3rdparty/wolfssl/CMakeLists.txt

@@ -46,21 +46,34 @@ set(WOLFSSL_DEFINITIONS)
 set(WOLFSSL_LINK_LIBS)
 #set(WOLFSSL_INSTALL_LIBS)
 
+set(WOLFSSL_ECC "yes")
+set(WOLFSSL_CURVE25519 "yes")
+set(WOLFSSL_ED25519 "yes")
+set(WOLFSSL_CURVE448 "yes")
+set(WOLFSSL_ED448 "yes")
+set(WOLFSSL_FE448 "yes")
+set(WOLFSSL_GE448 "yes")
+set(WOLFSSL_FEMATH "yes")
+set(WOLFSSL_GEMATH "yes")
+set(WOLFSSL_PSK "yes")
+set(WOLFSSL_OPENSSLEXTRA "yes")
+list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_STATIC_DH")
 list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_STATIC_RSA")
 list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_STATIC_PSK")
-list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_STATIC_DH")
-list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_OPENSSLEXTRA")
+list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ED25519")
+list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CURVE25519")
+list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ED448")
+list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CURVE448")
+list(APPEND WOLFSSL_DEFINITIONS "-DOPENSSL_EXTRA")
 list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_SUPPORTED_CURVES")
 list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_TLS_EXTENSIONS")
 list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC")
 list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_AES")
 list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_AESGCM")
 list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_AESGCM_DECRYPT")
-list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA384")
-list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CHACHA")
-list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_POLY1305")
-list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_TLS_EXTENSIONS")
-list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_SNI")
+
+#list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AESNI")
+list(APPEND WOLFSSL_DEFINITIONS "-DDEBUG_WOLFSSL")
 
 include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/functions.cmake)
 
@@ -184,6 +197,8 @@ find_package(Threads)
 # Example for map file and custom linker script
 #set(CMAKE_EXE_LINKER_FLAGS " -Xlinker -Map=output.map -T\"${CMAKE_CURRENT_SOURCE_DIR}/linker.ld\"")
 
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -msse4.2 -m64")
+
 ####################################################
 # Build Options
 ####################################################
@@ -983,11 +998,8 @@ if (WOLFSSL_TLS13)
         "-DWOLFSSL_TLS13"
         "-DHAVE_TLS_EXTENSIONS"
         "-DHAVE_SUPPORTED_CURVES")
+    message("[+] TLS1.3 enabled")
 endif()
-list(APPEND WOLFSSL_DEFINITIONS
-    "-DWOLFSSL_TLS13"
-    "-DHAVE_TLS_EXTENSIONS"
-    "-DHAVE_SUPPORTED_CURVES")
 
 # TODO: - Session ticket
 

3rdparty/wolfssl/cyassl/options.h

@@ -18,17 +18,29 @@
 extern "C" {
 #endif
 
+#undef  WOLFSSL_STATIC_DH
+#define WOLFSSL_STATIC_DH
+
 #undef  WOLFSSL_STATIC_RSA
 #define WOLFSSL_STATIC_RSA
 
 #undef  WOLFSSL_STATIC_PSK
 #define WOLFSSL_STATIC_PSK
 
-#undef  WOLFSSL_STATIC_DH
-#define WOLFSSL_STATIC_DH
+#undef  HAVE_ED25519
+#define HAVE_ED25519
+
+#undef  HAVE_CURVE25519
+#define HAVE_CURVE25519
+
+#undef  HAVE_ED448
+#define HAVE_ED448
+
+#undef  HAVE_CURVE448
+#define HAVE_CURVE448
 
-#undef  WOLFSSL_OPENSSLEXTRA
-#define WOLFSSL_OPENSSLEXTRA
+#undef  OPENSSL_EXTRA
+#define OPENSSL_EXTRA
 
 #undef  HAVE_SUPPORTED_CURVES
 #define HAVE_SUPPORTED_CURVES
@@ -48,20 +60,8 @@ extern "C" {
 #undef  HAVE_AESGCM_DECRYPT
 #define HAVE_AESGCM_DECRYPT
 
-#undef  WOLFSSL_SHA384
-#define WOLFSSL_SHA384
-
-#undef  HAVE_CHACHA
-#define HAVE_CHACHA
-
-#undef  HAVE_POLY1305
-#define HAVE_POLY1305
-
-#undef  HAVE_TLS_EXTENSIONS
-#define HAVE_TLS_EXTENSIONS
-
-#undef  HAVE_SNI
-#define HAVE_SNI
+#undef  DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL
 
 #undef  HAVE_THREAD_LS
 #define HAVE_THREAD_LS
@@ -164,30 +164,15 @@ extern "C" {
 #undef  HAVE_SUPPORTED_CURVES
 #define HAVE_SUPPORTED_CURVES
 
