Merge pull request #859 from PurpleI2P/openssl

recent changes

ClientContext.cpp

@@ -10,6 +10,7 @@
 #include "ClientContext.h"
 #include "SOCKS.h"
 #include "WebSocks.h"
+#include "MatchedDestination.h"
 
 namespace i2p
 {
@@ -308,7 +309,7 @@ namespace client
 	}
 
 	std::shared_ptr<ClientDestination> ClientContext::CreateNewLocalDestination (bool isPublic, i2p::data::SigningKeyType sigType,
-		const std::map<std::string, std::string> * params)
+     const std::map<std::string, std::string> * params)
 	{
 		i2p::data::PrivateKeys keys = i2p::data::PrivateKeys::CreateRandomKeys (sigType);
 		auto localDestination = std::make_shared<ClientDestination> (keys, isPublic, params);
@@ -318,6 +319,16 @@ namespace client
 		return localDestination;
 	}
 
+	std::shared_ptr<ClientDestination> ClientContext::CreateNewMatchedTunnelDestination(const i2p::data::PrivateKeys &keys, const std::string & name, const std::map<std::string, std::string> * params)
+	{
+		MatchedTunnelDestination * cl = new MatchedTunnelDestination(keys, name, params);
+		auto localDestination = std::shared_ptr<ClientDestination>(cl);
+		std::unique_lock<std::mutex> l(m_DestinationsMutex);
+		m_Destinations[localDestination->GetIdentHash ()] = localDestination;
+		localDestination->Start ();
+		return localDestination;
+	}
+
 	void ClientContext::DeleteLocalDestination (std::shared_ptr<ClientDestination> destination)
 	{
 		if (!destination) return;
@@ -440,6 +451,7 @@ namespace client
 						dest = section.second.get<std::string> (I2P_CLIENT_TUNNEL_DESTINATION);
 					int port = section.second.get<int> (I2P_CLIENT_TUNNEL_PORT);
 					// optional params
+					bool matchTunnels = section.second.get(I2P_CLIENT_TUNNEL_MATCH_TUNNELS, false);
 					std::string keys = section.second.get (I2P_CLIENT_TUNNEL_KEYS, "");
 					std::string address = section.second.get (I2P_CLIENT_TUNNEL_ADDRESS, "127.0.0.1");
 					int destinationPort = section.second.get (I2P_CLIENT_TUNNEL_DESTINATION_PORT, 0);
@@ -456,9 +468,15 @@ namespace client
 						{
 							localDestination = FindLocalDestination (k.GetPublic ()->GetIdentHash ());
 							if (!localDestination)
-								localDestination = CreateNewLocalDestination (k, type == I2P_TUNNELS_SECTION_TYPE_UDPCLIENT, &options);
+							{
+								if(matchTunnels)
+									localDestination = CreateNewMatchedTunnelDestination(k, dest, &options);
+								else
+									localDestination = CreateNewLocalDestination (k, type == I2P_TUNNELS_SECTION_TYPE_UDPCLIENT, &options);
+							}
 						}
 					}
+
 					if (type == I2P_TUNNELS_SECTION_TYPE_UDPCLIENT) {
 						// udp client
 						// TODO: hostnames

ClientContext.h

@@ -35,6 +35,7 @@ namespace client
 	const char I2P_CLIENT_TUNNEL_KEYS[] = "keys";
 	const char I2P_CLIENT_TUNNEL_SIGNATURE_TYPE[] = "signaturetype";
 	const char I2P_CLIENT_TUNNEL_DESTINATION_PORT[] = "destinationport";
+	const char I2P_CLIENT_TUNNEL_MATCH_TUNNELS[] = "matchtunnels";
 	const char I2P_SERVER_TUNNEL_HOST[] = "host";
 	const char I2P_SERVER_TUNNEL_HOST_OVERRIDE[] = "hostoverride";
 	const char I2P_SERVER_TUNNEL_PORT[] = "port";
@@ -47,6 +48,7 @@ namespace client
 	const char I2P_SERVER_TUNNEL_ADDRESS[] = "address";
 	const char I2P_SERVER_TUNNEL_ENABLE_UNIQUE_LOCAL[] = "enableuniquelocal";
 
