store type", "Druh uložení"},
 		{"Expires", "Vyprší"},
-		{"Non Expired Leases", "Nevypršené Leasy"},
+		{"Non Expired Leases", "Pronájmy, kterým nevypršela platnost"},
 		{"Gateway", "Brána"},
 		{"TunnelID", "ID tunelu"},
 		{"EndDate", "Datum ukončení"},
+		{"floodfill mode is disabled", "režim floodfill je vypnut"},
 		{"Queue size", "Velikost fronty"},
 		{"Run peer test", "Spustit peer test"},
+		{"Reload tunnels configuration", "Znovu načíst nastavení tunelů"},
 		{"Decline transit tunnels", "Odmítnout tranzitní tunely"},
 		{"Accept transit tunnels", "Přijmout tranzitní tunely"},
 		{"Cancel graceful shutdown", "Zrušit hladké vypnutí"},
@ -145,14 +152,17 @@ namespace czech // language namespace
 		{"Destination not found", "Destinace nenalezena"},
 		{"StreamID can't be null", "StreamID nemůže být null"},
 		{"Return to destination page", "Zpět na stránku destinací"},
-		{"Back to commands list", "Zpět na list příkazů"},
+		{"You will be redirected in %d seconds", "Budete přesměrováni za %d sekund"},
+		{"LeaseSet expiration time updated", "Aktualizován čas vypršení platnosti setu pronájmu"},
+		{"LeaseSet is not found or already expired", "Set pronájmu není k nalezení nebo již vypršela jeho platnost"},
+		{"Transit tunnels count must not exceed %d", "Počet tranzitních tunelů nesmí překročit %d"},
+		{"Back to commands list", "Zpět na seznam příkazů"},
 		{"Register at reg.i2p", "Zaregistrovat na reg.i2p"},
 		{"Description", "Popis"},
 		{"A bit information about service on domain", "Trochu informací o službě na doméně"},
 		{"Submit", "Odeslat"},
 		{"Domain can't end with .b32.i2p", "Doména nesmí končit na .b32.i2p"},
 		{"Domain must end with .i2p", "Doména musí končit s .i2p"},
-		{"Such destination is not found", "Takováto destinace nebyla nalezena"},
 		{"Unknown command", "Neznámý příkaz"},
 		{"Command accepted", "Příkaz přijat"},
 		{"Proxy error", "Chyba proxy serveru"},
@ -162,6 +172,15 @@ namespace czech // language namespace
 		{"You may try to find this host on jump services below", "Můžete se pokusit najít tohoto hostitele na startovacích službách níže"},
 		{"Invalid request", "Neplatný požadavek"},
 		{"Proxy unable to parse your request", "Proxy server nemohl zpracovat váš požadavek"},
+		{"Addresshelper is not supported", "Addresshelper není podporován"},
+		{"Host %s is <font color=red>already in router's addressbook</font>. <b>Be careful: source of this URL may be harmful!</b> Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Hostitel %s je <font color=red>již v adresáři routeru</font>. <b>Buďte opatrní: zdroj této URL může být škodlivý!</b> Klikněte zde pro aktualizaci záznamu: <a href=\"%s%s%s&update=true\">Pokračovat</a>."},
+		{"Addresshelper forced update rejected", "Addresshelperem vynucená aktualizace zamítnuta"},
+		{"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s\">Continue</a>.", "Pro přidání hostitele <b>%s</b> do adresáře routeru, klikněte zde: <a href=\"%s%s%s\">Pokračovat</a>."},
+		{"Addresshelper request", "Požadavek Addresshelperu"},
+		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "Hostitel %s přidán do adresáře routeru od pomocníka. Klikněte zde pro pokračování: <a href=\"%s\">Pokračovat</a>."},
+		{"Addresshelper adding", "Addresshelper přidávání"},
+		{"Host %s is <font color=red>already in router's addressbook</font>. Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Hostitel %s je <font color=red>již v adresáři routeru</font>. Klikněte zde pro aktualizaci záznamu: <a href=\"%s%s%s&update=true\">Pokračovat</a>."},
+		{"Addresshelper update", "Addresshelper aktualizace"},
 		{"Invalid request URI", "Neplatný URI požadavek"},
 		{"Can't detect destination host from request", "Nelze zjistit cílového hostitele z požadavku"},
 		{"Outproxy failure", "Outproxy selhání"},
--- a/i18n/French.cpp
+++ b/i18n/French.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2022-2023, The PurpleI2P Project
+* Copyright (c) 2022-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -58,7 +58,7 @@ namespace french // language namespace
 		{"Unknown", "Inconnu"},
 		{"Proxy", "Proxy"},
 		{"Mesh", "Maillé"},
-		{"Clock skew", "Horloge décalée"},
+		{"Clock skew", "Décalage de l'horloge"},
 		{"Offline", "Hors ligne"},
 		{"Symmetric NAT", "NAT symétrique"},
 		{"Full cone NAT", "NAT à cône complet"},
@ -68,7 +68,8 @@ namespace french // language namespace
 		{"Network status v6", "État du réseau v6"},
 		{"Stopping in", "Arrêt dans"},
 		{"Family", "Famille"},
-		{"Tunnel creation success rate", "Taux de succès de création de tunnels"},
+		{"Tunnel creation success rate", "Taux de création de tunnel réussie"},
+		{"Total tunnel creation success rate", "Taux total de création de tunnel réussie"},
 		{"Received", "Reçu"},
 		{"%.2f KiB/s", "%.2f Kio/s"},
 		{"Sent", "Envoyé"},
@ -91,10 +92,11 @@ namespace french // language namespace
 		{"Address registration line", "Ligne d'inscription de l'adresse"},
 		{"Domain", "Domaine"},
 		{"Generate", "Générer"},
-		{"<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.", "<b>Note:</b> La chaîne résultante peut seulement être utilisée pour enregistrer les domaines 2LD (exemple.i2p). Pour enregistrer des sous-domaines, veuillez utiliser i2pd-tools."},
+		{"<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.", "<b>Note :</b> La chaîne résultante peut seulement être utilisée pour enregistrer les domaines 2LD (exemple.i2p). Pour enregistrer des sous-domaines, veuillez utiliser i2pd-tools."},
 		{"Address", "Adresse"},
 		{"Type", "Type"},
 		{"EncType", "EncType"},
+		{"Expire LeaseSet", "Expirer le jeu de baux"},
 		{"Inbound tunnels", "Tunnels entrants"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "Tunnels sortants"},
@ -109,6 +111,7 @@ namespace french // language namespace
 		{"Local Destination", "Destination locale"},
 		{"Streams", "Flux"},
 		{"Close stream", "Fermer le flux"},
+		{"Such destination is not found", "Cette destination est introuvable"},
 		{"I2CP session not found", "Session I2CP introuvable"},
 		{"I2CP is not enabled", "I2CP est désactivé"},
 		{"Invalid", "Invalide"},
@ -128,7 +131,7 @@ namespace french // language namespace
 		{"Start graceful shutdown", "Démarrer l'arrêt gracieux"},
 		{"Force shutdown", "Forcer l'arrêt"},
 		{"Reload external CSS styles", "Rafraîchir les styles CSS externes"},
-		{"<b>Note:</b> any action done here are not persistent and not changes your config files.", "<b>Note:</b> Toute action effectuée ici n'est pas permanente et ne modifie pas vos fichiers de configuration."},
+		{"<b>Note:</b> any action done here are not persistent and not changes your config files.", "<b>Note :</b> Toute action effectuée ici n'est pas permanente et ne modifie pas vos fichiers de configuration."},
 		{"Logging level", "Niveau de journalisation"},
 		{"Transit tunnels limit", "Limite sur les tunnels transitoires"},
 		{"Change", "Changer"},
@ -150,6 +153,8 @@ namespace french // language namespace
 		{"StreamID can't be null", "StreamID ne peut pas être vide"},
 		{"Return to destination page", "Retourner à la page de destination"},
 		{"You will be redirected in %d seconds", "Vous serez redirigé dans %d secondes"},
+		{"LeaseSet expiration time updated", "Temps d'expiration du jeu de baux mis à jour"},
+		{"LeaseSet is not found or already expired", "Le jeu de baux est introuvable ou a déjà expiré"},
 		{"Transit tunnels count must not exceed %d", "Le nombre de tunnels de transit ne doit pas excéder %d"},
 		{"Back to commands list", "Retour à la liste des commandes"},
 		{"Register at reg.i2p", "Inscription à reg.i2p"},
@ -158,24 +163,23 @@ namespace french // language namespace
 		{"Submit", "Soumettre"},
 		{"Domain can't end with .b32.i2p", "Le domaine ne peut pas terminer par .b32.i2p"},
 		{"Domain must end with .i2p", "Le domaine doit terminer par .i2p"},
-		{"Such destination is not found", "Cette destination est introuvable"},
 		{"Unknown command", "Commande inconnue"},
 		{"Command accepted", "Commande acceptée"},
 		{"Proxy error", "Erreur de proxy"},
 		{"Proxy info", "Information sur le proxy"},
-		{"Proxy error: Host not found", "Erreur de proxy: Hôte introuvable"},
+		{"Proxy error: Host not found", "Erreur de proxy : Hôte introuvable"},
 		{"Remote host not found in router's addressbook", "Hôte distant introuvable dans le carnet d'adresse du routeur"},
 		{"You may try to find this host on jump services below", "Vous pouvez essayer de trouver cet hôte sur des services de redirection ci-dessous"},
 		{"Invalid request", "Requête invalide"},
 		{"Proxy unable to parse your request", "Proxy incapable de comprendre votre requête"},
 		{"Addresshelper is not supported", "Assistant d'adresse non supporté"},
-		{"Host %s is <font color=red>already in router's addressbook</font>. <b>Be careful: source of this URL may be harmful!</b> Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "L'hôte %s est <font color=red>déjà dans le carnet d'adresses du routeur</font>. <b>Attention : la source de cette URL peut être nuisible !</b> Cliquez ici pour mettre à jour l'enregistrement : <a href=\"%s%s%s&update=true\">Continuer</a>."},
+		{"Host %s is <font color=red>already in router's addressbook</font>. <b>Be careful: source of this URL may be harmful!</b> Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "L'hôte %s est <font color=red>déjà dans le carnet d'adresses du routeur</font>. <b>Attention : la source de cette URL peut être nuisible !</b> Cliquez ici pour mettre à jour l'enregistrement : <a href=\"%s%s%s&update=true\">Continuer</a>."},
 		{"Addresshelper forced update rejected", "Mise à jour forcée des assistants d'adresses rejetée"},
-		{"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s\">Continue</a>.", "Pour ajouter l'hôte <b>%s</b> au carnet d'adresses du routeur, cliquez ici : <a href=\"%s%s%s\">Continuer</a>."},
+		{"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s\">Continue</a>.", "Pour ajouter l'hôte <b>%s</b> au carnet d'adresses du routeur, cliquez ici : <a href=\"%s%s%s\">Continuer</a>."},
 		{"Addresshelper request", "Demande à l'assistant d'adresse"},
 		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "L'hôte %s a été ajouté au carnet d'adresses du routeur depuis l'assistant. Cliquez ici pour continuer : <a href=\"%s\">Continuer</a>."},
 		{"Addresshelper adding", "Ajout de l'assistant d'adresse"},
-		{"Host %s is <font color=red>already in router's addressbook</font>. Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "L'hôte %s est <font color=red>déjà dans le carnet d'adresses du routeur</font>. Cliquez ici pour mettre à jour le dossier : <a href=\"%s%s%s&update=true\">Continuer</a>."},
+		{"Host %s is <font color=red>already in router's addressbook</font>. Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "L'hôte %s est <font color=red>déjà dans le carnet d'adresses du routeur</font>. Cliquez ici pour mettre à jour le dossier : <a href=\"%s%s%s&update=true\">Continuer</a>."},
 		{"Addresshelper update", "Mise à jour de l'assistant d'adresse"},
 		{"Invalid request URI", "URI de la requête invalide"},
 		{"Can't detect destination host from request", "Impossible de détecter l'hôte de destination à partir de la requête"},
--- a/i18n/Italian.cpp
+++ b/i18n/Italian.cpp
@ -69,6 +69,7 @@ namespace italian // language namespace
 		{"Stopping in", "Arresto in"},
 		{"Family", "Famiglia"},
 		{"Tunnel creation success rate", "Percentuale di tunnel creati con successo"},
+		{"Total tunnel creation success rate", "Percentuale di successo totale nella creazione del tunnel"},
 		{"Received", "Ricevuti"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Inviati"},
@ -95,6 +96,7 @@ namespace italian // language namespace
 		{"Address", "Indirizzo"},
 		{"Type", "Tipologia"},
 		{"EncType", "Tipo di crittografia"},
+		{"Expire LeaseSet", "Scadenza LeaseSet"},
 		{"Inbound tunnels", "Tunnel in entrata"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "Tunnel in uscita"},
@ -109,6 +111,7 @@ namespace italian // language namespace
 		{"Local Destination", "Destinazione locale"},
 		{"Streams", "Flussi"},
 		{"Close stream", "Interrompi il flusso"},
+		{"Such destination is not found", "Questa destinazione non è stata trovata"},
 		{"I2CP session not found", "Sessione I2CP non trovata"},
 		{"I2CP is not enabled", "I2CP non è abilitato"},
 		{"Invalid", "Invalido"},
@ -150,6 +153,8 @@ namespace italian // language namespace
 		{"StreamID can't be null", "Lo StreamID non può essere null"},
 		{"Return to destination page", "Ritorna alla pagina di destinazione"},
 		{"You will be redirected in %d seconds", "Sarai reindirizzato tra %d secondi"},
+		{"LeaseSet expiration time updated", "Tempo di scadenza LeaseSet aggiornato"},
+		{"LeaseSet is not found or already expired", "LeaseSet non trovato o già scaduto"},
 		{"Transit tunnels count must not exceed %d", "Il conteggio dei tunnel di transito non deve superare %d"},
 		{"Back to commands list", "Ritorna alla lista dei comandi"},
 		{"Register at reg.i2p", "Registra a reg.i2p"},
@ -158,7 +163,6 @@ namespace italian // language namespace
 		{"Submit", "Invia"},
 		{"Domain can't end with .b32.i2p", "I domini non possono terminare con .b32.i2p"},
 		{"Domain must end with .i2p", "I domini devono terminare con .i2p"},
-		{"Such destination is not found", "Questa destinazione non è stata trovata"},
 		{"Unknown command", "Comando sconosciuto"},
 		{"Command accepted", "Comando accettato"},
 		{"Proxy error", "Errore del proxy"},
--- a/i18n/Polish.cpp
+++ b/i18n/Polish.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2023, The PurpleI2P Project
+* Copyright (c) 2023-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -31,22 +31,186 @@ namespace polish // language namespace

 	static std::map<std::string, std::string> strings
 	{
+		{"%.2f KiB", "%.2f KiB"},
+		{"%.2f MiB", "%.2f MiB"},
+		{"%.2f GiB", "%.2f GiB"},
 		{"building", "Kompilowanie"},
 		{"failed", "nieudane"},
 		{"expiring", "wygasający"},
 		{"established", "ustanowiony"},
+		{"unknown", "nieznany"},
+		{"exploratory", "eksploracyjny"},
+		{"Purple I2P Webconsole", "Konsola webowa Purple I2P"},
+		{"<b>i2pd</b> webconsole", "<b>i2pd</b> konsola webowa"},
 		{"Main page", "Strona główna"},
 		{"Router commands", "Komendy routera"},
+		{"Local Destinations", "Lokalne miejsca docelowe"},
+		{"LeaseSets", "ZestawyNajmu"},
 		{"Tunnels", "Tunele"},
+		{"Transit Tunnels", "Tunele Tranzytu"},
+		{"Transports", "Transportery"},
+		{"I2P tunnels", "Tunele I2P"},
+		{"SAM sessions", "Sesje SAM"},
+		{"ERROR", "BŁĄD"},
 		{"OK", "Ok"},
+		{"Testing", "Testowanie"},
+		{"Firewalled", "Za zaporą sieciową"},
+		{"Unknown", "Nieznany"},
+		{"Proxy", "Proxy"},
+		{"Mesh", "Sieć"},
+		{"Clock skew", "Przesunięcie czasu"},
+		{"Offline", "Offline"},
+		{"Symmetric NAT", "Symetryczny NAT"},
+		{"Full cone NAT", "Pełny stożek NAT"},
+		{"No Descriptors", "Brak deskryptorów"},
 		{"Uptime", "Czas pracy"},
+		{"Network status", "Stan sieci"},
+		{"Network status v6", "Stan sieci v6"},
+		{"Stopping in", "Zatrzymywanie za"},
+		{"Family", "Rodzina"},
+		{"Tunnel creation success rate", "Wskaźnik sukcesu tworzenia tunelu"},
+		{"Total tunnel creation success rate", "Całkowity wskaźnik sukcesu tworzenia tunelu"},
+		{"Received", "Odebrano"},
+		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Wysłane"},
+		{"Transit", "Tranzyt"},
+		{"Data path", "Ścieżka do danych"},
+		{"Hidden content. Press on text to see.", "Ukryta zawartość. Naciśnij tekst, aby zobaczyć."},
+		{"Router Ident", "Identyfikator routera"},
+		{"Router Family", "Rodzina routera"},
+		{"Router Caps", "Możliwości routera"},
+		{"Version", "Wersja"},
+		{"Our external address", "Nasz zewnętrzny adres"},
+		{"supported", "wspierane"},
+		{"Routers", "Routery"},
+		{"Floodfills", "Floodfille"},
+		{"Client Tunnels", "Tunele Klienta"},
+		{"Services", "Usługi"},
+		{"Enabled", "Aktywny"},
+		{"Disabled", "Wyłączony"},
+		{"Encrypted B33 address", "Zaszyfrowany adres B33"},
+		{"Address registration line", "Linia rejestracji adresu"},
+		{"Domain", "Domena"},
+		{"Generate", "Generuj"},
+		{"<b>Note:</b> result string can be used only for registering 2LD domains (example.i2p). For registering subdomains please use i2pd-tools.", "<b>Uwaga:</b> wynik string może być używany tylko do rejestracji domen 2LD (przykład.i2p). Do rejestracji subdomen należy użyć narzędzi i2pd."},
+		{"Address", "Adres"},
+		{"Type", "Typ"},
+		{"EncType", "TypEnkrypcji"},
+		{"Expire LeaseSet", "Wygaśnij LeaseSet"},
+		{"Inbound tunnels", "Tunele przychodzące"},
+		{"%dms", "%dms"},
+		{"Outbound tunnels", "Tunele wychodzące"},
+		{"Tags", "Tagi"},
+		{"Incoming", "Przychodzące"},
+		{"Outgoing", "Wychodzące"},
+		{"Destination", "Miejsce docelowe"},
+		{"Amount", "Ilość"},
+		{"Incoming Tags", "Przychodzące tagi"},
+		{"Tags sessions", "Sesje tagów"},
+		{"Status", "Status"},
+		{"Local Destination", "Lokalne miejsce docelowe"},
+		{"Streams", "Strumienie"},
+		{"Close stream", "Zamknij strumień"},
+		{"Such destination is not found", "Nie znaleziono takiego miejsca docelowego"},
+		{"I2CP session not found", "Sesja I2CP nie została znaleziona"},
+		{"I2CP is not enabled", "I2CP nie jest włączone"},
+		{"Invalid", "Niepoprawny"},
+		{"Store type", "Rodzaj przechowywania"},
+		{"Expires", "Wygasa za"},
+		{"Non Expired Leases", "Leasingi niewygasłe"},
+		{"Gateway", "Brama"},
+		{"TunnelID", "IDTunelu"},
+		{"EndDate", "DataZakończenia"},
+		{"floodfill mode is disabled", "tryb floodfill jest wyłączony"},
+		{"Queue size", "Wielkość kolejki"},
+		{"Run peer test", "Wykonaj test peer"},
+		{"Reload tunnels configuration", "Załaduj ponownie konfigurację tuneli"},
+		{"Decline transit tunnels", "Odrzuć tunele tranzytowe"},
+		{"Accept transit tunnels", "Akceptuj tunele tranzytowe"},
+		{"Cancel graceful shutdown", "Anuluj łagodne wyłączenie"},
+		{"Start graceful shutdown", "Rozpocznij łagodne wyłączenie"},
+		{"Force shutdown", "Wymuś wyłączenie"},
+		{"Reload external CSS styles", "Odśwież zewnętrzne style CSS"},
+		{"<b>Note:</b> any action done here are not persistent and not changes your config files.", "<b>Uwaga:</b> każda akcja wykonana tutaj nie jest trwała i nie zmienia Twoich plików konfiguracyjnych."},
+		{"Logging level", "Poziom logowania"},
+		{"Transit tunnels limit", "Limit tuneli tranzytowych"},
+		{"Change", "Zmień"},
+		{"Change language", "Zmień język"},
+		{"no transit tunnels currently built", "brak obecnie zbudowanych tuneli tranzytowych"},
+		{"SAM disabled", "SAM wyłączony"},
+		{"no sessions currently running", "brak aktualnie uruchomionych sesji"},
+		{"SAM session not found", "Sesja SAM nie została znaleziona"},
+		{"SAM Session", "Sesja SAM"},
+		{"Server Tunnels", "Tunele Serwera"},
+		{"Client Forwards", "Przekierowania Klienta"},
+		{"Server Forwards", "Przekierowania Serwera"},
+		{"Unknown page", "Nieznana strona"},
+		{"Invalid token", "Nieprawidłowy token"},
+		{"SUCCESS", "SUKCES"},
+		{"Stream closed", "Strumień zamknięty"},
+		{"Stream not found or already was closed", "Strumień nie został znaleziony lub został już zamknięty"},
+		{"Destination not found", "Nie znaleziono punktu docelowego"},
+		{"StreamID can't be null", "StreamID nie może być null"},
+		{"Return to destination page", "Wróć do strony miejsca docelowego"},
+		{"You will be redirected in %d seconds", "Zostaniesz prekierowany za %d sekund"},
+		{"LeaseSet expiration time updated", "Zaktualizowano czas wygaśnięcia LeaseSet"},
+		{"LeaseSet is not found or already expired", "LeaseSet nie został znaleziony lub już wygasł"},
+		{"Transit tunnels count must not exceed %d", "Liczba tuneli tranzytowych nie może przekraczać %d"},
+		{"Back to commands list", "Powrót do listy poleceń"},
+		{"Register at reg.i2p", "Zarejestruj się na reg.i2p"},
+		{"Description", "Opis"},
+		{"A bit information about service on domain", "Trochę informacji o usłudze w domenie"},
+		{"Submit", "Zatwierdź"},
+		{"Domain can't end with .b32.i2p", "Domena nie może kończyć się na .b32.i2p"},
+		{"Domain must end with .i2p", "Domena musi kończyć się na .i2p"},
+		{"Unknown command", "Nieznana komenda"},
+		{"Command accepted", "Polecenie zaakceptowane"},
+		{"Proxy error", "Błąd serwera proxy"},
+		{"Proxy info", "Informacje o proxy"},
+		{"Proxy error: Host not found", "Błąd proxy: Nie znaleziono hosta"},
+		{"Remote host not found in router's addressbook", "Nie znaleziono zdalnego hosta w książce adresowej routera"},
+		{"You may try to find this host on jump services below", "Możesz znaleźć tego hosta na poniższych usługach skoku"},
+		{"Invalid request", "Nieprawidłowe żądanie"},
+		{"Proxy unable to parse your request", "Serwer proxy nie może przetworzyć Twojego żądania"},
+		{"Addresshelper is not supported", "Adresshelper nie jest obsługiwany"},
+		{"Host %s is <font color=red>already in router's addressbook</font>. <b>Be careful: source of this URL may be harmful!</b> Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Host %s <font color=red>jest już w książce adresowej routera</font>. <b>Uważaj: źródło tego adresu URL może być szkodliwe!</b> Kliknij tutaj, aby zaktualizować rekord: <a href=\"%s%s%s&update=true\">Kontynuuj</a>."},
+		{"Addresshelper forced update rejected", "Wymuszona aktualizacja Addreshelper odrzucona"},
+		{"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s\">Continue</a>.", "Aby dodać host <b>%s</b> w książce adresowej routera, kliknij tutaj: <a href=\"%s%s%s\">Kontynuuj</a>."},
+		{"Addresshelper request", "Prośba Addresshelper"},
+		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "Host %s dodany do książki adresowej routera od pomocnika. Kliknij tutaj, aby kontynuować: <a href=\"%s\">Kontynuuj</a>."},
+		{"Addresshelper adding", "Dodawanie Addresshelper"},
+		{"Host %s is <font color=red>already in router's addressbook</font>. Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Host %s jest <font color=red>już w książce adresowej routera</font>. Kliknij tutaj, aby zaktualizować rekord: <a href=\"%s%s%s&update=true\">Kontynuuj</a>."},
+		{"Addresshelper update", "Aktualizacja Adresshelper"},
+		{"Invalid request URI", "Nieprawidłowe URI żądania"},
+		{"Can't detect destination host from request", "Nie można wykryć hosta docelowego z żądania"},
+		{"Outproxy failure", "Błąd proxy wyjściowego"},
+		{"Bad outproxy settings", "Błędne ustawienia proxy wyjściowych"},
+		{"Host %s is not inside I2P network, but outproxy is not enabled", "Host %s nie jest wewnątrz sieci I2P, a proxy wyjściowe nie jest włączone"},
+		{"Unknown outproxy URL", "Nieznany adres URL proxy wyjściowego"},
+		{"Cannot resolve upstream proxy", "Nie można rozwiązać serwera proxy upstream"},
+		{"Hostname is too long", "Nazwa hosta jest zbyt długa"},
+		{"Cannot connect to upstream SOCKS proxy", "Nie można połączyć się z proxy SOCKS upstream"},
+		{"Cannot negotiate with SOCKS proxy", "Nie można negocjować z proxy SOCKS"},
+		{"CONNECT error", "Błąd POŁĄCZENIE"},
+		{"Failed to connect", "Nie udało się połączyć"},
+		{"SOCKS proxy error", "Błąd proxy SOCKS"},
+		{"Failed to send request to upstream", "Nie udało się wysłać żądania do upstream"},
+		{"No reply from SOCKS proxy", "Brak odpowiedzi od serwera proxy SOCKS"},
+		{"Cannot connect", "Nie można się połączyć"},
+		{"HTTP out proxy not implemented", "Serwer wyjściowy proxy HTTP nie został zaimplementowany"},
+		{"Cannot connect to upstream HTTP proxy", "Nie można połączyć się z proxy HTTP upstream"},
+		{"Host is down", "Host jest niedostępny"},
+		{"Can't create connection to requested host, it may be down. Please try again later.", "Nie można utworzyć połączenia z żądanym hostem, może być wyłączony. Spróbuj ponownie później."},
 		{"", ""},
 	};

 	static std::map<std::string, std::vector<std::string>> plurals
 	{
-		{"", {"", "", ""}},
+		{"%d days", {"%d dzień", "%d dni", "%d dni", "%d dni"}},
+		{"%d hours", {"%d godzina", "%d godziny", "%d godzin", "%d godzin"}},
+		{"%d minutes", {"%d minuta", "%d minuty", "%d minut", "%d minut"}},
+		{"%d seconds", {"%d sekunda", "%d sekundy", "%d sekund", "%d sekund"}},
+		{"", {"", "", "", ""}},
 	};