-#undef  WOLFSSL_TLS13
-#define WOLFSSL_TLS13
-
-#undef  HAVE_TLS_EXTENSIONS
-#define HAVE_TLS_EXTENSIONS
-
-#undef  HAVE_SUPPORTED_CURVES
-#define HAVE_SUPPORTED_CURVES
-
 #undef  HAVE_EXTENDED_MASTER
 #define HAVE_EXTENDED_MASTER
 
-#undef  NO_PSK
-#define NO_PSK
-
 #undef  HAVE_ENCRYPT_THEN_MAC
 #define HAVE_ENCRYPT_THEN_MAC
 
 #undef  NO_MD4
 #define NO_MD4
 
-#undef  NO_PWDBASED
-#define NO_PWDBASED
-
 #undef  USE_FAST_MATH
 #define USE_FAST_MATH
 

3rdparty/wolfssl/wolfssl/options.h

@@ -15,17 +15,29 @@
 extern "C" {
 #endif
 
+#undef  WOLFSSL_STATIC_DH
+#define WOLFSSL_STATIC_DH
+
 #undef  WOLFSSL_STATIC_RSA
 #define WOLFSSL_STATIC_RSA
 
 #undef  WOLFSSL_STATIC_PSK
 #define WOLFSSL_STATIC_PSK
 
-#undef  WOLFSSL_STATIC_DH
-#define WOLFSSL_STATIC_DH
+#undef  HAVE_ED25519
+#define HAVE_ED25519
+
+#undef  HAVE_CURVE25519
+#define HAVE_CURVE25519
+
+#undef  HAVE_ED448
+#define HAVE_ED448
+
+#undef  HAVE_CURVE448
+#define HAVE_CURVE448
 
-#undef  WOLFSSL_OPENSSLEXTRA
-#define WOLFSSL_OPENSSLEXTRA
+#undef  OPENSSL_EXTRA
+#define OPENSSL_EXTRA
 
 #undef  HAVE_SUPPORTED_CURVES
 #define HAVE_SUPPORTED_CURVES
@@ -45,20 +57,8 @@ extern "C" {
 #undef  HAVE_AESGCM_DECRYPT
 #define HAVE_AESGCM_DECRYPT
 
-#undef  WOLFSSL_SHA384
-#define WOLFSSL_SHA384
-
-#undef  HAVE_CHACHA
-#define HAVE_CHACHA
-
-#undef  HAVE_POLY1305
-#define HAVE_POLY1305
-
-#undef  HAVE_TLS_EXTENSIONS
-#define HAVE_TLS_EXTENSIONS
-
-#undef  HAVE_SNI
-#define HAVE_SNI
+#undef  DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL
 
 #undef  HAVE_THREAD_LS
 #define HAVE_THREAD_LS
@@ -161,30 +161,15 @@ extern "C" {
 #undef  HAVE_SUPPORTED_CURVES
 #define HAVE_SUPPORTED_CURVES
 
-#undef  WOLFSSL_TLS13
-#define WOLFSSL_TLS13
-
-#undef  HAVE_TLS_EXTENSIONS
-#define HAVE_TLS_EXTENSIONS
-
-#undef  HAVE_SUPPORTED_CURVES
-#define HAVE_SUPPORTED_CURVES
-
 #undef  HAVE_EXTENDED_MASTER
 #define HAVE_EXTENDED_MASTER
 
-#undef  NO_PSK
-#define NO_PSK
-
 #undef  HAVE_ENCRYPT_THEN_MAC
 #define HAVE_ENCRYPT_THEN_MAC
 
 #undef  NO_MD4
 #define NO_MD4
 
-#undef  NO_PWDBASED
-#define NO_PWDBASED
-
 #undef  USE_FAST_MATH
 #define USE_FAST_MATH
 

CMakeLists.txt

@@ -2,7 +2,7 @@ project(cellframe-sdk C)
 cmake_minimum_required(VERSION 3.0)
 
 set(CMAKE_C_STANDARD 11)
-set(CELLFRAME_SDK_NATIVE_VERSION "2.9-4")
+set(CELLFRAME_SDK_NATIVE_VERSION "2.9-5")
 add_definitions ("-DCELLFRAME_SDK_VERSION=\"${CELLFRAME_SDK_NATIVE_VERSION}\"")
 set(DAPSDK_MODULES "")
 message("Cellframe modules: ${CELLFRAME_MODULES}")

dap-sdk/net/client/dap_client_http.c

@@ -86,6 +86,7 @@ typedef struct dap_http_client_internal {
 #define PVT(a) (a ? (dap_client_http_pvt_t *) (a)->_inheritor : NULL)
 
