ffi-tox 0.1.1 → 0.1.3

data/ProjectTox-Core/toxcore/list.h

@@ -0,0 +1,85 @@
+/* list.h
+ *
+ * Simple struct with functions to create a list which associates ids with data
+ * -Allows for finding ids associated with data such as IPs or public keys in a short time
+ * -Should only be used if there are relatively few add/remove calls to the list
+ *
+ *  Copyright (C) 2014 Tox project All Rights Reserved.
+ *
+ *  This file is part of Tox.
+ *
+ *  Tox is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Tox is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with Tox.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef LIST_H
+#define LIST_H
+
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+
+typedef struct {
+    uint32_t n; //number of elements
+    uint32_t capacity; //number of elements memory is allocated for
+    uint32_t element_size; //size of the elements
+    void *data; //array of elements
+    int *ids; //array of element ids
+} BS_LIST;
+
+/* Initialize a list, element_size is the size of the elements in the list and
+ * initial_capacity is the number of elements the memory will be initially allocated for
+ *
+ * return value:
+ *  1 : success
+ *  0 : failure
+ */
+int bs_list_init(BS_LIST *list, uint32_t element_size, uint32_t initial_capacity);
+
+/* Free a list initiated with list_init */
+void bs_list_free(BS_LIST *list);
+
+/* Retrieve the id of an element in the list
+ *
+ * return value:
+ *  >= 0 : id associated with data
+ *  -1   : failure
+ */
+int bs_list_find(const BS_LIST *list, const void *data);
+
+/* Add an element with associated id to the list
+ *
+ * return value:
+ *  1 : success
+ *  0 : failure (data already in list)
+ */
+int bs_list_add(BS_LIST *list, const void *data, int id);
+
+/* Remove element from the list
+ *
+ * return value:
+ *  1 : success
+ *  0 : failure (element not found or id does not match)
+ */
+int bs_list_remove(BS_LIST *list, const void *data, int id);
+
+/* Removes the memory overhead
+ *
+ * return value:
+ *  1 : success
+ *  0 : failure
+ */
+int bs_list_trim(BS_LIST *list);
+
+#endif

data/ProjectTox-Core/toxcore/logger.c

@@ -0,0 +1,153 @@
+/*  logger.c
+ *
+ *  Wrapping logger functions in nice macros
+ *
+ *  Copyright (C) 2013 Tox project All Rights Reserved.
+ *
+ *  This file is part of Tox.
+ *
+ *  Tox is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Tox is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with Tox.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#include "logger.h"
+
+#ifdef LOGGING
+
+#include "network.h" /* for time */
+
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <inttypes.h>
+#include <time.h>
+
+#if defined(_WIN32) || defined(__WIN32__) || defined (WIN32)
+#define strerror_r(errno,buf,len) strerror_s(buf,len,errno)
+#endif
+
+static struct logger_config {
+    FILE *log_file;
+    LoggerLevel level;
+    uint64_t start_time; /* Time when lib loaded */
+}
+logger = {
+    NULL,
+    DEBUG,
+    0
+};
+
+void __attribute__((destructor)) terminate_logger()
+{
+    if ( !logger.log_file ) return;
+
+    time_t tim = time(NULL);
+
+    logger_write(ERROR, "\n============== Closing logger [%u] ==============\n"
+                 "Time: %s", logger_get_pid(), asctime(localtime(&tim)));
+
+    fclose(logger.log_file);
+}
+
+unsigned logger_get_pid()
+{
+    return
+#if defined(_WIN32) || defined(__WIN32__) || defined (WIN32)
+        GetCurrentProcessId();
+#else
+        getpid();
+#endif
+}
+
+const char *logger_stringify_level(LoggerLevel level)
+{
+    static const char *strings [] = {
+        "INFO",
+        "DEBUG",
+        "WARNING",
+        "ERROR"
+    };
+
+    return strings[level];
+}
+
+
+int logger_init(const char *file_name, LoggerLevel level)
+{
+    char *final_l = calloc(sizeof(char), strlen(file_name) + 32);
+    sprintf(final_l, "%s"/*.%u"*/, file_name/*, logger_get_pid()*/);
+
+    if ( logger.log_file ) {
+        fprintf(stderr, "Error opening logger name: %s with level %d: file already opened!\n", final_l, level);
+        free (final_l);
+        return -1;
+    }
+
+    logger.log_file = fopen(final_l, "ab");
+
+    if ( logger.log_file == NULL ) {
+        fprintf(stderr, "Error opening logger file: %s; info: %s\n", final_l, strerror(errno));
+
+        free (final_l);
+        return -1;
+    }
+
+
+    logger.level = level;
+    logger.start_time = current_time_monotonic();
+
+
+    time_t tim = time(NULL);
+    logger_write(ERROR, "\n============== Starting logger [%u] ==============\n"
+                 "Time: %s", logger_get_pid(), asctime(localtime(&tim)));
+
+
+
+    free (final_l);
+    return 0;
+}
+
+
+void logger_write (LoggerLevel level, const char *format, ...)
+{
+    if (logger.log_file == NULL) {
+        /*fprintf(stderr, "Logger file is NULL!\n");*/
+        return;
+    }
+
+    if (logger.level > level) return; /* Don't print some levels xuh */
+
+    va_list _arg;
+    va_start (_arg, format);
+    vfprintf (logger.log_file, format, _arg);
+    va_end (_arg);
+
+    fflush(logger.log_file);
+}
+
+char *logger_timestr(char *dest, size_t max_size)
+{
+    uint64_t diff = (current_time_monotonic() - logger.start_time); /* ms */
+    snprintf(dest, max_size, "%"PRIu64"", diff);
+
+    return dest;
+}
+
+
+#endif /* LOGGING */

data/ProjectTox-Core/toxcore/logger.h

@@ -0,0 +1,84 @@
+/*  logger.h
+ *
+ *  Wrapping logger functions in nice macros
+ *
+ *  Copyright (C) 2013 Tox project All Rights Reserved.
+ *
+ *  This file is part of Tox.
+ *
+ *  Tox is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Tox is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with Tox.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#ifndef __TOXLOGGER
+#define __TOXLOGGER
+
+#include <string.h>
+
+#ifdef LOGGING
+
+typedef enum _LoggerLevel {
+    INFO,
+    DEBUG,
+    WARNING,
+    ERROR
+} LoggerLevel;
+
+/*
+ * Set 'level' as the lowest printable level
+ */
+int logger_init(const char *file_name, LoggerLevel level);
+const char *logger_stringify_level(LoggerLevel level);
+unsigned logger_get_pid();
+void logger_write (LoggerLevel level, const char *format, ...);
+char *logger_timestr (char *dest, size_t max_size);
+
+#if defined(_WIN32) || defined(__WIN32__) || defined (WIN32)
+#define _SFILE (strrchr(__FILE__, '\\') ? strrchr(__FILE__, '\\') + 1 : __FILE__)
+#else
+#define _SFILE (strrchr(__FILE__, '/') ? strrchr(__FILE__, '/') + 1 : __FILE__)
+#endif
+
+#define WRITE_FORMAT(__LEVEL__, format) char __time__[20]; char* the_str = calloc(sizeof(char), strlen(format)+ 500); sprintf(the_str, "\n[%u] [%s] [%s] [%s:%d %s()] %s", \
+                             logger_get_pid(), logger_stringify_level(__LEVEL__), logger_timestr(__time__, 20), _SFILE, __LINE__, __func__, format)
+
+/* Use these macros */
+
+#define LOGGER_INIT(name, level) logger_init(name, level);
+#define LOGGER_INFO(format, ...) do { WRITE_FORMAT(INFO, format); logger_write( INFO, the_str, ##__VA_ARGS__ ); free(the_str); } while (0)
+#define LOGGER_DEBUG(format, ...) do { WRITE_FORMAT(DEBUG, format); logger_write( DEBUG, the_str, ##__VA_ARGS__ ); free(the_str); } while (0)
+#define LOGGER_WARNING(format, ...) do { WRITE_FORMAT(WARNING, format); logger_write( WARNING, the_str, ##__VA_ARGS__ ); free(the_str); } while (0)
+#define LOGGER_ERROR(format, ...) do { WRITE_FORMAT(ERROR, format); logger_write( ERROR, the_str, ##__VA_ARGS__ ); free(the_str); } while (0)
+
+/* To do some checks or similar only when logging use this */
+#define LOGGER_SCOPE(__SCOPE_DO__) do { __SCOPE_DO__ } while(0)
+
+#else
+
+
+#define LOGGER_INIT(name, level) do {} while(0)
+#define LOGGER_INFO(format, ...) do {} while(0)
+#define LOGGER_DEBUG(format, ...) do {} while(0)
+#define LOGGER_WARNING(format, ...) do {} while(0)
+#define LOGGER_ERROR(format, ...) do {} while(0)
+
+#define LOGGER_SCOPE(__SCOPE_DO__) do {} while(0)
+
+#endif /* LOGGING */
+
+
+
+
+#endif /* __TOXLOGGER */

data/ProjectTox-Core/toxcore/misc_tools.h

@@ -0,0 +1,70 @@
+/* misc_tools.h
+ *
+ * Miscellaneous functions and data structures for doing random things.
+ *
+ *  Copyright (C) 2013 Tox project All Rights Reserved.
+ *
+ *  This file is part of Tox.
+ *
+ *  Tox is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Tox is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with Tox.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef MISC_TOOLS_H
+#define MISC_TOOLS_H
+
+/****************************Algorithms***************************
+ * Macro/generic definitions for useful algorithms
+ *****************************************************************/
+
+/* Creates a new quick_sort implementation for arrays of the specified type.
+ * For a type T (eg: int, char), creates a function named T_quick_sort.
+ *
+ * Quick Sort: Complexity O(nlogn)
+ * arr   - the array to sort
+ * n     - the sort index (should be called with n = length(arr))
+ * cmpfn - a function that compares two values of type type.
+ *         Must return -1, 0, 1 for a < b, a == b, and a > b respectively.
+ */
+/* Must be called in the header file. */
+#define declare_quick_sort(type) \
+void type##_quick_sort(type *arr, int n, int (*cmpfn)(type, type));
+
+/* Must be called in the C file. */
+#define make_quick_sort(type) \
+void type##_quick_sort(type *arr, int n, int (*cmpfn)(type, type)) \
+{ \
+    if ((n) < 2) \
+        return; \
+    type _p_ = (arr)[(n) / 2]; \
+    type *_l_ = (arr); \
+    type *_r_ = (arr) + n - 1; \
+    while (_l_ <= _r_) { \
+        if (cmpfn(*_l_, _p_) == -1) { \
+            ++_l_; \
+            continue; \
+        } \
+        if (cmpfn(*_r_, _p_) == 1) { \
+            --_r_; \
+            continue; \
+        } \
+        type _t_ = *_l_; \
+        *_l_++ = *_r_; \
+        *_r_-- = _t_; \
+    } \
+    type##_quick_sort((arr), _r_ - (arr) + 1, cmpfn); \
+    type##_quick_sort(_l_, (arr) + n - _l_, cmpfn); \
+}
+
+#endif // MISC_TOOLS_H

data/ProjectTox-Core/toxcore/net_crypto.c

@@ -0,0 +1,2753 @@
+/* net_crypto.c
+ *
+ * Functions for the core network crypto.
+ * See also: http://wiki.tox.im/index.php/DHT
+ *
+ * NOTE: This code has to be perfect. We don't mess around with encryption.
+ *
+ *  Copyright (C) 2013 Tox project All Rights Reserved.
+ *
+ *  This file is part of Tox.
+ *
+ *  Tox is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Tox is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with Tox.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "net_crypto.h"
+#include "util.h"
+#include "math.h"
+#include "logger.h"
+
+static uint8_t crypt_connection_id_not_valid(const Net_Crypto *c, int crypt_connection_id)
+{
+    return (uint32_t)crypt_connection_id >= c->crypto_connections_length;
+}
+
+/* cookie timeout in seconds */
+#define COOKIE_TIMEOUT 10
+#define COOKIE_DATA_LENGTH (crypto_box_PUBLICKEYBYTES * 2)
+#define COOKIE_CONTENTS_LENGTH (sizeof(uint64_t) + COOKIE_DATA_LENGTH)
+#define COOKIE_LENGTH (crypto_box_NONCEBYTES + COOKIE_CONTENTS_LENGTH + crypto_box_MACBYTES)
+
+#define COOKIE_REQUEST_PLAIN_LENGTH (COOKIE_DATA_LENGTH + sizeof(uint64_t))
+#define COOKIE_REQUEST_LENGTH (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES)
+#define COOKIE_RESPONSE_LENGTH (1 + crypto_box_NONCEBYTES + COOKIE_LENGTH + sizeof(uint64_t) + crypto_box_MACBYTES)
+
+/* Create a cookie request packet and put it in packet.
+ * dht_public_key is the dht public key of the other
+ *
+ * packet must be of size COOKIE_REQUEST_LENGTH or bigger.