+
 	class ClientContext
 	{
 		public:
@@ -63,7 +65,8 @@ namespace client
 			std::shared_ptr<ClientDestination> CreateNewLocalDestination (bool isPublic = false, i2p::data::SigningKeyType sigType = i2p::data::SIGNING_KEY_TYPE_DSA_SHA1,
 			    const std::map<std::string, std::string> * params = nullptr); // transient
 			std::shared_ptr<ClientDestination> CreateNewLocalDestination (const i2p::data::PrivateKeys& keys, bool isPublic = true,
-				const std::map<std::string, std::string> * params = nullptr);
+    																																const std::map<std::string, std::string> * params = nullptr);
+			std::shared_ptr<ClientDestination> CreateNewMatchedTunnelDestination(const i2p::data::PrivateKeys &keys, const std::string & name, const std::map<std::string, std::string> * params = nullptr);
 			void DeleteLocalDestination (std::shared_ptr<ClientDestination> destination);
 			std::shared_ptr<ClientDestination> FindLocalDestination (const i2p::data::IdentHash& destination) const;
 			bool LoadPrivateKeys (i2p::data::PrivateKeys& keys, const std::string& filename, i2p::data::SigningKeyType sigType = i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256);

Config.cpp

@@ -53,7 +53,7 @@ namespace config {
       ("service",   value<bool>()->zero_tokens()->default_value(false), "Router will use system folders like '/var/lib/i2pd'")
       ("notransit", value<bool>()->zero_tokens()->default_value(false), "Router will not accept transit tunnels at startup")
       ("floodfill", value<bool>()->zero_tokens()->default_value(false), "Router will be floodfill")
-      ("bandwidth", value<std::string>()->default_value(""), "Bandwidth limit: integer in kbps or letters: L (32), O (256), P (2048), X (>9000)")
+      ("bandwidth", value<std::string>()->default_value(""), "Bandwidth limit: integer in KBps or letters: L (32), O (256), P (2048), X (>9000)")
       ("ntcp", value<bool>()->zero_tokens()->default_value(true), "Enable NTCP transport")
       ("ssu", value<bool>()->zero_tokens()->default_value(true), "Enable SSU transport")
 #ifdef _WIN32
@@ -94,6 +94,7 @@ namespace config {
 	  ("httpproxy.latency.min",    value<std::string>()->default_value("0"),  "HTTP proxy min latency for tunnels")	
 	  ("httpproxy.latency.max",   value<std::string>()->default_value("0"),  "HTTP proxy max latency for tunnels")
 			("httpproxy.outproxy", value<std::string>()->default_value(""), "HTTP proxy upstream out proxy url")
+	  ("httpproxy.addresshelper",   value<bool>()->default_value(true),                         "Enable or disable addresshelper")
       ;
 
     options_description socksproxy("SOCKS Proxy options");

Datagram.cpp

@@ -255,9 +255,11 @@ namespace datagram
 			}
 			if(m_CurrentRemoteLease && m_CurrentRemoteLease->ExpiresWithin(DATAGRAM_SESSION_LEASE_HANDOVER_WINDOW)) {
 				// bad lease, switch to next one
+				if(m_RemoteLeaseSet && m_RemoteLeaseSet->IsExpired())
+					m_RemoteLeaseSet = m_LocalDestination->FindLeaseSet(m_RemoteIdent);
 				if(m_RemoteLeaseSet) {
 					auto ls = m_RemoteLeaseSet->GetNonExpiredLeasesExcluding([&](const i2p::data::Lease& l) -> bool {
-							return l.tunnelGateway == m_CurrentRemoteLease->tunnelGateway;
+							return l.tunnelID == m_CurrentRemoteLease->tunnelID;
 					});
 					auto sz = ls.size();
 					if (sz) {
@@ -278,7 +280,7 @@ namespace datagram
 				m_CurrentOutboundTunnel = m_LocalDestination->GetTunnelPool()->GetNextOutboundTunnel(m_CurrentOutboundTunnel);
 			}
 			// switch lease if bad
-			if(m_CurrentRemoteLease == nullptr || m_CurrentRemoteLease->ExpiresWithin(DATAGRAM_SESSION_LEASE_HANDOVER_WINDOW)) {
+			if(m_CurrentRemoteLease && m_CurrentRemoteLease->ExpiresWithin(DATAGRAM_SESSION_LEASE_HANDOVER_WINDOW)) {
 				if(!m_RemoteLeaseSet) {
 					m_RemoteLeaseSet = m_LocalDestination->FindLeaseSet(m_RemoteIdent);
 				}
@@ -299,6 +301,17 @@ namespace datagram
 					LogPrint(eLogWarning, "DatagramSession: no remote lease set found for ", m_RemoteIdent.ToBase32());
 					return nullptr;
 				}
+			} else if (!m_CurrentRemoteLease) {
+				if(!m_RemoteLeaseSet) m_RemoteLeaseSet = m_LocalDestination->FindLeaseSet(m_RemoteIdent);
+				if (m_RemoteLeaseSet)
+				{
+					auto ls = m_RemoteLeaseSet->GetNonExpiredLeases();
+					auto sz = ls.size();
+					if (sz) {
+						auto idx = rand() % sz;
+						m_CurrentRemoteLease = ls[idx];
+					}
+				}
 			}
 			path->outboundTunnel = m_CurrentOutboundTunnel;
 			path->remoteLease = m_CurrentRemoteLease;
@@ -346,7 +359,7 @@ namespace datagram
 