 static void s_http_connected(dap_events_socket_t * a_esocket); // Connected callback
+static void s_http_ssl_connected(dap_events_socket_t * a_esocket); // connected SSL callback
 static void s_client_http_delete(dap_client_http_pvt_t * a_http_pvt);
 static void s_http_read(dap_events_socket_t * a_es, void * arg);
 static void s_http_error(dap_events_socket_t * a_es, int a_arg);
@@ -114,7 +115,7 @@ int dap_client_http_init()
     s_client_timeout_read_after_connect_ms = (time_t) dap_config_get_item_uint32_default(g_config,"dap_client","timeout_read_after_connect",5);
 #ifndef DAP_NET_CLIENT_NO_SSL
     wolfSSL_Init();
-    wolfSSL_Debugging_ON();
+    wolfSSL_Debugging_ON ();
     if ((s_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
         return -1;
     const char *l_ssl_cert_path = dap_config_get_item_str(g_config, "dap_client", "ssl_cert_path");
@@ -123,22 +124,21 @@ int dap_client_http_init()
         return -2;
     } else
         wolfSSL_CTX_set_verify(s_ctx, WOLFSSL_VERIFY_NONE, 0);
-    if (wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_SECP160R1) != SSL_SUCCESS) {
+    if (wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_SECP256R1) != SSL_SUCCESS) {
         log_it(L_ERROR, "WolfSSL UseSupportedCurve() handle error");
     }
-    wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_SECP160R1);
-    wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_SECP160R2);
-    wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_SECP192K1);
-    wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_SECP192R1);
-    wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_SECP224K1);
-    wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_SECP224R1);
-    wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_SECP256K1);
     wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_SECP256R1);
     wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_SECP384R1);
     wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_SECP521R1);
-    wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_BRAINPOOLP256R1);
-    wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_BRAINPOOLP384R1);
-    wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_BRAINPOOLP512R1);
+    wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_X25519);
+    wolfSSL_CTX_UseSupportedCurve(s_ctx, WOLFSSL_ECC_X448);
+
+    if (s_debug_more) {
+        const int l_ciphers_len = 2048;
+        char l_buf[l_ciphers_len];
+        wolfSSL_get_ciphers(l_buf, l_ciphers_len);
+        log_it(L_DEBUG, "WolfSSL cipher list is :\n%s", l_buf);
+    }
 #endif
     return 0;
 }
@@ -604,25 +604,24 @@ void* dap_client_http_request_custom(dap_worker_t * a_worker, const char *a_upli
     l_ev_socket->remote_addr.sin_family = AF_INET;
     l_ev_socket->remote_addr.sin_port = htons(a_uplink_port);
     l_ev_socket->flags |= DAP_SOCK_CONNECTING;
-    l_ev_socket->type = a_over_ssl ? DESCRIPTOR_TYPE_SOCKET_CLIENT_SSL : DESCRIPTOR_TYPE_SOCKET_CLIENT;
+    l_ev_socket->type = DESCRIPTOR_TYPE_SOCKET_CLIENT;
     l_ev_socket->flags |= DAP_SOCK_READY_TO_WRITE;
-
+    if (a_over_ssl) {
+#ifndef DAP_NET_CLIENT_NO_SSL
+        l_ev_socket->callbacks.connected_callback = s_http_ssl_connected;
+#else
+        log_it(L_ERROR,"We have no SSL implementation but trying to create SSL connection!");
+#endif
+    }
     int l_err = connect(l_socket, (struct sockaddr *) &l_ev_socket->remote_addr, sizeof(struct sockaddr_in));
     if (l_err == 0){
         log_it(L_DEBUG, "Connected momentaly with %s:%u!", a_uplink_addr, a_uplink_port);
         l_http_pvt->worker = a_worker?a_worker: dap_events_worker_get_auto();
         if (a_over_ssl) {
 #ifndef DAP_NET_CLIENT_NO_SSL
-            WOLFSSL *l_ssl = wolfSSL_new(s_ctx);
-            if (!l_ssl)
-                log_it(L_ERROR, "wolfSSL_new error");
-            wolfSSL_set_fd(l_ssl, l_socket);
-            l_ev_socket->_pvt = (void *)l_ssl;
-#else
-            log_it(L_ERROR,"We have no SSL implementation but trying to create SSL connection!");
+            s_http_ssl_connected(l_ev_socket);
 #endif
         }
-        dap_worker_add_events_socket(l_ev_socket,l_http_pvt->worker);
         return l_http_pvt;
     }
 #ifdef DAP_OS_WINDOWS
@@ -674,6 +673,31 @@ void* dap_client_http_request_custom(dap_worker_t * a_worker, const char *a_upli
 #endif
 }
 