+ *
+ * return -1 on failure.
+ * return COOKIE_REQUEST_LENGTH on success.
+ */
+static int create_cookie_request(const Net_Crypto *c, uint8_t *packet, uint8_t *dht_public_key, uint64_t number,
+                                 uint8_t *shared_key)
+{
+    uint8_t plain[COOKIE_REQUEST_PLAIN_LENGTH];
+    uint8_t padding[crypto_box_PUBLICKEYBYTES] = {0};
+
+    memcpy(plain, c->self_public_key, crypto_box_PUBLICKEYBYTES);
+    memcpy(plain + crypto_box_PUBLICKEYBYTES, padding, crypto_box_PUBLICKEYBYTES);
+    memcpy(plain + (crypto_box_PUBLICKEYBYTES * 2), &number, sizeof(uint64_t));
+
+    DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key);
+    uint8_t nonce[crypto_box_NONCEBYTES];
+    new_nonce(nonce);
+    packet[0] = NET_PACKET_COOKIE_REQUEST;
+    memcpy(packet + 1, c->dht->self_public_key, crypto_box_PUBLICKEYBYTES);
+    memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES);
+    int len = encrypt_data_symmetric(shared_key, nonce, plain, sizeof(plain),
+                                     packet + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES);
+
+    if (len != COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES)
+        return -1;
+
+    return (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + len);
+}
+
+/* Create cookie of length COOKIE_LENGTH from bytes of length COOKIE_DATA_LENGTH using encryption_key
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int create_cookie(uint8_t *cookie, const uint8_t *bytes, const uint8_t *encryption_key)
+{
+    uint8_t contents[COOKIE_CONTENTS_LENGTH];
+    uint64_t temp_time = unix_time();
+    memcpy(contents, &temp_time, sizeof(temp_time));
+    memcpy(contents + sizeof(temp_time), bytes, COOKIE_DATA_LENGTH);
+    new_nonce(cookie);
+    int len = encrypt_data_symmetric(encryption_key, cookie, contents, sizeof(contents), cookie + crypto_box_NONCEBYTES);
+
+    if (len != COOKIE_LENGTH - crypto_box_NONCEBYTES)
+        return -1;
+
+    return 0;
+}
+
+/* Open cookie of length COOKIE_LENGTH to bytes of length COOKIE_DATA_LENGTH using encryption_key
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int open_cookie(uint8_t *bytes, const uint8_t *cookie, const uint8_t *encryption_key)
+{
+    uint8_t contents[COOKIE_CONTENTS_LENGTH];
+    int len = decrypt_data_symmetric(encryption_key, cookie, cookie + crypto_box_NONCEBYTES,
+                                     COOKIE_LENGTH - crypto_box_NONCEBYTES, contents);
+
+    if (len != sizeof(contents))
+        return -1;
+
+    uint64_t cookie_time;
+    memcpy(&cookie_time, contents, sizeof(cookie_time));
+    uint64_t temp_time = unix_time();
+
+    if (cookie_time + COOKIE_TIMEOUT < temp_time || temp_time < cookie_time)
+        return -1;
+
+    memcpy(bytes, contents + sizeof(cookie_time), COOKIE_DATA_LENGTH);
+    return 0;
+}
+
+
+/* Create a cookie response packet and put it in packet.
+ * request_plain must be COOKIE_REQUEST_PLAIN_LENGTH bytes.
+ * packet must be of size COOKIE_RESPONSE_LENGTH or bigger.
+ *
+ * return -1 on failure.
+ * return COOKIE_RESPONSE_LENGTH on success.
+ */
+static int create_cookie_response(const Net_Crypto *c, uint8_t *packet, const uint8_t *request_plain,
+                                  const uint8_t *shared_key, const uint8_t *dht_public_key)
+{
+    uint8_t cookie_plain[COOKIE_DATA_LENGTH];
+    memcpy(cookie_plain, request_plain, crypto_box_PUBLICKEYBYTES);
+    memcpy(cookie_plain + crypto_box_PUBLICKEYBYTES, dht_public_key, crypto_box_PUBLICKEYBYTES);
+    uint8_t plain[COOKIE_LENGTH + sizeof(uint64_t)];
+
+    if (create_cookie(plain, cookie_plain, c->secret_symmetric_key) != 0)
+        return -1;
+
+    memcpy(plain + COOKIE_LENGTH, request_plain + COOKIE_DATA_LENGTH, sizeof(uint64_t));
+    packet[0] = NET_PACKET_COOKIE_RESPONSE;
+    new_nonce(packet + 1);
+    int len = encrypt_data_symmetric(shared_key, packet + 1, plain, sizeof(plain), packet + 1 + crypto_box_NONCEBYTES);
+
+    if (len != COOKIE_RESPONSE_LENGTH - (1 + crypto_box_NONCEBYTES))
+        return -1;
+
+    return COOKIE_RESPONSE_LENGTH;
+}
+
+/* Handle the cookie request packet of length length.
+ * Put what was in the request in request_plain (must be of size COOKIE_REQUEST_PLAIN_LENGTH)
+ * Put the key used to decrypt the request into shared_key (of size crypto_box_BEFORENMBYTES) for use in the response.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int handle_cookie_request(const Net_Crypto *c, uint8_t *request_plain, uint8_t *shared_key,
+                                 uint8_t *dht_public_key, const uint8_t *packet, uint16_t length)
+{
+    if (length != COOKIE_REQUEST_LENGTH)
+        return -1;
+
+    memcpy(dht_public_key, packet + 1, crypto_box_PUBLICKEYBYTES);
+    DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key);
+    int len = decrypt_data_symmetric(shared_key, packet + 1 + crypto_box_PUBLICKEYBYTES,
+                                     packet + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES,
+                                     request_plain);
+
+    if (len != COOKIE_REQUEST_PLAIN_LENGTH)
+        return -1;
+
+    return 0;
+}
+
+/* Handle the cookie request packet (for raw UDP)
+ */
+static int udp_handle_cookie_request(void *object, IP_Port source, const uint8_t *packet, uint32_t length)
+{
+    Net_Crypto *c = object;
+    uint8_t request_plain[COOKIE_REQUEST_PLAIN_LENGTH];
+    uint8_t shared_key[crypto_box_BEFORENMBYTES];
+    uint8_t dht_public_key[crypto_box_PUBLICKEYBYTES];
+
+    if (handle_cookie_request(c, request_plain, shared_key, dht_public_key, packet, length) != 0)
+        return 1;
+
+    uint8_t data[COOKIE_RESPONSE_LENGTH];
+
+    if (create_cookie_response(c, data, request_plain, shared_key, dht_public_key) != sizeof(data))
+        return 1;
+
+    if ((uint32_t)sendpacket(c->dht->net, source, data, sizeof(data)) != sizeof(data))
+        return 1;
+
+    return 0;
+}
+
+/* Handle the cookie request packet (for TCP)
+ */
+static int tcp_handle_cookie_request(const Net_Crypto *c, TCP_Client_Connection *TCP_con, uint8_t conn_id,
+                                     const uint8_t *packet, uint32_t length)
+{
+    uint8_t request_plain[COOKIE_REQUEST_PLAIN_LENGTH];
+    uint8_t shared_key[crypto_box_BEFORENMBYTES];
+    uint8_t dht_public_key[crypto_box_PUBLICKEYBYTES];
+
+    if (handle_cookie_request(c, request_plain, shared_key, dht_public_key, packet, length) != 0)
+        return -1;
+
+    uint8_t data[COOKIE_RESPONSE_LENGTH];
+
+    if (create_cookie_response(c, data, request_plain, shared_key, dht_public_key) != sizeof(data))
+        return -1;
+
+    if (send_data(TCP_con, conn_id, data, sizeof(data)) != 1)
+        return -1;
+
+    return 0;
+}
+
+/* Handle the cookie request packet (for TCP oob packets)
+ */
+static int tcp_oob_handle_cookie_request(const Net_Crypto *c, TCP_Client_Connection *TCP_con,
+        const uint8_t *dht_public_key, const uint8_t *packet, uint32_t length)
+{
+    uint8_t request_plain[COOKIE_REQUEST_PLAIN_LENGTH];
+    uint8_t shared_key[crypto_box_BEFORENMBYTES];
+    uint8_t dht_public_key_temp[crypto_box_PUBLICKEYBYTES];
+
+    if (handle_cookie_request(c, request_plain, shared_key, dht_public_key_temp, packet, length) != 0)
+        return -1;
+
+    if (memcmp(dht_public_key, dht_public_key_temp, crypto_box_PUBLICKEYBYTES) != 0)
+        return -1;
+
+    uint8_t data[COOKIE_RESPONSE_LENGTH];
+
+    if (create_cookie_response(c, data, request_plain, shared_key, dht_public_key) != sizeof(data))
+        return -1;
+
+    if (send_oob_packet(TCP_con, dht_public_key, data, sizeof(data)) != 1)
+        return -1;
+
+    return 0;
+}
+
+/* Handle a cookie response packet of length encrypted with shared_key.
+ * put the cookie in the response in cookie
+ *
+ * cookie must be of length COOKIE_LENGTH.
+ *
+ * return -1 on failure.
+ * return COOKIE_LENGTH on success.
+ */
+static int handle_cookie_response(uint8_t *cookie, uint64_t *number, const uint8_t *packet, uint32_t length,
+                                  const uint8_t *shared_key)
+{
+    if (length != COOKIE_RESPONSE_LENGTH)
+        return -1;
+
+    uint8_t plain[COOKIE_LENGTH + sizeof(uint64_t)];
+    int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES,
+                                     length - (1 + crypto_box_NONCEBYTES), plain);
+
+    if (len != sizeof(plain))
+        return -1;
+
+    memcpy(cookie, plain, COOKIE_LENGTH);
+    memcpy(number, plain + COOKIE_LENGTH, sizeof(uint64_t));
+    return COOKIE_LENGTH;
+}
+
+#define HANDSHAKE_PACKET_LENGTH (1 + COOKIE_LENGTH + crypto_box_NONCEBYTES + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_hash_sha512_BYTES + COOKIE_LENGTH + crypto_box_MACBYTES)
+
+/* Create a handshake packet and put it in packet.
+ * cookie must be COOKIE_LENGTH bytes.
+ * packet must be of size HANDSHAKE_PACKET_LENGTH or bigger.
+ *
+ * return -1 on failure.
+ * return HANDSHAKE_PACKET_LENGTH on success.
+ */
+static int create_crypto_handshake(const Net_Crypto *c, uint8_t *packet, const uint8_t *cookie, const uint8_t *nonce,
+                                   const uint8_t *session_pk, const uint8_t *peer_real_pk, const uint8_t *peer_dht_pubkey)
+{
+    uint8_t plain[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_hash_sha512_BYTES + COOKIE_LENGTH];
+    memcpy(plain, nonce, crypto_box_NONCEBYTES);
+    memcpy(plain + crypto_box_NONCEBYTES, session_pk, crypto_box_PUBLICKEYBYTES);
+    crypto_hash_sha512(plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, cookie, COOKIE_LENGTH);
+    uint8_t cookie_plain[COOKIE_DATA_LENGTH];
+    memcpy(cookie_plain, peer_real_pk, crypto_box_PUBLICKEYBYTES);
+    memcpy(cookie_plain + crypto_box_PUBLICKEYBYTES, peer_dht_pubkey, crypto_box_PUBLICKEYBYTES);
+
+    if (create_cookie(plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_hash_sha512_BYTES, cookie_plain,
+                      c->secret_symmetric_key) != 0)
+        return -1;
+
+    new_nonce(packet + 1 + COOKIE_LENGTH);
+    int len = encrypt_data(peer_real_pk, c->self_secret_key, packet + 1 + COOKIE_LENGTH, plain, sizeof(plain),
+                           packet + 1 + COOKIE_LENGTH + crypto_box_NONCEBYTES);
+
+    if (len != HANDSHAKE_PACKET_LENGTH - (1 + COOKIE_LENGTH + crypto_box_NONCEBYTES))
+        return -1;
+
+    packet[0] = NET_PACKET_CRYPTO_HS;
+    memcpy(packet + 1, cookie, COOKIE_LENGTH);
+
+    return HANDSHAKE_PACKET_LENGTH;
+}
+
+/* Handle a crypto handshake packet of length.
+ * put the nonce contained in the packet in nonce,
+ * the session public key in session_pk
+ * the real public key of the peer in peer_real_pk
+ * the dht public key of the peer in dht_public_key and
+ * the cookie inside the encrypted part of the packet in cookie.
+ *
+ * if expected_real_pk isn't NULL it denotes the real public key
+ * the packet should be from.
