Updated manual

Updated changelog
Add channel window mode for slow links
2026-06-23 04:16:12 -07:00 · 2023-05-12 12:38:12 +02:00 · 2023-05-12 12:38:02 +02:00 · 2023-05-11 21:28:13 +02:00 · 2023-05-11 20:55:28 +02:00 · 2023-05-11 20:23:36 +02:00
160 changed files with 21615 additions and 5235 deletions
@@ -10,5 +10,6 @@ docs/build
 rns*.egg-info
 profile.data
 tests/rnsconfig/storage
+tests/rnsconfig/logfile
 *.data
 *.result
@@ -0,0 +1,767 @@
+### 2023-05-12: RNS β 0.5.2
+
+This maintenance release brings a number of bugfixes and improvements.
+
+**Important!** This release breaks backwards compatibility with `Channel` and `Buffer` for all previous releases, due to the addition of compression and windowing.
+
+**Changes**
+- Added ability to trust external signing keys to `rnodeconf`
+- Added basic windowing to `Channel` and `Buffer`, improving performance over faster links
+- Added per-packet compression to `Channel`
+- Added automatic multi-interface duplicate deque to AutoInterface
+- Fixed received link packet proofs not resetting link watchdog stale timer
+- Fixed a missing exception isolation of packet delivery callbacks
+- Fixed resent packets not getting repacked
+
+**Release Hashes**
+```
+f3b1e9cf39420ad74c2b5c81ad339fd2a548320c9f6925bad9b614feb4c9b9d7 rns-0.5.2-py3-none-any.whl
+8463f7365f179d02e7e4d4fe4afc69da4218ce40107305dfd06b9e6b29513e0f rnspure-0.5.2-py3-none-any.whl
+```
+
+### 2023-05-05: RNS β 0.5.1
+
+This maintenance release brings a number of bugfixes and improvements. Thanks to @VioletEternity, who contributed to this release!
+
+**Changes**
+- Removed dependency on netifaces module
+- Added ability to configure RNode display intensity to rnodeconf
+- Added preliminary rnodeconf flasher/autoinstaller support for T3 v1.0 boards
+- Fixed a bug that caused AutoInterface discovery scopes to fail
+- Fixed rnodeconf firmware extraction for unverifiable devices
+- Improved setting rnsd verbosity from command line
+- Improved support for shared instances on Windows
+- Improved rnodeconf support on Windows
+- Improved rnodeconf zip-file handling
+- Fixed a potentail race condition in announce queue handling for AutoInterface
+- Various minor bugfixes
+
+**Release Hashes**
+```
+01d76e03f93e427d9c0b95ab5d07e84ed39047e912b8afa6d619a65ac6b5e05b rns-0.5.1-py3-none-any.whl
+2cfe431bec1160410b80bbcbf87eb2ab0d5abe5c6546f41eaf3f0f5faf9b2140 rnspure-0.5.1-py3-none-any.whl
+```
+
+### 2023-03-08: RNS β 0.5.0
+
+This release brings two major new additions to the Reticulum API: The Channel and Buffer classes, that provides reliable delivery, and streams over Reticulum. Thanks to @acehoss, @erethon, @gdt and @faragher, who contributed to this release!
+
+**Changes**
+- Added the Buffer class to the API
+- Added the Channel class to the API
+- Improved error messages for offline RNode flashing
+- Improved RNode reconnection when serial device disappears
+- Fixed embedded scope identifier handling for AutoInterface on BSD
+- Fixed AutoInterface not ignoring lo0 on BSD
+- Fixed a bug causing JSON output from rnstatus to fail
+- Fixed invalid installation of test suite into root module path
+- Added EPUB version of the documentation
+- Updated documentation
+
+**Release Hashes**
+```
+0aaf8c0b0b58f07071de5ecd432f4d9cc176b9614419c828b81ad71aa7151624 rns-0.5.0-py3-none-any.whl
+f310a5192c2df7665339c5998ae13815a647283af75b95ad7acbee8c20989954 rnspure-0.5.0-py3-none-any.whl
+```
+
+### 2023-02-17: RNS β 0.4.9
+
+This maintenance release contains a number of bugfixes and minor improvements, along with a few additions to the API.
+
+**Changes**
+- Added JSON output mode to rnstatus
+- Added Link ID to response_generator callback
+- Added Link establishment rate calculation
+- Added get_establishment_rate call to Link API
+- Fixed a number of typos in programs and documentation
+- Fixed some broken links in documentation
+
+**Release Hashes**
+```
+b44eaed796dcd194bec7a541aaeeb1685b07b2ffce068ca268841e6a8661717f rns-0.4.9-py3-none-any.whl
+a15f965a27d208493485724486eb6bc6268d699f2a22ae4fb816bb9b979330fc rnspure-0.4.9-py3-none-any.whl
+```
+
+### 2023-02-04: RNS β 0.4.8
+
+This release introduces the useful `rnid` utility, which makes it possible to use Reticulum Identities for offline file encryption, decryption, signing and validation. The IFAC system has also been significantly improved, and several outdated parts of the documentation was updated and fixed. Thanks to @Erethon and @jooray who contributed to this release!
+
+**Changes**
+- Added header and payload masking to the IFAC system
+- Added `rnid` utility for encrypting, decrypting, signing and validating with Reticulum Identities
+- Added Bluetooth pairing PIN output to `rnodeconf` utility
+- Fixed a bug in announce callback handling
+- Fixed a inconsistency in header flag handling since IFACs were introduced
+- Updated documentation and manual
+
+**Release Hashes**
+```
+fbbd55ee43a68c18491f5deabed51085c46fadca7e1bda823ad455c2f7c95a51 rns-0.4.8-py3-none-any.whl
+335b0d5dd1d2aacd0d8810191aa09567ecf5d3aa990c446f3e3b1bbf7fce1387 rnspure-0.4.8-py3-none-any.whl
+```
+
+### 2023-01-14: RNS β 0.4.7
+
+This maintenance release adds support for using the `rnodeconf` utility to replicate RNode devices, and bootstrap device creation using only tools and software packages obtained from an RNode Bootstrap Console.
+
+**Changes**
+- Added the ability to use rnodeconf to bootstrap RNode creation without needing a connection to the Internet
+- Added ability for rnodeconf to extract firmwares from existing RNodes
+- Added ability for rnodeconf to use extracted firmwares for autoinstaller and updates
+- Updated documentation and manual
+
+**Release Hashes**
+```
+7ea22be8f4cc9504d8a612c5589132351cc0c6b474899204afd71367ab3fb226 rns-0.4.7-py3-none-any.whl
+3dc337b80df37c247abc9cee06c3ecba0f908449005d0eb365c2a9577d689e57 rnspure-0.4.7-py3-none-any.whl
+```
+
+### 2022-12-23: RNS β 0.4.6
+
+This maintenance release brings two bugfixes.
+
+**Changes**
+- Fixed missing path invalidation on failed link establishments made from a shared instance client
+- Fixed a memory leak in link handling
+
+**Release Hashes**
+```
+7f1b0b254dce5bb1bacc336b026dab2dda5859b43cb0f4ceed3f70ba825f8873 rns-0.4.6-py3-none-any.whl
+775c1b9b5bdf202524e50e58dc7c7bad9262ca3c16471cbfc6fb3a528e732460 rnspure-0.4.6-py3-none-any.whl
+```
+
+### 2022-12-22: RNS β 0.4.5
+
+This maintenance release significantly improves path rediscovery on roaming devices with multiple interfaces, and adds a few tweaks to interface handling, that are especially relevant on Android.
+
+**Changes**
+- Faster roaming path recovery for multiple interface non-transport instances
+- Fixed AutoInterface multicast echoes failing on interfaces with rolling MAC addresses on every re-connect
+- Added carrier change detection flag to AutoInterface
+- Adjusted loglevels for some items
+
+**Release Hashes**
+```
+6757d5d815d4d96c45c181daf321447914c0e90892d43e142f2bd3fffacda9d9 rns-0.4.5-py3-none-any.whl
+11669065091d67e3abaddb0096e5c92fc48080692b5644559226b2e2e6721060 rnspure-0.4.5-py3-none-any.whl
+```
+
+### 2022-12-22: RNS β 0.4.4
+
+This maintenance release improves path response handling and log output.
+
+**Release Hashes**
+```
+b0b59c25910151db0c2085d812bcc3d06cb930ddb8cd1e281b40cb592c1427eb rns-0.4.4-py3-none-any.whl
+fe29ce3eb9e55f6953312c8db8c350bd58a7777e8c8dffd5491b840254426332 rnspure-0.4.4-py3-none-any.whl
+```
+
+### 2022-12-22: RNS β 0.4.3
+
+This maintenance release brings faster path rediscovery and improves hardware support on Android, along with a few other minor tweaks and bugfixes.
+
+**Changes**
+- Added automatic path rediscovery on failed link establishments
+- Added signature validation for link request proof packets for every transport hop
+- Improved RNode hotplug support over Bluetooth on Android
+- Improved Resource transfer sequencing and retry handling
+- Fixed driver initialisation for Qinheng CH34x serial chips on Android
+- Updates to documentation
+
+**Release Hashes**
+```
+c035c2e21b8b207b00937ad57e947c7b4f17a02fe4f253d6e1fcc000479019b7 rns-0.4.3-py3-none-any.whl
+e367576893bada72329ad195ebaa1e295bbca8897241f258428e1957d2da9a55 rnspure-0.4.3-py3-none-any.whl
+```
+
+### 2022-11-24: RNS β 0.4.2
+
+This maintenance release brings a number of minor improvements, and fixes a few bugs related to hardware support on Android.
+
+**Changes**
+- Fixed AutoInterface roaming not working on Android devices that rotate Ethernet and WiFi MAC addresses on every physical connection change
+- Fixed RNode interface not working over Bluetooth on Android versions 10 and below
+- Greatly improved startup time for programs connecting to a shared Reticulum instance on slow or resource-limited systems
+- Improvements to internal utility-functions and logging
+- Added a public development roadmap
+- Updates and fixes to the documentation
+
+**Release Hashes**
+```
+ba541ead4194e7ae3e295bf2c84b609041e4dc82e1b5bfce0885396ee090e37f rns-0.4.2-py3-none-any.whl
+a352cb8d0862a1a23e66bda08357bf7e725b540bbdd3bb3b32914f3c0bb99a05 rnspure-0.4.2-py3-none-any.whl
+```
+
+### 2022-11-03: RNS β 0.4.1
+
+This maintenance release fixes few bugs, and improves I2P interface recovery on unresponsive I2P tunnels.
+
+**Changes**
+- Added better I2P tunnel state visibility to rnstatus util
+- Improved I2P recovery time on unresponsive tunnels
+- Improved I2P tunnel state detection
+- Fixed missing IFAC identity init on spawned TCP clients
+- Fixed missing IFAC identity init on spawned I2P interfaces
+- Fixed missing check for socket state on I2P interfaces
+
+**Release Hashes**
+```
+e28643a7396c3a41d859eb7d3a14f166e648003da36fc49094561fbf49c04b7e rns-0.4.1-py3-none-any.whl
+feaa326545c928f3d5dc7b6fdb31975517af15da0751927491c4ac23dac36edc rnspure-0.4.1-py3-none-any.whl
+```
+
+### 2022-11-03: RNS β 0.4.0
+
+This maintenance release fixes minor bug in the rnodeconf utility.
+
+**Changes**
+- Fixed incorrect storage location for local firmware cache in the rnodeconf utility
+
+**Release Hashes**
+```
+16dda7b087cff0c21b7b0460798cb433fc96f27d058eb7d50e38898a1a1e49c4 rns-0.4.0-py3-none-any.whl
+5f137cfd42ee9d9e7ae43b25d25849bd087145b7edf2c29ffdfd93d57ab34284 rnspure-0.4.0-py3-none-any.whl
+```
+
+### 2022-11-03: RNS β 0.3.19
+
+This release adds support for Bluetooth-connected RNode interfaces, and includes a few improvements to the rnodeconf utility.
+
+**Changes**
+- Added support for RNode interfaces connected over Bluetooth on Linux and Android
+- Improved rnodeconf install and update timing, which fixes installs sometimes failing on T-Beam devices
+
+**Release Hashes**
+```
+9d5bee8eb9b2160dab985017bfa3e3db9c35033cfae97653a9fa8faa6064f228 rns-0.3.19-py3-none-any.whl
+0f0996b5e401ca5d4e91080df3d6de326fc591164c9e6932a2eb79f1d2b8d375 rnspure-0.3.19-py3-none-any.whl
+```
+
+### 2022-11-03: RNS β 0.3.18
+
+This maintenance release includes the `rnodeconf` utility directly in the `rns` package, and brings a few improvements to interface handling and hardware interfacing.
+
+**Important!** The minimum supported RNode firmware version for this release is `1.51`, and the firmware will needs to be updated with `rnodeconf` version `2.0.0` or greater, since earlier versions won't be able to fetch the new release files.
+
+**Changes**
+- Added `rnodeconf` utility
+- Added more options for controlling log output
+- Added ability to write to the external framebuffer of RNode devices
+- Improved teardown handling on RNode interfaces
+
+**Release Hashes**
+```
+dc0c56950b85be763270695faf441029f7e6c31cdc44447c6c470e09c734aa45 rns-0.3.18-1-py3-none-any.whl
+760bfc52419a8c45a420df41c40a1bf96bd494dabd7efe461c7907b152bbf39c rnspure-0.3.18-1-py3-none-any.whl
+```
+
+### 2022-11-03: RNS β 0.3.17
+
+This maintenance release fixes a regression in the 0.3.16 release.
+
+**Changes**
+- Fixed an incorrect import that inadverdently caused Android-specific interfaces to be used on non Android operating systems.
+
+**Release Hashes**
+```
+SHA256 0e8327461e2d39f859059cc14e94fb33f21e1186c422bb766950f42ca1387656 rns-0.3.17-py3-none-any.whl
+SHA256 9e31160cc38e0d5531460d5eca7b3f6e6d8c3b2a7afb04338ee72cc488a2ba18 rnspure-0.3.17-py3-none-any.whl
+```
+
+### 2022-10-20: RNS β 0.3.16
+
+This maintenance release fixes a single bug that prevented running RNS in Termux (and similar) on Android.
+
+**Changes**
+- Fixed missing imports and module checks for API-limited environments on Android
+
+**Release Hashes**
+```
+SHA256 dc4202302b1f1503a0f1c8fef7123b31f7d5d7131ae5b9f988064ebe22e29ed8 rns-0.3.16-py3-none-any.whl
+SHA256 127624d2592745602d4a056c347fa6f5989f049275a5b8bfa97c296af9bc497f rnspure-0.3.16-py3-none-any.whl
+```
+
+### 2022-10-20: RNS β 0.3.15
+
+This maintenance release primarily adds support for external hardware interfaces on Android. A number of bugs have also been fixed, and improvements made to logging output consistency.
+
+**Changes**
+- Added support for RNode interfaces on Android
+- Added support for KISS interfaces on Android
+- Added support for Serial interfaces on Android
+- Added AutoInterface support for kernel network devices that rotate MAC addresses on roaming and/or reconnects
+- Updated various helper functions
+- Minor log output cleanup and fixes
+- Fixed missing lookup for locally running destinations in Identity.recall() when running as a shared transport instance
+- Fixed missing announce cap property on hot-plugged interfaces
+- Fixed incorrect behaviour in announce processing for instance-local destinations to roaming- or boundary-mode interfaces
+
+**Release Hashes**
+```
+SHA256 c56f32dbfd10fae1b5d2dddafe7d2a0f2127908827a71fce9e43fd051ea453bc rns-0.3.15-py3-none-any.whl
+SHA256 597d6df05b3586eaa1515c0215cec30d7a018a209e7900634345c39514efcd18 rnspure-0.3.15-py3-none-any.whl
+```
+
+### 2022-10-07: RNS β 0.3.14
+
+This maintenance release brings a few improvements, including optimised announce packet structure and updated documentation.
+
+**Please note!** While this is a small maintenance release, it includes changes to packe structure that breaks backwards compatibility with all previous RNS versions.
+
+**Changes**
+- Optimised announce packet structure
+- Reject mismatching public keys on hash collision.
+- Minor updates to documentation
+
+**Release Hashes**
+```
+SHA256 b761efc24d20c5719817bfefbbe8ce69f7c91d65bb8273cb02578f77d6f88bc5 rns-0.3.14-py3-none-any.whl
+SHA256 cc24a1f010431c8f193ec0ffc6dccade614a5be40c47ac12e3e9ae60b52f046e rnspure-0.3.14-py3-none-any.whl
+```
+
+### 2022-10-04: RNS β 0.3.13
+
+This maintenance release includes a single but important bugfix.
+
+**Changes**
+- Fixed missing hash construction step in announce emission and validation
+
+**Release Hashes**
+```
+SHA256 d6c8a7cb8ea7edc99800df92abff246e8159f2d9c9f1a2b57672385d49647c90 rns-0.3.13-py3-none-any.whl
+SHA256 c07c28942e374342c4e807a0b6e81d831737b87cf59651670b8c1c191030a326 rnspure-0.3.13-py3-none-any.whl
+```
+
+### 2022-09-30: RNS β 0.3.12
+
+This maintenance release includes a fix to the [serious security flaw discussed here](https://github.com/markqvist/Reticulum/discussions/103). **Please Note!** Updating to RNS 0.3.12 will intentionally break backwards compatibility with all previous verstions for link establishment. It is recommended to upgrade all your systems to 0.3.12 as soon as possible.
+
+Additionally, this release brings a range of small, but very useful improvements to reliability and user experience, along with a significant update to the documentation material.
+
+**Changes**
+- Fixed a [serious security flaw](https://github.com/markqvist/Reticulum/discussions/103) in link establishment key exchanges
+- Allow hot-plug of RNode devices
+- Better detachment handler for TCP clients on shutdown
+- Implemented better config directory path handling
+- Clarifications and improvements to various documentation chapters
+- Improved writing quality of documentation, courtesy of @huyndao
+- Improved overall presentation of documentation and manual
+- Improved reliability of data persistence in case of unexpected shutdowns or hardware crashes
+- Added rnsd warning on start as client
+- Fixed a rendering bug in the rnpath utility
+- Added initial connection timeout configuration option to TCP Client interfaces
+- Brought deprecated native python API calls up to date
+
+**Release Hashes**
+```
+SHA256 74a4881ebf8d805bffb43efef91769b1cbb87affe56ac630355946c7484cffbf rns-0.3.12-py3-none-any.whl
+SHA256 03429122b3b4133667632ba2404df7bbf57ea5df1b9c815d7608b1d59cd29a76 rnspure-0.3.12-py3-none-any.whl
+```
+
+### 2022-07-09: RNS β 0.3.11
+
+This maintenance release contains a single but important bug fix in resource transfers.
+
+**Changes**
+- Fixed a an incorrect size calculation for resource advertisements, that would lead to resources of specific sizes failing with an MTU error.
+
+**Release Hashes**
+```
+SHA256 7c03a003326bcd127226414b08cf48f87bcc6b88a7279c52e28415315668543c rns-0.3.11-py3-none-any.whl
+SHA256 1a6aaa3ba370ece28cc975ba94b0461c61497cf0797f92662472e0ec20576cb1 rnspure-0.3.11-py3-none-any.whl
+```
+
+### 2022-07-08: RNS β 0.3.10
+
+This maintenance release contains a single but important bug fix for systems running Reticulum Transport Instances.
+
+**Changes**
+- Fixed a potential race condition in link establishment flow, that could lead to links not being established over hops with very low latency.
+
+**Release Hashes**
+```
+SHA256 1c9fb56b967aed507694e6b5d5fca7a89b022cad9fa2058d248e359dc150fba7 rns-0.3.10-py3-none-any.whl
+SHA256 8eae07f9e6241ea1f3778430456225dee3ef73bb1c4df5e5362dd00226404628 rnspure-0.3.10-py3-none-any.whl
+```
+
+### 2022-07-05: RNS β 0.3.9
+
+This release expands the address space of Reticulum to 128 bits, and brings improvements to the documentation, along with a few bugfixes and updates.
+
+**Changes**
+- Expanded address space to 128 bits
+- Updated documentation
+- Improved rnx interactive mode
+- Improved readme file
+- Added reticulum.network website
+- Added periodic cache cleaning
+- Fixed a bug in the --no-auth option in rncp
+
+**Release Hashes**
+```
+SHA256 892005e95fc9eda4c4c5d9f94dd33cdc27d3ac6e228d1b0b2519e35069951b86 rns-0.3.9-1-py3-none-any.whl
+SHA256 cb7d873c51c746ecdb8963a6a7a0e8d010fb6c61ee785c5e97376d3779a7bae8 rnspure-0.3.9-1-py3-none-any.whl
+```
+
+### 2022-06-22: RNS β 0.3.8
+
+This release brings big improvements to compatibility with various system types, along with several convenient new features, and a lot of tuning, optimisation and stability improvements. In a continued effort, the documentation has also been updated, restructured, and had several new and informative sections added.
+
+**Changes**
+- Added ability to install and run RNS without any dependencies
+- Added backend abstraction for cryptographic primitives
+- Added pure-python implementations of all cryptographic primitives
+- Added accept option to Link API
+- Added several undocumented API calls to the documentation
+- Added option to filter interfaces to rnstatus utility
+- Added "Communications Hardware" chapter to the documentation
+- Improved multiple chapters and restructured documentation
+- Improved efficiency of Transport instances
+- Improved performance of Resource transfers
+- Improved Resource handling strategies over different physical link types
+- Improved link capacity and speed estimation calculations
+- Improved I2P interface error handling and stability
+- Tuned Resource and Link timeouts
+- Tuned TCP socket options for better reliability over intermittent links
+- Tuned I2P interface timeouts for better reliability over intermittent links
+- Fixed a missing check for zero-length packets on IFAC-enabled interfaces
+- Fixed a socket allocation leak in I2P interfaces
+- Added unit tests
+- Added performance profiling tools
+- Improved build system
+
+Release SHA-256 for `rns-0.3.8-py3-none-any.whl` is `fdb53aba14840edf3d71dde1a745f319e7f60d6993851b7651bf8ba3d5c53ba7`
+Release SHA-256 for `rnspure-0.3.8-py3-none-any.whl` is `b0eb004c3725bc20496b1c855e7d22729d8a39fd0cde957ab95aa8c7e13ee3a4`
+
+### 2022-05-29: RNS β 0.3.7
+
+This release comes with a big upgrade to reliability and resilience, with lots of small bug fixes and improvements, along with some significant new additions and features. The documentation and API reference has also seen several improvements for clarity.
+
+Users of I2P interfaces will see big improvements in reliability with better handling of errors from the I2P SAM API, and much better automatic recovery when I2P connectivity is intermittent.
+
+Reticulum is now able to perform network-wide discovery of unknown paths, using the new Gateway interface mode. The stability of established links has also been improved by using a better timeout calculation method.
+
+It is also worth mentioning the addition of the two new utilities, `rncp` and `rnx`, that allow you to transfer files to remote systems, and perform remote command execution.
+
+*Please Note!* For using 64-bit IFACs on RNode hardware, your RNodes must be running at least firmware version 1.28.
+
+**Changes**
+- Added gateway interface mode
+- Added `rncp` utility for transferring files to remote destinations
+- Added `rnx` utility for remotely executing commands and returning output
+- Implemented unknown path discovery
+- Implemented recursive path request loop avoidance
+- Implemented bandwidth cap for recursive path requests
+- Improved Link authentication callbacks
+- Improved Link stale time calculations and process
+- Improved error detection and handling in I2P interfaces
+- Improved automatic recovery and reliability on intermittent I2P interfaces
+- Added request size to receipts, and updated relevant API documentation
+- Added default identity storage folder
+- Fixed deprecated options in libi2p's asyncio calls
+- Fixed I2P controller startup when event loop is not immediately ready
+- Fixed bug in conditional resource acceptance callback
+- Fixed an invalid interface mode check
+- Fixed missing recursive progress callback allocation in segmented resource transfer
+- Fixed expired AP and Roaming interface mode paths not being removed at the correct time
+- Fixed announce rate targets not being set on I2PInterface peers
+- Fixed naming conflict in resource advertisements
+- Fixed link stale time calculation on newly created links without any actual traffic
+- Fixed a bug that caused large packets (over 492 bytes) with IFAC enabled to be dropped on RNode hardware
+- Improved output of `rnstatus` utility
+- Improved Destination and Link API documentation
+- Updated documentation and readme
+
+Release SHA-256 for Python Wheel is `2cd9a584d6b13bb478a43b49b7de3f2a8270c4b8979666b1ca40cd81daacbf42`
+
+### 2022-05-17: RNS β 0.3.6
+
+This release adds a number of improvements, a new interface type, and some very useful new interface modes.
+
+**Changes**
+- Added PipeInterface, create interfaces with any program over stdio
+- Added "roaming" and "boundary" interface modes
+- Added per-interface announce rate control
+- Added ability to drop announce queues to rnpath utility
+- Added announce rate information output to rnpath utility
+- Improved announce queue processing
+- Improved several documentation chapters
+- Improved logging output
+
+### 2022-04-28: RNS β 0.3.5
+
+This release brings major improvements and upgrades to Reticulum, along with better documentation and improved usability of the bundled utilities.
+
+**Changes**
+- Greatly improved convergence time. Even on huge networks, newly created destinations become globally reachable in less than a minute.
+- New announce propagation mechanism allows flexible scalability. Extremely slow network segments can now interconnect seamlessly with huge, high-bandwidth networks while still prioritising end-to-end connectivity for local nodes.
+- Reticulum can now scale to huge and complex networks with up to 128 hops, and billions of active endpoints.
+- Added virtual network segmentation for running multiple virtual networks over the same physical channel.
+- Added interface authentication for creating private access network interfaces and access points.
+- Updated documentation in accordance with current implementation of announce propagation mechanism.
+- Updated several outdated documentation chapters.
+- Added documentation for new interface features.
+- The output display of the rnstatus utility has been greatly improved.
+- Added ability to drop paths to the rnpath utility.
+- Added path table display to rnpath utility.
+- Added interface rate determination and estimation.
+- Added configurable bandwidth allocation for announce traffic.
+- Improved and cleaned logging output.
+- Various Transport optimisations.
+- Improved AutoInterface peering timing.
+- Updated manual in accordance with release.
+- Fixed a possible race condition in Transport startup when a local shared instance was restarted and apps reconnected.
+
+### 2022-03-28: RNS β 0.3.4
+
+This is a small maintenance release with a bugfix and some documentation and reliability improvements.
+
+**Changes**
+- Fixed https://github.com/markqvist/Reticulum/issues/18 that could potentially cause a routing loop if the API was used in an unintended way
+- Improved cryptography API compatibility
+- Improved documentation
+
+### 2022-02-26: RNS β 0.3.3
+
+This release adds major new functionality to Reticulum, including new connectivity options, improves stability, simplifies configuration and fixes a few bugs.
+
+**Improvements**
+ - Added the I2P Interface to Reticulum
+ - Added I2P tunneling support for TCP interfaces
+ - Improved recovery of AutoInterface on underlying medium carrier loss
+ - Improved AutoInterface timeouts and timing
+ - Enabled the "outbound" interface option as on by default
+ - Added the "Access Point" interface mode
+ - Simplified default configuration
+ - Added verbose configuration example to the "rnsd" program
+ - Improved documentation and manual
+ - Fixed a potential race condition in resource assembly
+ - Fixed a reference error in TCP interfaces
+ - Fixed a configuration keyword error
+
+### 2022-01-28: RNS β 0.3.2
+
+This maintenance release adds support for using a much wider range of devices as RNode LoRa interfaces with Reticulum, and also contains a few bugfixes and improvements.
+
+**Important!** From this release, RNodes used with Reticulum must have at least firmware version 1.26 installed, due to the new multiplatform RNode support.
+
+**Improvements**
+ - Added full support for RNodes based on ESP32 and ATmega2560 boards
+ - Fixed a bug in TCP interfaces on macOS
+ - Updated documentation and manual
+
+### 2022-01-26: RNS β 0.3.1
+
+This is a small maintenance and update release of Reticulum, including a few improvements. It also adds support for using ESP32-based T-Beam devices.
+
+Improvements:
+ - Added support for using T-Beam devices using the RNodeInterface
+ - Improved AutoInterface on Android
+ - Improved platform handling
+ - Improved malformed packet handling
+
+### 2021-12-11: RNS β 0.3.0
+
+This is a major release of Reticulum, including a range of stability and performance improvements, along with important new features, expanding the connectivity of Reticulum.
+
+An important improvement in this release is the addition of the AutoInterface, that will now be configured as the default interface on new installs. This interface automatically meshes with other Reticulum peers over any available system network devices, and doesn't require any existing IP infrastructure like a DHCP server or a router. For more information, consult the relevant section of the manual.
+
+**Improvements**
+ - Added new AutoInterface as default interface for new installs
+ - Serial port interfaces now automatically attempt to reconnect devices that are unplugged and replugged
+ - Added support for KISS over TCP in the TCPClientInterface
+ - Added support for running Reticulum as a systemd service
+ - Initial support for the Android operating system
+ - Added documentation for installing Reticulum on Android in Termux
+ - Improved documentation and manual
+ - Better path request handling for shared instances
+ - Better shutdown handling on external interrupts
+ - Many small stability and reliability improvements
+ - Fine-tuned various timing parameters for different link types
+
+### 2021-10-15: RNS β 0.2.9
+
+This beta release adds the fundamentals of RSSI and SNR functionality. It also implements timing improvements, allowing Reticulum to function on even lower bitrate physical links.
+
+**Improvements**
+ - Added RSSI and SNR reporting on supported interfaces
+ - Added RSSI and SNR to rnprobe utility
+ - Added RSSI and SNR to Echo example
+ - Support for physical layer throughput down to 500 bits per second.
+ - Improved callback handling
+
+### 2021-10-10: RNS β 0.2.8
+
+This beta release brings a single, but important improvement. Paths are now updated much more fluidly for peers moving around the network.
+
+Since updates were made to how tunnels and path table entries are represented in this release, it is recommended to delete the following files on Transport Nodes:
+
+~/.reticulum/storage/destination_table
+~/.reticulum/storage/packet_hashlist
+~/.reticulum/storage/tunnels
+~/.reticulum/storage/cache/*
+
+The files will be recreated when Reticulum is started.
+
+**Improvements**
+ - Improved path updates for peers moving around the network
+
+### 2021-10-08: RNS β 0.2.7
+
+This beta release brings a range of stability improvements and one bugfix.
+
+**Improvements**
+ - Improved output of the rnstatus utility
+ - Improved shared instance and local client handling
+ - Improved documentation
+ - Improved path restoration on tunnels
+ - Added log rotation
+
+**Fixed bugs**
+ - Fixed incorrect interface detachment on TCP client interfaces
+
+### 2021-09-25: RNS β 0.2.6
+
+This beta release brings a range of improvements and a few bugfixes.
+
+**Improvements**
+ - Added the "rnsd" utility for running Reticulum as a service
+ - Added the "rnstatus" utility for viewing interface status
+ - Added the "rnpath" utility for path lookups
+ - Added the "rnprobe" utility for testing connectivity
+ - Documentation has been improved and expanded
+ - Improved shutdown handling for shared instances
+ - Improved default configuration
+ - Improved recovery of TCP interfaces over unreliable links
+
+**Fixed bugs**
+ - Fixed a bug in reverse table culling
+ - Fixed a regression in TCP interface client spawner
+
+### 2021-09-18: RNS β 0.2.5
+
+This beta release brings a range of improvements and bugfixes.
+
+**Improvements**
+ - Added endpoint tunneling for path restoration over intermittent or roving link layer connections.
+ - Added ability for TCP client interfaces to automatically reconnect if TCP socket drops.
+ - Improved link teardown handling.
+ - Improved interface error handling on non-recoverable / hardware errors.
+
+**Fixed bugs**
+ - Fixed a bug that could cause path table entries to be culled two times in rare cases.
+ - Fixed a bug that could lead to the "outgoing" directive of interface configuration entries not being parsed correctly.
+
+### 2021-09-11: RNS β 0.2.4
+
+This beta release brings a range of improvements and bugfixes.
+
+**Improvements**
+ - Increased link MDU from 415 to 431 bytes by optimising transfer of Fernet tokens.
+ - All data lengths are now calculated dynamically from Reticulums base MTU, laying the groundwork for dynamic MTU interoperability.
+ - Disabled option to allow unencrypted links.
+ - Improved documentation.
+ - Improved request timeouts and handling.
+ - Improved link establishment.
+ - Improved resource transfer timing. 
+
+**Fixed bugs**
+ - Fixed a race condition in inbound proof handling.
+ - Fixed sequencing errors caused by duplicate HMU/request packets not being filtered.
+
+### 2021-08-29: RNS β 0.2.3
+
+This beta release brings a range of improvements and bugfixes.
+
+**Improvements**
+ - Improved resource handling.
+ - Improved timeout calculation for packets, links, resources and requests.
+ - Improved announce handling for shared instances.
+ - Improved default configuration template.
+ - Added example "Speedtest".
+
+**Fixed bugs**
+ - Fixed an issue that caused request timeout even though response had occurred.
+ - Fixed an issue that caused identity files to be written incorrectly.
+ - Fixed resource sequencing errors not being handled gracefully.
+
+### 2021-08-21: RNS β 0.2.2
+
+This beta release brings several new features to Reticulum along with two bugfixes.
+
+IMPORTANT! This version breaks wire-format compatibility with all previous versions of Reticulum. You must update *all* of your nodes at the same time.
+
+**New features**
+ - Link initiators can now identify to the remote peer over the link, once it has been set up. This can be used for authentication, amongst other things.
+ - Requests and responses of arbitrary sizes can now be carried out over links.
+ - UDP and TCP interfaces can now be bound to network device names (eth0, wlan0, etc.) instead of manually specifying listen IPs.
+
+**Fixed bugs**
+ - Fixed a race condition in outbound transport packet filtering.
+ - Fixed an issue where local UDP broadcast echoes could get processed as inbound packets.
+
+### 2021-05-20: RNS β 0.2.1
+
+This beta release sees significant improvements to bandwidth utilization and efficiency, while improving security by dropping RSA and moving completely to Curve25519.
+
+- All asymmetric cryptography migrated to X25519/Ed25519. This has greatly improved efficiency and reduced protocol overhead significantly.
+- Work has continued on the documentation, and the "Understanding Reticulum" chapters have been improved significantly in this release.
+- Class methods dealing with setting callbacks have been renamed to be more intuitive.
+
+As a few examples of the improved efficiency, a complete link establishment now only costs 240 bytes, down from 409 in the previous RSA version. An announce takes up 151 bytes vs 323.
+
+### 2021-05-18: RNS β 0.2.0
+
+This is the first beta release of RNS. This release also marks the publication of the Reticulum documentation, manual, and API documentation. All core features of Reticulum are now implemented, functional and ready to use in external programs. The wire-format and API will only change if there is a very good reason, though internals are still likely to be altered and optimised, and features are likely to be added.
+
+### 2021-05-13: RNS α 0.1.9
+
+This was a pre-release alpha version. No changelog available.
+
+### 2020-08-13: RNS α 0.1.8
+
+This was a pre-release alpha version. No changelog available.
+
+### 2020-08-13: RNS α 0.1.7
+
+This was a pre-release alpha version. No changelog available.
+
+### 2020-06-10: RNS α 0.1.6
+
+This was a pre-release alpha version. No changelog available.
+
+### 2020-06-09: RNS α 0.1.5
+
+This was a pre-release alpha version. No changelog available.
+
+### 2020-05-29: RNS α 0.1.4
+
+This was a pre-release alpha version. No changelog available.
+
+### 2020-05-21: RNS α 0.1.3
+
+This was a pre-release alpha version. No changelog available.
+
+### 2020-05-15: RNS α 0.1.2
+
+This was a pre-release alpha version. No changelog available.
+
+### 2020-05-14: RNS α 0.1.1
+
+This was a pre-release alpha version. No changelog available.
+
+### 2020-05-12: RNS α 0.1.0
+
+This was a pre-release alpha version. No changelog available.
+
+### 2020-04-28: RNS α 0.0.9
+
+This was a pre-release alpha version. No changelog available.
+
+### 2020-04-28: RNS α 0.0.8
+
+This was the first publicly available pre-release alpha of Reticulum.
+
+### 2016-05-29: Inintial Repository Commit
+
+The first commit to the Reticulum reference implementation was 9a9630cfd29e11ace3f12716ddb4dff0e5419b4b, which occurred on Sunday, the 22nd of May 2016.
@@ -0,0 +1,23 @@
+# Contributing to Reticulum
+
+Welcome, and thank you for your interest in contributing to Reticulum!
+
+Apart from writing code, there are many ways in which you can contribute. Before getting started, please read these guidelines.
+
+## Asking Questions
+
+If you want to ask a question, do not open an issue.
+
+Instead, ask away on the [discussions](https://github.com/markqvist/Reticulum/discussions) or on the [Reticulum Matrix channel](https://unsigned.io/contact.html#reticulum:matrix.org) at `#reticulum:matrix.org`
+
+## Providing Feedback
+
+Likewise, feedback, ideas and feature requests are a very welcome way to contribute, and should also be posted on the [discussions](https://github.com/markqvist/Reticulum/discussions), or on the [Reticulum Matrix channel](https://unsigned.io/contact.html#reticulum:matrix.org) at `#reticulum:matrix.org`
+
+## Reporting Issues
+
+If you have found a bug or issue in Reticulum, please report it on the [issue tracker](https://github.com/markqvist/Reticulum/issues).
+
+## Writing Code
+
+If you are interested in contributing code, fixing open issues or adding features, please coordinate the effort with the maintainer or one of the main developers first, to ensure your efforts are in alignment with the [Roadmap](./Roadmap.md) and current development focus.
@@ -130,10 +130,11 @@ class ExampleAnnounceHandler:
            RNS.prettyhexrep(destination_hash)
        )