 	void DatagramSession::ScheduleFlushSendQueue()
 	{
-		boost::posix_time::milliseconds dlt(100);
+		boost::posix_time::milliseconds dlt(10);
 		m_SendQueueTimer.expires_from_now(dlt);
 		auto self = shared_from_this();
 		m_SendQueueTimer.async_wait([self](const boost::system::error_code & ec) { if(ec) return; self->FlushSendQueue(); });

Datagram.h

@@ -26,7 +26,7 @@ namespace datagram
 	// milliseconds interval a routing path is used before switching
 	const uint64_t DATAGRAM_SESSION_PATH_SWITCH_INTERVAL = 20 * 60 * 1000;
 	// milliseconds before lease expire should we try switching leases
-	const uint64_t DATAGRAM_SESSION_LEASE_HANDOVER_WINDOW = 10 * 1000;
+	const uint64_t DATAGRAM_SESSION_LEASE_HANDOVER_WINDOW = 30 * 1000;
 	// milliseconds fudge factor for leases handover
 	const uint64_t DATAGRAM_SESSION_LEASE_HANDOVER_FUDGE = 1000;
 	// milliseconds minimum time between path switches
@@ -103,7 +103,7 @@ namespace datagram
 		public:
 
 
-			DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner);
+    DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner);
 			~DatagramDestination ();
 
     	void SendDatagramTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash & ident, uint16_t fromPort = 0, uint16_t toPort = 0);
@@ -147,4 +147,3 @@ namespace datagram
 }
 
 #endif
-

Destination.h

@@ -175,8 +175,8 @@ namespace client
 			ClientDestination (const i2p::data::PrivateKeys& keys, bool isPublic, const std::map<std::string, std::string> * params = nullptr);
 			~ClientDestination ();
 
-			bool Start ();
+			virtual bool Start ();
-			bool Stop ();
+			virtual bool Stop ();
 
 			const i2p::data::PrivateKeys& GetPrivateKeys () const { return m_Keys; };
 			void Sign (const uint8_t * buf, int len, uint8_t * signature) const { m_Keys.Sign (buf, len, signature); };

Garlic.cpp

@@ -437,17 +437,18 @@ namespace garlic
 		if (it != m_Tags.end ())
 		{
 			// tag found. Use AES
+			auto decryption = it->second;
+			m_Tags.erase (it); // tag might be used only once	
 			if (length >= 32)
 			{	
 				uint8_t iv[32]; // IV is first 16 bytes
 				SHA256(buf, 32, iv);
-				it->second->SetIV (iv);
+				decryption->SetIV (iv);
-				it->second->Decrypt (buf + 32, length - 32, buf + 32);
+				decryption->Decrypt (buf + 32, length - 32, buf + 32);
-				HandleAESBlock (buf + 32, length - 32, it->second, msg->from);
+				HandleAESBlock (buf + 32, length - 32, decryption, msg->from);
 			}	
 			else
 				LogPrint (eLogWarning, "Garlic: message length ", length, " is less than 32 bytes");
-			m_Tags.erase (it); // tag might be used only once	
 		}
 		else
 		{