 	std::shared_ptr<const i2p::i18n::Locale> GetLocale()
--- a/i18n/Portuguese.cpp
+++ b/i18n/Portuguese.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2023, The PurpleI2P Project
+* Copyright (c) 2023-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -58,7 +58,7 @@ namespace portuguese // language namespace
 		{"Unknown", "Desconhecido"},
 		{"Proxy", "Proxy"},
 		{"Mesh", "Malha"},
-		{"Clock skew", "Defasagem do Relógio"},
+		{"Clock skew", "Desvio de Relógio"},
 		{"Offline", "Desligado"},
 		{"Symmetric NAT", "NAT Simétrico"},
 		{"Full cone NAT", "Full cone NAT"},
@ -69,11 +69,12 @@ namespace portuguese // language namespace
 		{"Stopping in", "Parando em"},
 		{"Family", "Família"},
 		{"Tunnel creation success rate", "Taxa de sucesso na criação de túneis"},
+		{"Total tunnel creation success rate", "Taxa total de sucesso na criação de túneis"},
 		{"Received", "Recebido"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Enviado"},
 		{"Transit", "Trânsito"},
-		{"Data path", "Diretório dos dados"},
+		{"Data path", "Diretório de dados"},
 		{"Hidden content. Press on text to see.", "Conteúdo oculto. Clique no texto para revelar."},
 		{"Router Ident", "Identidade do Roteador"},
 		{"Router Family", "Família do Roteador"},
@ -95,6 +96,7 @@ namespace portuguese // language namespace
 		{"Address", "Endereço"},
 		{"Type", "Tipo"},
 		{"EncType", "Tipo de Criptografia"},
+		{"Expire LeaseSet", "Expirar LeaseSet"},
 		{"Inbound tunnels", "Túneis de Entrada"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "Túneis de Saída"},
@ -104,11 +106,12 @@ namespace portuguese // language namespace
 		{"Destination", "Destinos"},
 		{"Amount", "Quantidade"},
 		{"Incoming Tags", "Etiquetas de Entrada"},
-		{"Tags sessions", "Sessões de etiquetas"},
+		{"Tags sessions", "Sessões de Etiquetas"},
 		{"Status", "Estado"},
-		{"Local Destination", "Destinos Locais"},
+		{"Local Destination", "Destino Local"},
 		{"Streams", "Fluxos"},
 		{"Close stream", "Fechar fluxo"},
+		{"Such destination is not found", "Tal destino não foi encontrado"},
 		{"I2CP session not found", "Sessão do I2CP não encontrada"},
 		{"I2CP is not enabled", "I2CP não está ativado"},
 		{"Invalid", "Inválido"},
@ -145,42 +148,43 @@ namespace portuguese // language namespace
 		{"Invalid token", "Token Inválido"},
 		{"SUCCESS", "SUCESSO"},
 		{"Stream closed", "Fluxo fechado"},
-		{"Stream not found or already was closed", "Fluxo não encontrado ou já encerrado"},
+		{"Stream not found or already was closed", "Fluxo não encontrado ou já fechado"},
 		{"Destination not found", "Destino não encontrado"},
 		{"StreamID can't be null", "StreamID não pode ser nulo"},
 		{"Return to destination page", "Retornar para à página de destino"},
 		{"You will be redirected in %d seconds", "Você será redirecionado em %d segundos"},
+		{"LeaseSet expiration time updated", "Tempo de validade do LeaseSet atualizado"},
+		{"LeaseSet is not found or already expired", "LeaseSet não foi encontrado ou já expirou"},
 		{"Transit tunnels count must not exceed %d", "A contagem de túneis de trânsito não deve exceder %d"},
 		{"Back to commands list", "Voltar para a lista de comandos"},
-		{"Register at reg.i2p", "Registrar na reg.i2p"},
+		{"Register at reg.i2p", "Registrar em reg.i2p"},
 		{"Description", "Descrição"},
 		{"A bit information about service on domain", "Algumas informações sobre o serviço no domínio"},
 		{"Submit", "Enviar"},
 		{"Domain can't end with .b32.i2p", "O domínio não pode terminar com .b32.i2p"},
 		{"Domain must end with .i2p", "O domínio não pode terminar com .i2p"},
-		{"Such destination is not found", "Tal destino não foi encontrado"},
 		{"Unknown command", "Comando desconhecido"},
 		{"Command accepted", "Comando aceito"},
 		{"Proxy error", "Erro no proxy"},
 		{"Proxy info", "Informações do proxy"},
 		{"Proxy error: Host not found", "Erro no proxy: Host não encontrado"},
 		{"Remote host not found in router's addressbook", "O host remoto não foi encontrado no livro de endereços do roteador"},
-		{"You may try to find this host on jump services below", "Você pode tentar encontrar este host nos jump services abaixo"},
+		{"You may try to find this host on jump services below", "Você pode tentar encontrar este host nos serviços de jump abaixo"},
 		{"Invalid request", "Requisição inválida"},
 		{"Proxy unable to parse your request", "O proxy foi incapaz de processar a sua requisição"},
 		{"Addresshelper is not supported", "O Auxiliar de Endereços não é suportado"},
 		{"Host %s is <font color=red>already in router's addressbook</font>. <b>Be careful: source of this URL may be harmful!</b> Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "O host %s já <font color=red>está no catálogo de endereços do roteador</font>. <b>Cuidado: a fonte desta URL pode ser perigosa!</b> Clique aqui para atualizar o registro: <a href=\"%s%s%s&update=true\">Continuar</a>."},
 		{"Addresshelper forced update rejected", "A atualização forçada do Auxiliar de Endereços foi rejeitada"},
 		{"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s\">Continue</a>.", "Para adicionar o host <b> %s </b> ao catálogo de endereços do roteador, clique aqui: <a href='%s%s%s'>Continuar </a>."},
-		{"Addresshelper request", "Requisição do Auxiliar de Endereços"},
-		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "O host %s foi adicionado ao catálogo de endereços do roteador por um auxiliar. Clique aqui para proceder: <a href='%s'> Continuar </a>."},
+		{"Addresshelper request", "Requisição ao Auxiliar de Endereços"},
+		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "O host %s foi adicionado ao catálogo de endereços do roteador por um auxiliar. Clique aqui para prosseguir: <a href='%s'> Continuar </a>."},
 		{"Addresshelper adding", "Auxiliar de Endereço adicionando"},
 		{"Host %s is <font color=red>already in router's addressbook</font>. Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "O host %s já <font color=red>está no catálogo de endereços do roteador </font>. Clique aqui para atualizar o registro: <a href=\"%s%s%s&update=true\">Continuar</a>."},
 		{"Addresshelper update", "Atualização do Auxiliar de Endereços"},
 		{"Invalid request URI", "A URI de requisição é inválida"},
 		{"Can't detect destination host from request", "Incapaz de detectar o host de destino da requisição"},
 		{"Outproxy failure", "Falha no outproxy"},
-		{"Bad outproxy settings", "Configurações ruins de outproxy"},
+		{"Bad outproxy settings", "Má configurações do outproxy"},
 		{"Host %s is not inside I2P network, but outproxy is not enabled", "O host %s não está dentro da rede I2P, mas o outproxy não está ativado"},
 		{"Unknown outproxy URL", "URL de outproxy desconhecida"},
 		{"Cannot resolve upstream proxy", "Não é possível resolver o proxy de entrada"},
--- a/i18n/Russian.cpp
+++ b/i18n/Russian.cpp
@ -69,6 +69,7 @@ namespace russian // language namespace
 		{"Stopping in", "Остановка через"},
 		{"Family", "Семейство"},
 		{"Tunnel creation success rate", "Успешно построенных туннелей"},
+		{"Total tunnel creation success rate", "Общий процент успешно построенных туннелей"},
 		{"Received", "Получено"},
 		{"%.2f KiB/s", "%.2f КиБ/с"},
 		{"Sent", "Отправлено"},
@ -95,6 +96,7 @@ namespace russian // language namespace
 		{"Address", "Адрес"},
 		{"Type", "Тип"},
 		{"EncType", "ТипШифр"},
+		{"Expire LeaseSet", "Просрочить Лизсет"},
 		{"Inbound tunnels", "Входящие туннели"},
 		{"%dms", "%dмс"},
 		{"Outbound tunnels", "Исходящие туннели"},
@ -109,6 +111,7 @@ namespace russian // language namespace
 		{"Local Destination", "Локальное назначение"},
 		{"Streams", "Стримы"},
 		{"Close stream", "Закрыть стрим"},
+		{"Such destination is not found", "Такая точка назначения не найдена"},
 		{"I2CP session not found", "I2CP сессия не найдена"},
 		{"I2CP is not enabled", "I2CP не включен"},
 		{"Invalid", "Некорректный"},
@ -150,6 +153,8 @@ namespace russian // language namespace
 		{"StreamID can't be null", "StreamID не может быть пустым"},
 		{"Return to destination page", "Вернуться на страницу точки назначения"},
 		{"You will be redirected in %d seconds", "Вы будете переадресованы через %d секунд"},
+		{"LeaseSet expiration time updated", "Время действия LeaseSet обновлено"},
+		{"LeaseSet is not found or already expired", "Лизсет не найден или время действия уже истекло"},
 		{"Transit tunnels count must not exceed %d", "Число транзитных туннелей не должно превышать %d"},
 		{"Back to commands list", "Вернуться к списку команд"},
 		{"Register at reg.i2p", "Зарегистрировать на reg.i2p"},
@ -158,7 +163,6 @@ namespace russian // language namespace
 		{"Submit", "Отправить"},
 		{"Domain can't end with .b32.i2p", "Домен не может заканчиваться на .b32.i2p"},
 		{"Domain must end with .i2p", "Домен должен заканчиваться на .i2p"},
-		{"Such destination is not found", "Такая точка назначения не найдена"},
 		{"Unknown command", "Неизвестная команда"},
 		{"Command accepted", "Команда принята"},
 		{"Proxy error", "Ошибка прокси"},
--- a/i18n/Swedish.cpp
+++ b/i18n/Swedish.cpp
@ -61,6 +61,8 @@ namespace swedish // language namespace
 		{"Clock skew", "Tidsförskjutning"},
 		{"Offline", "Nedkopplad"},
 		{"Symmetric NAT", "Symmetrisk NAT"},
+		{"Full cone NAT", "Full kon NAT"},
+		{"No Descriptors", "Inga Beskrivningar"},
 		{"Uptime", "Upptid"},
 		{"Network status", "Nätverkstillstånd"},
 		{"Network status v6", "Nätverkstillstånd v6"},
@ -107,6 +109,7 @@ namespace swedish // language namespace
 		{"Local Destination", "Lokal Plats"},
 		{"Streams", "Strömmar"},
 		{"Close stream", "Stäng strömmen"},
+		{"Such destination is not found", "En sådan plats hittas ej"},
 		{"I2CP session not found", "I2CP-period hittades inte"},
 		{"I2CP is not enabled", "I2CP är inte påslaget"},
 		{"Invalid", "Ogiltig"},
@ -116,8 +119,10 @@ namespace swedish // language namespace
 		{"Gateway", "Gateway"},
 		{"TunnelID", "TunnelID"},
 		{"EndDate", "EndDate"},
+		{"floodfill mode is disabled", "Floodfill läget är inaktiverat"},
 		{"Queue size", "Köstorlek"},
 		{"Run peer test", "Utför utsiktstest"},
+		{"Reload tunnels configuration", "Ladda om tunnelkonfiguration"},
 		{"Decline transit tunnels", "Avvisa förmedlande tunnlar"},
 		{"Accept transit tunnels", "Tillåt förmedlande tunnlar"},
 		{"Cancel graceful shutdown", "Avbryt välvillig avstängning"},
@ -154,7 +159,6 @@ namespace swedish // language namespace
 		{"Submit", "Skicka"},
 		{"Domain can't end with .b32.i2p", "Domänen får inte sluta med .b32.i2p"},
 		{"Domain must end with .i2p", "Domänen måste sluta med .i2p"},
-		{"Such destination is not found", "En sådan plats hittas ej"},
 		{"Unknown command", "Okänt kommando"},
 		{"Command accepted", "Kommando accepterades"},
 		{"Proxy error", "Proxyfel"},
@ -165,6 +169,14 @@ namespace swedish // language namespace
 		{"Invalid request", "Ogiltig förfrågan"},
 		{"Proxy unable to parse your request", "Proxyt kan inte behandla din förfrågan"},
 		{"Addresshelper is not supported", "Adresshjälparen stöds ej"},
+		{"Host %s is <font color=red>already in router's addressbook</font>. <b>Be careful: source of this URL may be harmful!</b> Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Värd %s är <font color=red>redan i routerns adressbok</font>. <b>Var försiktig: källan till denna URL kan vara skadlig!</b> Klicka här för att uppdatera registreringen: <a href=\"%s%s%s&update=true\">Fortsätt</a>."},
+		{"Addresshelper forced update rejected", "Tvingad uppdatering av adresshjälparen nekad"},
+		{"To add host <b>%s</b> in router's addressbook, click here: <a href=\"%s%s%s\">Continue</a>.", "För att lägga till värd <b>%s</b> i routerns adressbok, klicka här: <a href=\"%s%s%s\">Fortsätt</a>."},
+		{"Addresshelper request", "Adresshjälpare förfrågan"},
+		{"Host %s added to router's addressbook from helper. Click here to proceed: <a href=\"%s\">Continue</a>.", "Värd %s tillagd i routerns adressbok från hjälparen. Klicka här för att fortsätta: <a href=\"%s\">Fortsätt</a>."},
+		{"Addresshelper adding", "Adresshjälpare tilläggning"},
+		{"Host %s is <font color=red>already in router's addressbook</font>. Click here to update record: <a href=\"%s%s%s&update=true\">Continue</a>.", "Värd %s är <font color=red>redan i routerns adressbok</font>. Klicka här för att uppdatera registreringen: <a href=\"%s%s%s&update=true\">Fortsätt</a>."},
+		{"Addresshelper update", "Adresshjälpare uppdatering"},
 		{"Invalid request URI", "Ogiltig förfrågnings-URI"},
 		{"Can't detect destination host from request", "Kan inte upptäcka platsvärden från förfrågan"},
 		{"Outproxy failure", "Utproxyfel"},
--- a/i18n/Ukrainian.cpp
+++ b/i18n/Ukrainian.cpp
@ -69,6 +69,7 @@ namespace ukrainian // language namespace
 		{"Stopping in", "Зупинка через"},
 		{"Family", "Сімейство"},
 		{"Tunnel creation success rate", "Успішно побудованих тунелів"},
+		{"Total tunnel creation success rate", "Загальна кількість створених тунелів"},
 		{"Received", "Отримано"},
 		{"%.2f KiB/s", "%.2f КіБ/с"},
 		{"Sent", "Відправлено"},
@ -95,6 +96,7 @@ namespace ukrainian // language namespace
 		{"Address", "Адреса"},
 		{"Type", "Тип"},
 		{"EncType", "ТипШифр"},
+		{"Expire LeaseSet", "Завершити LeaseSet"},
 		{"Inbound tunnels", "Вхідні тунелі"},
 		{"%dms", "%dмс"},
 		{"Outbound tunnels", "Вихідні тунелі"},
@ -109,6 +111,7 @@ namespace ukrainian // language namespace
 		{"Local Destination", "Локальні Призначення"},
 		{"Streams", "Потоки"},
 		{"Close stream", "Закрити потік"},
+		{"Such destination is not found", "Така точка призначення не знайдена"},
 		{"I2CP session not found", "I2CP сесія не знайдена"},
 		{"I2CP is not enabled", "I2CP не увікнуто"},
 		{"Invalid", "Некоректний"},
@ -150,6 +153,8 @@ namespace ukrainian // language namespace
 		{"StreamID can't be null", "Ідентифікатор потоку не може бути порожнім"},
 		{"Return to destination page", "Повернутися на сторінку точки призначення"},
 		{"You will be redirected in %d seconds", "Ви будете переадресовані через %d секунд"},
+		{"LeaseSet expiration time updated", "Час закінчення LeaseSet оновлено"},
+		{"LeaseSet is not found or already expired", "LeaseSet не знайдено або вже закінчився"},
 		{"Transit tunnels count must not exceed %d", "Кількість транзитних тунелів не повинна перевищувати %d"},
 		{"Back to commands list", "Повернутися до списку команд"},
 		{"Register at reg.i2p", "Зареєструвати на reg.i2p"},
@ -158,7 +163,6 @@ namespace ukrainian // language namespace
 		{"Submit", "Надіслати"},
 		{"Domain can't end with .b32.i2p", "Домен не може закінчуватися на .b32.i2p"},
 		{"Domain must end with .i2p", "Домен повинен закінчуватися на .i2p"},
-		{"Such destination is not found", "Така точка призначення не знайдена"},
 		{"Unknown command", "Невідома команда"},
 		{"Command accepted", "Команда прийнята"},
 		{"Proxy error", "Помилка проксі"},
--- a/i18n/Uzbek.cpp
+++ b/i18n/Uzbek.cpp
@ -69,6 +69,7 @@ namespace uzbek // language namespace
 		{"Stopping in", "Ichida to'xtatish"},
 		{"Family", "Oila"},
 		{"Tunnel creation success rate", "Tunnel yaratish muvaffaqiyat darajasi"},
+		{"Total tunnel creation success rate", "Tunnel yaratishning umumiy muvaffaqiyat darajasi"},
 		{"Received", "Qabul qilindi"},
 		{"%.2f KiB/s", "%.2f KiB/s"},
 		{"Sent", "Yuborilgan"},
@ -95,6 +96,7 @@ namespace uzbek // language namespace
 		{"Address", "Manzil"},
 		{"Type", "Turi"},
 		{"EncType", "ShifrlashTuri"},
+		{"Expire LeaseSet", "LeaseSet muddati tugaydi"},
 		{"Inbound tunnels", "Kirish tunnellari"},
 		{"%dms", "%dms"},
 		{"Outbound tunnels", "Chiquvchi tunnellar"},
@ -109,6 +111,7 @@ namespace uzbek // language namespace
 		{"Local Destination", "Mahalliy joylanish"},
 		{"Streams", "Strim"},
 		{"Close stream", "Strimni o'chirish"},
+		{"Such destination is not found", "Bunday yo'nalish topilmadi"},
 		{"I2CP session not found", "I2CP sessiyasi topilmadi"},
 		{"I2CP is not enabled", "I2CP yoqilmagan"},
 		{"Invalid", "Noto'g'ri"},
@ -150,6 +153,8 @@ namespace uzbek // language namespace
 		{"StreamID can't be null", "StreamID bo'sh bo'lishi mumkin emas"},
 		{"Return to destination page", "Manzilgoh sahifasiga qaytish"},
 		{"You will be redirected in %d seconds", "Siz %d soniyadan so‘ng boshqa yo‘nalishga yo‘naltirilasiz"},
+		{"LeaseSet expiration time updated", "LeaseSet amal qilish muddati yangilandi"},
+		{"LeaseSet is not found or already expired", "LeaseSet topilmadi yoki muddati tugagan"},
 		{"Transit tunnels count must not exceed %d", "Tranzit tunnellar soni %d dan oshmasligi kerak"},
 		{"Back to commands list", "Buyruqlar ro'yxatiga qaytish"},
 		{"Register at reg.i2p", "Reg.i2p-da ro'yxatdan o'ting"},
@ -158,7 +163,6 @@ namespace uzbek // language namespace
 		{"Submit", "Yuborish"},
 		{"Domain can't end with .b32.i2p", "Domen .b32.i2p bilan tugashi mumkin emas"},
 		{"Domain must end with .i2p", "Domen .i2p bilan tugashi kerak"},
-		{"Such destination is not found", "Bunday yo'nalish topilmadi"},
 		{"Unknown command", "Noma'lum buyruq"},
 		{"Command accepted", "Buyruq qabul qilindi"},
 		{"Proxy error", "Proksi xatosi"},
--- a/libi2pd/Base.cpp
+++ b/libi2pd/Base.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -28,6 +28,11 @@ namespace data
 		return T32;
 	}

+	bool IsBase32 (char ch)
+	{
+		return (ch >= 'a' && ch <= 'z') || (ch >= '2' && ch <= '7');
+	}	
+	
 	static void iT64Build(void);

 	/*
@ -55,6 +60,11 @@ namespace data
 		return T64;
 	}

+	bool IsBase64 (char ch)
+	{
+		return (ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9') || ch == '-' || ch == '~';
+	}	
+	
 	/*
 	* Reverse Substitution Table (built in run time)
 	*/
@ -187,6 +197,9 @@ namespace data
 		else
 			return 0;

+		if(*InBuffer == P64)
+			return 0;
+
 		ps = (unsigned char *)(InBuffer + InCount - 1);
 		while ( *ps-- == P64 )
 			outCount--;
@ -269,7 +282,7 @@ namespace data

 	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen)
 	{
-		int tmp = 0, bits = 0;
+		unsigned int tmp = 0, bits = 0;
 		size_t ret = 0;
 		for (size_t i = 0; i < len; i++)
 		{
@ -298,7 +311,7 @@ namespace data
 	size_t ByteStreamToBase32 (const uint8_t * inBuf, size_t len, char * outBuf, size_t outLen)
 	{
 		size_t ret = 0, pos = 1;
-		int bits = 8, tmp = inBuf[0];
+		unsigned int bits = 8, tmp = inBuf[0];
 		while (ret < outLen && (bits > 0 || pos < len))
 		{
 			if (bits < 5)
--- a/libi2pd/Base.h
+++ b/libi2pd/Base.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -19,9 +19,11 @@ namespace data {
 	size_t Base64ToByteStream (const char * InBuffer, size_t InCount, uint8_t * OutBuffer, size_t len );
 	const char * GetBase32SubstitutionTable ();
 	const char * GetBase64SubstitutionTable ();
+	bool IsBase64 (char ch);

 	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen);
 	size_t ByteStreamToBase32 (const uint8_t * InBuf, size_t len, char * outBuf, size_t outLen);
+	bool IsBase32 (char ch);

 	/**
 	 * Compute the size for a buffer to contain encoded base64 given that the size of the input is input_size bytes
--- a/libi2pd/CPU.cpp
+++ b/libi2pd/CPU.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -7,52 +7,62 @@
 */

 #include "CPU.h"
-#if defined(__x86_64__) || defined(__i386__)
-#include <cpuid.h>
-#endif
 #include "Log.h"

 #ifndef bit_AES
-#define bit_AES (1 << 25)
+	#define bit_AES (1 << 25)
 #endif
-#ifndef bit_AVX
-#define bit_AVX (1 << 28)
+
+#if defined(__GNUC__) && __GNUC__ < 6 && IS_X86
+	#include <cpuid.h>
 #endif

+#ifdef _MSC_VER
+	#include <intrin.h>
+#endif

 namespace i2p
 {
 namespace cpu
 {
 	bool aesni = false;
-	bool avx = false;

-	void Detect(bool AesSwitch, bool AvxSwitch, bool force)
+	inline bool cpu_support_aes()
 	{
-#if defined(__x86_64__) || defined(__i386__)
-		int info[4];
-		__cpuid(0, info[0], info[1], info[2], info[3]);
-		if (info[0] >= 0x00000001) {
-			__cpuid(0x00000001, info[0], info[1], info[2], info[3]);
-#if defined (_WIN32) && (WINVER == 0x0501) // WinXP
-			if (AesSwitch && force) { // only if forced
-#else
-			if ((info[2] & bit_AES && AesSwitch) || (AesSwitch && force)) {
+#if IS_X86
+#if defined(__clang__)
+#	if (__clang_major__ >= 6)
+		__builtin_cpu_init();
+#	endif
+		return __builtin_cpu_supports("aes");
+#elif (defined(__GNUC__) && __GNUC__ >= 6)
+		__builtin_cpu_init();
+		return __builtin_cpu_supports("aes");
+#elif (defined(__GNUC__) && __GNUC__ < 6)
+		int cpu_info[4];
+		bool flag = false;
+		__cpuid(0, cpu_info[0], cpu_info[1], cpu_info[2], cpu_info[3]);
+		if (cpu_info[0] >= 0x00000001) {
+			__cpuid(0x00000001, cpu_info[0], cpu_info[1], cpu_info[2], cpu_info[3]);
+			flag = ((cpu_info[2] & bit_AES) != 0);
+		}
+		return flag;
+#elif defined(_MSC_VER)
+		int cpu_info[4];
+		__cpuid(cpu_info, 1);
+		return ((cpu_info[2] & bit_AES) != 0);
 #endif
-				aesni = true;
-			}
-#if defined (_WIN32) && (WINVER == 0x0501) // WinXP
-			if (AvxSwitch && force) { // only if forced
-#else
-			if ((info[2] & bit_AVX && AvxSwitch) || (AvxSwitch && force)) {
 #endif
-				avx = true;
-			}
+		return false;
+	}
+
+	void Detect(bool AesSwitch, bool force)
+	{
+		if ((cpu_support_aes() && AesSwitch) || (AesSwitch && force)) {
+			aesni = true;
 		}
-#endif // defined(__x86_64__) || defined(__i386__)

 		LogPrint(eLogInfo, "AESNI ", (aesni ? "enabled" : "disabled"));
-		LogPrint(eLogInfo, "AVX ", (avx ? "enabled" : "disabled"));
 	}
 }
 }
--- a/libi2pd/CPU.h
+++ b/libi2pd/CPU.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -9,14 +9,31 @@
 #ifndef LIBI2PD_CPU_H
 #define LIBI2PD_CPU_H

+#if defined(_M_AMD64) || defined(__x86_64__) || defined(_M_IX86) || defined(__i386__)
+#	define IS_X86 1
+#	if defined(_M_AMD64) || defined(__x86_64__)
+#		define IS_X86_64 1
+#	else
+#		define IS_X86_64 0
+#	endif
+#else
+#	define IS_X86 0
+#	define IS_X86_64 0
+#endif
+
+#if defined(__AES__) && !defined(_MSC_VER) && IS_X86
+#	define SUPPORTS_AES 1
+#else
+#	define SUPPORTS_AES 0
+#endif
+
 namespace i2p
 {
 namespace cpu
 {
 	extern bool aesni;
-	extern bool avx;

-	void Detect(bool AesSwitch, bool AvxSwitch, bool force);
+	void Detect(bool AesSwitch, bool force);
 }
 }

--- a/libi2pd/Config.cpp
+++ b/libi2pd/Config.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -77,7 +77,8 @@ namespace config {
 		limits.add_options()
 			("limits.coresize", value<uint32_t>()->default_value(0),          "Maximum size of corefile in Kb (0 - use system limit)")
 			("limits.openfiles", value<uint16_t>()->default_value(0),         "Maximum number of open files (0 - use system default)")
-			("limits.transittunnels", value<uint16_t>()->default_value(5000), "Maximum active transit tunnels (default:5000)")
+			("limits.transittunnels", value<uint32_t>()->default_value(10000), "Maximum active transit tunnels (default:10000)")
+			("limits.zombies", value<double>()->default_value(0),             "Minimum percentage of successfully created tunnels under which tunnel cleanup is paused (default [%]: 0.00)")
 			("limits.ntcpsoft", value<uint16_t>()->default_value(0),          "Ignored")
 			("limits.ntcphard", value<uint16_t>()->default_value(0),          "Ignored")
 			("limits.ntcpthreads", value<uint16_t>()->default_value(1),       "Ignored")
@ -192,7 +193,7 @@ namespace config {
 		options_description precomputation("Precomputation options");
 		precomputation.add_options()
 			("precomputation.elgamal",
-#if defined(__x86_64__)
+#if (defined(_M_AMD64) || defined(__x86_64__))
 				value<bool>()->default_value(false),
 #else
 				value<bool>()->default_value(true),
@ -204,7 +205,7 @@ namespace config {
 		reseed.add_options()
 			("reseed.verify", value<bool>()->default_value(false),        "Verify .su3 signature")
 			("reseed.threshold", value<uint16_t>()->default_value(25),    "Minimum number of known routers before requesting reseed")
-			("reseed.floodfill", value<std::string>()->default_value(""), "Path to router info of floodfill to reseed from")
+			("reseed.floodfill", value<std::string>()->default_value(""), "Ignored. Always empty")
 			("reseed.file", value<std::string>()->default_value(""),      "Path to local .su3 file or HTTPS URL to reseed from")
 			("reseed.zipfile", value<std::string>()->default_value(""),   "Path to local .zip file to reseed from")
 			("reseed.proxy", value<std::string>()->default_value(""),     "url for reseed proxy, supports http/socks")
@ -220,7 +221,8 @@ namespace config {
 				"https://reseed-pl.i2pd.xyz/,"
 				"https://www2.mk16.de/,"
 			    "https://i2p.ghativega.in/,"
-			    "https://i2p.novg.net/"
+			    "https://i2p.novg.net/,"
+            	"https://reseed.stormycloud.org/"
 			),                                                            "Reseed URLs, separated by comma")
 			("reseed.yggurls", value<std::string>()->default_value(
 				"http://[324:71e:281a:9ed3::ace]:7070/,"
@ -307,7 +309,7 @@ namespace config {
 		options_description cpuext("CPU encryption extensions options");
 		cpuext.add_options()
 			("cpuext.aesni", bool_switch()->default_value(true),                     "Use auto detection for AESNI CPU extensions. If false, AESNI will be not used")
-			("cpuext.avx", bool_switch()->default_value(true),                       "Use auto detection for AVX CPU extensions. If false, AVX will be not used")
+			("cpuext.avx", bool_switch()->default_value(false),                      "Deprecated option")
 			("cpuext.force", bool_switch()->default_value(false),                    "Force usage of CPU extensions. Useful when cpuinfo is not available on virtual machines")
 		;

--- a/libi2pd/Crypto.cpp
+++ b/libi2pd/Crypto.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -28,6 +28,7 @@
 #include "I2PEndian.h"
 #include "Log.h"

+
 namespace i2p
 {
 namespace crypto
@ -159,7 +160,7 @@ namespace crypto

 // DH/ElGamal

-#if !defined(__x86_64__)
+#if !IS_X86_64
 	const int ELGAMAL_SHORT_EXPONENT_NUM_BITS = 226;
 	const int ELGAMAL_SHORT_EXPONENT_NUM_BYTES = ELGAMAL_SHORT_EXPONENT_NUM_BITS/8+1;
 #endif
@ -361,7 +362,7 @@ namespace crypto
 		BIGNUM * b1 = BN_CTX_get (ctx);
 		BIGNUM * b = BN_CTX_get (ctx);
 		// select random k
-#if defined(__x86_64__)
+#if IS_X86_64
 		BN_rand (k, ELGAMAL_FULL_EXPONENT_NUM_BITS, -1, 1); // full exponent for x64
 #else
 		BN_rand (k, ELGAMAL_SHORT_EXPONENT_NUM_BITS, -1, 1); // short exponent of 226 bits
@ -428,7 +429,7 @@ namespace crypto

 	void GenerateElGamalKeyPair (uint8_t * priv, uint8_t * pub)
 	{
-#if defined(__x86_64__) || defined(__i386__) || defined(_MSC_VER)
+#if IS_X86 || defined(_MSC_VER)
 		RAND_bytes (priv, 256);
 #else
 		// lower 226 bits (28 bytes and 2 bits) only. short exponent
@ -555,7 +556,7 @@ namespace crypto
 	}

 // AES
-#ifdef __AES__
+#if SUPPORTS_AES
 	#define KeyExpansion256(round0,round1) \
 		"pshufd $0xff, %%xmm2, %%xmm2 \n" \
 		"movaps %%xmm1, %%xmm4 \n" \
@ -580,7 +581,7 @@ namespace crypto
 		"movaps %%xmm3, "#round1"(%[sched]) \n"
 #endif

-#ifdef __AES__
+#if SUPPORTS_AES
 	void ECBCryptoAESNI::ExpandKey (const AESKey& key)
 	{
 		__asm__
@ -621,7 +622,7 @@ namespace crypto
 #endif


-#ifdef __AES__
+#if SUPPORTS_AES
 	#define EncryptAES256(sched) \
 		"pxor (%["#sched"]), %%xmm0 \n" \
 		"aesenc	16(%["#sched"]), %%xmm0 \n" \
@ -642,16 +643,18 @@ namespace crypto

 	void ECBEncryption::Encrypt (const ChipherBlock * in, ChipherBlock * out)
 	{
-#ifdef __AES__
+#if SUPPORTS_AES
 		if(i2p::cpu::aesni)
 		{
 			__asm__
-				(
-					"movups (%[in]), %%xmm0 \n"
-					EncryptAES256(sched)
-					"movups %%xmm0, (%[out]) \n"
-					: : [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out) : "%xmm0", "memory"
-					);
+			(
+				"movups (%[in]), %%xmm0 \n"
+				EncryptAES256(sched)
+				"movups %%xmm0, (%[out]) \n"
+				:
+				: [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out)
+				: "%xmm0", "memory"
+			);
 		}
 		else
 #endif
@ -660,7 +663,7 @@ namespace crypto
 		}
 	}