+#ifndef DAP_NET_CLIENT_NO_SSL
+static void s_http_ssl_connected(dap_events_socket_t * a_esocket)
+{
+    assert(a_esocket);
+    dap_client_http_pvt_t * l_http_pvt = PVT(a_esocket);
+    assert(l_http_pvt);
+    dap_worker_t *l_worker = l_http_pvt->worker;
+    assert(l_worker);
+
+    WOLFSSL *l_ssl = wolfSSL_new(s_ctx);
+    if (!l_ssl)
+        log_it(L_ERROR, "wolfSSL_new error");
+    wolfSSL_set_fd(l_ssl, a_esocket->socket);
+    a_esocket->_pvt = (void *)l_ssl;
+    a_esocket->type = DESCRIPTOR_TYPE_SOCKET_CLIENT_SSL;
+    a_esocket->flags |= DAP_SOCK_CONNECTING;
+    a_esocket->flags |= DAP_SOCK_READY_TO_WRITE;
+    a_esocket->callbacks.connected_callback = s_http_connected;
+    dap_events_socket_handler_t * l_ev_socket_handler = DAP_NEW_Z(dap_events_socket_handler_t);
+    l_ev_socket_handler->esocket = a_esocket;
+    l_ev_socket_handler->uuid = a_esocket->uuid;
+    dap_timerfd_start_on_worker(l_http_pvt->worker, s_client_timeout_ms, s_timer_timeout_check, l_ev_socket_handler);
+}
+#endif
+
 /**
  * @brief s_http_connected
  * @param a_esocket
@@ -686,15 +710,6 @@ static void s_http_connected(dap_events_socket_t * a_esocket)
     dap_worker_t *l_worker = l_http_pvt->worker;
     assert(l_worker);
 
-    if (l_http_pvt->is_over_ssl) {
-#ifndef DAP_NET_CLIENT_NO_SSL
-        WOLFSSL *l_ssl = wolfSSL_new(s_ctx);
-        if (!l_ssl)
-            log_it(L_ERROR, "wolfSSL_new error");
-        wolfSSL_set_fd(l_ssl, a_esocket->socket);
-        a_esocket->_pvt = (void *)l_ssl;
-#endif
-    }
     log_it(L_INFO, "Remote address connected (%s:%u) with sock_id %d", l_http_pvt->uplink_addr, l_http_pvt->uplink_port, a_esocket->socket);
     // add to dap_worker
     //dap_client_pvt_t * l_client_pvt = (dap_client_pvt_t*) a_obj;