Gost.cpp

@@ -438,5 +438,92 @@ namespace crypto
 		memset (iv, 0, 64);
 		H (iv, buf, len, digest);
 	}
+
+	// reverse order
+	struct GOSTR3411_2012_CTX
+	{
+		GOST3411Block h, N, s, m;
+		size_t len;
+		bool is512;
+	};
+	
+	GOSTR3411_2012_CTX * GOSTR3411_2012_CTX_new ()
+	{
+		return new GOSTR3411_2012_CTX;
+	}
+
+	void GOSTR3411_2012_CTX_free (GOSTR3411_2012_CTX * ctx)
+	{
+		delete ctx;
+	}
+
+	void GOSTR3411_2012_CTX_Init (GOSTR3411_2012_CTX * ctx, bool is512)
+	{
+		uint8_t iv[64];
+		memset (iv, is512 ? 0 : 1, 64);
+		memcpy (ctx->h.buf, iv, 64);
+		memset (ctx->N.buf, 0, 64);
+		memset (ctx->s.buf, 0, 64);
+		ctx->len = 0;
+		ctx->is512 = is512;
+	}
+
+	void GOSTR3411_2012_CTX_Update (const uint8_t * buf, size_t len, GOSTR3411_2012_CTX * ctx)
+	{
+		if (!len) return;
+		if (ctx->len > 0) // something left from buffer
+		{
+			size_t l = 64 - ctx->len;
+			if (len < l) l = len;
+			for (size_t i = 0; i < l; i++)
+				ctx->m.buf[ctx->len + i] = buf[l-i-1]; // invert	 
+			ctx->len += l; len -= l; buf += l;
+
+			ctx->h = gN (ctx->N, ctx->h, ctx->m);
+			ctx->N.Add (512);
+			ctx->s = ctx->m + ctx->s;
+		}
+		while (len >= 64)
+		{
+			for (size_t i = 0; i < 64; i++)
+				ctx->m.buf[i] = buf[63-i]; // invert	
+			len -= 64; buf += 64;
+			ctx->h = gN (ctx->N, ctx->h, ctx->m);
+			ctx->N.Add (512);
+			ctx->s = ctx->m + ctx->s;
+		}
+		if (len > 0) // carry remaining
+		{
+			for (size_t i = 0; i < len; i++)
+				ctx->m.buf[i] = buf[len-i-1]; // invert
+		}
+		ctx->len = len;
+	}
+
+	void GOSTR3411_2012_CTX_Finish (uint8_t * digest, GOSTR3411_2012_CTX * ctx)
+	{
+		GOST3411Block m;	
+		size_t padding = 64 - ctx->len;
+		if (padding)
+		{
+			memset (m.buf, 0, padding - 1);
+			m.buf[padding - 1] = 1;
+		}
+		memcpy (m.buf + padding, ctx->m.buf, ctx->len);
+
+		ctx->h = gN (ctx->N, ctx->h, m);
+		ctx->N.Add (ctx->len*8);	
+		ctx->s = m + ctx->s;
+	
+		GOST3411Block N0;
+		memset (N0.buf, 0, 64);
+		ctx->h = gN (N0, ctx->h, ctx->N);
+		ctx->h = gN (N0, ctx->h, ctx->s);
+		
+		size_t sz = ctx->is512 ? 64 : 32;
+		for (size_t i = 0; i < sz; i++)
+			digest[i] = ctx->h.buf[sz - i - 1];
+	}
+
 }
 }

Gost.h

@@ -45,8 +45,17 @@ namespace crypto
 
 	std::unique_ptr<GOSTR3410Curve>& GetGOSTR3410Curve (GOSTR3410ParamSet paramSet);
 
+// Big Endian
 	void GOSTR3411_2012_256 (const uint8_t * buf, size_t len, uint8_t * digest);
 	void GOSTR3411_2012_512 (const uint8_t * buf, size_t len, uint8_t * digest);	
+
+// Little Endian
+	struct GOSTR3411_2012_CTX;
+	GOSTR3411_2012_CTX * GOSTR3411_2012_CTX_new ();
+	void GOSTR3411_2012_CTX_Init (GOSTR3411_2012_CTX * ctx, bool is512 = true);
+	void GOSTR3411_2012_CTX_Update (const uint8_t * buf, size_t len, GOSTR3411_2012_CTX * ctx);
+	void GOSTR3411_2012_CTX_Finish (uint8_t * digest, GOSTR3411_2012_CTX * ctx);	
+	void GOSTR3411_2012_CTX_free (GOSTR3411_2012_CTX * ctx);
 }
 }
 

HTTPProxy.cpp

@@ -237,7 +237,15 @@ namespace proxy {
 		LogPrint(eLogDebug, "HTTPProxy: requested: ", m_ClientRequest.uri);
 		m_RequestURL.parse(m_ClientRequest.uri);
 
-		if (ExtractAddressHelper(m_RequestURL, b64)) {
+		if (ExtractAddressHelper(m_RequestURL, b64)) 
+		{
+			bool addresshelper; i2p::config::GetOption("httpproxy.addresshelper", addresshelper);
+			if (!addresshelper)
+			{
+				LogPrint(eLogWarning, "HTTPProxy: addresshelper disabled");
+				GenericProxyError("Invalid request", "adddresshelper is not supported");
+				return true; 
+			}
 			i2p::client::context.GetAddressBook ().InsertAddress (m_RequestURL.host, b64);
 			LogPrint (eLogInfo, "HTTPProxy: added b64 from addresshelper for ", m_RequestURL.host);
 			std::string full_url = m_RequestURL.to_string();

I2NPProtocol.h

@@ -209,6 +209,7 @@ namespace tunnel
 
 	std::shared_ptr<I2NPMessage> NewI2NPMessage ();
 	std::shared_ptr<I2NPMessage> NewI2NPShortMessage ();
+	std::shared_ptr<I2NPMessage> NewI2NPTunnelMessage ();
 	std::shared_ptr<I2NPMessage> NewI2NPMessage (size_t len);
 	
 	std::shared_ptr<I2NPMessage> CreateI2NPMessage (I2NPMessageType msgType, const uint8_t * buf, size_t len, uint32_t replyMsgID = 0);	