+ *
+ * nonce must be at least crypto_box_NONCEBYTES
+ * session_pk must be at least crypto_box_PUBLICKEYBYTES
+ * peer_real_pk must be at least crypto_box_PUBLICKEYBYTES
+ * cookie must be at least COOKIE_LENGTH
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int handle_crypto_handshake(const Net_Crypto *c, uint8_t *nonce, uint8_t *session_pk, uint8_t *peer_real_pk,
+                                   uint8_t *dht_public_key, uint8_t *cookie, const uint8_t *packet, uint32_t length, const uint8_t *expected_real_pk)
+{
+    if (length != HANDSHAKE_PACKET_LENGTH)
+        return -1;
+
+    uint8_t cookie_plain[COOKIE_DATA_LENGTH];
+
+    if (open_cookie(cookie_plain, packet + 1, c->secret_symmetric_key) != 0)
+        return -1;
+
+    if (expected_real_pk)
+        if (crypto_cmp(cookie_plain, expected_real_pk, crypto_box_PUBLICKEYBYTES) != 0)
+            return -1;
+
+    uint8_t cookie_hash[crypto_hash_sha512_BYTES];
+    crypto_hash_sha512(cookie_hash, packet + 1, COOKIE_LENGTH);
+
+    uint8_t plain[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_hash_sha512_BYTES + COOKIE_LENGTH];
+    int len = decrypt_data(cookie_plain, c->self_secret_key, packet + 1 + COOKIE_LENGTH,
+                           packet + 1 + COOKIE_LENGTH + crypto_box_NONCEBYTES,
+                           HANDSHAKE_PACKET_LENGTH - (1 + COOKIE_LENGTH + crypto_box_NONCEBYTES), plain);
+
+    if (len != sizeof(plain))
+        return -1;
+
+    if (memcmp(cookie_hash, plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, crypto_hash_sha512_BYTES) != 0)
+        return -1;
+
+    memcpy(nonce, plain, crypto_box_NONCEBYTES);
+    memcpy(session_pk, plain + crypto_box_NONCEBYTES, crypto_box_PUBLICKEYBYTES);
+    memcpy(cookie, plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_hash_sha512_BYTES, COOKIE_LENGTH);
+    memcpy(peer_real_pk, cookie_plain, crypto_box_PUBLICKEYBYTES);
+    memcpy(dht_public_key, cookie_plain + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES);
+    return 0;
+}
+
+
+static Crypto_Connection *get_crypto_connection(const Net_Crypto *c, int crypt_connection_id)
+{
+    if (crypt_connection_id_not_valid(c, crypt_connection_id))
+        return 0;
+
+    return &c->crypto_connections[crypt_connection_id];
+}
+
+
+/* Sends a packet to the peer using the fastest route.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int send_packet_to(Net_Crypto *c, int crypt_connection_id, const uint8_t *data, uint16_t length)
+{
+//TODO TCP, etc...
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    int direct_send_attempt = 0;
+
+    //TODO: on bad networks, direct connections might not last indefinitely.
+    if (conn->ip_port.ip.family != 0) {
+        uint8_t direct_connected = 0;
+        crypto_connection_status(c, crypt_connection_id, &direct_connected);
+
+        if (direct_connected && (uint32_t)sendpacket(c->dht->net, conn->ip_port, data, length) == length)
+            return 0;
+
+        //TODO: a better way of sending packets directly to confirm the others ip.
+        if (length < 96 || data[0] == NET_PACKET_COOKIE_REQUEST || data[0] == NET_PACKET_CRYPTO_HS) {
+            if ((uint32_t)sendpacket(c->dht->net, conn->ip_port, data, length) == length)
+                direct_send_attempt = 1;
+        }
+
+    }
+
+    //TODO: detect and kill bad relays.
+    uint32_t i;
+
+    unsigned int r = crypt_connection_id;
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        pthread_mutex_lock(&c->tcp_mutex);
+
+        int ret = 0;
+
+        if (conn->status_tcp[(i + r) % MAX_TCP_CONNECTIONS] == STATUS_TCP_ONLINE) {/* friend is connected to this relay. */
+            ret = send_data(c->tcp_connections[(i + r) % MAX_TCP_CONNECTIONS], conn->con_number_tcp[(i + r) % MAX_TCP_CONNECTIONS],
+                            data, length);
+        }
+
+        pthread_mutex_unlock(&c->tcp_mutex);
+
+        if (ret == 1) {
+            return 0;
+        }
+    }
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        pthread_mutex_lock(&c->tcp_mutex);
+
+        int ret = 0;
+
+        if (conn->status_tcp[(i + r) % MAX_TCP_CONNECTIONS] == STATUS_TCP_INVISIBLE) {
+            ret = send_oob_packet(c->tcp_connections[(i + r) % MAX_TCP_CONNECTIONS], conn->dht_public_key, data, length);
+        }
+
+        pthread_mutex_unlock(&c->tcp_mutex);
+
+        if (ret == 1) {
+            return 0;
+        }
+    }
+
+    if (direct_send_attempt) {
+        return 0;
+    }
+
+    return -1;
+}
+
+/** START: Array Related functions **/
+
+
+/* Return number of packets in array
+ * Note that holes are counted too.
+ */
+static uint32_t num_packets_array(const Packets_Array *array)
+{
+    return array->buffer_end - array->buffer_start;
+}
+
+/* Add data with packet number to array.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int add_data_to_buffer(Packets_Array *array, uint32_t number, const Packet_Data *data)
+{
+    if (number - array->buffer_start > CRYPTO_PACKET_BUFFER_SIZE)
+        return -1;
+
+    uint32_t num = number % CRYPTO_PACKET_BUFFER_SIZE;
+
+    if (array->buffer[num])
+        return -1;
+
+    Packet_Data *new_d = malloc(sizeof(Packet_Data));
+
+    if (new_d == NULL)
+        return -1;
+
+    memcpy(new_d, data, sizeof(Packet_Data));
+    array->buffer[num] = new_d;
+
+    if ((number - array->buffer_start) >= (array->buffer_end - array->buffer_start))
+        array->buffer_end = number + 1;
+
+    return 0;
+}
+
+/* Get pointer of data with packet number.
+ *
+ * return -1 on failure.
+ * return 0 if data at number is empty.
+ * return 1 if data pointer was put in data.
+ */
+static int get_data_pointer(const Packets_Array *array, Packet_Data **data, uint32_t number)
+{
+    uint32_t num_spots = array->buffer_end - array->buffer_start;
+
+    if (array->buffer_end - number > num_spots || number - array->buffer_start >= num_spots)
+        return -1;
+
+    uint32_t num = number % CRYPTO_PACKET_BUFFER_SIZE;
+
+    if (!array->buffer[num])
+        return 0;
+
+    *data = array->buffer[num];
+    return 1;
+}
+
+/* Add data to end of array.
+ *
+ * return -1 on failure.
+ * return packet number on success.
+ */
+static int64_t add_data_end_of_buffer(Packets_Array *array, const Packet_Data *data)
+{
+    if (num_packets_array(array) >= CRYPTO_PACKET_BUFFER_SIZE)
+        return -1;
+
+    Packet_Data *new_d = malloc(sizeof(Packet_Data));
+
+    if (new_d == NULL)
+        return -1;
+
+    memcpy(new_d, data, sizeof(Packet_Data));
+    uint32_t id = array->buffer_end;
+    array->buffer[id % CRYPTO_PACKET_BUFFER_SIZE] = new_d;
+    ++array->buffer_end;
+    return id;
+}
+
+/* Read data from begginning of array.
+ *
+ * return -1 on failure.
+ * return packet number on success.
+ */
+static int64_t read_data_beg_buffer(Packets_Array *array, Packet_Data *data)
+{
+    if (array->buffer_end == array->buffer_start)
+        return -1;
+
+    uint32_t num = array->buffer_start % CRYPTO_PACKET_BUFFER_SIZE;
+
+    if (!array->buffer[num])
+        return -1;
+
+    memcpy(data, array->buffer[num], sizeof(Packet_Data));
+    uint32_t id = array->buffer_start;
+    ++array->buffer_start;
+    free(array->buffer[num]);
+    array->buffer[num] = NULL;
+    return id;
+}
+
+/* Delete all packets in array before number (but not number)
+ *
+ * return -1 on failure.
+ * return 0 on success
+ */
+static int clear_buffer_until(Packets_Array *array, uint32_t number)
+{
+    uint32_t num_spots = array->buffer_end - array->buffer_start;
+
+    if (array->buffer_end - number >= num_spots || number - array->buffer_start > num_spots)
+        return -1;
+
+    uint32_t i;
+
+    for (i = array->buffer_start; i != number; ++i) {
+        uint32_t num = i % CRYPTO_PACKET_BUFFER_SIZE;
+
+        if (array->buffer[num]) {
+            free(array->buffer[num]);
+            array->buffer[num] = NULL;
+        }
+    }
+
+    array->buffer_start = i;
+    return 0;
+}
+
+/* Set array buffer end to number.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int set_buffer_end(Packets_Array *array, uint32_t number)
+{
+    if ((number - array->buffer_start) > CRYPTO_PACKET_BUFFER_SIZE)
+        return -1;
+
+    if ((number - array->buffer_end) > CRYPTO_PACKET_BUFFER_SIZE)
+        return -1;
+
+    array->buffer_end = number;
+    return 0;
+}
+
+/* Create a packet request packet from recv_array and send_buffer_end into
+ * data of length.
+ *
+ * return -1 on failure.
+ * return length of packet on success.
+ */
+static int generate_request_packet(uint8_t *data, uint16_t length, const Packets_Array *recv_array)
+{
+    if (length == 0)
+        return -1;
+
+    data[0] = PACKET_ID_REQUEST;
+
+    uint16_t cur_len = 1;
+
+    if (recv_array->buffer_start == recv_array->buffer_end)
+        return cur_len;
+
+    if (length <= cur_len)
+        return cur_len;
+
+    uint32_t i, n = 1;
+
+    for (i = recv_array->buffer_start; i != recv_array->buffer_end; ++i) {
+        uint32_t num = i % CRYPTO_PACKET_BUFFER_SIZE;
+
+        if (!recv_array->buffer[num]) {
+            data[cur_len] = n;
+            n = 0;
+            ++cur_len;
+
+            if (length <= cur_len)
+                return cur_len;
+
+        } else if (n == 255) {
+            data[cur_len] = 0;
+            n = 0;
+            ++cur_len;
+
+            if (length <= cur_len)
+                return cur_len;
+        }
+
+        ++n;
+    }
+
+    return cur_len;
+}
+
+/* Handle a request data packet.
+ * Remove all the packets the other received from the array.
+ *
+ * return -1 on failure.
+ * return number of requested packets on success.
+ */
+static int handle_request_packet(Packets_Array *send_array, const uint8_t *data, uint16_t length)
+{
+    if (length < 1)
+        return -1;
+
+    if (data[0] != PACKET_ID_REQUEST)
+        return -1;
+
+    if (length == 1)
+        return 0;
+
+    ++data;
+    --length;
+
+    uint32_t i, n = 1;
+    uint32_t requested = 0;
+
+    for (i = send_array->buffer_start; i != send_array->buffer_end; ++i) {
+        if (length == 0)
+            break;
+
+        uint32_t num = i % CRYPTO_PACKET_BUFFER_SIZE;
+
+        if (n == data[0]) {
+            if (send_array->buffer[num]) {
+                send_array->buffer[num]->time = 0;
+            }
+
+            ++data;
+            --length;
+            n = 0;
+            ++requested;
+        } else {
+            free(send_array->buffer[num]);
+            send_array->buffer[num] = NULL;
+        }
+
+        if (n == 255) {
+            n = 1;
+
+            if (data[0] != 0)
+                return -1;
+
+            ++data;
+            --length;
+        } else {
+            ++n;
+        }
+    }
+
+    return requested;
+}
+
+/** END: Array Related functions **/
+
+#define MAX_DATA_DATA_PACKET_SIZE (MAX_CRYPTO_PACKET_SIZE - (1 + sizeof(uint16_t) + crypto_box_MACBYTES))
+
+/* Creates and sends a data packet to the peer using the fastest route.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int send_data_packet(Net_Crypto *c, int crypt_connection_id, const uint8_t *data, uint16_t length)
+{
+    if (length == 0 || length + (1 + sizeof(uint16_t) + crypto_box_MACBYTES) > MAX_CRYPTO_PACKET_SIZE)
+        return -1;
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    pthread_mutex_lock(&conn->mutex);
+    uint8_t packet[1 + sizeof(uint16_t) + length + crypto_box_MACBYTES];
+    packet[0] = NET_PACKET_CRYPTO_DATA;
+    memcpy(packet + 1, conn->sent_nonce + (crypto_box_NONCEBYTES - sizeof(uint16_t)), sizeof(uint16_t));
+    int len = encrypt_data_symmetric(conn->shared_key, conn->sent_nonce, data, length, packet + 1 + sizeof(uint16_t));
+
+    if (len + 1 + sizeof(uint16_t) != sizeof(packet)) {
+        pthread_mutex_unlock(&conn->mutex);
+        return -1;
+    }
+
+    increment_nonce(conn->sent_nonce);
+    int ret = send_packet_to(c, crypt_connection_id, packet, sizeof(packet));
+    pthread_mutex_unlock(&conn->mutex);
+    return ret;
+}
+
+/* Creates and sends a data packet with buffer_start and num to the peer using the fastest route.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int send_data_packet_helper(Net_Crypto *c, int crypt_connection_id, uint32_t buffer_start, uint32_t num,
+                                   const uint8_t *data, uint32_t length)
+{
+    if (length == 0 || length > MAX_CRYPTO_DATA_SIZE)
+        return -1;
+
+    num = htonl(num);
+    buffer_start = htonl(buffer_start);
+    uint16_t padding_length = (MAX_CRYPTO_DATA_SIZE - length) % CRYPTO_MAX_PADDING;
+    uint8_t packet[sizeof(uint32_t) + sizeof(uint32_t) + padding_length + length];
+    memcpy(packet, &buffer_start, sizeof(uint32_t));
+    memcpy(packet + sizeof(uint32_t), &num, sizeof(uint32_t));
+    memset(packet + (sizeof(uint32_t) * 2), 0, padding_length);
+    memcpy(packet + (sizeof(uint32_t) * 2) + padding_length, data, length);
+
+    return send_data_packet(c, crypt_connection_id, packet, sizeof(packet));
+}
+
+/*  return -1 if data could not be put in packet queue.