dap-sdk/net/core/dap_worker.c

@@ -566,29 +566,52 @@ void *dap_worker_thread(void *arg)
             }
 
             // If its outgoing connection
-            if ( l_flag_write &&  !l_cur->server &&  (l_cur->flags & DAP_SOCK_CONNECTING) &&
-               ( l_cur->type == DESCRIPTOR_TYPE_SOCKET_CLIENT || l_cur->type == DESCRIPTOR_TYPE_SOCKET_UDP ||
-                 l_cur->type == DESCRIPTOR_TYPE_SOCKET_CLIENT_SSL)){
+            if ((l_flag_write && !l_cur->server && l_cur->flags & DAP_SOCK_CONNECTING && l_cur->type == DESCRIPTOR_TYPE_SOCKET_CLIENT) ||
+                  (l_cur->type == DESCRIPTOR_TYPE_SOCKET_CLIENT_SSL && l_cur->flags & DAP_SOCK_CONNECTING)) {
                 int l_error = 0;
                 socklen_t l_error_len = sizeof(l_error);
                 char l_error_buf[128];
                 l_error_buf[0]='\0';
-                getsockopt(l_cur->socket, SOL_SOCKET, SO_ERROR, (void *)&l_error, &l_error_len);
-                if(l_error == EINPROGRESS) {
-                    log_it(L_DEBUG, "Connecting with %s in progress...", l_cur->remote_addr_str ? l_cur->remote_addr_str: "(NULL)");
-                }else if (l_error){
-                    strerror_r(l_error, l_error_buf, sizeof (l_error_buf));
-                    log_it(L_ERROR,"Connecting error with %s: \"%s\" (code %d)", l_cur->remote_addr_str ? l_cur->remote_addr_str: "(NULL)",
-                           l_error_buf, l_error);
-                    if ( l_cur->callbacks.error_callback )
-                        l_cur->callbacks.error_callback(l_cur, l_error);
-                }else{
-                    if(s_debug_reactor)
-                        log_it(L_NOTICE, "Connected with %s",l_cur->remote_addr_str ? l_cur->remote_addr_str: "(NULL)");
-                    l_cur->flags ^= DAP_SOCK_CONNECTING;
-                    if (l_cur->callbacks.connected_callback)
-                        l_cur->callbacks.connected_callback(l_cur);
-                    dap_events_socket_worker_poll_update_unsafe(l_cur);
+                if (l_cur->type == DESCRIPTOR_TYPE_SOCKET_CLIENT_SSL) {
+#ifndef DAP_NET_CLIENT_NO_SSL
+                    WOLFSSL *l_ssl = SSL(l_cur);
+                    int l_res = wolfSSL_negotiate(l_ssl);
+                    if (l_res != WOLFSSL_SUCCESS) {
+                        char l_err_str[80];
+                        int l_err = wolfSSL_get_error(l_ssl, l_res);
+                        if (l_err != WOLFSSL_ERROR_WANT_READ && l_err != WOLFSSL_ERROR_WANT_WRITE) {
+                            wolfSSL_ERR_error_string(l_err, l_err_str);
+                            log_it(L_ERROR, "SSL handshake error \"%s\" with code %d", l_err_str, l_err);
+                            if ( l_cur->callbacks.error_callback )
+                                l_cur->callbacks.error_callback(l_cur, l_error);
+                        }
+                    } else {
+                        if(s_debug_reactor)
+                            log_it(L_NOTICE, "SSL handshake done with %s", l_cur->remote_addr_str ? l_cur->remote_addr_str: "(NULL)");
+                        l_cur->flags ^= DAP_SOCK_CONNECTING;
+                        if (l_cur->callbacks.connected_callback)
+                            l_cur->callbacks.connected_callback(l_cur);
+                        dap_events_socket_worker_poll_update_unsafe(l_cur);
+                    }
+#endif
+                } else {
+                    getsockopt(l_cur->socket, SOL_SOCKET, SO_ERROR, (void *)&l_error, &l_error_len);
+                    if(l_error == EINPROGRESS) {
+                        log_it(L_DEBUG, "Connecting with %s in progress...", l_cur->remote_addr_str ? l_cur->remote_addr_str: "(NULL)");
+                    }else if (l_error){
+                        strerror_r(l_error, l_error_buf, sizeof (l_error_buf));
+                        log_it(L_ERROR,"Connecting error with %s: \"%s\" (code %d)", l_cur->remote_addr_str ? l_cur->remote_addr_str: "(NULL)",
+                               l_error_buf, l_error);
+                        if ( l_cur->callbacks.error_callback )
+                            l_cur->callbacks.error_callback(l_cur, l_error);
+                    }else{
+                        if(s_debug_reactor)
+                            log_it(L_NOTICE, "Connected with %s",l_cur->remote_addr_str ? l_cur->remote_addr_str: "(NULL)");
+                        l_cur->flags ^= DAP_SOCK_CONNECTING;
+                        if (l_cur->callbacks.connected_callback)
+                            l_cur->callbacks.connected_callback(l_cur);
+                        dap_events_socket_worker_poll_update_unsafe(l_cur);
+                    }
                 }
             }
 

modules/CMakeLists.txt

@@ -12,6 +12,11 @@ if (CELLFRAME_MODULES MATCHES "chains")
     add_subdirectory(global-db)
 endif()
 
+# Distributed Hash Tables (DHT)
+if (CELLFRAME_MODULES MATCHES "dht")
+    add_subdirectory(dht)
+endif()
+
 # Network
 if (CELLFRAME_MODULES MATCHES "network")
     add_subdirectory(mempool)

modules/channel/chain/dap_stream_ch_chain.c

@@ -1282,9 +1282,13 @@ void s_stream_ch_packet_out(dap_stream_ch_t* a_ch, void* a_arg)
 {
     UNUSED(a_arg);
 
+    if (a_ch->stream->esocket->buf_out_size >= a_ch->stream->esocket->buf_out_size_max / 2)
+        return;
     dap_stream_ch_chain_t *l_ch_chain = DAP_STREAM_CH_CHAIN(a_ch);
 
     switch (l_ch_chain->state) {
+
+        // Update list of global DB records to remote
         case CHAIN_STATE_UPDATE_GLOBAL_DB: {
             if (l_ch_chain->stats_request_gdb_processed == l_ch_chain->local_gdbs_count) {
                 dap_stream_ch_chain_sync_request_t l_sync_gdb = {};

modules/dht/CMakeLists.txt

+cmake_minimum_required(VERSION 3.1)
+project (dap_chain_dht C)
+  
+set(DAP_CHAIN_DHT_SRC
+            dap_chain_dht.c
+    )
+set(DAP_CHAIN_DHT_HDR
+        include/dap_chain_dht.h
+    )
+set(DAP_CHAIN_GLOBAL_DB_LIBS dap_core dap_crypto dap_chain)
+
+add_library(${PROJECT_NAME} STATIC ${DAP_CHAIN_DHT_SRC} ${DAP_CHAIN_DHT_HDR})
+
+target_link_libraries(${PROJECT_NAME}  ${DAP_CHAIN_DHT_LIBS})
+
+target_include_directories(dap_chain_dht INTERFACE .)
+target_include_directories(${PROJECT_NAME} PUBLIC include)
+