-        RNS.log(
-            "The announce contained the following app data: "+
-            app_data.decode("utf-8")
-        )
+        if app_data:
+            RNS.log(
+                "The announce contained the following app data: "+
+                app_data.decode("utf-8")
+            )

 ##########################################################
 #### Program Startup #####################################
@@ -0,0 +1,323 @@
+##########################################################
+# This RNS example demonstrates how to set up a link to  #
+# a destination, and pass binary data over it using a    #
+# channel buffer.                                        #
+##########################################################
+from __future__ import annotations
+import os
+import sys
+import time
+import argparse
+from datetime import datetime
+
+import RNS
+from RNS.vendor import umsgpack
+
+# Let's define an app name. We'll use this for all
+# destinations we create. Since this echo example
+# is part of a range of example utilities, we'll put
+# them all within the app namespace "example_utilities"
+APP_NAME = "example_utilities"
+
+
+##########################################################
+#### Server Part #########################################
+##########################################################
+
+# A reference to the latest client link that connected
+latest_client_link = None
+
+# A reference to the latest buffer object
+latest_buffer = None
+
+# This initialisation is executed when the users chooses
+# to run as a server
+def server(configpath):
+    # We must first initialise Reticulum
+    reticulum = RNS.Reticulum(configpath)
+    
+    # Randomly create a new identity for our example
+    server_identity = RNS.Identity()
+
+    # We create a destination that clients can connect to. We
+    # want clients to create links to this destination, so we
+    # need to create a "single" destination type.
+    server_destination = RNS.Destination(
+        server_identity,
+        RNS.Destination.IN,
+        RNS.Destination.SINGLE,
+        APP_NAME,
+        "bufferexample"
+    )
+
+    # We configure a function that will get called every time
+    # a new client creates a link to this destination.
+    server_destination.set_link_established_callback(client_connected)
+
+    # Everything's ready!
+    # Let's Wait for client requests or user input
+    server_loop(server_destination)
+
+def server_loop(destination):
+    # Let the user know that everything is ready
+    RNS.log(
+        "Link buffer example "+
+        RNS.prettyhexrep(destination.hash)+
+        " running, waiting for a connection."
+    )
+
+    RNS.log("Hit enter to manually send an announce (Ctrl-C to quit)")
+
+    # We enter a loop that runs until the users exits.
+    # If the user hits enter, we will announce our server
+    # destination on the network, which will let clients
+    # know how to create messages directed towards it.
+    while True:
+        entered = input()
+        destination.announce()
+        RNS.log("Sent announce from "+RNS.prettyhexrep(destination.hash))
+
+# When a client establishes a link to our server
+# destination, this function will be called with
+# a reference to the link.
+def client_connected(link):
+    global latest_client_link, latest_buffer
+    latest_client_link = link
+
+    RNS.log("Client connected")
+    link.set_link_closed_callback(client_disconnected)
+
+    # If a new connection is received, the old reader
+    # needs to be disconnected.
+    if latest_buffer:
+        latest_buffer.close()
+
+
+    # Create buffer objects.
+    #   The stream_id parameter to these functions is
+    #   a bit like a file descriptor, except that it
+    #   is unique to the *receiver*.
+    #
+    #   In this example, both the reader and the writer
+    #   use stream_id = 0, but there are actually two
+    #   separate unidirectional streams flowing in
+    #   opposite directions.
+    #
+    channel = link.get_channel()
+    latest_buffer = RNS.Buffer.create_bidirectional_buffer(0, 0, channel, server_buffer_ready)
+
+def client_disconnected(link):
+    RNS.log("Client disconnected")
+
+def server_buffer_ready(ready_bytes: int):
+    """
+    Callback from buffer when buffer has data available
+
+    :param ready_bytes: The number of bytes ready to read
+    """
+    global latest_buffer
+
+    data = latest_buffer.read(ready_bytes)
+    data = data.decode("utf-8")
+
+    RNS.log("Received data over the buffer: " + data)
+
+    reply_message = "I received \""+data+"\" over the buffer"
+    reply_message = reply_message.encode("utf-8")
+    latest_buffer.write(reply_message)
+    latest_buffer.flush()
+
+
+
+
+##########################################################
+#### Client Part #########################################
+##########################################################
+
+# A reference to the server link
+server_link = None
+
+# A reference to the buffer object, needed to share the
+# object from the link connected callback to the client
+# loop.
+buffer = None
+
+# This initialisation is executed when the users chooses
+# to run as a client
+def client(destination_hexhash, configpath):
+    # We need a binary representation of the destination
+    # hash that was entered on the command line
+    try:
+        dest_len = (RNS.Reticulum.TRUNCATED_HASHLENGTH//8)*2
+        if len(destination_hexhash) != dest_len:
+            raise ValueError(
+                "Destination length is invalid, must be {hex} hexadecimal characters ({byte} bytes).".format(hex=dest_len, byte=dest_len//2)
+            )
+            
+        destination_hash = bytes.fromhex(destination_hexhash)
+    except:
+        RNS.log("Invalid destination entered. Check your input!\n")
+        exit()
+
+    # We must first initialise Reticulum
+    reticulum = RNS.Reticulum(configpath)
+
+    # Check if we know a path to the destination
+    if not RNS.Transport.has_path(destination_hash):
+        RNS.log("Destination is not yet known. Requesting path and waiting for announce to arrive...")
+        RNS.Transport.request_path(destination_hash)
+        while not RNS.Transport.has_path(destination_hash):
+            time.sleep(0.1)
+
+    # Recall the server identity
+    server_identity = RNS.Identity.recall(destination_hash)
+
+    # Inform the user that we'll begin connecting
+    RNS.log("Establishing link with server...")
+
+    # When the server identity is known, we set
+    # up a destination
+    server_destination = RNS.Destination(
+        server_identity,
+        RNS.Destination.OUT,
+        RNS.Destination.SINGLE,
+        APP_NAME,
+        "bufferexample"
+    )
+
+    # And create a link
+    link = RNS.Link(server_destination)
+
+    # We'll also set up functions to inform the
+    # user when the link is established or closed
+    link.set_link_established_callback(link_established)
+    link.set_link_closed_callback(link_closed)
+
+    # Everything is set up, so let's enter a loop
+    # for the user to interact with the example
+    client_loop()
+
+def client_loop():
+    global server_link
+
+    # Wait for the link to become active
+    while not server_link:
+        time.sleep(0.1)
+
+    should_quit = False
+    while not should_quit:
+        try:
+            print("> ", end=" ")
+            text = input()
+
+            # Check if we should quit the example
+            if text == "quit" or text == "q" or text == "exit":
+                should_quit = True
+                server_link.teardown()
+            else:
+                # Otherwise, encode the text and write it to the buffer.
+                text = text.encode("utf-8")
+                buffer.write(text)
+                # Flush the buffer to force the data to be sent.
+                buffer.flush()
+
+
+        except Exception as e:
+            RNS.log("Error while sending data over the link buffer: "+str(e))
+            should_quit = True
+            server_link.teardown()
+
+# This function is called when a link
+# has been established with the server
+def link_established(link):
+    # We store a reference to the link
+    # instance for later use
+    global server_link, buffer
+    server_link = link
+
+    # Create buffer, see server_client_connected() for
+    # more detail about setting up the buffer.
+    channel = link.get_channel()
+    buffer = RNS.Buffer.create_bidirectional_buffer(0, 0, channel, client_buffer_ready)
+
+    # Inform the user that the server is
+    # connected
+    RNS.log("Link established with server, enter some text to send, or \"quit\" to quit")
+
+# When a link is closed, we'll inform the
+# user, and exit the program
+def link_closed(link):
+    if link.teardown_reason == RNS.Link.TIMEOUT:
+        RNS.log("The link timed out, exiting now")
+    elif link.teardown_reason == RNS.Link.DESTINATION_CLOSED:
+        RNS.log("The link was closed by the server, exiting now")
+    else:
+        RNS.log("Link closed, exiting now")
+    
+    RNS.Reticulum.exit_handler()
+    time.sleep(1.5)
+    os._exit(0)
+
+# When the buffer has new data, read it and write it to the terminal.
+def client_buffer_ready(ready_bytes: int):
+    global buffer
+    data = buffer.read(ready_bytes)
+    RNS.log("Received data over the link buffer: " + data.decode("utf-8"))
+    print("> ", end=" ")
+    sys.stdout.flush()
+
+
+##########################################################
+#### Program Startup #####################################
+##########################################################
+
+# This part of the program runs at startup,
+# and parses input of from the user, and then
+# starts up the desired program mode.
+if __name__ == "__main__":
+    try:
+        parser = argparse.ArgumentParser(description="Simple buffer example")
+
+        parser.add_argument(
+            "-s",
+            "--server",
+            action="store_true",
+            help="wait for incoming link requests from clients"
+        )
+
+        parser.add_argument(
+            "--config",
+            action="store",
+            default=None,
+            help="path to alternative Reticulum config directory",
+            type=str
+        )
+
+        parser.add_argument(
+            "destination",
+            nargs="?",
+            default=None,
+            help="hexadecimal hash of the server destination",
+            type=str
+        )
+
+        args = parser.parse_args()
+
+        if args.config:
+            configarg = args.config
+        else:
+            configarg = None
+
+        if args.server:
+            server(configarg)
+        else:
+            if (args.destination == None):
+                print("")
+                parser.print_help()
+                print("")
+            else:
+                client(args.destination, configarg)
+
+    except KeyboardInterrupt:
+        print("")
+        exit()
@@ -0,0 +1,390 @@
+##########################################################
+# This RNS example demonstrates how to set up a link to  #
+# a destination, and pass structured messages over it    #
+# using a channel.                                       #
+##########################################################
+
+import os
+import sys
+import time
+import argparse
+from datetime import datetime
+
+import RNS
+from RNS.vendor import umsgpack
+
+# Let's define an app name. We'll use this for all
+# destinations we create. Since this echo example
+# is part of a range of example utilities, we'll put
+# them all within the app namespace "example_utilities"
+APP_NAME = "example_utilities"
+
+##########################################################
+#### Shared Objects ######################################
+##########################################################
+
+# Channel data must be structured in a subclass of
+# MessageBase. This ensures that the channel will be able
+# to serialize and deserialize the object and multiplex it
+# with other objects. Both ends of a link will need the
+# same object definitions to be able to communicate over
+# a channel.
+#
+# Note: The objects we wish to use over the channel must
+# be registered with the channel, and each link has a
+# different channel instance. See the client_connected
+# and link_established functions in this example to see
+# how message types are registered.
+
+# Let's make a simple message class called StringMessage
+# that will convey a string with a timestamp.
+
+class StringMessage(RNS.MessageBase):
+    # The MSGTYPE class variable needs to be assigned a
+    # 2 byte integer value. This identifier allows the
+    # channel to look up your message's constructor when a
+    # message arrives over the channel.
+    #
+    # MSGTYPE must be unique across all message types we
+    # register with the channel. MSGTYPEs >= 0xf000 are
+    # reserved for the system.
+    MSGTYPE = 0x0101
+
+    # The constructor of our object must be callable with
+    # no arguments. We can have parameters, but they must
+    # have a default assignment.
+    #
+    # This is needed so the channel can create an empty
+    # version of our message into which the incoming
+    # message can be unpacked.
+    def __init__(self, data=None):
+        self.data = data
+        self.timestamp = datetime.now()
+
+    # Finally, our message needs to implement functions
+    # the channel can call to pack and unpack our message
+    # to/from the raw packet payload. We'll use the
+    # umsgpack package bundled with RNS. We could also use
+    # the struct package bundled with Python if we wanted
+    # more control over the structure of the packed bytes.
+    #
+    # Also note that packed message objects must fit
+    # entirely in one packet. The number of bytes
+    # available for message payloads can be queried from
+    # the channel using the Channel.MDU property. The
+    # channel MDU is slightly less than the link MDU due
+    # to encoding the message header.
+
+    # The pack function encodes the message contents into
+    # a byte stream.
+    def pack(self) -> bytes:
+        return umsgpack.packb((self.data, self.timestamp))
+
+    # And the unpack function decodes a byte stream into
+    # the message contents.
+    def unpack(self, raw):
+        self.data, self.timestamp = umsgpack.unpackb(raw)
+
+
+##########################################################
+#### Server Part #########################################
+##########################################################
+
+# A reference to the latest client link that connected
+latest_client_link = None
+
+# This initialisation is executed when the users chooses
+# to run as a server
+def server(configpath):
+    # We must first initialise Reticulum
+    reticulum = RNS.Reticulum(configpath)
+    
+    # Randomly create a new identity for our link example
+    server_identity = RNS.Identity()
+
+    # We create a destination that clients can connect to. We
+    # want clients to create links to this destination, so we
+    # need to create a "single" destination type.
+    server_destination = RNS.Destination(
+        server_identity,
+        RNS.Destination.IN,
+        RNS.Destination.SINGLE,
+        APP_NAME,
+        "channelexample"
+    )
+
+    # We configure a function that will get called every time
+    # a new client creates a link to this destination.
+    server_destination.set_link_established_callback(client_connected)
+
+    # Everything's ready!
+    # Let's Wait for client requests or user input
+    server_loop(server_destination)
+
+def server_loop(destination):
+    # Let the user know that everything is ready
+    RNS.log(
+        "Link example "+
+        RNS.prettyhexrep(destination.hash)+
+        " running, waiting for a connection."
+    )
+
+    RNS.log("Hit enter to manually send an announce (Ctrl-C to quit)")
+
+    # We enter a loop that runs until the users exits.
+    # If the user hits enter, we will announce our server
+    # destination on the network, which will let clients
+    # know how to create messages directed towards it.
+    while True:
+        entered = input()
+        destination.announce()
+        RNS.log("Sent announce from "+RNS.prettyhexrep(destination.hash))
+
+# When a client establishes a link to our server
+# destination, this function will be called with
+# a reference to the link.
+def client_connected(link):
+    global latest_client_link
+    latest_client_link = link
+
+    RNS.log("Client connected")
+    link.set_link_closed_callback(client_disconnected)
+
+    # Register message types and add callback to channel
+    channel = link.get_channel()
+    channel.register_message_type(StringMessage)
+    channel.add_message_handler(server_message_received)
+
+def client_disconnected(link):
+    RNS.log("Client disconnected")
+
+def server_message_received(message):
+    """
+    A message handler
+    @param message: An instance of a subclass of MessageBase
+    @return: True if message was handled
+    """
+    global latest_client_link
+    # When a message is received over any active link,
+    # the replies will all be directed to the last client
+    # that connected.
+
+    # In a message handler, any deserializable message
+    # that arrives over the link's channel will be passed
+    # to all message handlers, unless a preceding handler indicates it
+    # has handled the message.
+    #
+    #
+    if isinstance(message, StringMessage):
+        RNS.log("Received data on the link: " + message.data + " (message created at " + str(message.timestamp) + ")")
+
+        reply_message = StringMessage("I received \""+message.data+"\" over the link")
+        latest_client_link.get_channel().send(reply_message)
+
+        # Incoming messages are sent to each message
+        # handler added to the channel, in the order they
+        # were added.
+        # If any message handler returns True, the message
+        # is considered handled and any subsequent
+        # handlers are skipped.
+        return True
+
+
+##########################################################
+#### Client Part #########################################
+##########################################################
+
+# A reference to the server link
+server_link = None
+
+# This initialisation is executed when the users chooses
+# to run as a client
+def client(destination_hexhash, configpath):
+    # We need a binary representation of the destination
+    # hash that was entered on the command line
+    try:
+        dest_len = (RNS.Reticulum.TRUNCATED_HASHLENGTH//8)*2
+        if len(destination_hexhash) != dest_len:
+            raise ValueError(
+                "Destination length is invalid, must be {hex} hexadecimal characters ({byte} bytes).".format(hex=dest_len, byte=dest_len//2)
+            )
+            
+        destination_hash = bytes.fromhex(destination_hexhash)
+    except:
+        RNS.log("Invalid destination entered. Check your input!\n")
+        exit()
+
+    # We must first initialise Reticulum
+    reticulum = RNS.Reticulum(configpath)
+
+    # Check if we know a path to the destination
+    if not RNS.Transport.has_path(destination_hash):
+        RNS.log("Destination is not yet known. Requesting path and waiting for announce to arrive...")
+        RNS.Transport.request_path(destination_hash)
+        while not RNS.Transport.has_path(destination_hash):
+            time.sleep(0.1)
+
+    # Recall the server identity
+    server_identity = RNS.Identity.recall(destination_hash)
+
+    # Inform the user that we'll begin connecting
+    RNS.log("Establishing link with server...")
+
+    # When the server identity is known, we set
+    # up a destination
+    server_destination = RNS.Destination(
+        server_identity,
+        RNS.Destination.OUT,
+        RNS.Destination.SINGLE,
+        APP_NAME,
+        "channelexample"
+    )
+
+    # And create a link
+    link = RNS.Link(server_destination)
+
+    # We'll also set up functions to inform the
+    # user when the link is established or closed
+    link.set_link_established_callback(link_established)
+    link.set_link_closed_callback(link_closed)
+
+    # Everything is set up, so let's enter a loop
+    # for the user to interact with the example
+    client_loop()
+
+def client_loop():
+    global server_link
+
+    # Wait for the link to become active
+    while not server_link:
+        time.sleep(0.1)
+
+    should_quit = False
+    while not should_quit:
+        try:
+            print("> ", end=" ")
+            text = input()
+
+            # Check if we should quit the example
+            if text == "quit" or text == "q" or text == "exit":
+                should_quit = True
+                server_link.teardown()
+
+            # If not, send the entered text over the link
+            if text != "":
+                message = StringMessage(text)
+                packed_size = len(message.pack())
+                channel = server_link.get_channel()
+                if channel.is_ready_to_send():
+                    if packed_size <= channel.MDU:
+                        channel.send(message)
+                    else:
+                        RNS.log(
+                            "Cannot send this packet, the data size of "+
+                            str(packed_size)+" bytes exceeds the link packet MDU of "+
+                            str(channel.MDU)+" bytes",
+                            RNS.LOG_ERROR
+                        )
+                else:
+                    RNS.log("Channel is not ready to send, please wait for " +
+                            "pending messages to complete.", RNS.LOG_ERROR)
+
+        except Exception as e:
+            RNS.log("Error while sending data over the link: "+str(e))
+            should_quit = True
+            server_link.teardown()
+
+# This function is called when a link
+# has been established with the server
+def link_established(link):
+    # We store a reference to the link
+    # instance for later use
+    global server_link
+    server_link = link
+
+    # Register messages and add handler to channel
+    channel = link.get_channel()
+    channel.register_message_type(StringMessage)
+    channel.add_message_handler(client_message_received)
+
+    # Inform the user that the server is
+    # connected
+    RNS.log("Link established with server, enter some text to send, or \"quit\" to quit")
+
+# When a link is closed, we'll inform the
+# user, and exit the program
+def link_closed(link):
+    if link.teardown_reason == RNS.Link.TIMEOUT:
+        RNS.log("The link timed out, exiting now")
+    elif link.teardown_reason == RNS.Link.DESTINATION_CLOSED:
+        RNS.log("The link was closed by the server, exiting now")
+    else:
+        RNS.log("Link closed, exiting now")
+    
+    RNS.Reticulum.exit_handler()
+    time.sleep(1.5)
+    os._exit(0)
+
+# When a packet is received over the channel, we
+# simply print out the data.
+def client_message_received(message):
+    if isinstance(message, StringMessage):
+        RNS.log("Received data on the link: " + message.data + " (message created at " + str(message.timestamp) + ")")
+        print("> ", end=" ")
+        sys.stdout.flush()
+
+
+##########################################################
+#### Program Startup #####################################
+##########################################################
+
+# This part of the program runs at startup,
+# and parses input of from the user, and then
+# starts up the desired program mode.
+if __name__ == "__main__":
+    try:
+        parser = argparse.ArgumentParser(description="Simple channel example")
+
+        parser.add_argument(
+            "-s",
+            "--server",
+            action="store_true",
+            help="wait for incoming link requests from clients"
+        )
+
+        parser.add_argument(
+            "--config",
+            action="store",
+            default=None,
+            help="path to alternative Reticulum config directory",
+            type=str
+        )
+
+        parser.add_argument(
+            "destination",
+            nargs="?",
+            default=None,
+            help="hexadecimal hash of the server destination",
+            type=str
+        )
+
+        args = parser.parse_args()
+
+        if args.config:
+            configarg = args.config
+        else:
+            configarg = None
+
+        if args.server:
+            server(configarg)
+        else:
+            if (args.destination == None):
+                print("")
+                parser.print_help()
+                print("")
+            else:
+                client(args.destination, configarg)
+
+    except KeyboardInterrupt:
+        print("")
+        exit()
@@ -120,14 +120,16 @@ def client(destination_hexhash, configpath, timeout=None):
    # We need a binary representation of the destination
    # hash that was entered on the command line
    try:
-        if len(destination_hexhash) != 20:
+        dest_len = (RNS.Reticulum.TRUNCATED_HASHLENGTH//8)*2
+        if len(destination_hexhash) != dest_len:
            raise ValueError(
-                "Destination length is invalid, must be 20 hexadecimal characters (10 bytes)"
+                "Destination length is invalid, must be {hex} hexadecimal characters ({byte} bytes).".format(hex=dest_len, byte=dest_len//2)
            )

        destination_hash = bytes.fromhex(destination_hexhash)
-    except:
-        RNS.log("Invalid destination entered. Check your input!\n")
+    except Exception as e:
+        RNS.log("Invalid destination entered. Check your input!")
+        RNS.log(str(e)+"\n")
        exit()

    # We must first initialise Reticulum
@@ -208,6 +210,7 @@ def client(destination_hexhash, configpath, timeout=None):
            # If we do not know this destination, tell the
            # user to wait for an announce to arrive.
            RNS.log("Destination is not yet known. Requesting path...")
+            RNS.log("Hit enter to manually retry once an announce is received.")
            RNS.Transport.request_path(destination_hash)

 # This function is called when our reply destination
@@ -215,8 +215,12 @@ def client(destination_hexhash, configpath):
    # We need a binary representation of the destination
    # hash that was entered on the command line
    try:
-        if len(destination_hexhash) != 20:
-            raise ValueError("Destination length is invalid, must be 20 hexadecimal characters (10 bytes)")
+        dest_len = (RNS.Reticulum.TRUNCATED_HASHLENGTH//8)*2
+        if len(destination_hexhash) != dest_len:
+            raise ValueError(
+                "Destination length is invalid, must be {hex} hexadecimal characters ({byte} bytes).".format(hex=dest_len, byte=dest_len//2)
+            )
+            
        destination_hash = bytes.fromhex(destination_hexhash)
    except:
        RNS.log("Invalid destination entered. Check your input!\n")
@@ -84,7 +84,7 @@ def client_connected(link):
 def client_disconnected(link):
    RNS.log("Client disconnected")

-def remote_identified(identity):
+def remote_identified(link, identity):
    RNS.log("Remote identified as: "+str(identity))

 def server_packet_received(message, packet):
@@ -124,8 +124,12 @@ def client(destination_hexhash, configpath):
    # We need a binary representation of the destination
    # hash that was entered on the command line
    try:
-        if len(destination_hexhash) != 20:
-            raise ValueError("Destination length is invalid, must be 20 hexadecimal characters (10 bytes)")
+        dest_len = (RNS.Reticulum.TRUNCATED_HASHLENGTH//8)*2
+        if len(destination_hexhash) != dest_len:
+            raise ValueError(
+                "Destination length is invalid, must be {hex} hexadecimal characters ({byte} bytes).".format(hex=dest_len, byte=dest_len//2)
+            )
+
        destination_hash = bytes.fromhex(destination_hexhash)
    except:
        RNS.log("Invalid destination entered. Check your input!\n")
@@ -110,8 +110,12 @@ def client(destination_hexhash, configpath):
    # We need a binary representation of the destination
    # hash that was entered on the command line
    try:
-        if len(destination_hexhash) != 20:
-            raise ValueError("Destination length is invalid, must be 20 hexadecimal characters (10 bytes)")
+        dest_len = (RNS.Reticulum.TRUNCATED_HASHLENGTH//8)*2
+        if len(destination_hexhash) != dest_len:
+            raise ValueError(
+                "Destination length is invalid, must be {hex} hexadecimal characters ({byte} bytes).".format(hex=dest_len, byte=dest_len//2)
+            )
+            
        destination_hash = bytes.fromhex(destination_hexhash)
    except:
        RNS.log("Invalid destination entered. Check your input!\n")
@@ -23,8 +23,8 @@ APP_NAME = "example_utilities"
 # A reference to the latest client link that connected
 latest_client_link = None

-def random_text_generator(path, data, request_id, remote_identity, requested_at):
-    RNS.log("Generating response to request "+RNS.prettyhexrep(request_id))
+def random_text_generator(path, data, request_id, link_id, remote_identity, requested_at):
+    RNS.log("Generating response to request "+RNS.prettyhexrep(request_id)+" on link "+RNS.prettyhexrep(link_id))
    texts = ["They looked up", "On each full moon", "Becky was upset", "I’ll stay away from it", "The pet shop stocks everything"]
    return texts[random.randint(0, len(texts)-1)]

@@ -110,8 +110,12 @@ def client(destination_hexhash, configpath):
    # We need a binary representation of the destination
    # hash that was entered on the command line
    try:
-        if len(destination_hexhash) != 20:
-            raise ValueError("Destination length is invalid, must be 20 hexadecimal characters (10 bytes)")
+        dest_len = (RNS.Reticulum.TRUNCATED_HASHLENGTH//8)*2
+        if len(destination_hexhash) != dest_len:
+            raise ValueError(
+                "Destination length is invalid, must be {hex} hexadecimal characters ({byte} bytes).".format(hex=dest_len, byte=dest_len//2)
+            )
+            
        destination_hash = bytes.fromhex(destination_hexhash)
    except:
        RNS.log("Invalid destination entered. Check your input!\n")
@@ -166,8 +166,12 @@ def client(destination_hexhash, configpath):
    # We need a binary representation of the destination
    # hash that was entered on the command line
    try:
-        if len(destination_hexhash) != 20:
-            raise ValueError("Destination length is invalid, must be 20 hexadecimal characters (10 bytes)")
+        dest_len = (RNS.Reticulum.TRUNCATED_HASHLENGTH//8)*2
+        if len(destination_hexhash) != dest_len:
+            raise ValueError(
+                "Destination length is invalid, must be {hex} hexadecimal characters ({byte} bytes).".format(hex=dest_len, byte=dest_len//2)
+            )
+            
        destination_hash = bytes.fromhex(destination_hexhash)
    except:
        RNS.log("Invalid destination entered. Check your input!\n")
@@ -21,6 +21,7 @@ clean:
 	@-rm -rf ./tests/__pycache__
 	@-rm -rf ./tests/rnsconfig/storage
 	@-rm -rf ./*.egg-info
+	@make -C docs clean
 	@echo Done

 remove_symlinks:
@@ -46,10 +47,12 @@ documentation:
 	make -C docs html

 manual:
-	make -C docs latexpdf
+	make -C docs latexpdf epub

 release: test remove_symlinks build_wheel build_pure_wheel documentation manual create_symlinks

+debug: remove_symlinks build_wheel build_pure_wheel create_symlinks
+
 upload:
 	@echo Ready to publish release, hit enter to continue
 	@read VOID
@@ -1,31 +1,50 @@
-Reticulum Network Stack β
+Reticulum Network Stack β <img align="right" src="https://static.pepy.tech/personalized-badge/rns?period=total&units=international_system&left_color=grey&right_color=blue&left_text=Installs"/>
 ==========

-<p align="center"><img width="200" src="https://unsigned.io/wp-content/uploads/2022/03/reticulum_logo_512.png"></p>
+<p align="center"><img width="200" src="https://raw.githubusercontent.com/markqvist/Reticulum/master/docs/source/graphics/rns_logo_512.png"></p>

-Reticulum is the cryptography-based networking stack for wide-area networks built on readily available hardware. It can operate even with very high latency and extremely low bandwidth. Reticulum allows you to build wide-area networks with off-the-shelf tools, and offers end-to-end encryption and connectivity, initiator anonymity, autoconfiguring cryptographically backed multi-hop transport, efficient addressing, unforgeable delivery acknowledgements and more.
+Reticulum is the cryptography-based networking stack for building local and wide-area
+networks with readily available hardware. It can operate even with very high latency
+and extremely low bandwidth. Reticulum allows you to build wide-area networks
+with off-the-shelf tools, and offers end-to-end encryption and connectivity,
+initiator anonymity, autoconfiguring cryptographically backed multi-hop
+transport, efficient addressing, unforgeable delivery acknowledgements and
+more.