+ *  return positive packet number if data was put into the queue.
+ */
+static int64_t send_lossless_packet(Net_Crypto *c, int crypt_connection_id, const uint8_t *data, uint32_t length,
+                                    uint8_t congestion_control)
+{
+    if (length == 0 || length > MAX_CRYPTO_DATA_SIZE)
+        return -1;
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    uint64_t temp_time = current_time_monotonic();
+
+    /* If last packet send failed, try to send packet again.
+       If sending it fails we won't be able to send the new packet. */
+    if (conn->maximum_speed_reached) {
+        Packet_Data *dt = NULL;
+        uint32_t packet_num = conn->send_array.buffer_end - 1;
+        int ret = get_data_pointer(&conn->send_array, &dt, packet_num);
+
+        uint8_t send_failed = 0;
+
+        if (ret == 1) {
+            if (!dt->time) {
+                if (send_data_packet_helper(c, crypt_connection_id, conn->recv_array.buffer_start, packet_num, dt->data,
+                                            dt->length) != 0) {
+                    if (congestion_control) {
+                        return -1;
+                    } else {
+                        send_failed = 1;
+                    }
+                } else {
+                    dt->time = temp_time;
+                }
+            }
+        }
+
+        if (!send_failed) {
+            conn->maximum_speed_reached = 0;
+        }
+    }
+
+    Packet_Data dt;
+    dt.time = 0;
+    dt.length = length;
+    memcpy(dt.data, data, length);
+    int64_t packet_num = add_data_end_of_buffer(&conn->send_array, &dt);
+
+    if (packet_num == -1)
+        return -1;
+
+    if (!congestion_control && conn->maximum_speed_reached) {
+        return packet_num;
+    }
+
+    if (send_data_packet_helper(c, crypt_connection_id, conn->recv_array.buffer_start, packet_num, data, length) == 0) {
+        Packet_Data *dt1 = NULL;
+        get_data_pointer(&conn->send_array, &dt1, packet_num);
+        dt1->time = temp_time;
+    } else {
+        conn->maximum_speed_reached = 1;
+        LOGGER_ERROR("send_data_packet failed\n");
+    }
+
+    return packet_num;
+}
+
+/* Get the lowest 2 bytes from the nonce and convert
+ * them to host byte format before returning them.
+ */
+static uint16_t get_nonce_uint16(const uint8_t *nonce)
+{
+    uint16_t num;
+    memcpy(&num, nonce + (crypto_box_NONCEBYTES - sizeof(uint16_t)), sizeof(uint16_t));
+    return ntohs(num);
+}
+
+#define DATA_NUM_THRESHOLD 21845
+
+/* Handle a data packet.
+ * Decrypt packet of length and put it into data.
+ * data must be at least MAX_DATA_DATA_PACKET_SIZE big.
+ *
+ * return -1 on failure.
+ * return length of data on success.
+ */
+static int handle_data_packet(const Net_Crypto *c, int crypt_connection_id, uint8_t *data, const uint8_t *packet,
+                              uint16_t length)
+{
+    if (length <= (1 + sizeof(uint16_t) + crypto_box_MACBYTES) || length > MAX_CRYPTO_PACKET_SIZE)
+        return -1;
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    uint8_t nonce[crypto_box_NONCEBYTES];
+    memcpy(nonce, conn->recv_nonce, crypto_box_NONCEBYTES);
+    uint16_t num_cur_nonce = get_nonce_uint16(nonce);
+    uint16_t num;
+    memcpy(&num, packet + 1, sizeof(uint16_t));
+    num = ntohs(num);
+    uint16_t diff = num - num_cur_nonce;
+    increment_nonce_number(nonce, diff);
+    int len = decrypt_data_symmetric(conn->shared_key, nonce, packet + 1 + sizeof(uint16_t),
+                                     length - (1 + sizeof(uint16_t)), data);
+
+    if ((unsigned int)len != length - (1 + sizeof(uint16_t) + crypto_box_MACBYTES))
+        return -1;
+
+    if (diff > DATA_NUM_THRESHOLD * 2) {
+        increment_nonce_number(conn->recv_nonce, DATA_NUM_THRESHOLD);
+    }
+
+    return len;
+}
+
+/* Send a request packet.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int send_request_packet(Net_Crypto *c, int crypt_connection_id)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    uint8_t data[MAX_CRYPTO_DATA_SIZE];
+    int len = generate_request_packet(data, sizeof(data), &conn->recv_array);
+
+    if (len == -1)
+        return -1;
+
+    return send_data_packet_helper(c, crypt_connection_id, conn->recv_array.buffer_start, conn->send_array.buffer_end, data,
+                                   len);
+}
+
+/* Send up to max num previously requested data packets.
+ *
+ * return -1 on failure.
+ * return number of packets sent on success.
+ */
+static int send_requested_packets(Net_Crypto *c, int crypt_connection_id, uint16_t max_num)
+{
+    if (max_num == 0)
+        return -1;
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    uint32_t i, num_sent = 0, array_size = num_packets_array(&conn->send_array);
+
+    for (i = 0; i < array_size; ++i) {
+        Packet_Data *dt;
+        uint32_t packet_num = (i + conn->send_array.buffer_start);
+        int ret = get_data_pointer(&conn->send_array, &dt, packet_num);
+
+        if (ret == -1) {
+            return -1;
+        } else if (ret == 0) {
+            continue;
+        }
+
+        if (dt->time != 0) {
+            continue;
+        }
+
+        dt->time = current_time_monotonic();
+
+        if (send_data_packet_helper(c, crypt_connection_id, conn->recv_array.buffer_start, packet_num, dt->data,
+                                    dt->length) == 0)
+            ++num_sent;
+
+        if (num_sent >= max_num)
+            break;
+    }
+
+    return num_sent;
+}
+
+
+/* Add a new temp packet to send repeatedly.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int new_temp_packet(const Net_Crypto *c, int crypt_connection_id, const uint8_t *packet, uint16_t length)
+{
+    if (length == 0 || length > MAX_CRYPTO_PACKET_SIZE)
+        return -1;
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    uint8_t *temp_packet = malloc(length);
+
+    if (temp_packet == 0)
+        return -1;
+
+    if (conn->temp_packet)
+        free(conn->temp_packet);
+
+    memcpy(temp_packet, packet, length);
+    conn->temp_packet = temp_packet;
+    conn->temp_packet_length = length;
+    conn->temp_packet_sent_time = 0;
+    conn->temp_packet_num_sent = 0;
+    return 0;
+}
+
+/* Clear the temp packet.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int clear_temp_packet(const Net_Crypto *c, int crypt_connection_id)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    if (conn->temp_packet)
+        free(conn->temp_packet);
+
+    conn->temp_packet = 0;
+    conn->temp_packet_length = 0;
+    conn->temp_packet_sent_time = 0;
+    conn->temp_packet_num_sent = 0;
+    return 0;
+}
+
+
+/* Send the temp packet.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int send_temp_packet(Net_Crypto *c, int crypt_connection_id)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    if (!conn->temp_packet)
+        return -1;
+
+    if (send_packet_to(c, crypt_connection_id, conn->temp_packet, conn->temp_packet_length) != 0)
+        return -1;
+
+    conn->temp_packet_sent_time = current_time_monotonic();
+    ++conn->temp_packet_num_sent;
+    return 0;
+}
+
+/* Create a handshake packet and set it as a temp packet.
+ * cookie must be COOKIE_LENGTH.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int create_send_handshake(Net_Crypto *c, int crypt_connection_id, const uint8_t *cookie,
+                                 const uint8_t *dht_public_key)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    uint8_t handshake_packet[HANDSHAKE_PACKET_LENGTH];
+
+    if (create_crypto_handshake(c, handshake_packet, cookie, conn->sent_nonce, conn->sessionpublic_key,
+                                conn->public_key, dht_public_key) != sizeof(handshake_packet))
+        return -1;
+
+    if (new_temp_packet(c, crypt_connection_id, handshake_packet, sizeof(handshake_packet)) != 0)
+        return -1;
+
+    send_temp_packet(c, crypt_connection_id);
+    return 0;
+}
+
+/* Send a kill packet.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int send_kill_packet(Net_Crypto *c, int crypt_connection_id)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    uint8_t kill_packet = PACKET_ID_KILL;
+    return send_data_packet_helper(c, crypt_connection_id, conn->recv_array.buffer_start, conn->send_array.buffer_end,
+                                   &kill_packet, sizeof(kill_packet));
+}
+
+/* Handle a received data packet.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int handle_data_packet_helper(const Net_Crypto *c, int crypt_connection_id, const uint8_t *packet,
+                                     uint16_t length)
+{
+    if (length > MAX_CRYPTO_PACKET_SIZE || length <= CRYPTO_DATA_PACKET_MIN_SIZE)
+        return -1;
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    uint8_t data[MAX_DATA_DATA_PACKET_SIZE];
+    int len = handle_data_packet(c, crypt_connection_id, data, packet, length);
+
+    if (len <= (int)(sizeof(uint32_t) * 2))
+        return -1;
+
+    uint32_t buffer_start, num;
+    memcpy(&buffer_start, data, sizeof(uint32_t));
+    memcpy(&num, data + sizeof(uint32_t), sizeof(uint32_t));
+    buffer_start = ntohl(buffer_start);
+    num = ntohl(num);
+
+    if (buffer_start != conn->send_array.buffer_start && clear_buffer_until(&conn->send_array, buffer_start) != 0)
+        return -1;
+
+    uint8_t *real_data = data + (sizeof(uint32_t) * 2);
+    uint16_t real_length = len - (sizeof(uint32_t) * 2);
+
+    while (real_data[0] == 0) { /* Remove Padding */
+        ++real_data;
+        --real_length;
+
+        if (real_length == 0)
+            return -1;
+    }
+
+    if (real_data[0] == PACKET_ID_KILL) {
+        conn->killed = 1;
+        return 0;
+    }
+
+    if (conn->status == CRYPTO_CONN_NOT_CONFIRMED) {
+        clear_temp_packet(c, crypt_connection_id);
+        conn->status = CRYPTO_CONN_ESTABLISHED;
+
+        if (conn->connection_status_callback)
+            conn->connection_status_callback(conn->connection_status_callback_object, conn->connection_status_callback_id, 1);
+    }
+
+    if (real_data[0] == PACKET_ID_REQUEST) {
+        int requested = handle_request_packet(&conn->send_array, real_data, real_length);
+
+        if (requested == -1) {
+            return -1;
+        } else {
+            //TODO?