modules/net/dap_chain_net.c

@@ -2166,10 +2166,8 @@ dap_chain_net_t * dap_chain_net_by_id( dap_chain_net_id_t a_id)
  */
 uint16_t dap_chain_net_acl_idx_by_id(dap_chain_net_id_t a_id)
 {
-    dap_chain_net_item_t * l_net_item = NULL;
-    HASH_FIND(hh,s_net_items_ids,&a_id,sizeof (a_id), l_net_item );
-    return l_net_item ? PVT(l_net_item->chain_net)->acl_idx : (uint16_t)-1;
-
+    dap_chain_net_t *l_net = dap_chain_net_by_id(a_id);
+    return l_net ? PVT(l_net)->acl_idx : (uint16_t)-1;
 }
 
 
@@ -2289,6 +2287,8 @@ dap_chain_node_addr_t * dap_chain_net_get_cur_addr( dap_chain_net_t * l_net)
 
 uint64_t dap_chain_net_get_cur_addr_int(dap_chain_net_t * l_net)
 {
+    if (!l_net)
+        return 0;
     return dap_chain_net_get_cur_addr(l_net) ? dap_chain_net_get_cur_addr(l_net)->uint64 :
                                                dap_db_get_cur_node_addr(l_net->pub.name);
 }

modules/net/dap_chain_node_client.c

@@ -85,6 +85,7 @@ static void s_ch_chain_callback_notify_packet_out(dap_stream_ch_chain_t*, uint8_
 static void s_ch_chain_callback_notify_packet_in(dap_stream_ch_chain_t* a_ch_chain, uint8_t a_pkt_type,
         dap_stream_ch_chain_pkt_t *a_pkt, size_t a_pkt_data_size,
         void * a_arg);
+static bool dap_chain_node_client_connect_internal(dap_chain_node_client_t *a_node_client, const char *a_active_channels);
 
 bool s_stream_ch_chain_debug_more = false;
 uint32_t s_timer_update_states=60;
@@ -146,6 +147,8 @@ static void s_stage_status_error_callback(dap_client_t *a_client, void *a_arg)
         SetEvent( l_node_client->wait_cond );
 #endif
         pthread_mutex_unlock(&l_node_client->wait_mutex);
+        dap_timerfd_start_on_worker(dap_events_worker_get_auto(),s_timer_update_states*1000,s_timer_update_states_callback, l_node_client);
+        return;
     }
 