LeaseSet.h

@@ -30,7 +30,8 @@ namespace data
 		bool ExpiresWithin( const uint64_t t, const uint64_t fudge = 1000 ) const {
 			auto expire = i2p::util::GetMillisecondsSinceEpoch ();
 			if(fudge) expire += rand() % fudge;
-			return endDate - expire >= t;
+			if (endDate < expire) return true;
+			return (endDate - expire) < t;
 		}
 	};	
 

MatchedDestination.cpp

@@ -0,0 +1,113 @@
+#include "MatchedDestination.h"
+#include "Log.h"
+#include "ClientContext.h"
+
+
+namespace i2p
+{
+namespace client
+{
+	MatchedTunnelDestination::MatchedTunnelDestination(const i2p::data::PrivateKeys & keys, const std::string & remoteName, const std::map<std::string, std::string> * params)
+		: ClientDestination(keys, false, params),
+			m_RemoteName(remoteName) {}
+
+
+	void MatchedTunnelDestination::ResolveCurrentLeaseSet()
+	{
+		if(i2p::client::context.GetAddressBook().GetIdentHash(m_RemoteName, m_RemoteIdent))
+		{
+			auto ls = FindLeaseSet(m_RemoteIdent);
+			if(ls)
+			{
+				HandleFoundCurrentLeaseSet(ls);
+			}
+			else
+				RequestDestination(m_RemoteIdent, std::bind(&MatchedTunnelDestination::HandleFoundCurrentLeaseSet, this, std::placeholders::_1));
+		}
+		else
+			LogPrint(eLogWarning, "Destination: failed to resolve ", m_RemoteName);
+	}
+
+	void MatchedTunnelDestination::HandleFoundCurrentLeaseSet(std::shared_ptr<const i2p::data::LeaseSet> ls)
+	{
+		if(ls)
+		{
+			LogPrint(eLogDebug, "Destination: resolved remote lease set for ", m_RemoteName);
+			m_RemoteLeaseSet = ls;
+		}
+		else
+		{
+			m_ResolveTimer->expires_from_now(boost::posix_time::seconds(1));
+			m_ResolveTimer->async_wait([&](const boost::system::error_code & ec) {
+					if(!ec)	ResolveCurrentLeaseSet();
+			});
+		}
+	}
+
+
+	bool MatchedTunnelDestination::Start()
+	{
+		if(ClientDestination::Start())
+		{
+			m_ResolveTimer = std::make_shared<boost::asio::deadline_timer>(GetService());
+			GetTunnelPool()->SetCustomPeerSelector(this);
+			ResolveCurrentLeaseSet();
+			return true;
+		}
+		else
+			return false;
+	}
+
+	bool MatchedTunnelDestination::Stop()
+	{
+		if(ClientDestination::Stop())
+		{
+			if(m_ResolveTimer)
+				m_ResolveTimer->cancel();
+			return true;
+		}
+		else
+			return false;
+	}
+
+
+	bool MatchedTunnelDestination::SelectPeers(i2p::tunnel::Path & path, int hops, bool inbound)
+	{
+		auto pool = GetTunnelPool();
+		if(!i2p::tunnel::StandardSelectPeers(path, hops, inbound, std::bind(&i2p::tunnel::TunnelPool::SelectNextHop, pool, std::placeholders::_1)))
+			return false;
+		// more here for outbound tunnels
+		if(!inbound && m_RemoteLeaseSet)
+		{
+			if(m_RemoteLeaseSet->IsExpired())
+			{
+				ResolveCurrentLeaseSet();
+			}
+			if(m_RemoteLeaseSet && !m_RemoteLeaseSet->IsExpired())
+			{
+				// remote lease set is good
+				auto leases = m_RemoteLeaseSet->GetNonExpiredLeases();
+				// pick lease
+				std::shared_ptr<i2p::data::RouterInfo> obep;
+				while(!obep && leases.size() > 0) {
+					auto idx = rand() % leases.size();
+					auto lease = leases[idx];
+					obep = i2p::data::netdb.FindRouter(lease->tunnelGateway);
+					leases.erase(leases.begin()+idx);
+				}
+				if(obep) {
+					path.push_back(obep->GetRouterIdentity());
+					LogPrint(eLogDebug, "Destination: found OBEP matching IBGW");
+				} else
+					LogPrint(eLogWarning, "Destination: could not find proper IBGW for matched outbound tunnel");
+			}
+		}
+		return true;
+	}
+
+	bool MatchedTunnelDestination::OnBuildResult(const i2p::tunnel::Path & path, bool inbound, i2p::tunnel::TunnelBuildResult result)
+	{
+		return true;
+	}
+}
+}