-#ifdef __AES__
+#if SUPPORTS_AES
 	#define DecryptAES256(sched) \
 		"pxor 224(%["#sched"]), %%xmm0 \n" \
 		"aesdec	208(%["#sched"]), %%xmm0 \n" \
@ -681,16 +684,18 @@ namespace crypto

 	void ECBDecryption::Decrypt (const ChipherBlock * in, ChipherBlock * out)
 	{
-#ifdef __AES__
+#if SUPPORTS_AES
 		if(i2p::cpu::aesni)
 		{
 			__asm__
-				(
-					"movups (%[in]), %%xmm0 \n"
-					DecryptAES256(sched)
-					"movups %%xmm0, (%[out]) \n"
-					: : [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out) : "%xmm0", "memory"
-					);
+			(
+				"movups (%[in]), %%xmm0 \n"
+				DecryptAES256(sched)
+				"movups %%xmm0, (%[out]) \n"
+				:
+				: [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out)
+				: "%xmm0", "memory"
+			);
 		}
 		else
 #endif
@ -699,7 +704,7 @@ namespace crypto
 		}
 	}

-#ifdef __AES__
+#if SUPPORTS_AES
 	#define CallAESIMC(offset) \
 		"movaps "#offset"(%[shed]), %%xmm0 \n" \
 		"aesimc %%xmm0, %%xmm0 \n" \
@ -708,7 +713,7 @@ namespace crypto

 	void ECBEncryption::SetKey (const AESKey& key)
 	{
-#ifdef __AES__
+#if SUPPORTS_AES
 		if(i2p::cpu::aesni)
 		{
 			ExpandKey (key);
@ -722,28 +727,30 @@ namespace crypto

 	void ECBDecryption::SetKey (const AESKey& key)
 	{
-#ifdef __AES__
+#if SUPPORTS_AES
 		if(i2p::cpu::aesni)
 		{
 			ExpandKey (key); // expand encryption key first
 			// then invert it using aesimc
 			__asm__
-				(
-					CallAESIMC(16)
-					CallAESIMC(32)
-					CallAESIMC(48)
-					CallAESIMC(64)
-					CallAESIMC(80)
-					CallAESIMC(96)
-					CallAESIMC(112)
-					CallAESIMC(128)
-					CallAESIMC(144)
-					CallAESIMC(160)
-					CallAESIMC(176)
-					CallAESIMC(192)
-					CallAESIMC(208)
-					: : [shed]"r"(GetKeySchedule ()) : "%xmm0", "memory"
-					);
+			(
+				CallAESIMC(16)
+				CallAESIMC(32)
+				CallAESIMC(48)
+				CallAESIMC(64)
+				CallAESIMC(80)
+				CallAESIMC(96)
+				CallAESIMC(112)
+				CallAESIMC(128)
+				CallAESIMC(144)
+				CallAESIMC(160)
+				CallAESIMC(176)
+				CallAESIMC(192)
+				CallAESIMC(208)
+				:
+				: [shed]"r"(GetKeySchedule ())
+				: "%xmm0", "memory"
+			);
 		}
 		else
 #endif
@ -754,28 +761,28 @@ namespace crypto

 	void CBCEncryption::Encrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out)
 	{
-#ifdef __AES__
+#if SUPPORTS_AES
 		if(i2p::cpu::aesni)
 		{
 			__asm__
-				(
-					"movups (%[iv]), %%xmm1 \n"
-					"1: \n"
-					"movups (%[in]), %%xmm0 \n"
-					"pxor %%xmm1, %%xmm0 \n"
-					EncryptAES256(sched)
-					"movaps %%xmm0, %%xmm1 \n"
-					"movups %%xmm0, (%[out]) \n"
-					"add $16, %[in] \n"
-					"add $16, %[out] \n"
-					"dec %[num] \n"
-					"jnz 1b \n"
-					"movups %%xmm1, (%[iv]) \n"
-					:
-					: [iv]"r"((uint8_t *)m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()),
-						[in]"r"(in), [out]"r"(out), [num]"r"(numBlocks)
-					: "%xmm0", "%xmm1", "cc", "memory"
-					);
+			(
+				"movups (%[iv]), %%xmm1 \n"
+				"1: \n"
+				"movups (%[in]), %%xmm0 \n"
+				"pxor %%xmm1, %%xmm0 \n"
+				EncryptAES256(sched)
+				"movaps %%xmm0, %%xmm1 \n"
+				"movups %%xmm0, (%[out]) \n"
+				"add $16, %[in] \n"
+				"add $16, %[out] \n"
+				"dec %[num] \n"
+				"jnz 1b \n"
+				"movups %%xmm1, (%[iv]) \n"
+				:
+				: [iv]"r"((uint8_t *)m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()),
+					[in]"r"(in), [out]"r"(out), [num]"r"(numBlocks)
+				: "%xmm0", "%xmm1", "cc", "memory"
+			);
 		}
 		else
 #endif
@ -799,22 +806,22 @@ namespace crypto

 	void CBCEncryption::Encrypt (const uint8_t * in, uint8_t * out)
 	{
-#ifdef __AES__
+#if SUPPORTS_AES
 		if(i2p::cpu::aesni)
 		{
 			__asm__
-				(
-					"movups (%[iv]), %%xmm1 \n"
-					"movups (%[in]), %%xmm0 \n"
-					"pxor %%xmm1, %%xmm0 \n"
-					EncryptAES256(sched)
-					"movups %%xmm0, (%[out]) \n"
-					"movups %%xmm0, (%[iv]) \n"
-					:
-					: [iv]"r"((uint8_t *)m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()),
-						[in]"r"(in), [out]"r"(out)
-					: "%xmm0", "%xmm1", "memory"
-					);
+			(
+				"movups (%[iv]), %%xmm1 \n"
+				"movups (%[in]), %%xmm0 \n"
+				"pxor %%xmm1, %%xmm0 \n"
+				EncryptAES256(sched)
+				"movups %%xmm0, (%[out]) \n"
+				"movups %%xmm0, (%[iv]) \n"
+				:
+				: [iv]"r"((uint8_t *)m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()),
+					[in]"r"(in), [out]"r"(out)
+				: "%xmm0", "%xmm1", "memory"
+			);
 		}
 		else
 #endif
@ -823,29 +830,29 @@ namespace crypto

 	void CBCDecryption::Decrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out)
 	{
-#ifdef __AES__
+#if SUPPORTS_AES
 		if(i2p::cpu::aesni)
 		{
 			__asm__
-				(
-					"movups (%[iv]), %%xmm1 \n"
-					"1: \n"
-					"movups (%[in]), %%xmm0 \n"
-					"movaps %%xmm0, %%xmm2 \n"
-					DecryptAES256(sched)
-					"pxor %%xmm1, %%xmm0 \n"
-					"movups %%xmm0, (%[out]) \n"
-					"movaps %%xmm2, %%xmm1 \n"
-					"add $16, %[in] \n"
-					"add $16, %[out] \n"
-					"dec %[num] \n"
-					"jnz 1b \n"
-					"movups %%xmm1, (%[iv]) \n"
-					:
-					: [iv]"r"((uint8_t *)m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()),
-						[in]"r"(in), [out]"r"(out), [num]"r"(numBlocks)
-					: "%xmm0", "%xmm1", "%xmm2", "cc", "memory"
-					);
+			(
+				"movups (%[iv]), %%xmm1 \n"
+				"1: \n"
+				"movups (%[in]), %%xmm0 \n"
+				"movaps %%xmm0, %%xmm2 \n"
+				DecryptAES256(sched)
+				"pxor %%xmm1, %%xmm0 \n"
+				"movups %%xmm0, (%[out]) \n"
+				"movaps %%xmm2, %%xmm1 \n"
+				"add $16, %[in] \n"
+				"add $16, %[out] \n"
+				"dec %[num] \n"
+				"jnz 1b \n"
+				"movups %%xmm1, (%[iv]) \n"
+				:
+				: [iv]"r"((uint8_t *)m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()),
+					[in]"r"(in), [out]"r"(out), [num]"r"(numBlocks)
+				: "%xmm0", "%xmm1", "%xmm2", "cc", "memory"
+			);
 		}
 		else
 #endif
@ -869,22 +876,22 @@ namespace crypto

 	void CBCDecryption::Decrypt (const uint8_t * in, uint8_t * out)
 	{
-#ifdef __AES__
+#if SUPPORTS_AES
 		if(i2p::cpu::aesni)
 		{
 			__asm__
-				(
-					"movups (%[iv]), %%xmm1 \n"
-					"movups (%[in]), %%xmm0 \n"
-					"movups %%xmm0, (%[iv]) \n"
-					DecryptAES256(sched)
-					"pxor %%xmm1, %%xmm0 \n"
-					"movups %%xmm0, (%[out]) \n"
-					:
-					: [iv]"r"((uint8_t *)m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()),
-						[in]"r"(in), [out]"r"(out)
-					: "%xmm0", "%xmm1", "memory"
-					);
+			(
+				"movups (%[iv]), %%xmm1 \n"
+				"movups (%[in]), %%xmm0 \n"
+				"movups %%xmm0, (%[iv]) \n"
+				DecryptAES256(sched)
+				"pxor %%xmm1, %%xmm0 \n"
+				"movups %%xmm0, (%[out]) \n"
+				:
+				: [iv]"r"((uint8_t *)m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()),
+					[in]"r"(in), [out]"r"(out)
+				: "%xmm0", "%xmm1", "memory"
+			);
 		}
 		else
 #endif
@ -893,34 +900,34 @@ namespace crypto

 	void TunnelEncryption::Encrypt (const uint8_t * in, uint8_t * out)
 	{
-#ifdef __AES__
+#if SUPPORTS_AES
 		if(i2p::cpu::aesni)
 		{
 			__asm__
-				(
-					// encrypt IV
-					"movups (%[in]), %%xmm0 \n"
-					EncryptAES256(sched_iv)
-					"movaps %%xmm0, %%xmm1 \n"
-					// double IV encryption
-					EncryptAES256(sched_iv)
-					"movups %%xmm0, (%[out]) \n"
-					// encrypt data, IV is xmm1
-					"1: \n"
-					"add $16, %[in] \n"
-					"add $16, %[out] \n"
-					"movups (%[in]), %%xmm0 \n"
-					"pxor %%xmm1, %%xmm0 \n"
-					EncryptAES256(sched_l)
-					"movaps %%xmm0, %%xmm1 \n"
-					"movups %%xmm0, (%[out]) \n"
-					"dec %[num] \n"
-					"jnz 1b \n"
-					:
-					: [sched_iv]"r"(m_IVEncryption.GetKeySchedule ()), [sched_l]"r"(m_LayerEncryption.ECB().GetKeySchedule ()),
-						[in]"r"(in), [out]"r"(out), [num]"r"(63) // 63 blocks = 1008 bytes
-					: "%xmm0", "%xmm1", "cc", "memory"
-					);
+			(
+				// encrypt IV
+				"movups (%[in]), %%xmm0 \n"
+				EncryptAES256(sched_iv)
+				"movaps %%xmm0, %%xmm1 \n"
+				// double IV encryption
+				EncryptAES256(sched_iv)
+				"movups %%xmm0, (%[out]) \n"
+				// encrypt data, IV is xmm1
+				"1: \n"
+				"add $16, %[in] \n"
+				"add $16, %[out] \n"
+				"movups (%[in]), %%xmm0 \n"
+				"pxor %%xmm1, %%xmm0 \n"
+				EncryptAES256(sched_l)
+				"movaps %%xmm0, %%xmm1 \n"
+				"movups %%xmm0, (%[out]) \n"
+				"dec %[num] \n"
+				"jnz 1b \n"
+				:
+				: [sched_iv]"r"(m_IVEncryption.GetKeySchedule ()), [sched_l]"r"(m_LayerEncryption.ECB().GetKeySchedule ()),
+					[in]"r"(in), [out]"r"(out), [num]"r"(63) // 63 blocks = 1008 bytes
+				: "%xmm0", "%xmm1", "cc", "memory"
+			);
 		}
 		else
 #endif
@ -934,35 +941,35 @@ namespace crypto

 	void TunnelDecryption::Decrypt (const uint8_t * in, uint8_t * out)
 	{
-#ifdef __AES__
+#if SUPPORTS_AES
 		if(i2p::cpu::aesni)
 		{
 			__asm__
-				(
-					// decrypt IV
-					"movups	(%[in]), %%xmm0 \n"
-					DecryptAES256(sched_iv)
-					"movaps %%xmm0, %%xmm1 \n"
-					// double IV encryption
-					DecryptAES256(sched_iv)
-					"movups %%xmm0, (%[out]) \n"
-					// decrypt data, IV is xmm1
-					"1: \n"
-					"add $16, %[in] \n"
-					"add $16, %[out] \n"
-					"movups (%[in]), %%xmm0 \n"
-					"movaps %%xmm0, %%xmm2 \n"
-					DecryptAES256(sched_l)
-					"pxor %%xmm1, %%xmm0 \n"
-					"movups %%xmm0, (%[out]) \n"
-					"movaps %%xmm2, %%xmm1 \n"
-					"dec %[num] \n"
-					"jnz 1b \n"
-					:
-					: [sched_iv]"r"(m_IVDecryption.GetKeySchedule ()), [sched_l]"r"(m_LayerDecryption.ECB().GetKeySchedule ()),
-						[in]"r"(in), [out]"r"(out), [num]"r"(63) // 63 blocks = 1008 bytes
-					: "%xmm0", "%xmm1", "%xmm2", "cc", "memory"
-					);
+			(
+				// decrypt IV
+				"movups	(%[in]), %%xmm0 \n"
+				DecryptAES256(sched_iv)
+				"movaps %%xmm0, %%xmm1 \n"
+				// double IV encryption
+				DecryptAES256(sched_iv)
+				"movups %%xmm0, (%[out]) \n"
+				// decrypt data, IV is xmm1
+				"1: \n"
+				"add $16, %[in] \n"
+				"add $16, %[out] \n"
+				"movups (%[in]), %%xmm0 \n"
+				"movaps %%xmm0, %%xmm2 \n"
+				DecryptAES256(sched_l)
+				"pxor %%xmm1, %%xmm0 \n"
+				"movups %%xmm0, (%[out]) \n"
+				"movaps %%xmm2, %%xmm1 \n"
+				"dec %[num] \n"
+				"jnz 1b \n"
+				:
+				: [sched_iv]"r"(m_IVDecryption.GetKeySchedule ()), [sched_l]"r"(m_LayerDecryption.ECB().GetKeySchedule ()),
+					[in]"r"(in), [out]"r"(out), [num]"r"(63) // 63 blocks = 1008 bytes
+				: "%xmm0", "%xmm1", "%xmm2", "cc", "memory"
+			);
 		}
 		else
 #endif
@ -991,7 +998,7 @@ namespace crypto
 			EVP_EncryptInit_ex(ctx, NULL, NULL, key, nonce);
 			EVP_EncryptUpdate(ctx, NULL, &outlen, ad, adLen);
 			EVP_EncryptUpdate(ctx, buf, &outlen, msg, msgLen);
-			EVP_EncryptFinal_ex(ctx, buf, &outlen);
+			EVP_EncryptFinal_ex(ctx, buf + outlen, &outlen);
 			EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, buf + msgLen);
 		}
 		else
@ -1285,9 +1292,9 @@ namespace crypto
 		}
 	}*/

-	void InitCrypto (bool precomputation, bool aesni, bool avx, bool force)
+	void InitCrypto (bool precomputation, bool aesni, bool force)
 	{
-		i2p::cpu::Detect (aesni, avx, force);
+		i2p::cpu::Detect (aesni, force);
 #if LEGACY_OPENSSL
 		SSL_library_init ();
 #endif
@ -1297,7 +1304,7 @@ namespace crypto
 		CRYPTO_set_locking_callback (OpensslLockingCallback);*/
 		if (precomputation)
 		{
-#if defined(__x86_64__)
+#if IS_X86_64
 			g_ElggTable = new BIGNUM * [ELGAMAL_FULL_EXPONENT_NUM_BYTES][255];
 			PrecalculateElggTable (g_ElggTable, ELGAMAL_FULL_EXPONENT_NUM_BYTES);
 #else
@ -1312,7 +1319,7 @@ namespace crypto
 		if (g_ElggTable)
 		{
 			DestroyElggTable (g_ElggTable,
-#if defined(__x86_64__)
+#if IS_X86_64
 				ELGAMAL_FULL_EXPONENT_NUM_BYTES
 #else
 				ELGAMAL_SHORT_EXPONENT_NUM_BYTES
--- a/libi2pd/Crypto.h
+++ b/libi2pd/Crypto.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -150,7 +150,7 @@ namespace crypto
 	};


-#ifdef __AES__
+#if SUPPORTS_AES
 	class ECBCryptoAESNI
 	{
 		public:
@ -167,7 +167,7 @@ namespace crypto
 	};
 #endif

-#ifdef __AES__
+#if SUPPORTS_AES
 	class ECBEncryption: public ECBCryptoAESNI
 #else
 	class ECBEncryption
@ -183,7 +183,7 @@ namespace crypto
 		AES_KEY m_Key;
 	};

-#ifdef __AES__
+#if SUPPORTS_AES
 	class ECBDecryption: public ECBCryptoAESNI
 #else
 	class ECBDecryption
@ -307,7 +307,7 @@ namespace crypto
 	void InitNoiseIKState (NoiseSymmetricState& state, const uint8_t * pub); // Noise_IK (ratchets)

 // init and terminate
-	void InitCrypto (bool precomputation, bool aesni, bool avx, bool force);
+	void InitCrypto (bool precomputation, bool aesni, bool force);
 	void TerminateCrypto ();
 }
 }
--- a/libi2pd/Datagram.cpp
+++ b/libi2pd/Datagram.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -19,7 +19,7 @@ namespace i2p
 namespace datagram
 {
 	DatagramDestination::DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner, bool gzip):
-		m_Owner (owner), m_Receiver (nullptr), m_RawReceiver (nullptr), m_Gzip (gzip)
+		m_Owner (owner), m_DefaultReceiver (nullptr), m_DefaultRawReceiver (nullptr), m_Gzip (gzip)
 	{
 		if (m_Gzip)
 			m_Deflator.reset (new i2p::data::GzipDeflator);
@ -119,19 +119,79 @@ namespace datagram

 	void DatagramDestination::HandleRawDatagram (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len)
 	{
-		if (m_RawReceiver)
-			m_RawReceiver (fromPort, toPort, buf, len);
+		auto r = FindRawReceiver(toPort);
+
+		if (r)
+			r (fromPort, toPort, buf, len);
 		else
 			LogPrint (eLogWarning, "DatagramDestination: no receiver for raw datagram");
 	}

+	void DatagramDestination::SetReceiver (const Receiver& receiver, uint16_t port)
+	{
+		std::lock_guard<std::mutex> lock(m_ReceiversMutex);
+		m_ReceiversByPorts[port] = receiver;
+		if (!m_DefaultReceiver) {
+			m_DefaultReceiver = receiver;
+			m_DefaultReceiverPort = port;
+		}
+	}
+
+	void DatagramDestination::ResetReceiver (uint16_t port)
+	{
+		std::lock_guard<std::mutex> lock(m_ReceiversMutex);
+		m_ReceiversByPorts.erase (port);
+		if (m_DefaultReceiverPort == port) {
+			m_DefaultReceiver = nullptr;
+			m_DefaultReceiverPort = 0;
+		}
+	}
+
+
+	void DatagramDestination::SetRawReceiver (const RawReceiver& receiver, uint16_t port)
+	{
+		std::lock_guard<std::mutex> lock(m_RawReceiversMutex);
+		m_RawReceiversByPorts[port] = receiver;
+		if (!m_DefaultRawReceiver) {
+			m_DefaultRawReceiver = receiver;
+			m_DefaultRawReceiverPort = port;
+		}
+	}
+
+	void DatagramDestination::ResetRawReceiver (uint16_t port)
+	{
+		std::lock_guard<std::mutex> lock(m_RawReceiversMutex);
+		m_RawReceiversByPorts.erase (port);
+		if (m_DefaultRawReceiverPort == port) {
+			m_DefaultRawReceiver = nullptr;
+			m_DefaultRawReceiverPort = 0;
+		}
+	}
+
+
 	DatagramDestination::Receiver DatagramDestination::FindReceiver(uint16_t port)
 	{
 		std::lock_guard<std::mutex> lock(m_ReceiversMutex);
-		Receiver r = m_Receiver;
+		Receiver r = nullptr;
 		auto itr = m_ReceiversByPorts.find(port);
 		if (itr != m_ReceiversByPorts.end())
 			r = itr->second;
+		else {
+			r = m_DefaultReceiver;
+		}
+		return r;
+	}
+
+	DatagramDestination::RawReceiver DatagramDestination::FindRawReceiver(uint16_t port)
+	{
+		std::lock_guard<std::mutex> lock(m_RawReceiversMutex);
+		RawReceiver r = nullptr;
+		auto itr = m_RawReceiversByPorts.find(port);
+		if (itr != m_RawReceiversByPorts.end())
+			r = itr->second;
+		else {
+			r = m_DefaultRawReceiver;
+		}
 		return r;
 	}

@ -425,7 +485,7 @@ namespace datagram
 				if (m)
 					send.push_back(i2p::tunnel::TunnelMessageBlock{i2p::tunnel::eDeliveryTypeTunnel,routingPath->remoteLease->tunnelGateway, routingPath->remoteLease->tunnelID, m});
 			}
-			routingPath->outboundTunnel->SendTunnelDataMsg(send);
+			routingPath->outboundTunnel->SendTunnelDataMsgs(send);
 		}
 		m_SendQueue.clear();
 	}
--- a/libi2pd/Datagram.h
+++ b/libi2pd/Datagram.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -126,14 +126,12 @@ namespace datagram

 			void HandleDataMessagePayload (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len, bool isRaw = false);

-			void SetReceiver (const Receiver& receiver) { m_Receiver = receiver; };
-			void ResetReceiver () { m_Receiver = nullptr; };

-			void SetReceiver (const Receiver& receiver, uint16_t port) { std::lock_guard<std::mutex> lock(m_ReceiversMutex); m_ReceiversByPorts[port] = receiver; };
-			void ResetReceiver (uint16_t port) { std::lock_guard<std::mutex> lock(m_ReceiversMutex); m_ReceiversByPorts.erase (port); };
+			void SetReceiver (const Receiver& receiver, uint16_t port);
+			void ResetReceiver (uint16_t port);

-			void SetRawReceiver (const RawReceiver& receiver) { m_RawReceiver = receiver; };
-			void ResetRawReceiver () { m_RawReceiver = nullptr; };
+			void SetRawReceiver (const RawReceiver& receiver, uint16_t port);
+			void ResetRawReceiver (uint16_t port);

 			std::shared_ptr<DatagramSession::Info> GetInfoForRemote(const i2p::data::IdentHash & remote);

@ -150,20 +148,26 @@ namespace datagram
 			void HandleDatagram (uint16_t fromPort, uint16_t toPort, uint8_t *const& buf, size_t len);
 			void HandleRawDatagram (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);

-			/** find a receiver by port, if none by port is found try default receiever, otherwise returns nullptr */
 			Receiver FindReceiver(uint16_t port);
+			RawReceiver FindRawReceiver(uint16_t port);

 		private:

 			std::shared_ptr<i2p::client::ClientDestination> m_Owner;
-			Receiver m_Receiver; // default
-			RawReceiver m_RawReceiver; // default
-			bool m_Gzip; // gzip compression of data messages
+
 			std::mutex m_SessionsMutex;
 			std::map<i2p::data::IdentHash, DatagramSession_ptr > m_Sessions;
+
+			Receiver m_DefaultReceiver;
+			RawReceiver m_DefaultRawReceiver;
+			uint16_t m_DefaultReceiverPort;
+			uint16_t m_DefaultRawReceiverPort;
 			std::mutex m_ReceiversMutex;
-			std::map<uint16_t, Receiver> m_ReceiversByPorts;
+			std::mutex m_RawReceiversMutex;
+			std::unordered_map<uint16_t, Receiver> m_ReceiversByPorts;
+			std::unordered_map<uint16_t, RawReceiver> m_RawReceiversByPorts;

+			bool m_Gzip; // gzip compression of data messages
 			i2p::data::GzipInflator m_Inflator;
 			std::unique_ptr<i2p::data::GzipDeflator> m_Deflator;
 			std::vector<uint8_t> m_From, m_Signature;
--- a/libi2pd/Destination.cpp
+++ b/libi2pd/Destination.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -108,7 +108,7 @@ namespace client
 						if (authType >= i2p::data::ENCRYPTED_LEASESET_AUTH_TYPE_NONE && authType <= i2p::data::ENCRYPTED_LEASESET_AUTH_TYPE_PSK)
 							m_AuthType = authType;
 						else
-							LogPrint (eLogError, "Destination: Unknown auth type ", authType);
+							LogPrint (eLogError, "Destination: Unknown auth type: ", authType);
 					}
 				}
 				it = params->find (I2CP_PARAM_LEASESET_PRIV_KEY);
@ -117,7 +117,7 @@ namespace client
 					m_LeaseSetPrivKey.reset (new i2p::data::Tag<32>());
 					if (m_LeaseSetPrivKey->FromBase64 (it->second) != 32)
 					{
-						LogPrint(eLogError, "Destination: Invalid value i2cp.leaseSetPrivKey ", it->second);
+						LogPrint(eLogCritical, "Destination: Invalid value i2cp.leaseSetPrivKey: ", it->second);
 						m_LeaseSetPrivKey.reset (nullptr);
 					}
 				}
@ -262,17 +262,6 @@ namespace client
 				return nullptr;
 			}
 		}
-		else
-		{
-			auto ls = i2p::data::netdb.FindLeaseSet (ident);
-			if (ls && !ls->IsExpired ())
-			{
-				ls->PopulateLeases (); // since we don't store them in netdb
-				std::lock_guard<std::mutex> _lock(m_RemoteLeaseSetsMutex);
-				m_RemoteLeaseSets[ident] = ls;
-				return ls;
-			}
-		}
 		return nullptr;
 	}

@ -378,9 +367,12 @@ namespace client
 				HandleDataMessage (payload, len);
 			break;
 			case eI2NPDeliveryStatus:
-				// we assume tunnel tests non-encrypted
 				HandleDeliveryStatusMessage (bufbe32toh (payload + DELIVERY_STATUS_MSGID_OFFSET));
 			break;
+			case eI2NPTunnelTest:
+				if (m_Pool)
+					m_Pool->ProcessTunnelTest (bufbe32toh (payload + TUNNEL_TEST_MSGID_OFFSET), bufbe64toh (payload + TUNNEL_TEST_TIMESTAMP_OFFSET));
+			break;
 			case eI2NPDatabaseStore:
 				HandleDatabaseStoreMessage (payload, len);
 			break;
@ -418,6 +410,7 @@ namespace client
 		}
 		i2p::data::IdentHash key (buf + DATABASE_STORE_KEY_OFFSET);
 		std::shared_ptr<i2p::data::LeaseSet> leaseSet;
+		std::shared_ptr<LeaseSetRequest> request;
 		switch (buf[DATABASE_STORE_TYPE_OFFSET])
 		{
 			case i2p::data::NETDB_STORE_TYPE_LEASESET: // 1
@ -473,34 +466,59 @@ namespace client
 			case i2p::data::NETDB_STORE_TYPE_ENCRYPTED_LEASESET2: // 5
 			{
 				auto it2 = m_LeaseSetRequests.find (key);
-				if (it2 != m_LeaseSetRequests.end () && it2->second->requestedBlindedKey)
-				{
-					auto ls2 = std::make_shared<i2p::data::LeaseSet2> (buf + offset, len - offset,
-						it2->second->requestedBlindedKey, m_LeaseSetPrivKey ? ((const uint8_t *)*m_LeaseSetPrivKey) : nullptr , GetPreferredCryptoType ());
-					if (ls2->IsValid () && !ls2->IsExpired ())
+				if (it2 != m_LeaseSetRequests.end ())
+				{	
+					request = it2->second;
+					m_LeaseSetRequests.erase (it2);
+					if (request->requestedBlindedKey)
 					{
-						leaseSet = ls2;
-						std::lock_guard<std::mutex> lock(m_RemoteLeaseSetsMutex);
-						m_RemoteLeaseSets[ls2->GetIdentHash ()] = ls2; // ident is not key
-						m_RemoteLeaseSets[key] = ls2; // also store as key for next lookup
+						auto ls2 = std::make_shared<i2p::data::LeaseSet2> (buf + offset, len - offset,
+							request->requestedBlindedKey, m_LeaseSetPrivKey ? ((const uint8_t *)*m_LeaseSetPrivKey) : nullptr , GetPreferredCryptoType ());
+						if (ls2->IsValid () && !ls2->IsExpired ())
+						{
+							leaseSet = ls2;
+							std::lock_guard<std::mutex> lock(m_RemoteLeaseSetsMutex);
+							m_RemoteLeaseSets[ls2->GetIdentHash ()] = ls2; // ident is not key
+							m_RemoteLeaseSets[key] = ls2; // also store as key for next lookup
+						}
+						else
+							LogPrint (eLogError, "Destination: New remote encrypted LeaseSet2 failed");
 					}
 					else
-						LogPrint (eLogError, "Destination: New remote encrypted LeaseSet2 failed");
+					{
+						// publishing verification doesn't have requestedBlindedKey
+						auto localLeaseSet = GetLeaseSetMt ();
+						if (localLeaseSet->GetStoreHash () == key)
+						{	
+							auto ls = std::make_shared<i2p::data::LeaseSet2> (i2p::data::NETDB_STORE_TYPE_ENCRYPTED_LEASESET2, 
+								localLeaseSet->GetBuffer (), localLeaseSet->GetBufferLen (), false);
+							leaseSet = ls;	
+						}	
+						else
+							LogPrint (eLogWarning, "Destination: Encrypted LeaseSet2 received for request without blinded key");
+					}	
 				}
 				else
-					LogPrint (eLogInfo, "Destination: Couldn't find request for encrypted LeaseSet2");
+					LogPrint (eLogWarning, "Destination: Couldn't find request for encrypted LeaseSet2");
 				break;
 			}
 			default:
 				LogPrint (eLogError, "Destination: Unexpected client's DatabaseStore type ", buf[DATABASE_STORE_TYPE_OFFSET], ", dropped");
 		}