     if(l_node_client && l_node_client->keep_connection &&
@@ -182,61 +185,53 @@ static void s_stage_status_error_callback(dap_client_t *a_client, void *a_arg)
  */
 static bool s_timer_update_states_callback(void * a_arg )
 {
-    dap_events_socket_handler_t * l_es_handler = (dap_events_socket_handler_t *) a_arg;
+    dap_chain_node_client_t *l_me = (dap_chain_node_client_t *) a_arg;
     dap_worker_t * l_worker = dap_events_get_current_worker(dap_events_get_default());
     assert(l_worker);
-    assert(l_es_handler);
-    dap_events_socket_t * l_es = l_es_handler->esocket;
-    uint128_t l_es_uuid = l_es_handler->uuid;
+    assert(l_me);
+    dap_events_socket_t * l_es = l_me->own_esh->esocket;
+    uint128_t l_es_uuid = l_me->own_esh->uuid;
     // check if esocket still in worker
     if(dap_events_socket_check_unsafe(l_worker,l_es)){
-
         // Check if its exactly ours!
         if (dap_uint128_check_equal(l_es->uuid,l_es_uuid)){
             dap_client_t * l_client = dap_client_from_esocket(l_es);
-            if(! l_client ){
-                DAP_DELETE(l_es_handler);
-                return false;
-            }
-            dap_chain_node_client_t * l_node_client = (dap_chain_node_client_t*) l_client->_inheritor;
-            if(! l_node_client){ // No active node client
-                DAP_DELETE(l_es_handler);
-                return false;
-            }
-            if(! l_node_client->ch_chain){ // No active ch channel
-                DAP_DELETE(l_es_handler);
-                return false;
-            }
-            dap_stream_ch_chain_t * l_ch_chain = (dap_stream_ch_chain_t*) l_node_client->ch_chain->internal;
-            assert(l_ch_chain);
-            dap_chain_net_t * l_net = l_node_client->net;
-            assert(l_net);
-
-            // If we do nothing - init sync process
-            if (l_ch_chain->state == CHAIN_STATE_IDLE ||l_ch_chain->state == CHAIN_STATE_SYNC_ALL ){
-                dap_stream_ch_chain_sync_request_t l_sync_gdb = {};
-                l_sync_gdb.id_start = (uint64_t) dap_db_get_last_id_remote(l_node_client->remote_node_addr.uint64);
-                l_sync_gdb.node_addr.uint64 = dap_chain_net_get_cur_addr_int(l_net);
-                log_it(L_DEBUG, "Prepared request to gdb sync from %llu to %llu", l_sync_gdb.id_start,
-                       l_sync_gdb.id_end?l_sync_gdb.id_end:-1 );
-                // find dap_chain_id_t
-                dap_chain_t *l_chain = l_net->pub.chains;
-                dap_chain_id_t l_chain_id = l_chain ? l_chain->id : (dap_chain_id_t ) {0};
-                dap_stream_ch_chain_pkt_write_unsafe( l_node_client->ch_chain ,
-                                                  DAP_STREAM_CH_CHAIN_PKT_TYPE_UPDATE_GLOBAL_DB_REQ, l_net->pub.id.uint64,
-                                                                l_chain_id.uint64, l_net->pub.cell_id.uint64,
-                                                      &l_sync_gdb, sizeof(l_sync_gdb));
-
+            if (l_client ) {
+                dap_chain_node_client_t * l_node_client = (dap_chain_node_client_t*) l_client->_inheritor;
+                if (l_node_client && l_node_client->ch_chain) {
+                    dap_stream_ch_chain_t * l_ch_chain = (dap_stream_ch_chain_t*) l_node_client->ch_chain->internal;
+                    assert(l_ch_chain);
+                    dap_chain_net_t * l_net = l_node_client->net;
+                    assert(l_net);
+
+                    // If we do nothing - init sync process
+                    if (l_ch_chain->state == CHAIN_STATE_IDLE ||l_ch_chain->state == CHAIN_STATE_SYNC_ALL ){
+                        dap_stream_ch_chain_sync_request_t l_sync_gdb = {};
+                        l_sync_gdb.id_start = (uint64_t) dap_db_get_last_id_remote(l_node_client->remote_node_addr.uint64);
+                        l_sync_gdb.node_addr.uint64 = dap_chain_net_get_cur_addr_int(l_net);
+                        log_it(L_DEBUG, "Prepared request to gdb sync from %llu to %llu", l_sync_gdb.id_start,
+                               l_sync_gdb.id_end?l_sync_gdb.id_end:-1 );
+                        // find dap_chain_id_t
+                        dap_chain_t *l_chain = l_net->pub.chains;
+                        dap_chain_id_t l_chain_id = l_chain ? l_chain->id : (dap_chain_id_t ) {0};
+                        dap_stream_ch_chain_pkt_write_unsafe( l_node_client->ch_chain ,
+                                                          DAP_STREAM_CH_CHAIN_PKT_TYPE_UPDATE_GLOBAL_DB_REQ, l_net->pub.id.uint64,
+                                                                        l_chain_id.uint64, l_net->pub.cell_id.uint64,
+                                                              &l_sync_gdb, sizeof(l_sync_gdb));
+                    }
+                    return true;
+                }
             }
-            return true;
-        }else{
-            DAP_DELETE(l_es_handler);
-            return false;
         }
-    }else{
-        DAP_DELETE(l_es_handler);
-        return false;
     }
+    // if we not returned yet
+    l_me->state = NODE_CLIENT_STATE_DISCONNECTED;
+    if (l_me->keep_connection) {
+        log_it(L_INFO, "Reconnecting node client with peer "NODE_ADDR_FP_STR, NODE_ADDR_FP_ARGS_S(l_me->remote_node_addr));
+        dap_chain_node_client_connect_internal(l_me, "CN"); // isn't always CN here?
+    }
+    DAP_DELETE(l_me->own_esh);
+    return false;
 }
 