-The vision of Reticulum is to allow anyone to be their own network operator, and to make it cheap and easy to cover vast areas with a myriad of independent, interconnectable and autonomous networks. Reticulum **is not** *one* network. It is **a tool** for building *thousands of networks*. Networks without kill-switches, surveillance, censorship and control. Networks that can freely interoperate, associate and disassociate with each other, and require no central oversight. Networks for human beings. *Networks for the people*.
+The vision of Reticulum is to allow anyone to be their own network operator,
+and to make it cheap and easy to cover vast areas with a myriad of independent,
+inter-connectable and autonomous networks. Reticulum **is not** *one* network.
+It is **a tool** for building *thousands of networks*. Networks without
+kill-switches, surveillance, censorship and control. Networks that can freely
+interoperate, associate and disassociate with each other, and require no
+central oversight. Networks for human beings. *Networks for the people*.

-Reticulum is a complete networking stack, and does not rely on IP or higher layers, but it is possible to use IP as the underlying carrier for Reticulum. It is therefore trivial to tunnel Reticulum over the Internet or private IP networks.
+Reticulum is a complete networking stack, and does not rely on IP or higher
+layers, but it is possible to use IP as the underlying carrier for Reticulum.
+It is therefore trivial to tunnel Reticulum over the Internet or private IP
+networks.

-Having no dependencies on traditional networking stacks frees up overhead that has been used to implement a networking stack built directly on cryptographic principles, allowing resilience and stable functionality, even in open and trustless networks.
+Having no dependencies on traditional networking stacks frees up overhead that
+has been used to implement a networking stack built directly on cryptographic
+principles, allowing resilience and stable functionality, even in open and
+trustless networks.

-No kernel modules or drivers are required. Reticulum runs completely in userland, and can run on practically any system that runs Python 3.
+No kernel modules or drivers are required. Reticulum runs completely in
+userland, and can run on practically any system that runs Python 3.

 ## Read The Manual
 The full documentation for Reticulum is available at [markqvist.github.io/Reticulum/manual/](https://markqvist.github.io/Reticulum/manual/).

 You can also [download the Reticulum manual as a PDF](https://github.com/markqvist/Reticulum/raw/master/docs/Reticulum%20Manual.pdf)

-For more info, see [unsigned.io/projects/reticulum](https://unsigned.io/projects/reticulum/)
+For more info, see [reticulum.network](https://reticulum.network/)

 ## Notable Features
- Coordination-less globally unique adressing and identification
+- Coordination-less globally unique addressing and identification
 - Fully self-configuring multi-hop routing
- Complete initiator anonymity, communicate without revealing your identity
+- Initiator anonymity, communicate without revealing your identity
 - Asymmetric X25519 encryption and Ed25519 signatures as a basis for all communication
- Forward Secrecy with ephemereal Elliptic Curve Diffie-Hellman keys on Curve25519
+- Forward Secrecy with ephemeral Elliptic Curve Diffie-Hellman keys on Curve25519
 - Reticulum uses the [Fernet](https://github.com/fernet/spec/blob/master/Spec.md) specification for on-the-wire / over-the-air encryption
  - Keys are ephemeral and derived from an ECDH key exchange on Curve25519
  - AES-128 in CBC mode with PKCS7 padding
@@ -34,67 +53,111 @@ For more info, see [unsigned.io/projects/reticulum](https://unsigned.io/projects
 - Unforgeable packet delivery confirmations
 - A variety of supported interface types
 - An intuitive and easy-to-use API
- Reliable and efficient transfer of arbritrary amounts of data
+- Reliable and efficient transfer of arbitrary amounts of data
  - Reticulum can handle a few bytes of data or files of many gigabytes
-  - Sequencing, transfer coordination and checksumming is automatic
+  - Sequencing, transfer coordination and checksumming are automatic
  - The API is very easy to use, and provides transfer progress
 - Lightweight, flexible and expandable Request/Response mechanism
 - Efficient link establishment
-  - Total bandwidth cost of setting up an encrypted link is 3 packets totalling 237 bytes
-  - Low cost of keeping links open at only 0.62 bits per second
+  - Total bandwidth cost of setting up an encrypted link is 3 packets totaling 297 bytes
+  - Low cost of keeping links open at only 0.44 bits per second
+
+## Roadmap
+While Reticulum is already a fully featured and functional networking stack, many improvements and additions are actively being worked on, and planned for the future.
+
+To learn more about the direction and future of Reticulum, please see the [Development Roadmap](./Roadmap.md).

 ## Examples of Reticulum Applications
-If you want to quickly get an idea of what Reticulum can do, take a look at the following resources.
+If you want to quickly get an idea of what Reticulum can do, take a look at the
+following resources.

- [LXMF](https://github.com/markqvist/lxmf) is a distributed, delay and disruption tolerant message transfer protocol built on Reticulum
+- You can use the [rnsh](https://github.com/acehoss/rnsh) program to establish remote shell sessions over Reticulum.
 - For an off-grid, encrypted and resilient mesh communications platform, see [Nomad Network](https://github.com/markqvist/NomadNet)
- The Android, Linux and macOS app [Sideband](https://unsigned.io/sideband) has a graphical interface and focuses on ease of use.
+- The Android, Linux and macOS app [Sideband](https://github.com/markqvist/Sideband) has a graphical interface and focuses on ease of use.
+- [LXMF](https://github.com/markqvist/lxmf) is a distributed, delay and disruption tolerant message transfer protocol built on Reticulum

 ## Where can Reticulum be used?
-Over practically any medium that can support at least a half-duplex channel with 500 bits per second throughput, and an MTU of 500 bytes. Data radios, modems, LoRa radios, serial lines, AX.25 TNCs, amateur radio digital modes, ad-hoc WiFi, free-space optical links and similar systems are all examples of the types of interfaces Reticulum was designed for.
+Over practically any medium that can support at least a half-duplex channel
+with 500 bits per second throughput, and an MTU of 500 bytes. Data radios,
+modems, LoRa radios, serial lines, AX.25 TNCs, amateur radio digital modes,
+WiFi and Ethernet devices, free-space optical links, and similar systems are
+all examples of the types of physical devices Reticulum can use.

-An open-source LoRa-based interface called [RNode](https://unsigned.io/projects/rnode/) has been designed specifically for use with Reticulum. It is possible to build yourself, or it can be purchased as a complete transceiver that just needs a USB connection to the host.
+An open-source LoRa-based interface called
+[RNode](https://markqvist.github.io/Reticulum/manual/hardware.html#rnode) has
+been designed specifically for use with Reticulum. It is possible to build
+yourself, or it can be purchased as a complete transceiver that just needs a
+USB connection to the host.

-Reticulum can also be encapsulated over existing IP networks, so there's nothing stopping you from using it over wired ethernet or your local WiFi network, where it'll work just as well. In fact, one of the strengths of Reticulum is how easily it allows you to connect different mediums into a self-configuring, resilient and encrypted mesh.
+Reticulum can also be encapsulated over existing IP networks, so there's
+nothing stopping you from using it over wired Ethernet, your local WiFi network
+or the Internet, where it'll work just as well. In fact, one of the strengths
+of Reticulum is how easily it allows you to connect different mediums into a
+self-configuring, resilient and encrypted mesh, using any available mixture of
+available infrastructure.

-As an example, it's possible to set up a Raspberry Pi connected to both a LoRa radio, a packet radio TNC and a WiFi network. Once the interfaces are configured, Reticulum will take care of the rest, and any device on the WiFi network can communicate with nodes on the LoRa and packet radio sides of the network, and vice versa.
+As an example, it's possible to set up a Raspberry Pi connected to both a LoRa
+radio, a packet radio TNC and a WiFi network. Once the interfaces are
+configured, Reticulum will take care of the rest, and any device on the WiFi
+network can communicate with nodes on the LoRa and packet radio sides of the
+network, and vice versa.

 ## How do I get started?
 The best way to get started with the Reticulum Network Stack depends on what
-you want to do. For full details and examples, have a look at the [Getting Started Fast](https://markqvist.github.io/Reticulum/manual/gettingstartedfast.html) section of the [Reticulum Manual](https://markqvist.github.io/Reticulum/manual/).
+you want to do. For full details and examples, have a look at the 
+[Getting Started Fast](https://markqvist.github.io/Reticulum/manual/gettingstartedfast.html) 
+section of the [Reticulum Manual](https://markqvist.github.io/Reticulum/manual/).

 To simply install Reticulum and related utilities on your system, the easiest way is via pip:

 ```bash
-pip3 install rns
+pip install rns
 ```

-You can then start any program that uses Reticulum, or start Reticulum as a system service with [the rnsd utility](https://markqvist.github.io/Reticulum/manual/using.html#the-rnsd-utility).
+You can then start any program that uses Reticulum, or start Reticulum as a
+system service with [the rnsd utility](https://markqvist.github.io/Reticulum/manual/using.html#the-rnsd-utility).

-When first started, Reticulum will create a default configuration file, providing basic connectivity to other Reticulum peers. The default config file contains examples for using Reticulum with LoRa transceivers (specifically [RNode](https://unsigned.io/projects/rnode/)), packet radio TNCs/modems, TCP and UDP.
+When first started, Reticulum will create a default configuration file,
+providing basic connectivity to other Reticulum peers that might be locally
+reachable. The default config file contains a few examples, and references for
+creating a more complex configuration.

-You can use the examples in the config file to expand communication over many mediums such as packet radio or LoRa (with [RNode](https://unsigned.io/projects/rnode/)), serial ports, or over fast IP links and the Internet using the UDP and TCP interfaces. For more detailed examples, take a look at the [Supported Interfaces](https://markqvist.github.io/Reticulum/manual/interfaces.html) section of the [Reticulum Manual](https://markqvist.github.io/Reticulum/manual/).
+If you have an old version of `pip` on your system, you may need to upgrade it first with `pip install pip --upgrade`. If you no not already have `pip` installed, you can install it using the package manager of your system with `sudo apt install python3-pip` or similar.
+
+For more detailed examples on how to expand communication over many mediums such 
+as packet radio or LoRa, serial ports, or over fast IP links and the Internet using 
+the UDP and TCP interfaces, take a look at the [Supported Interfaces](https://markqvist.github.io/Reticulum/manual/interfaces.html) 
+section of the [Reticulum Manual](https://markqvist.github.io/Reticulum/manual/).

 ## Included Utilities
-Reticulum includes a range of useful utilities for managing your networks, viewing status and information, and other tasks. You can read more about these programs in the [Included Utility Programs](https://markqvist.github.io/Reticulum/manual/using.html#included-utility-programs) section of the [Reticulum Manual](https://markqvist.github.io/Reticulum/manual/).
+Reticulum includes a range of useful utilities for managing your networks, 
+viewing status and information, and other tasks. You can read more about these 
+programs in the [Included Utility Programs](https://markqvist.github.io/Reticulum/manual/using.html#included-utility-programs) 
+section of the [Reticulum Manual](https://markqvist.github.io/Reticulum/manual/).

 - The system daemon `rnsd` for running Reticulum as an always-available service
 - An interface status utility called `rnstatus`, that displays information about interfaces
- The path lookup and and management tool `rnpath` letting you view and modify path tables
+- The path lookup and management tool `rnpath` letting you view and modify path tables
 - A diagnostics tool called `rnprobe` for checking connectivity to destinations
- A simple file transfer program called `rncp` making easy to copy files to remote systems
- The remote command execution program `rnx` that let's you run commands and programs and retrieve output from remote systems
+- A simple file transfer program called `rncp` making it easy to copy files to remote systems
+- The remote command execution program `rnx` let's you run commands and
+  programs and retrieve output from remote systems

-All tools, including `rnx` and `rncp`, work reliably and well even over very low-bandwidth links like LoRa or Packet Radio.
+All tools, including `rnx` and `rncp`, work reliably and well even over very
+low-bandwidth links like LoRa or Packet Radio.

 ## Supported interface types and devices

-Reticulum implements a range of generalised interface types that covers most of the communications hardware that Reticulum can run over. If your hardware is not supported, it's relatively simple to implement an interface class. I will gratefully accept pull requests for custom interfaces if they are generally useful.
+Reticulum implements a range of generalised interface types that covers most of
+the communications hardware that Reticulum can run over. If your hardware is
+not supported, it's relatively simple to implement an interface class. I will
+gratefully accept pull requests for custom interfaces if they are generally
+useful.

 Currently, the following interfaces are supported:

- Any ethernet device
- LoRa using [RNode](https://unsigned.io/projects/rnode/)
+- Any Ethernet device
+- LoRa using [RNode](https://unsigned.io/rnode/)
 - Packet Radio TNCs (with or without AX.25)
 - KISS-compatible hardware and software modems
 - Any device with a serial port
@@ -104,79 +167,85 @@ Currently, the following interfaces are supported:
 - Custom hardware via stdio or pipes

 ## Performance
-Reticulum targets a *very* wide usable performance envelope, but prioritises functionality and performance over low-bandwidth mediums. The goal is to provide a dynamic performance envelope from 250 bits per second, to 1 gigabit per second on normal hardware.
+Reticulum targets a *very* wide usable performance envelope, but prioritises
+functionality and performance on low-bandwidth mediums. The goal is to
+provide a dynamic performance envelope from 250 bits per second, to 1 gigabit
+per second on normal hardware.

-Currently, the usable performance envelope is approximately 500 bits per second to 20 megabits per second, with physical mediums faster than that not being saturated. Performance beyond the current level is intended for future upgrades, but not highly prioritised at this point in time.
+Currently, the usable performance envelope is approximately 500 bits per second
+to 20 megabits per second, with physical mediums faster than that not being
+saturated. Performance beyond the current level is intended for future
+upgrades, but not highly prioritised at this point in time.

 ## Current Status
-Reticulum should currently be considered beta software. All core protocol features are implemented and functioning, but additions will probably occur as real-world use is explored. There will be bugs. The API and wire-format can be considered relatively stable at the moment, but could change if warranted.
-
-## Development Roadmap
- Version 0.3.9
-  - Expansion of address space to 128 bits
-  - Performance and memory optimisations
-  - Utilities for managing identities, signing and encryption
- Version 0.4.0
-  - Improving [the manual](https://markqvist.github.io/Reticulum/manual/) with sections specifically for beginners
-  - User friendly interface configuration tool
-  - Support for radio and modem interfaces on Android
-  - More interface types for even broader compatibility
-    - Plain ESP32 devices (ESP-Now, WiFi, Bluetooth, etc.)
-    - More LoRa transceivers
-    - IR Transceivers
- Planned, but not yet scheduled
-  - Network-wide path balancing
-  - Globally routable multicast
-  - Bindings for other programming languages
-  - A portable Reticulum implementation in C, see [#21](https://github.com/markqvist/Reticulum/discussions/21)
-  - Easy way to share interface configurations, see [#19](https://github.com/markqvist/Reticulum/discussions/19)
-  - More interface types
-    - AT-compatible modems
-    - AWDL / OWL
-    - HF Modems
-    - CAN-bus
-    - ZeroMQ
-    - MQTT
-    - SPI
-    - i²c
-
-
+Reticulum should currently be considered beta software. All core protocol
+features are implemented and functioning, but additions will probably occur as
+real-world use is explored. There will be bugs. The API and wire-format can be
+considered relatively stable at the moment, but could change if warranted.

 ## Dependencies
-The installation of the default `rns` package requires the dependencies listed below. Almost all systems and distributions have readily available packages for these dependencies, and when the `rns` package is installed with `pip`, they will be downloaded and installed as well.
+The installation of the default `rns` package requires the dependencies listed
+below. Almost all systems and distributions have readily available packages for
+these dependencies, and when the `rns` package is installed with `pip`, they
+will be downloaded and installed as well.

 - [PyCA/cryptography](https://github.com/pyca/cryptography)
- [netifaces](https://github.com/al45tair/netifaces)
 - [pyserial](https://github.com/pyserial/pyserial)

-On more unusual systems, and in some rare cases, it might not be possible to install or even compile one or more of the above modules. In such situations, you can use the `rnspure` package instead, which require no external dependencies for installation. Please note that the contents of the `rns` and `rnspure` packages are *identical*. The only difference is that the `rnspure` package lists no dependencies required for installation.
+On more unusual systems, and in some rare cases, it might not be possible to
+install or even compile one or more of the above modules. In such situations,
+you can use the `rnspure` package instead, which require no external
+dependencies for installation. Please note that the contents of the `rns` and
+`rnspure` packages are *identical*. The only difference is that the `rnspure`
+package lists no dependencies required for installation.

-No matter how Reticulum is installed and started, it will load external dependencies only if they are *needed* and *available*. If for example you want to use Reticulum on a system that cannot support [pyserial](https://github.com/pyserial/pyserial), it is perfectly possible to do so using the `rnspure` package, but Reticulum will not be able to use serial-based interfaces. All other available modules will still be loaded when needed.
+No matter how Reticulum is installed and started, it will load external
+dependencies only if they are *needed* and *available*. If for example you want
+to use Reticulum on a system that cannot support
+[pyserial](https://github.com/pyserial/pyserial), it is perfectly possible to
+do so using the `rnspure` package, but Reticulum will not be able to use
+serial-based interfaces. All other available modules will still be loaded when
+needed.

-**Please Note!** If you use the `rnspure` package to run Reticulum on systems that do not support [PyCA/cryptography](https://github.com/pyca/cryptography), it is important that you read and understand the [Cryptographic Primitives](#cryptographic-primitives) section of this document.
+**Please Note!** If you use the `rnspure` package to run Reticulum on systems
+that do not support [PyCA/cryptography](https://github.com/pyca/cryptography),
+it is important that you read and understand the [Cryptographic
+Primitives](#cryptographic-primitives) section of this document.

 ## Public Testnet
-If you just want to get started experimenting without building any physical networks, you are welcome to join the Unsigned.io RNS Testnet. The testnet is just that, an informal network for testing and experimenting. It will be up most of the time, and anyone can join, but it also means that there's no guarantees for service availability.
+If you just want to get started experimenting without building any physical
+networks, you are welcome to join the Unsigned.io RNS Testnet. The testnet is
+just that, an informal network for testing and experimenting. It will be up
+most of the time, and anyone can join, but it also means that there's no
+guarantees for service availability.

-The testnet runs the very latest version of Reticulum (often even a short while before it is publicly released). Sometimes experimental versions of Reticulum might be deployed to nodes on the testnet, which means strange behaviour might occur. If none of that scares you, you can join the testnet via eihter TCP or I2P. Just add one of the following interfaces to your Reticulum configuration file:
+The testnet runs the very latest version of Reticulum (often even a short while
+before it is publicly released). Sometimes experimental versions of Reticulum
+might be deployed to nodes on the testnet, which means strange behaviour might
+occur. If none of that scares you, you can join the testnet via either TCP or
+I2P. Just add one of the following interfaces to your Reticulum configuration
+file:

 ```
-# For connecting over TCP/IP:
-
-  [[RNS Testnet Frankfurt]]
+# TCP/IP interface to the RNS Dublin Hub
+  [[RNS Testnet Dublin]]
    type = TCPClientInterface
-    interface_enabled = yes
-    outgoing = True
-    target_host = frankfurt.rns.unsigned.io
+    enabled = yes
+    target_host = dublin.connect.reticulum.network
    target_port = 4965

+# TCP/IP interface to the BetweenTheBorders Hub (community-provided)
+  [[RNS Testnet BetweenTheBorders]]
+    type = TCPClientInterface
+    enabled = yes
+    target_host = betweentheborders.com
+    target_port = 4242

-# For connecting over I2P:
-
-  [[RNS Testnet I2P Node A]]
+# Interface to Testnet I2P Hub
+  [[RNS Testnet I2P Hub]]
    type = I2PInterface
-    interface_enabled = yes
-    peers = ykzlw5ujbaqc2xkec4cpvgyxj257wcrmmgkuxqmqcur7cq3w3lha.b32.i2p
+    enabled = yes
+    peers = pmlm3l5rpympihoy2o5ago43kluei2jjjzsalcuiuylbve3mwi2a.b32.i2p
 ```

 The testnet also contains a number of [Nomad Network](https://github.com/markqvist/nomadnet) nodes, and LXMF propagation nodes.
@@ -185,10 +254,8 @@ The testnet also contains a number of [Nomad Network](https://github.com/markqvi
 You can help support the continued development of open, free and private communications systems by donating via one of the following channels:

 - Monero:
-  ```
-  84FpY1QbxHcgdseePYNmhTHcrgMX4nFf
-  BYtz2GKYToqHVVhJp8Eaw1Z1EedRnKD1
-  9b3B8NiLCGVxzKV17UMmmeEsCrPyA5w
+ ```
+  84FpY1QbxHcgdseePYNmhTHcrgMX4nFfBYtz2GKYToqHVVhJp8Eaw1Z1EedRnKD19b3B8NiLCGVxzKV17UMmmeEsCrPyA5w
  ```
 - Ethereum
  ```
@@ -200,21 +267,31 @@ You can help support the continued development of open, free and private communi
  ```
 - Ko-Fi: https://ko-fi.com/markqvist

-Are certain features in the development roadmap are important to you or your organisation? Make them a reality quickly by sponsoring their implementation.
+Are certain features in the development roadmap are important to you or your
+organisation? Make them a reality quickly by sponsoring their implementation.

 ## Cryptographic Primitives
-Reticulum has been designed to use a simple suite of efficient, strong and modern cryptographic primitives, with widely available implementations that can be used both on general-purpose CPUs and on microcontrollers. The necessary primitives are:
+Reticulum uses a simple suite of efficient, strong and modern cryptographic
+primitives, with widely available implementations that can be used both on
+general-purpose CPUs and on microcontrollers. The necessary primitives are:

 - Ed25519 for signatures
 - X22519 for ECDH key exchanges
 - HKDF for key derivation
- Fernet for encrypted tokens
+- Modified Fernet for encrypted tokens
  - AES-128 in CBC mode
  - HMAC for message authentication
+  - No Fernet version and timestamp fields
 - SHA-256
 - SHA-512

-In the default installation configuration, the `X25519`, `Ed25519` and `AES-128-CBC` primitives are provided by [OpenSSL](https://www.openssl.org/) (via the [PyCA/cryptography](https://github.com/pyca/cryptography) package). The hashing functions `SHA-256` and `SHA-512` are provided by the standard Python [hashlib](https://docs.python.org/3/library/hashlib.html). The `HKDF`, `HMAC`, `Fernet` primitives, and the `PKCS7` padding function are always provided by the following internal implementations:
+In the default installation configuration, the `X25519`, `Ed25519` and
+`AES-128-CBC` primitives are provided by [OpenSSL](https://www.openssl.org/)
+(via the [PyCA/cryptography](https://github.com/pyca/cryptography) package).
+The hashing functions `SHA-256` and `SHA-512` are provided by the standard
+Python [hashlib](https://docs.python.org/3/library/hashlib.html). The `HKDF`,
+`HMAC`, `Fernet` primitives, and the `PKCS7` padding function are always
+provided by the following internal implementations:

 - [HKDF.py](RNS/Cryptography/HKDF.py)
 - [HMAC.py](RNS/Cryptography/HMAC.py)
@@ -222,16 +299,33 @@ In the default installation configuration, the `X25519`, `Ed25519` and `AES-128-
 - [PKCS7.py](RNS/Cryptography/PKCS7.py)


-Reticulum also includes a complete implementation of all necessary primitives in pure Python. If OpenSSL & PyCA are not available on the system when Reticulum is started, Reticulum will instead use the internal pure-python primitives. A trivial consequence of this is performance, with the OpenSSL backend being *much* faster. The most important consequence however, is the potential loss of security by using primitives that has not seen the same amount of scrutiny, testing and review as those from OpenSSL.
+Reticulum also includes a complete implementation of all necessary primitives
+in pure Python. If OpenSSL & PyCA are not available on the system when
+Reticulum is started, Reticulum will instead use the internal pure-python
+primitives. A trivial consequence of this is performance, with the OpenSSL
+backend being *much* faster. The most important consequence however, is the
+potential loss of security by using primitives that has not seen the same
+amount of scrutiny, testing and review as those from OpenSSL.

-If you want to use the internal pure-python primitives, it is **highly advisable** that you have a good understanding of the risks that this pose, and make an informed decision on whether those risks are acceptable to you.
+If you want to use the internal pure-python primitives, it is **highly
+advisable** that you have a good understanding of the risks that this pose, and
+make an informed decision on whether those risks are acceptable to you.

-Reticulum is relatively young software, and should be considered as such. While it has been built with cryptography best-practices very foremost in mind, it _has not_ been externally security audited, and there could very well be privacy or security breaking bugs. If you want to help out, or help sponsor an audit, please do get in touch.
+Reticulum is relatively young software, and should be considered as such. While
+it has been built with cryptography best-practices very foremost in mind, it
+_has not_ been externally security audited, and there could very well be
+privacy or security breaking bugs. If you want to help out, or help sponsor an
+audit, please do get in touch.

 ## Acknowledgements & Credits
-Reticulum can only exist because of the mountain of Open Source work it was built on top of, the contributions of everyone involved, and everyone that has supported the project through the years. To everyone who has helped, thank you so much.
+Reticulum can only exist because of the mountain of Open Source work it was
+built on top of, the contributions of everyone involved, and everyone that has
+supported the project through the years. To everyone who has helped, thank you
+so much.

-A number of other modules and projects are either part of, or used by Reticulum. Sincere thanks to the authors and contributors of the following projects:
+A number of other modules and projects are either part of, or used by
+Reticulum. Sincere thanks to the authors and contributors of the following
+projects:

 - [PyCA/cryptography](https://github.com/pyca/cryptography), *BSD License*
 - [Pure-25519](https://github.com/warner/python-pure25519) by [Brian Warner](https://github.com/warner), *MIT License*
@@ -240,8 +334,8 @@ A number of other modules and projects are either part of, or used by Reticulum.
 - [Curve25519.py](https://gist.github.com/nickovs/cc3c22d15f239a2640c185035c06f8a3#file-curve25519-py) by [Nicko van Someren](https://gist.github.com/nickovs), *Public Domain*
 - [I2Plib](https://github.com/l-n-s/i2plib) by [Viktor Villainov](https://github.com/l-n-s)
 - [PySerial](https://github.com/pyserial/pyserial) by Chris Liechti, *BSD License*
- [Netifaces](https://github.com/al45tair/netifaces) by [Alastair Houghton](https://github.com/al45tair), *MIT License*
 - [Configobj](https://github.com/DiffSK/configobj) by Michael Foord, Nicola Larosa, Rob Dennis & Eli Courtwright, *BSD License*
 - [Six](https://github.com/benjaminp/six) by [Benjamin Peterson](https://github.com/benjaminp), *MIT License*
+- [ifaddr](https://github.com/pydron/ifaddr) by [Pydron](https://github.com/pydron), *MIT License*
 - [Umsgpack.py](https://github.com/vsergeev/u-msgpack-python) by [Ivan A. Sergeev](https://github.com/vsergeev)
 - [Python](https://www.python.org)
@@ -0,0 +1,303 @@
+from __future__ import annotations
+import bz2
+import sys
+import threading
+from threading import RLock
+import struct
+from RNS.Channel import Channel, MessageBase, SystemMessageTypes
+import RNS
+from io import RawIOBase, BufferedRWPair, BufferedReader, BufferedWriter
+from typing import Callable
+from contextlib import AbstractContextManager
+
+class StreamDataMessage(MessageBase):
+    MSGTYPE = SystemMessageTypes.SMT_STREAM_DATA
+    """
+    Message type for ``Channel``. ``StreamDataMessage``
+    uses a system-reserved message type.
+    """
+
+    STREAM_ID_MAX = 0x3fff  # 16383
+    """
+    The stream id is limited to 2 bytes - 2 bit
+    """
+
+    MAX_DATA_LEN = RNS.Link.MDU - 2 - 6  # 2 for stream data message header, 6 for channel envelope
+    """
+    When the Buffer package is imported, this value is
+    calculcated based on the value of OVERHEAD
+    """
+
+    def __init__(self, stream_id: int = None, data: bytes = None, eof: bool = False):
+        """
+        This class is used to encapsulate binary stream
+        data to be sent over a ``Channel``.
+
+        :param stream_id: id of stream relative to receiver
+        :param data: binary data
+        :param eof: set to True if signalling End of File
+        """
+        super().__init__()
+        if stream_id is not None and stream_id > self.STREAM_ID_MAX:
+            raise ValueError("stream_id must be 0-16383")
+        self.stream_id = stream_id
+        self.compressed = False
+        self.data = data or bytes()
+        self.eof = eof
+
+    def pack(self) -> bytes:
+        if self.stream_id is None:
+            raise ValueError("stream_id")
+
+        compressed_data   = bz2.compress(self.data)
+        saved = len(self.data)-len(compressed_data)
+
+        if saved > 0:
+            self.data = compressed_data
+            self.compressed = True
+
+        header_val = (0x3fff & self.stream_id) | (0x8000 if self.eof else 0x0000) | (0x4000 if self.compressed > 0 else 0x0000)
+        return bytes(struct.pack(">H", header_val) + (self.data if self.data else bytes()))
+
+    def unpack(self, raw):
+        self.stream_id = struct.unpack(">H", raw[:2])[0]
+        self.eof = (0x8000 & self.stream_id) > 0
+        self.compressed = (0x4000 & self.stream_id) > 0
+        self.stream_id = self.stream_id & 0x3fff
+        self.data = raw[2:]
+        if self.compressed:
+            self.data = bz2.decompress(self.data)
+
+
+class RawChannelReader(RawIOBase, AbstractContextManager):
+    """
+    An implementation of RawIOBase that receives
+    binary stream data sent over a ``Channel``.
+
+      This class generally need not be instantiated directly.
+      Use :func:`RNS.Buffer.create_reader`,
+      :func:`RNS.Buffer.create_writer`, and
+      :func:`RNS.Buffer.create_bidirectional_buffer` functions
+      to create buffered streams with optional callbacks.
+
+      For additional information on the API of this
+      object, see the Python documentation for
+      ``RawIOBase``.
+    """
+    def __init__(self, stream_id: int, channel: Channel):
+        """
+        Create a raw channel reader.
+
+        :param stream_id: local stream id to receive at
+        :param channel: ``Channel`` object to receive from
+        """
+        self._stream_id = stream_id
+        self._channel = channel
+        self._lock = RLock()
+        self._buffer = bytearray()
+        self._eof = False
+        self._channel._register_message_type(StreamDataMessage, is_system_type=True)
+        self._channel.add_message_handler(self._handle_message)
+        self._listeners: [Callable[[int], None]] = []
+
+    def add_ready_callback(self, cb: Callable[[int], None]):
+        """
+        Add a function to be called when new data is available.
+        The function should have the signature ``(ready_bytes: int) -> None``
+
+        :param cb: function to call
+        """
+        with self._lock:
+            self._listeners.append(cb)
+
+    def remove_ready_callback(self, cb: Callable[[int], None]):
+        """
+        Remove a function added with :func:`RNS.RawChannelReader.add_ready_callback()`
+
+        :param cb: function to remove
+        """
+        with self._lock:
+            self._listeners.remove(cb)
+
+    def _handle_message(self, message: MessageBase):
+        if isinstance(message, StreamDataMessage):
+            if message.stream_id == self._stream_id:
+                with self._lock:
+                    if message.data is not None:
+                        self._buffer.extend(message.data)
+                    if message.eof:
+                        self._eof = True
+                    for listener in self._listeners:
+                        try:
+                            listener(len(self._buffer))
+                        except Exception as ex:
+                            RNS.log("Error calling RawChannelReader(" + str(self._stream_id) + ") callback: " + str(ex))
+                    return True
+        return False
+
+    def _read(self, __size: int) -> bytes | None:
+        with self._lock:
+            result = self._buffer[:__size]
+            self._buffer = self._buffer[__size:]
+            return result if len(result) > 0 or self._eof else None
+
+    def readinto(self, __buffer: bytearray) -> int | None:
+        ready = self._read(len(__buffer))
+        if ready is not None:
+            __buffer[:len(ready)] = ready
+        return len(ready) if ready is not None else None
+
+    def writable(self) -> bool:
+        return False
+
+    def seekable(self) -> bool:
+        return False
+
+    def readable(self) -> bool:
+        return True
+
+    def close(self):
+        with self._lock:
+            self._channel.remove_message_handler(self._handle_message)
+            self._listeners.clear()
+
+    def __enter__(self):
+        return self
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        self.close()
+        return False
+
+
+class RawChannelWriter(RawIOBase, AbstractContextManager):
+    """
+    An implementation of RawIOBase that receives
+    binary stream data sent over a channel.
+
+      This class generally need not be instantiated directly.
+      Use :func:`RNS.Buffer.create_reader`,
+      :func:`RNS.Buffer.create_writer`, and
+      :func:`RNS.Buffer.create_bidirectional_buffer` functions
+      to create buffered streams with optional callbacks.
+
+      For additional information on the API of this
+      object, see the Python documentation for
+      ``RawIOBase``.
+    """
+    def __init__(self, stream_id: int, channel: Channel):
+        """
+        Create a raw channel writer.
+
+        :param stream_id: remote stream id to sent do
+        :param channel: ``Channel`` object to send on
+        """
+        self._stream_id = stream_id
+        self._channel = channel
+        self._eof = False
+
+    def write(self, __b: bytes) -> int | None:
+        try:
+            chunk = bytes(__b[:StreamDataMessage.MAX_DATA_LEN])
+            message = StreamDataMessage(self._stream_id, chunk, self._eof)
+            self._channel.send(message)
+            return len(chunk)
+        except RNS.Channel.ChannelException as cex:
+            if cex.type != RNS.Channel.CEType.ME_LINK_NOT_READY:
+                raise
+        return 0
+
+    def close(self):
+        self._eof = True
+        self.write(bytes())
+
+    def __enter__(self):
+        return self
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        self.close()
+        return False
+
+    def seekable(self) -> bool:
+        return False
+
+    def readable(self) -> bool:
+        return False
+
+    def writable(self) -> bool:
+        return True
+
+class Buffer:
+    """
+    Static functions for creating buffered streams that send
+    and receive over a ``Channel``.
+
+    These functions use ``BufferedReader``, ``BufferedWriter``,
+    and ``BufferedRWPair`` to add buffering to
+    ``RawChannelReader`` and ``RawChannelWriter``.
+    """
+    @staticmethod
+    def create_reader(stream_id: int, channel: Channel,
+                      ready_callback: Callable[[int], None] | None = None) -> BufferedReader:
+        """
+        Create a buffered reader that reads binary data sent
+        over a ``Channel``, with an optional callback when
+        new data is available.
+
+        Callback signature: ``(ready_bytes: int) -> None``
+
+        For more information on the reader-specific functions
+        of this object, see the Python documentation for
+        ``BufferedReader``
+
+        :param stream_id: the local stream id to receive from
+        :param channel: the channel to receive on
+        :param ready_callback: function to call when new data is available
+        :return: a BufferedReader object
+        """
+        reader = RawChannelReader(stream_id, channel)
+        if ready_callback:
+            reader.add_ready_callback(ready_callback)
+        return BufferedReader(reader)
+
+    @staticmethod
+    def create_writer(stream_id: int, channel: Channel) -> BufferedWriter:
+        """
+        Create a buffered writer that writes binary data over
+        a ``Channel``.
+
+        For more information on the writer-specific functions
+        of this object, see the Python documentation for
+        ``BufferedWriter``
+
+        :param stream_id: the remote stream id to send to
+        :param channel: the channel to send on
+        :return: a BufferedWriter object
+        """
+        writer = RawChannelWriter(stream_id, channel)
+        return BufferedWriter(writer)
+
+    @staticmethod
+    def create_bidirectional_buffer(receive_stream_id: int, send_stream_id: int, channel: Channel,
+                                    ready_callback: Callable[[int], None] | None = None) -> BufferedRWPair:
+        """
+        Create a buffered reader/writer pair that reads and
+        writes binary data over a ``Channel``, with an
+        optional callback when new data is available.
+
+        Callback signature: ``(ready_bytes: int) -> None``
+
+        For more information on the reader-specific functions
+        of this object, see the Python documentation for
+        ``BufferedRWPair``
+
+        :param receive_stream_id: the local stream id to receive at
+        :param send_stream_id:  the remote stream id to send to
+        :param channel: the channel to send and receive on
+        :param ready_callback: function to call when new data is available
+        :return: a BufferedRWPair object
+        """
+        reader = RawChannelReader(receive_stream_id, channel)
+        if ready_callback:
+            reader.add_ready_callback(ready_callback)
+        writer = RawChannelWriter(send_stream_id, channel)
+        return BufferedRWPair(reader, writer)
@@ -0,0 +1,654 @@
+# MIT License
+#
+# Copyright (c) 2016-2023 Mark Qvist / unsigned.io and contributors.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+from __future__ import annotations
+import collections
+import enum
+import threading
+import time
+from types import TracebackType
+from typing import Type, Callable, TypeVar, Generic, NewType
+import abc
+import contextlib
+import struct
+import RNS
+from abc import ABC, abstractmethod
+TPacket = TypeVar("TPacket")
+
+class SystemMessageTypes(enum.IntEnum):
+    SMT_STREAM_DATA = 0xff00
+
+class ChannelOutletBase(ABC, Generic[TPacket]):
+    """
+    An abstract transport layer interface used by Channel.
+
+    DEPRECATED: This was created for testing; eventually
+    Channel will use Link or a LinkBase interface
+    directly.
+    """
+    @abstractmethod
+    def send(self, raw: bytes) -> TPacket:
+        raise NotImplemented()
+
+    @abstractmethod
+    def resend(self, packet: TPacket) -> TPacket:
+        raise NotImplemented()
+
+    @property
+    @abstractmethod
+    def mdu(self):
+        raise NotImplemented()
+
+    @property
+    @abstractmethod
+    def rtt(self):
+        raise NotImplemented()
+
+    @property
+    @abstractmethod
+    def is_usable(self):
+        raise NotImplemented()
+
+    @abstractmethod
+    def get_packet_state(self, packet: TPacket) -> MessageState:
+        raise NotImplemented()
+
+    @abstractmethod
+    def timed_out(self):
+        raise NotImplemented()
+
+    @abstractmethod
+    def __str__(self):
+        raise NotImplemented()
+
+    @abstractmethod
+    def set_packet_timeout_callback(self, packet: TPacket, callback: Callable[[TPacket], None] | None,
+                                    timeout: float | None = None):
+        raise NotImplemented()
+
+    @abstractmethod
+    def set_packet_delivered_callback(self, packet: TPacket, callback: Callable[[TPacket], None] | None):
+        raise NotImplemented()
+
+    @abstractmethod
+    def get_packet_id(self, packet: TPacket) -> any:
+        raise NotImplemented()
+
+
+class CEType(enum.IntEnum):
+    """
+    ChannelException type codes
+    """
+    ME_NO_MSG_TYPE      = 0
+    ME_INVALID_MSG_TYPE = 1
+    ME_NOT_REGISTERED   = 2
+    ME_LINK_NOT_READY   = 3
+    ME_ALREADY_SENT     = 4
+    ME_TOO_BIG          = 5
+
+
+class ChannelException(Exception):
+    """
+    An exception thrown by Channel, with a type code.
+    """
+    def __init__(self, ce_type: CEType, *args):
+        super().__init__(args)
+        self.type = ce_type
+
+
+class MessageState(enum.IntEnum):
+    """
+    Set of possible states for a Message
+    """
+    MSGSTATE_NEW       = 0
+    MSGSTATE_SENT      = 1
+    MSGSTATE_DELIVERED = 2
+    MSGSTATE_FAILED    = 3
+
+
+class MessageBase(abc.ABC):
+    """
+    Base type for any messages sent or received on a Channel.
+    Subclasses must define the two abstract methods as well as
+    the ``MSGTYPE`` class variable.
+    """
+    # MSGTYPE must be unique within all classes sent over a
+    # channel. Additionally, MSGTYPE > 0xf000 are reserved.
+    MSGTYPE = None
+    """
+    Defines a unique identifier for a message class.
+    
+    * Must be unique within all classes registered with a ``Channel``
+    * Must be less than ``0xf000``. Values greater than or equal to ``0xf000`` are reserved.
+    """
+
+    @abstractmethod
+    def pack(self) -> bytes:
+        """
+        Create and return the binary representation of the message
+
+        :return: binary representation of message
+        """
+        raise NotImplemented()
+
+    @abstractmethod
+    def unpack(self, raw: bytes):
+        """
+        Populate message from binary representation
+
+        :param raw: binary representation
+        """
+        raise NotImplemented()
+
+
+MessageCallbackType = NewType("MessageCallbackType", Callable[[MessageBase], bool])
+
+
+class Envelope:
+    """
+    Internal wrapper used to transport messages over a channel and
+    track its state within the channel framework.
+    """
+    def unpack(self, message_factories: dict[int, Type]) -> MessageBase:
+        msgtype, self.sequence, length = struct.unpack(">HHH", self.raw[:6])
+        raw = self.raw[6:]
+        ctor = message_factories.get(msgtype, None)
+        if ctor is None:
+            raise ChannelException(CEType.ME_NOT_REGISTERED, f"Unable to find constructor for Channel MSGTYPE {hex(msgtype)}")
+        message = ctor()
+        message.unpack(raw)
+        return message
+
+    def pack(self) -> bytes:
+        if self.message.__class__.MSGTYPE is None:
+            raise ChannelException(CEType.ME_NO_MSG_TYPE, f"{self.message.__class__} lacks MSGTYPE")
+        data = self.message.pack()
+        self.raw = struct.pack(">HHH", self.message.MSGTYPE, self.sequence, len(data)) + data
+        return self.raw
+
+    def __init__(self, outlet: ChannelOutletBase, message: MessageBase = None, raw: bytes = None, sequence: int = None):
+        self.ts = time.time()
+        self.id = id(self)
+        self.message = message
+        self.raw = raw
+        self.packet: TPacket = None
+        self.sequence = sequence
+        self.outlet = outlet
+        self.tries = 0
+        self.tracked = False
+
+
+class Channel(contextlib.AbstractContextManager):
+    """
+    Provides reliable delivery of messages over
+    a link.
+
+    ``Channel`` differs from ``Request`` and
+    ``Resource`` in some important ways:
+
+     **Continuous**
+        Messages can be sent or received as long as
+        the ``Link`` is open.
+     **Bi-directional**
+        Messages can be sent in either direction on
+        the ``Link``; neither end is the client or
+        server.
+     **Size-constrained**
+        Messages must be encoded into a single packet.
+
+    ``Channel`` is similar to ``Packet``, except that it
+    provides reliable delivery (automatic retries) as well
+    as a structure for exchanging several types of
+    messages over the ``Link``.
+
+    ``Channel`` is not instantiated directly, but rather
+    obtained from a ``Link`` with ``get_channel()``.
+    """
+
+    # The initial window size at channel setup
+    WINDOW     = 2
+
+    # Absolute minimum window size
+    WINDOW_MIN = 1
+
+    # The maximum window size for transfers on slow links
+    WINDOW_MAX_SLOW      = 5
+
+    # The maximum window size for transfers on mid-speed links
+    WINDOW_MAX_MEDIUM    = 16
+
+    # The maximum window size for transfers on fast links
+    WINDOW_MAX_FAST      = 48
+    
+    # For calculating maps and guard segments, this
+    # must be set to the global maximum window.
+    WINDOW_MAX           = WINDOW_MAX_FAST
+    
+    # If the fast rate is sustained for this many request
+    # rounds, the fast link window size will be allowed.
+    FAST_RATE_THRESHOLD  = 10
+
+    # If the RTT rate is higher than this value,
+    # the max window size for fast links will be used.
+    RTT_FAST            = 0.25
+    RTT_MEDIUM          = 0.75
+    RTT_SLOW            = 1.45
+
+    # The minimum allowed flexibility of the window size.
+    # The difference between window_max and window_min
+    # will never be smaller than this value.
+    WINDOW_FLEXIBILITY   = 4
+
+    SEQ_MAX     = 0xFFFF
+    SEQ_MODULUS = SEQ_MAX+1
+
+    def __init__(self, outlet: ChannelOutletBase):
+        """
+
+        @param outlet:
+        """
+        self._outlet = outlet
+        self._lock = threading.RLock()
+        self._tx_ring: collections.deque[Envelope] = collections.deque()
+        self._rx_ring: collections.deque[Envelope] = collections.deque()
+        self._message_callbacks: [MessageCallbackType] = []
+        self._next_sequence = 0
+        self._next_rx_sequence = 0
+        self._message_factories: dict[int, Type[MessageBase]] = {}
+        self._max_tries = 5
+        self.fast_rate_rounds    = 0
+        self.medium_rate_rounds  = 0
+
+        if self._outlet.rtt > Channel.RTT_SLOW:
+            self.window              = 1
+            self.window_max          = 1
+            self.window_min          = 1
+            self.window_flexibility  = 1
+        else:
+            self.window              = Channel.WINDOW
+            self.window_max          = Channel.WINDOW_MAX_SLOW
+            self.window_min          = Channel.WINDOW_MIN
+            self.window_flexibility  = Channel.WINDOW_FLEXIBILITY
+
+    def __enter__(self) -> Channel:
+        return self
+
+    def __exit__(self, __exc_type: Type[BaseException] | None, __exc_value: BaseException | None,
+                 __traceback: TracebackType | None) -> bool | None:
+        self._shutdown()
+        return False
+
+    def register_message_type(self, message_class: Type[MessageBase]):
+        """
+        Register a message class for reception over a ``Channel``.
+
+        Message classes must extend ``MessageBase``.
+
+        :param message_class: Class to register
+        """
+        self._register_message_type(message_class, is_system_type=False)
+
+    def _register_message_type(self, message_class: Type[MessageBase], *, is_system_type: bool = False):
+        with self._lock:
+            if not issubclass(message_class, MessageBase):
+                raise ChannelException(CEType.ME_INVALID_MSG_TYPE,
+                                       f"{message_class} is not a subclass of {MessageBase}.")
+            if message_class.MSGTYPE is None:
+                raise ChannelException(CEType.ME_INVALID_MSG_TYPE,
+                                       f"{message_class} has invalid MSGTYPE class attribute.")
+            if message_class.MSGTYPE >= 0xf000 and not is_system_type:
+                raise ChannelException(CEType.ME_INVALID_MSG_TYPE,
+                                       f"{message_class} has system-reserved message type.")
+            try:
+                message_class()
+            except Exception as ex:
+                raise ChannelException(CEType.ME_INVALID_MSG_TYPE,
+                                       f"{message_class} raised an exception when constructed with no arguments: {ex}")
+
+            self._message_factories[message_class.MSGTYPE] = message_class
+
+    def add_message_handler(self, callback: MessageCallbackType):
+        """
+        Add a handler for incoming messages. A handler
+        has the following signature:
+
+        ``(message: MessageBase) -> bool``
+
+        Handlers are processed in the order they are
+        added. If any handler returns True, processing
+        of the message stops; handlers after the
+        returning handler will not be called.
+
+        :param callback: Function to call
+        """
+        with self._lock:
+            if callback not in self._message_callbacks:
+                self._message_callbacks.append(callback)
+
+    def remove_message_handler(self, callback: MessageCallbackType):
+        """
+        Remove a handler added with ``add_message_handler``.
+
+        :param callback: handler to remove
+        """
+        with self._lock:
+            if callback in self._message_callbacks:
+                self._message_callbacks.remove(callback)
+
+    def _shutdown(self):
+        with self._lock:
+            self._message_callbacks.clear()
+            self._clear_rings()
+
+    def _clear_rings(self):
+        with self._lock:
+            for envelope in self._tx_ring:
+                if envelope.packet is not None:
+                    self._outlet.set_packet_timeout_callback(envelope.packet, None)
+                    self._outlet.set_packet_delivered_callback(envelope.packet, None)
+            self._tx_ring.clear()
+            self._rx_ring.clear()
+
+    def _emplace_envelope(self, envelope: Envelope, ring: collections.deque[Envelope]) -> bool:
+        with self._lock:
+            i = 0
+            for existing in ring:
+                if existing.sequence > envelope.sequence \
+                   and not existing.sequence // 2 > envelope.sequence:  # account for overflow
+                    ring.insert(i, envelope)
+                    return True
+                if existing.sequence == envelope.sequence:
+                    RNS.log(f"Envelope: Emplacement of duplicate envelope with sequence "+str(envelope.sequence), RNS.LOG_EXTREME)
+                    return False
+                i += 1
+            envelope.tracked = True
+            ring.append(envelope)
+            return True
+
+    def _run_callbacks(self, message: MessageBase):
+        with self._lock:
+            cbs = self._message_callbacks.copy()
+
+        for cb in cbs:
+            try:
+                if cb(message):
+                    return
+            except Exception as e:
+                RNS.log("Channel "+str(self)+" experienced an error while running a message callback. The contained exception was: "+str(e), RNS.LOG_ERROR)
+
+    def _receive(self, raw: bytes):
+        try:
+            envelope = Envelope(outlet=self._outlet, raw=raw)
+            with self._lock:
+                message = envelope.unpack(self._message_factories)
+
+                if envelope.sequence < self._next_rx_sequence:
+                    window_overflow = (self._next_rx_sequence+Channel.WINDOW_MAX) % Channel.SEQ_MODULUS
+                    if window_overflow < self._next_rx_sequence:
+                        if envelope.sequence > window_overflow:
+                            RNS.log("Invalid packet sequence ("+str(envelope.sequence)+") received on channel "+str(self), RNS.LOG_DEBUG)
+                            return
+                    else:
+                        if envelope.sequence < self._next_rx_sequence:
+                            RNS.log("Invalid packet sequence ("+str(envelope.sequence)+") received on channel "+str(self), RNS.LOG_DEBUG)
+                            return
+
+                is_new = self._emplace_envelope(envelope, self._rx_ring)
+
+            if not is_new:
+                RNS.log("Duplicate message received on channel "+str(self), RNS.LOG_EXTREME)
+                return
+            else:            
+                with self._lock:
+                    contigous = []
+                    for e in self._rx_ring:
+                        if e.sequence == self._next_rx_sequence:
+                            contigous.append(e)
+                            self._next_rx_sequence = (self._next_rx_sequence + 1) % Channel.SEQ_MODULUS
+
+                    for e in contigous:
+                        m = e.unpack(self._message_factories)
+                        self._rx_ring.remove(e)
+                        threading.Thread(target=self._run_callbacks, name="Message Callback", args=[m], daemon=True).start()
+
+        except Exception as e:
+            RNS.log("An error ocurred while receiving data on "+str(self)+". The contained exception was: "+str(e), RNS.LOG_ERROR)
+
+    def is_ready_to_send(self) -> bool:
+        """
+        Check if ``Channel`` is ready to send.
+
+        :return: True if ready
+        """
+        if not self._outlet.is_usable:
+            return False
+
+        with self._lock:
+            outstanding = 0
+            for envelope in self._tx_ring:
+                if envelope.outlet == self._outlet: 
+                    if not envelope.packet or not self._outlet.get_packet_state(envelope.packet) == MessageState.MSGSTATE_DELIVERED:
+                        outstanding += 1
+
+            if outstanding >= self.window:
+                return False
+
+        return True
+
+    def _packet_tx_op(self, packet: TPacket, op: Callable[[TPacket], bool]):
+        with self._lock:
+            envelope = next(filter(lambda e: self._outlet.get_packet_id(e.packet) == self._outlet.get_packet_id(packet),
+                                   self._tx_ring), None)
+            if envelope and op(envelope):
+                envelope.tracked = False
+                if envelope in self._tx_ring:
+                    self._tx_ring.remove(envelope)
+
+                    if self.window < self.window_max:
+                        self.window += 1
+                        if (self.window - self.window_min) > (self.window_flexibility-1):
+                            self.window_min += 1
+
+                        # TODO: Remove at some point
+                        RNS.log("Increased "+str(self)+" window to "+str(self.window), RNS.LOG_DEBUG)
+
+                    if self._outlet.rtt != 0:
+                        if self._outlet.rtt > Channel.RTT_FAST:
+                            self.fast_rate_rounds = 0
+
+                            if self._outlet.rtt > Channel.RTT_MEDIUM:
+                                self.medium_rate_rounds = 0
+
+                            else:
+                                self.medium_rate_rounds += 1
+                                if self.window_max < Channel.WINDOW_MAX_MEDIUM and self.medium_rate_rounds == Channel.FAST_RATE_THRESHOLD:
+                                    self.window_max = Channel.WINDOW_MAX_MEDIUM
+                                    # TODO: Remove at some point
+                                    RNS.log("Increased "+str(self)+" max window to "+str(self.window_max), RNS.LOG_EXTREME)
+                            
+                        else:
+                            self.fast_rate_rounds += 1
+                            if self.window_max < Channel.WINDOW_MAX_FAST and self.fast_rate_rounds == Channel.FAST_RATE_THRESHOLD:
+                                self.window_max = Channel.WINDOW_MAX_FAST                                
+                                # TODO: Remove at some point
+                                RNS.log("Increased "+str(self)+" max window to "+str(self.window_max), RNS.LOG_EXTREME)
+
+
+
+                else:
+                    RNS.log("Envelope not found in TX ring for "+str(self), RNS.LOG_DEBUG)
+        if not envelope:
+            RNS.log("Spurious message received on "+str(self), RNS.LOG_EXTREME)
+
+    def _packet_delivered(self, packet: TPacket):
+        self._packet_tx_op(packet, lambda env: True)
+
+    def _get_packet_timeout_time(self, tries: int) -> float:
+        return pow(2, tries - 1) * max(self._outlet.rtt, 0.01) * 5
+
+    def _packet_timeout(self, packet: TPacket):
+        def retry_envelope(envelope: Envelope) -> bool:
+            if envelope.tries >= self._max_tries:
+                RNS.log("Retry count exceeded on "+str(self)+", tearing down Link.", RNS.LOG_ERROR)
+                self._shutdown()  # start on separate thread?
+                self._outlet.timed_out()
+                return True
+            envelope.tries += 1
+            self._outlet.resend(envelope.packet)
+            self._outlet.set_packet_delivered_callback(envelope.packet, self._packet_delivered)
+            self._outlet.set_packet_timeout_callback(envelope.packet, self._packet_timeout, self._get_packet_timeout_time(envelope.tries))
+
+            if self.window > self.window_min:
+                self.window -= 1
+                if self.window_max > self.window_min:
+                    self.window_max -= 1
+                    if (self.window_max - self.window) > (self.window_flexibility-1):
+                        self.window_max -= 1
+
+                # TODO: Remove at some point
+                RNS.log("Decreased "+str(self)+" window to "+str(self.window), RNS.LOG_EXTREME)
+
+            return False
+
+        if self._outlet.get_packet_state(packet) != MessageState.MSGSTATE_DELIVERED:
+            self._packet_tx_op(packet, retry_envelope)
+
+    def send(self, message: MessageBase) -> Envelope:
+        """
+        Send a message. If a message send is attempted and
+        ``Channel`` is not ready, an exception is thrown.
+
+        :param message: an instance of a ``MessageBase`` subclass
+        """
+        envelope: Envelope | None = None
+        with self._lock:
+            if not self.is_ready_to_send():
+                raise ChannelException(CEType.ME_LINK_NOT_READY, f"Link is not ready")
+            envelope = Envelope(self._outlet, message=message, sequence=self._next_sequence)
+            self._next_sequence = (self._next_sequence + 1) % Channel.SEQ_MODULUS
+
+            self._emplace_envelope(envelope, self._tx_ring)
+        if envelope is None:
+            raise BlockingIOError()
+
+        envelope.pack()
+        if len(envelope.raw) > self._outlet.mdu:
+            raise ChannelException(CEType.ME_TOO_BIG, f"Packed message too big for packet: {len(envelope.raw)} > {self._outlet.mdu}")
+        envelope.packet = self._outlet.send(envelope.raw)
+        envelope.tries += 1
+        self._outlet.set_packet_delivered_callback(envelope.packet, self._packet_delivered)