-		auto it1 = m_LeaseSetRequests.find (key);
-		if (it1 != m_LeaseSetRequests.end ())
+		if (!request)
+		{	
+			auto it1 = m_LeaseSetRequests.find (key);
+			if (it1 != m_LeaseSetRequests.end ())
+			{	
+				request = it1->second;
+				m_LeaseSetRequests.erase (it1);
+			}	
+		}	
+		if (request)
 		{
-			it1->second->requestTimeoutTimer.cancel ();
-			if (it1->second) it1->second->Complete (leaseSet);
-			m_LeaseSetRequests.erase (it1);
+			request->requestTimeoutTimer.cancel ();
+			request->Complete (leaseSet);
 		}
 	}

@ -513,38 +531,43 @@ namespace client
 		if (it != m_LeaseSetRequests.end ())
 		{
 			auto request = it->second;
-			bool found = false;
-			if (request->excluded.size () < MAX_NUM_FLOODFILLS_PER_REQUEST)
+			for (int i = 0; i < num; i++)
 			{
-				for (int i = 0; i < num; i++)
+				i2p::data::IdentHash peerHash (buf + 33 + i*32);
+				if (!request->excluded.count (peerHash) && !i2p::data::netdb.FindRouter (peerHash))
 				{
-					i2p::data::IdentHash peerHash (buf + 33 + i*32);
-					if (!request->excluded.count (peerHash) && !i2p::data::netdb.FindRouter (peerHash))
-					{
-						LogPrint (eLogInfo, "Destination: Found new floodfill, request it");
-						i2p::data::netdb.RequestDestination (peerHash, nullptr, false); // through exploratory
-					}
-				}
-
-				auto floodfill = i2p::data::netdb.GetClosestFloodfill (key, request->excluded);
-				if (floodfill)
-				{
-					LogPrint (eLogInfo, "Destination: Requesting ", key.ToBase64 (), " at ", floodfill->GetIdentHash ().ToBase64 ());
-					if (SendLeaseSetRequest (key, floodfill, request))
-						found = true;
+					LogPrint (eLogInfo, "Destination: Found new floodfill, request it");
+					i2p::data::netdb.RequestDestination (peerHash, nullptr, false); // through exploratory
 				}
 			}
-			if (!found)
-			{
-				LogPrint (eLogInfo, "Destination: ", key.ToBase64 (), " was not found on ", MAX_NUM_FLOODFILLS_PER_REQUEST, " floodfills");
-				request->Complete (nullptr);
-				m_LeaseSetRequests.erase (key);
-			}
+			SendNextLeaseSetRequest (key, request);
 		}
 		else
 			LogPrint (eLogWarning, "Destination: Request for ", key.ToBase64 (), " not found");
 	}

+	void LeaseSetDestination::SendNextLeaseSetRequest (const i2p::data::IdentHash& key, 
+		std::shared_ptr<LeaseSetRequest> request)
+	{
+		bool found = false;
+		if (request->excluded.size () < MAX_NUM_FLOODFILLS_PER_REQUEST)
+		{
+			auto floodfill = i2p::data::netdb.GetClosestFloodfill (key, request->excluded);
+			if (floodfill)
+			{
+				LogPrint (eLogInfo, "Destination: Requesting ", key.ToBase64 (), " at ", floodfill->GetIdentHash ().ToBase64 ());
+				if (SendLeaseSetRequest (key, floodfill, request))
+					found = true;
+			}
+		}
+		if (!found)
+		{
+			LogPrint (eLogInfo, "Destination: ", key.ToBase64 (), " was not found on ", MAX_NUM_FLOODFILLS_PER_REQUEST, " floodfills");
+			request->Complete (nullptr);
+			m_LeaseSetRequests.erase (key);
+		}
+	}	
+		
 	void LeaseSetDestination::HandleDeliveryStatusMessage (uint32_t msgID)
 	{
 		if (msgID == m_PublishReplyToken)
@ -589,12 +612,7 @@ namespace client
 				shared_from_this (), std::placeholders::_1));
 			return;
 		}
-		if (!m_Pool->GetInboundTunnels ().size () || !m_Pool->GetOutboundTunnels ().size ())
-		{
-			LogPrint (eLogError, "Destination: Can't publish LeaseSet. Destination is not ready");
-			return;
-		}
-		auto floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetIdentHash (), m_ExcludedFloodfills);
+		auto floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetStoreHash (), m_ExcludedFloodfills);
 		if (!floodfill)
 		{
 			LogPrint (eLogError, "Destination: Can't publish LeaseSet, no more floodfills found");
@ -605,26 +623,39 @@ namespace client
 		auto inbound = m_Pool->GetNextInboundTunnel (nullptr, floodfill->GetCompatibleTransports (true));
 		if (!outbound || !inbound)
 		{
-			LogPrint (eLogInfo, "Destination: No compatible tunnels with ", floodfill->GetIdentHash ().ToBase64 (), ". Trying another floodfill");
-			m_ExcludedFloodfills.insert (floodfill->GetIdentHash ());
-			floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetIdentHash (), m_ExcludedFloodfills);
-			if (floodfill)
-			{
-				outbound = m_Pool->GetNextOutboundTunnel (nullptr, floodfill->GetCompatibleTransports (false));
-				if (outbound)
+			if (!m_Pool->GetInboundTunnels ().empty () && !m_Pool->GetOutboundTunnels ().empty ())
+			{	
+				LogPrint (eLogInfo, "Destination: No compatible tunnels with ", floodfill->GetIdentHash ().ToBase64 (), ". Trying another floodfill");
+				m_ExcludedFloodfills.insert (floodfill->GetIdentHash ());
+				floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetStoreHash (), m_ExcludedFloodfills);
+				if (floodfill)
 				{
-					inbound = m_Pool->GetNextInboundTunnel (nullptr, floodfill->GetCompatibleTransports (true));
-					if (!inbound)
-						LogPrint (eLogError, "Destination: Can't publish LeaseSet. No inbound tunnels");
+					outbound = m_Pool->GetNextOutboundTunnel (nullptr, floodfill->GetCompatibleTransports (false));
+					if (outbound)
+					{
+						inbound = m_Pool->GetNextInboundTunnel (nullptr, floodfill->GetCompatibleTransports (true));
+						if (!inbound)
+							LogPrint (eLogError, "Destination: Can't publish LeaseSet. No inbound tunnels");
+					}
+					else
+						LogPrint (eLogError, "Destination: Can't publish LeaseSet. No outbound tunnels");
 				}
 				else
-					LogPrint (eLogError, "Destination: Can't publish LeaseSet. No outbound tunnels");
-			}
+					LogPrint (eLogError, "Destination: Can't publish LeaseSet, no more floodfills found");
+			}	
 			else
-				LogPrint (eLogError, "Destination: Can't publish LeaseSet, no more floodfills found");
+				LogPrint (eLogDebug, "Destination: No tunnels in pool");
+			
 			if (!floodfill || !outbound || !inbound)
 			{
+				// we can't publish now
 				m_ExcludedFloodfills.clear ();
+				m_PublishReplyToken = 1; // dummy non-zero value
+				// try again after a while
+				LogPrint (eLogInfo, "Destination: Can't publish LeasetSet because destination is not ready. Try publishing again after ", PUBLISH_CONFIRMATION_TIMEOUT, " seconds");
+				m_PublishConfirmationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_CONFIRMATION_TIMEOUT));
+				m_PublishConfirmationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishConfirmationTimer,
+					shared_from_this (), std::placeholders::_1));
 				return;
 			}
 		}
@ -632,10 +663,19 @@ namespace client
 		LogPrint (eLogDebug, "Destination: Publish LeaseSet of ", GetIdentHash ().ToBase32 ());
 		RAND_bytes ((uint8_t *)&m_PublishReplyToken, 4);
 		auto msg = WrapMessageForRouter (floodfill, i2p::CreateDatabaseStoreMsg (leaseSet, m_PublishReplyToken, inbound));
+		auto s = shared_from_this ();
+		msg->onDrop = [s]()
+			{
+				s->GetService ().post([s]()
+					{
+						s->m_PublishConfirmationTimer.cancel ();
+						s->HandlePublishConfirmationTimer (boost::system::error_code());
+					});
+			};
 		m_PublishConfirmationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_CONFIRMATION_TIMEOUT));
 		m_PublishConfirmationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishConfirmationTimer,
 			shared_from_this (), std::placeholders::_1));
-		outbound->SendTunnelDataMsg (floodfill->GetIdentHash (), 0, msg);
+		outbound->SendTunnelDataMsgTo (floodfill->GetIdentHash (), 0, msg);
 		m_LastSubmissionTime = ts;
 	}

@ -648,7 +688,7 @@ namespace client
 				m_PublishReplyToken = 0;
 				if (GetIdentity ()->GetCryptoKeyType () == i2p::data::CRYPTO_KEY_TYPE_ELGAMAL)
 				{
-					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " seconds, will try again");
+					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT, " seconds or failed. will try again");
 					Publish ();
 				}
 				else
@ -761,7 +801,7 @@ namespace client

 	void LeaseSetDestination::RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> requestedBlindedKey)
 	{
-		std::set<i2p::data::IdentHash> excluded;
+		std::unordered_set<i2p::data::IdentHash> excluded;
 		auto floodfill = i2p::data::netdb.GetClosestFloodfill (dest, excluded);
 		if (floodfill)
 		{
@ -833,9 +873,18 @@ namespace client
 				AddECIESx25519Key (replyKey, replyTag);
 			else
 				AddSessionKey (replyKey, replyTag);
-			auto msg = WrapMessageForRouter (nextFloodfill, CreateLeaseSetDatabaseLookupMsg (dest,
-				request->excluded, request->replyTunnel, replyKey, replyTag, isECIES));
-			request->outboundTunnel->SendTunnelDataMsg (
+			
+			auto msg = WrapMessageForRouter (nextFloodfill, 
+				CreateLeaseSetDatabaseLookupMsg (dest, request->excluded, request->replyTunnel, replyKey, replyTag, isECIES));
+			auto s = shared_from_this ();
+			msg->onDrop = [s, dest, request]()
+				{
+					s->GetService ().post([s, dest, request]()
+						{
+							s->SendNextLeaseSetRequest (dest, request);
+						});
+				};	
+			request->outboundTunnel->SendTunnelDataMsgs (
 				{
 					i2p::tunnel::TunnelMessageBlock
 					{
@ -930,7 +979,7 @@ namespace client
 		bool isPublic, const std::map<std::string, std::string> * params):
 		LeaseSetDestination (service, isPublic, params),
 		m_Keys (keys), m_StreamingAckDelay (DEFAULT_INITIAL_ACK_DELAY),
-		m_IsStreamingAnswerPings (DEFAULT_ANSWER_PINGS),
+		m_IsStreamingAnswerPings (DEFAULT_ANSWER_PINGS), m_LastPort (0),
 		m_DatagramDestination (nullptr), m_RefCounter (0),
 		m_ReadyChecker(service)
 	{
@ -1000,7 +1049,7 @@ namespace client
 					m_StreamingAckDelay = std::stoi(it->second);
 				it = params->find (I2CP_PARAM_STREAMING_ANSWER_PINGS);
 				if (it != params->end ())
-					m_IsStreamingAnswerPings = (it->second == "true");
+					m_IsStreamingAnswerPings = std::stoi (it->second); // 1 for true

 				if (GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_ENCRYPTED_LEASESET2)
 				{
@ -1014,12 +1063,12 @@ namespace client
 						else if (authType == i2p::data::ENCRYPTED_LEASESET_AUTH_TYPE_PSK)
 							ReadAuthKey (I2CP_PARAM_LEASESET_CLIENT_PSK, params);
 						else
-							LogPrint (eLogError, "Destination: Unexpected auth type ", authType);
+							LogPrint (eLogError, "Destination: Unexpected auth type: ", authType);
 						if (m_AuthKeys->size ())
 							LogPrint (eLogInfo, "Destination: ", m_AuthKeys->size (), " auth keys read");
 						else
 						{
-							LogPrint (eLogError, "Destination: No auth keys read for auth type ", authType);
+							LogPrint (eLogCritical, "Destination: No auth keys read for auth type: ", authType);
 							m_AuthKeys = nullptr;
 						}
 					}
@ -1028,7 +1077,7 @@ namespace client
 		}
 		catch (std::exception & ex)
 		{
-			LogPrint(eLogError, "Destination: Unable to parse parameters for destination: ", ex.what());
+			LogPrint(eLogCritical, "Destination: Unable to parse parameters for destination: ", ex.what());
 		}
 	}

@ -1047,22 +1096,30 @@ namespace client

 	void ClientDestination::Stop ()
 	{
+		LogPrint(eLogDebug, "Destination: Stopping destination ", GetIdentHash().ToBase32(), ".b32.i2p");
 		LeaseSetDestination::Stop ();
 		m_ReadyChecker.cancel();
+		LogPrint(eLogDebug, "Destination: -> Stopping Streaming Destination");
 		m_StreamingDestination->Stop ();
 		//m_StreamingDestination->SetOwner (nullptr);
 		m_StreamingDestination = nullptr;
+
+		LogPrint(eLogDebug, "Destination: -> Stopping Streaming Destination by ports");
 		for (auto& it: m_StreamingDestinationsByPorts)
 		{
 			it.second->Stop ();
 			//it.second->SetOwner (nullptr);
 		}
 		m_StreamingDestinationsByPorts.clear ();
+		m_LastStreamingDestination = nullptr;
+
 		if (m_DatagramDestination)
 		{
+			LogPrint(eLogDebug, "Destination: -> Stopping Datagram Destination");
 			delete m_DatagramDestination;
 			m_DatagramDestination = nullptr;
 		}
+		LogPrint(eLogDebug, "Destination: -> Stopping done");
 	}

 	void ClientDestination::HandleDataMessage (const uint8_t * buf, size_t len)
@ -1082,9 +1139,15 @@ namespace client
 			case PROTOCOL_TYPE_STREAMING:
 			{
 				// streaming protocol
-				auto dest = GetStreamingDestination (toPort);
-				if (dest)
-					dest->HandleDataMessagePayload (buf, length);
+				if (toPort != m_LastPort || !m_LastStreamingDestination)
+				{
+					m_LastStreamingDestination = GetStreamingDestination (toPort);
+					if (!m_LastStreamingDestination)
+						m_LastStreamingDestination = m_StreamingDestination; // if no destination on port use default
+					m_LastPort = toPort;
+				}
+				if (m_LastStreamingDestination)
+					m_LastStreamingDestination->HandleDataMessagePayload (buf, length);
 				else
 					LogPrint (eLogError, "Destination: Missing streaming destination");
 			}
@ -1108,7 +1171,7 @@ namespace client
 		}
 	}

-	void ClientDestination::CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, int port)
+	void ClientDestination::CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, uint16_t port)
 	{
 		if (!streamRequestComplete)
 		{
@ -1138,7 +1201,7 @@ namespace client
 		}
 	}

-	void ClientDestination::CreateStream (StreamRequestComplete streamRequestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> dest, int port)
+	void ClientDestination::CreateStream (StreamRequestComplete streamRequestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> dest, uint16_t port)
 	{
 		if (!streamRequestComplete)
 		{
@ -1157,7 +1220,7 @@ namespace client
 	}

 	template<typename Dest>
-	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStreamSync (const Dest& dest, int port)
+	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStreamSync (const Dest& dest, uint16_t port)
 	{
 		volatile bool done = false;
 		std::shared_ptr<i2p::stream::Stream> stream;
@ -1181,17 +1244,17 @@ namespace client
 		return stream;
 	}

-	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStream (const i2p::data::IdentHash& dest, int port)
+	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStream (const i2p::data::IdentHash& dest, uint16_t port)
 	{
 		return CreateStreamSync (dest, port);
 	}

-	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStream (std::shared_ptr<const i2p::data::BlindedPublicKey> dest, int port)
+	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStream (std::shared_ptr<const i2p::data::BlindedPublicKey> dest, uint16_t port)
 	{
 		return CreateStreamSync (dest, port);
 	}

-	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port)
+	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, uint16_t port)
 	{
 		if (m_StreamingDestination)
 			return m_StreamingDestination->CreateNewOutgoingStream (remote, port);
@ -1228,7 +1291,7 @@ namespace client
 			});
 	}

-	std::shared_ptr<i2p::stream::StreamingDestination> ClientDestination::GetStreamingDestination (int port) const
+	std::shared_ptr<i2p::stream::StreamingDestination> ClientDestination::GetStreamingDestination (uint16_t port) const
 	{
 		if (port)
 		{
@ -1236,8 +1299,9 @@ namespace client
 			if (it != m_StreamingDestinationsByPorts.end ())
 				return it->second;
 		}
-		// if port is zero or not found, use default destination
-		return m_StreamingDestination;
+		else // if port is zero, use default destination
+			return m_StreamingDestination;
+		return nullptr;
 	}

 	void ClientDestination::AcceptStreams (const i2p::stream::StreamingDestination::Acceptor& acceptor)
@ -1265,7 +1329,7 @@ namespace client
 			m_StreamingDestination->AcceptOnce (acceptor);
 	}

-	std::shared_ptr<i2p::stream::StreamingDestination> ClientDestination::CreateStreamingDestination (int port, bool gzip)
+	std::shared_ptr<i2p::stream::StreamingDestination> ClientDestination::CreateStreamingDestination (uint16_t port, bool gzip)
 	{
 		auto dest = std::make_shared<i2p::stream::StreamingDestination> (GetSharedFromThis (), port, gzip);
 		if (port)
@ -1275,7 +1339,7 @@ namespace client
 		return dest;
 	}

-	std::shared_ptr<i2p::stream::StreamingDestination> ClientDestination::RemoveStreamingDestination (int port)
+	std::shared_ptr<i2p::stream::StreamingDestination> ClientDestination::RemoveStreamingDestination (uint16_t port)
 	{
 		if (port)
 		{
@ -1336,7 +1400,7 @@ namespace client
 			f1.write ((char *)keys->priv, 256);
 			return;
 		}
-		LogPrint(eLogError, "Destinations: Can't save keys to ", path);
+		LogPrint(eLogCritical, "Destinations: Can't save keys to ", path);
 	}

 	void ClientDestination::CreateNewLeaseSet (const std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> >& tunnels)
@ -1413,7 +1477,7 @@ namespace client
 				if (pubKey.FromBase64 (it.second.substr (pos+1)))
 					m_AuthKeys->push_back (pubKey);
 				else
-					LogPrint (eLogError, "Destination: Unexpected auth key ", it.second.substr (pos+1));
+					LogPrint (eLogCritical, "Destination: Unexpected auth key: ", it.second.substr (pos+1));
 			}
 		}
 	}
--- a/libi2pd/Destination.h
+++ b/libi2pd/Destination.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -14,7 +14,8 @@
 #include <mutex>
 #include <memory>
 #include <map>
-#include <set>
+#include <unordered_map>
+#include <unordered_set>
 #include <string>
 #include <functional>
 #include <boost/asio.hpp>
@ -96,7 +97,7 @@ namespace client
 		struct LeaseSetRequest
 		{
 			LeaseSetRequest (boost::asio::io_service& service): requestTime (0), requestTimeoutTimer (service) {};
-			std::set<i2p::data::IdentHash> excluded;
+			std::unordered_set<i2p::data::IdentHash> excluded;
 			uint64_t requestTime;
 			boost::asio::deadline_timer requestTimeoutTimer;
 			std::list<RequestComplete> requestComplete;
@ -175,6 +176,7 @@ namespace client

 			void RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> requestedBlindedKey = nullptr);
 			bool SendLeaseSetRequest (const i2p::data::IdentHash& dest, std::shared_ptr<const i2p::data::RouterInfo> nextFloodfill, std::shared_ptr<LeaseSetRequest> request);
+			void SendNextLeaseSetRequest (const i2p::data::IdentHash& key, std::shared_ptr<LeaseSetRequest> request);
 			void HandleRequestTimoutTimer (const boost::system::error_code& ecode, const i2p::data::IdentHash& dest);
 			void HandleCleanupTimer (const boost::system::error_code& ecode);
 			void CleanupRemoteLeaseSets ();
@ -184,8 +186,8 @@ namespace client

 			boost::asio::io_service& m_Service;
 			mutable std::mutex m_RemoteLeaseSetsMutex;
-			std::map<i2p::data::IdentHash, std::shared_ptr<i2p::data::LeaseSet> > m_RemoteLeaseSets;
-			std::map<i2p::data::IdentHash, std::shared_ptr<LeaseSetRequest> > m_LeaseSetRequests;
+			std::unordered_map<i2p::data::IdentHash, std::shared_ptr<i2p::data::LeaseSet> > m_RemoteLeaseSets;
+			std::unordered_map<i2p::data::IdentHash, std::shared_ptr<LeaseSetRequest> > m_LeaseSetRequests;

 			std::shared_ptr<i2p::tunnel::TunnelPool> m_Pool;
 			std::mutex m_LeaseSetMutex;
@ -193,7 +195,7 @@ namespace client
 			bool m_IsPublic;
 			uint32_t m_PublishReplyToken;
 			uint64_t m_LastSubmissionTime; // in seconds
-			std::set<i2p::data::IdentHash> m_ExcludedFloodfills; // for publishing
+			std::unordered_set<i2p::data::IdentHash> m_ExcludedFloodfills; // for publishing

 			boost::asio::deadline_timer m_PublishConfirmationTimer, m_PublishVerificationTimer,
 				m_PublishDelayTimer, m_CleanupTimer;
@ -241,15 +243,15 @@ namespace client
 			int GetRefCounter () const { return m_RefCounter; };

 			// streaming
-			std::shared_ptr<i2p::stream::StreamingDestination> CreateStreamingDestination (int port, bool gzip = true); // additional
-			std::shared_ptr<i2p::stream::StreamingDestination> GetStreamingDestination (int port = 0) const;
-			std::shared_ptr<i2p::stream::StreamingDestination> RemoveStreamingDestination (int port);
+			std::shared_ptr<i2p::stream::StreamingDestination> CreateStreamingDestination (uint16_t port, bool gzip = true); // additional
+			std::shared_ptr<i2p::stream::StreamingDestination> GetStreamingDestination (uint16_t port = 0) const;
+			std::shared_ptr<i2p::stream::StreamingDestination> RemoveStreamingDestination (uint16_t port);
 			// following methods operate with default streaming destination
-			void CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, int port = 0);
-			void CreateStream (StreamRequestComplete streamRequestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> dest, int port = 0);
-			std::shared_ptr<i2p::stream::Stream> CreateStream (const i2p::data::IdentHash& dest, int port = 0); // sync
-			std::shared_ptr<i2p::stream::Stream> CreateStream (std::shared_ptr<const i2p::data::BlindedPublicKey> dest, int port = 0); // sync
-			std::shared_ptr<i2p::stream::Stream> CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port = 0);
+			void CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, uint16_t port = 0);
+			void CreateStream (StreamRequestComplete streamRequestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> dest, uint16_t port = 0);
+			std::shared_ptr<i2p::stream::Stream> CreateStream (const i2p::data::IdentHash& dest, uint16_t port = 0); // sync
+			std::shared_ptr<i2p::stream::Stream> CreateStream (std::shared_ptr<const i2p::data::BlindedPublicKey> dest, uint16_t port = 0); // sync
+			std::shared_ptr<i2p::stream::Stream> CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, uint16_t port = 0);
 			void SendPing (const i2p::data::IdentHash& to);
 			void SendPing (std::shared_ptr<const i2p::data::BlindedPublicKey> to);
 			void AcceptStreams (const i2p::stream::StreamingDestination::Acceptor& acceptor);
@ -285,7 +287,7 @@ namespace client
 			void ReadAuthKey (const std::string& group, const std::map<std::string, std::string> * params);

 			template<typename Dest>
-			std::shared_ptr<i2p::stream::Stream> CreateStreamSync (const Dest& dest, int port);
+			std::shared_ptr<i2p::stream::Stream> CreateStreamSync (const Dest& dest, uint16_t port);

 		private:

@ -297,6 +299,7 @@ namespace client
 			bool m_IsStreamingAnswerPings;
 			std::shared_ptr<i2p::stream::StreamingDestination> m_StreamingDestination; // default
 			std::map<uint16_t, std::shared_ptr<i2p::stream::StreamingDestination> > m_StreamingDestinationsByPorts;
+			std::shared_ptr<i2p::stream::StreamingDestination> m_LastStreamingDestination; uint16_t m_LastPort; // for server tunnels
 			i2p::datagram::DatagramDestination * m_DatagramDestination;
 			int m_RefCounter; // how many clients(tunnels) use this destination

--- a/libi2pd/ECIESX25519AEADRatchetSession.cpp
+++ b/libi2pd/ECIESX25519AEADRatchetSession.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -117,6 +117,12 @@ namespace garlic
 		return session->HandleNextMessage (buf, len, shared_from_this (), index);
 	}

+	bool ReceiveRatchetTagSet::IsSessionTerminated () const 
+	{ 
+		return !m_Session || m_Session->IsTerminated (); 
+	}
+
+	
 	SymmetricKeyTagSet::SymmetricKeyTagSet (GarlicDestination * destination, const uint8_t * key):
 		ReceiveRatchetTagSet (nullptr), m_Destination (destination)
 	{
@ -857,7 +863,7 @@ namespace garlic
 			payloadLen += msg->GetPayloadLength () + 13;
 			if (m_Destination) payloadLen += 32;
 		}
-		if (GetLeaseSetUpdateStatus () == eLeaseSetSubmitted && ts > GetLeaseSetSubmissionTime () + LEASET_CONFIRMATION_TIMEOUT)
+		if (GetLeaseSetUpdateStatus () == eLeaseSetSubmitted && ts > GetLeaseSetSubmissionTime () + LEASESET_CONFIRMATION_TIMEOUT)
 		{
 			// resubmit non-confirmed LeaseSet
 			SetLeaseSetUpdateStatus (eLeaseSetUpdated);
@ -1148,9 +1154,9 @@ namespace garlic
 		return len;
 	}

-	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag)
+	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<I2NPMessage> msg, const uint8_t * key, uint64_t tag)
 	{
-		auto m = NewI2NPMessage ();
+		auto m = NewI2NPMessage ((msg ? msg->GetPayloadLength () : 0) + 128);
 		m->Align (12); // in order to get buf aligned to 16 (12 + 4)
 		uint8_t * buf = m->GetPayload () + 4; // 4 bytes for length
 		size_t offset = 0;
@ -1168,15 +1174,21 @@ namespace garlic
 		htobe32buf (m->GetPayload (), offset);
 		m->len += offset + 4;
 		m->FillI2NPMessageHeader (eI2NPGarlic);
+		if (msg->onDrop)
+		{
+			// move onDrop to the wrapping I2NP messages
+			m->onDrop = msg->onDrop;
+			msg->onDrop = nullptr;
+		}
 		return m;
 	}

-	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<const I2NPMessage> msg, const uint8_t * routerPublicKey)
+	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<I2NPMessage> msg, const uint8_t * routerPublicKey)
 	{
 		// Noise_N, we are Alice, routerPublicKey is Bob's
 		i2p::crypto::NoiseSymmetricState noiseState;
 		i2p::crypto::InitNoiseNState (noiseState, routerPublicKey);
-		auto m = NewI2NPMessage ();
+		auto m = NewI2NPMessage ((msg ? msg->GetPayloadLength () : 0) + 128);
 		m->Align (12); // in order to get buf aligned to 16 (12 + 4)
 		uint8_t * buf = m->GetPayload () + 4; // 4 bytes for length
 		size_t offset = 0;
@ -1205,6 +1217,12 @@ namespace garlic
 		htobe32buf (m->GetPayload (), offset);
 		m->len += offset + 4;
 		m->FillI2NPMessageHeader (eI2NPGarlic);
+		if (msg->onDrop)
+		{
+			// move onDrop to the wrapping I2NP messages
+			m->onDrop = msg->onDrop;
+			msg->onDrop = nullptr;
+		}	
 		return m;
 	}
 }
--- a/libi2pd/ECIESX25519AEADRatchetSession.h
+++ b/libi2pd/ECIESX25519AEADRatchetSession.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -86,7 +86,8 @@ namespace garlic

 			virtual bool IsIndexExpired (int index) const;
 			virtual bool HandleNextMessage (uint8_t * buf, size_t len, int index);
-
+			virtual bool IsSessionTerminated () const;
+			
 		private:

 			int m_TrimBehindIndex = 0;
@ -101,9 +102,10 @@ namespace garlic

 			SymmetricKeyTagSet (GarlicDestination * destination, const uint8_t * key);

-			bool IsIndexExpired (int index) const { return false; };
-			bool HandleNextMessage (uint8_t * buf, size_t len, int index);
-
+			bool IsIndexExpired (int index) const override { return false; };
+			bool HandleNextMessage (uint8_t * buf, size_t len, int index) override;
+			bool IsSessionTerminated () const override { return false; }
+			
 		private:

 			GarlicDestination * m_Destination;
@ -245,8 +247,8 @@ namespace garlic
 			i2p::crypto::NoiseSymmetricState m_CurrentNoiseState;
 	};

-	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<const I2NPMessage> msg, const uint8_t * key, uint64_t tag);
-	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<const I2NPMessage> msg, const uint8_t * routerPublicKey);
+	std::shared_ptr<I2NPMessage> WrapECIESX25519Message (std::shared_ptr<I2NPMessage> msg, const uint8_t * key, uint64_t tag);
+	std::shared_ptr<I2NPMessage> WrapECIESX25519MessageForRouter (std::shared_ptr<I2NPMessage> msg, const uint8_t * routerPublicKey);
 }
 }