 /**
@@ -273,7 +268,8 @@ static void s_stage_connected_callback(dap_client_t *a_client, void *a_arg)
             dap_events_socket_handler_t * l_es_handler = DAP_NEW_Z(dap_events_socket_handler_t);
             l_es_handler->esocket = l_stream->esocket;
             l_es_handler->uuid = l_stream->esocket->uuid;
-            dap_timerfd_start_on_worker(l_stream->esocket->worker,s_timer_update_states*1000,s_timer_update_states_callback, l_es_handler);
+            l_node_client->own_esh = l_es_handler;
+            dap_timerfd_start_on_worker(l_stream->esocket->worker,s_timer_update_states*1000,s_timer_update_states_callback, l_node_client);
         }
 #ifndef _WIN32
         pthread_cond_broadcast(&l_node_client->wait_cond);
@@ -606,41 +602,49 @@ dap_chain_node_client_t* dap_chain_node_client_create_n_connect(dap_chain_net_t
 
     pthread_mutex_init(&l_node_client->wait_mutex, NULL);
     l_node_client->events = NULL; //dap_events_new();
-    l_node_client->client = dap_client_new(l_node_client->events, s_stage_status_callback,
-            s_stage_status_error_callback);
-    dap_client_set_is_always_reconnect(l_node_client->client, true);
-    l_node_client->client->_inheritor = l_node_client;
     l_node_client->remote_node_addr.uint64 = a_node_info->hdr.address.uint64;
-    dap_client_set_active_channels_unsafe(l_node_client->client, a_active_channels);
+    if (dap_chain_node_client_connect_internal(l_node_client, a_active_channels))
+        return l_node_client;
+    return NULL;
+}
 
-    //dap_client_set_auth_cert(l_node_client->client, dap_cert_find_by_name("auth")); // TODO provide the certificate choice
+// Create new dap_client, setup it, and send it in adventure trip
+static bool dap_chain_node_client_connect_internal(dap_chain_node_client_t *a_node_client, const char *a_active_channels)
+{
+    a_node_client->client = dap_client_new(a_node_client->events, s_stage_status_callback,
+            s_stage_status_error_callback);
+    dap_client_set_is_always_reconnect(a_node_client->client, true);
+    a_node_client->client->_inheritor = a_node_client;
+    dap_client_set_active_channels_unsafe(a_node_client->client, a_active_channels);
+
+    //dap_client_set_auth_cert(a_node_client->client, dap_cert_find_by_name("auth")); // TODO provide the certificate choice
 
     int hostlen = 128;
     char host[hostlen];
-    if(a_node_info->hdr.ext_addr_v4.s_addr){
-        struct sockaddr_in sa4 = { .sin_family = AF_INET, .sin_addr = a_node_info->hdr.ext_addr_v4 };
+    if(a_node_client->info->hdr.ext_addr_v4.s_addr){
+        struct sockaddr_in sa4 = { .sin_family = AF_INET, .sin_addr = a_node_client->info->hdr.ext_addr_v4 };
         inet_ntop(AF_INET, &(((struct sockaddr_in *) &sa4)->sin_addr), host, hostlen);
         log_it(L_INFO, "Connecting to %s address",host);
     } else {
-        struct sockaddr_in6 sa6 = { .sin6_family = AF_INET6, .sin6_addr = a_node_info->hdr.ext_addr_v6 };
+        struct sockaddr_in6 sa6 = { .sin6_family = AF_INET6, .sin6_addr = a_node_client->info->hdr.ext_addr_v6 };
         inet_ntop(AF_INET6, &(((struct sockaddr_in6 *) &sa6)->sin6_addr), host, hostlen);
         log_it(L_INFO, "Connecting to %s address",host);
     }
     // address not defined
     if(!strcmp(host, "::")) {
-        dap_chain_node_client_close(l_node_client);
-        return NULL;
+        dap_chain_node_client_close(a_node_client);
+        return false;
     }
-    dap_client_set_uplink_unsafe(l_node_client->client, strdup(host), a_node_info->hdr.ext_port);
+    dap_client_set_uplink_unsafe(a_node_client->client, strdup(host), a_node_client->info->hdr.ext_port);
 //    dap_client_stage_t a_stage_target = STAGE_ENC_INIT;
 //    dap_client_stage_t l_stage_target = STAGE_STREAM_STREAMING;
 
-    l_node_client->state = NODE_CLIENT_STATE_CONNECTING ;
+    a_node_client->state = NODE_CLIENT_STATE_CONNECTING ;
     // ref pvt client
-    //dap_client_pvt_ref(DAP_CLIENT_PVT(l_node_client->client));
+    //dap_client_pvt_ref(DAP_CLIENT_PVT(a_node_client->client));
     // Handshake & connect
-    dap_client_go_stage(l_node_client->client, STAGE_STREAM_STREAMING, s_stage_connected_callback);
-    return l_node_client;
+    dap_client_go_stage(a_node_client->client, STAGE_STREAM_STREAMING, s_stage_connected_callback);
+    return true;
 }
 
 /**

modules/net/include/dap_chain_node_client.h

@@ -94,6 +94,7 @@ typedef struct dap_chain_node_client {
 
     // Timer
     dap_events_socket_t * timer_update_states;
+    dap_events_socket_handler_t *own_esh;
 
 
     #ifndef _WIN32