+        self._outlet.set_packet_timeout_callback(envelope.packet, self._packet_timeout, self._get_packet_timeout_time(envelope.tries))
+
+        return envelope
+
+    @property
+    def MDU(self):
+        """
+        Maximum Data Unit: the number of bytes available
+        for a message to consume in a single send. This
+        value is adjusted from the ``Link`` MDU to accommodate
+        message header information.
+
+        :return: number of bytes available
+        """
+        return self._outlet.mdu - 6  # sizeof(msgtype) + sizeof(length) + sizeof(sequence)
+
+
+class LinkChannelOutlet(ChannelOutletBase):
+    """
+    An implementation of ChannelOutletBase for RNS.Link.
+    Allows Channel to send packets over an RNS Link with
+    Packets.
+
+    :param link: RNS Link to wrap
+    """
+    def __init__(self, link: RNS.Link):
+        self.link = link
+
+    def send(self, raw: bytes) -> RNS.Packet:
+        packet = RNS.Packet(self.link, raw, context=RNS.Packet.CHANNEL)
+        if self.link.status == RNS.Link.ACTIVE:
+            packet.send()
+        return packet
+
+    def resend(self, packet: RNS.Packet) -> RNS.Packet:
+        RNS.log("Resending packet " + RNS.prettyhexrep(packet.packet_hash), RNS.LOG_DEBUG)
+        receipt = packet.resend()
+        if not receipt:
+            RNS.log("Failed to resend packet", RNS.LOG_ERROR)
+        return packet
+
+    @property
+    def mdu(self):
+        return self.link.MDU
+
+    @property
+    def rtt(self):
+        return self.link.rtt
+
+    @property
+    def is_usable(self):
+        return True  # had issues looking at Link.status
+
+    def get_packet_state(self, packet: TPacket) -> MessageState:
+        if packet.receipt == None:
+            return MessageState.MSGSTATE_FAILED
+
+        status = packet.receipt.get_status()
+        if status == RNS.PacketReceipt.SENT:
+            return MessageState.MSGSTATE_SENT
+        if status == RNS.PacketReceipt.DELIVERED:
+            return MessageState.MSGSTATE_DELIVERED
+        if status == RNS.PacketReceipt.FAILED:
+            return MessageState.MSGSTATE_FAILED
+        else:
+            raise Exception(f"Unexpected receipt state: {status}")
+
+    def timed_out(self):
+        self.link.teardown()
+
+    def __str__(self):
+        return f"{self.__class__.__name__}({self.link})"
+
+    def set_packet_timeout_callback(self, packet: RNS.Packet, callback: Callable[[RNS.Packet], None] | None,
+                                    timeout: float | None = None):
+        if timeout and packet.receipt:
+            packet.receipt.set_timeout(timeout)
+
+        def inner(receipt: RNS.PacketReceipt):
+            callback(packet)
+
+        if packet and packet.receipt:
+            packet.receipt.set_timeout_callback(inner if callback else None)
+
+    def set_packet_delivered_callback(self, packet: RNS.Packet, callback: Callable[[RNS.Packet], None] | None):
+        def inner(receipt: RNS.PacketReceipt):
+            callback(packet)
+
+        if packet and packet.receipt:
+            packet.receipt.set_delivery_callback(inner if callback else None)
+
+    def get_packet_id(self, packet: RNS.Packet) -> any:
+        if packet and hasattr(packet, "get_hash") and callable(packet.get_hash):
+            return packet.get_hash()
+        else:
+            return None
@@ -21,6 +21,7 @@
 # SOFTWARE.

 import RNS.Cryptography.Provider as cp
+import RNS.vendor.platformutils as pu

 if cp.PROVIDER == cp.PROVIDER_INTERNAL:
    from .aes import AES
@@ -28,6 +29,9 @@ if cp.PROVIDER == cp.PROVIDER_INTERNAL:
 elif cp.PROVIDER == cp.PROVIDER_PYCA:
    from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes

+    if pu.cryptography_old_api():
+        from cryptography.hazmat.backends import default_backend
+

 class AES_128_CBC:

@@ -38,7 +42,11 @@ class AES_128_CBC:
            return cipher.encrypt(plaintext, iv)

        elif cp.PROVIDER == cp.PROVIDER_PYCA:
-            cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
+            if not pu.cryptography_old_api():
+                cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
+            else:
+                cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
+            
            encryptor = cipher.encryptor()
            ciphertext = encryptor.update(plaintext) + encryptor.finalize()
            return ciphertext
@@ -50,7 +58,11 @@ class AES_128_CBC:
            return cipher.decrypt(ciphertext, iv)

        elif cp.PROVIDER == cp.PROVIDER_PYCA:
-            cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
+            if not pu.cryptography_old_api():
+                cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
+            else:
+                cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
+
            decryptor = cipher.decryptor()
            plaintext = decryptor.update(ciphertext) + decryptor.finalize()
            return plaintext
@@ -28,9 +28,16 @@ from RNS.Cryptography import PKCS7
 from RNS.Cryptography.AES import AES_128_CBC

 class Fernet():
-    FERNET_VERSION            = 0x80
-    FERNET_OVERHEAD           = 57          # In bytes
-    OPTIMISED_FERNET_OVERHEAD = 54          # In bytes
+    """
+    This class provides a slightly modified implementation of the Fernet spec
+    found at: https://github.com/fernet/spec/blob/master/Spec.md
+
+    According to the spec, a Fernet token includes a one byte VERSION and
+    eight byte TIMESTAMP field at the start of each token. These fields are
+    not relevant to Reticulum. They are therefore stripped from this
+    implementation, since they incur overhead and leak initiator metadata.
+    """
+    FERNET_OVERHEAD  = 48 # Bytes

    @staticmethod
    def generate_key():
@@ -73,7 +80,7 @@ class Fernet():
            iv = iv,
        )

-        signed_parts = b"\x80"+current_time.to_bytes(length=8, byteorder="big")+iv+ciphertext
+        signed_parts = iv+ciphertext

        return signed_parts + HMAC.new(self._signing_key, signed_parts).digest()

@@ -85,8 +92,8 @@ class Fernet():
        if not self.verify_hmac(token):
            raise ValueError("Fernet token HMAC was invalid")

-        iv = token[9:25]
-        ciphertext = token[25:-32]
+        iv = token[:16]
+        ciphertext = token[16:-32]

        try:
            plaintext = PKCS7.unpad(
@@ -33,15 +33,12 @@ def hkdf(length=None, derive_from=None, salt=None, context=None):
    if length == None or length < 1:
        raise ValueError("Invalid output key length")

-    if derive_from == "None" or derive_from == "":
+    if derive_from == None or derive_from == "":
        raise ValueError("Cannot derive key from empty input material")

    if salt == None or len(salt) == 0:
        salt = bytes([0] * hash_len)

-    if salt == None:
-        salt = b""
-
    if context == None:
        context = b""

@@ -54,4 +51,4 @@ def hkdf(length=None, derive_from=None, salt=None, context=None):
        block = hmac_sha256(pseudorandom_key, block + context + bytes([i + 1]))
        derived += block

-    return derived[:length]
+    return derived[:length]
@@ -1,6 +1,24 @@
-#!/usr/bin/python
-__author__ = 'Thomas Dixon'
-__license__ = 'MIT'
+# MIT License
+#
+# Copyright (c) 2017 Thomas Dixon
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.

 import copy
 import struct
@@ -1,6 +1,24 @@
-#!/usr/bin/python
-__author__ = 'Thomas Dixon'
-__license__ = 'MIT'
+# MIT License
+#
+# Copyright (c) 2017 Thomas Dixon
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.

 import copy, struct, sys

@@ -69,8 +69,10 @@ class Destination:
    OUT        = 0x12;
    directions = [IN, OUT]

+    PR_TAG_WINDOW = 30
+
    @staticmethod
-    def full_name(app_name, *aspects):
+    def expand_name(identity, app_name, *aspects):
        """
        :returns: A string containing the full human-readable name of the destination, for an app_name and a number of aspects.
        """
@@ -81,20 +83,25 @@ class Destination:
        name = app_name
        for aspect in aspects:
            if "." in aspect: raise ValueError("Dots can't be used in aspects")
-            name = name + "." + aspect
+            name += "." + aspect
+
+        if identity != None:
+            name += "." + identity.hexhash

        return name


    @staticmethod
-    def hash(app_name, *aspects):
+    def hash(identity, app_name, *aspects):
        """
        :returns: A destination name in adressable hash form, for an app_name and a number of aspects.
        """
-        name = Destination.full_name(app_name, *aspects)
+        name_hash = RNS.Identity.full_hash(Destination.expand_name(None, app_name, *aspects).encode("utf-8"))[:(RNS.Identity.NAME_HASH_LENGTH//8)]
+        addr_hash_material = name_hash
+        if identity != None:
+            addr_hash_material += identity.hash

-        # Create a digest for the destination
-        return RNS.Identity.full_hash(name.encode("utf-8"))[:RNS.Reticulum.TRUNCATED_HASHLENGTH//8]
+        return RNS.Identity.full_hash(addr_hash_material)[:RNS.Reticulum.TRUNCATED_HASHLENGTH//8]

    @staticmethod
    def app_and_aspects_from_name(full_name):
@@ -110,8 +117,8 @@ class Destination:
        :returns: A destination name in adressable hash form, for a full name string and Identity instance.
        """
        app_name, aspects = Destination.app_and_aspects_from_name(full_name)
-        aspects.append(identity.hexhash)
-        return Destination.hash(app_name, *aspects)
+
+        return Destination.hash(identity, app_name, *aspects)

    def __init__(self, identity, direction, type, app_name, *aspects):
        # Check input values and build name string
@@ -127,11 +134,9 @@ class Destination:
        self.proof_strategy = Destination.PROVE_NONE
        self.mtu = 0

+        self.path_responses = {}
        self.links = []

-        if identity != None and type == Destination.SINGLE:
-            aspects = aspects+(identity.hexhash,)
-
        if identity == None and direction == Destination.IN and self.type != Destination.PLAIN:
            identity = RNS.Identity()
            aspects = aspects+(identity.hexhash,)
@@ -140,12 +145,14 @@ class Destination:
            raise TypeError("Selected destination type PLAIN cannot hold an identity")

        self.identity = identity
+        self.name = Destination.expand_name(identity, app_name, *aspects)

-        self.name = Destination.full_name(app_name, *aspects)      
-        self.hash = Destination.hash(app_name, *aspects)
+        # Generate the destination address hash
+        self.hash = Destination.hash(self.identity, app_name, *aspects)
+        self.name_hash = RNS.Identity.full_hash(self.expand_name(None, app_name, *aspects).encode("utf-8"))[:(RNS.Identity.NAME_HASH_LENGTH//8)]
        self.hexhash = self.hash.hex()
-        self.default_app_data = None

+        self.default_app_data = None
        self.callback = None
        self.proofcallback = None

@@ -159,7 +166,7 @@ class Destination:
        return "<"+self.name+"/"+self.hexhash+">"


-    def announce(self, app_data=None, path_response=False):
+    def announce(self, app_data=None, path_response=False, attached_interface=None, tag=None, send=True):
        """
        Creates an announce packet for this destination and broadcasts it on all
        relevant interfaces. Application specific data can be added to the announce.
@@ -169,35 +176,65 @@ class Destination:
        """
        if self.type != Destination.SINGLE:
            raise TypeError("Only SINGLE destination types can be announced")
-            
-        destination_hash = self.hash
-        random_hash = RNS.Identity.get_random_hash()[0:5]+int(time.time()).to_bytes(5, "big")
-
-        if app_data == None and self.default_app_data != None:
-            if isinstance(self.default_app_data, bytes):
-                app_data = self.default_app_data
-            elif callable(self.default_app_data):
-                returned_app_data = self.default_app_data()
-                if isinstance(returned_app_data, bytes):
-                    app_data = returned_app_data
        
-        signed_data = self.hash+self.identity.get_public_key()+random_hash
-        if app_data != None:
-            signed_data += app_data
+        now = time.time()
+        stale_responses = []
+        for entry_tag in self.path_responses:
+            entry = self.path_responses[entry_tag]
+            if now > entry[0]+Destination.PR_TAG_WINDOW:
+                stale_responses.append(entry_tag)

-        signature = self.identity.sign(signed_data)
+        for entry_tag in stale_responses:
+            self.path_responses.pop(entry_tag)

-        announce_data = self.identity.get_public_key()+random_hash+signature
+        if (path_response == True and tag != None) and tag in self.path_responses:
+            # This code is currently not used, since Transport will block duplicate
+            # path requests based on tags. When multi-path support is implemented in
+            # Transport, this will allow Transport to detect redundant paths to the
+            # same destination, and select the best one based on chosen criteria,
+            # since it will be able to detect that a single emitted announce was
+            # received via multiple paths. The difference in reception time will
+            # potentially also be useful in determining characteristics of the
+            # multiple available paths, and to choose the best one.
+            RNS.log("Using cached announce data for answering path request with tag "+RNS.prettyhexrep(tag), RNS.LOG_EXTREME)
+            announce_data = self.path_responses[tag][1]
+        
+        else:
+            destination_hash = self.hash
+            random_hash = RNS.Identity.get_random_hash()[0:5]+int(time.time()).to_bytes(5, "big")

-        if app_data != None:
-            announce_data += app_data
+            if app_data == None and self.default_app_data != None:
+                if isinstance(self.default_app_data, bytes):
+                    app_data = self.default_app_data
+                elif callable(self.default_app_data):
+                    returned_app_data = self.default_app_data()
+                    if isinstance(returned_app_data, bytes):
+                        app_data = returned_app_data
+            
+            signed_data = self.hash+self.identity.get_public_key()+self.name_hash+random_hash
+            if app_data != None:
+                signed_data += app_data
+
+            signature = self.identity.sign(signed_data)
+
+            announce_data = self.identity.get_public_key()+self.name_hash+random_hash+signature
+
+            if app_data != None:
+                announce_data += app_data
+
+            self.path_responses[tag] = [time.time(), announce_data]

        if path_response:
            announce_context = RNS.Packet.PATH_RESPONSE
        else:
            announce_context = RNS.Packet.NONE

-        RNS.Packet(self, announce_data, RNS.Packet.ANNOUNCE, context = announce_context).send()
+        announce_packet = RNS.Packet(self, announce_data, RNS.Packet.ANNOUNCE, context = announce_context, attached_interface = attached_interface)
+
+        if send:
+            announce_packet.send()
+        else:
+            return announce_packet

    def accepts_links(self, accepts = None):
        """
@@ -259,7 +296,7 @@ class Destination:
        Registers a request handler.

        :param path: The path for the request handler to be registered.
-        :param response_generator: A function or method with the signature *response_generator(path, data, request_id, remote_identity, requested_at)* to be called. Whatever this funcion returns will be sent as a response to the requester. If the function returns ``None``, no response will be sent.
+        :param response_generator: A function or method with the signature *response_generator(path, data, request_id, link_id, remote_identity, requested_at)* to be called. Whatever this funcion returns will be sent as a response to the requester. If the function returns ``None``, no response will be sent.
        :param allow: One of ``RNS.Destination.ALLOW_NONE``, ``RNS.Destination.ALLOW_ALL`` or ``RNS.Destination.ALLOW_LIST``. If ``RNS.Destination.ALLOW_LIST`` is set, the request handler will only respond to requests for identified peers in the supplied list.
        :param allowed_list: A list of *bytes-like* :ref:`RNS.Identity<api-identity>` hashes.
        :raises: ``ValueError`` if any of the supplied arguments are invalid.
@@ -53,13 +53,12 @@ class Identity:
    """   

    # Non-configurable constants
-    FERNET_VERSION            = RNS.Cryptography.Fernet.FERNET_VERSION
    FERNET_OVERHEAD           = RNS.Cryptography.Fernet.FERNET_OVERHEAD
-    OPTIMISED_FERNET_OVERHEAD = RNS.Cryptography.Fernet.OPTIMISED_FERNET_OVERHEAD
    AES128_BLOCKSIZE          = 16          # In bytes
    HASHLENGTH                = 256         # In bits
    SIGLENGTH                 = KEYSIZE     # In bits

+    NAME_HASH_LENGTH     = 80
    TRUNCATED_HASHLENGTH = RNS.Reticulum.TRUNCATED_HASHLENGTH
    """
    Constant specifying the truncated hash length (in bits) used by Reticulum
@@ -92,6 +91,13 @@ class Identity:
            identity.app_data = identity_data[3]
            return identity
        else:
+            for registered_destination in RNS.Transport.destinations:
+                if destination_hash == registered_destination.hash:
+                    identity = Identity(create_keys=False)
+                    identity.load_public_key(registered_destination.identity.get_public_key())
+                    identity.app_data = None
+                    return identity
+
            return None

    @staticmethod
@@ -110,7 +116,26 @@ class Identity:

    @staticmethod
    def save_known_destinations():
+        # TODO: Improve the storage method so we don't have to
+        # deserialize and serialize the entire table on every
+        # save, but the only changes. It might be possible to
+        # simply overwrite on exit now that every local client
+        # disconnect triggers a data persist.
+        
        try:
+            if hasattr(Identity, "saving_known_destinations"):
+                wait_interval = 0.2
+                wait_timeout = 5
+                wait_start = time.time()
+                while Identity.saving_known_destinations:
+                    time.sleep(wait_interval)
+                    if time.time() > wait_start+wait_timeout:
+                        RNS.log("Could not save known destinations to storage, waiting for previous save operation timed out.", RNS.LOG_ERROR)
+                        return False
+
+            Identity.saving_known_destinations = True
+            save_start = time.time()
+
            storage_known_destinations = {}
            if os.path.isfile(RNS.Reticulum.storagepath+"/known_destinations"):
                try:
@@ -124,21 +149,37 @@ class Identity:
                if not destination_hash in Identity.known_destinations:
                    Identity.known_destinations[destination_hash] = storage_known_destinations[destination_hash]

-            RNS.log("Saving known destinations to storage...", RNS.LOG_VERBOSE)
+            RNS.log("Saving "+str(len(Identity.known_destinations))+" known destinations to storage...", RNS.LOG_DEBUG)
            file = open(RNS.Reticulum.storagepath+"/known_destinations","wb")
            umsgpack.dump(Identity.known_destinations, file)
            file.close()
-            RNS.log("Done saving known destinations to storage", RNS.LOG_VERBOSE)
+
+            save_time = time.time() - save_start
+            if save_time < 1:
+                time_str = str(round(save_time*1000,2))+"ms"
+            else:
+                time_str = str(round(save_time,2))+"s"
+
+            RNS.log("Saved known destinations to storage in "+time_str, RNS.LOG_DEBUG)
+
        except Exception as e:
            RNS.log("Error while saving known destinations to disk, the contained exception was: "+str(e), RNS.LOG_ERROR)

+        Identity.saving_known_destinations = False
+
    @staticmethod
    def load_known_destinations():
        if os.path.isfile(RNS.Reticulum.storagepath+"/known_destinations"):
            try:
                file = open(RNS.Reticulum.storagepath+"/known_destinations","rb")
-                Identity.known_destinations = umsgpack.load(file)
+                loaded_known_destinations = umsgpack.load(file)
                file.close()
+
+                Identity.known_destinations = {}
+                for known_destination in loaded_known_destinations:
+                    if len(known_destination) == RNS.Reticulum.TRUNCATED_HASHLENGTH//8:
+                        Identity.known_destinations[known_destination] = loaded_known_destinations[known_destination]
+
                RNS.log("Loaded "+str(len(Identity.known_destinations))+" known destination from storage", RNS.LOG_VERBOSE)
            except:
                RNS.log("Error loading known destinations from disk, file will be recreated on exit", RNS.LOG_ERROR)
@@ -181,33 +222,64 @@ class Identity:
            if packet.packet_type == RNS.Packet.ANNOUNCE:
                destination_hash = packet.destination_hash
                public_key = packet.data[:Identity.KEYSIZE//8]
-                random_hash = packet.data[Identity.KEYSIZE//8:Identity.KEYSIZE//8+10]
-                signature = packet.data[Identity.KEYSIZE//8+10:Identity.KEYSIZE//8+10+Identity.KEYSIZE//8]
+                name_hash = packet.data[Identity.KEYSIZE//8:Identity.KEYSIZE//8+Identity.NAME_HASH_LENGTH//8]
+                random_hash = packet.data[Identity.KEYSIZE//8+Identity.NAME_HASH_LENGTH//8:Identity.KEYSIZE//8+Identity.NAME_HASH_LENGTH//8+10]
+                signature = packet.data[Identity.KEYSIZE//8+Identity.NAME_HASH_LENGTH//8+10:Identity.KEYSIZE//8+Identity.NAME_HASH_LENGTH//8+10+Identity.SIGLENGTH//8]
                app_data = b""
-                if len(packet.data) > Identity.KEYSIZE//8+10+Identity.KEYSIZE//8:
-                    app_data = packet.data[Identity.KEYSIZE//8+10+Identity.KEYSIZE//8:]
+                if len(packet.data) > Identity.KEYSIZE//8+Identity.NAME_HASH_LENGTH//8+10+Identity.SIGLENGTH//8:
+                    app_data = packet.data[Identity.KEYSIZE//8+Identity.NAME_HASH_LENGTH//8+10+Identity.SIGLENGTH//8:]

-                signed_data = destination_hash+public_key+random_hash+app_data
+                signed_data = destination_hash+public_key+name_hash+random_hash+app_data

-                if not len(packet.data) > Identity.KEYSIZE//8+10+Identity.KEYSIZE//8:
+                if not len(packet.data) > Identity.KEYSIZE//8+Identity.NAME_HASH_LENGTH//8+10+Identity.SIGLENGTH//8:
                    app_data = None

                announced_identity = Identity(create_keys=False)
                announced_identity.load_public_key(public_key)

                if announced_identity.pub != None and announced_identity.validate(signature, signed_data):
-                    RNS.Identity.remember(packet.get_hash(), destination_hash, public_key, app_data)
-                    del announced_identity
+                    hash_material = name_hash+announced_identity.hash
+                    expected_hash = RNS.Identity.full_hash(hash_material)[:RNS.Reticulum.TRUNCATED_HASHLENGTH//8]
+
+                    if destination_hash == expected_hash:
+                        # Check if we already have a public key for this destination
+                        # and make sure the public key is not different.
+                        if destination_hash in Identity.known_destinations:
+                            if public_key != Identity.known_destinations[destination_hash][2]:
+                                # In reality, this should never occur, but in the odd case
+                                # that someone manages a hash collision, we reject the announce.
+                                RNS.log("Received announce with valid signature and destination hash, but announced public key does not match already known public key.", RNS.LOG_CRITICAL)
+                                RNS.log("This may indicate an attempt to modify network paths, or a random hash collision. The announce was rejected.", RNS.LOG_CRITICAL)
+                                return False
+
+                        RNS.Identity.remember(packet.get_hash(), destination_hash, public_key, app_data)
+                        del announced_identity
+
+                        if packet.rssi != None or packet.snr != None:
+                            signal_str = " ["
+                            if packet.rssi != None:
+                                signal_str += "RSSI "+str(packet.rssi)+"dBm"
+                                if packet.snr != None:
+                                    signal_str += ", "
+                            if packet.snr != None:
+                                signal_str += "SNR "+str(packet.snr)+"dB"
+                            signal_str += "]"
+                        else:
+                            signal_str = ""
+
+                        if hasattr(packet, "transport_id") and packet.transport_id != None:
+                            RNS.log("Valid announce for "+RNS.prettyhexrep(destination_hash)+" "+str(packet.hops)+" hops away, received via "+RNS.prettyhexrep(packet.transport_id)+" on "+str(packet.receiving_interface)+signal_str, RNS.LOG_EXTREME)
+                        else:
+                            RNS.log("Valid announce for "+RNS.prettyhexrep(destination_hash)+" "+str(packet.hops)+" hops away, received on "+str(packet.receiving_interface)+signal_str, RNS.LOG_EXTREME)
+
+                        return True

-                    if hasattr(packet, "transport_id") and packet.transport_id != None:
-                        RNS.log("Valid announce for "+RNS.prettyhexrep(destination_hash)+" "+str(packet.hops)+" hops away, received via "+RNS.prettyhexrep(packet.transport_id)+" on "+str(packet.receiving_interface), RNS.LOG_EXTREME)
                    else:
-                        RNS.log("Valid announce for "+RNS.prettyhexrep(destination_hash)+" "+str(packet.hops)+" hops away, received on "+str(packet.receiving_interface), RNS.LOG_EXTREME)
-
-                    return True
+                        RNS.log("Received invalid announce for "+RNS.prettyhexrep(destination_hash)+": Destination mismatch.", RNS.LOG_DEBUG)
+                        return False

                else:
-                    RNS.log("Received invalid announce for "+RNS.prettyhexrep(destination_hash), RNS.LOG_DEBUG)
+                    RNS.log("Received invalid announce for "+RNS.prettyhexrep(destination_hash)+": Invalid signature.", RNS.LOG_DEBUG)
                    del announced_identity
                    return False
        
@@ -215,9 +287,14 @@ class Identity:
            RNS.log("Error occurred while validating announce. The contained exception was: "+str(e), RNS.LOG_ERROR)
            return False

+    @staticmethod
+    def persist_data():
+        if not RNS.Transport.owner.is_connected_to_shared_instance:
+            Identity.save_known_destinations()
+
    @staticmethod
    def exit_handler():
-        Identity.save_known_destinations()
+        Identity.persist_data()


    @staticmethod
@@ -153,7 +153,7 @@ class AX25KISSInterface(Interface):
        # Allow time for interface to initialise before config
        sleep(2.0)
        thread = threading.Thread(target=self.readLoop)
-        thread.setDaemon(True)
+        thread.daemon = True
        thread.start()
        self.online = True
        RNS.log("Serial port "+self.port+" is now open")
@@ -0,0 +1,407 @@
+# MIT License
+#
+# Copyright (c) 2016-2022 Mark Qvist / unsigned.io
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+from RNS.Interfaces.Interface import Interface
+from time import sleep
+import sys
+import threading
+import time
+import RNS
+
+class KISS():
+    FEND              = 0xC0
+    FESC              = 0xDB
+    TFEND             = 0xDC
+    TFESC             = 0xDD
+    CMD_UNKNOWN       = 0xFE
+    CMD_DATA          = 0x00
+    CMD_TXDELAY       = 0x01
+    CMD_P             = 0x02
+    CMD_SLOTTIME      = 0x03
+    CMD_TXTAIL        = 0x04
+    CMD_FULLDUPLEX    = 0x05
+    CMD_SETHARDWARE   = 0x06
+    CMD_READY         = 0x0F
+    CMD_RETURN        = 0xFF
+
+    @staticmethod
+    def escape(data):
+        data = data.replace(bytes([0xdb]), bytes([0xdb, 0xdd]))
+        data = data.replace(bytes([0xc0]), bytes([0xdb, 0xdc]))
+        return data
+
+class KISSInterface(Interface):
+    MAX_CHUNK = 32768
+    BITRATE_GUESS = 1200
+
+    owner    = None
+    port     = None
+    speed    = None
+    databits = None
+    parity   = None
+    stopbits = None
+    serial   = None
+
+    def __init__(self, owner, name, port, speed, databits, parity, stopbits, preamble, txtail, persistence, slottime, flow_control, beacon_interval, beacon_data):
+        import importlib
+        if RNS.vendor.platformutils.is_android():
+            self.on_android  = True
+            if importlib.util.find_spec('usbserial4a') != None:
+                if importlib.util.find_spec('jnius') == None:
+                    RNS.log("Could not load jnius API wrapper for Android, KISS interface cannot be created.", RNS.LOG_CRITICAL)
+                    RNS.log("This probably means you are trying to use an USB-based interface from within Termux or similar.", RNS.LOG_CRITICAL)
+                    RNS.log("This is currently not possible, due to this environment limiting access to the native Android APIs.", RNS.LOG_CRITICAL)
+                    RNS.panic()
+
+                from usbserial4a import serial4a as serial
+                self.parity = "N"
+            
+            else:
+                RNS.log("Could not load USB serial module for Android, KISS interface cannot be created.", RNS.LOG_CRITICAL)
+                RNS.log("You can install this module by issuing: pip install usbserial4a", RNS.LOG_CRITICAL)
+                RNS.panic()
+        else:
+            raise SystemError("Android-specific interface was used on non-Android OS")
+
+        self.rxb = 0
+        self.txb = 0
+        
+        self.HW_MTU = 564
+        
+        if beacon_data == None:
+            beacon_data = ""
+
+        self.pyserial = serial
+        self.serial   = None
+        self.owner    = owner
+        self.name     = name
+        self.port     = port
+        self.speed    = speed
+        self.databits = databits
+        self.parity   = "N"
+        self.stopbits = stopbits
+        self.timeout  = 100
+        self.online   = False
+        self.beacon_i = beacon_interval
+        self.beacon_d = beacon_data.encode("utf-8")
+        self.first_tx = None
+        self.bitrate  = KISSInterface.BITRATE_GUESS
+
+        self.packet_queue    = []
+        self.flow_control    = flow_control
+        self.interface_ready = False
+        self.flow_control_timeout = 5
+        self.flow_control_locked  = time.time()
+
+        self.preamble    = preamble if preamble != None else 350;
+        self.txtail      = txtail if txtail != None else 20;
+        self.persistence = persistence if persistence != None else 64;
+        self.slottime    = slottime if slottime != None else 20;
+
+        if parity.lower() == "e" or parity.lower() == "even":
+            self.parity = "E"
+
+        if parity.lower() == "o" or parity.lower() == "odd":
+            self.parity = "O"
+
+        try:
+            self.open_port()
+        except Exception as e:
+            RNS.log("Could not open serial port "+self.port, RNS.LOG_ERROR)
+            raise e
+
+        if self.serial.is_open:
+            self.configure_device()
+        else:
+            raise IOError("Could not open serial port")
+
+
+    def open_port(self):
+        RNS.log("Opening serial port "+self.port+"...")
+        # Get device parameters
+        from usb4a import usb
+        device = usb.get_usb_device(self.port)
+        if device:
+            vid = device.getVendorId()
+            pid = device.getProductId()
+
+            # Driver overrides for speficic chips
+            proxy = self.pyserial.get_serial_port
+            if vid == 0x1A86 and pid == 0x55D4:
+                # Force CDC driver for Qinheng CH34x
+                RNS.log(str(self)+" using CDC driver for "+RNS.hexrep(vid)+":"+RNS.hexrep(pid), RNS.LOG_DEBUG)
+                from usbserial4a.cdcacmserial4a import CdcAcmSerial
+                proxy = CdcAcmSerial
+
+            self.serial = proxy(
+                self.port,
+                baudrate = self.speed,
+                bytesize = self.databits,
+                parity = self.parity,
+                stopbits = self.stopbits,
+                xonxoff = False,
+                rtscts = False,
+                timeout = None,
+                inter_byte_timeout = None,
+                # write_timeout = wtimeout,
+                dsrdtr = False,
+            )
+
+            if vid == 0x0403:
+                # Hardware parameters for FTDI devices @ 115200 baud
+                self.serial.DEFAULT_READ_BUFFER_SIZE = 16 * 1024
+                self.serial.USB_READ_TIMEOUT_MILLIS = 100
+                self.serial.timeout = 0.1
+            elif vid == 0x10C4:
+                # Hardware parameters for SiLabs CP210x @ 115200 baud
+                self.serial.DEFAULT_READ_BUFFER_SIZE = 64 
+                self.serial.USB_READ_TIMEOUT_MILLIS = 12
+                self.serial.timeout = 0.012
+            elif vid == 0x1A86 and pid == 0x55D4:
+                # Hardware parameters for Qinheng CH34x @ 115200 baud
+                self.serial.DEFAULT_READ_BUFFER_SIZE = 64
+                self.serial.USB_READ_TIMEOUT_MILLIS = 12
+                self.serial.timeout = 0.1
+            else:
+                # Default values
+                self.serial.DEFAULT_READ_BUFFER_SIZE = 1 * 1024
+                self.serial.USB_READ_TIMEOUT_MILLIS = 100
+                self.serial.timeout = 0.1
+
+            RNS.log(str(self)+" USB read buffer size set to "+RNS.prettysize(self.serial.DEFAULT_READ_BUFFER_SIZE), RNS.LOG_DEBUG)
+            RNS.log(str(self)+" USB read timeout set to "+str(self.serial.USB_READ_TIMEOUT_MILLIS)+"ms", RNS.LOG_DEBUG)
+            RNS.log(str(self)+" USB write timeout set to "+str(self.serial.USB_WRITE_TIMEOUT_MILLIS)+"ms", RNS.LOG_DEBUG)
+
+    def configure_device(self):
+        # Allow time for interface to initialise before config
+        sleep(2.0)
+        thread = threading.Thread(target=self.readLoop)
+        thread.daemon = True
+        thread.start()
+        self.online = True
+        RNS.log("Serial port "+self.port+" is now open")
+        RNS.log("Configuring KISS interface parameters...")
+        self.setPreamble(self.preamble)
+        self.setTxTail(self.txtail)
+        self.setPersistence(self.persistence)
+        self.setSlotTime(self.slottime)
+        self.setFlowControl(self.flow_control)
+        self.interface_ready = True
+        RNS.log("KISS interface configured")
+
+    def setPreamble(self, preamble):
+        preamble_ms = preamble
+        preamble = int(preamble_ms / 10)
+        if preamble < 0:
+            preamble = 0
+        if preamble > 255:
+            preamble = 255
+
+        kiss_command = bytes([KISS.FEND])+bytes([KISS.CMD_TXDELAY])+bytes([preamble])+bytes([KISS.FEND])
+        written = self.serial.write(kiss_command)
+        if written != len(kiss_command):
+            raise IOError("Could not configure KISS interface preamble to "+str(preamble_ms)+" (command value "+str(preamble)+")")
+
+    def setTxTail(self, txtail):
+        txtail_ms = txtail
+        txtail = int(txtail_ms / 10)
+        if txtail < 0:
+            txtail = 0
+        if txtail > 255:
+            txtail = 255
+
+        kiss_command = bytes([KISS.FEND])+bytes([KISS.CMD_TXTAIL])+bytes([txtail])+bytes([KISS.FEND])
+        written = self.serial.write(kiss_command)
+        if written != len(kiss_command):
+            raise IOError("Could not configure KISS interface TX tail to "+str(txtail_ms)+" (command value "+str(txtail)+")")
+
+    def setPersistence(self, persistence):
+        if persistence < 0:
+            persistence = 0
+        if persistence > 255:
+            persistence = 255
+
+        kiss_command = bytes([KISS.FEND])+bytes([KISS.CMD_P])+bytes([persistence])+bytes([KISS.FEND])
+        written = self.serial.write(kiss_command)
+        if written != len(kiss_command):
+            raise IOError("Could not configure KISS interface persistence to "+str(persistence))
+
+    def setSlotTime(self, slottime):
+        slottime_ms = slottime
+        slottime = int(slottime_ms / 10)
+        if slottime < 0:
+            slottime = 0
+        if slottime > 255:
+            slottime = 255
+
+        kiss_command = bytes([KISS.FEND])+bytes([KISS.CMD_SLOTTIME])+bytes([slottime])+bytes([KISS.FEND])
+        written = self.serial.write(kiss_command)
+        if written != len(kiss_command):
+            raise IOError("Could not configure KISS interface slot time to "+str(slottime_ms)+" (command value "+str(slottime)+")")
+
+    def setFlowControl(self, flow_control):
+        kiss_command = bytes([KISS.FEND])+bytes([KISS.CMD_READY])+bytes([0x01])+bytes([KISS.FEND])
+        written = self.serial.write(kiss_command)
+        if written != len(kiss_command):
+            if (flow_control):
+                raise IOError("Could not enable KISS interface flow control")
+            else:
+                raise IOError("Could not enable KISS interface flow control")
+
+
+    def processIncoming(self, data):
+        self.rxb += len(data)
+        def af():
+            self.owner.inbound(data, self)
+        threading.Thread(target=af, daemon=True).start()
+
+    def processOutgoing(self,data):
+        datalen = len(data)
+        if self.online:
+            if self.interface_ready:
+                if self.flow_control:
+                    self.interface_ready = False
+                    self.flow_control_locked = time.time()
+
+                data = data.replace(bytes([0xdb]), bytes([0xdb])+bytes([0xdd]))
+                data = data.replace(bytes([0xc0]), bytes([0xdb])+bytes([0xdc]))
+                frame = bytes([KISS.FEND])+bytes([0x00])+data+bytes([KISS.FEND])
+
+                written = self.serial.write(frame)
+                self.txb += datalen
+
+                if data == self.beacon_d:
+                    self.first_tx = None
+                else:
+                    if self.first_tx == None:
+                        self.first_tx = time.time()
+
+                if written != len(frame):
+                    raise IOError("Serial interface only wrote "+str(written)+" bytes of "+str(len(data)))
+
+            else:
+                self.queue(data)
+
+    def queue(self, data):
+        self.packet_queue.append(data)
+
+    def process_queue(self):
+        if len(self.packet_queue) > 0:
+            data = self.packet_queue.pop(0)
+            self.interface_ready = True
+            self.processOutgoing(data)
+        elif len(self.packet_queue) == 0:
+            self.interface_ready = True
+
+    def readLoop(self):
+        try:
+            in_frame = False
+            escape = False
+            command = KISS.CMD_UNKNOWN
+            data_buffer = b""
+            last_read_ms = int(time.time()*1000)
+
+            while self.serial.is_open:
+                serial_bytes = self.serial.read()
+                got = len(serial_bytes)
+
+                for byte in serial_bytes:
+                    last_read_ms = int(time.time()*1000)
+
+                    if (in_frame and byte == KISS.FEND and command == KISS.CMD_DATA):
+                        in_frame = False
+                        self.processIncoming(data_buffer)
+                    elif (byte == KISS.FEND):
+                        in_frame = True
+                        command = KISS.CMD_UNKNOWN
+                        data_buffer = b""
+                    elif (in_frame and len(data_buffer) < self.HW_MTU):
+                        if (len(data_buffer) == 0 and command == KISS.CMD_UNKNOWN):
+                            # We only support one HDLC port for now, so
+                            # strip off the port nibble
+                            byte = byte & 0x0F
+                            command = byte
+                        elif (command == KISS.CMD_DATA):
+                            if (byte == KISS.FESC):
+                                escape = True
+                            else:
+                                if (escape):
+                                    if (byte == KISS.TFEND):
+                                        byte = KISS.FEND
+                                    if (byte == KISS.TFESC):
+                                        byte = KISS.FESC
+                                    escape = False
+                                data_buffer = data_buffer+bytes([byte])
+                        elif (command == KISS.CMD_READY):
+                            self.process_queue()
+                
+                if got == 0:
+                    time_since_last = int(time.time()*1000) - last_read_ms
+                    if len(data_buffer) > 0 and time_since_last > self.timeout:
+                        data_buffer = b""
+                        in_frame = False
+                        command = KISS.CMD_UNKNOWN
+                        escape = False
+                    sleep(0.05)
+
+                    if self.flow_control:
+                        if not self.interface_ready:
+                            if time.time() > self.flow_control_locked + self.flow_control_timeout:
+                                RNS.log("Interface "+str(self)+" is unlocking flow control due to time-out. This should not happen. Your hardware might have missed a flow-control READY command, or maybe it does not support flow-control.", RNS.LOG_WARNING)
+                                self.process_queue()
+
+                    if self.beacon_i != None and self.beacon_d != None:
+                        if self.first_tx != None:
+                            if time.time() > self.first_tx + self.beacon_i:
+                                RNS.log("Interface "+str(self)+" is transmitting beacon data: "+str(self.beacon_d.decode("utf-8")), RNS.LOG_DEBUG)
+                                self.first_tx = None
+                                self.processOutgoing(self.beacon_d)
+
+        except Exception as e:
+            self.online = False
+            RNS.log("A serial port error occurred, the contained exception was: "+str(e), RNS.LOG_ERROR)
+            RNS.log("The interface "+str(self)+" experienced an unrecoverable error and is now offline.", RNS.LOG_ERROR)
+            
+            if RNS.Reticulum.panic_on_interface_error:
+                RNS.panic()
+
+            RNS.log("Reticulum will attempt to reconnect the interface periodically.", RNS.LOG_ERROR)
+
+        self.online = False
+        self.serial.close()
+        self.reconnect_port()
+
+    def reconnect_port(self):
+        while not self.online:
+            try:
+                time.sleep(5)
+                RNS.log("Attempting to reconnect serial port "+str(self.port)+" for "+str(self)+"...", RNS.LOG_VERBOSE)
+                self.open_port()
+                if self.serial.is_open:
+                    self.configure_device()
+            except Exception as e:
+                RNS.log("Error while reconnecting port, the contained exception was: "+str(e), RNS.LOG_ERROR)
+
+        RNS.log("Reconnected serial port for "+str(self))
+
+    def __str__(self):
+        return "KISSInterface["+self.name+"]"
@@ -0,0 +1,258 @@
+# MIT License
+#
+# Copyright (c) 2016-2022 Mark Qvist / unsigned.io
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+from RNS.Interfaces.Interface import Interface
+from time import sleep
+import sys
+import threading
+import time
+import RNS
+
+class HDLC():
+    # The Serial Interface packetizes data using
+    # simplified HDLC framing, similar to PPP
+    FLAG              = 0x7E
+    ESC               = 0x7D
+    ESC_MASK          = 0x20
+
+    @staticmethod
+    def escape(data):
+        data = data.replace(bytes([HDLC.ESC]), bytes([HDLC.ESC, HDLC.ESC^HDLC.ESC_MASK]))
+        data = data.replace(bytes([HDLC.FLAG]), bytes([HDLC.ESC, HDLC.FLAG^HDLC.ESC_MASK]))
+        return data
+
+class SerialInterface(Interface):
+    MAX_CHUNK = 32768
+
+    owner    = None
+    port     = None
+    speed    = None
+    databits = None
+    parity   = None
+    stopbits = None
+    serial   = None
+
+    def __init__(self, owner, name, port, speed, databits, parity, stopbits):
+        import importlib
+        if RNS.vendor.platformutils.is_android():
+            self.on_android  = True
+            if importlib.util.find_spec('usbserial4a') != None:
+                if importlib.util.find_spec('jnius') == None:
+                    RNS.log("Could not load jnius API wrapper for Android, Serial interface cannot be created.", RNS.LOG_CRITICAL)
+                    RNS.log("This probably means you are trying to use an USB-based interface from within Termux or similar.", RNS.LOG_CRITICAL)
+                    RNS.log("This is currently not possible, due to this environment limiting access to the native Android APIs.", RNS.LOG_CRITICAL)
+                    RNS.panic()
+
+                from usbserial4a import serial4a as serial
+                self.parity = "N"
+            
+            else:
+                RNS.log("Could not load USB serial module for Android, Serial interface cannot be created.", RNS.LOG_CRITICAL)
+                RNS.log("You can install this module by issuing: pip install usbserial4a", RNS.LOG_CRITICAL)
+                RNS.panic()
+        else:
+            raise SystemError("Android-specific interface was used on non-Android OS")
+
+        self.rxb = 0
+        self.txb = 0
+
+        self.HW_MTU = 564
+        
+        self.pyserial = serial
+        self.serial   = None
+        self.owner    = owner
+        self.name     = name
+        self.port     = port
+        self.speed    = speed
+        self.databits = databits
+        self.parity   = "N"
+        self.stopbits = stopbits
+        self.timeout  = 100
+        self.online   = False
+        self.bitrate  = self.speed
+
+        if parity.lower() == "e" or parity.lower() == "even":
+            self.parity = "E"
+
+        if parity.lower() == "o" or parity.lower() == "odd":
+            self.parity = "O"
+
+        try:
+            self.open_port()
+        except Exception as e:
+            RNS.log("Could not open serial port for interface "+str(self), RNS.LOG_ERROR)
+            raise e
+
+        if self.serial.is_open:
+            self.configure_device()
+        else:
+            raise IOError("Could not open serial port")
+
+
+    def open_port(self):
+        RNS.log("Opening serial port "+self.port+"...")
+        # Get device parameters
+        from usb4a import usb
+        device = usb.get_usb_device(self.port)
+        if device:
+            vid = device.getVendorId()
+            pid = device.getProductId()
+
+            # Driver overrides for speficic chips
+            proxy = self.pyserial.get_serial_port
+            if vid == 0x1A86 and pid == 0x55D4:
+                # Force CDC driver for Qinheng CH34x
+                RNS.log(str(self)+" using CDC driver for "+RNS.hexrep(vid)+":"+RNS.hexrep(pid), RNS.LOG_DEBUG)
+                from usbserial4a.cdcacmserial4a import CdcAcmSerial
+                proxy = CdcAcmSerial
+
+            self.serial = proxy(
+                self.port,
+                baudrate = self.speed,
+                bytesize = self.databits,
+                parity = self.parity,
+                stopbits = self.stopbits,
+                xonxoff = False,
+                rtscts = False,
+                timeout = None,
+                inter_byte_timeout = None,
+                # write_timeout = wtimeout,
+                dsrdtr = False,
+            )
+
+            if vid == 0x0403:
+                # Hardware parameters for FTDI devices @ 115200 baud
+                self.serial.DEFAULT_READ_BUFFER_SIZE = 16 * 1024
+                self.serial.USB_READ_TIMEOUT_MILLIS = 100
+                self.serial.timeout = 0.1
+            elif vid == 0x10C4:
+                # Hardware parameters for SiLabs CP210x @ 115200 baud
+                self.serial.DEFAULT_READ_BUFFER_SIZE = 64 
+                self.serial.USB_READ_TIMEOUT_MILLIS = 12
+                self.serial.timeout = 0.012
+            elif vid == 0x1A86 and pid == 0x55D4:
+                # Hardware parameters for Qinheng CH34x @ 115200 baud
+                self.serial.DEFAULT_READ_BUFFER_SIZE = 64
+                self.serial.USB_READ_TIMEOUT_MILLIS = 12
+                self.serial.timeout = 0.1
+            else:
+                # Default values
+                self.serial.DEFAULT_READ_BUFFER_SIZE = 1 * 1024
+                self.serial.USB_READ_TIMEOUT_MILLIS = 100
+                self.serial.timeout = 0.1
+
+            RNS.log(str(self)+" USB read buffer size set to "+RNS.prettysize(self.serial.DEFAULT_READ_BUFFER_SIZE), RNS.LOG_DEBUG)
+            RNS.log(str(self)+" USB read timeout set to "+str(self.serial.USB_READ_TIMEOUT_MILLIS)+"ms", RNS.LOG_DEBUG)
+            RNS.log(str(self)+" USB write timeout set to "+str(self.serial.USB_WRITE_TIMEOUT_MILLIS)+"ms", RNS.LOG_DEBUG)
+
+    def configure_device(self):
+        sleep(0.5)
+        thread = threading.Thread(target=self.readLoop)
+        thread.daemon = True
+        thread.start()
+        self.online = True
+        RNS.log("Serial port "+self.port+" is now open", RNS.LOG_VERBOSE)
+
+
+    def processIncoming(self, data):
+        self.rxb += len(data)
+        def af():
+            self.owner.inbound(data, self)
+        threading.Thread(target=af, daemon=True).start()
+
+    def processOutgoing(self,data):
+        if self.online:
+            data = bytes([HDLC.FLAG])+HDLC.escape(data)+bytes([HDLC.FLAG])
+            written = self.serial.write(data)
+            self.txb += len(data)            
+            if written != len(data):
+                raise IOError("Serial interface only wrote "+str(written)+" bytes of "+str(len(data)))
+
+    def readLoop(self):
+        try:
+            in_frame = False
+            escape = False
+            data_buffer = b""
+            last_read_ms = int(time.time()*1000)
+
+            while self.serial.is_open:
+                serial_bytes = self.serial.read()
+                got = len(serial_bytes)
+
+                for byte in serial_bytes:
+                    last_read_ms = int(time.time()*1000)
+
+                    if (in_frame and byte == HDLC.FLAG):
+                        in_frame = False
+                        self.processIncoming(data_buffer)
+                    elif (byte == HDLC.FLAG):
+                        in_frame = True
+                        data_buffer = b""
+                    elif (in_frame and len(data_buffer) < self.HW_MTU):
+                        if (byte == HDLC.ESC):
+                            escape = True
+                        else:
+                            if (escape):
+                                if (byte == HDLC.FLAG ^ HDLC.ESC_MASK):
+                                    byte = HDLC.FLAG
+                                if (byte == HDLC.ESC  ^ HDLC.ESC_MASK):
+                                    byte = HDLC.ESC
+                                escape = False
+                            data_buffer = data_buffer+bytes([byte])
+                        
+                if got == 0:
+                    time_since_last = int(time.time()*1000) - last_read_ms
+                    if len(data_buffer) > 0 and time_since_last > self.timeout:
+                        data_buffer = b""
+                        in_frame = False
+                        escape = False
+                    # sleep(0.08)
+                    
+        except Exception as e:
+            self.online = False
+            RNS.log("A serial port error occurred, the contained exception was: "+str(e), RNS.LOG_ERROR)
+            RNS.log("The interface "+str(self)+" experienced an unrecoverable error and is now offline.", RNS.LOG_ERROR)
+            
+            if RNS.Reticulum.panic_on_interface_error:
+                RNS.panic()
+
+            RNS.log("Reticulum will attempt to reconnect the interface periodically.", RNS.LOG_ERROR)
+
+        self.online = False
+        self.serial.close()
+        self.reconnect_port()
+
+    def reconnect_port(self):
+        while not self.online:
+            try:
+                time.sleep(5)
+                RNS.log("Attempting to reconnect serial port "+str(self.port)+" for "+str(self)+"...", RNS.LOG_VERBOSE)
+                self.open_port()
+                if self.serial.is_open:
+                    self.configure_device()
+            except Exception as e:
+                RNS.log("Error while reconnecting port, the contained exception was: "+str(e), RNS.LOG_ERROR)
+
+        RNS.log("Reconnected serial port for "+str(self))
+
+    def __str__(self):
+        return "SerialInterface["+self.name+"]"
@@ -0,0 +1,27 @@
+# MIT License
+#
+# Copyright (c) 2016-2022 Mark Qvist / unsigned.io
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+import os
+import glob
+
+modules = glob.glob(os.path.dirname(__file__)+"/*.py")
+__all__ = [ os.path.basename(f)[:-3] for f in modules if not f.endswith('__init__.py')]
@@ -21,8 +21,10 @@
 # SOFTWARE.

 from .Interface import Interface
+from collections import deque
 import socketserver
 import threading
+import re
 import socket
 import struct
 import time
@@ -43,21 +45,38 @@ class AutoInterface(Interface):

    PEERING_TIMEOUT    = 7.5

+    ALL_IGNORE_IFS     = ["lo0"]
    DARWIN_IGNORE_IFS  = ["awdl0", "llw0", "lo0", "en5"]
    ANDROID_IGNORE_IFS = ["dummy0", "lo", "tun0"]

    BITRATE_GUESS      = 10*1000*1000

-    def __init__(self, owner, name, group_id=None, discovery_scope=None, discovery_port=None, data_port=None, allowed_interfaces=None, ignored_interfaces=None, configured_bitrate=None):
-        import importlib
-        if importlib.util.find_spec('netifaces') != None:
-            import netifaces
-        else:
-            RNS.log("Using AutoInterface requires the netifaces module.", RNS.LOG_CRITICAL)
-            RNS.log("You can install it with the command: python3 -m pip install netifaces", RNS.LOG_CRITICAL)
-            RNS.panic()
+    MULTI_IF_DEQUE_LEN = 64
+
+    def handler_factory(self, callback):
+        def create_handler(*args, **keys):
+            return AutoInterfaceHandler(callback, *args, **keys)
+        return create_handler
+
+    def descope_linklocal(self, link_local_addr):
+        # Drop scope specifier expressd as %ifname (macOS)
+        link_local_addr = link_local_addr.split("%")[0]
+        # Drop embedded scope specifier (NetBSD, OpenBSD)
+        link_local_addr = re.sub(r"fe80:[0-9a-f]*::","fe80::", link_local_addr)
+        return link_local_addr
+
+    def list_interfaces(self):
+        ifs = self.netinfo.interfaces()
+        return ifs
+
+    def list_addresses(self, ifname):
+        ifas = self.netinfo.ifaddresses(ifname)
+        return ifas
+
+    def __init__(self, owner, name, group_id=None, discovery_scope=None, discovery_port=None, data_port=None, allowed_interfaces=None, ignored_interfaces=None, configured_bitrate=None):
+        from RNS.vendor.ifaddr import niwrapper
+        self.netinfo = niwrapper

-        self.netifaces = netifaces
        self.rxb = 0
        self.txb = 0

@@ -70,11 +89,15 @@ class AutoInterface(Interface):
        self.peers = {}
        self.link_local_addresses = []
        self.adopted_interfaces = {}
+        self.interface_servers = {}
        self.multicast_echoes = {}
        self.timed_out_interfaces = {}
+        self.mif_deque = deque(maxlen=AutoInterface.MULTI_IF_DEQUE_LEN)
+        self.carrier_changed = False

        self.outbound_udp_socket = None

+        self.announce_rate_target = None
        self.announce_interval = AutoInterface.PEERING_TIMEOUT/6.0
        self.peer_job_interval = AutoInterface.PEERING_TIMEOUT*1.1
        self.peering_timeout   = AutoInterface.PEERING_TIMEOUT
@@ -131,7 +154,7 @@ class AutoInterface(Interface):
        self.mcast_discovery_address = "ff1"+self.discovery_scope+":"+gt

        suitable_interfaces = 0
-        for ifname in self.netifaces.interfaces():
+        for ifname in self.list_interfaces():
            if RNS.vendor.platformutils.is_darwin() and ifname in AutoInterface.DARWIN_IGNORE_IFS and not ifname in self.allowed_interfaces:
                RNS.log(str(self)+" skipping Darwin AWDL or tethering interface "+str(ifname), RNS.LOG_EXTREME)
            elif RNS.vendor.platformutils.is_darwin() and ifname == "lo0":
@@ -140,19 +163,21 @@ class AutoInterface(Interface):
                RNS.log(str(self)+" skipping Android system interface "+str(ifname), RNS.LOG_EXTREME)
            elif ifname in self.ignored_interfaces:
                RNS.log(str(self)+" ignoring disallowed interface "+str(ifname), RNS.LOG_EXTREME)
+            elif ifname in AutoInterface.ALL_IGNORE_IFS:
+                RNS.log(str(self)+" skipping interface "+str(ifname), RNS.LOG_EXTREME)
            else:
                if len(self.allowed_interfaces) > 0 and not ifname in self.allowed_interfaces:
                    RNS.log(str(self)+" ignoring interface "+str(ifname)+" since it was not allowed", RNS.LOG_EXTREME)
                else:
-                    addresses = self.netifaces.ifaddresses(ifname)
-                    if self.netifaces.AF_INET6 in addresses:
+                    addresses = self.list_addresses(ifname)
+                    if self.netinfo.AF_INET6 in addresses:
                        link_local_addr = None
-                        for address in addresses[self.netifaces.AF_INET6]:
+                        for address in addresses[self.netinfo.AF_INET6]:
                            if "addr" in address:
                                if address["addr"].startswith("fe80:"):
-                                    link_local_addr = address["addr"]
-                                    self.link_local_addresses.append(link_local_addr.split("%")[0])
-                                    self.adopted_interfaces[ifname] = link_local_addr.split("%")[0]
+                                    link_local_addr = self.descope_linklocal(address["addr"])
+                                    self.link_local_addresses.append(link_local_addr)
+                                    self.adopted_interfaces[ifname] = link_local_addr
                                    self.multicast_echoes[ifname] = time.time()
                                    RNS.log(str(self)+" Selecting link-local address "+str(link_local_addr)+" for interface "+str(ifname), RNS.LOG_EXTREME)

@@ -177,7 +202,11 @@ class AutoInterface(Interface):
                            discovery_socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_JOIN_GROUP, mcast_group)

                            # Bind socket
-                            addr_info = socket.getaddrinfo(mcast_addr+"%"+ifname, self.discovery_port, socket.AF_INET6, socket.SOCK_DGRAM)
+                            if self.discovery_scope == AutoInterface.SCOPE_LINK:
+                                addr_info = socket.getaddrinfo(mcast_addr+"%"+ifname, self.discovery_port, socket.AF_INET6, socket.SOCK_DGRAM)
+                            else:
+                                addr_info = socket.getaddrinfo(mcast_addr, self.discovery_port, socket.AF_INET6, socket.SOCK_DGRAM)
+
                            discovery_socket.bind(addr_info[0][4])

                            # Set up thread for discovery packets
@@ -185,7 +214,7 @@ class AutoInterface(Interface):
                                self.discovery_handler(discovery_socket, ifname)

                            thread = threading.Thread(target=discovery_loop)
-                            thread.setDaemon(True)
+                            thread.daemon = True
                            thread.start()

                            suitable_interfaces += 1
@@ -195,14 +224,14 @@ class AutoInterface(Interface):
        else:
            self.receives = True

+            if configured_bitrate != None:
+                self.bitrate = configured_bitrate
+            else:
+                self.bitrate = AutoInterface.BITRATE_GUESS
+
            peering_wait = self.announce_interval*1.2
            RNS.log(str(self)+" discovering peers for "+str(round(peering_wait, 2))+" seconds...", RNS.LOG_VERBOSE)

-            def handlerFactory(callback):
-                def createHandler(*args, **keys):
-                    return AutoInterfaceHandler(callback, *args, **keys)
-                return createHandler
-
            self.owner = owner
            socketserver.UDPServer.address_family = socket.AF_INET6

@@ -211,23 +240,19 @@ class AutoInterface(Interface):
                addr_info = socket.getaddrinfo(local_addr, self.data_port, socket.AF_INET6, socket.SOCK_DGRAM)
                address = addr_info[0][4]

-                self.server = socketserver.UDPServer(address, handlerFactory(self.processIncoming))
+                udp_server = socketserver.UDPServer(address, self.handler_factory(self.processIncoming))
+                self.interface_servers[ifname] = udp_server
                
-                thread = threading.Thread(target=self.server.serve_forever)
-                thread.setDaemon(True)
+                thread = threading.Thread(target=udp_server.serve_forever)
+                thread.daemon = True
                thread.start()

            job_thread = threading.Thread(target=self.peer_jobs)
-            job_thread.setDaemon(True)
+            job_thread.daemon = True
            job_thread.start()

            time.sleep(peering_wait)

-            if configured_bitrate != None:
-                self.bitrate = configured_bitrate
-            else:
-                self.bitrate = AutoInterface.BITRATE_GUESS
-
            self.online = True


@@ -236,7 +261,7 @@ class AutoInterface(Interface):
            self.announce_handler(ifname)
            
        thread = threading.Thread(target=announce_loop)
-        thread.setDaemon(True)
+        thread.daemon = True
        thread.start()
        
        while True:
@@ -266,16 +291,60 @@ class AutoInterface(Interface):
                RNS.log(str(self)+" removed peer "+str(peer_addr)+" on "+str(removed_peer[0]), RNS.LOG_DEBUG)

            for ifname in self.adopted_interfaces:
+                # Check that the link-local address has not changed
+                try:
+                    addresses = self.list_addresses(ifname)
+                    if self.netinfo.AF_INET6 in addresses:
+                        link_local_addr = None
+                        for address in addresses[self.netinfo.AF_INET6]:
+                            if "addr" in address:
+                                if address["addr"].startswith("fe80:"):
+                                    link_local_addr = self.descope_linklocal(address["addr"])
+                                    if link_local_addr != self.adopted_interfaces[ifname]:
+                                        old_link_local_address = self.adopted_interfaces[ifname]
+                                        RNS.log("Replacing link-local address "+str(old_link_local_address)+" for "+str(ifname)+" with "+str(link_local_addr), RNS.LOG_DEBUG)
+                                        self.adopted_interfaces[ifname] = link_local_addr
+                                        self.link_local_addresses.append(link_local_addr)
+
+                                        if old_link_local_address in self.link_local_addresses:
+                                            self.link_local_addresses.remove(old_link_local_address)
+
+                                        local_addr = link_local_addr+"%"+ifname
+                                        addr_info = socket.getaddrinfo(local_addr, self.data_port, socket.AF_INET6, socket.SOCK_DGRAM)
+                                        listen_address = addr_info[0][4]
+
+                                        if ifname in self.interface_servers:
+                                            RNS.log("Shutting down previous UDP listener for "+str(self)+" "+str(ifname), RNS.LOG_DEBUG)
+                                            previous_server = self.interface_servers[ifname]
+                                            def shutdown_server():
+                                                previous_server.shutdown()
+                                            threading.Thread(target=shutdown_server, daemon=True).start()
+
+                                        RNS.log("Starting new UDP listener for "+str(self)+" "+str(ifname), RNS.LOG_DEBUG)
+
+                                        udp_server = socketserver.UDPServer(listen_address, self.handler_factory(self.processIncoming))
+                                        self.interface_servers[ifname] = udp_server
+
+                                        thread = threading.Thread(target=udp_server.serve_forever)
+                                        thread.daemon = True
+                                        thread.start()
+
+                except Exception as e:
+                    RNS.log("Could not get device information while updating link-local addresses for "+str(self)+". The contained exception was: "+str(e), RNS.LOG_ERROR)
+
+                # Check multicast echo timeouts
                last_multicast_echo = 0
                if ifname in self.multicast_echoes:
                    last_multicast_echo = self.multicast_echoes[ifname]

                if now - last_multicast_echo > self.multicast_echo_timeout:
                    if ifname in self.timed_out_interfaces and self.timed_out_interfaces[ifname] == False:
+                        self.carrier_changed = True
                        RNS.log("Multicast echo timeout for "+str(ifname)+". Carrier lost.", RNS.LOG_WARNING)
                    self.timed_out_interfaces[ifname] = True
                else:
                    if ifname in self.timed_out_interfaces and self.timed_out_interfaces[ifname] == True:
+                        self.carrier_changed = True
                        RNS.log(str(self)+" Carrier recovered on "+str(ifname), RNS.LOG_WARNING)
                    self.timed_out_interfaces[ifname] = False
                
@@ -326,8 +395,11 @@ class AutoInterface(Interface):
        self.peers[addr][1] = time.time()

    def processIncoming(self, data):
-        self.rxb += len(data)
-        self.owner.inbound(data, self)
+        data_hash = RNS.Identity.full_hash(data)
+        if not data_hash in self.mif_deque:
+            self.mif_deque.append(data_hash)
+            self.rxb += len(data)
+            self.owner.inbound(data, self)

    def processOutgoing(self,data):
            for peer in self.peers:
@@ -161,8 +161,6 @@ class I2PController:
                                raise tn.status["exception"]

                            else:
-                                self.client_tunnels[i2p_destination] = True
-                                owner.awaiting_i2p_tunnel = False
                                if owner.socket != None:
                                    if hasattr(owner.socket, "close"):
                                        if callable(owner.socket.close):
@@ -175,6 +173,8 @@ class I2PController:
                                                owner.socket.close()
                                            except Exception as e:
                                                RNS.log("Error while closing socket for "+str(owner)+": "+str(e))
+                                self.client_tunnels[i2p_destination] = True
+                                owner.awaiting_i2p_tunnel = False

                                RNS.log(str(owner)+" tunnel setup complete", RNS.LOG_VERBOSE)

@@ -310,8 +310,6 @@ class I2PController:
            else:
                i2ptunnel = self.i2plib_tunnels[i2p_b32]
                if hasattr(i2ptunnel, "status"):
-                    # TODO: Remove
-                    # RNS.log(str(i2ptunnel.status))
                    i2p_exception = i2ptunnel.status["exception"]

                    if i2ptunnel.status["setup_ran"] == False:
@@ -385,6 +383,11 @@ class I2PInterfacePeer(Interface):
    I2P_PROBE_AFTER = 10
    I2P_PROBE_INTERVAL = 9
    I2P_PROBES = 5
+    I2P_READ_TIMEOUT = (I2P_PROBE_INTERVAL * I2P_PROBES + I2P_PROBE_AFTER)*2
+
+    TUNNEL_STATE_INIT    = 0x00
+    TUNNEL_STATE_ACTIVE  = 0x01
+    TUNNEL_STATE_STALE   = 0x02

    def __init__(self, parent_interface, owner, name, target_i2p_dest=None, connected_socket=None, max_reconnect_tries=None):
        self.rxb = 0
@@ -411,6 +414,30 @@ class I2PInterfacePeer(Interface):
        self.i2p_tunnel_ready = False
        self.mode             = RNS.Interfaces.Interface.Interface.MODE_FULL
        self.bitrate          = I2PInterface.BITRATE_GUESS
+        self.last_read        = 0
+        self.last_write       = 0
+        self.wd_reset         = False
+        self.i2p_tunnel_state = I2PInterfacePeer.TUNNEL_STATE_INIT
+
+        self.ifac_size = self.parent_interface.ifac_size
+        self.ifac_netname = self.parent_interface.ifac_netname
+        self.ifac_netkey = self.parent_interface.ifac_netkey
+        if self.ifac_netname != None or self.ifac_netkey != None:
+            ifac_origin = b""
+            if self.ifac_netname != None:
+                ifac_origin += RNS.Identity.full_hash(self.ifac_netname.encode("utf-8"))
+            if self.ifac_netkey != None:
+                ifac_origin += RNS.Identity.full_hash(self.ifac_netkey.encode("utf-8"))
+
+            ifac_origin_hash = RNS.Identity.full_hash(ifac_origin)
+            self.ifac_key = RNS.Cryptography.hkdf(
+                length=64,
+                derive_from=ifac_origin_hash,
+                salt=RNS.Reticulum.IFAC_SALT,
+                context=None
+            )
+            self.ifac_identity = RNS.Identity.from_bytes(self.ifac_key)
+            self.ifac_signature = self.ifac_identity.sign(RNS.Identity.full_hash(self.ifac_key))

        self.announce_rate_target  = None
        self.announce_rate_grace   = None
@@ -456,46 +483,40 @@ class I2PInterfacePeer(Interface):
                        RNS.log("Error while while configuring "+str(self)+": "+str(e), RNS.LOG_ERROR)
                        RNS.log("Check that I2P is installed and running, and that SAM is enabled. Retrying tunnel setup later.", RNS.LOG_ERROR)

-                    time.sleep(15)
+                    time.sleep(8)

            thread = threading.Thread(target=tunnel_job)
-            thread.setDaemon(True)
+            thread.daemon = True
            thread.start()

            def wait_job():
                while self.awaiting_i2p_tunnel:
                    time.sleep(0.25)
+                time.sleep(2)
                
                if not self.kiss_framing:
                    self.wants_tunnel = True

                if not self.connect(initial=True):
                    thread = threading.Thread(target=self.reconnect)
-                    thread.setDaemon(True)
+                    thread.daemon = True
                    thread.start()
                else:
                    thread = threading.Thread(target=self.read_loop)
-                    thread.setDaemon(True)
+                    thread.daemon = True
                    thread.start()

            thread = threading.Thread(target=wait_job)
-            thread.setDaemon(True)
+            thread.daemon = True
            thread.start()


    def set_timeouts_linux(self):
-        if not self.i2p_tunneled:
-            self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_USER_TIMEOUT, int(I2PInterfacePeer.TCP_USER_TIMEOUT * 1000))
-            self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
-            self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPIDLE, int(I2PInterfacePeer.TCP_PROBE_AFTER))
-            self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPINTVL, int(I2PInterfacePeer.TCP_PROBE_INTERVAL))
-            self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPCNT, int(I2PInterfacePeer.TCP_PROBES))
-        else:
-            self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_USER_TIMEOUT, int(I2PInterfacePeer.I2P_USER_TIMEOUT * 1000))
-            self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
-            self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPIDLE, int(I2PInterfacePeer.I2P_PROBE_AFTER))
-            self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPINTVL, int(I2PInterfacePeer.I2P_PROBE_INTERVAL))
-            self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPCNT, int(I2PInterfacePeer.I2P_PROBES))
+        self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_USER_TIMEOUT, int(I2PInterfacePeer.I2P_USER_TIMEOUT * 1000))
+        self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
+        self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPIDLE, int(I2PInterfacePeer.I2P_PROBE_AFTER))
+        self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPINTVL, int(I2PInterfacePeer.I2P_PROBE_INTERVAL))
+        self.socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPCNT, int(I2PInterfacePeer.I2P_PROBES))

    def set_timeouts_osx(self):
        if hasattr(socket, "TCP_KEEPALIVE"):
@@ -504,22 +525,19 @@ class I2PInterfacePeer(Interface):
            TCP_KEEPIDLE = 0x10

        self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
-        
-        if not self.i2p_tunneled:
-            self.socket.setsockopt(socket.IPPROTO_TCP, TCP_KEEPIDLE, int(I2PInterfacePeer.TCP_PROBE_AFTER))
-        else:
-            self.socket.setsockopt(socket.IPPROTO_TCP, TCP_KEEPIDLE, int(I2PInterfacePeer.I2P_PROBE_AFTER))
+        self.socket.setsockopt(socket.IPPROTO_TCP, TCP_KEEPIDLE, int(I2PInterfacePeer.I2P_PROBE_AFTER))
    
-    def shutdown_socket(self, socket):
-        if callable(socket.close):
-            
+    def shutdown_socket(self, target_socket):
+        if callable(target_socket.close):
            try:
-                socket.shutdown(socket.SHUT_RDWR)
+                if socket != None:
+                    target_socket.shutdown(socket.SHUT_RDWR)
            except Exception as e:
                RNS.log("Error while shutting down socket for "+str(self)+": "+str(e))

            try:
-                socket.close()
+                if socket != None:
+                    target_socket.close()
            except Exception as e:
                RNS.log("Error while closing socket for "+str(self)+": "+str(e))    
    
@@ -573,7 +591,6 @@ class I2PInterfacePeer(Interface):

        return True

-
    def reconnect(self):
        if self.initiator:
            if not self.reconnecting:
@@ -602,7 +619,7 @@ class I2PInterfacePeer(Interface):

                self.reconnecting = False
                thread = threading.Thread(target=self.read_loop)
-                thread.setDaemon(True)
+                thread.daemon = True
                thread.start()
                if not self.kiss_framing:
                    RNS.Transport.synthesize_tunnel(self)
@@ -634,6 +651,7 @@ class I2PInterfacePeer(Interface):
                self.socket.sendall(data)
                self.writing = False
                self.txb += len(data)
+                self.last_write = time.time()
                
                if hasattr(self, "parent_interface") and self.parent_interface != None and self.parent_count:
                    self.parent_interface.txb += len(data)
@@ -644,8 +662,59 @@ class I2PInterfacePeer(Interface):
                self.teardown()


+    def read_watchdog(self):
+        while self.wd_reset:
+            time.sleep(0.25)
+
+        should_run = True
+        try:
+            while should_run and not self.wd_reset:
+                time.sleep(1)
+
+                if (time.time()-self.last_read > I2PInterfacePeer.I2P_PROBE_AFTER*2):
+                    if self.i2p_tunnel_state != I2PInterfacePeer.TUNNEL_STATE_STALE:
+                        RNS.log("I2P tunnel became unresponsive", RNS.LOG_DEBUG)
+
+                    self.i2p_tunnel_state = I2PInterfacePeer.TUNNEL_STATE_STALE
+                else:
+                    self.i2p_tunnel_state = I2PInterfacePeer.TUNNEL_STATE_ACTIVE
+
+                if (time.time()-self.last_write > I2PInterfacePeer.I2P_PROBE_AFTER*1):
+                    try:
+                        if self.socket != None:
+                            self.socket.sendall(bytes([HDLC.FLAG, HDLC.FLAG]))
+                    except Exception as e:
+                        RNS.log("An error ocurred while sending I2P keepalive. The contained exception was: "+str(e), RNS.LOG_ERROR)
+                        self.shutdown_socket(self.socket)
+                        should_run = False
+                
+                if (time.time()-self.last_read > I2PInterfacePeer.I2P_READ_TIMEOUT):
+                    RNS.log("I2P socket is unresponsive, restarting...", RNS.LOG_WARNING)
+                    if self.socket != None:
+                        try:
+                            self.socket.shutdown(socket.SHUT_RDWR)
+                        except Exception as e:
+                            RNS.log("Error while shutting down socket for "+str(self)+": "+str(e))
+
+                        try:
+                            self.socket.close()
+                        except Exception as e:
+                            RNS.log("Error while closing socket for "+str(self)+": "+str(e))
+
+                    should_run = False
+
+                self.wd_reset = False
+
+        finally:
+            self.wd_reset = False
+
    def read_loop(self):
        try:
+            self.last_read  = time.time()
+            self.last_write = time.time()
+
+            wd_thread = threading.Thread(target=self.read_watchdog, daemon=True).start()
+
            in_frame = False
            escape = False
            data_buffer = b""
@@ -655,6 +724,7 @@ class I2PInterfacePeer(Interface):
                data_in = self.socket.recv(4096)
                if len(data_in) > 0:
                    pointer = 0
+                    self.last_read = time.time()
                    while pointer < len(data_in):
                        byte = data_in[pointer]
                        pointer += 1
@@ -707,6 +777,11 @@ class I2PInterfacePeer(Interface):
                                    data_buffer = data_buffer+bytes([byte])
                else:
                    self.online = False
+
+                    self.wd_reset = True
+                    time.sleep(2)
+                    self.wd_reset = False
+
                    if self.initiator and not self.detached:
                        RNS.log("Socket for "+str(self)+" was closed, attempting to reconnect...", RNS.LOG_WARNING)
                        self.reconnect()
@@ -756,7 +831,7 @@ class I2PInterfacePeer(Interface):
 class I2PInterface(Interface):
    BITRATE_GUESS      = 256*1000

-    def __init__(self, owner, name, rns_storagepath, peers, connectable = False):
+    def __init__(self, owner, name, rns_storagepath, peers, connectable = False, ifac_size = 16, ifac_netname = None, ifac_netkey = None):
        self.rxb = 0
        self.txb = 0
        
@@ -782,11 +857,14 @@ class I2PInterface(Interface):
        self.bind_port   = self.i2p.get_free_port()
        self.address = (self.bind_ip, self.bind_port)
        self.bitrate = I2PInterface.BITRATE_GUESS
+        self.ifac_size = ifac_size
+        self.ifac_netname = ifac_netname
+        self.ifac_netkey = ifac_netkey

        self.online = False

        i2p_thread = threading.Thread(target=self.i2p.start)
-        i2p_thread.setDaemon(True)
+        i2p_thread.daemon = True
        i2p_thread.start()

        i2p_notready_warning = False
@@ -811,7 +889,7 @@ class I2PInterface(Interface):
        self.server = ThreadingI2PServer(self.address, handlerFactory(self.incoming_connection))

        thread = threading.Thread(target=self.server.serve_forever)
-        thread.setDaemon(True)
+        thread.daemon = True
        thread.start()

        if self.connectable:
@@ -830,7 +908,7 @@ class I2PInterface(Interface):


            thread = threading.Thread(target=tunnel_job)
-            thread.setDaemon(True)
+            thread.daemon = True
            thread.start()

        if peers != None:
@@ -852,9 +930,27 @@ class I2PInterface(Interface):
        spawned_interface.parent_interface = self
        spawned_interface.online = True
        spawned_interface.bitrate = self.bitrate
+
        spawned_interface.ifac_size = self.ifac_size
        spawned_interface.ifac_netname = self.ifac_netname
        spawned_interface.ifac_netkey = self.ifac_netkey
+        if spawned_interface.ifac_netname != None or spawned_interface.ifac_netkey != None:
+            ifac_origin = b""
+            if spawned_interface.ifac_netname != None:
+                ifac_origin += RNS.Identity.full_hash(spawned_interface.ifac_netname.encode("utf-8"))
+            if spawned_interface.ifac_netkey != None:
+                ifac_origin += RNS.Identity.full_hash(spawned_interface.ifac_netkey.encode("utf-8"))
+
+            ifac_origin_hash = RNS.Identity.full_hash(ifac_origin)
+            spawned_interface.ifac_key = RNS.Cryptography.hkdf(
+                length=64,
+                derive_from=ifac_origin_hash,
+                salt=RNS.Reticulum.IFAC_SALT,
+                context=None
+            )
+            spawned_interface.ifac_identity = RNS.Identity.from_bytes(spawned_interface.ifac_key)
+            spawned_interface.ifac_signature = spawned_interface.ifac_identity.sign(RNS.Identity.full_hash(spawned_interface.ifac_key))
+
        spawned_interface.announce_rate_target = self.announce_rate_target
        spawned_interface.announce_rate_grace = self.announce_rate_grace
        spawned_interface.announce_rate_penalty = self.announce_rate_penalty
@@ -144,7 +144,7 @@ class KISSInterface(Interface):
        # Allow time for interface to initialise before config
        sleep(2.0)
        thread = threading.Thread(target=self.readLoop)
-        thread.setDaemon(True)
+        thread.daemon = True
        thread.start()
        self.online = True
        RNS.log("Serial port "+self.port+" is now open")
@@ -41,7 +41,13 @@ class HDLC():
        return data

 class ThreadingTCPServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
-    pass
+    def server_bind(self):
+        if RNS.vendor.platformutils.is_windows():
+            self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_EXCLUSIVEADDRUSE, 1)
+        else:
+            self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        self.socket.bind(self.server_address)
+        self.server_address = self.socket.getsockname()

 class LocalClientInterface(Interface):
    RECONNECT_WAIT = 3
@@ -51,7 +57,7 @@ class LocalClientInterface(Interface):
        self.txb = 0

        # TODO: Remove at some point
-        self.rxptime = 0
+        # self.rxptime = 0
        
        self.HW_MTU = 1064

@@ -86,13 +92,15 @@ class LocalClientInterface(Interface):
        self.online  = True
        self.writing = False

+        self._force_bitrate = False
+
        self.announce_rate_target  = None
        self.announce_rate_grace   = None
        self.announce_rate_penalty = None

        if connected_socket == None:
            thread = threading.Thread(target=self.read_loop)
-            thread.setDaemon(True)
+            thread.daemon = True
            thread.start()

    def connect(self):
@@ -127,7 +135,7 @@ class LocalClientInterface(Interface):

                self.reconnecting = False
                thread = threading.Thread(target=self.read_loop)
-                thread.setDaemon(True)
+                thread.daemon = True
                thread.start()
                RNS.Transport.shared_connection_reappeared()
        
@@ -137,23 +145,28 @@ class LocalClientInterface(Interface):


    def processIncoming(self, data):
+        if self._force_bitrate:
+            time.sleep(len(data) / self.bitrate * 8)
+
        self.rxb += len(data)
        if hasattr(self, "parent_interface") and self.parent_interface != None:
            self.parent_interface.rxb += len(data)
        
        # TODO: Remove at some point
-        processing_start = time.time()
+        # processing_start = time.time()
        
        self.owner.inbound(data, self)

        # TODO: Remove at some point
-        duration = time.time() - processing_start
-        self.rxptime += duration
+        # duration = time.time() - processing_start
+        # self.rxptime += duration

    def processOutgoing(self, data):
        if self.online:
            try:
                self.writing = True
+                if self._force_bitrate:
+                    time.sleep(len(data) / self.bitrate * 8)
                data = bytes([HDLC.FLAG])+HDLC.escape(data)+bytes([HDLC.FLAG])
                self.socket.sendall(data)
                self.writing = False
@@ -246,6 +259,7 @@ class LocalClientInterface(Interface):
            RNS.Transport.local_client_interfaces.remove(self)
            if hasattr(self, "parent_interface") and self.parent_interface != None:
                self.parent_interface.clients -= 1
+                RNS.Transport.owner._should_persist_data()

        if nowarning == False:
            RNS.log("The interface "+str(self)+" experienced an unrecoverable error and is being torn down. Restart Reticulum to attempt to open this interface again.", RNS.LOG_ERROR)
@@ -291,11 +305,10 @@ class LocalServerInterface(Interface):

            address = (self.bind_ip, self.bind_port)

-            ThreadingTCPServer.allow_reuse_address = True
            self.server = ThreadingTCPServer(address, handlerFactory(self.incoming_connection))

            thread = threading.Thread(target=self.server.serve_forever)
-            thread.setDaemon(True)
+            thread.daemon = True
            thread.start()

            self.announce_rate_target  = None
@@ -96,7 +96,7 @@ class PipeInterface(Interface):
    def configure_pipe(self):
        sleep(0.01)
        thread = threading.Thread(target=self.readLoop)
-        thread.setDaemon(True)
+        thread.daemon = True
        thread.start()
        self.online = True
        RNS.log("Subprocess pipe for "+str(self)+" is now connected", RNS.LOG_VERBOSE)
@@ -44,6 +44,7 @@ class KISS():
    CMD_RADIO_STATE = 0x06
    CMD_RADIO_LOCK  = 0x07
    CMD_DETECT      = 0x08
+    CMD_LEAVE       = 0x0A
    CMD_READY       = 0x0F
    CMD_STAT_RX     = 0x21
    CMD_STAT_TX     = 0x22
@@ -51,6 +52,9 @@ class KISS():
    CMD_STAT_SNR    = 0x24
    CMD_BLINK       = 0x30
    CMD_RANDOM      = 0x40
+    CMD_FB_EXT      = 0x41
+    CMD_FB_READ     = 0x42
+    CMD_FB_WRITE    = 0x43
    CMD_PLATFORM    = 0x48
    CMD_MCU         = 0x49
    CMD_FW_VERSION  = 0x50
@@ -82,14 +86,6 @@ class KISS():
 class RNodeInterface(Interface):
    MAX_CHUNK = 32768

-    owner    = None
-    port     = None
-    speed    = None
-    databits = None
-    parity   = None
-    stopbits = None
-    serial   = None
-
    FREQ_MIN = 137000000
    FREQ_MAX = 1020000000

@@ -98,9 +94,14 @@ class RNodeInterface(Interface):
    CALLSIGN_MAX_LEN    = 32

    REQUIRED_FW_VER_MAJ = 1
-    REQUIRED_FW_VER_MIN = 26
+    REQUIRED_FW_VER_MIN = 52
+
+    RECONNECT_WAIT = 5

    def __init__(self, owner, name, port, frequency = None, bandwidth = None, txpower = None, sf = None, cr = None, flow_control = False, id_interval = None, id_callsign = None):
+        if RNS.vendor.platformutils.is_android():
+            raise SystemError("Invlaid interface type. The Android-specific RNode interface must be used on Android")
+
        import importlib
        if importlib.util.find_spec('serial') != None:
            import serial
@@ -121,10 +122,11 @@ class RNodeInterface(Interface):
        self.port        = port
        self.speed       = 115200
        self.databits    = 8
-        self.parity      = serial.PARITY_NONE
        self.stopbits    = 1
        self.timeout     = 100
        self.online      = False
+        self.detached    = False
+        self.reconnecting= False

        self.frequency   = frequency
        self.bandwidth   = bandwidth
@@ -134,6 +136,7 @@ class RNodeInterface(Interface):
        self.state       = KISS.RADIO_STATE_OFF
        self.bitrate     = 0
        self.platform    = None
+        self.display     = None
        self.mcu         = None
        self.detected    = False
        self.firmware_ok = False
@@ -142,6 +145,7 @@ class RNodeInterface(Interface):

        self.last_id     = 0
        self.first_tx    = None
+        self.reconnect_w = RNodeInterface.RECONNECT_WAIT

        self.r_frequency = None
        self.r_bandwidth = None
@@ -158,6 +162,7 @@ class RNodeInterface(Interface):
        self.packet_queue    = []
        self.flow_control    = flow_control
        self.interface_ready = False
+        self.announce_rate_target = None

        self.validcfg  = True
        if (self.frequency < RNodeInterface.FREQ_MIN or self.frequency > RNodeInterface.FREQ_MAX):
@@ -197,14 +202,21 @@ class RNodeInterface(Interface):

        try:
            self.open_port()
+
+            if self.serial.is_open:
+                self.configure_device()
+            else:
+                raise IOError("Could not open serial port")
+
        except Exception as e:
            RNS.log("Could not open serial port for interface "+str(self), RNS.LOG_ERROR)
-            raise e
+            RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
+            RNS.log("Reticulum will attempt to bring up this interface periodically", RNS.LOG_ERROR)
+            if not self.detached and not self.reconnecting:
+                thread = threading.Thread(target=self.reconnect_port)
+                thread.daemon = True
+                thread.start()

-        if self.serial.is_open:
-            self.configure_device()
-        else:
-            raise IOError("Could not open serial port")

    def open_port(self):
        RNS.log("Opening serial port "+self.port+"...")
@@ -212,7 +224,7 @@ class RNodeInterface(Interface):
            port = self.port,
            baudrate = self.speed,
            bytesize = self.databits,
-            parity = self.parity,
+            parity = self.pyserial.PARITY_NONE,
            stopbits = self.stopbits,
            xonxoff = False,
            rtscts = False,
@@ -224,35 +236,42 @@ class RNodeInterface(Interface):


    def configure_device(self):
+        self.r_frequency = None
+        self.r_bandwidth = None
+        self.r_txpower   = None
+        self.r_sf        = None
+        self.r_cr        = None
+        self.r_state     = None
+        self.r_lock      = None
        sleep(2.0)
+
        thread = threading.Thread(target=self.readLoop)
-        thread.setDaemon(True)
+        thread.daemon = True
        thread.start()

        self.detect()
-        sleep(0.1)
+        sleep(0.2)
        
        if not self.detected:
-            raise IOError("Could not detect device")
+            RNS.log("Could not detect device for "+str(self), RNS.LOG_ERROR)
+            self.serial.close()
        else:
            if self.platform == KISS.PLATFORM_ESP32:
-                RNS.log("Resetting ESP32-based device before configuration...", RNS.LOG_VERBOSE)
-                self.hard_reset()
+                self.display = True

-        self.online = True
        RNS.log("Serial port "+self.port+" is now open")
        RNS.log("Configuring RNode interface...", RNS.LOG_VERBOSE)
        self.initRadio()
        if (self.validateRadioState()):
            self.interface_ready = True
            RNS.log(str(self)+" is configured and powered up")
-            sleep(1.0)
+            sleep(0.3)
+            self.online = True
        else:
            RNS.log("After configuring "+str(self)+", the reported radio parameters did not match your configuration.", RNS.LOG_ERROR)
            RNS.log("Make sure that your hardware actually supports the parameters specified in the configuration", RNS.LOG_ERROR)
            RNS.log("Aborting RNode startup", RNS.LOG_ERROR)
            self.serial.close()
-            raise IOError("RNode interface did not pass configuration validation")
            

    def initRadio(self):
@@ -267,7 +286,51 @@ class RNodeInterface(Interface):
        kiss_command = bytes([KISS.FEND, KISS.CMD_DETECT, KISS.DETECT_REQ, KISS.FEND, KISS.CMD_FW_VERSION, 0x00, KISS.FEND, KISS.CMD_PLATFORM, 0x00, KISS.FEND, KISS.CMD_MCU, 0x00, KISS.FEND])
        written = self.serial.write(kiss_command)
        if written != len(kiss_command):
-            raise IOError("An IO error occurred while detecting hardware for "+self(str))
+            raise IOError("An IO error occurred while detecting hardware for "+str(self))
+    
+    def leave(self):
+        kiss_command = bytes([KISS.FEND, KISS.CMD_LEAVE, 0xFF, KISS.FEND])
+        written = self.serial.write(kiss_command)
+        if written != len(kiss_command):
+            raise IOError("An IO error occurred while sending host left command to device")
+    
+    def enable_external_framebuffer(self):
+        if self.display != None:
+            kiss_command = bytes([KISS.FEND, KISS.CMD_FB_EXT, 0x01, KISS.FEND])
+            written = self.serial.write(kiss_command)
+            if written != len(kiss_command):
+                raise IOError("An IO error occurred while enabling external framebuffer on device")
+
+    def disable_external_framebuffer(self):
+        if self.display != None:
+            kiss_command = bytes([KISS.FEND, KISS.CMD_FB_EXT, 0x00, KISS.FEND])
+            written = self.serial.write(kiss_command)
+            if written != len(kiss_command):
+                raise IOError("An IO error occurred while disabling external framebuffer on device")
+
+    FB_PIXEL_WIDTH     = 64
+    FB_BITS_PER_PIXEL  = 1
+    FB_PIXELS_PER_BYTE = 8//FB_BITS_PER_PIXEL
+    FB_BYTES_PER_LINE  = FB_PIXEL_WIDTH//FB_PIXELS_PER_BYTE
+    def display_image(self, imagedata):
+        if self.display != None:
+            lines = len(imagedata)//8
+            for line in range(lines):
+                line_start = line*RNodeInterface.FB_BYTES_PER_LINE
+                line_end   = line_start+RNodeInterface.FB_BYTES_PER_LINE
+                line_data = bytes(imagedata[line_start:line_end])
+                self.write_framebuffer(line, line_data)
+
+    def write_framebuffer(self, line, line_data):
+        if self.display != None:
+            line_byte = line.to_bytes(1, byteorder="big", signed=False)
+            data = line_byte+line_data
+            escaped_data = KISS.escape(data)
+            kiss_command = bytes([KISS.FEND])+bytes([KISS.CMD_FB_WRITE])+escaped_data+bytes([KISS.FEND])
+            
+            written = self.serial.write(kiss_command)
+            if written != len(kiss_command):
+                raise IOError("An IO error occurred while writing framebuffer data device")

    def hard_reset(self):
        kiss_command = bytes([KISS.FEND, KISS.CMD_RESET, 0xf8, KISS.FEND])
@@ -286,7 +349,7 @@ class RNodeInterface(Interface):
        kiss_command = bytes([KISS.FEND])+bytes([KISS.CMD_FREQUENCY])+data+bytes([KISS.FEND])
        written = self.serial.write(kiss_command)
        if written != len(kiss_command):
-            raise IOError("An IO error occurred while configuring frequency for "+self(str))
+            raise IOError("An IO error occurred while configuring frequency for "+str(self))

    def setBandwidth(self):
        c1 = self.bandwidth >> 24
@@ -298,35 +361,35 @@ class RNodeInterface(Interface):
        kiss_command = bytes([KISS.FEND])+bytes([KISS.CMD_BANDWIDTH])+data+bytes([KISS.FEND])
        written = self.serial.write(kiss_command)
        if written != len(kiss_command):
-            raise IOError("An IO error occurred while configuring bandwidth for "+self(str))
+            raise IOError("An IO error occurred while configuring bandwidth for "+str(self))

    def setTXPower(self):
        txp = bytes([self.txpower])
        kiss_command = bytes([KISS.FEND])+bytes([KISS.CMD_TXPOWER])+txp+bytes([KISS.FEND])
        written = self.serial.write(kiss_command)
        if written != len(kiss_command):
-            raise IOError("An IO error occurred while configuring TX power for "+self(str))
+            raise IOError("An IO error occurred while configuring TX power for "+str(self))

    def setSpreadingFactor(self):
        sf = bytes([self.sf])
        kiss_command = bytes([KISS.FEND])+bytes([KISS.CMD_SF])+sf+bytes([KISS.FEND])
        written = self.serial.write(kiss_command)
        if written != len(kiss_command):
-            raise IOError("An IO error occurred while configuring spreading factor for "+self(str))
+            raise IOError("An IO error occurred while configuring spreading factor for "+str(self))

    def setCodingRate(self):
        cr = bytes([self.cr])
        kiss_command = bytes([KISS.FEND])+bytes([KISS.CMD_CR])+cr+bytes([KISS.FEND])
        written = self.serial.write(kiss_command)
        if written != len(kiss_command):
-            raise IOError("An IO error occurred while configuring coding rate for "+self(str))
+            raise IOError("An IO error occurred while configuring coding rate for "+str(self))

    def setRadioState(self, state):
        self.state = state
        kiss_command = bytes([KISS.FEND])+bytes([KISS.CMD_RADIO_STATE])+bytes([state])+bytes([KISS.FEND])
        written = self.serial.write(kiss_command)
        if written != len(kiss_command):
-            raise IOError("An IO error occurred while configuring radio state for "+self(str))
+            raise IOError("An IO error occurred while configuring radio state for "+str(self))

    def validate_firmware(self):
        if (self.maj_version >= RNodeInterface.REQUIRED_FW_VER_MAJ):
@@ -338,14 +401,16 @@ class RNodeInterface(Interface):

        RNS.log("The firmware version of the connected RNode is "+str(self.maj_version)+"."+str(self.min_version), RNS.LOG_ERROR)
        RNS.log("This version of Reticulum requires at least version "+str(RNodeInterface.REQUIRED_FW_VER_MAJ)+"."+str(RNodeInterface.REQUIRED_FW_VER_MIN), RNS.LOG_ERROR)
-        RNS.log("Please update your RNode firmware with rnodeconf (https://github.com/markqvist/rnodeconfigutil/)")
+        RNS.log("Please update your RNode firmware with rnodeconf from https://github.com/markqvist/rnodeconfigutil/")
        RNS.panic()


    def validateRadioState(self):
-        RNS.log("Wating for radio configuration validation for "+str(self)+"...", RNS.LOG_VERBOSE)
+        RNS.log("Waiting for radio configuration validation for "+str(self)+"...", RNS.LOG_VERBOSE)
        sleep(0.25);
-        if (self.frequency != self.r_frequency):
+
+        self.validcfg = True
+        if (self.r_frequency != None and abs(self.frequency - int(self.r_frequency)) > 100):
            RNS.log("Frequency mismatch", RNS.LOG_ERROR)
            self.validcfg = False
        if (self.bandwidth != self.r_bandwidth):
@@ -566,7 +631,7 @@ class RNodeInterface(Interface):
                            if (byte == KISS.ERROR_INITRADIO):
                                RNS.log(str(self)+" hardware initialisation error (code "+RNS.hexrep(byte)+")", RNS.LOG_ERROR)
                                raise IOError("Radio initialisation failure")
-                            elif (byte == KISS.ERROR_INITRADIO):
+                            elif (byte == KISS.ERROR_TXFAILED):
                                RNS.log(str(self)+" hardware TX error (code "+RNS.hexrep(byte)+")", RNS.LOG_ERROR)
                                raise IOError("Hardware transmit failure")
                            else:
@@ -614,13 +679,19 @@ class RNodeInterface(Interface):
            RNS.log("Reticulum will attempt to reconnect the interface periodically.", RNS.LOG_ERROR)

        self.online = False
-        self.serial.close()
-        self.reconnect_port()
+        try:
+            self.serial.close()
+        except Exception as e:
+            pass
+
+        if not self.detached and not self.reconnecting:
+            self.reconnect_port()

    def reconnect_port(self):
-        while not self.online:
+        self.reconnecting = True
+        while not self.online and not self.detached:
            try:
-                time.sleep(3.5)
+                time.sleep(5)
                RNS.log("Attempting to reconnect serial port "+str(self.port)+" for "+str(self)+"...", RNS.LOG_VERBOSE)
                self.open_port()
                if self.serial.is_open:
@@ -628,8 +699,15 @@ class RNodeInterface(Interface):
            except Exception as e:
                RNS.log("Error while reconnecting port, the contained exception was: "+str(e), RNS.LOG_ERROR)

-        RNS.log("Reconnected serial port for "+str(self))
+        self.reconnecting = False
+        if self.online:
+            RNS.log("Reconnected serial port for "+str(self))
+
+    def detach(self):
+        self.detached = True
+        self.disable_external_framebuffer()
+        self.setRadioState(KISS.RADIO_STATE_OFF)
+        self.leave()

    def __str__(self):
        return "RNodeInterface["+str(self.name)+"]"
-
@@ -116,7 +116,7 @@ class SerialInterface(Interface):
    def configure_device(self):
        sleep(0.5)
        thread = threading.Thread(target=self.readLoop)
-        thread.setDaemon(True)
+        thread.daemon = True
        thread.start()
        self.online = True
        RNS.log("Serial port "+self.port+" is now open", RNS.LOG_VERBOSE)
@@ -70,12 +70,15 @@ class TCPClientInterface(Interface):
    TCP_PROBE_INTERVAL = 2
    TCP_PROBES = 12

+    INITIAL_CONNECT_TIMEOUT = 5
+    SYNCHRONOUS_START = True
+
    I2P_USER_TIMEOUT = 45
    I2P_PROBE_AFTER = 10
    I2P_PROBE_INTERVAL = 9
    I2P_PROBES = 5

-    def __init__(self, owner, name, target_ip=None, target_port=None, connected_socket=None, max_reconnect_tries=None, kiss_framing=False, i2p_tunneled = False):
+    def __init__(self, owner, name, target_ip=None, target_port=None, connected_socket=None, max_reconnect_tries=None, kiss_framing=False, i2p_tunneled = False, connect_timeout = None):
        self.rxb = 0
        self.txb = 0
        
@@ -119,18 +122,30 @@ class TCPClientInterface(Interface):
            self.target_ip   = target_ip
            self.target_port = target_port
            self.initiator   = True
-            
-            if not self.connect(initial=True):
-                thread = threading.Thread(target=self.reconnect)
-                thread.setDaemon(True)
-                thread.start()
-            else:
-                thread = threading.Thread(target=self.read_loop)
-                thread.setDaemon(True)
-                thread.start()
-                if not self.kiss_framing:
-                    self.wants_tunnel = True

+            if connect_timeout != None:
+                self.connect_timeout = connect_timeout
+            else:
+                self.connect_timeout = TCPClientInterface.INITIAL_CONNECT_TIMEOUT
+            
+            if TCPClientInterface.SYNCHRONOUS_START:
+                self.initial_connect()
+            else:
+                thread = threading.Thread(target=self.initial_connect)
+                thread.daemon = True
+                thread.start()
+            
+    def initial_connect(self):
+        if not self.connect(initial=True):
+            thread = threading.Thread(target=self.reconnect)
+            thread.daemon = True
+            thread.start()
+        else:
+            thread = threading.Thread(target=self.read_loop)
+            thread.daemon = True
+            thread.start()
+            if not self.kiss_framing:
+                self.wants_tunnel = True

    def set_timeouts_linux(self):
        if not self.i2p_tunneled:
@@ -181,9 +196,17 @@ class TCPClientInterface(Interface):

    def connect(self, initial=False):
        try:
+            if initial:
+                RNS.log("Establishing TCP connection for "+str(self)+"...", RNS.LOG_DEBUG)
+
            self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            self.socket.settimeout(TCPClientInterface.INITIAL_CONNECT_TIMEOUT)
            self.socket.connect((self.target_ip, self.target_port))
+            self.socket.settimeout(None)
            self.online  = True
+
+            if initial:
+                RNS.log("TCP connection for "+str(self)+" established", RNS.LOG_DEBUG)
        
        except Exception as e:
            if initial:
@@ -231,7 +254,7 @@ class TCPClientInterface(Interface):

                self.reconnecting = False
                thread = threading.Thread(target=self.read_loop)
-                thread.setDaemon(True)
+                thread.daemon = True
                thread.start()
                if not self.kiss_framing:
                    RNS.Transport.synthesize_tunnel(self)
@@ -385,25 +408,15 @@ class TCPServerInterface(Interface):

    @staticmethod
    def get_address_for_if(name):
-        import importlib
-        if importlib.util.find_spec('netifaces') != None:
-            import netifaces
-            return netifaces.ifaddresses(name)[netifaces.AF_INET][0]['addr']
-        else:
-            RNS.log("Getting interface addresses from device names requires the netifaces module.", RNS.LOG_CRITICAL)
-            RNS.log("You can install it with the command: python3 -m pip install netifaces", RNS.LOG_CRITICAL)
-            RNS.panic()
+        import RNS.vendor.ifaddr.niwrapper as netinfo
+        ifaddr = netinfo.ifaddresses(name)
+        return ifaddr[netinfo.AF_INET][0]["addr"]

    @staticmethod
    def get_broadcast_for_if(name):
-        import importlib
-        if importlib.util.find_spec('netifaces') != None:
-            import netifaces
-            return netifaces.ifaddresses(name)[netifaces.AF_INET][0]['broadcast']
-        else:
-            RNS.log("Getting interface addresses from device names requires the netifaces module.", RNS.LOG_CRITICAL)
-            RNS.log("You can install it with the command: python3 -m pip install netifaces", RNS.LOG_CRITICAL)
-            RNS.panic()
+        import RNS.vendor.ifaddr.niwrapper as netinfo
+        ifaddr = netinfo.ifaddresses(name)
+        return ifaddr[netinfo.AF_INET][0]["broadcast"]

    def __init__(self, owner, name, device=None, bindip=None, bindport=None, i2p_tunneled=False):
        self.rxb = 0
@@ -417,6 +430,7 @@ class TCPServerInterface(Interface):
        self.IN  = True
        self.OUT = False
        self.name = name
+        self.detached = False

        self.i2p_tunneled = i2p_tunneled
        self.mode         = RNS.Interfaces.Interface.Interface.MODE_FULL
@@ -443,7 +457,7 @@ class TCPServerInterface(Interface):
            self.bitrate = TCPServerInterface.BITRATE_GUESS

            thread = threading.Thread(target=self.server.serve_forever)
-            thread.setDaemon(True)
+            thread.daemon = True
            thread.start()

            self.online = True
@@ -459,9 +473,27 @@ class TCPServerInterface(Interface):
        spawned_interface.target_port = str(handler.client_address[1])
        spawned_interface.parent_interface = self
        spawned_interface.bitrate = self.bitrate
+        
        spawned_interface.ifac_size = self.ifac_size
        spawned_interface.ifac_netname = self.ifac_netname
        spawned_interface.ifac_netkey = self.ifac_netkey
+        if spawned_interface.ifac_netname != None or spawned_interface.ifac_netkey != None:
+            ifac_origin = b""
+            if spawned_interface.ifac_netname != None:
+                ifac_origin += RNS.Identity.full_hash(spawned_interface.ifac_netname.encode("utf-8"))
+            if spawned_interface.ifac_netkey != None:
+                ifac_origin += RNS.Identity.full_hash(spawned_interface.ifac_netkey.encode("utf-8"))
+
+            ifac_origin_hash = RNS.Identity.full_hash(ifac_origin)
+            spawned_interface.ifac_key = RNS.Cryptography.hkdf(
+                length=64,
+                derive_from=ifac_origin_hash,
+                salt=RNS.Reticulum.IFAC_SALT,
+                context=None
+            )
+            spawned_interface.ifac_identity = RNS.Identity.from_bytes(spawned_interface.ifac_key)
+            spawned_interface.ifac_signature = spawned_interface.ifac_identity.sign(RNS.Identity.full_hash(spawned_interface.ifac_key))
+
        spawned_interface.announce_rate_target = self.announce_rate_target
        spawned_interface.announce_rate_grace = self.announce_rate_grace
        spawned_interface.announce_rate_penalty = self.announce_rate_penalty
@@ -476,9 +508,25 @@ class TCPServerInterface(Interface):
    def processOutgoing(self, data):
        pass

+
+    def detach(self):
+        if self.server != None:
+            if hasattr(self.server, "shutdown"):
+                if callable(self.server.shutdown):
+                    try:
+                        RNS.log("Detaching "+str(self), RNS.LOG_DEBUG)
+                        self.server.shutdown()
+                        self.detached = True
+                        self.server = None
+
+                    except Exception as e:
+                        RNS.log("Error while shutting down server for "+str(self)+": "+str(e))
+
+
    def __str__(self):
        return "TCPServerInterface["+self.name+"/"+self.bind_ip+":"+str(self.bind_port)+"]"

+
 class TCPInterfaceHandler(socketserver.BaseRequestHandler):
    def __init__(self, callback, *args, **keys):
        self.callback = callback
@@ -34,25 +34,15 @@ class UDPInterface(Interface):

    @staticmethod
    def get_address_for_if(name):
-        import importlib
-        if importlib.util.find_spec('netifaces') != None:
-            import netifaces
-            return netifaces.ifaddresses(name)[netifaces.AF_INET][0]['addr']
-        else:
-            RNS.log("Getting interface addresses from device names requires the netifaces module.", RNS.LOG_CRITICAL)
-            RNS.log("You can install it with the command: python3 -m pip install netifaces", RNS.LOG_CRITICAL)
-            RNS.panic()
+        import RNS.vendor.ifaddr.niwrapper as netinfo
+        ifaddr = netinfo.ifaddresses(name)
+        return ifaddr[netinfo.AF_INET][0]["addr"]

    @staticmethod
    def get_broadcast_for_if(name):
-        import importlib
-        if importlib.util.find_spec('netifaces') != None:
-            import netifaces
-            return netifaces.ifaddresses(name)[netifaces.AF_INET][0]['broadcast']
-        else:
-            RNS.log("Getting interface addresses from device names requires the netifaces module.", RNS.LOG_CRITICAL)
-            RNS.log("You can install it with the command: python3 -m pip install netifaces", RNS.LOG_CRITICAL)
-            RNS.panic()
+        import RNS.vendor.ifaddr.niwrapper as netinfo
+        ifaddr = netinfo.ifaddresses(name)
+        return ifaddr[netinfo.AF_INET][0]["broadcast"]

    def __init__(self, owner, name, device=None, bindip=None, bindport=None, forwardip=None, forwardport=None):
        self.rxb = 0
@@ -89,7 +79,7 @@ class UDPInterface(Interface):
            self.server = socketserver.UDPServer(address, handlerFactory(self.processIncoming))

            thread = threading.Thread(target=self.server.serve_forever)
-            thread.setDaemon(True)
+            thread.daemon = True
            thread.start()

            self.online = True
@@ -22,6 +22,7 @@

 import os
 import glob
+import RNS.Interfaces.Android

 modules = glob.glob(os.path.dirname(__file__)+"/*.py")
-__all__ = [ os.path.basename(f)[:-3] for f in modules if not f.endswith('__init__.py')]
+__all__ = [ os.path.basename(f)[:-3] for f in modules if not f.endswith('__init__.py')]
@@ -22,10 +22,12 @@

 from RNS.Cryptography import X25519PrivateKey, X25519PublicKey, Ed25519PrivateKey, Ed25519PublicKey
 from RNS.Cryptography import Fernet
+from RNS.Channel import Channel, LinkChannelOutlet

 from time import sleep
 from .vendor import umsgpack as umsgpack
 import threading
+import inspect
 import math
 import time
 import RNS
@@ -45,7 +47,7 @@ class Link:
    """
    This class is used to establish and manage links to other peers. When a
    link instance is created, Reticulum will attempt to establish verified
-    connectivity with the specified destination.
+    and encrypted connectivity with the specified destination.

    :param destination: A :ref:`RNS.Destination<api-destination>` instance which to establish a link to.
    :param established_callback: An optional function or method with the signature *callback(link)* to be called when the link has been established.
@@ -59,7 +61,7 @@ class Link:
    ECPUBSIZE         = 32+32
    KEYSIZE           = 32

-    MDU = math.floor((RNS.Reticulum.MTU-RNS.Reticulum.IFAC_MIN_SIZE-RNS.Reticulum.HEADER_MINSIZE-RNS.Identity.OPTIMISED_FERNET_OVERHEAD)/RNS.Identity.AES128_BLOCKSIZE)*RNS.Identity.AES128_BLOCKSIZE - 1
+    MDU = math.floor((RNS.Reticulum.MTU-RNS.Reticulum.IFAC_MIN_SIZE-RNS.Reticulum.HEADER_MINSIZE-RNS.Identity.FERNET_OVERHEAD)/RNS.Identity.AES128_BLOCKSIZE)*RNS.Identity.AES128_BLOCKSIZE - 1

    ESTABLISHMENT_TIMEOUT_PER_HOP = RNS.Reticulum.DEFAULT_PER_HOP_TIMEOUT
    """
@@ -146,6 +148,7 @@ class Link:
        self.pending_requests   = []
        self.last_inbound = 0
        self.last_outbound = 0
+        self.last_proof = 0
        self.tx = 0
        self.rx = 0
        self.txbytes = 0
@@ -162,9 +165,10 @@ class Link:
        self.destination = destination
        self.attached_interface = None
        self.__remote_identity = None
+        self._channel = None
        if self.destination == None:
            self.initiator = False
-            self.prv     = self.owner.identity.prv
+            self.prv     = X25519PrivateKey.generate()
            self.sig_prv = self.owner.identity.sig_prv
        else:
            self.initiator = True
@@ -193,15 +197,11 @@ class Link:
            self.set_link_closed_callback(closed_callback)

        if (self.initiator):
-            peer_pub_bytes = self.destination.identity.get_public_key()[:Link.ECPUBSIZE//2]
-            peer_sig_pub_bytes = self.destination.identity.get_public_key()[Link.ECPUBSIZE//2:Link.ECPUBSIZE]
            self.request_data = self.pub_bytes+self.sig_pub_bytes
            self.packet = RNS.Packet(destination, self.request_data, packet_type=RNS.Packet.LINKREQUEST)
            self.packet.pack()
            self.establishment_cost += len(self.packet.raw)
            self.set_link_id(self.packet)
-            self.load_peer(peer_pub_bytes, peer_sig_pub_bytes)
-            self.handshake()
            RNS.Transport.register_link(self)
            self.request_time = time.time()
            self.start_watchdog()
@@ -240,7 +240,7 @@ class Link:
        signed_data = self.link_id+self.pub_bytes+self.sig_pub_bytes
        signature = self.owner.identity.sign(signed_data)

-        proof_data = signature
+        proof_data = signature+self.pub_bytes
        proof = RNS.Packet(self, proof_data, packet_type=RNS.Packet.PROOF, context=RNS.Packet.LRPROOF)
        proof.send()