+        }
+
+        set_buffer_end(&conn->recv_array, num);
+    } else if (real_data[0] >= CRYPTO_RESERVED_PACKETS && real_data[0] < PACKET_ID_LOSSY_RANGE_START) {
+        Packet_Data dt;
+        dt.time = current_time_monotonic();
+        dt.length = real_length;
+        memcpy(dt.data, real_data, real_length);
+
+        if (add_data_to_buffer(&conn->recv_array, num, &dt) != 0)
+            return -1;
+
+        while (read_data_beg_buffer(&conn->recv_array, &dt) != -1) {
+            if (conn->connection_data_callback)
+                conn->connection_data_callback(conn->connection_data_callback_object, conn->connection_data_callback_id, dt.data,
+                                               dt.length);
+        }
+
+        /* Packet counter. */
+        ++conn->packet_counter;
+    } else if (real_data[0] >= PACKET_ID_LOSSY_RANGE_START &&
+               real_data[0] < (PACKET_ID_LOSSY_RANGE_START + PACKET_ID_LOSSY_RANGE_SIZE)) {
+
+        if (conn->connection_lossy_data_callback)
+            conn->connection_lossy_data_callback(conn->connection_lossy_data_callback_object,
+                                                 conn->connection_lossy_data_callback_id, real_data, real_length);
+
+        set_buffer_end(&conn->recv_array, num);
+    } else {
+        return -1;
+    }
+
+    return 0;
+}
+
+/* Handle a packet that was received for the connection.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int handle_packet_connection(Net_Crypto *c, int crypt_connection_id, const uint8_t *packet, uint16_t length)
+{
+    if (length == 0 || length > MAX_CRYPTO_PACKET_SIZE)
+        return -1;
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    switch (packet[0]) {
+        case NET_PACKET_COOKIE_RESPONSE: {
+            if (conn->status != CRYPTO_CONN_COOKIE_REQUESTING)
+                return -1;
+
+            uint8_t cookie[COOKIE_LENGTH];
+            uint64_t number;
+
+            if (handle_cookie_response(cookie, &number, packet, length, conn->shared_key) != sizeof(cookie))
+                return -1;
+
+            if (number != conn->cookie_request_number)
+                return -1;
+
+            if (create_send_handshake(c, crypt_connection_id, cookie, conn->dht_public_key) != 0)
+                return -1;
+
+            conn->status = CRYPTO_CONN_HANDSHAKE_SENT;
+            return 0;
+        }
+
+        case NET_PACKET_CRYPTO_HS: {
+            if (conn->status == CRYPTO_CONN_COOKIE_REQUESTING || conn->status == CRYPTO_CONN_HANDSHAKE_SENT
+                    || conn->status == CRYPTO_CONN_NOT_CONFIRMED) {
+                uint8_t peer_real_pk[crypto_box_PUBLICKEYBYTES];
+                uint8_t dht_public_key[crypto_box_PUBLICKEYBYTES];
+                uint8_t cookie[COOKIE_LENGTH];
+
+                if (handle_crypto_handshake(c, conn->recv_nonce, conn->peersessionpublic_key, peer_real_pk, dht_public_key, cookie,
+                                            packet, length, conn->public_key) != 0)
+                    return -1;
+
+                encrypt_precompute(conn->peersessionpublic_key, conn->sessionsecret_key, conn->shared_key);
+
+                if (conn->status == CRYPTO_CONN_COOKIE_REQUESTING) {
+                    if (create_send_handshake(c, crypt_connection_id, cookie, dht_public_key) != 0)
+                        return -1;
+                }
+
+                conn->status = CRYPTO_CONN_NOT_CONFIRMED;
+                /* Status needs to be CRYPTO_CONN_NOT_CONFIRMED for this to work. */
+                set_connection_dht_public_key(c, crypt_connection_id, dht_public_key, current_time_monotonic());
+            } else {
+                return -1;
+            }
+
+            return 0;
+        }
+
+        case NET_PACKET_CRYPTO_DATA: {
+            if (conn->status == CRYPTO_CONN_NOT_CONFIRMED || conn->status == CRYPTO_CONN_ESTABLISHED) {
+                return handle_data_packet_helper(c, crypt_connection_id, packet, length);
+            } else {
+                return -1;
+            }
+
+            return 0;
+        }
+
+        default: {
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+/* Set the size of the friend list to numfriends.
+ *
+ *  return -1 if realloc fails.
+ *  return 0 if it succeeds.
+ */
+static int realloc_cryptoconnection(Net_Crypto *c, uint32_t num)
+{
+    if (num == 0) {
+        free(c->crypto_connections);
+        c->crypto_connections = NULL;
+        return 0;
+    }
+
+    Crypto_Connection *newcrypto_connections = realloc(c->crypto_connections, num * sizeof(Crypto_Connection));
+
+    if (newcrypto_connections == NULL)
+        return -1;
+
+    c->crypto_connections = newcrypto_connections;
+    return 0;
+}
+
+
+/* Create a new empty crypto connection.
+ *
+ * return -1 on failure.
+ * return connection id on success.
+ */
+static int create_crypto_connection(Net_Crypto *c)
+{
+    uint32_t i;
+
+    for (i = 0; i < c->crypto_connections_length; ++i) {
+        if (c->crypto_connections[i].status == CRYPTO_CONN_NO_CONNECTION)
+            return i;
+    }
+
+    while (1) { /* TODO: is this really the best way to do this? */
+        pthread_mutex_lock(&c->connections_mutex);
+
+        if (!c->connection_use_counter) {
+            break;
+        }
+
+        pthread_mutex_unlock(&c->connections_mutex);
+    }
+
+    int id = -1;
+
+    if (realloc_cryptoconnection(c, c->crypto_connections_length + 1) == 0) {
+        memset(&(c->crypto_connections[c->crypto_connections_length]), 0, sizeof(Crypto_Connection));
+        id = c->crypto_connections_length;
+        pthread_mutex_init(&c->crypto_connections[id].mutex, NULL);
+        ++c->crypto_connections_length;
+    }
+
+    pthread_mutex_unlock(&c->connections_mutex);
+    return id;
+}
+
+/* Wipe a crypto connection.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int wipe_crypto_connection(Net_Crypto *c, int crypt_connection_id)
+{
+    if (crypt_connection_id_not_valid(c, crypt_connection_id))
+        return -1;
+
+    uint32_t i;
+    pthread_mutex_destroy(&c->crypto_connections[crypt_connection_id].mutex);
+    memset(&(c->crypto_connections[crypt_connection_id]), 0 , sizeof(Crypto_Connection));
+
+    for (i = c->crypto_connections_length; i != 0; --i) {
+        if (c->crypto_connections[i - 1].status != CRYPTO_CONN_NO_CONNECTION)
+            break;
+    }
+
+    if (c->crypto_connections_length != i) {
+        c->crypto_connections_length = i;
+        realloc_cryptoconnection(c, c->crypto_connections_length);
+    }
+
+    return 0;
+}
+
+/* Get crypto connection id from public key of peer.
+ *
+ *  return -1 if there are no connections like we are looking for.
+ *  return id if it found it.
+ */
+static int getcryptconnection_id(const Net_Crypto *c, const uint8_t *public_key)
+{
+    uint32_t i;
+
+    for (i = 0; i < c->crypto_connections_length; ++i) {
+        if (c->crypto_connections[i].status != CRYPTO_CONN_NO_CONNECTION)
+            if (memcmp(public_key, c->crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0)
+                return i;
+    }
+
+    return -1;
+}
+
+/* Get crypto connection id from public key of peer.
+ *
+ *  return -1 if there are no connections like we are looking for.
+ *  return id if it found it.
+ */
+static int getcryptconnection_id_dht_pubkey(const Net_Crypto *c, const uint8_t *dht_public_key)
+{
+    uint32_t i;
+
+    for (i = 0; i < c->crypto_connections_length; ++i) {
+        if (c->crypto_connections[i].status != CRYPTO_CONN_NO_CONNECTION && c->crypto_connections[i].dht_public_key_set)
+            if (memcmp(dht_public_key, c->crypto_connections[i].dht_public_key, crypto_box_PUBLICKEYBYTES) == 0)
+                return i;
+    }
+
+    return -1;
+}
+
+/* Add a source to the crypto connection.
+ * This is to be used only when we have received a packet from that source.
+ *
+ *  return -1 on failure.
+ *  return positive number on success.
+ *  0 if source was a direct UDP connection.
+ *  TODO
+ */
+static int crypto_connection_add_source(Net_Crypto *c, int crypt_connection_id, IP_Port source)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    if (source.ip.family == AF_INET || source.ip.family == AF_INET6) {
+        if (!ipport_equal(&source, &conn->ip_port)) {
+            if (!bs_list_add(&c->ip_port_list, &source, crypt_connection_id))
+                return -1;
+
+            bs_list_remove(&c->ip_port_list, &conn->ip_port, crypt_connection_id);
+            conn->ip_port = source;
+        }
+
+        conn->direct_lastrecv_time = current_time_monotonic();
+        return 0;
+    }
+
+    return -1;
+}
+
+
+/* Set function to be called when someone requests a new connection to us.
+ *
+ * The set function should return -1 on failure and 0 on success.
+ *
+ * n_c is only valid for the duration of the function call.
+ */
+void new_connection_handler(Net_Crypto *c, int (*new_connection_callback)(void *object, New_Connection *n_c),
+                            void *object)
+{
+    c->new_connection_callback = new_connection_callback;
+    c->new_connection_callback_object = object;
+}
+
+/* Handle a handshake packet by someone who wants to initiate a new connection with us.
+ * This calls the callback set by new_connection_handler() if the handshake is ok.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int handle_new_connection_handshake(Net_Crypto *c, IP_Port source, const uint8_t *data, uint16_t length)
+{
+    New_Connection n_c;
+    n_c.cookie = malloc(COOKIE_LENGTH);
+
+    if (n_c.cookie == NULL)
+        return -1;
+
+    n_c.source = source;
+    n_c.cookie_length = COOKIE_LENGTH;
+
+    if (handle_crypto_handshake(c, n_c.recv_nonce, n_c.peersessionpublic_key, n_c.public_key, n_c.dht_public_key,
+                                n_c.cookie, data, length, 0) != 0) {
+        free(n_c.cookie);
+        return -1;
+    }
+
+    int crypt_connection_id = getcryptconnection_id(c, n_c.public_key);
+
+    if (crypt_connection_id != -1) {
+        int ret = -1;
+        Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+        if (conn != 0 && (conn->status == CRYPTO_CONN_COOKIE_REQUESTING || conn->status == CRYPTO_CONN_HANDSHAKE_SENT)) {
+            memcpy(conn->recv_nonce, n_c.recv_nonce, crypto_box_NONCEBYTES);
+            memcpy(conn->peersessionpublic_key, n_c.peersessionpublic_key, crypto_box_PUBLICKEYBYTES);
+            encrypt_precompute(conn->peersessionpublic_key, conn->sessionsecret_key, conn->shared_key);
+
+            crypto_connection_add_source(c, crypt_connection_id, source);
+
+            if (create_send_handshake(c, crypt_connection_id, n_c.cookie, n_c.dht_public_key) == 0) {
+                conn->status = CRYPTO_CONN_NOT_CONFIRMED;
+                /* Status needs to be CRYPTO_CONN_NOT_CONFIRMED for this to work. */
+                set_connection_dht_public_key(c, crypt_connection_id, n_c.dht_public_key, current_time_monotonic());
+                ret = 0;
+            }
+        }
+
+        free(n_c.cookie);
+        return ret;
+    }
+
+    int ret = c->new_connection_callback(c->new_connection_callback_object, &n_c);
+    free(n_c.cookie);
+    return ret;
+}
+
+/* Accept a crypto connection.
+ *
+ * return -1 on failure.
+ * return connection id on success.
+ */
+int accept_crypto_connection(Net_Crypto *c, New_Connection *n_c)
+{
+    if (getcryptconnection_id(c, n_c->public_key) != -1)
+        return -1;
+
+    int crypt_connection_id = create_crypto_connection(c);
+
+    if (crypt_connection_id == -1)
+        return -1;
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    memcpy(conn->public_key, n_c->public_key, crypto_box_PUBLICKEYBYTES);
+    memcpy(conn->recv_nonce, n_c->recv_nonce, crypto_box_NONCEBYTES);
+    memcpy(conn->peersessionpublic_key, n_c->peersessionpublic_key, crypto_box_PUBLICKEYBYTES);
+    random_nonce(conn->sent_nonce);
+    crypto_box_keypair(conn->sessionpublic_key, conn->sessionsecret_key);
+    encrypt_precompute(conn->peersessionpublic_key, conn->sessionsecret_key, conn->shared_key);
+
+    if (n_c->cookie_length != COOKIE_LENGTH)
+        return -1;
+
+    if (create_send_handshake(c, crypt_connection_id, n_c->cookie, n_c->dht_public_key) != 0)
+        return -1;
+
+    conn->status = CRYPTO_CONN_NOT_CONFIRMED;
+    /* Status needs to be CRYPTO_CONN_NOT_CONFIRMED for this to work. */
+    set_connection_dht_public_key(c, crypt_connection_id, n_c->dht_public_key, current_time_monotonic());
+    conn->packet_send_rate = CRYPTO_PACKET_MIN_RATE;
+    conn->packets_left = CRYPTO_MIN_QUEUE_LENGTH;
+    crypto_connection_add_source(c, crypt_connection_id, n_c->source);
+    return crypt_connection_id;
+}
+
+/* Create a crypto connection.
+ * If one to that real public key already exists, return it.
+ *
+ * return -1 on failure.
+ * return connection id on success.