--- a/libi2pd/Ed25519.cpp
+++ b/libi2pd/Ed25519.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -413,7 +413,7 @@ namespace crypto
 		BIGNUM * y = BN_new ();
 		BN_bin2bn (buf1, EDDSA25519_PUBLIC_KEY_LENGTH, y);
 		BIGNUM * x = RecoverX (y, ctx);
-		if (BN_is_bit_set (x, 0) != isHighestBitSet)
+		if ((bool)BN_is_bit_set (x, 0) != isHighestBitSet)
 			BN_sub (x, q, x); // x = q - x
 		BIGNUM * z = BN_new (), * t = BN_new ();
 		BN_one (z); BN_mod_mul (t, x, y, q, ctx); // pre-calculate t
--- a/libi2pd/FS.cpp
+++ b/libi2pd/FS.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -9,6 +9,11 @@
 #include <algorithm>
 #include <boost/filesystem.hpp>

+#if defined(MAC_OSX)
+#include <boost/system/system_error.hpp>
+#include <TargetConditionals.h>
+#endif
+
 #ifdef _WIN32
 #include <shlobj.h>
 #include <windows.h>
@ -49,7 +54,11 @@ namespace fs {

 	const std::string GetUTF8DataDir () {
 #ifdef _WIN32
+#if (BOOST_VERSION >= 108500)
+		boost::filesystem::path path (dataDir);
+#else
 		boost::filesystem::wpath path (dataDir);
+#endif
 		auto loc = boost::filesystem::path::imbue(std::locale( std::locale(), new std::codecvt_utf8_utf16<wchar_t>() ) ); // convert path to UTF-8
 		auto dataDirUTF8 = path.string();
 		boost::filesystem::path::imbue(loc); // Return locale settings back
@ -82,7 +91,11 @@ namespace fs {
 			}
 			else
 			{
+#if (BOOST_VERSION >= 108500)
+				dataDir = boost::filesystem::path(commonAppData).string() + "\\" + appName;
+#else
 				dataDir = boost::filesystem::wpath(commonAppData).string() + "\\" + appName;
+#endif
 			}
 #else
 			dataDir = "/var/lib/" + appName;
@ -107,7 +120,11 @@ namespace fs {
 		}
 		else
 		{
+#if (BOOST_VERSION >= 108500)
+			auto execPath = boost::filesystem::path(localAppData).parent_path();
+#else
 			auto execPath = boost::filesystem::wpath(localAppData).parent_path();
+#endif

 			// if config file exists in .exe's folder use it
 			if(boost::filesystem::exists(execPath/"i2pd.conf")) // TODO: magic string
@ -126,7 +143,11 @@ namespace fs {
 				}
 				else
 				{
+#if (BOOST_VERSION >= 108500)
+					dataDir = boost::filesystem::path(localAppData).string() + "\\" + appName;
+#else
 					dataDir = boost::filesystem::wpath(localAppData).string() + "\\" + appName;
+#endif
 				}
 			}
 		}
@ -136,6 +157,14 @@ namespace fs {
 		dataDir = (home != NULL && strlen(home) > 0) ? home : "";
 		dataDir += "/Library/Application Support/" + appName;
 		return;
+#elif defined(__HAIKU__)
+		char *home = getenv("HOME");
+		if (home != NULL && strlen(home) > 0) {
+			dataDir = std::string(home) + "/config/settings/" + appName;
+		} else {
+			dataDir = "/tmp/" + appName;
+		}
+		return;
 #else /* other unix */
 #if defined(ANDROID)
 		const char * ext = getenv("EXTERNAL_STORAGE");
@ -243,8 +272,22 @@ namespace fs {
 			auto p = root + i2p::fs::dirSep + prefix1 + chars[i];
 			if (boost::filesystem::exists(p))
 				continue;
+#if TARGET_OS_SIMULATOR
+			// ios simulator fs says it is case sensitive, but it is not
+			boost::system::error_code ec;
+			if (boost::filesystem::create_directory(p, ec))
+				continue;
+			switch (ec.value()) {
+				case boost::system::errc::file_exists:
+				case boost::system::errc::success:
+					continue;
+				default:
+					throw boost::system::system_error( ec, __func__ );
+			}
+#else
 			if (boost::filesystem::create_directory(p))
 				continue; /* ^ throws exception on failure */
+#endif
 			return false;
 		}
 		return true;
--- a/libi2pd/Family.cpp
+++ b/libi2pd/Family.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -88,7 +88,7 @@ namespace data
 				}
 				EVP_PKEY_free (pkey);
 				if (verifier && cn)
-					m_SigningKeys.emplace (cn, std::make_pair(verifier, m_SigningKeys.size () + 1));
+					m_SigningKeys.emplace (cn, std::make_pair(verifier, (int)m_SigningKeys.size () + 1));
 			}
 			SSL_free (ssl);
 		}
--- a/libi2pd/Garlic.cpp
+++ b/libi2pd/Garlic.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -80,7 +80,7 @@ namespace garlic

 	void GarlicRoutingSession::CleanupUnconfirmedLeaseSet (uint64_t ts)
 	{
-		if (m_LeaseSetUpdateMsgID && ts*1000LL > m_LeaseSetSubmissionTime + LEASET_CONFIRMATION_TIMEOUT)
+		if (m_LeaseSetUpdateMsgID && ts*1000LL > m_LeaseSetSubmissionTime + LEASESET_CONFIRMATION_TIMEOUT)
 		{
 			if (GetOwner ())
 				GetOwner ()->RemoveDeliveryStatusSession (m_LeaseSetUpdateMsgID);
@ -232,7 +232,7 @@ namespace garlic
 		if (GetOwner ())
 		{
 			// resubmit non-confirmed LeaseSet
-			if (GetLeaseSetUpdateStatus () == eLeaseSetSubmitted && ts > GetLeaseSetSubmissionTime () + LEASET_CONFIRMATION_TIMEOUT)
+			if (GetLeaseSetUpdateStatus () == eLeaseSetSubmitted && ts > GetLeaseSetSubmissionTime () + LEASESET_CONFIRMATION_TIMEOUT)
 			{
 				SetLeaseSetUpdateStatus (eLeaseSetUpdated);
 				SetSharedRoutingPath (nullptr); // invalidate path since leaseset was not confirmed
@ -588,7 +588,7 @@ namespace garlic
 		auto it = m_ECIESx25519Tags.find (tag);
 		if (it != m_ECIESx25519Tags.end ())
 		{
-			if (it->second.tagset->HandleNextMessage (buf, len, it->second.index))
+			if (it->second.tagset && it->second.tagset->HandleNextMessage (buf, len, it->second.index))
 				m_LastTagset = it->second.tagset;
 			else
 				LogPrint (eLogError, "Garlic: Can't handle ECIES-X25519-AEAD-Ratchet message");
@ -709,7 +709,7 @@ namespace garlic
 						else
 							LogPrint (eLogError, "Garlic: Tunnel pool is not set for inbound tunnel");
 						if (tunnel) // we have sent it through an outbound tunnel
-							tunnel->SendTunnelDataMsg (gwHash, gwTunnel, msg);
+							tunnel->SendTunnelDataMsgTo (gwHash, gwTunnel, msg);
 						else
 							LogPrint (eLogWarning, "Garlic: No outbound tunnels available for garlic clove");
 					}
@ -887,8 +887,7 @@ namespace garlic
 			}
 			else
 			{
-				auto session = it->second.tagset->GetSession ();
-				if (!session || session->IsTerminated())
+				if (it->second.tagset->IsSessionTerminated ())
 				{
 					it = m_ECIESx25519Tags.erase (it);
 					numExpiredTags++;
@ -1075,7 +1074,7 @@ namespace garlic
 				{
 					auto tunnel = GetTunnelPool ()->GetNextOutboundTunnel ();
 					if (tunnel)
-						tunnel->SendTunnelDataMsg (gwHash, gwTunnel, CreateI2NPMessage (typeID, buf, len - offset, msgID));
+						tunnel->SendTunnelDataMsgTo (gwHash, gwTunnel, CreateI2NPMessage (typeID, buf, len - offset, msgID));
 					else
 						LogPrint (eLogWarning, "Garlic: No outbound tunnels available for garlic clove");
 				}
--- a/libi2pd/Garlic.h
+++ b/libi2pd/Garlic.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -50,7 +50,7 @@ namespace garlic
 	const int INCOMING_TAGS_EXPIRATION_TIMEOUT = 960; // 16 minutes
 	const int OUTGOING_TAGS_EXPIRATION_TIMEOUT = 720; // 12 minutes
 	const int OUTGOING_TAGS_CONFIRMATION_TIMEOUT = 10; // 10 seconds
-	const int LEASET_CONFIRMATION_TIMEOUT = 4000; // in milliseconds
+	const int LEASESET_CONFIRMATION_TIMEOUT = 4000; // in milliseconds
 	const int ROUTING_PATH_EXPIRATION_TIMEOUT = 30; // 30 seconds
 	const int ROUTING_PATH_MAX_NUM_TIMES_USED = 100; // how many times might be used

@ -221,7 +221,7 @@ namespace garlic
 	struct ECIESX25519AEADRatchetIndexTagset
 	{
 		int index;
-		ReceiveRatchetTagSetPtr tagset;
+		ReceiveRatchetTagSetPtr tagset; // null if used
 	};

 	class GarlicDestination: public i2p::data::LocalDestination
--- a/libi2pd/I2NPProtocol.cpp
+++ b/libi2pd/I2NPProtocol.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -36,6 +36,11 @@ namespace i2p
 		return std::make_shared<I2NPMessageBuffer<I2NP_MAX_SHORT_MESSAGE_SIZE> >();
 	}

+	std::shared_ptr<I2NPMessage> NewI2NPMediumMessage ()
+	{
+		return std::make_shared<I2NPMessageBuffer<I2NP_MAX_MEDIUM_MESSAGE_SIZE> >();
+	}
+
 	std::shared_ptr<I2NPMessage> NewI2NPTunnelMessage (bool endpoint)
 	{
 		return i2p::tunnel::tunnels.NewI2NPTunnelMessage (endpoint);
@ -43,7 +48,10 @@ namespace i2p

 	std::shared_ptr<I2NPMessage> NewI2NPMessage (size_t len)
 	{
-		return (len < I2NP_MAX_SHORT_MESSAGE_SIZE - I2NP_HEADER_SIZE - 2) ? NewI2NPShortMessage () : NewI2NPMessage ();
+		len += I2NP_HEADER_SIZE + 2;
+		if (len <= I2NP_MAX_SHORT_MESSAGE_SIZE) return NewI2NPShortMessage ();
+		if (len <= I2NP_MAX_MEDIUM_MESSAGE_SIZE) return NewI2NPMediumMessage ();
+		return NewI2NPMessage ();
 	}

 	void I2NPMessage::FillI2NPMessageHeader (I2NPMessageType msgType, uint32_t replyMsgID, bool checksum)
@ -64,11 +72,15 @@ namespace i2p
 		SetExpiration (i2p::util::GetMillisecondsSinceEpoch () + I2NP_MESSAGE_EXPIRATION_TIMEOUT);
 	}

-	bool I2NPMessage::IsExpired () const
+	bool I2NPMessage::IsExpired (uint64_t ts) const
 	{
-		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 		auto exp = GetExpiration ();
 		return (ts > exp + I2NP_MESSAGE_CLOCK_SKEW) || (ts < exp - 3*I2NP_MESSAGE_CLOCK_SKEW); // check if expired or too far in future
+	}	
+	
+	bool I2NPMessage::IsExpired () const
+	{
+		return IsExpired (i2p::util::GetMillisecondsSinceEpoch ());
 	}

 	std::shared_ptr<I2NPMessage> CreateI2NPMessage (I2NPMessageType msgType, const uint8_t * buf, size_t len, uint32_t replyMsgID)
@ -103,6 +115,17 @@ namespace i2p
 		return newMsg;
 	}

+	std::shared_ptr<I2NPMessage> CreateTunnelTestMsg (uint32_t msgID)
+	{
+		auto m = NewI2NPShortMessage ();
+		uint8_t * buf = m->GetPayload ();
+		htobe32buf (buf + TUNNEL_TEST_MSGID_OFFSET, msgID);
+		htobe64buf (buf + TUNNEL_TEST_TIMESTAMP_OFFSET, i2p::util::GetMonotonicMicroseconds ());
+		m->len += TUNNEL_TEST_SIZE;
+		m->FillI2NPMessageHeader (eI2NPTunnelTest);
+		return m;
+	}
+
 	std::shared_ptr<I2NPMessage> CreateDeliveryStatusMsg (uint32_t msgID)
 	{
 		auto m = NewI2NPShortMessage ();
@ -124,9 +147,10 @@ namespace i2p
 	}

 	std::shared_ptr<I2NPMessage> CreateRouterInfoDatabaseLookupMsg (const uint8_t * key, const uint8_t * from,
-		uint32_t replyTunnelID, bool exploratory, std::set<i2p::data::IdentHash> * excludedPeers)
+		uint32_t replyTunnelID, bool exploratory, std::unordered_set<i2p::data::IdentHash> * excludedPeers)
 	{
-		auto m = excludedPeers ? NewI2NPMessage () : NewI2NPShortMessage ();
+		int cnt = excludedPeers ? excludedPeers->size () : 0;
+		auto m = cnt > 7 ? NewI2NPMessage () : NewI2NPShortMessage ();
 		uint8_t * buf = m->GetPayload ();
 		memcpy (buf, key, 32); // key
 		buf += 32;
@ -147,7 +171,6 @@ namespace i2p

 		if (excludedPeers)
 		{
-			int cnt = excludedPeers->size ();
 			htobe16buf (buf, cnt);
 			buf += 2;
 			for (auto& it: *excludedPeers)
@ -169,7 +192,7 @@ namespace i2p
 	}

 	std::shared_ptr<I2NPMessage> CreateLeaseSetDatabaseLookupMsg (const i2p::data::IdentHash& dest,
-		const std::set<i2p::data::IdentHash>& excludedFloodfills,
+		const std::unordered_set<i2p::data::IdentHash>& excludedFloodfills,
 		std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel, const uint8_t * replyKey,
 			const uint8_t * replyTag, bool replyECIES)
 	{
@ -361,10 +384,20 @@ namespace i2p
 			if (!memcmp (record + BUILD_REQUEST_RECORD_TO_PEER_OFFSET, (const uint8_t *)i2p::context.GetRouterInfo ().GetIdentHash (), 16))
 			{
 				LogPrint (eLogDebug, "I2NP: Build request record ", i, " is ours");
-				if (!i2p::context.DecryptTunnelBuildRecord (record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET, clearText)) return false;
+				if (!i2p::context.DecryptTunnelBuildRecord (record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET, clearText)) 
+				{
+					LogPrint (eLogWarning, "I2NP: Failed to decrypt tunnel build record");
+					return false;
+				}	
+				if (!memcmp ((const uint8_t *)i2p::context.GetIdentHash (), clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, 32) && // if next ident is now ours
+				    !(clearText[ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG)) // and not endpoint
+				{
+					LogPrint (eLogWarning, "I2NP: Next ident is ours in tunnel build record");
+					return false;
+				}	
 				uint8_t retCode = 0;
 				// replace record to reply
-				if (i2p::context.AcceptsTunnels () && !i2p::context.IsHighCongestion ())
+				if (i2p::context.AcceptsTunnels () && i2p::context.GetCongestionLevel (false) < CONGESTION_LEVEL_FULL)
 				{
 					auto transitTunnel = i2p::tunnel::CreateTransitTunnel (
 							bufbe32toh (clearText + ECIES_BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET),
@ -416,6 +449,11 @@ namespace i2p
 	{
 		int num = buf[0];
 		LogPrint (eLogDebug, "I2NP: VariableTunnelBuild ", num, " records");
+		if (num > i2p::tunnel::MAX_NUM_RECORDS)
+		{
+			LogPrint (eLogError, "I2NP: Too many records in VaribleTunnelBuild message ", num);
+			return;
+		}
 		if (len < num*TUNNEL_BUILD_RECORD_SIZE + 1)
 		{
 			LogPrint (eLogError, "I2NP: VaribleTunnelBuild message of ", num, " records is too short ", len);
@ -469,6 +507,11 @@ namespace i2p
 	{
 		int num = buf[0];
 		LogPrint (eLogDebug, "I2NP: TunnelBuildReplyMsg of ", num, " records replyMsgID=", replyMsgID);
+		if (num > i2p::tunnel::MAX_NUM_RECORDS)
+		{
+			LogPrint (eLogError, "I2NP: Too many records in TunnelBuildReply message ", num);
+			return;
+		}
 		size_t recordSize = isShort ? SHORT_TUNNEL_BUILD_RECORD_SIZE : TUNNEL_BUILD_RECORD_SIZE;
 		if (len < num*recordSize + 1)
 		{
@ -500,6 +543,11 @@ namespace i2p
 	{
 		int num = buf[0];
 		LogPrint (eLogDebug, "I2NP: ShortTunnelBuild ", num, " records");
+		if (num > i2p::tunnel::MAX_NUM_RECORDS)
+		{
+			LogPrint (eLogError, "I2NP: Too many records in ShortTunnelBuild message ", num);
+			return;
+		}
 		if (len < num*SHORT_TUNNEL_BUILD_RECORD_SIZE + 1)
 		{
 			LogPrint (eLogError, "I2NP: ShortTunnelBuild message of ", num, " records is too short ", len);
@ -554,16 +602,24 @@ namespace i2p
 					memcpy (ivKey, noiseState.m_CK + 32, 32);
 				}
 				else
+				{	
+					if (!memcmp ((const uint8_t *)i2p::context.GetIdentHash (), clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET, 32)) // if next ident is now ours
+					{
+						LogPrint (eLogWarning, "I2NP: Next ident is ours in short request record");
+						return;
+					}	
 					memcpy (ivKey, noiseState.m_CK , 32);
+				}	

 				// check if we accept this tunnel
+				std::shared_ptr<i2p::tunnel::TransitTunnel> transitTunnel;
 				uint8_t retCode = 0;
-				if (!i2p::context.AcceptsTunnels () || i2p::context.IsHighCongestion ())
+				if (!i2p::context.AcceptsTunnels () || i2p::context.GetCongestionLevel (false) >= CONGESTION_LEVEL_FULL)
 					retCode = 30;
 				if (!retCode)
 				{
 					// create new transit tunnel
-					auto transitTunnel = i2p::tunnel::CreateTransitTunnel (
+					transitTunnel = i2p::tunnel::CreateTransitTunnel (
 						bufbe32toh (clearText + SHORT_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET),
 						clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET,
 						bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
@ -597,11 +653,22 @@ namespace i2p
 					reply += SHORT_TUNNEL_BUILD_RECORD_SIZE;
 				}
 				// send reply
+				auto onDrop = [transitTunnel]()
+					{
+						if (transitTunnel)
+						{
+							auto t = transitTunnel->GetCreationTime ();
+							if (t > i2p::tunnel::TUNNEL_EXPIRATION_TIMEOUT)
+								// make transit tunnel expired 
+								transitTunnel->SetCreationTime (t - i2p::tunnel::TUNNEL_EXPIRATION_TIMEOUT);
+						}	
+					};
 				if (isEndpoint)
 				{
 					auto replyMsg = NewI2NPShortMessage ();
 					replyMsg->Concat (buf, len);
 					replyMsg->FillI2NPMessageHeader (eI2NPShortTunnelBuildReply, bufbe32toh (clearText + SHORT_REQUEST_RECORD_SEND_MSG_ID_OFFSET));
+					if (transitTunnel) replyMsg->onDrop = onDrop;
 					if (memcmp ((const uint8_t *)i2p::context.GetIdentHash (),
 						clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET, 32)) // reply IBGW is not local?
 					{
@ -619,15 +686,21 @@ namespace i2p
 						uint32_t tunnelID = bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET);
 						auto tunnel = i2p::tunnel::tunnels.GetTunnel (tunnelID);
 						if (tunnel)
+						{	
 							tunnel->SendTunnelDataMsg (replyMsg);
+							tunnel->FlushTunnelDataMsgs ();
+						}	
 						else
 							LogPrint (eLogWarning, "I2NP: Tunnel ", tunnelID, " not found for short tunnel build reply");
 					}
 				}
 				else
-					transports.SendMessage (clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET,
-						CreateI2NPMessage (eI2NPShortTunnelBuild, buf, len,
-							bufbe32toh (clearText + SHORT_REQUEST_RECORD_SEND_MSG_ID_OFFSET)));
+				{
+					auto msg = CreateI2NPMessage (eI2NPShortTunnelBuild, buf, len,
+							bufbe32toh (clearText + SHORT_REQUEST_RECORD_SEND_MSG_ID_OFFSET));
+					if (transitTunnel) msg->onDrop = onDrop;
+					transports.SendMessage (clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET, msg);
+				}	
 				return;
 			}
 			record += SHORT_TUNNEL_BUILD_RECORD_SIZE;
@ -687,7 +760,11 @@ namespace i2p
 			return msg;
 		}
 		else
-			return CreateTunnelGatewayMsg (tunnelID, msg->GetBuffer (), msg->GetLength ());
+		{	
+			auto newMsg = CreateTunnelGatewayMsg (tunnelID, msg->GetBuffer (), msg->GetLength ());
+			if (msg->onDrop) newMsg->onDrop = msg->onDrop; 
+			return newMsg;
+		}	
 	}

 	std::shared_ptr<I2NPMessage> CreateTunnelGatewayMsg (uint32_t tunnelID, I2NPMessageType msgType,
@ -725,46 +802,38 @@ namespace i2p
 		return l;
 	}

-	void HandleI2NPMessage (uint8_t * msg, size_t len)
+	void HandleTunnelBuildI2NPMessage (std::shared_ptr<I2NPMessage> msg)
 	{
-		if (len < I2NP_HEADER_SIZE)
+		if (msg)
 		{
-			LogPrint (eLogError, "I2NP: Message length ", len, " is smaller than header");
-			return;
-		}
-		uint8_t typeID = msg[I2NP_HEADER_TYPEID_OFFSET];
-		uint32_t msgID = bufbe32toh (msg + I2NP_HEADER_MSGID_OFFSET);
-		LogPrint (eLogDebug, "I2NP: Msg received len=", len,", type=", (int)typeID, ", msgID=", (unsigned int)msgID);
-		uint8_t * buf = msg + I2NP_HEADER_SIZE;
-		auto size = bufbe16toh (msg + I2NP_HEADER_SIZE_OFFSET);
-		len -= I2NP_HEADER_SIZE;
-		if (size > len)
-		{
-			LogPrint (eLogError, "I2NP: Payload size ", size, " exceeds buffer length ", len);
-			size = len;
-		}
-		switch (typeID)
-		{
-			case eI2NPVariableTunnelBuild:
-				HandleVariableTunnelBuildMsg (msgID, buf, size);
-			break;
-			case eI2NPShortTunnelBuild:
-				HandleShortTunnelBuildMsg (msgID, buf, size);
-			break;
-			case eI2NPVariableTunnelBuildReply:
-				HandleTunnelBuildReplyMsg (msgID, buf, size, false);
-			break;
-			case eI2NPShortTunnelBuildReply:
-				HandleTunnelBuildReplyMsg (msgID, buf, size, true);
-			break;
-			case eI2NPTunnelBuild:
-				HandleTunnelBuildMsg (buf, size);
-			break;
-			case eI2NPTunnelBuildReply:
-				// TODO:
-			break;
-			default:
-				LogPrint (eLogWarning, "I2NP: Unexpected message ", (int)typeID);
+			uint8_t typeID = msg->GetTypeID();
+			uint32_t msgID = msg->GetMsgID();
+			LogPrint (eLogDebug, "I2NP: Handling tunnel build message with len=", msg->GetLength(),", type=", (int)typeID, ", msgID=", (unsigned int)msgID);
+			uint8_t * payload = msg->GetPayload();
+			auto size = msg->GetPayloadLength();
+			switch (typeID)
+			{
+				case eI2NPVariableTunnelBuild:
+					HandleVariableTunnelBuildMsg (msgID, payload, size);
+					break;
+				case eI2NPShortTunnelBuild:
+					HandleShortTunnelBuildMsg (msgID, payload, size);
+					break;
+				case eI2NPVariableTunnelBuildReply:
+					HandleTunnelBuildReplyMsg (msgID, payload, size, false);
+					break;
+				case eI2NPShortTunnelBuildReply:
+					HandleTunnelBuildReplyMsg (msgID, payload, size, true);
+					break;
+				case eI2NPTunnelBuild:
+					HandleTunnelBuildMsg (payload, size);
+					break;
+				case eI2NPTunnelBuildReply:
+					// TODO:
+					break;
+				default:
+					LogPrint (eLogError, "I2NP: Unexpected message with type", (int)typeID, " during handling TBM; skipping");
+			}
 		}
 	}

@ -777,10 +846,12 @@ namespace i2p
 			switch (typeID)
 			{
 				case eI2NPTunnelData:
-					i2p::tunnel::tunnels.PostTunnelData (msg);
+					if (!msg->from)
+						i2p::tunnel::tunnels.PostTunnelData (msg);
 				break;
 				case eI2NPTunnelGateway:
-					i2p::tunnel::tunnels.PostTunnelData (msg);
+					if (!msg->from)
+						i2p::tunnel::tunnels.PostTunnelData (msg);
 				break;
 				case eI2NPGarlic:
 				{
@ -791,10 +862,18 @@ namespace i2p
 					break;
 				}
 				case eI2NPDatabaseStore:
+					// forward to netDb if came directly or through exploratory tunnel as response to our request
+					if (!msg->from || !msg->from->GetTunnelPool () || msg->from->GetTunnelPool ()->IsExploratory ())
+						i2p::data::netdb.PostI2NPMsg (msg);
+				break;
 				case eI2NPDatabaseSearchReply:
+					if (!msg->from || !msg->from->GetTunnelPool () || msg->from->GetTunnelPool ()->IsExploratory ())
+						i2p::data::netdb.PostDatabaseSearchReplyMsg (msg);
+				break;	
 				case eI2NPDatabaseLookup:
-					// forward to netDb
-					i2p::data::netdb.PostI2NPMsg (msg);
+					// forward to netDb if floodfill and came directly
+					if (!msg->from && i2p::context.IsFloodfill ())
+						i2p::data::netdb.PostI2NPMsg (msg);
 				break;
 				case eI2NPDeliveryStatus:
 				{
@ -804,17 +883,25 @@ namespace i2p
 						i2p::context.ProcessDeliveryStatusMessage (msg);
 					break;
 				}
+				case eI2NPTunnelTest:
+					if (msg->from && msg->from->GetTunnelPool ())
+						msg->from->GetTunnelPool ()->ProcessTunnelTest (msg);
+				break;
 				case eI2NPVariableTunnelBuild:
-				case eI2NPVariableTunnelBuildReply:
 				case eI2NPTunnelBuild:
-				case eI2NPTunnelBuildReply:
 				case eI2NPShortTunnelBuild:
+					// forward to tunnel thread
+					if (!msg->from)
+						i2p::tunnel::tunnels.PostTunnelData (msg);
+				break;
+				case eI2NPVariableTunnelBuildReply:
+				case eI2NPTunnelBuildReply:
 				case eI2NPShortTunnelBuildReply:
 					// forward to tunnel thread
 					i2p::tunnel::tunnels.PostTunnelData (msg);
 				break;
 				default:
-					HandleI2NPMessage (msg->GetBuffer (), msg->GetLength ());
+					LogPrint(eLogError, "I2NP: Unexpected I2NP message with type ", int(typeID), " during handling; skipping");
 			}
 		}
 	}
--- a/libi2pd/I2NPProtocol.h
+++ b/libi2pd/I2NPProtocol.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -11,8 +11,9 @@

 #include <inttypes.h>
 #include <string.h>
-#include <set>
+#include <unordered_set>
 #include <memory>
+#include <functional>
 #include "Crypto.h"
 #include "I2PEndian.h"
 #include "Identity.h"
@ -47,6 +48,11 @@ namespace i2p
 	const size_t DELIVERY_STATUS_TIMESTAMP_OFFSET = DELIVERY_STATUS_MSGID_OFFSET + 4;
 	const size_t DELIVERY_STATUS_SIZE = DELIVERY_STATUS_TIMESTAMP_OFFSET + 8;

+	// TunnelTest
+	const size_t TUNNEL_TEST_MSGID_OFFSET = 0;
+	const size_t TUNNEL_TEST_TIMESTAMP_OFFSET = TUNNEL_TEST_MSGID_OFFSET + 4;
+	const size_t TUNNEL_TEST_SIZE = TUNNEL_TEST_TIMESTAMP_OFFSET + 8;
+
 	// DatabaseStore
 	const size_t DATABASE_STORE_KEY_OFFSET = 0;
 	const size_t DATABASE_STORE_TYPE_OFFSET = DATABASE_STORE_KEY_OFFSET + 32;
@ -115,7 +121,8 @@ namespace i2p
 		eI2NPVariableTunnelBuild = 23,
 		eI2NPVariableTunnelBuildReply = 24,
 		eI2NPShortTunnelBuild = 25,
-		eI2NPShortTunnelBuildReply = 26
+		eI2NPShortTunnelBuildReply = 26,
+		eI2NPTunnelTest = 231
 	};

 	const uint8_t TUNNEL_BUILD_RECORD_GATEWAY_FLAG = 0x80;
@ -138,8 +145,16 @@ namespace tunnel
 	class TunnelPool;
 }

+	const int CONGESTION_LEVEL_MEDIUM = 70;
+	const int CONGESTION_LEVEL_HIGH = 90;
+	const int CONGESTION_LEVEL_FULL = 100;
+
 	const size_t I2NP_MAX_MESSAGE_SIZE = 62708;
 	const size_t I2NP_MAX_SHORT_MESSAGE_SIZE = 4096;
+	const size_t I2NP_MAX_MEDIUM_MESSAGE_SIZE = 16384;
+	const unsigned int I2NP_MESSAGE_LOCAL_EXPIRATION_TIMEOUT_FACTOR = 3; // multiples of RTT
+	const unsigned int I2NP_MESSAGE_LOCAL_EXPIRATION_TIMEOUT_MIN = 200000; // in microseconds
+	const unsigned int I2NP_MESSAGE_LOCAL_EXPIRATION_TIMEOUT_MAX = 2000000; // in microseconds
 	const unsigned int I2NP_MESSAGE_EXPIRATION_TIMEOUT = 8000; // in milliseconds (as initial RTT)
 	const unsigned int I2NP_MESSAGE_CLOCK_SKEW = 60*1000; // 1 minute in milliseconds