MatchedDestination.h

@@ -0,0 +1,36 @@
+#ifndef MATCHED_DESTINATION_H_
+#define MATCHED_DESTINATION_H_
+#include "Destination.h"
+#include <string>
+
+namespace i2p
+{
+namespace client
+{
+	/**
+		 client tunnel that uses same OBEP as IBGW of each remote lease for a remote destination
+	 */
+	class MatchedTunnelDestination : public ClientDestination, public i2p::tunnel::ITunnelPeerSelector
+	{
+	public:
+		MatchedTunnelDestination(const i2p::data::PrivateKeys& keys, const std::string & remoteName, const std::map<std::string, std::string> * params = nullptr);
+		bool Start();
+		bool Stop();
+
+		bool SelectPeers(i2p::tunnel::Path & peers, int hops, bool inbound);
+		bool OnBuildResult(const i2p::tunnel::Path & peers, bool inbound, i2p::tunnel::TunnelBuildResult result);
+
+	private:
+		void ResolveCurrentLeaseSet();
+		void HandleFoundCurrentLeaseSet(std::shared_ptr<const i2p::data::LeaseSet> ls);
+
+	private:
+		std::string m_RemoteName;
+		i2p::data::IdentHash m_RemoteIdent;
+		std::shared_ptr<const i2p::data::LeaseSet> m_RemoteLeaseSet;
+		std::shared_ptr<boost::asio::deadline_timer> m_ResolveTimer;
+	};
+}
+}
+
+#endif

TunnelEndpoint.cpp

@@ -99,7 +99,7 @@ namespace tunnel
 				if (fragment + size < decrypted + TUNNEL_DATA_ENCRYPTED_SIZE)
 				{
 					// this is not last message. we have to copy it
-					m.data = NewI2NPShortMessage ();
+					m.data = NewI2NPTunnelMessage ();
 					m.data->offset += TUNNEL_GATEWAY_HEADER_SIZE; // reserve room for TunnelGateway header
 					m.data->len += TUNNEL_GATEWAY_HEADER_SIZE;
 					*(m.data) = *msg;
@@ -154,7 +154,7 @@ namespace tunnel
 				{	
 					if (msg.data->len + size > msg.data->maxLen)
 					{
-						LogPrint (eLogWarning, "TunnelMessage: I2NP message size ", msg.data->maxLen, " is not enough");
+					//	LogPrint (eLogWarning, "TunnelMessage: I2NP message size ", msg.data->maxLen, " is not enough");
 						auto newMsg = NewI2NPMessage ();
 						*newMsg = *(msg.data);
 						msg.data = newMsg;

TunnelPool.cpp

@@ -372,20 +372,8 @@ namespace tunnel
 		return hop;
 	}
 
-	bool TunnelPool::SelectPeers (std::vector<std::shared_ptr<const i2p::data::IdentityEx> >& peers, bool isInbound)
+	bool StandardSelectPeers(Path & peers, int numHops, bool inbound, SelectHopFunc nextHop)
 	{
-		int numHops = isInbound ? m_NumInboundHops : m_NumOutboundHops;
-		// peers is empty
-		if (numHops <= 0) return true; 
-		// custom peer selector in use ?
-		{
-			std::lock_guard<std::mutex> lock(m_CustomPeerSelectorMutex);
-			if (m_CustomPeerSelector)
-					return m_CustomPeerSelector->SelectPeers(peers, numHops, isInbound);
-		}
-		// explicit peers in use
-		if (m_ExplicitPeers) return SelectExplicitPeers (peers, isInbound);
-
 		auto prevHop = i2p::context.GetSharedRouterInfo ();
 		if(i2p::transport::transports.RoutesRestricted())
 		{
@@ -408,7 +396,7 @@ namespace tunnel
 
 		for(int i = 0; i < numHops; i++ )
 		{
-			auto hop = SelectNextHop (prevHop);
+			auto hop = nextHop (prevHop);
 			if (!hop)
 			{
 				LogPrint (eLogError, "Tunnels: Can't select next hop for ", prevHop->GetIdentHashBase64 ());
@@ -420,6 +408,22 @@ namespace tunnel
 		return true;
 	}
 