+ */
+int new_crypto_connection(Net_Crypto *c, const uint8_t *real_public_key)
+{
+    int crypt_connection_id = getcryptconnection_id(c, real_public_key);
+
+    if (crypt_connection_id != -1)
+        return crypt_connection_id;
+
+    crypt_connection_id = create_crypto_connection(c);
+
+    if (crypt_connection_id == -1)
+        return -1;
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    memcpy(conn->public_key, real_public_key, crypto_box_PUBLICKEYBYTES);
+    random_nonce(conn->sent_nonce);
+    crypto_box_keypair(conn->sessionpublic_key, conn->sessionsecret_key);
+    conn->status = CRYPTO_CONN_COOKIE_REQUESTING;
+    conn->packet_send_rate = CRYPTO_PACKET_MIN_RATE;
+    conn->packets_left = CRYPTO_MIN_QUEUE_LENGTH;
+    return crypt_connection_id;
+}
+
+/* Disconnect peer from all associated TCP connections.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int disconnect_peer_tcp(Net_Crypto *c, int crypt_connection_id)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    uint32_t i;
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (conn->status_tcp[i] != STATUS_TCP_NULL) {
+            pthread_mutex_lock(&c->tcp_mutex);
+            send_disconnect_request(c->tcp_connections[i], conn->con_number_tcp[i]);
+            conn->status_tcp[i] = STATUS_TCP_NULL;
+            conn->con_number_tcp[i] = 0;
+            pthread_mutex_unlock(&c->tcp_mutex);
+        }
+    }
+
+    return 0;
+}
+
+/* Connect peer to all associated TCP connections.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int connect_peer_tcp(Net_Crypto *c, int crypt_connection_id)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    uint32_t i;
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (c->tcp_connections[i] == NULL)
+            continue;
+
+        pthread_mutex_lock(&c->tcp_mutex);
+        //TODO check function return?
+        send_routing_request(c->tcp_connections[i], conn->dht_public_key);
+        pthread_mutex_unlock(&c->tcp_mutex);
+    }
+
+    return 0;
+}
+
+/* Copy friends DHT public key into dht_key.
+ *
+ * return 0 on failure (no key copied).
+ * return timestamp on success (key copied).
+ */
+uint64_t get_connection_dht_key(const Net_Crypto *c, int crypt_connection_id, uint8_t *dht_public_key)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return 0;
+
+    if (conn->dht_public_key_set == 0)
+        return 0;
+
+    memcpy(dht_public_key, conn->dht_public_key, crypto_box_PUBLICKEYBYTES);
+    return conn->dht_public_key_timestamp;
+}
+
+
+/* Set the DHT public key of the crypto connection.
+ * timestamp is the time (current_time_monotonic()) at which the key was last confirmed belonging to
+ * the other peer.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+int set_connection_dht_public_key(Net_Crypto *c, int crypt_connection_id, const uint8_t *dht_public_key,
+                                  uint64_t timestamp)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    if (timestamp <= conn->dht_public_key_timestamp)
+        return -1;
+
+    if (conn->dht_public_key_set == 1 && memcmp(conn->dht_public_key, dht_public_key, crypto_box_PUBLICKEYBYTES) == 0)
+        return -1;
+
+    if (conn->dht_public_key_set == 1) {
+        disconnect_peer_tcp(c, crypt_connection_id);
+    }
+
+    memcpy(conn->dht_public_key, dht_public_key, crypto_box_PUBLICKEYBYTES);
+    conn->dht_public_key_set = 1;
+    conn->dht_public_key_timestamp = timestamp;
+
+    if (conn->status == CRYPTO_CONN_COOKIE_REQUESTING) {
+        conn->cookie_request_number = random_64b();
+        uint8_t cookie_request[COOKIE_REQUEST_LENGTH];
+
+        if (create_cookie_request(c, cookie_request, conn->dht_public_key, conn->cookie_request_number,
+                                  conn->shared_key) != sizeof(cookie_request))
+            return -1;
+
+        if (new_temp_packet(c, crypt_connection_id, cookie_request, sizeof(cookie_request)) != 0)
+            return -1;
+    }//TODO
+
+    connect_peer_tcp(c, crypt_connection_id);
+    return 0;
+}
+
+/* Set the direct ip of the crypto connection.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+int set_direct_ip_port(Net_Crypto *c, int crypt_connection_id, IP_Port ip_port)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    if (!ipport_equal(&ip_port, &conn->ip_port)) {
+        if (bs_list_add(&c->ip_port_list, &ip_port, crypt_connection_id)) {
+            bs_list_remove(&c->ip_port_list, &conn->ip_port, crypt_connection_id);
+            conn->ip_port = ip_port;
+            conn->direct_lastrecv_time = 0;
+            return 0;
+        }
+    }
+
+    return -1;
+}
+
+static int tcp_response_callback(void *object, uint8_t connection_id, const uint8_t *public_key)
+{
+    TCP_Client_Connection *TCP_con = object;
+    Net_Crypto *c = TCP_con->net_crypto_pointer;
+
+    int crypt_connection_id = getcryptconnection_id_dht_pubkey(c, public_key);
+
+    if (crypt_connection_id == -1)
+        return -1;
+
+    set_tcp_connection_number(TCP_con, connection_id, crypt_connection_id);
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    uint32_t location = TCP_con->net_crypto_location;
+
+    if (location >= MAX_TCP_CONNECTIONS)
+        return -1;
+
+    if (c->tcp_connections[location] != TCP_con)
+        return -1;
+
+    conn->con_number_tcp[location] = connection_id;
+    uint32_t i;
+
+    for (i = 0; i < conn->num_tcp_relays; ++i) {
+        if (memcmp(TCP_con->public_key, conn->tcp_relays[i].client_id, crypto_box_PUBLICKEYBYTES) == 0) {
+            conn->status_tcp[location] = STATUS_TCP_INVISIBLE;
+            return 0;
+        }
+    }
+
+    conn->status_tcp[location] = STATUS_TCP_OFFLINE;
+    return 0;
+}
+
+static int tcp_status_callback(void *object, uint32_t number, uint8_t connection_id, uint8_t status)
+{
+    TCP_Client_Connection *TCP_con = object;
+    Net_Crypto *c = TCP_con->net_crypto_pointer;
+
+    Crypto_Connection *conn = get_crypto_connection(c, number);
+
+    if (conn == 0)
+        return -1;
+
+    uint32_t location = TCP_con->net_crypto_location;
+
+    if (location >= MAX_TCP_CONNECTIONS)
+        return -1;
+
+    if (c->tcp_connections[location] != TCP_con)
+        return -1;
+
+    if (status == 1) {
+        conn->status_tcp[location] = STATUS_TCP_OFFLINE;
+    } else if (status == 2) {
+        conn->status_tcp[location] = STATUS_TCP_ONLINE;
+    }
+
+    conn->con_number_tcp[location] = connection_id;
+    return 0;
+}
+
+static int tcp_data_callback(void *object, uint32_t number, uint8_t connection_id, const uint8_t *data, uint16_t length)
+{
+
+    if (length == 0)
+        return -1;
+
+    TCP_Client_Connection *TCP_con = object;
+    Net_Crypto *c = TCP_con->net_crypto_pointer;
+
+    if (data[0] == NET_PACKET_COOKIE_REQUEST) {
+        return tcp_handle_cookie_request(c, TCP_con, connection_id, data, length);
+    }
+
+    Crypto_Connection *conn = get_crypto_connection(c, number);
+
+    if (conn == 0)
+        return -1;
+
+    if (handle_packet_connection(c, number, data, length) != 0)
+        return -1;
+
+    //TODO detect and kill bad TCP connections.
+    return 0;
+}
+
+static int tcp_oob_callback(void *object, const uint8_t *public_key, const uint8_t *data, uint16_t length)
+{
+    if (length == 0 || length > MAX_CRYPTO_PACKET_SIZE)
+        return -1;
+
+    TCP_Client_Connection *TCP_con = object;
+    Net_Crypto *c = TCP_con->net_crypto_pointer;
+    uint32_t location = TCP_con->net_crypto_location;
+
+    if (data[0] == NET_PACKET_COOKIE_REQUEST) {
+        return tcp_oob_handle_cookie_request(c, TCP_con, public_key, data, length);
+    }
+
+    int crypt_connection_id = getcryptconnection_id_dht_pubkey(c, public_key);
+
+    if (crypt_connection_id == -1) {
+        IP_Port source;
+        source.ip.family = TCP_FAMILY;
+        source.ip.ip6.uint32[0] = location;
+
+        if (data[0] != NET_PACKET_CRYPTO_HS) {
+            LOGGER_DEBUG("tcp snhappen %u\n", data[0]);
+            return -1;
+        }
+
+        if (handle_new_connection_handshake(c, source, data, length) != 0)
+            return -1;
+
+        return 0;
+    }
+
+    if (handle_packet_connection(c, crypt_connection_id, data, length) != 0)
+        return -1;
+
+    return 0;
+}
+
+static int tcp_onion_callback(void *object, const uint8_t *data, uint16_t length)
+{
+    Net_Crypto *c = object;
+
+    if (c->tcp_onion_callback)
+        return c->tcp_onion_callback(c->tcp_onion_callback_object, data, length);
+
+    return 1;
+}
+
+
+/* Check if tcp connection to public key can be created.
+ *
+ * return -1 if it can't.
+ * return 0 if it can.
+ */
+static int tcp_connection_check(const Net_Crypto *c, const uint8_t *public_key)
+{
+    uint32_t i;
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (c->tcp_connections_new[i] == NULL)
+            continue;
+
+        if (memcmp(c->tcp_connections_new[i]->public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0)
+            return -1;
+    }
+
+    uint32_t num = 0;
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (c->tcp_connections[i] == NULL)
+            continue;
+
+        if (memcmp(c->tcp_connections[i]->public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0)
+            return -1;
+
+        ++num;
+    }
+
+    if (num == MAX_TCP_CONNECTIONS)
+        return -1;
+
+    return 0;
+}
+
+/* Add a tcp relay, associating it to a crypt_connection_id.
+ *
+ * return 0 if it was added.
+ * return -1 if it wasn't.
+ */
+int add_tcp_relay_peer(Net_Crypto *c, int crypt_connection_id, IP_Port ip_port, const uint8_t *public_key)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    if (ip_port.ip.family == TCP_INET) {
+        ip_port.ip.family = AF_INET;
+    } else if (ip_port.ip.family == TCP_INET6) {
+        ip_port.ip.family = AF_INET6;
+    }
+
+    if (ip_port.ip.family != AF_INET && ip_port.ip.family != AF_INET6)
+        return -1;
+
+    uint32_t i;
+
+    for (i = 0; i < conn->num_tcp_relays; ++i) {
+        if (memcmp(conn->tcp_relays[i].client_id, public_key, crypto_box_PUBLICKEYBYTES) == 0) {
+            conn->tcp_relays[i].ip_port = ip_port;
+            return 0;
+        }
+    }
+
+    if (conn->num_tcp_relays == MAX_TCP_RELAYS_PEER) {
+        uint16_t index = rand() % MAX_TCP_RELAYS_PEER;
+        conn->tcp_relays[index].ip_port = ip_port;
+        memcpy(conn->tcp_relays[index].client_id, public_key, crypto_box_PUBLICKEYBYTES);
+    } else {
+        conn->tcp_relays[conn->num_tcp_relays].ip_port = ip_port;
+        memcpy(conn->tcp_relays[conn->num_tcp_relays].client_id, public_key, crypto_box_PUBLICKEYBYTES);
+        ++conn->num_tcp_relays;
+    }
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (c->tcp_connections[i] == NULL)
+            continue;
+
+        if (memcmp(c->tcp_connections[i]->public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) {
+            if (conn->status_tcp[i] == STATUS_TCP_OFFLINE)
+                conn->status_tcp[i] = STATUS_TCP_INVISIBLE;
+        }
+    }
+
+    return add_tcp_relay(c, ip_port, public_key);
+}
+
+/* Add a tcp relay to the array.
+ *
+ * return 0 if it was added.
+ * return -1 if it wasn't.
+ */
+int add_tcp_relay(Net_Crypto *c, IP_Port ip_port, const uint8_t *public_key)
+{
+    if (ip_port.ip.family == TCP_INET) {
+        ip_port.ip.family = AF_INET;
+    } else if (ip_port.ip.family == TCP_INET6) {
+        ip_port.ip.family = AF_INET6;
+    }
+
+    if (ip_port.ip.family != AF_INET && ip_port.ip.family != AF_INET6)
+        return -1;
+
+    if (tcp_connection_check(c, public_key) != 0)
+        return -1;
+
+    uint32_t i;
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (c->tcp_connections_new[i] == NULL) {
+            if (c->proxy_set) {
+                c->tcp_connections_new[i] = new_TCP_connection(ip_port, public_key, c->dht->self_public_key, c->dht->self_secret_key,
+                                            &c->proxy_info);
+            } else {
+                c->tcp_connections_new[i] = new_TCP_connection(ip_port, public_key, c->dht->self_public_key, c->dht->self_secret_key,
+                                            0);
+            }
+
+            return 0;
+        }
+    }
+
+    return -1;
+}
+
+/* Send an onion packet via a random connected TCP relay.
+ *
+ * return 0 on success.
+ * return -1 on failure.