@ -148,9 +163,11 @@ namespace tunnel
 		uint8_t * buf;
 		size_t len, offset, maxLen;
 		std::shared_ptr<i2p::tunnel::InboundTunnel> from;
+		std::function<void ()> onDrop;
+		uint64_t enqueueTime; // monotonic microseconds

-		I2NPMessage (): buf (nullptr),len (I2NP_HEADER_SIZE + 2),
-			offset(2), maxLen (0), from (nullptr) {}; // reserve 2 bytes for NTCP header
+		I2NPMessage (): buf (nullptr), len (I2NP_HEADER_SIZE + 2),
+			offset(2), maxLen (0), from (nullptr), enqueueTime (0) {}; // reserve 2 bytes for NTCP header

 		// header accessors
 		uint8_t * GetHeader () { return GetBuffer (); };
@ -160,7 +177,9 @@ namespace tunnel
 		void SetMsgID (uint32_t msgID) { htobe32buf (GetHeader () + I2NP_HEADER_MSGID_OFFSET, msgID); };
 		uint32_t GetMsgID () const { return bufbe32toh (GetHeader () + I2NP_HEADER_MSGID_OFFSET); };
 		void SetExpiration (uint64_t expiration) { htobe64buf (GetHeader () + I2NP_HEADER_EXPIRATION_OFFSET, expiration); };
+		void SetEnqueueTime (uint64_t mts) { enqueueTime = mts; };
 		uint64_t GetExpiration () const { return bufbe64toh (GetHeader () + I2NP_HEADER_EXPIRATION_OFFSET); };
+		uint64_t GetEnqueueTime () const { return enqueueTime; };
 		void SetSize (uint16_t size) { htobe16buf (GetHeader () + I2NP_HEADER_SIZE_OFFSET, size); };
 		uint16_t GetSize () const { return bufbe16toh (GetHeader () + I2NP_HEADER_SIZE_OFFSET); };
 		void UpdateSize () { SetSize (GetPayloadLength ()); };
@ -240,7 +259,6 @@ namespace tunnel
 			SetSize (len - offset - I2NP_HEADER_SIZE);
 			SetChks (0);
 		}
-
 		void ToNTCP2 ()
 		{
 			uint8_t * ntcp2 = GetNTCP2Header ();
@ -251,6 +269,9 @@ namespace tunnel
 		void FillI2NPMessageHeader (I2NPMessageType msgType, uint32_t replyMsgID = 0, bool checksum = true);
 		void RenewI2NPMessageHeader ();
 		bool IsExpired () const;
+		bool IsExpired (uint64_t ts) const; // in milliseconds
+
+		void Drop () { if (onDrop) { onDrop (); onDrop = nullptr; }; }
 	};

 	template<int sz>
@ -262,6 +283,7 @@ namespace tunnel

 	std::shared_ptr<I2NPMessage> NewI2NPMessage ();
 	std::shared_ptr<I2NPMessage> NewI2NPShortMessage ();
+	std::shared_ptr<I2NPMessage> NewI2NPMediumMessage ();
 	std::shared_ptr<I2NPMessage> NewI2NPTunnelMessage (bool endpoint);
 	std::shared_ptr<I2NPMessage> NewI2NPMessage (size_t len);

@ -269,11 +291,12 @@ namespace tunnel
 	std::shared_ptr<I2NPMessage> CreateI2NPMessage (const uint8_t * buf, size_t len, std::shared_ptr<i2p::tunnel::InboundTunnel> from = nullptr);
 	std::shared_ptr<I2NPMessage> CopyI2NPMessage (std::shared_ptr<I2NPMessage> msg);

+	std::shared_ptr<I2NPMessage> CreateTunnelTestMsg (uint32_t msgID);
 	std::shared_ptr<I2NPMessage> CreateDeliveryStatusMsg (uint32_t msgID);
 	std::shared_ptr<I2NPMessage> CreateRouterInfoDatabaseLookupMsg (const uint8_t * key, const uint8_t * from,
-		uint32_t replyTunnelID, bool exploratory = false, std::set<i2p::data::IdentHash> * excludedPeers = nullptr);
+		uint32_t replyTunnelID, bool exploratory = false, std::unordered_set<i2p::data::IdentHash> * excludedPeers = nullptr);
 	std::shared_ptr<I2NPMessage> CreateLeaseSetDatabaseLookupMsg (const i2p::data::IdentHash& dest,
-		const std::set<i2p::data::IdentHash>& excludedFloodfills,
+		const std::unordered_set<i2p::data::IdentHash>& excludedFloodfills,
 		std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel,
 		const uint8_t * replyKey, const uint8_t * replyTag, bool replyECIES = false);
 	std::shared_ptr<I2NPMessage> CreateDatabaseSearchReply (const i2p::data::IdentHash& ident, std::vector<i2p::data::IdentHash> routers);
@ -293,7 +316,7 @@ namespace tunnel
 	std::shared_ptr<I2NPMessage> CreateTunnelGatewayMsg (uint32_t tunnelID, std::shared_ptr<I2NPMessage> msg);

 	size_t GetI2NPMessageLength (const uint8_t * msg, size_t len);
-	void HandleI2NPMessage (uint8_t * msg, size_t len);
+	void HandleTunnelBuildI2NPMessage (std::shared_ptr<I2NPMessage> msg);
 	void HandleI2NPMessage (std::shared_ptr<I2NPMessage> msg);

 	class I2NPMessagesHandler
--- a/libi2pd/I2PEndian.h
+++ b/libi2pd/I2PEndian.h
@ -14,7 +14,7 @@
 #if defined(__FreeBSD__) || defined(__NetBSD__)
 #include <sys/endian.h>

-#elif defined(__linux__) || defined(__FreeBSD_kernel__) || defined(__OpenBSD__) || defined(__GLIBC__)
+#elif defined(__linux__) || defined(__FreeBSD_kernel__) || defined(__OpenBSD__) || defined(__GLIBC__) || defined(__HAIKU__)
 #include <endian.h>

 #elif defined(__APPLE__) && defined(__MACH__)
--- a/libi2pd/Identity.cpp
+++ b/libi2pd/Identity.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -187,7 +187,6 @@ namespace data

 	IdentityEx::~IdentityEx ()
 	{
-		delete m_Verifier;
 	}

 	IdentityEx& IdentityEx::operator=(const IdentityEx& other)
@ -201,9 +200,8 @@ namespace data
 			if (m_ExtendedLen > MAX_EXTENDED_BUFFER_SIZE) m_ExtendedLen = MAX_EXTENDED_BUFFER_SIZE;
 			memcpy (m_ExtendedBuffer, other.m_ExtendedBuffer, m_ExtendedLen);
 		}
-
-		delete m_Verifier;
 		m_Verifier = nullptr;
+		CreateVerifier ();

 		return *this;
 	}
@ -212,11 +210,10 @@ namespace data
 	{
 		m_StandardIdentity = standard;
 		m_IdentHash = m_StandardIdentity.Hash ();
-
 		m_ExtendedLen = 0;

-		delete m_Verifier;
 		m_Verifier = nullptr;
+		CreateVerifier ();

 		return *this;
 	}
@ -249,8 +246,8 @@ namespace data
 			m_ExtendedLen = 0;
 		SHA256(buf, GetFullLen (), m_IdentHash);

-		delete m_Verifier;
 		m_Verifier = nullptr;
+		CreateVerifier ();

 		return GetFullLen ();
 	}
@ -286,7 +283,6 @@ namespace data

 	size_t IdentityEx::GetSigningPublicKeyLen () const
 	{
-		if (!m_Verifier) CreateVerifier ();
 		if (m_Verifier)
 			return m_Verifier->GetPublicKeyLen ();
 		return 128;
@ -301,7 +297,6 @@ namespace data

 	size_t IdentityEx::GetSigningPrivateKeyLen () const
 	{
-		if (!m_Verifier) CreateVerifier ();
 		if (m_Verifier)
 			return m_Verifier->GetPrivateKeyLen ();
 		return GetSignatureLen ()/2;
@ -309,14 +304,12 @@ namespace data

 	size_t IdentityEx::GetSignatureLen () const
 	{
-		if (!m_Verifier) CreateVerifier ();
 		if (m_Verifier)
 			return m_Verifier->GetSignatureLen ();
 		return i2p::crypto::DSA_SIGNATURE_LENGTH;
 	}
 	bool IdentityEx::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
 	{
-		if (!m_Verifier) CreateVerifier ();
 		if (m_Verifier)
 			return m_Verifier->Verify (buf, len, signature);
 		return false;
@ -373,52 +366,29 @@ namespace data
 		return nullptr;
 	}

-	void IdentityEx::CreateVerifier () const
+	void IdentityEx::CreateVerifier ()
 	{
-		if (m_Verifier) return; // don't create again
-		auto verifier = CreateVerifier (GetSigningKeyType ());
-		if (verifier)
+		if (!m_Verifier)
 		{
-			auto keyLen = verifier->GetPublicKeyLen ();
-			if (keyLen <= 128)
-				verifier->SetPublicKey (m_StandardIdentity.signingKey + 128 - keyLen);
-			else
+			auto verifier = CreateVerifier (GetSigningKeyType ());
+			if (verifier)
 			{
-				// for P521
-				uint8_t * signingKey = new uint8_t[keyLen];
-				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
-				size_t excessLen = keyLen - 128;
-				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				verifier->SetPublicKey (signingKey);
-				delete[] signingKey;
+				auto keyLen = verifier->GetPublicKeyLen ();
+				if (keyLen <= 128)
+					verifier->SetPublicKey (m_StandardIdentity.signingKey + 128 - keyLen);
+				else
+				{
+					// for P521
+					uint8_t * signingKey = new uint8_t[keyLen];
+					memcpy (signingKey, m_StandardIdentity.signingKey, 128);
+					size_t excessLen = keyLen - 128;
+					memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
+					verifier->SetPublicKey (signingKey);
+					delete[] signingKey;
+				}
 			}
+			m_Verifier.reset (verifier);
 		}
-		UpdateVerifier (verifier);
-	}
-
-	void IdentityEx::UpdateVerifier (i2p::crypto::Verifier * verifier) const
-	{
-		bool del = false;
-		{
-			std::lock_guard<std::mutex> l(m_VerifierMutex);
-			if (!m_Verifier)
-				m_Verifier = verifier;
-			else
-				del = true;
-		}
-		if (del)
-			delete verifier;
-	}
-
-	void IdentityEx::DropVerifier () const
-	{
-		i2p::crypto::Verifier * verifier;
-		{
-			std::lock_guard<std::mutex> l(m_VerifierMutex);
-			verifier = m_Verifier;
-			m_Verifier = nullptr;
-		}
-		delete verifier;
 	}

 	std::shared_ptr<i2p::crypto::CryptoKeyEncryptor> IdentityEx::CreateEncryptor (CryptoKeyType keyType, const uint8_t * key)
@ -611,7 +581,7 @@ namespace data
 		if (keyType == SIGNING_KEY_TYPE_DSA_SHA1)
 			m_Signer.reset (new i2p::crypto::DSASigner (m_SigningPrivateKey, m_Public->GetStandardIdentity ().signingKey));
 		else if (keyType == SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 && !IsOfflineSignature ())
-			m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH)); // TODO: remove public key check
+			m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().signingKey + (sizeof(Identity::signingKey) - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH))); // TODO: remove public key check
 		else
 		{
 			// public key is not required
@ -820,11 +790,14 @@ namespace data
 		return keys;
 	}

-	IdentHash CreateRoutingKey (const IdentHash& ident)
+	IdentHash CreateRoutingKey (const IdentHash& ident, bool nextDay)
 	{
 		uint8_t buf[41]; // ident + yyyymmdd
 		memcpy (buf, (const uint8_t *)ident, 32);
-		i2p::util::GetCurrentDate ((char *)(buf + 32));
+		if (nextDay)
+			i2p::util::GetNextDayDate ((char *)(buf + 32));
+		else	
+			i2p::util::GetCurrentDate ((char *)(buf + 32));
 		IdentHash key;
 		SHA256(buf, 40, key);
 		return key;
@ -833,29 +806,12 @@ namespace data
 	XORMetric operator^(const IdentHash& key1, const IdentHash& key2)
 	{
 		XORMetric m;
-#if (defined(__x86_64__) || defined(__i386__)) && defined(__AVX__) // not all X86 targets supports AVX (like old Pentium, see #1600)
-		if(i2p::cpu::avx)
-		{
-			__asm__
-			(
-				"vmovups %1, %%ymm0 \n"
-				"vmovups %2, %%ymm1 \n"
-				"vxorps %%ymm0, %%ymm1, %%ymm1 \n"
-				"vmovups %%ymm1, %0 \n"
-				: "=m"(*m.metric)
-				: "m"(*key1), "m"(*key2)
-				: "memory", "%xmm0", "%xmm1" // should be replaced by %ymm0/1 once supported by compiler
-			);
-		}
-		else
-#endif
-		{
-			const uint64_t * hash1 = key1.GetLL (), * hash2 = key2.GetLL ();
-			m.metric_ll[0] = hash1[0] ^ hash2[0];
-			m.metric_ll[1] = hash1[1] ^ hash2[1];
-			m.metric_ll[2] = hash1[2] ^ hash2[2];
-			m.metric_ll[3] = hash1[3] ^ hash2[3];
-		}
+
+		const uint64_t * hash1 = key1.GetLL (), * hash2 = key2.GetLL ();
+		m.metric_ll[0] = hash1[0] ^ hash2[0];
+		m.metric_ll[1] = hash1[1] ^ hash2[1];
+		m.metric_ll[2] = hash1[2] ^ hash2[2];
+		m.metric_ll[3] = hash1[3] ^ hash2[3];

 		return m;
 	}
--- a/libi2pd/Identity.h
+++ b/libi2pd/Identity.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -13,9 +13,7 @@
 #include <string.h>
 #include <string>
 #include <memory>
-#include <atomic>
 #include <vector>
-#include <mutex>
 #include "Base.h"
 #include "Signature.h"
 #include "CryptoKey.h"
@ -118,7 +116,6 @@ namespace data
 			SigningKeyType GetSigningKeyType () const;
 			bool IsRSA () const; // signing key type
 			CryptoKeyType GetCryptoKeyType () const;
-			void DropVerifier () const; // to save memory

 			bool operator == (const IdentityEx & other) const { return GetIdentHash() == other.GetIdentHash(); }
 			void RecalculateIdentHash(uint8_t * buff=nullptr);
@ -128,15 +125,13 @@ namespace data

 		private:

-			void CreateVerifier () const;
-			void UpdateVerifier (i2p::crypto::Verifier * verifier) const;
-
+			void CreateVerifier ();
+			
 		private:

 			Identity m_StandardIdentity;
 			IdentHash m_IdentHash;
-			mutable i2p::crypto::Verifier * m_Verifier = nullptr;
-			mutable std::mutex m_VerifierMutex;
+			std::unique_ptr<i2p::crypto::Verifier> m_Verifier;
 			size_t m_ExtendedLen;
 			uint8_t m_ExtendedBuffer[MAX_EXTENDED_BUFFER_SIZE];
 	};
@ -211,7 +206,7 @@ namespace data
 		bool operator< (const XORMetric& other) const { return memcmp (metric, other.metric, 32) < 0; };
 	};

-	IdentHash CreateRoutingKey (const IdentHash& ident);
+	IdentHash CreateRoutingKey (const IdentHash& ident, bool nextDay = false);
 	XORMetric operator^(const IdentHash& key1, const IdentHash& key2);

 	// destination for delivery instructions
--- a/libi2pd/KadDHT.cpp
+++ b/libi2pd/KadDHT.cpp
@ -81,13 +81,13 @@ namespace data
 				{	
 					if (bit1)
 					{
-						if (root->one) return; // someting wrong
+						if (root->one) return; // something wrong
 						root->one = new DHTNode;
 						root = root->one;
 					}	
 					else
 					{
-						if (root->zero) return; // someting wrong
+						if (root->zero) return; // something wrong
 						root->zero = new DHTNode;
 						root = root->zero;
 					}	
--- a/libi2pd/LeaseSet.cpp
+++ b/libi2pd/LeaseSet.cpp
@ -50,7 +50,7 @@ namespace data
 	void LeaseSet::ReadFromBuffer (bool readIdentity, bool verifySignature)
 	{
 		if (readIdentity || !m_Identity)
-			m_Identity = std::make_shared<IdentityEx>(m_Buffer, m_BufferLen);
+			m_Identity = netdb.NewIdentity (m_Buffer, m_BufferLen);
 		size_t size = m_Identity->GetFullLen ();
 		if (size + 256 > m_BufferLen)
 		{
@ -76,7 +76,7 @@ namespace data
 		LogPrint (eLogDebug, "LeaseSet: Read num=", (int)num);
 		if (!num || num > MAX_NUM_LEASES)
 		{
-			LogPrint (eLogError, "LeaseSet: Rncorrect number of leases", (int)num);
+			LogPrint (eLogError, "LeaseSet: Incorrect number of leases", (int)num);
 			m_IsValid = false;
 			return;
 		}
@ -317,7 +317,7 @@ namespace data
 		std::shared_ptr<const IdentityEx> identity;
 		if (readIdentity || !GetIdentity ())
 		{
-			identity = std::make_shared<IdentityEx>(buf, len);
+			identity = netdb.NewIdentity (buf, len);
 			SetIdentity (identity);
 		}
 		else
--- a/libi2pd/LeaseSet.h
+++ b/libi2pd/LeaseSet.h
@ -96,6 +96,9 @@ namespace data
 			void Encrypt (const uint8_t * data, uint8_t * encrypted) const;
 			bool IsDestination () const { return true; };

+			// used in webconsole
+			void ExpireLease () { m_ExpirationTime = i2p::util::GetSecondsSinceEpoch (); };
+
 		protected:

 			void UpdateLeasesBegin ();
--- a/libi2pd/Log.cpp
+++ b/libi2pd/Log.cpp
@ -20,11 +20,12 @@ namespace log {
 	 */
 	static const char *g_LogLevelStr[eNumLogLevels] =
 	{
-		"none",  // eLogNone
-		"error", // eLogError
-		"warn",  // eLogWarning
-		"info",  // eLogInfo
-		"debug"  // eLogDebug
+		"none",     // eLogNone
+		"critical", // eLogCritical
+		"error",    // eLogError
+		"warn",     // eLogWarning
+		"info",     // eLogInfo
+		"debug"     // eLogDebug
 	};

 	/**
@ -32,10 +33,11 @@ namespace log {
 	 * @note Using ISO 6429 (ANSI) color sequences
 	 */
 #ifdef _WIN32
-	static const char *LogMsgColors[] = { "", "", "", "", "", "" };
+	static const char *LogMsgColors[] = { "", "", "", "", "", "", "" };
 #else /* UNIX */
 	static const char *LogMsgColors[] = {
 		"\033[1;32m", /* none:    green */
+		"\033[1;41m", /* critical: red background */
 		"\033[1;31m", /* error:   red */
 		"\033[1;33m", /* warning: yellow */
 		"\033[1;36m", /* info:    cyan */
@ -53,6 +55,7 @@ namespace log {
 		int priority = LOG_DEBUG;
 		switch (l) {
 			case eLogNone    : priority = LOG_CRIT;    break;
+			case eLogCritical: priority = LOG_CRIT;    break;
 			case eLogError   : priority = LOG_ERR;     break;
 			case eLogWarning : priority = LOG_WARNING; break;
 			case eLogInfo    : priority = LOG_INFO;    break;
@ -123,13 +126,14 @@ namespace log {

 	void Log::SetLogLevel (const std::string& level_) {
 		std::string level=str_tolower(level_);
-		if      (level == "none")  { m_MinLevel = eLogNone; }
-		else if (level == "error") { m_MinLevel = eLogError; }
-		else if (level == "warn")  { m_MinLevel = eLogWarning; }
-		else if (level == "info")  { m_MinLevel = eLogInfo; }
-		else if (level == "debug") { m_MinLevel = eLogDebug; }
+		if      (level == "none")     { m_MinLevel = eLogNone; }
+		else if (level == "critical") { m_MinLevel = eLogCritical; }
+		else if (level == "error")    { m_MinLevel = eLogError; }
+		else if (level == "warn")     { m_MinLevel = eLogWarning; }
+		else if (level == "info")     { m_MinLevel = eLogInfo; }
+		else if (level == "debug")    { m_MinLevel = eLogDebug; }
 		else {
-			LogPrint(eLogError, "Log: Unknown loglevel: ", level);
+			LogPrint(eLogCritical, "Log: Unknown loglevel: ", level);
 			return;
 		}
 		LogPrint(eLogInfo, "Log: Logging level set to ", level);
@ -212,7 +216,7 @@ namespace log {
 			m_LogStream = os;
 			return;
 		}
-		LogPrint(eLogError, "Log: Can't open file ", path);
+		LogPrint(eLogCritical, "Log: Can't open file ", path);
 	}

 	void Log::SendTo (std::shared_ptr<std::ostream> os) {
--- a/libi2pd/Log.h
+++ b/libi2pd/Log.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -27,6 +27,7 @@
 enum LogLevel
 {
 	eLogNone = 0,
+	eLogCritical,
 	eLogError,
 	eLogWarning,
 	eLogInfo,
@ -86,8 +87,8 @@ namespace log {
 			Log ();
 			~Log ();

-			LogType GetLogType () { return m_Destination; };
-			LogLevel GetLogLevel () { return m_MinLevel; };
+			LogType GetLogType () const { return m_Destination; };
+			LogLevel GetLogLevel () const { return m_MinLevel; };

 			void Start ();
 			void Stop ();
@ -159,6 +160,11 @@ namespace log {
 } // log
 } // i2p

+inline bool CheckLogLevel (LogLevel level) noexcept
+{
+	return level <= i2p::log::Logger().GetLogLevel ();
+}	
+
 /** internal usage only -- folding args array to single string */
 template<typename TValue>
 void LogPrint (std::stringstream& s, TValue&& arg) noexcept
@ -184,9 +190,7 @@ void LogPrint (std::stringstream& s, TValue&& arg, TArgs&&... args) noexcept
 template<typename... TArgs>
 void LogPrint (LogLevel level, TArgs&&... args) noexcept
 {
-	i2p::log::Log &log = i2p::log::Logger();
-	if (level > log.GetLogLevel ())
-		return;
+	if (!CheckLogLevel (level)) return; 

 	// fold message to single string
 	std::stringstream ss;
@ -199,7 +203,7 @@ void LogPrint (LogLevel level, TArgs&&... args) noexcept

 	auto msg = std::make_shared<i2p::log::LogMsg>(level, std::time(nullptr), std::move(ss).str());
 	msg->tid = std::this_thread::get_id();
-	log.Append(msg);
+	i2p::log::Logger().Append(msg);
 }

 /**
--- a/libi2pd/NTCP2.cpp
+++ b/libi2pd/NTCP2.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -19,9 +19,10 @@
 #include "RouterContext.h"
 #include "Transports.h"
 #include "NetDb.hpp"
-#include "NTCP2.h"
 #include "HTTP.h"
 #include "util.h"
+#include "Socks5.h"
+#include "NTCP2.h"

 #if defined(__linux__) && !defined(_NETINET_IN_H)
 	#include <linux/in6.h>
@ -128,7 +129,8 @@ namespace transport
 		options[1] = 2; // ver
 		htobe16buf (options + 2, paddingLength); // padLen
 		// m3p2Len
-		auto bufLen = i2p::context.GetRouterInfo ().GetBufferLen ();
+		auto riBuffer = i2p::context.CopyRouterInfoBuffer ();
+		auto bufLen = riBuffer->GetBufferLen ();
 		m3p2Len = bufLen + 4 + 16; // (RI header + RI + MAC for now) TODO: implement options
 		htobe16buf (options + 4, m3p2Len);
 		// fill m3p2 payload (RouterInfo block)
@ -137,7 +139,7 @@ namespace transport
 		m3p2[0] = eNTCP2BlkRouterInfo; // block
 		htobe16buf (m3p2 + 1, bufLen + 1); // flag + RI
 		m3p2[3] = 0; // flag
-		memcpy (m3p2 + 4, i2p::context.GetRouterInfo ().GetBuffer (), bufLen); // TODO: own RI should be protected by mutex
+		memcpy (m3p2 + 4, riBuffer->data (), bufLen); // TODO: eliminate extra copy
 		// 2 bytes reserved
 		htobe32buf (options + 8, (i2p::util::GetMillisecondsSinceEpoch () + 500)/1000); // tsA, rounded to seconds
 		// 4 bytes reserved
@ -373,9 +375,20 @@ namespace transport
 			m_Socket.close ();
 			transports.PeerDisconnected (shared_from_this ());
 			m_Server.RemoveNTCP2Session (shared_from_this ());
+			for (auto& it: m_SendQueue)
+				it->Drop ();
 			m_SendQueue.clear ();
-			m_SendQueueSize = 0;
-			LogPrint (eLogDebug, "NTCP2: Session terminated");
+			SetSendQueueSize (0);
+			auto remoteIdentity = GetRemoteIdentity ();
+			if (remoteIdentity)
+			{
+				LogPrint (eLogDebug, "NTCP2: Session with ", GetRemoteEndpoint (),
+					" (", i2p::data::GetIdentHashAbbreviation (remoteIdentity->GetIdentHash ()), ") terminated");
+			}
+			else
+			{
+				LogPrint (eLogDebug, "NTCP2: Session with ", GetRemoteEndpoint (), " terminated");
+			}
 		}
 	}

@ -399,6 +412,7 @@ namespace transport
 		m_IsEstablished = true;
 		m_Establisher.reset (nullptr);
 		SetTerminationTimeout (NTCP2_TERMINATION_TIMEOUT);
+		SendQueue ();
 		transports.PeerConnected (shared_from_this ());
 	}

@ -424,7 +438,7 @@ namespace transport
 	void NTCP2Session::DeleteNextReceiveBuffer (uint64_t ts)
 	{
 		if (m_NextReceivedBuffer && !m_IsReceiving &&
-			ts > m_LastActivityTimestamp + NTCP2_RECEIVE_BUFFER_DELETION_TIMEOUT)
+			ts > GetLastActivityTimestamp () + NTCP2_RECEIVE_BUFFER_DELETION_TIMEOUT)
 		{
 			delete[] m_NextReceivedBuffer;
 			m_NextReceivedBuffer = nullptr;
@ -452,6 +466,7 @@ namespace transport
 	{
 		m_Establisher->CreateSessionRequestMessage ();
 		// send message
+		m_HandshakeInterval = i2p::util::GetMillisecondsSinceEpoch ();
 		boost::asio::async_write (m_Socket, boost::asio::buffer (m_Establisher->m_SessionRequestBuffer, m_Establisher->m_SessionRequestBufferLen), boost::asio::transfer_all (),
 			std::bind(&NTCP2Session::HandleSessionRequestSent, shared_from_this (), std::placeholders::_1, std::placeholders::_2));
 	}
@ -529,6 +544,7 @@ namespace transport
 	{
 		m_Establisher->CreateSessionCreatedMessage ();
 		// send message
+		m_HandshakeInterval = i2p::util::GetMillisecondsSinceEpoch ();
 		boost::asio::async_write (m_Socket, boost::asio::buffer (m_Establisher->m_SessionCreatedBuffer, m_Establisher->m_SessionCreatedBufferLen), boost::asio::transfer_all (),
 			std::bind(&NTCP2Session::HandleSessionCreatedSent, shared_from_this (), std::placeholders::_1, std::placeholders::_2));
 	}
@ -542,6 +558,7 @@ namespace transport
 		}
 		else
 		{
+			m_HandshakeInterval = i2p::util::GetMillisecondsSinceEpoch () - m_HandshakeInterval;
 			LogPrint (eLogDebug, "NTCP2: SessionCreated received ", bytes_transferred);
 			uint16_t paddingLen = 0;
 			if (m_Establisher->ProcessSessionCreatedMessage (paddingLen))
@ -563,7 +580,11 @@ namespace transport
 					SendSessionConfirmed ();
 			}
 			else
+			{
+				if (GetRemoteIdentity ())
+					i2p::data::netdb.SetUnreachable (GetRemoteIdentity ()->GetIdentHash (), true);  // assume wrong s key
 				Terminate ();
+			}	
 		}
 	}