+	bool TunnelPool::SelectPeers (std::vector<std::shared_ptr<const i2p::data::IdentityEx> >& peers, bool isInbound)
+	{
+		int numHops = isInbound ? m_NumInboundHops : m_NumOutboundHops;
+		// peers is empty
+		if (numHops <= 0) return true;
+		// custom peer selector in use ?
+		{
+			std::lock_guard<std::mutex> lock(m_CustomPeerSelectorMutex);
+			if (m_CustomPeerSelector)
+					return m_CustomPeerSelector->SelectPeers(peers, numHops, isInbound);
+		}
+		// explicit peers in use
+		if (m_ExplicitPeers) return SelectExplicitPeers (peers, isInbound);
+		return StandardSelectPeers(peers, numHops, isInbound, std::bind(&TunnelPool::SelectNextHop, this, std::placeholders::_1));
+	}
+
 	bool TunnelPool::SelectExplicitPeers (std::vector<std::shared_ptr<const i2p::data::IdentityEx> >& peers, bool isInbound)
 	{
 		int size = m_ExplicitPeers->size ();
@@ -535,7 +539,7 @@ namespace tunnel
 		tunnel->SetTunnelPool (shared_from_this ());
 	}
 
-	void TunnelPool::SetCustomPeerSelector(TunnelPeerSelector selector)
+	void TunnelPool::SetCustomPeerSelector(ITunnelPeerSelector * selector)
 	{
 		std::lock_guard<std::mutex> lock(m_CustomPeerSelectorMutex);
 		m_CustomPeerSelector = selector;

TunnelPool.h

@@ -30,17 +30,21 @@ namespace tunnel
 		eBuildResultTimeout // tunnel build timed out
 	};
 
+	typedef std::shared_ptr<const i2p::data::IdentityEx> Peer;
+	typedef std::vector<Peer> Path;
+
 	/** interface for custom tunnel peer selection algorithm */
 	struct ITunnelPeerSelector
 	{
-		typedef std::shared_ptr<const i2p::data::IdentityEx> Peer;
+		virtual ~ITunnelPeerSelector() {};
-		typedef std::vector<Peer> TunnelPath;
+		virtual bool SelectPeers(Path & peers, int hops, bool isInbound) = 0;
-		
+		virtual bool OnBuildResult(const Path & peers, bool isInbound, TunnelBuildResult result) = 0;
-		virtual bool SelectPeers(TunnelPath & peers, int hops, bool isInbound) = 0;
-		virtual bool OnBuildResult(TunnelPath & peers, bool isInbound, TunnelBuildResult result) = 0;
 	};
 
-	typedef std::shared_ptr<ITunnelPeerSelector> TunnelPeerSelector;
+
+	typedef std::function<std::shared_ptr<const i2p::data::RouterInfo>(std::shared_ptr<const i2p::data::RouterInfo>)> SelectHopFunc;
+	// standard peer selection algorithm
+	bool StandardSelectPeers(Path & path, int hops, bool inbound, SelectHopFunc nextHop);
 
 	class TunnelPool: public std::enable_shared_from_this<TunnelPool> // per local destination
 	{
@@ -75,7 +79,7 @@ namespace tunnel
 			int GetNumInboundTunnels () const { return m_NumInboundTunnels; };
 			int GetNumOutboundTunnels () const { return m_NumOutboundTunnels; };
 
-			void SetCustomPeerSelector(TunnelPeerSelector selector);
+			void SetCustomPeerSelector(ITunnelPeerSelector * selector);
 			void UnsetCustomPeerSelector();
 			bool HasCustomPeerSelector();
 
@@ -91,6 +95,9 @@ namespace tunnel
 
 		void OnTunnelBuildResult(std::shared_ptr<Tunnel> tunnel, TunnelBuildResult result);
 
+		// for overriding tunnel peer selection
+		std::shared_ptr<const i2p::data::RouterInfo> SelectNextHop (std::shared_ptr<const i2p::data::RouterInfo> prevHop) const;
+
 		private:
 
 			void CreateInboundTunnel ();
@@ -98,7 +105,6 @@ namespace tunnel
 			void CreatePairedInboundTunnel (std::shared_ptr<OutboundTunnel> outboundTunnel);
 			template<class TTunnels>
 			typename TTunnels::value_type GetNextTunnel (TTunnels& tunnels, typename TTunnels::value_type excluded) const;
-			std::shared_ptr<const i2p::data::RouterInfo> SelectNextHop (std::shared_ptr<const i2p::data::RouterInfo> prevHop) const;
 			bool SelectPeers (std::vector<std::shared_ptr<const i2p::data::IdentityEx> >& hops, bool isInbound);
 			bool SelectExplicitPeers (std::vector<std::shared_ptr<const i2p::data::IdentityEx> >& hops, bool isInbound);
 