+ */
+int send_tcp_onion_request(Net_Crypto *c, const uint8_t *data, uint16_t length)
+{
+    unsigned int i, r = rand();
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (c->tcp_connections[(i + r) % MAX_TCP_CONNECTIONS]) {
+            pthread_mutex_lock(&c->tcp_mutex);
+            int ret = send_onion_request(c->tcp_connections[(i + r) % MAX_TCP_CONNECTIONS], data, length);
+            pthread_mutex_unlock(&c->tcp_mutex);
+
+            if (ret == 1)
+                return 0;
+        }
+    }
+
+    return -1;
+}
+
+/* Set the function to be called when an onion response packet is received by one of the TCP connections.
+ */
+void tcp_onion_response_handler(Net_Crypto *c, int (*tcp_onion_callback)(void *object, const uint8_t *data,
+                                uint16_t length), void *object)
+{
+    c->tcp_onion_callback = tcp_onion_callback;
+    c->tcp_onion_callback_object = object;
+}
+
+/* Copy a maximum of num TCP relays we are connected to to tcp_relays.
+ * NOTE that the family of the copied ip ports will be set to TCP_INET or TCP_INET6.
+ *
+ * return number of relays copied to tcp_relays on success.
+ * return 0 on failure.
+ */
+unsigned int copy_connected_tcp_relays(const Net_Crypto *c, Node_format *tcp_relays, uint16_t num)
+{
+    if (num == 0)
+        return 0;
+
+    uint32_t i;
+    uint16_t copied = 0;
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (c->tcp_connections[i] != NULL) {
+            memcpy(tcp_relays[copied].client_id, c->tcp_connections[i]->public_key, crypto_box_PUBLICKEYBYTES);
+            tcp_relays[copied].ip_port = c->tcp_connections[i]->ip_port;
+
+            if (tcp_relays[copied].ip_port.ip.family == AF_INET) {
+                tcp_relays[copied].ip_port.ip.family = TCP_INET;
+            } else if (tcp_relays[copied].ip_port.ip.family == AF_INET6) {
+                tcp_relays[copied].ip_port.ip.family = TCP_INET6;
+            }
+
+            ++copied;
+
+            if (copied == num)
+                return copied;
+        }
+    }
+
+    return copied;
+}
+
+/* Add a connected tcp connection to the tcp_connections array.
+ *
+ * return 0 if it was added.
+ * return -1 if it wasn't.
+ */
+static int add_tcp_connected(Net_Crypto *c, TCP_Client_Connection *tcp_con)
+{
+    uint32_t i;
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (c->tcp_connections[i] == NULL)
+            break;
+    }
+
+    if (i == MAX_TCP_CONNECTIONS)
+        return -1;
+
+    uint32_t tcp_num = i;
+
+    for (i = 0; i < c->crypto_connections_length; ++i) {
+        Crypto_Connection *conn = get_crypto_connection(c, i);
+
+        if (conn == 0)
+            return -1;
+
+        if (conn->status == CRYPTO_CONN_NO_CONNECTION)
+            continue;
+
+        if (conn->status == CRYPTO_CONN_TIMED_OUT)
+            continue;
+
+        if (conn->dht_public_key_set)
+            if (send_routing_request(tcp_con, conn->dht_public_key) != 1)
+                return -1;
+
+    }
+
+    tcp_con->net_crypto_pointer = c;
+    tcp_con->net_crypto_location = tcp_num;
+    routing_response_handler(tcp_con, tcp_response_callback, tcp_con);
+    routing_status_handler(tcp_con, tcp_status_callback, tcp_con);
+    routing_data_handler(tcp_con, tcp_data_callback, tcp_con);
+    oob_data_handler(tcp_con, tcp_oob_callback, tcp_con);
+    onion_response_handler(tcp_con, tcp_onion_callback, c);
+    c->tcp_connections[tcp_num] = tcp_con;
+    return 0;
+}
+
+static void do_tcp(Net_Crypto *c)
+{
+    uint32_t i;
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (c->tcp_connections_new[i] == NULL)
+            continue;
+
+        do_TCP_connection(c->tcp_connections_new[i]);
+
+        if (c->tcp_connections_new[i]->status == TCP_CLIENT_CONFIRMED) {
+            pthread_mutex_lock(&c->tcp_mutex);
+            int ret = add_tcp_connected(c, c->tcp_connections_new[i]);
+            pthread_mutex_unlock(&c->tcp_mutex);
+
+            if (ret == 0) {
+                c->tcp_connections_new[i] = NULL;
+            } else {
+                kill_TCP_connection(c->tcp_connections_new[i]);
+                c->tcp_connections_new[i] = NULL;
+            }
+        }
+    }
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (c->tcp_connections[i] == NULL)
+            continue;
+
+        pthread_mutex_lock(&c->tcp_mutex);
+        do_TCP_connection(c->tcp_connections[i]);
+        pthread_mutex_unlock(&c->tcp_mutex);
+    }
+}
+
+static void clear_disconnected_tcp_peer(Crypto_Connection *conn, uint32_t number)
+{
+    if (conn->status == CRYPTO_CONN_NO_CONNECTION)
+        return;
+
+    if (number >= MAX_TCP_CONNECTIONS)
+        return;
+
+    conn->status_tcp[number] = STATUS_TCP_NULL;
+    conn->con_number_tcp[number] = 0;
+}
+
+static void clear_disconnected_tcp(Net_Crypto *c)
+{
+    uint32_t i, j;
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (c->tcp_connections_new[i] == NULL)
+            continue;
+
+        if (c->tcp_connections_new[i]->status != TCP_CLIENT_DISCONNECTED)
+            continue;
+
+        kill_TCP_connection(c->tcp_connections_new[i]);
+        c->tcp_connections_new[i] = NULL;
+    }
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        if (c->tcp_connections[i] == NULL)
+            continue;
+
+        TCP_Client_Connection *tcp_con = c->tcp_connections[i];
+
+        if (tcp_con->status != TCP_CLIENT_DISCONNECTED)
+            continue;
+
+        /* Try reconnecting to relay on disconnect. */
+        add_tcp_relay(c, tcp_con->ip_port, tcp_con->public_key);
+
+        pthread_mutex_lock(&c->tcp_mutex);
+        c->tcp_connections[i] = NULL;
+        kill_TCP_connection(tcp_con);
+
+        for (j = 0; j < c->crypto_connections_length; ++j) {
+            Crypto_Connection *conn = get_crypto_connection(c, j);
+
+            if (conn == 0)
+                continue;
+
+            clear_disconnected_tcp_peer(conn, i);
+        }
+
+        pthread_mutex_unlock(&c->tcp_mutex);
+    }
+}
+
+/* Set function to be called when connection with crypt_connection_id goes connects/disconnects.
+ *
+ * The set function should return -1 on failure and 0 on success.
+ * Note that if this function is set, the connection will clear itself on disconnect.
+ * Object and id will be passed to this function untouched.
+ * status is 1 if the connection is going online, 0 if it is going offline.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+int connection_status_handler(const Net_Crypto *c, int crypt_connection_id,
+                              int (*connection_status_callback)(void *object, int id, uint8_t status), void *object, int id)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    conn->connection_status_callback = connection_status_callback;
+    conn->connection_status_callback_object = object;
+    conn->connection_status_callback_id = id;
+    return 0;
+}
+
+/* Set function to be called when connection with crypt_connection_id receives a data packet of length.
+ *
+ * The set function should return -1 on failure and 0 on success.
+ * Object and id will be passed to this function untouched.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+int connection_data_handler(const Net_Crypto *c, int crypt_connection_id, int (*connection_data_callback)(void *object,
+                            int id, uint8_t *data, uint16_t length), void *object, int id)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    conn->connection_data_callback = connection_data_callback;
+    conn->connection_data_callback_object = object;
+    conn->connection_data_callback_id = id;
+    return 0;
+}
+
+/* Set function to be called when connection with crypt_connection_id receives a lossy data packet of length.
+ *
+ * The set function should return -1 on failure and 0 on success.
+ * Object and id will be passed to this function untouched.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+int connection_lossy_data_handler(Net_Crypto *c, int crypt_connection_id,
+                                  int (*connection_lossy_data_callback)(void *object, int id, const uint8_t *data, uint16_t length), void *object, int id)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    conn->connection_lossy_data_callback = connection_lossy_data_callback;
+    conn->connection_lossy_data_callback_object = object;
+    conn->connection_lossy_data_callback_id = id;
+    return 0;
+}
+
+/* Get the crypto connection id from the ip_port.
+ *
+ * return -1 on failure.
+ * return connection id on success.
+ */
+static int crypto_id_ip_port(const Net_Crypto *c, IP_Port ip_port)
+{
+    return bs_list_find(&c->ip_port_list, &ip_port);
+}
+
+#define CRYPTO_MIN_PACKET_SIZE (1 + sizeof(uint16_t) + crypto_box_MACBYTES)
+
+/* Handle raw UDP packets coming directly from the socket.
+ *
+ * Handles:
+ * Cookie response packets.
+ * Crypto handshake packets.
+ * Crypto data packets.
+ *
+ */
+static int udp_handle_packet(void *object, IP_Port source, const uint8_t *packet, uint32_t length)
+{
+    if (length <= CRYPTO_MIN_PACKET_SIZE || length > MAX_CRYPTO_PACKET_SIZE)
+        return 1;
+
+    Net_Crypto *c = object;
+    int crypt_connection_id = crypto_id_ip_port(c, source);
+
+    if (crypt_connection_id == -1) {
+        if (packet[0] != NET_PACKET_CRYPTO_HS)
+            return 1;
+
+        if (handle_new_connection_handshake(c, source, packet, length) != 0)
+            return 1;
+
+        return 0;
+    }
+
+    if (handle_packet_connection(c, crypt_connection_id, packet, length) != 0)
+        return 1;
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    conn->direct_lastrecv_time = current_time_monotonic();
+    return 0;
+}
+
+/* The dT for the average packet receiving rate calculations.
+   Also used as the */
+#define PACKET_COUNTER_AVERAGE_INTERVAL 100
+
+/* Ratio of recv queue size / recv packet rate (in seconds) times
+ * the number of ms between request packets to send at that ratio
+ */
+#define REQUEST_PACKETS_COMPARE_CONSTANT (0.5 * 100.0)
+static void send_crypto_packets(Net_Crypto *c)
+{
+    uint32_t i;
+    uint64_t temp_time = current_time_monotonic();
+    double total_send_rate = 0;
+    uint32_t peak_request_packet_interval = ~0;
+
+    for (i = 0; i < c->crypto_connections_length; ++i) {
+        Crypto_Connection *conn = get_crypto_connection(c, i);
+
+        if (conn == 0)
+            return;
+
+        if (CRYPTO_SEND_PACKET_INTERVAL + conn->temp_packet_sent_time < temp_time) {
+            send_temp_packet(c, i);
+        }
+
+        if ((conn->status == CRYPTO_CONN_NOT_CONFIRMED || conn->status == CRYPTO_CONN_ESTABLISHED)
+                && (CRYPTO_SEND_PACKET_INTERVAL + conn->last_request_packet_sent) < temp_time) {
+            if (send_request_packet(c, i) == 0) {
+                conn->last_request_packet_sent = temp_time;
+            }
+
+        }
+
+        if (conn->status == CRYPTO_CONN_ESTABLISHED) {
+            if (conn->packet_recv_rate > CRYPTO_PACKET_MIN_RATE) {
+                double request_packet_interval = (REQUEST_PACKETS_COMPARE_CONSTANT / (((double)num_packets_array(
+                                                      &conn->recv_array) + 1.0) / (conn->packet_recv_rate + 1.0)));
+
+                if (temp_time - conn->last_request_packet_sent > (uint64_t)request_packet_interval) {
+                    if (send_request_packet(c, i) == 0) {
+                        conn->last_request_packet_sent = temp_time;
+                    }
+                }
+
+                if (request_packet_interval < peak_request_packet_interval) {
+                    peak_request_packet_interval = request_packet_interval;
+                }
+            }
+
+            if ((PACKET_COUNTER_AVERAGE_INTERVAL + conn->packet_counter_set) < temp_time) {
+
+                double dt = temp_time - conn->packet_counter_set;
+
+                conn->packet_recv_rate = (double)conn->packet_counter / (dt / 1000.0);
+                conn->packet_counter = 0;
+                conn->packet_counter_set = temp_time;
+
+                uint32_t packets_sent = conn->packets_sent;
+                conn->packets_sent = 0;
+
+                /* conjestion control
+                    calculate a new value of conn->packet_send_rate based on some data
+                 */
+
+                unsigned int pos = conn->last_sendqueue_counter % CONGESTION_QUEUE_ARRAY_SIZE;
+                conn->last_sendqueue_size[pos] = num_packets_array(&conn->send_array);
+                ++conn->last_sendqueue_counter;
+
+                unsigned int j;
+                long signed int sum = 0;
+                sum = (long signed int)conn->last_sendqueue_size[(pos) % CONGESTION_QUEUE_ARRAY_SIZE] -
+                      (long signed int)conn->last_sendqueue_size[(pos - (CONGESTION_QUEUE_ARRAY_SIZE - 1)) % CONGESTION_QUEUE_ARRAY_SIZE];
+
+                conn->last_num_packets_sent[pos] = packets_sent;
+                long signed int total_sent = 0;
+
+                for (j = 0; j < CONGESTION_QUEUE_ARRAY_SIZE; ++j) {
+                    total_sent += conn->last_num_packets_sent[j];
+                }
+
+                total_sent -= sum;
+
+                double min_speed = 1000.0 * (((double)(total_sent)) / ((double)(CONGESTION_QUEUE_ARRAY_SIZE) *
+                                             PACKET_COUNTER_AVERAGE_INTERVAL));
+
+                conn->packet_send_rate = min_speed * 1.3;
+
+                if (conn->packet_send_rate < CRYPTO_PACKET_MIN_RATE) {
+                    conn->packet_send_rate = CRYPTO_PACKET_MIN_RATE;
+                }
+
+            }
+
+            if (conn->last_packets_left_set == 0) {
+                conn->last_packets_left_set = temp_time;
+                conn->packets_left = CRYPTO_MIN_QUEUE_LENGTH;
+            } else if (((1000.0 / conn->packet_send_rate) + conn->last_packets_left_set) < temp_time) {
+                uint32_t num_packets = conn->packet_send_rate * ((double)(temp_time - conn->last_packets_left_set) / 1000.0) + 0.5;
+
+                if (conn->packets_left > num_packets * 4 + CRYPTO_MIN_QUEUE_LENGTH) {
+                    conn->packets_left = num_packets * 4 + CRYPTO_MIN_QUEUE_LENGTH;
+                } else {
+                    conn->packets_left += num_packets;
+                }
+
+                conn->last_packets_left_set = temp_time;
+            }
+
+            int ret = send_requested_packets(c, i, conn->packets_left);
+
+            if (ret != -1) {
+                conn->packets_left -= ret;
+            }
+
+            if (conn->packet_send_rate > CRYPTO_PACKET_MIN_RATE * 1.5) {
+                total_send_rate += conn->packet_send_rate;
+            }
+        }
+    }
+
+    c->current_sleep_time = ~0;
+    uint32_t sleep_time = peak_request_packet_interval;
+
+    if (c->current_sleep_time > sleep_time) {
+        c->current_sleep_time = sleep_time;
+    }
+
+    if (total_send_rate > CRYPTO_PACKET_MIN_RATE) {
+        sleep_time = (1000.0 / total_send_rate);
+
+        if (c->current_sleep_time > sleep_time) {
+            c->current_sleep_time = sleep_time + 1;
+        }
+    }
+
+    sleep_time = CRYPTO_SEND_PACKET_INTERVAL;
+
+    if (c->current_sleep_time > sleep_time) {
+        c->current_sleep_time = sleep_time;
+    }
+}
+
+
+/* returns the number of packet slots left in the sendbuffer.