@ -646,6 +667,7 @@ namespace transport
 		}
 		else
 		{
+			m_HandshakeInterval = i2p::util::GetMillisecondsSinceEpoch () - m_HandshakeInterval;
 			LogPrint (eLogDebug, "NTCP2: SessionConfirmed received");
 			// part 1
 			uint8_t nonce[12];
@ -683,16 +705,25 @@ namespace transport
 					i2p::data::RouterInfo ri (buf.data () + 4, size - 1); // 1 byte block type + 2 bytes size + 1 byte flag
 					if (ri.IsUnreachable ())
 					{
-						LogPrint (eLogError, "NTCP2: Signature verification failed in SessionConfirmed");
+						LogPrint (eLogError, "NTCP2: RouterInfo verification failed in SessionConfirmed from ", GetRemoteEndpoint ());
 						SendTerminationAndTerminate (eNTCP2RouterInfoSignatureVerificationFail);
 						return;
 					}
-					if (i2p::util::GetMillisecondsSinceEpoch () > ri.GetTimestamp () + i2p::data::NETDB_MIN_EXPIRATION_TIMEOUT*1000LL) // 90 minutes
+					LogPrint(eLogDebug, "NTCP2: SessionConfirmed from ", GetRemoteEndpoint (),
+						" (", i2p::data::GetIdentHashAbbreviation (ri.GetIdentHash ()), ")");
+					auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+					if (ts > ri.GetTimestamp () + i2p::data::NETDB_MIN_EXPIRATION_TIMEOUT*1000LL) // 90 minutes
 					{
-						LogPrint (eLogError, "NTCP2: RouterInfo is too old in SessionConfirmed");
+						LogPrint (eLogError, "NTCP2: RouterInfo is too old in SessionConfirmed for ", (ts - ri.GetTimestamp ())/1000LL, " seconds");
 						SendTerminationAndTerminate (eNTCP2Message3Error);
 						return;
 					}
+					if (ts + i2p::data::NETDB_EXPIRATION_TIMEOUT_THRESHOLD*1000LL < ri.GetTimestamp ()) // 2 minutes
+					{
+						LogPrint (eLogError, "NTCP2: RouterInfo is from future for ", (ri.GetTimestamp () - ts)/1000LL, " seconds");
+						SendTerminationAndTerminate (eNTCP2Message3Error);
+						return;
+					}	
 					auto addr = m_RemoteEndpoint.address ().is_v4 () ? ri.GetNTCP2V4Address () :
 						(i2p::util::net::IsYggdrasilAddress (m_RemoteEndpoint.address ()) ? ri.GetYggdrasilAddress () : ri.GetNTCP2V6Address ());
 					if (!addr || memcmp (m_Establisher->m_RemoteStaticKey, addr->s, 32))
@ -763,7 +794,7 @@ namespace transport
 	void NTCP2Session::ServerLogin ()
 	{
 		SetTerminationTimeout (NTCP2_ESTABLISH_TIMEOUT);
-		m_LastActivityTimestamp = i2p::util::GetSecondsSinceEpoch ();
+		SetLastActivityTimestamp (i2p::util::GetSecondsSinceEpoch ());
 		m_Establisher->CreateEphemeralKey ();
 		boost::asio::async_read (m_Socket, boost::asio::buffer(m_Establisher->m_SessionRequestBuffer, 64), boost::asio::transfer_all (),
 			std::bind(&NTCP2Session::HandleSessionRequestReceived, shared_from_this (),
@ -807,14 +838,19 @@ namespace transport
 				CreateNextReceivedBuffer (m_NextReceivedLen);
 				boost::system::error_code ec;
 				size_t moreBytes = m_Socket.available(ec);
-				if (!ec && moreBytes >= m_NextReceivedLen)
-				{
-					// read and process message immediately if available
-					moreBytes = boost::asio::read (m_Socket, boost::asio::buffer(m_NextReceivedBuffer, m_NextReceivedLen), boost::asio::transfer_all (), ec);
-					HandleReceived (ec, moreBytes);
-				}
+				if (!ec)
+				{	
+					if (moreBytes >= m_NextReceivedLen)
+					{
+						// read and process message immediately if available
+						moreBytes = boost::asio::read (m_Socket, boost::asio::buffer(m_NextReceivedBuffer, m_NextReceivedLen), boost::asio::transfer_all (), ec);
+						HandleReceived (ec, moreBytes);
+					}
+					else
+						Receive ();
+				}	
 				else
-					Receive ();
+					LogPrint (eLogWarning, "NTCP2: Socket error: ", ec.message ());
 			}
 			else
 			{
@ -840,15 +876,14 @@ namespace transport
 	{
 		if (ecode)
 		{
-			if (ecode != boost::asio::error::operation_aborted)
-				LogPrint (eLogWarning, "NTCP2: Receive read error: ", ecode.message ());
+			if (ecode != boost::asio::error::operation_aborted)	
+				LogPrint (eLogWarning, "NTCP2: Receive read error: ", ecode.message ());	
 			Terminate ();
 		}
 		else
 		{
-			m_LastActivityTimestamp = i2p::util::GetSecondsSinceEpoch ();
-			m_NumReceivedBytes += bytes_transferred + 2; // + length
-			i2p::transport::transports.UpdateReceivedBytes (bytes_transferred);
+			UpdateNumReceivedBytes (bytes_transferred + 2);
+			i2p::transport::transports.UpdateReceivedBytes (bytes_transferred + 2);
 			uint8_t nonce[12];
 			CreateNonce (m_ReceiveSequenceNumber, nonce); m_ReceiveSequenceNumber++;
 			if (i2p::crypto::AEADChaCha20Poly1305 (m_NextReceivedBuffer, m_NextReceivedLen-16, nullptr, 0, m_ReceiveKey, nonce, m_NextReceivedBuffer, m_NextReceivedLen, false))
@ -876,7 +911,7 @@ namespace transport
 			auto size = bufbe16toh (frame + offset);
 			offset += 2;
 			LogPrint (eLogDebug, "NTCP2: Block type ", (int)blk, " of size ", size);
-			if (size > len)
+			if (offset + size > len)
 			{
 				LogPrint (eLogError, "NTCP2: Unexpected block length ", size);
 				break;
@ -1021,6 +1056,11 @@ namespace transport
 			macBuf = m_NextSendBuffer + paddingLen;
 			totalLen += paddingLen;
 		}
+		if (totalLen > NTCP2_UNENCRYPTED_FRAME_MAX_SIZE)
+		{
+			LogPrint (eLogError, "NTCP2: Frame to send is too long ", totalLen);
+			return;
+		}	
 		uint8_t nonce[12];
 		CreateNonce (m_SendSequenceNumber, nonce); m_SendSequenceNumber++;
 		i2p::crypto::AEADChaCha20Poly1305Encrypt (encryptBufs, m_SendKey, nonce, macBuf); // encrypt buffers
@ -1045,6 +1085,12 @@ namespace transport
 			delete[] m_NextSendBuffer; m_NextSendBuffer = nullptr;
 			return;
 		}
+		if (payloadLen > NTCP2_UNENCRYPTED_FRAME_MAX_SIZE)
+		{
+			LogPrint (eLogError, "NTCP2: Buffer to send is too long ", payloadLen);
+			delete[] m_NextSendBuffer; m_NextSendBuffer = nullptr;
+			return;
+		}	
 		// encrypt
 		uint8_t nonce[12];
 		CreateNonce (m_SendSequenceNumber, nonce); m_SendSequenceNumber++;
@ -1069,11 +1115,10 @@ namespace transport
 		}
 		else
 		{
-			m_LastActivityTimestamp = i2p::util::GetSecondsSinceEpoch ();
-			m_NumSentBytes += bytes_transferred;
+			UpdateNumSentBytes (bytes_transferred);
 			i2p::transport::transports.UpdateSentBytes (bytes_transferred);
 			LogPrint (eLogDebug, "NTCP2: Next frame sent ", bytes_transferred);
-			if (m_LastActivityTimestamp > m_NextRouterInfoResendTime)
+			if (GetLastActivityTimestamp () > m_NextRouterInfoResendTime)
 			{
 				m_NextRouterInfoResendTime += NTCP2_ROUTERINFO_RESEND_INTERVAL +
 					rand ()%NTCP2_ROUTERINFO_RESEND_INTERVAL_THRESHOLD;
@ -1082,30 +1127,41 @@ namespace transport
 			else
 			{
 				SendQueue ();
-				m_SendQueueSize = m_SendQueue.size ();
+				SetSendQueueSize (m_SendQueue.size ());
 			}
 		}
 	}

 	void NTCP2Session::SendQueue ()
 	{
-		if (!m_SendQueue.empty ())
+		if (!m_SendQueue.empty () && m_IsEstablished)
 		{
 			std::vector<std::shared_ptr<I2NPMessage> > msgs;
+			auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 			size_t s = 0;
 			while (!m_SendQueue.empty ())
 			{
 				auto msg = m_SendQueue.front ();
+				if (!msg || msg->IsExpired (ts))
+				{
+					// drop null or expired message
+					if (msg) msg->Drop ();
+					m_SendQueue.pop_front ();
+					continue;
+				}	
 				size_t len = msg->GetNTCP2Length ();
 				if (s + len + 3 <= NTCP2_UNENCRYPTED_FRAME_MAX_SIZE) // 3 bytes block header
 				{
 					msgs.push_back (msg);
 					s += (len + 3);
 					m_SendQueue.pop_front ();
+					if (s >= NTCP2_SEND_AFTER_FRAME_SIZE)
+						break; // send frame right a way
 				}
 				else if (len + 3 > NTCP2_UNENCRYPTED_FRAME_MAX_SIZE)
 				{
 					LogPrint (eLogError, "NTCP2: I2NP message of size ", len, " can't be sent. Dropped");
+					msg->Drop ();
 					m_SendQueue.pop_front ();
 				}
 				else
@ -1115,13 +1171,33 @@ namespace transport
 		}
 	}

+	void NTCP2Session::MoveSendQueue (std::shared_ptr<NTCP2Session> other)
+	{
+		if (!other || m_SendQueue.empty ()) return;
+		std::vector<std::shared_ptr<I2NPMessage> > msgs;
+		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+		for (auto it: m_SendQueue)
+			if (!it->IsExpired (ts))
+				msgs.push_back (it);
+			else
+				it->Drop ();
+		m_SendQueue.clear ();
+		if (!msgs.empty ())
+			other->PostI2NPMessages (msgs);
+	}	
+		
 	size_t NTCP2Session::CreatePaddingBlock (size_t msgLen, uint8_t * buf, size_t len)
 	{
 		if (len < 3) return 0;
 		len -= 3;
 		if (msgLen < 256) msgLen = 256; // for short message padding should not be always zero
 		size_t paddingSize = (msgLen*NTCP2_MAX_PADDING_RATIO)/100;
-		if (msgLen + paddingSize + 3 > NTCP2_UNENCRYPTED_FRAME_MAX_SIZE) paddingSize = NTCP2_UNENCRYPTED_FRAME_MAX_SIZE - msgLen -3;
+		if (msgLen + paddingSize + 3 > NTCP2_UNENCRYPTED_FRAME_MAX_SIZE) 
+		{	
+			int l = (int)NTCP2_UNENCRYPTED_FRAME_MAX_SIZE - msgLen -3;
+			if (l <= 0) return 0;
+			paddingSize = l;
+		}	
 		if (paddingSize > len) paddingSize = len;
 		if (paddingSize)
 		{
@ -1130,7 +1206,7 @@ namespace transport
 				RAND_bytes ((uint8_t *)m_PaddingSizes, sizeof (m_PaddingSizes));
 				m_NextPaddingSize = 0;
 			}
-			paddingSize = m_PaddingSizes[m_NextPaddingSize++] % paddingSize;
+			paddingSize = m_PaddingSizes[m_NextPaddingSize++] % (paddingSize + 1);
 		}
 		buf[0] = eNTCP2BlkPadding; // blk
 		htobe16buf (buf + 1, paddingSize); // size
@ -1141,7 +1217,8 @@ namespace transport
 	void NTCP2Session::SendRouterInfo ()
 	{
 		if (!IsEstablished ()) return;
-		auto riLen = i2p::context.GetRouterInfo ().GetBufferLen ();
+		auto riBuffer =  i2p::context.CopyRouterInfoBuffer ();
+		auto riLen = riBuffer->GetBufferLen ();
 		size_t payloadLen = riLen + 3 + 1 + 7; // 3 bytes block header + 1 byte RI flag + 7 bytes DateTime
 		m_NextSendBuffer = new uint8_t[payloadLen + 16 + 2 + 64]; // up to 64 bytes padding
 		// DateTime	block
@ -1152,7 +1229,7 @@ namespace transport
 		m_NextSendBuffer[9] = eNTCP2BlkRouterInfo;
 		htobe16buf (m_NextSendBuffer + 10, riLen + 1); // size
 		m_NextSendBuffer[12] = 0; // flag
-		memcpy (m_NextSendBuffer + 13, i2p::context.GetRouterInfo ().GetBuffer (), riLen);
+		memcpy (m_NextSendBuffer + 13, riBuffer->data (), riLen); // TODO: eliminate extra copy
 		// padding block
 		auto paddingSize = CreatePaddingBlock (payloadLen, m_NextSendBuffer + 2 + payloadLen, 64);
 		payloadLen += paddingSize;
@ -1195,9 +1272,14 @@ namespace transport
 	void NTCP2Session::PostI2NPMessages (std::vector<std::shared_ptr<I2NPMessage> > msgs)
 	{
 		if (m_IsTerminated) return;
+		bool isSemiFull = m_SendQueue.size () > NTCP2_MAX_OUTGOING_QUEUE_SIZE/2;
 		for (auto it: msgs)
-			m_SendQueue.push_back (std::move (it));
-		if (!m_IsSending)
+			if (isSemiFull && it->onDrop)
+				it->Drop (); // drop earlier because we can handle it
+			else
+				m_SendQueue.push_back (std::move (it));
+		
+		if (!m_IsSending && m_IsEstablished)
 			SendQueue ();
 		else if (m_SendQueue.size () > NTCP2_MAX_OUTGOING_QUEUE_SIZE)
 		{
@ -1205,12 +1287,12 @@ namespace transport
 				GetIdentHashBase64(), " exceeds ", NTCP2_MAX_OUTGOING_QUEUE_SIZE);
 			Terminate ();
 		}
-		m_SendQueueSize = m_SendQueue.size ();
+		SetSendQueueSize (m_SendQueue.size ());
 	}

 	void NTCP2Session::SendLocalRouterInfo (bool update)
 	{
-		if (update || !IsOutgoing ()) // we send it in SessionConfirmed for ougoing session
+		if (update || !IsOutgoing ()) // we send it in SessionConfirmed for outgoing session
 			m_Server.GetService ().post (std::bind (&NTCP2Session::SendRouterInfo, shared_from_this ()));
 	}

@ -1238,7 +1320,7 @@ namespace transport
 				boost::system::error_code e;
 				auto itr = m_Resolver.resolve(q, e);
 				if(e)
-					LogPrint(eLogError, "NTCP2: Failed to resolve proxy ", e.message());
+					LogPrint(eLogCritical, "NTCP2: Failed to resolve proxy ", e.message());
 				else
 				{
 					m_ProxyEndpoint.reset (new boost::asio::ip::tcp::endpoint(*itr));
@ -1266,7 +1348,7 @@ namespace transport
 						}
 						catch ( std::exception & ex )
 						{
-							LogPrint(eLogError, "NTCP2: Failed to bind to v4 port ", address->port, ex.what());
+							LogPrint(eLogCritical, "NTCP2: Failed to bind to v4 port ", address->port, ex.what());
 							ThrowFatal ("Unable to start IPv4 NTCP2 transport at port ", address->port, ": ", ex.what ());
 							continue;
 						}
@ -1309,7 +1391,7 @@ namespace transport
 						}
 						catch ( std::exception & ex )
 						{
-							LogPrint(eLogError, "NTCP2: Failed to bind to v6 port ", address->port, ": ", ex.what());
+							LogPrint(eLogCritical, "NTCP2: Failed to bind to v6 port ", address->port, ": ", ex.what());
 							ThrowFatal ("Unable to start IPv6 NTCP2 transport at port ", address->port, ": ", ex.what ());
 							continue;
 						}
@ -1360,6 +1442,7 @@ namespace transport
 			{
 				// replace by new session
 				auto s = it->second;
+				s->MoveSendQueue (session);
 				m_NTCP2Sessions.erase (it);
 				s->Terminate ();
 			}
@ -1376,7 +1459,11 @@ namespace transport
 	void NTCP2Server::RemoveNTCP2Session (std::shared_ptr<NTCP2Session> session)
 	{
 		if (session && session->GetRemoteIdentity ())
-			m_NTCP2Sessions.erase (session->GetRemoteIdentity ()->GetIdentHash ());
+		{
+			auto it = m_NTCP2Sessions.find (session->GetRemoteIdentity ()->GetIdentHash ());
+			if (it != m_NTCP2Sessions.end () && it->second == session)
+				m_NTCP2Sessions.erase (it);
+		}	
 	}

 	std::shared_ptr<NTCP2Session> NTCP2Server::FindNTCP2Session (const i2p::data::IdentHash& ident)
@ -1394,7 +1481,8 @@ namespace transport
 			LogPrint (eLogError, "NTCP2: Can't connect to unspecified address");
 			return;
 		}
-		LogPrint (eLogDebug, "NTCP2: Connecting to ", conn->GetRemoteEndpoint ());
+		LogPrint (eLogDebug, "NTCP2: Connecting to ", conn->GetRemoteEndpoint (),
+			" (", i2p::data::GetIdentHashAbbreviation (conn->GetRemoteIdentity ()->GetIdentHash ()), ")");
 		GetService ().post([this, conn]()
 			{
 				if (this->AddNTCP2Session (conn))
@ -1450,7 +1538,8 @@ namespace transport
 		}
 		else
 		{
-			LogPrint (eLogDebug, "NTCP2: Connected to ", conn->GetRemoteEndpoint ());
+			LogPrint (eLogDebug, "NTCP2: Connected to ", conn->GetRemoteEndpoint (),
+				" (", i2p::data::GetIdentHashAbbreviation (conn->GetRemoteIdentity ()->GetIdentHash ()), ")");
 			conn->ClientLogin ();
 		}
 	}
@ -1464,7 +1553,7 @@ namespace transport
 			if (!ec)
 			{
 				LogPrint (eLogDebug, "NTCP2: Connected from ", ep);
-				if (!i2p::util::net::IsInReservedRange(ep.address ()))
+				if (!i2p::transport::transports.IsInReservedRange(ep.address ()))
 				{
 					if (m_PendingIncomingSessions.emplace (ep.address (), conn).second)
 					{
@ -1511,7 +1600,7 @@ namespace transport
 			if (!ec)
 			{
 				LogPrint (eLogDebug, "NTCP2: Connected from ", ep);
-				if (!i2p::util::net::IsInReservedRange(ep.address ()) ||
+				if (!i2p::transport::transports.IsInReservedRange(ep.address ()) ||
 				    i2p::util::net::IsYggdrasilAddress (ep.address ()))
 				{
 					if (m_PendingIncomingSessions.emplace (ep.address (), conn).second)
@ -1659,47 +1748,18 @@ namespace transport
 			case eSocksProxy:
 			{
 				// TODO: support username/password auth etc
-				static const uint8_t buff[3] = {SOCKS5_VER, 0x01, 0x00};
-				boost::asio::async_write(conn->GetSocket(), boost::asio::buffer(buff, 3), boost::asio::transfer_all(),
-					[] (const boost::system::error_code & ec, std::size_t transferred)
-					{
-						(void) transferred;
-						if(ec)
-						{
-							LogPrint(eLogWarning, "NTCP2: SOCKS5 write error ", ec.message());
-						}
-					});
-				auto readbuff = std::make_shared<std::vector<uint8_t> >(2);
-				boost::asio::async_read(conn->GetSocket(), boost::asio::buffer(readbuff->data (), 2),
-					[this, readbuff, timer, conn](const boost::system::error_code & ec, std::size_t transferred)
-					{
-						if(ec)
-						{
-							LogPrint(eLogError, "NTCP2: SOCKS5 read error ", ec.message());
-							timer->cancel();
-							conn->Terminate();
-							return;
-						}
-						else if(transferred == 2)
-						{
-							if((*readbuff)[1] == 0x00)
-							{
-								AfterSocksHandshake(conn, timer);
-								return;
-							}
-							else if ((*readbuff)[1] == 0xff)
-							{
-								LogPrint(eLogError, "NTCP2: SOCKS5 proxy rejected authentication");
-								timer->cancel();
-								conn->Terminate();
-								return;
-							}
-							LogPrint(eLogError, "NTCP2:", (int)(*readbuff)[1]);
-						}
-						LogPrint(eLogError, "NTCP2: SOCKS5 server gave invalid response");
+				Socks5Handshake (conn->GetSocket(), conn->GetRemoteEndpoint (),
+					[conn, timer](const boost::system::error_code& ec)
+				    {
 						timer->cancel();
-						conn->Terminate();
-					});
+						if (!ec)
+							conn->ClientLogin();
+						else
+						{
+							LogPrint(eLogError, "NTCP2: SOCKS proxy handshake error ", ec.message());
+							conn->Terminate();	
+						}		
+					});	
 				break;
 			}
 			case eHTTPProxy:
@ -1767,71 +1827,6 @@ namespace transport
 		}
 	}

-	void NTCP2Server::AfterSocksHandshake(std::shared_ptr<NTCP2Session> conn, std::shared_ptr<boost::asio::deadline_timer> timer)
-	{
-		// build request
-		size_t sz = 6; // header + port
-		auto buff = std::make_shared<std::vector<int8_t> >(256);
-		auto readbuff = std::make_shared<std::vector<int8_t> >(256);
-		(*buff)[0] = SOCKS5_VER;
-		(*buff)[1] = SOCKS5_CMD_CONNECT;
-		(*buff)[2] = 0x00;
-
-		auto& ep = conn->GetRemoteEndpoint ();
-		if(ep.address ().is_v4 ())
-		{
-			(*buff)[3] = SOCKS5_ATYP_IPV4;
-			auto addrbytes = ep.address ().to_v4().to_bytes();
-			sz += 4;
-			memcpy(buff->data () + 4, addrbytes.data(), 4);
-		}
-		else if (ep.address ().is_v6 ())
-		{
-			(*buff)[3] = SOCKS5_ATYP_IPV6;
-			auto addrbytes = ep.address ().to_v6().to_bytes();
-			sz += 16;
-			memcpy(buff->data () + 4, addrbytes.data(), 16);
-		}
-		else
-		{
-			// We mustn't really fall here because all connections are made to IP addresses
-			LogPrint(eLogError, "NTCP2: Tried to connect to unexpected address via proxy");
-			return;
-		}
-		htobe16buf(buff->data () + sz - 2, ep.port ());
-		boost::asio::async_write(conn->GetSocket(), boost::asio::buffer(buff->data (), sz), boost::asio::transfer_all(),
-			[buff](const boost::system::error_code & ec, std::size_t written)
-			{
-				if(ec)
-				{
-					LogPrint(eLogError, "NTCP2: Failed to write handshake to socks proxy ", ec.message());
-					return;
-				}
-			});
-
-		boost::asio::async_read(conn->GetSocket(), boost::asio::buffer(readbuff->data (), SOCKS5_UDP_IPV4_REQUEST_HEADER_SIZE), // read min reply size
-		    boost::asio::transfer_all(),
-			[timer, conn, readbuff](const boost::system::error_code & e, std::size_t transferred)
-			{
-				if (e)
-					LogPrint(eLogError, "NTCP2: SOCKS proxy read error ", e.message());
-				else if (!(*readbuff)[1]) // succeeded
-				{
-					boost::system::error_code ec;
-					size_t moreBytes = conn->GetSocket ().available(ec);
-					if (moreBytes) // read remaining portion of reply if ipv6 received
-						boost::asio::read (conn->GetSocket (), boost::asio::buffer(readbuff->data (), moreBytes), boost::asio::transfer_all (), ec);
-					timer->cancel();
-					conn->ClientLogin();
-					return;
-				}
-				else
-					LogPrint(eLogError, "NTCP2: Proxy reply error ", (int)(*readbuff)[1]);
-				timer->cancel();
-				conn->Terminate();
-			});
-	}
-
 	void NTCP2Server::SetLocalAddress (const boost::asio::ip::address& localAddress)
 	{
 		auto addr = std::make_shared<boost::asio::ip::tcp::endpoint>(boost::asio::ip::tcp::endpoint(localAddress, 0));
--- a/libi2pd/NTCP2.h
+++ b/libi2pd/NTCP2.h
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2022, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -28,6 +28,7 @@ namespace transport
 {

 	const size_t NTCP2_UNENCRYPTED_FRAME_MAX_SIZE = 65519;
+	const size_t NTCP2_SEND_AFTER_FRAME_SIZE = 16386; // send frame when exceeds this size
 	const size_t NTCP2_SESSION_REQUEST_MAX_SIZE = 287;
 	const size_t NTCP2_SESSION_CREATED_MAX_SIZE = 287;
 	const int NTCP2_MAX_PADDING_RATIO = 6; // in %
@ -150,7 +151,8 @@ namespace transport

 			void SendLocalRouterInfo (bool update) override; // after handshake or by update
 			void SendI2NPMessages (const std::vector<std::shared_ptr<I2NPMessage> >& msgs) override;
-
+			void MoveSendQueue (std::shared_ptr<NTCP2Session> other);
+			
 		private:

 			void Established ();
@ -266,8 +268,7 @@ namespace transport

 			void HandleConnect (const boost::system::error_code& ecode, std::shared_ptr<NTCP2Session> conn, std::shared_ptr<boost::asio::deadline_timer> timer);
 			void HandleProxyConnect(const boost::system::error_code& ecode, std::shared_ptr<NTCP2Session> conn, std::shared_ptr<boost::asio::deadline_timer> timer);
-			void AfterSocksHandshake(std::shared_ptr<NTCP2Session> conn, std::shared_ptr<boost::asio::deadline_timer> timer);
-
+			
 			// timer
 			void ScheduleTermination ();
 			void HandleTerminationTimer (const boost::system::error_code& ecode);
--- a/libi2pd/NetDb.cpp
+++ b/libi2pd/NetDb.cpp
--- a/libi2pd/NetDb.hpp
+++ b/libi2pd/NetDb.hpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -10,11 +10,12 @@
 #define NETDB_H__
 // this file is called NetDb.hpp to resolve conflict with libc's netdb.h on case insensitive fs
 #include <inttypes.h>
-#include <set>
+#include <unordered_set>
 #include <unordered_map>
 #include <string>
 #include <thread>
 #include <mutex>
+#include <future>

 #include "Base.h"
 #include "Gzip.h"
@ -38,16 +39,23 @@ namespace data
 {
 	const int NETDB_MIN_ROUTERS = 90;
 	const int NETDB_MIN_FLOODFILLS = 5;
-	const int NETDB_MIN_TUNNEL_CREATION_SUCCESS_RATE = 8; // in percents
+	const int NETDB_NUM_FLOODFILLS_THRESHOLD = 1000;
+	const int NETDB_NUM_ROUTERS_THRESHOLD = 4*NETDB_NUM_FLOODFILLS_THRESHOLD;
+	const int NETDB_TUNNEL_CREATION_RATE_THRESHOLD = 10; // in %
+	const int NETDB_CHECK_FOR_EXPIRATION_UPTIME = 600; // 10 minutes, in seconds  
 	const int NETDB_FLOODFILL_EXPIRATION_TIMEOUT = 60 * 60; // 1 hour, in seconds
-	const int NETDB_INTRODUCEE_EXPIRATION_TIMEOUT = 65 * 60;
 	const int NETDB_MIN_EXPIRATION_TIMEOUT = 90 * 60; // 1.5 hours
 	const int NETDB_MAX_EXPIRATION_TIMEOUT = 27 * 60 * 60; // 27 hours
 	const int NETDB_MAX_OFFLINE_EXPIRATION_TIMEOUT = 180; // in days
 	const int NETDB_EXPIRATION_TIMEOUT_THRESHOLD = 2*60; // 2 minutes
-	const int NETDB_MIN_HIGHBANDWIDTH_VERSION = MAKE_VERSION_NUMBER(0, 9, 51); // 0.9.51
+	const int NETDB_MIN_HIGHBANDWIDTH_VERSION = MAKE_VERSION_NUMBER(0, 9, 58); // 0.9.58
 	const int NETDB_MIN_FLOODFILL_VERSION = MAKE_VERSION_NUMBER(0, 9, 51); // 0.9.51
 	const int NETDB_MIN_SHORT_TUNNEL_BUILD_VERSION = MAKE_VERSION_NUMBER(0, 9, 51); // 0.9.51
+	const size_t NETDB_MAX_NUM_SEARCH_REPLY_PEER_HASHES = 16;
+	const size_t NETDB_MAX_EXPLORATORY_SELECTION_SIZE = 500;
+	const int NETDB_EXPLORATORY_SELECTION_UPDATE_INTERVAL = 82; // in seconds. for floodfill
+	const int NETDB_NEXT_DAY_ROUTER_INFO_THRESHOLD = 45; // in minutes
+	const int NETDB_NEXT_DAY_LEASESET_THRESHOLD = 10; // in minutes