@@ -115,7 +121,7 @@ namespace tunnel
 			std::map<uint32_t, std::pair<std::shared_ptr<OutboundTunnel>, std::shared_ptr<InboundTunnel> > > m_Tests;
 			bool m_IsActive;
 			std::mutex m_CustomPeerSelectorMutex;
-			TunnelPeerSelector m_CustomPeerSelector;
+			ITunnelPeerSelector * m_CustomPeerSelector;
 
 		uint64_t m_MinLatency=0; // if > 0 this tunnel pool will try building tunnels with minimum latency by ms
 		uint64_t m_MaxLatency=0; // if > 0 this tunnel pool will try building tunnels with maximum latency by ms
@@ -131,4 +137,3 @@ namespace tunnel
 }
 
 #endif
-

android/jni/Android.mk

@@ -61,7 +61,8 @@ LOCAL_SRC_FILES := DaemonAndroid.cpp i2pd_android.cpp \
 	../../Event.cpp \
 	../../Gost.cpp \
 	../../WebSocks.cpp \
-../../BloomFilter.cpp \
+	../../BloomFilter.cpp \
+	../../MatchedDestination.cpp \
     ../../util.cpp \
      ../../i2pd.cpp ../../UPnP.cpp
 

build/CMakeLists.txt

@@ -92,6 +92,7 @@ set (CLIENT_SRC
   "${CMAKE_SOURCE_DIR}/AddressBook.cpp"
   "${CMAKE_SOURCE_DIR}/BOB.cpp"
   "${CMAKE_SOURCE_DIR}/ClientContext.cpp"
+  "${CMAKE_SOURCE_DIR}/MatchedDestination.cpp"
   "${CMAKE_SOURCE_DIR}/I2PTunnel.cpp"
   "${CMAKE_SOURCE_DIR}/I2PService.cpp"
   "${CMAKE_SOURCE_DIR}/SAM.cpp"

contrib/i2pd.conf

@@ -64,7 +64,7 @@ ipv6 = false
 # nat = true
 
 ## Bandwidth configuration
-## L limit bandwidth to 32Kbs/sec, O - to 256Kbs/sec, P - to 2048Kbs/sec,
+## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec,
 ## X - unlimited
 ## Default is X for floodfill, L for regular node
 # bandwidth = L

filelist.mk

@@ -8,10 +8,9 @@ LIB_SRC = \
   Config.cpp HTTP.cpp Timestamp.cpp util.cpp api.cpp Event.cpp Gost.cpp
 
 LIB_CLIENT_SRC = \
-	AddressBook.cpp BOB.cpp ClientContext.cpp I2PTunnel.cpp I2PService.cpp \
+	AddressBook.cpp BOB.cpp ClientContext.cpp I2PTunnel.cpp I2PService.cpp MatchedDestination.cpp \
 	SAM.cpp SOCKS.cpp HTTPProxy.cpp I2CP.cpp WebSocks.cpp
 
 # also: Daemon{Linux,Win32}.cpp will be added later
 DAEMON_SRC = \
 	HTTPServer.cpp I2PControl.cpp UPnP.cpp Daemon.cpp i2pd.cpp
-

qt/i2pd_qt/i2pd_qt.pro

@@ -36,7 +36,8 @@ SOURCES += DaemonQT.cpp mainwindow.cpp \
 	../../SSUData.cpp ../../SSUSession.cpp ../../Streaming.cpp ../../TransitTunnel.cpp \
 	../../Transports.cpp ../../Tunnel.cpp ../../TunnelEndpoint.cpp ../../TunnelGateway.cpp \
 	../../TunnelPool.cpp ../../UPnP.cpp ../../Gzip.cpp ../../Timestamp.cpp ../../util.cpp \
-	../../Event.cpp ../../BloomFiler.cpp ../../Gost.cpp ../../i2pd.cpp
+	../../Event.cpp ../../BloomFiler.cpp ../../Gost.cpp ../../MatchedDestination.cpp \
+	../../i2pd.cpp
 
 HEADERS  += DaemonQT.h mainwindow.h \
 	../../HTTPServer.h ../../I2PControl.h ../../UPnP.h ../../Daemon.h ../../Config.h \
@@ -51,7 +52,7 @@ HEADERS  += DaemonQT.h mainwindow.h \
 	../../TransportSession.h ../../Tunnel.h ../../TunnelBase.h ../../TunnelConfig.h \
 	../../TunnelEndpoint.h ../../TunnelGateway.h ../../TunnelPool.h ../../UPnP.h \
 	../../util.h ../../version.h ../../Gzip.h ../../Tag.h \
-	../../BloomFiler.h ../../Event.h ../../Gost.h
+	../../BloomFiler.h ../../Event.h ../../Gost.h ../../MatchedDestination.h
 
 FORMS += mainwindow.ui