+ * return 0 if failure.
+ */
+uint32_t crypto_num_free_sendqueue_slots(const Net_Crypto *c, int crypt_connection_id)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return 0;
+
+    return conn->packets_left;
+}
+
+/* Sends a lossless cryptopacket.
+ *
+ * return -1 if data could not be put in packet queue.
+ * return positive packet number if data was put into the queue.
+ *
+ * congestion_control: should congestion control apply to this packet?
+ */
+int64_t write_cryptpacket(Net_Crypto *c, int crypt_connection_id, const uint8_t *data, uint32_t length,
+                          uint8_t congestion_control)
+{
+    if (length == 0)
+        return -1;
+
+    if (data[0] < CRYPTO_RESERVED_PACKETS)
+        return -1;
+
+    if (data[0] >= PACKET_ID_LOSSY_RANGE_START)
+        return -1;
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    if (conn->status != CRYPTO_CONN_ESTABLISHED)
+        return -1;
+
+    if (congestion_control && conn->packets_left == 0)
+        return -1;
+
+    int64_t ret = send_lossless_packet(c, crypt_connection_id, data, length, congestion_control);
+
+    if (ret == -1)
+        return -1;
+
+    if (congestion_control) {
+        --conn->packets_left;
+        conn->packets_sent++;
+    }
+
+    return ret;
+}
+
+/* Check if packet_number was received by the other side.
+ *
+ * packet_number must be a valid packet number of a packet sent on this connection.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+int cryptpacket_received(Net_Crypto *c, int crypt_connection_id, uint32_t packet_number)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return -1;
+
+    uint32_t num = conn->send_array.buffer_end - conn->send_array.buffer_start;
+    uint32_t num1 = packet_number - conn->send_array.buffer_start;
+
+    if (num < num1) {
+        return 0;
+    } else {
+        return -1;
+    }
+}
+
+/* return -1 on failure.
+ * return 0 on success.
+ *
+ * Sends a lossy cryptopacket. (first byte must in the PACKET_ID_LOSSY_RANGE_*)
+ */
+int send_lossy_cryptpacket(Net_Crypto *c, int crypt_connection_id, const uint8_t *data, uint32_t length)
+{
+    if (length == 0 || length > MAX_CRYPTO_DATA_SIZE)
+        return -1;
+
+    if (data[0] < PACKET_ID_LOSSY_RANGE_START)
+        return -1;
+
+    if (data[0] >= (PACKET_ID_LOSSY_RANGE_START + PACKET_ID_LOSSY_RANGE_SIZE))
+        return -1;
+
+    pthread_mutex_lock(&c->connections_mutex);
+    ++c->connection_use_counter;
+    pthread_mutex_unlock(&c->connections_mutex);
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    int ret = -1;
+
+    if (conn) {
+        ret = send_data_packet_helper(c, crypt_connection_id, conn->recv_array.buffer_start, conn->send_array.buffer_end, data,
+                                      length);
+    }
+
+    pthread_mutex_lock(&c->connections_mutex);
+    --c->connection_use_counter;
+    pthread_mutex_unlock(&c->connections_mutex);
+
+    return ret;
+}
+
+/* Kill a crypto connection.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+int crypto_kill(Net_Crypto *c, int crypt_connection_id)
+{
+    while (1) { /* TODO: is this really the best way to do this? */
+        pthread_mutex_lock(&c->connections_mutex);
+
+        if (!c->connection_use_counter) {
+            break;
+        }
+
+        pthread_mutex_unlock(&c->connections_mutex);
+    }
+
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    int ret = -1;
+
+    if (conn) {
+        if (conn->status == CRYPTO_CONN_ESTABLISHED)
+            send_kill_packet(c, crypt_connection_id);
+
+        disconnect_peer_tcp(c, crypt_connection_id);
+        bs_list_remove(&c->ip_port_list, &conn->ip_port, crypt_connection_id);
+        ret = wipe_crypto_connection(c, crypt_connection_id);
+    }
+
+    pthread_mutex_unlock(&c->connections_mutex);
+
+    return ret;
+}
+
+/* return one of CRYPTO_CONN_* values indicating the state of the connection.
+ *
+ * sets direct_connected to 1 if connection connects directly to other, 0 if it isn't.
+ */
+unsigned int crypto_connection_status(const Net_Crypto *c, int crypt_connection_id, uint8_t *direct_connected)
+{
+    Crypto_Connection *conn = get_crypto_connection(c, crypt_connection_id);
+
+    if (conn == 0)
+        return CRYPTO_CONN_NO_CONNECTION;
+
+    *direct_connected = 0;
+
+    if ((UDP_DIRECT_TIMEOUT + conn->direct_lastrecv_time) > current_time_monotonic())
+        *direct_connected = 1;
+
+    return conn->status;
+}
+
+void new_keys(Net_Crypto *c)
+{
+    crypto_box_keypair(c->self_public_key, c->self_secret_key);
+}
+
+/* Save the public and private keys to the keys array.
+ * Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES.
+ */
+void save_keys(const Net_Crypto *c, uint8_t *keys)
+{
+    memcpy(keys, c->self_public_key, crypto_box_PUBLICKEYBYTES);
+    memcpy(keys + crypto_box_PUBLICKEYBYTES, c->self_secret_key, crypto_box_SECRETKEYBYTES);
+}
+
+/* Load the public and private keys from the keys array.
+ * Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES.
+ */
+void load_keys(Net_Crypto *c, const uint8_t *keys)
+{
+    memcpy(c->self_public_key, keys, crypto_box_PUBLICKEYBYTES);
+    memcpy(c->self_secret_key, keys + crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES);
+}
+
+/* Run this to (re)initialize net_crypto.
+ * Sets all the global connection variables to their default values.
+ */
+Net_Crypto *new_net_crypto(DHT *dht, TCP_Proxy_Info *proxy_info)
+{
+    unix_time_update();
+
+    if (dht == NULL)
+        return NULL;
+
+    Net_Crypto *temp = calloc(1, sizeof(Net_Crypto));
+
+    if (temp == NULL)
+        return NULL;
+
+    temp->dht = dht;
+
+    new_keys(temp);
+    new_symmetric_key(temp->secret_symmetric_key);
+
+    temp->current_sleep_time = CRYPTO_SEND_PACKET_INTERVAL;
+
+    networking_registerhandler(dht->net, NET_PACKET_COOKIE_REQUEST, &udp_handle_cookie_request, temp);
+    networking_registerhandler(dht->net, NET_PACKET_COOKIE_RESPONSE, &udp_handle_packet, temp);
+    networking_registerhandler(dht->net, NET_PACKET_CRYPTO_HS, &udp_handle_packet, temp);
+    networking_registerhandler(dht->net, NET_PACKET_CRYPTO_DATA, &udp_handle_packet, temp);
+
+    bs_list_init(&temp->ip_port_list, sizeof(IP_Port), 8);
+
+    pthread_mutexattr_t attr;
+    pthread_mutexattr_init(&attr);
+    pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE);
+    pthread_mutex_init(&temp->tcp_mutex, &attr);
+    pthread_mutex_init(&temp->connections_mutex, NULL);
+
+    if (proxy_info) {
+        temp->proxy_info = *proxy_info;
+        temp->proxy_set = 1;
+    }
+
+    return temp;
+}
+
+static void kill_timedout(Net_Crypto *c)
+{
+    uint32_t i;
+    //uint64_t temp_time = current_time_monotonic();
+
+    for (i = 0; i < c->crypto_connections_length; ++i) {
+        Crypto_Connection *conn = get_crypto_connection(c, i);
+
+        if (conn == 0)
+            return;
+
+        if (conn->status == CRYPTO_CONN_NO_CONNECTION || conn->status == CRYPTO_CONN_TIMED_OUT)
+            continue;
+
+        if (conn->status == CRYPTO_CONN_COOKIE_REQUESTING || conn->status == CRYPTO_CONN_HANDSHAKE_SENT
+                || conn->status == CRYPTO_CONN_NOT_CONFIRMED) {
+            if (conn->temp_packet_num_sent < MAX_NUM_SENDPACKET_TRIES)
+                continue;
+
+            conn->killed = 1;
+
+        }
+
+        if (conn->killed) {
+            if (conn->connection_status_callback) {
+                conn->connection_status_callback(conn->connection_status_callback_object, conn->connection_status_callback_id, 0);
+                crypto_kill(c, i);
+                continue;
+            }
+
+            conn->status = CRYPTO_CONN_TIMED_OUT;
+            continue;
+        }
+
+        if (conn->status == CRYPTO_CONN_ESTABLISHED) {
+            //TODO: add a timeout here?
+        }
+    }
+}
+
+/* return the optimal interval in ms for running do_net_crypto.
+ */
+uint32_t crypto_run_interval(const Net_Crypto *c)
+{
+    return c->current_sleep_time;
+}
+
+/* Main loop. */
+void do_net_crypto(Net_Crypto *c)
+{
+    unix_time_update();
+    kill_timedout(c);
+    do_tcp(c);
+    clear_disconnected_tcp(c);
+    send_crypto_packets(c);
+}
+
+void kill_net_crypto(Net_Crypto *c)
+{
+    uint32_t i;
+
+    for (i = 0; i < c->crypto_connections_length; ++i) {
+        crypto_kill(c, i);
+    }
+
+    for (i = 0; i < MAX_TCP_CONNECTIONS; ++i) {
+        kill_TCP_connection(c->tcp_connections_new[i]);
+        kill_TCP_connection(c->tcp_connections[i]);
+    }
+
+    pthread_mutex_destroy(&c->tcp_mutex);
+    pthread_mutex_destroy(&c->connections_mutex);
+
+    bs_list_free(&c->ip_port_list);
+    networking_registerhandler(c->dht->net, NET_PACKET_COOKIE_REQUEST, NULL, NULL);
+    networking_registerhandler(c->dht->net, NET_PACKET_COOKIE_RESPONSE, NULL, NULL);
+    networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_HS, NULL, NULL);
+    networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_DATA, NULL, NULL);
+    memset(c, 0, sizeof(Net_Crypto));
+    free(c);
+}