 	/** function for visiting a leaseset stored in a floodfill */
 	typedef std::function<void(const IdentHash, std::shared_ptr<LeaseSet>)> LeaseSetVisitor;
@ -77,26 +85,22 @@ namespace data
 			std::shared_ptr<RouterProfile> FindRouterProfile (const IdentHash& ident) const;

 			void RequestDestination (const IdentHash& destination, RequestedDestination::RequestComplete requestComplete = nullptr, bool direct = true);
-			void RequestDestinationFrom (const IdentHash& destination, const IdentHash & from, bool exploritory, RequestedDestination::RequestComplete requestComplete = nullptr);
-
-			void HandleDatabaseStoreMsg (std::shared_ptr<const I2NPMessage> msg);
-			void HandleDatabaseSearchReplyMsg (std::shared_ptr<const I2NPMessage> msg);
-			void HandleDatabaseLookupMsg (std::shared_ptr<const I2NPMessage> msg);
-			void HandleNTCP2RouterInfoMsg (std::shared_ptr<const I2NPMessage> m);
-
+			
 			std::shared_ptr<const RouterInfo> GetRandomRouter () const;
-			std::shared_ptr<const RouterInfo> GetRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith, bool reverse) const;
-			std::shared_ptr<const RouterInfo> GetHighBandwidthRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith, bool reverse) const;
-			std::shared_ptr<const RouterInfo> GetRandomSSU2PeerTestRouter (bool v4, const std::set<IdentHash>& excluded) const;
-			std::shared_ptr<const RouterInfo> GetRandomSSU2Introducer (bool v4, const std::set<IdentHash>& excluded) const;
-			std::shared_ptr<const RouterInfo> GetClosestFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded) const;
+			std::shared_ptr<const RouterInfo> GetRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith, bool reverse, bool endpoint) const;
+			std::shared_ptr<const RouterInfo> GetHighBandwidthRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith, bool reverse, bool endpoint) const;
+			std::shared_ptr<const RouterInfo> GetRandomSSU2PeerTestRouter (bool v4, const std::unordered_set<IdentHash>& excluded) const;
+			std::shared_ptr<const RouterInfo> GetRandomSSU2Introducer (bool v4, const std::unordered_set<IdentHash>& excluded) const;
+			std::shared_ptr<const RouterInfo> GetClosestFloodfill (const IdentHash& destination, const std::unordered_set<IdentHash>& excluded, bool nextDay = false) const;
 			std::vector<IdentHash> GetClosestFloodfills (const IdentHash& destination, size_t num,
-				std::set<IdentHash>& excluded, bool closeThanUsOnly = false) const;
-			std::shared_ptr<const RouterInfo> GetClosestNonFloodfill (const IdentHash& destination, const std::set<IdentHash>& excluded) const;
+				std::unordered_set<IdentHash>& excluded, bool closeThanUsOnly = false) const;
+			std::vector<IdentHash> GetExploratoryNonFloodfill (const IdentHash& destination, size_t num, const std::unordered_set<IdentHash>& excluded);
 			std::shared_ptr<const RouterInfo> GetRandomRouterInFamily (FamilyID fam) const;
 			void SetUnreachable (const IdentHash& ident, bool unreachable);
+			void ExcludeReachableTransports (const IdentHash& ident, RouterInfo::CompatibleTransports transports);

 			void PostI2NPMsg (std::shared_ptr<const I2NPMessage> msg);
+			void PostDatabaseSearchReplyMsg (std::shared_ptr<const I2NPMessage> msg); // to NetdbReq thread

 			void Reseed ();
 			Families& GetFamilies () { return m_Families; };
@ -116,7 +120,11 @@ namespace data
 			size_t VisitRandomRouterInfos(RouterInfoFilter f, RouterInfoVisitor v, size_t n);

 			void ClearRouterInfos () { m_RouterInfos.clear (); };
-			std::shared_ptr<RouterInfo::Buffer> NewRouterInfoBuffer () { return m_RouterInfoBuffersPool.AcquireSharedMt (); };
+			template<typename... TArgs>
+			std::shared_ptr<RouterInfo::Buffer> NewRouterInfoBuffer (TArgs&&... args) 
+			{ 
+				return m_RouterInfoBuffersPool.AcquireSharedMt (std::forward<TArgs>(args)...); 
+			}
 			bool PopulateRouterInfoBuffer (std::shared_ptr<RouterInfo> r);
 			std::shared_ptr<RouterInfo::Address> NewRouterInfoAddress () { return m_RouterInfoAddressesPool.AcquireSharedMt (); };
 			boost::shared_ptr<RouterInfo::Addresses> NewRouterInfoAddresses ()
@ -127,17 +135,19 @@ namespace data
 						&m_RouterInfoAddressVectorsPool, std::placeholders::_1));
 			};
 			std::shared_ptr<Lease> NewLease (const Lease& lease) { return m_LeasesPool.AcquireSharedMt (lease); };
-
-			uint32_t GetPublishReplyToken () const { return m_PublishReplyToken; };
+			std::shared_ptr<IdentityEx> NewIdentity (const uint8_t * buf, size_t len) { return m_IdentitiesPool.AcquireSharedMt (buf, len); };
+			std::shared_ptr<RouterProfile> NewRouterProfile () { return m_RouterProfilesPool.AcquireSharedMt (); };

 		private:

 			void Load ();
 			bool LoadRouterInfo (const std::string& path, uint64_t ts);
 			void SaveUpdated ();
-			void Run (); // exploratory thread
-			void Explore (int numDestinations);
-			void Flood (const IdentHash& ident, std::shared_ptr<I2NPMessage> floodMsg);
+			void PersistRouters (std::list<std::pair<std::string, std::shared_ptr<RouterInfo::Buffer> > >&& update, 
+				std::list<std::string>&& remove);
+			void Run (); 
+			void Flood (const IdentHash& ident, std::shared_ptr<I2NPMessage> floodMsg, bool andNextDay = false);
+			void ManageRouterInfos ();
 			void ManageLeaseSets ();
 			void ManageRequests ();

@ -149,6 +159,10 @@ namespace data
 			template<typename Filter>
 			std::shared_ptr<const RouterInfo> GetRandomRouter (Filter filter) const;

+			void HandleDatabaseStoreMsg (std::shared_ptr<const I2NPMessage> msg);
+			void HandleDatabaseLookupMsg (std::shared_ptr<const I2NPMessage> msg);
+			void HandleNTCP2RouterInfoMsg (std::shared_ptr<const I2NPMessage> m);
+
 		private:

 			mutable std::mutex m_LeaseSetsMutex;
@ -167,21 +181,20 @@ namespace data
 			Families m_Families;
 			i2p::fs::HashedStorage m_Storage;

-			friend class NetDbRequests;
-			NetDbRequests m_Requests;
+			std::shared_ptr<NetDbRequests> m_Requests;

 			bool m_PersistProfiles;
+			std::future<void> m_SavingProfiles, m_DeletingProfiles, m_PersistingRouters;

-			/** router info we are bootstrapping from or nullptr if we are not currently doing that*/
-			std::shared_ptr<RouterInfo> m_FloodfillBootstrap;
-
-			std::set<IdentHash> m_PublishExcluded;
-			uint32_t m_PublishReplyToken = 0;
+			std::vector<std::shared_ptr<const RouterInfo> > m_ExploratorySelection;
+			uint64_t m_LastExploratorySelectionUpdateTime; // in monotonic seconds

 			i2p::util::MemoryPoolMt<RouterInfo::Buffer> m_RouterInfoBuffersPool;
 			i2p::util::MemoryPoolMt<RouterInfo::Address> m_RouterInfoAddressesPool;
 			i2p::util::MemoryPoolMt<RouterInfo::Addresses> m_RouterInfoAddressVectorsPool;
 			i2p::util::MemoryPoolMt<Lease> m_LeasesPool;
+			i2p::util::MemoryPoolMt<IdentityEx> m_IdentitiesPool;
+			i2p::util::MemoryPoolMt<RouterProfile> m_RouterProfilesPool;
 	};

 	extern NetDb netdb;
--- a/libi2pd/NetDbRequests.cpp
+++ b/libi2pd/NetDbRequests.cpp
@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2020, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@ -10,12 +10,28 @@
 #include "I2NPProtocol.h"
 #include "Transports.h"
 #include "NetDb.hpp"
+#include "ECIESX25519AEADRatchetSession.h"
+#include "RouterContext.h"
+#include "Timestamp.h"
 #include "NetDbRequests.h"

 namespace i2p
 {
 namespace data
 {
+	RequestedDestination::RequestedDestination (const IdentHash& destination, bool isExploratory, bool direct):
+		m_Destination (destination), m_IsExploratory (isExploratory), m_IsDirect (direct), m_IsActive (true),
+		m_CreationTime (i2p::util::GetSecondsSinceEpoch ()), m_LastRequestTime (0), m_NumAttempts (0)
+	{
+		if (i2p::context.IsFloodfill ())
+			m_ExcludedPeers.insert (i2p::context.GetIdentHash ()); // exclude self if floodfill
+	}
+		
+	RequestedDestination::~RequestedDestination () 
+	{ 
+		InvokeRequestComplete (nullptr);
+	}
+		
 	std::shared_ptr<I2NPMessage> RequestedDestination::CreateRequestMessage (std::shared_ptr<const RouterInfo> router,
 		std::shared_ptr<const i2p::tunnel::InboundTunnel> replyTunnel)
 	{
@ -28,7 +44,8 @@ namespace data
 			msg = i2p::CreateRouterInfoDatabaseLookupMsg(m_Destination, i2p::context.GetIdentHash(), 0, m_IsExploratory, &m_ExcludedPeers);
 		if(router)
 			m_ExcludedPeers.insert (router->GetIdentHash ());
-		m_CreationTime = i2p::util::GetSecondsSinceEpoch ();
+		m_LastRequestTime = i2p::util::GetSecondsSinceEpoch ();
+		m_NumAttempts++;
 		return msg;
 	}

@ -37,80 +54,154 @@ namespace data
 		auto msg = i2p::CreateRouterInfoDatabaseLookupMsg (m_Destination,
 			i2p::context.GetRouterInfo ().GetIdentHash () , 0, false, &m_ExcludedPeers);
 		m_ExcludedPeers.insert (floodfill);
-		m_CreationTime = i2p::util::GetSecondsSinceEpoch ();
+		m_NumAttempts++;
+		m_LastRequestTime = i2p::util::GetSecondsSinceEpoch ();
 		return msg;
 	}

+	bool RequestedDestination::IsExcluded (const IdentHash& ident) const 
+	{ 
+		return m_ExcludedPeers.count (ident); 
+	}
+		
 	void RequestedDestination::ClearExcludedPeers ()
 	{
 		m_ExcludedPeers.clear ();
 	}

+	void RequestedDestination::InvokeRequestComplete (std::shared_ptr<RouterInfo> r)
+	{
+		if (!m_RequestComplete.empty ())
+		{	
+			for (auto it: m_RequestComplete)
+				if (it != nullptr) it (r);
+			m_RequestComplete.clear ();
+		}	
+	}	
+		
 	void RequestedDestination::Success (std::shared_ptr<RouterInfo> r)
 	{
-		if (m_RequestComplete)
-		{
-			m_RequestComplete (r);
-			m_RequestComplete = nullptr;
-		}
+		if (m_IsActive)
+		{	
+			m_IsActive = false;
+			InvokeRequestComplete (r);
+		}	
 	}

 	void RequestedDestination::Fail ()
 	{
-		if (m_RequestComplete)
-		{
-			m_RequestComplete (nullptr);
-			m_RequestComplete = nullptr;
-		}
+		if (m_IsActive)
+		{	
+			m_IsActive = false;
+			InvokeRequestComplete (nullptr);
+		}	
 	}

+	NetDbRequests::NetDbRequests ():
+		RunnableServiceWithWork ("NetDbReq"),
+		m_ManageRequestsTimer (GetIOService ()), m_ExploratoryTimer (GetIOService ()),
+		m_CleanupTimer (GetIOService ()), m_DiscoveredRoutersTimer (GetIOService ()),
+		m_Rng(i2p::util::GetMonotonicMicroseconds () % 1000000LL) 
+	{
+	}
+		
+	NetDbRequests::~NetDbRequests ()
+	{
+		Stop ();
+	}	
+		
 	void NetDbRequests::Start ()
 	{
+		if (!IsRunning ())
+		{	
+			StartIOService ();
+			ScheduleManageRequests ();
+			ScheduleCleanup ();
+			if (!i2p::context.IsHidden ())
+				ScheduleExploratory (EXPLORATORY_REQUEST_INTERVAL);
+		}	
 	}

 	void NetDbRequests::Stop ()
 	{
-		m_RequestedDestinations.clear ();
+		if (IsRunning ())
+		{	
+			m_ManageRequestsTimer.cancel ();
+			m_ExploratoryTimer.cancel ();
+			m_CleanupTimer.cancel ();
+			StopIOService ();
+		
+			m_RequestedDestinations.clear ();
+			m_RequestedDestinationsPool.CleanUpMt ();
+		}	
 	}

-
-	std::shared_ptr<RequestedDestination> NetDbRequests::CreateRequest (const IdentHash& destination, bool isExploratory, RequestedDestination::RequestComplete requestComplete)
+	void NetDbRequests::ScheduleCleanup ()
 	{
-		// request RouterInfo directly
-		auto dest = std::make_shared<RequestedDestination> (destination, isExploratory);
-		dest->SetRequestComplete (requestComplete);
+		m_CleanupTimer.expires_from_now (boost::posix_time::seconds(REQUESTED_DESTINATIONS_POOL_CLEANUP_INTERVAL));
+		m_CleanupTimer.async_wait (std::bind (&NetDbRequests::HandleCleanupTimer,
+			this, std::placeholders::_1));
+	}	
+		
+	void NetDbRequests::HandleCleanupTimer (const boost::system::error_code& ecode)
+	{		
+		if (ecode != boost::asio::error::operation_aborted)
 		{
-			std::unique_lock<std::mutex> l(m_RequestedDestinationsMutex);
-			if (!m_RequestedDestinations.insert (std::make_pair (destination, dest)).second) // not inserted
-				return nullptr;
-		}
+			m_RequestedDestinationsPool.CleanUpMt ();
+			ScheduleCleanup ();
+		}	
+	}
+		
+	std::shared_ptr<RequestedDestination> NetDbRequests::CreateRequest (const IdentHash& destination, 
+		bool isExploratory, bool direct, RequestedDestination::RequestComplete requestComplete)
+	{
+		// request RouterInfo directly
+		auto dest = m_RequestedDestinationsPool.AcquireSharedMt (destination, isExploratory, direct);
+		if (requestComplete)
+			dest->AddRequestComplete (requestComplete);
+		
+		auto ret = m_RequestedDestinations.emplace (destination, dest);
+		if (!ret.second) // not inserted
+		{	
+			dest->ResetRequestComplete (); // don't call requestComplete in destructor	
+			dest = ret.first->second; // existing one
+			if (requestComplete)
+			{	
+				if (dest->IsActive ())
+					dest->AddRequestComplete (requestComplete);
+				else
+					requestComplete (nullptr);
+			}	
+			return nullptr;
+		}	
 		return dest;
 	}

 	void NetDbRequests::RequestComplete (const IdentHash& ident, std::shared_ptr<RouterInfo> r)
 	{
-		std::shared_ptr<RequestedDestination> request;
-		{
-			std::unique_lock<std::mutex> l(m_RequestedDestinationsMutex);
-			auto it = m_RequestedDestinations.find (ident);
-			if (it != m_RequestedDestinations.end ())
-			{
-				request = it->second;
-				m_RequestedDestinations.erase (it);
-			}
-		}
-		if (request)
-		{
-			if (r)
-				request->Success (r);
-			else
-				request->Fail ();
-		}
+		GetIOService ().post ([this, ident, r]()
+			{                      
+				std::shared_ptr<RequestedDestination> request;
+				auto it = m_RequestedDestinations.find (ident);
+				if (it != m_RequestedDestinations.end ())
+				{
+					request = it->second;
+					if (request->IsExploratory ())
+						m_RequestedDestinations.erase (it);
+					// otherwise cache for a while
+				}
+				if (request)
+				{
+					if (r)
+						request->Success (r);
+					else
+						request->Fail ();
+				}
+			});
 	}

 	std::shared_ptr<RequestedDestination> NetDbRequests::FindRequest (const IdentHash& ident) const
 	{
-		std::unique_lock<std::mutex> l(m_RequestedDestinationsMutex);
 		auto it = m_RequestedDestinations.find (ident);
 		if (it != m_RequestedDestinations.end ())
 			return it->second;
@ -120,49 +211,345 @@ namespace data
 	void NetDbRequests::ManageRequests ()
 	{
 		uint64_t ts = i2p::util::GetSecondsSinceEpoch ();
-		std::unique_lock<std::mutex> l(m_RequestedDestinationsMutex);
 		for (auto it = m_RequestedDestinations.begin (); it != m_RequestedDestinations.end ();)
 		{
 			auto& dest = it->second;
-			bool done = false;
-			if (ts < dest->GetCreationTime () + 60) // request is worthless after 1 minute
-			{
-				if (ts > dest->GetCreationTime () + 5) // no response for 5 seconds
-				{
-					auto count = dest->GetExcludedPeers ().size ();
-					if (!dest->IsExploratory () && count < 7)
+			if (dest->IsActive () || ts < dest->GetCreationTime () + REQUEST_CACHE_TIME)
+			{	
+				if (!dest->IsExploratory ())
+				{	
+					// regular request
+					bool done = false;
+					if (ts < dest->GetCreationTime () + MAX_REQUEST_TIME)
+					{
+						if (ts > dest->GetLastRequestTime () + MIN_REQUEST_TIME) // try next floodfill if no response after min interval
+							done = !SendNextRequest (dest);
+					}
+					else // request is expired
+						done = true;
+					if (done)
+						dest->Fail ();
+					it++;
+				}	
+				else
+				{	
+					// exploratory
+					if (ts >= dest->GetCreationTime () + MAX_EXPLORATORY_REQUEST_TIME)
 					{
-						auto pool = i2p::tunnel::tunnels.GetExploratoryPool ();
+						dest->Fail ();
+						it = m_RequestedDestinations.erase (it); // delete expired exploratory request right a way
+					}	
+					else
+						it++;
+				}	
+			}	
+			else
+				it = m_RequestedDestinations.erase (it);
+		}
+	}
+
+	bool NetDbRequests::SendNextRequest (std::shared_ptr<RequestedDestination> dest)
+	{
+		if (!dest || !dest->IsActive ()) return false;
+		bool ret = true;
+		auto count = dest->GetNumAttempts ();
+		if (!dest->IsExploratory () && count < MAX_NUM_REQUEST_ATTEMPTS)
+		{
+			auto nextFloodfill = netdb.GetClosestFloodfill (dest->GetDestination (), dest->GetExcludedPeers ());
+			if (nextFloodfill)
+			{	
+				bool direct = dest->IsDirect ();
+				if (direct && !nextFloodfill->IsReachableFrom (i2p::context.GetRouterInfo ()) &&
+					!i2p::transport::transports.IsConnected (nextFloodfill->GetIdentHash ()))
+					direct = false; // floodfill can't be reached directly
+				auto s = shared_from_this ();
+				auto onDrop = [s, dest]()
+					{
+						if (dest->IsActive ())
+						{
+							s->GetIOService ().post ([s, dest]()
+								{
+									if (dest->IsActive ()) s->SendNextRequest (dest);
+								});
+						}	
+					};		
+				if (direct)
+				{
+					if (CheckLogLevel (eLogDebug))
+						LogPrint (eLogDebug, "NetDbReq: Try ", dest->GetDestination ().ToBase64 (), " at ", count, " floodfill ", nextFloodfill->GetIdentHash ().ToBase64 (), " directly");
+					auto msg = dest->CreateRequestMessage (nextFloodfill->GetIdentHash ());
+					msg->onDrop = onDrop; 
+					i2p::transport::transports.SendMessage (nextFloodfill->GetIdentHash (), msg);
+				}	
+				else
+				{	
+					auto pool = i2p::tunnel::tunnels.GetExploratoryPool ();
+					if (pool)
+					{	
 						auto outbound = pool->GetNextOutboundTunnel ();
 						auto inbound = pool->GetNextInboundTunnel ();
-						auto nextFloodfill = netdb.GetClosestFloodfill (dest->GetDestination (), dest->GetExcludedPeers ());
 						if (nextFloodfill && outbound && inbound)
-							outbound->SendTunnelDataMsg (nextFloodfill->GetIdentHash (), 0,
-								dest->CreateRequestMessage (nextFloodfill, inbound));
+						{
+							if (CheckLogLevel (eLogDebug))
+								LogPrint (eLogDebug, "NetDbReq: Try ", dest->GetDestination ().ToBase64 (), " at ", count, " floodfill ", nextFloodfill->GetIdentHash ().ToBase64 (), " through tunnels");
+							auto msg = dest->CreateRequestMessage (nextFloodfill, inbound); 
+							msg->onDrop = onDrop;
+							outbound->SendTunnelDataMsgTo (nextFloodfill->GetIdentHash (), 0,
+								i2p::garlic::WrapECIESX25519MessageForRouter (msg, nextFloodfill->GetIdentity ()->GetEncryptionPublicKey ()));
+						}	
 						else
 						{
-							done = true;
+							ret = false;
 							if (!inbound) LogPrint (eLogWarning, "NetDbReq: No inbound tunnels");
 							if (!outbound) LogPrint (eLogWarning, "NetDbReq: No outbound tunnels");
-							if (!nextFloodfill) LogPrint (eLogWarning, "NetDbReq: No more floodfills");
 						}
-					}
+					}	
 					else
 					{
-						if (!dest->IsExploratory ())
-							LogPrint (eLogWarning, "NetDbReq: ", dest->GetDestination ().ToBase64 (), " not found after 7 attempts");
-						done = true;
-					}
-				}
+						ret = false;
+						LogPrint (eLogWarning, "NetDbReq: Exploratory pool is not ready");
+					}	
+				}		
 			}
-			else // delete obsolete request
-				done = true;
+			else
+			{
+				ret = false;
+				LogPrint (eLogWarning, "NetDbReq: No more floodfills for ", dest->GetDestination ().ToBase64 (), " after ", count, "attempts");
+			}	
+		}
+		else
+		{
+			if (!dest->IsExploratory ())
+				LogPrint (eLogWarning, "NetDbReq: ", dest->GetDestination ().ToBase64 (), " not found after ", MAX_NUM_REQUEST_ATTEMPTS," attempts");
+			ret = false;
+		}
+		return ret;
+	}	

-			if (done)
-				it = m_RequestedDestinations.erase (it);
+	void NetDbRequests::ScheduleManageRequests ()
+	{
+		m_ManageRequestsTimer.expires_from_now (boost::posix_time::seconds(MANAGE_REQUESTS_INTERVAL));
+		m_ManageRequestsTimer.async_wait (std::bind (&NetDbRequests::HandleManageRequestsTimer,
+			this, std::placeholders::_1));
+	}
+		
+	void NetDbRequests::HandleManageRequestsTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			if (i2p::tunnel::tunnels.GetExploratoryPool ()) // expolratory pool is ready?
+				ManageRequests ();
+			ScheduleManageRequests ();
+		}	
+	}	
+
+	void NetDbRequests::PostDatabaseSearchReplyMsg (std::shared_ptr<const I2NPMessage> msg)
+	{
+		GetIOService ().post ([this, msg]()
+			{
+				HandleDatabaseSearchReplyMsg (msg);
+			});	
+	}	
+
+	void NetDbRequests::HandleDatabaseSearchReplyMsg (std::shared_ptr<const I2NPMessage> msg)
+	{
+		const uint8_t * buf = msg->GetPayload ();
+		char key[48];
+		int l = i2p::data::ByteStreamToBase64 (buf, 32, key, 48);
+		key[l] = 0;
+		size_t num = buf[32]; // num
+		LogPrint (eLogDebug, "NetDbReq: DatabaseSearchReply for ", key, " num=", num);
+		IdentHash ident (buf);
+		bool isExploratory = false;
+		auto dest = FindRequest (ident);
+		if (dest && dest->IsActive ())
+		{
+			isExploratory = dest->IsExploratory ();
+			if (!isExploratory && (num > 0 || dest->GetNumAttempts () < 3)) // before 3-rd attempt might be just bad luck
+			{	
+				// try to send next requests
+				if (!SendNextRequest (dest))
+					RequestComplete (ident, nullptr);
+			}	
+			else
+				// no more requests for destination possible. delete it
+				RequestComplete (ident, nullptr);
+		}
+		else /*if (!m_FloodfillBootstrap)*/
+		{	
+			LogPrint (eLogInfo, "NetDbReq: Unsolicited or late database search reply for ", key);
+			return;
+		}	
+
+		// try responses
+		if (num > NETDB_MAX_NUM_SEARCH_REPLY_PEER_HASHES)
+		{
+			LogPrint (eLogWarning, "NetDbReq: Too many peer hashes ", num, " in database search reply, Reduced to ", NETDB_MAX_NUM_SEARCH_REPLY_PEER_HASHES);
+			num = NETDB_MAX_NUM_SEARCH_REPLY_PEER_HASHES;
+		}	
+		if (isExploratory && !m_DiscoveredRouterHashes.empty ())
+		{
+			// request outstanding routers
+			for (auto it: m_DiscoveredRouterHashes)
+				RequestRouter (it);
+			m_DiscoveredRouterHashes.clear ();
+			m_DiscoveredRoutersTimer.cancel ();
+		}	
+		for (size_t i = 0; i < num; i++)
+		{
+			IdentHash router (buf + 33 + i*32);
+			if (CheckLogLevel (eLogDebug))
+				LogPrint (eLogDebug, "NetDbReq: ", i, ": ", router.ToBase64 ());
+
+			if (isExploratory)
+				// postpone request
+				m_DiscoveredRouterHashes.push_back (router);
+			else	
+				// send request right a way
+				RequestRouter (router);
+		}
+		if (isExploratory && !m_DiscoveredRouterHashes.empty ())
+			ScheduleDiscoveredRoutersRequest (); 	
+	}	
+
+	void NetDbRequests::RequestRouter (const IdentHash& router)
+	{		
+		auto r = netdb.FindRouter (router);
+		if (!r || i2p::util::GetMillisecondsSinceEpoch () > r->GetTimestamp () + 3600*1000LL)
+		{
+			// router with ident not found or too old (1 hour)
+			LogPrint (eLogDebug, "NetDbReq: Found new/outdated router. Requesting RouterInfo...");
+			if (!IsRouterBanned (router))
+				RequestDestination (router, nullptr, true);
+			else
+				LogPrint (eLogDebug, "NetDbReq: Router ", router.ToBase64 (), " is banned. Skipped");
+		}
+		else
+			LogPrint (eLogDebug, "NetDbReq: [:|||:]");
+	}	
+		
+	void NetDbRequests::PostRequestDestination (const IdentHash& destination, 
+		const RequestedDestination::RequestComplete& requestComplete, bool direct)
+	{
+		GetIOService ().post ([this, destination, requestComplete, direct]()
+			{
+				RequestDestination (destination, requestComplete, direct);
+			});	
+	}
+		
+	void NetDbRequests::RequestDestination (const IdentHash& destination, const RequestedDestination::RequestComplete& requestComplete, bool direct)
+	{
+		auto dest = CreateRequest (destination, false, direct, requestComplete); // non-exploratory
+		if (dest)
+		{	
+			if (!SendNextRequest (dest))
+				RequestComplete (destination, nullptr);
+		}	
+		else
+			LogPrint (eLogWarning, "NetDbReq: Destination ", destination.ToBase64(), " is requested already or cached");
+	}	
+
+	void NetDbRequests::Explore (int numDestinations)
+	{
+		// new requests
+		auto exploratoryPool = i2p::tunnel::tunnels.GetExploratoryPool ();
+		auto outbound = exploratoryPool ? exploratoryPool->GetNextOutboundTunnel () : nullptr;
+		auto inbound = exploratoryPool ? exploratoryPool->GetNextInboundTunnel () : nullptr;
+		bool throughTunnels = outbound && inbound;
+
+		uint8_t randomHash[32];
+		std::vector<i2p::tunnel::TunnelMessageBlock> msgs;
+		LogPrint (eLogInfo, "NetDbReq: Exploring new ", numDestinations, " routers ...");
+		for (int i = 0; i < numDestinations; i++)
+		{
+			RAND_bytes (randomHash, 32);
+			auto dest = CreateRequest (randomHash, true, !throughTunnels); // exploratory
+			if (!dest)
+			{
+				LogPrint (eLogWarning, "NetDbReq: Exploratory destination is requested already");
+				return;
+			}
+			auto floodfill = netdb.GetClosestFloodfill (randomHash, dest->GetExcludedPeers ());
+			if (floodfill)
+			{
+				if (i2p::transport::transports.IsConnected (floodfill->GetIdentHash ()))
+					throughTunnels = false;
+				if (throughTunnels)
+				{
+					msgs.push_back (i2p::tunnel::TunnelMessageBlock
+						{
+							i2p::tunnel::eDeliveryTypeRouter,
+							floodfill->GetIdentHash (), 0,
+							CreateDatabaseStoreMsg () // tell floodfill about us
+						});
+					msgs.push_back (i2p::tunnel::TunnelMessageBlock
+						{
+							i2p::tunnel::eDeliveryTypeRouter,
+							floodfill->GetIdentHash (), 0,
+							dest->CreateRequestMessage (floodfill, inbound) // explore
+						});
+				}
+				else
+					i2p::transport::transports.SendMessage (floodfill->GetIdentHash (), dest->CreateRequestMessage (floodfill->GetIdentHash ()));
+			}
 			else
-				++it;
+				RequestComplete (randomHash, nullptr);
 		}
+		if (throughTunnels && msgs.size () > 0)
+			outbound->SendTunnelDataMsgs (msgs);
+	}	
+
+	void NetDbRequests::ScheduleExploratory (uint64_t interval)
+	{
+		m_ExploratoryTimer.expires_from_now (boost::posix_time::seconds(interval));
+		m_ExploratoryTimer.async_wait (std::bind (&NetDbRequests::HandleExploratoryTimer,
+			this, std::placeholders::_1));
 	}
+		
+	void NetDbRequests::HandleExploratoryTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			auto numRouters = netdb.GetNumRouters ();
+			auto nextExploratoryInterval = numRouters < 2500 ? (EXPLORATORY_REQUEST_INTERVAL + m_Rng () % EXPLORATORY_REQUEST_INTERVAL)/2 :
+				EXPLORATORY_REQUEST_INTERVAL + m_Rng () % EXPLORATORY_REQUEST_INTERVAL_VARIANCE;
+			if (numRouters)
+			{	
+				if (i2p::transport::transports.IsOnline () && i2p::transport::transports.IsRunning ()) 
+				{	
+					// explore only if online
+					numRouters = 800/numRouters;
+					if (numRouters < 1) numRouters = 1;
+					if (numRouters > 9) numRouters = 9;
+					Explore (numRouters);
+				}	
+			}	
+			else
+				LogPrint (eLogError, "NetDbReq: No known routers, reseed seems to be totally failed");
+			ScheduleExploratory (nextExploratoryInterval);
+		}	
+	}	
+
+	void NetDbRequests::ScheduleDiscoveredRoutersRequest ()
+	{
+		m_DiscoveredRoutersTimer.expires_from_now (boost::posix_time::milliseconds(
+			DISCOVERED_REQUEST_INTERVAL + m_Rng () % DISCOVERED_REQUEST_INTERVAL_VARIANCE));
+		m_DiscoveredRoutersTimer.async_wait (std::bind (&NetDbRequests::HandleDiscoveredRoutersTimer,
+			this, std::placeholders::_1));
+	}	
+
+	void NetDbRequests::HandleDiscoveredRoutersTimer (const boost::system::error_code& ecode)
+	{
+		if (ecode != boost::asio::error::operation_aborted)
+		{
+			if (!m_DiscoveredRouterHashes.empty ())
+			{
+				RequestRouter (m_DiscoveredRouterHashes.front ());
+				m_DiscoveredRouterHashes.pop_front ();
+				if (!m_DiscoveredRouterHashes.empty ()) // more hashes to request
+					ScheduleDiscoveredRoutersRequest ();
+			}	
+		}	
+	}	
 }
 }
--- a/Show More
+++ b/Show More