        self.establishment_cost += len(proof.raw)
@@ -261,8 +261,13 @@ class Link:
        self.had_outbound()

    def validate_proof(self, packet):
-        if self.status == Link.HANDSHAKE:
-            if self.initiator and len(packet.data) == RNS.Identity.SIGLENGTH//8:
+        if self.status == Link.PENDING:
+            if self.initiator and len(packet.data) == RNS.Identity.SIGLENGTH//8+Link.ECPUBSIZE//2:
+                peer_pub_bytes = packet.data[RNS.Identity.SIGLENGTH//8:RNS.Identity.SIGLENGTH//8+Link.ECPUBSIZE//2]
+                peer_sig_pub_bytes = self.destination.identity.get_public_key()[Link.ECPUBSIZE//2:Link.ECPUBSIZE]
+                self.load_peer(peer_pub_bytes, peer_sig_pub_bytes)
+                self.handshake()
+
                self.establishment_cost += len(packet.raw)
                signed_data = self.link_id+self.peer_pub_bytes+self.peer_sig_pub_bytes
                signature = packet.data[:RNS.Identity.SIGLENGTH//8]
@@ -271,18 +276,23 @@ class Link:
                    self.rtt = time.time() - self.request_time
                    self.attached_interface = packet.receiving_interface
                    self.__remote_identity = self.destination.identity
+                    self.status = Link.ACTIVE
+                    self.activated_at = time.time()
+                    self.last_proof = self.activated_at
                    RNS.Transport.activate_link(self)
                    RNS.log("Link "+str(self)+" established with "+str(self.destination)+", RTT is "+str(round(self.rtt, 3))+"s", RNS.LOG_VERBOSE)
+                    
+                    if self.rtt != None and self.establishment_cost != None and self.rtt > 0 and self.establishment_cost > 0:
+                        self.establishment_rate = self.establishment_cost/self.rtt
+
                    rtt_data = umsgpack.packb(self.rtt)
                    rtt_packet = RNS.Packet(self, rtt_data, context=RNS.Packet.LRRTT)
                    rtt_packet.send()
                    self.had_outbound()

-                    self.status = Link.ACTIVE
-                    self.activated_at = time.time()
                    if self.callbacks.link_established != None:
                        thread = threading.Thread(target=self.callbacks.link_established, args=(self,))
-                        thread.setDaemon(True)
+                        thread.daemon = True
                        thread.start()
                else:
                    RNS.log("Invalid link proof signature received by "+str(self)+". Ignoring.", RNS.LOG_DEBUG)
@@ -361,11 +371,6 @@ class Link:

    def rtt_packet(self, packet):
        try:
-            # TODO: This is crude, we should use the delta
-            # to model a more representative per-bit round
-            # trip time, and use that to set a sensible RTT
-            # expectancy for the link. This will have to do
-            # for now though.
            measured_rtt = time.time() - self.request_time
            plaintext = self.decrypt(packet.data)
            rtt = umsgpack.unpackb(plaintext)
@@ -373,13 +378,28 @@ class Link:
            self.status = Link.ACTIVE
            self.activated_at = time.time()

-            
-            if self.owner.callbacks.link_established != None:
-                    self.owner.callbacks.link_established(self)
+            if self.rtt != None and self.establishment_cost != None and self.rtt > 0 and self.establishment_cost > 0:
+                self.establishment_rate = self.establishment_cost/self.rtt
+
+            try:
+                if self.owner.callbacks.link_established != None:
+                        self.owner.callbacks.link_established(self)
+            except Exception as e:
+                RNS.log("Error occurred in external link establishment callback. The contained exception was: "+str(e), RNS.LOG_ERROR)
+
        except Exception as e:
            RNS.log("Error occurred while processing RTT packet, tearing down link. The contained exception was: "+str(e), RNS.LOG_ERROR)
            self.teardown()

+    def get_establishment_rate(self):
+        """
+        :returns: The data transfer rate at which the link establishment procedure ocurred, in bits per second.
+        """
+        if self.establishment_rate != None:
+            return self.establishment_rate*8
+        else:
+            return None
+
    def get_salt(self):
        return self.link_id

@@ -408,7 +428,7 @@ class Link:

    def get_remote_identity(self):
        """
-        :returns: The identity of the remote peer, if it is known
+        :returns: The identity of the remote peer, if it is known. Calling this method will not query the remote initiator to reveal its identity. Returns ``None`` if the link initiator has not already independently called the ``identify(identity)`` method.
        """
        return self.__remote_identity

@@ -449,6 +469,8 @@ class Link:
            resource.cancel()
        for resource in self.outgoing_resources:
            resource.cancel()
+        if self._channel:
+            self._channel._shutdown()
            
        self.prv = None
        self.pub = None
@@ -470,7 +492,7 @@ class Link:

    def start_watchdog(self):
        thread = threading.Thread(target=self.__watchdog_job)
-        thread.setDaemon(True)
+        thread.daemon = True
        thread.start()

    def __watchdog_job(self):
@@ -507,7 +529,7 @@ class Link:

                elif self.status == Link.ACTIVE:
                    activated_at = self.activated_at if self.activated_at != None else 0
-                    last_inbound = max(self.last_inbound, activated_at)
+                    last_inbound = max(max(self.last_inbound, self.last_proof), activated_at)

                    if time.time() >= last_inbound + self.keepalive:
                        if self.initiator:
@@ -567,7 +589,13 @@ class Link:

                if allowed:
                    RNS.log("Handling request "+RNS.prettyhexrep(request_id)+" for: "+str(path), RNS.LOG_DEBUG)
-                    response = response_generator(path, request_data, request_id, self.__remote_identity, requested_at)
+                    if len(inspect.signature(response_generator).parameters) == 5:
+                        response = response_generator(path, request_data, request_id, self.__remote_identity, requested_at)
+                    elif len(inspect.signature(response_generator).parameters) == 6:
+                        response = response_generator(path, request_data, request_id, self.link_id, self.__remote_identity, requested_at)
+                    else:
+                        raise TypeError("Invalid signature for response generator callback")
+
                    if response != None:
                        packed_response = umsgpack.packb([request_id, response])

@@ -623,6 +651,16 @@ class Link:
                if pending_request.request_id == resource.request_id:
                    pending_request.request_timed_out(None)

+    def get_channel(self):
+        """
+        Get the ``Channel`` for this link.
+
+        :return: ``Channel`` object
+        """
+        if self._channel is None:
+            self._channel = Channel(LinkChannelOutlet(self))
+        return self._channel
+
    def receive(self, packet):
        self.watchdog_lock = True
        if not self.status == Link.CLOSED and not (self.initiator and packet.context == RNS.Packet.KEEPALIVE and packet.data == bytes([0xFF])):
@@ -640,7 +678,7 @@ class Link:
                        plaintext = self.decrypt(packet.data)
                        if self.callbacks.packet != None:
                            thread = threading.Thread(target=self.callbacks.packet, args=(plaintext, packet))
-                            thread.setDaemon(True)
+                            thread.daemon = True
                            thread.start()
                        
                        if self.destination.proof_strategy == RNS.Destination.PROVE_ALL:
@@ -769,6 +807,27 @@ class Link:
                        for resource in self.incoming_resources:
                            resource.receive_part(packet)

+                    elif packet.context == RNS.Packet.CHANNEL:
+                        if not self._channel:
+                            RNS.log(f"Channel data received without open channel", RNS.LOG_DEBUG)
+                        else:
+                            # TODO: Remove packet loss simulator ######
+                            # if not hasattr(self, "drop_counter"):
+                            #     self.drop_counter = 0
+                            # self.drop_counter += 1
+
+                            # if self.drop_counter%6 == 0:
+                            #     RNS.log("Dropping channel packet for testing", RNS.LOG_DEBUG)
+                            # else:
+                            #     packet.prove()
+                            #     plaintext = self.decrypt(packet.data)
+                            #     self._channel._receive(plaintext)
+                            ############################################
+
+                            packet.prove()
+                            plaintext = self.decrypt(packet.data)
+                            self._channel._receive(plaintext)
+
                elif packet.packet_type == RNS.Packet.PROOF:
                    if packet.context == RNS.Packet.RESOURCE_PRF:
                        resource_hash = packet.data[0:RNS.Identity.HASHLENGTH//8]
@@ -788,16 +847,7 @@ class Link:
                    RNS.log("Could not "+str(self)+" instantiate Fernet while performin encryption on link. The contained exception was: "+str(e), RNS.LOG_ERROR)
                    raise e

-            # The fernet token VERSION field is stripped here and
-            # reinserted on the receiving end, since it is always
-            # set to 0x80.
-            #
-            # Since we're also quite content with supporting time-
-            # stamps until the year 8921556 AD, we'll also strip 2
-            # bytes from the timestamp field and reinsert those as
-            # 0x00 when received.
-            ciphertext = self.fernet.encrypt(plaintext)[3:]
-            return ciphertext
+            return self.fernet.encrypt(plaintext)

        except Exception as e:
            RNS.log("Encryption on link "+str(self)+" failed. The contained exception was: "+str(e), RNS.LOG_ERROR)
@@ -809,8 +859,8 @@ class Link:
            if not self.fernet:
                self.fernet = Fernet(self.derived_key)
                
-            plaintext = self.fernet.decrypt(bytes([RNS.Identity.FERNET_VERSION, 0x00, 0x00]) + ciphertext)
-            return plaintext
+            return self.fernet.decrypt(ciphertext)
+
        except Exception as e:
            RNS.log("Decryption failed on link "+str(self)+". The contained exception was: "+str(e), RNS.LOG_ERROR)

@@ -908,6 +958,13 @@ class Link:
    def register_incoming_resource(self, resource):
        self.incoming_resources.append(resource)

+    def has_incoming_resource(self, resource):
+        for incoming_resource in self.incoming_resources:
+            if incoming_resource.hash == resource.hash:
+                return True
+
+        return False
+
    def cancel_outgoing_resource(self, resource):
        if resource in self.outgoing_resources:
            self.outgoing_resources.remove(resource)
@@ -990,7 +1047,7 @@ class RequestReceipt():
            self.status = RequestReceipt.DELIVERED
            self.__resource_response_timeout = time.time()+self.timeout
            response_timeout_thread = threading.Thread(target=self.__response_timeout_job)
-            response_timeout_thread.setDaemon(True)
+            response_timeout_thread.daemon = True
            response_timeout_thread.start()
        else:
            RNS.log("Sending request "+RNS.prettyhexrep(self.request_id)+" as resource failed with status: "+RNS.hexrep([resource.status]), RNS.LOG_DEBUG)
@@ -29,15 +29,19 @@ import RNS
 class Packet:
    """
    The Packet class is used to create packet instances that can be sent
-    over a Reticulum network. Packets to will automatically be encrypted if
+    over a Reticulum network. Packets will automatically be encrypted if
    they are adressed to a ``RNS.Destination.SINGLE`` destination,
    ``RNS.Destination.GROUP`` destination or a :ref:`RNS.Link<api-link>`.

    For ``RNS.Destination.GROUP`` destinations, Reticulum will use the
-    pre-shared key configured for the destination.
+    pre-shared key configured for the destination. All packets to group
+    destinations are encrypted with the same AES-128 key.

-    For ``RNS.Destination.SINGLE`` destinations and :ref:`RNS.Link<api-link>`
-    destinations, reticulum will use ephemeral keys, and offers **Forward Secrecy**.
+    For ``RNS.Destination.SINGLE`` destinations, Reticulum will use a newly
+    derived ephemeral AES-128 key for every packet.
+
+    For :ref:`RNS.Link<api-link>` destinations, Reticulum will use per-link
+    ephemeral keys, and offers **Forward Secrecy**.

    :param destination: A :ref:`RNS.Destination<api-destination>` instance to which the packet will be sent.
    :param data: The data payload to be included in the packet as *bytes*.
@@ -54,9 +58,7 @@ class Packet:
    # Header types
    HEADER_1     = 0x00     # Normal header format
    HEADER_2     = 0x01     # Header format used for packets in transport
-    HEADER_3     = 0x02     # Reserved
-    HEADER_4     = 0x03     # Reserved
-    header_types = [HEADER_1, HEADER_2, HEADER_3, HEADER_4]
+    header_types = [HEADER_1, HEADER_2]

    # Packet context types
    NONE           = 0x00   # Generic data packet
@@ -73,6 +75,7 @@ class Packet:
    PATH_RESPONSE  = 0x0B   # Packet is a response to a path request
    COMMAND        = 0x0C   # Packet is a command
    COMMAND_STATUS = 0x0D   # Packet is a status of an executed command
+    CHANNEL        = 0x0E   # Packet contains link channel data
    KEEPALIVE      = 0xFA   # Packet is a keepalive packet
    LINKIDENTIFY   = 0xFB   # Packet is a link peer identification proof
    LINKCLOSE      = 0xFC   # Packet is a link close message
@@ -138,7 +141,7 @@ class Packet:

    def get_packed_flags(self):
        if self.context == Packet.LRPROOF:
-            packed_flags = (self.header_type << 6) | (self.transport_type << 4) | RNS.Destination.LINK | self.packet_type
+            packed_flags = (self.header_type << 6) | (self.transport_type << 4) | (RNS.Destination.LINK << 2) | self.packet_type
        else:
            packed_flags = (self.header_type << 6) | (self.transport_type << 4) | (self.destination.type << 2) | self.packet_type
        return packed_flags
@@ -169,8 +172,8 @@ class Packet:
                    # Packet proofs over links are not encrypted
                    self.ciphertext = self.data
                elif self.context == Packet.RESOURCE:
-                    # A resource takes care of symmetric
-                    # encryption by itself
+                    # A resource takes care of encryption
+                    # by itself
                    self.ciphertext = self.data
                elif self.context == Packet.KEEPALIVE:
                    # Keepalive packets contain no actual
@@ -211,21 +214,23 @@ class Packet:
            self.flags = self.raw[0]
            self.hops  = self.raw[1]

-            self.header_type      = (self.flags & 0b11000000) >> 6
+            self.header_type      = (self.flags & 0b01000000) >> 6
            self.transport_type   = (self.flags & 0b00110000) >> 4
            self.destination_type = (self.flags & 0b00001100) >> 2
            self.packet_type      = (self.flags & 0b00000011)

+            DST_LEN = RNS.Reticulum.TRUNCATED_HASHLENGTH//8
+
            if self.header_type == Packet.HEADER_2:
-                self.transport_id = self.raw[2:12]
-                self.destination_hash = self.raw[12:22]
-                self.context = ord(self.raw[22:23])
-                self.data = self.raw[23:]
+                self.transport_id = self.raw[2:DST_LEN+2]
+                self.destination_hash = self.raw[DST_LEN+2:2*DST_LEN+2]
+                self.context = ord(self.raw[2*DST_LEN+2:2*DST_LEN+3])
+                self.data = self.raw[2*DST_LEN+3:]
            else:
                self.transport_id = None
-                self.destination_hash = self.raw[2:12]
-                self.context = ord(self.raw[12:13])
-                self.data = self.raw[13:]
+                self.destination_hash = self.raw[2:DST_LEN+2]
+                self.context = ord(self.raw[DST_LEN+2:DST_LEN+3])
+                self.data = self.raw[DST_LEN+3:]

            self.packed = False
            self.update_hash()
@@ -252,7 +257,7 @@ class Packet:

            if not self.packed:
                self.pack()
-    
+
            if RNS.Transport.outbound(self):
                return self.receipt
            else:
@@ -271,6 +276,10 @@ class Packet:
        :returns: A :ref:`RNS.PacketReceipt<api-packetreceipt>` instance if *create_receipt* was set to *True* when the packet was instantiated, if not returns *None*. If the packet could not be sent *False* is returned.
        """
        if self.sent:
+            # Re-pack the packet to obtain new ciphertext for
+            # encrypted destinations
+            self.pack()
+            
            if RNS.Transport.outbound(self):
                return self.receipt
            else:
@@ -313,7 +322,7 @@ class Packet:
    def get_hashable_part(self):
        hashable_part = bytes([self.raw[0] & 0b00001111])
        if self.header_type == Packet.HEADER_2:
-            hashable_part += self.raw[12:]
+            hashable_part += self.raw[(RNS.Identity.TRUNCATED_HASHLENGTH//8)+2:]
        else:
            hashable_part += self.raw[2:]

@@ -321,7 +330,7 @@ class Packet:

 class ProofDestination:
    def __init__(self, packet):
-        self.hash = packet.get_hash()[:10];
+        self.hash = packet.get_hash()[:RNS.Reticulum.TRUNCATED_HASHLENGTH//8];
        self.type = RNS.Destination.SINGLE

    def encrypt(self, plaintext):
@@ -391,9 +400,15 @@ class PacketReceipt:
                    self.proved = True
                    self.concluded_at = time.time()
                    self.proof_packet = proof_packet
+                    link.last_proof = self.concluded_at

                    if self.callbacks.delivery != None:
-                        self.callbacks.delivery(self)
+                        try:
+                            self.callbacks.delivery(self)
+                        except Exception as e:
+                            RNS.log("An error occurred while evaluating external delivery callback for "+str(link), RNS.LOG_ERROR)
+                            RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
+                            
                    return True
                else:
                    return False
@@ -488,7 +503,7 @@ class PacketReceipt:

            if self.callbacks.timeout:
                thread = threading.Thread(target=self.callbacks.timeout, args=(self,))
-                thread.setDaemon(True)
+                thread.daemon = True
                thread.start()


@@ -53,7 +53,7 @@ class Resource:
    WINDOW_MAX_SLOW      = 10

    # The maximum window size for transfers on fast links
-    WINDOW_MAX_FAST      = 76
+    WINDOW_MAX_FAST      = 75
    
    # For calculating maps and guard segments, this
    # must be set to the global maximum window.
@@ -149,7 +149,7 @@ class Resource:
            resource.total_parts         = int(math.ceil(resource.size/float(Resource.SDU)))
            resource.received_count      = 0
            resource.outstanding_parts   = 0
-            resource.parts                 = [None] * resource.total_parts
+            resource.parts               = [None] * resource.total_parts
            resource.window              = Resource.WINDOW
            resource.window_max          = Resource.WINDOW_MAX_SLOW
            resource.window_min          = Resource.WINDOW_MIN
@@ -172,20 +172,26 @@ class Resource:

            resource.consecutive_completed_height = 0
            
-            resource.link.register_incoming_resource(resource)
+            if not resource.link.has_incoming_resource(resource):
+                resource.link.register_incoming_resource(resource)

-            RNS.log("Accepting resource advertisement for "+RNS.prettyhexrep(resource.hash), RNS.LOG_DEBUG)
-            if resource.link.callbacks.resource_started != None:
-                try:
-                    resource.link.callbacks.resource_started(resource)
-                except Exception as e:
-                    RNS.log("Error while executing resource started callback from "+str(self)+". The contained exception was: "+str(e), RNS.LOG_ERROR)
+                RNS.log("Accepting resource advertisement for "+RNS.prettyhexrep(resource.hash), RNS.LOG_DEBUG)
+                if resource.link.callbacks.resource_started != None:
+                    try:
+                        resource.link.callbacks.resource_started(resource)
+                    except Exception as e:
+                        RNS.log("Error while executing resource started callback from "+str(resource)+". The contained exception was: "+str(e), RNS.LOG_ERROR)

-            resource.hashmap_update(0, resource.hashmap_raw)
+                resource.hashmap_update(0, resource.hashmap_raw)

-            resource.watchdog_job()
+                resource.watchdog_job()
+
+                return resource
+
+            else:
+                RNS.log("Ignoring resource advertisement for "+RNS.prettyhexrep(resource.hash)+", resource already transferring", RNS.LOG_DEBUG)
+                return None

-            return resource
        except Exception as e:
            RNS.log("Could not decode resource advertisement, dropping resource", RNS.LOG_DEBUG)
            return None
@@ -393,12 +399,11 @@ class Resource:
        the resource advertisement it will begin transferring.
        """
        thread = threading.Thread(target=self.__advertise_job)
-        thread.setDaemon(True)
+        thread.daemon = True
        thread.start()

    def __advertise_job(self):
-        data = ResourceAdvertisement(self).pack()
-        self.advertisement_packet = RNS.Packet(self.link, data, context=RNS.Packet.RESOURCE_ADV)
+        self.advertisement_packet = RNS.Packet(self.link, ResourceAdvertisement(self).pack(), context=RNS.Packet.RESOURCE_ADV)
        while not self.link.ready_for_new_resource():
            self.status = Resource.QUEUED
            sleep(0.25)
@@ -421,7 +426,7 @@ class Resource:

    def watchdog_job(self):
        thread = threading.Thread(target=self.__watchdog_job)
-        thread.setDaemon(True)
+        thread.daemon = True
        thread.start()

    def __watchdog_job(self):
@@ -445,7 +450,8 @@ class Resource:
                        try:
                            RNS.log("No part requests received, retrying resource advertisement...", RNS.LOG_DEBUG)
                            self.retries_left -= 1
-                            self.advertisement_packet.resend()
+                            self.advertisement_packet = RNS.Packet(self.link, ResourceAdvertisement(self).pack(), context=RNS.Packet.RESOURCE_ADV)
+                            self.advertisement_packet.send()
                            self.last_activity = time.time()
                            self.adv_sent = self.last_activity
                            sleep_time = 0.001
@@ -944,7 +950,7 @@ class Resource:


 class ResourceAdvertisement:
-    OVERHEAD             = 128
+    OVERHEAD             = 134
    HASHMAP_MAX_LEN      = math.floor((RNS.Link.MDU-OVERHEAD)/Resource.MAPHASH_LEN)
    COLLISION_GUARD_SIZE = 2*Resource.WINDOW_MAX+HASHMAP_MAX_LEN

@@ -66,9 +66,10 @@ class Transport:
    PATH_REQUEST_TIMEOUT = 15           # Default timuout for client path requests in seconds
    PATH_REQUEST_GRACE   = 0.35         # Grace time before a path announcement is made, allows directly reachable peers to respond first
    PATH_REQUEST_RW      = 2            # Path request random window
+    PATH_REQUEST_MI      = 5            # Minimum interval in seconds for automated path requests

    LINK_TIMEOUT         = RNS.Link.STALE_TIME * 1.25
-    REVERSE_TIMEOUT      = 30*60        # Reverse table entries are removed after max 30 minutes
+    REVERSE_TIMEOUT      = 30*60        # Reverse table entries are removed after 30 minutes
    DESTINATION_TIMEOUT  = 60*60*24*7   # Destination table entries are removed if unused for one week
    MAX_RECEIPTS         = 1024         # Maximum number of receipts to keep track of
    MAX_RATE_TIMESTAMPS  = 16           # Maximum number of announce timestamps to keep per destination
@@ -92,6 +93,7 @@ class Transport:
    announce_handlers    = []           # A table storing externally registered announce handlers
    tunnels              = {}           # A table storing tunnels to other transport instances
    announce_rate_table  = {}           # A table for keeping track of announce rates
+    path_requests        = {}           # A table for storing path request timestamps
    
    discovery_path_requests  = {}       # A table for keeping track of path requests on behalf of other nodes
    discovery_pr_tags        = []       # A table for keeping track of tagged path requests
@@ -116,6 +118,8 @@ class Transport:
    jobs_locked = False
    jobs_running = False
    job_interval = 0.250
+    links_last_checked       = 0.0
+    links_check_interval     = 1.0
    receipts_last_checked    = 0.0
    receipts_check_interval  = 1.0
    announces_last_checked   = 0.0
@@ -144,13 +148,14 @@ class Transport:
                RNS.log("Loaded Transport Identity from storage", RNS.LOG_VERBOSE)

        packet_hashlist_path = RNS.Reticulum.storagepath+"/packet_hashlist"
-        if os.path.isfile(packet_hashlist_path):
-            try:
-                file = open(packet_hashlist_path, "rb")
-                Transport.packet_hashlist = umsgpack.unpackb(file.read())
-                file.close()
-            except Exception as e:
-                RNS.log("Could not load packet hashlist from storage, the contained exception was: "+str(e), RNS.LOG_ERROR)
+        if not Transport.owner.is_connected_to_shared_instance:
+            if os.path.isfile(packet_hashlist_path):
+                try:
+                    file = open(packet_hashlist_path, "rb")
+                    Transport.packet_hashlist = umsgpack.unpackb(file.read())
+                    file.close()
+                except Exception as e:
+                    RNS.log("Could not load packet hashlist from storage, the contained exception was: "+str(e), RNS.LOG_ERROR)

        # Create transport-specific destinations
        Transport.path_request_destination = RNS.Destination(None, RNS.Destination.IN, RNS.Destination.PLAIN, Transport.APP_NAME, "path", "request")
@@ -164,8 +169,7 @@ class Transport:
        Transport.control_hashes.append(Transport.tunnel_synthesize_destination.hash)

        Transport.jobs_running = False
-        thread = threading.Thread(target=Transport.jobloop)
-        thread.setDaemon(True)
+        thread = threading.Thread(target=Transport.jobloop, daemon=True)
        thread.start()

        if RNS.Reticulum.transport_enabled():
@@ -181,29 +185,31 @@ class Transport:

                    for serialised_entry in serialised_destinations:
                        destination_hash = serialised_entry[0]
-                        timestamp = serialised_entry[1]
-                        received_from = serialised_entry[2]
-                        hops = serialised_entry[3]
-                        expires = serialised_entry[4]
-                        random_blobs = serialised_entry[5]
-                        receiving_interface = Transport.find_interface_from_hash(serialised_entry[6])
-                        announce_packet = Transport.get_cached_packet(serialised_entry[7])

-                        if announce_packet != None and receiving_interface != None:
-                            announce_packet.unpack()
-                            # We increase the hops, since reading a packet
-                            # from cache is equivalent to receiving it again
-                            # over an interface. It is cached with it's non-
-                            # increased hop-count.
-                            announce_packet.hops += 1
-                            Transport.destination_table[destination_hash] = [timestamp, received_from, hops, expires, random_blobs, receiving_interface, announce_packet]
-                            RNS.log("Loaded path table entry for "+RNS.prettyhexrep(destination_hash)+" from storage", RNS.LOG_DEBUG)
-                        else:
-                            RNS.log("Could not reconstruct path table entry from storage for "+RNS.prettyhexrep(destination_hash), RNS.LOG_DEBUG)
-                            if announce_packet == None:
-                                RNS.log("The announce packet could not be loaded from cache", RNS.LOG_DEBUG)
-                            if receiving_interface == None:
-                                RNS.log("The interface is no longer available", RNS.LOG_DEBUG)
+                        if len(destination_hash) == RNS.Reticulum.TRUNCATED_HASHLENGTH//8:
+                            timestamp = serialised_entry[1]
+                            received_from = serialised_entry[2]
+                            hops = serialised_entry[3]
+                            expires = serialised_entry[4]
+                            random_blobs = serialised_entry[5]
+                            receiving_interface = Transport.find_interface_from_hash(serialised_entry[6])
+                            announce_packet = Transport.get_cached_packet(serialised_entry[7])
+
+                            if announce_packet != None and receiving_interface != None:
+                                announce_packet.unpack()
+                                # We increase the hops, since reading a packet
+                                # from cache is equivalent to receiving it again
+                                # over an interface. It is cached with it's non-
+                                # increased hop-count.
+                                announce_packet.hops += 1
+                                Transport.destination_table[destination_hash] = [timestamp, received_from, hops, expires, random_blobs, receiving_interface, announce_packet]
+                                RNS.log("Loaded path table entry for "+RNS.prettyhexrep(destination_hash)+" from storage", RNS.LOG_DEBUG)
+                            else:
+                                RNS.log("Could not reconstruct path table entry from storage for "+RNS.prettyhexrep(destination_hash), RNS.LOG_DEBUG)
+                                if announce_packet == None:
+                                    RNS.log("The announce packet could not be loaded from cache", RNS.LOG_DEBUG)
+                                if receiving_interface == None:
+                                    RNS.log("The interface is no longer available", RNS.LOG_DEBUG)

                    if len(Transport.destination_table) == 1:
                        specifier = "entry"
@@ -263,8 +269,6 @@ class Transport:
                except Exception as e:
                    RNS.log("Could not load tunnel table from storage, the contained exception was: "+str(e), RNS.LOG_ERROR)

-
-
            RNS.log("Transport instance "+str(Transport.identity)+" started", RNS.LOG_VERBOSE)

        # Synthesize tunnels for any interfaces wanting it
@@ -282,10 +286,44 @@ class Transport:
    @staticmethod
    def jobs():
        outgoing = []
+        path_requests = []
        Transport.jobs_running = True

        try:
            if not Transport.jobs_locked:
+
+                # Process active and pending link lists
+                if time.time() > Transport.links_last_checked+Transport.links_check_interval:
+
+                    for link in Transport.pending_links:
+                        if link.status == RNS.Link.CLOSED:
+                            # If we are not a Transport Instance, finding a pending link
+                            # that was never activated will trigger an expiry of the path
+                            # to the destination, and an attempt to rediscover the path.
+                            if not RNS.Reticulum.transport_enabled():
+                                Transport.expire_path(link.destination.hash)
+
+                                # If we are connected to a shared instance, it will take
+                                # care of sending out a new path request. If not, we will
+                                # send one directly.
+                                if not Transport.owner.is_connected_to_shared_instance:
+                                    last_path_request = 0
+                                    if link.destination.hash in Transport.path_requests:
+                                        last_path_request = Transport.path_requests[link.destination.hash]
+
+                                    if time.time() - last_path_request > Transport.PATH_REQUEST_MI:
+                                        RNS.log("Trying to rediscover path for "+RNS.prettyhexrep(link.destination.hash)+" since an attempted link was never established", RNS.LOG_DEBUG)
+                                        if not link.destination.hash in path_requests:
+                                            path_requests.append(link.destination.hash)
+
+                            Transport.pending_links.remove(link)
+
+                    for link in Transport.active_links:
+                        if link.status == RNS.Link.CLOSED:
+                            Transport.active_links.remove(link)
+
+                    Transport.links_last_checked = time.time()
+
                # Process receipts list for timed-out packets
                if time.time() > Transport.receipts_last_checked+Transport.receipts_check_interval:
                    while len(Transport.receipts) > Transport.MAX_RECEIPTS:
@@ -377,8 +415,32 @@ class Transport:
                    stale_links = []
                    for link_id in Transport.link_table:
                        link_entry = Transport.link_table[link_id]
-                        if time.time() > link_entry[0] + Transport.LINK_TIMEOUT:
-                            stale_links.append(link_id)
+
+                        if link_entry[7] == True:
+                            if time.time() > link_entry[0] + Transport.LINK_TIMEOUT:
+                                stale_links.append(link_id)
+                        else:
+                            if time.time() > link_entry[8]:
+                                stale_links.append(link_id)
+
+                                last_path_request = 0
+                                if link_entry[6] in Transport.path_requests:
+                                    last_path_request = Transport.path_requests[link_entry[6]]
+
+                                # If this link request was originated from a local client
+                                # attempt to rediscover a path to the destination, if this
+                                # has not already happened recently.
+                                lr_taken_hops = link_entry[5]
+                                if lr_taken_hops == 0 and time.time() - last_path_request > Transport.PATH_REQUEST_MI:
+                                    RNS.log("Trying to rediscover path for "+RNS.prettyhexrep(link_entry[6])+" since an attempted local client link was never established", RNS.LOG_DEBUG)
+                                    if not link_entry[6] in path_requests:
+                                        path_requests.append(link_entry[6])
+
+                                    if not RNS.Reticulum.transport_enabled():
+                                        # Drop current path if we are not a transport instance, to
+                                        # allow using higher-hop count paths or reused announces
+                                        # from newly adjacent transport instances.
+                                        Transport.expire_path(link_entry[6])

                    # Cull the path table
                    stale_paths = []
@@ -501,6 +563,10 @@ class Transport:

                    Transport.tables_last_culled = time.time()

+            else:
+                # Transport jobs were locked, do nothing
+                pass
+
        except Exception as e:
            RNS.log("An exception occurred while running Transport jobs.", RNS.LOG_ERROR)
            RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
@@ -510,19 +576,47 @@ class Transport:
        for packet in outgoing:
            packet.send()

+        for destination_hash in path_requests:
+            Transport.request_path(destination_hash)
+
    @staticmethod
    def transmit(interface, raw):
        try:
            if hasattr(interface, "ifac_identity") and interface.ifac_identity != None:
                # Calculate packet access code
-                ifac       = interface.ifac_identity.sign(raw)[-interface.ifac_size:]
+                ifac = interface.ifac_identity.sign(raw)[-interface.ifac_size:]
+
+                # Generate mask
+                mask = RNS.Cryptography.hkdf(
+                    length=len(raw)+interface.ifac_size,
+                    derive_from=ifac,
+                    salt=interface.ifac_key,
+                    context=None,
+                )

                # Set IFAC flag
                new_header = bytes([raw[0] | 0x80, raw[1]])

-                # Assemble new payload with IFAC and send it
+                # Assemble new payload with IFAC
                new_raw    = new_header+ifac+raw[2:]
-                interface.processOutgoing(new_raw)
+                
+                # Mask payload
+                i = 0; masked_raw = b""
+                for byte in new_raw:
+                    if i == 0:
+                        # Mask first header byte, but make sure the
+                        # IFAC flag is still set
+                        masked_raw += bytes([byte ^ mask[i] | 0x80])
+                    elif i == 1 or i > interface.ifac_size+1:
+                        # Mask second header byte and payload
+                        masked_raw += bytes([byte ^ mask[i]])
+                    else:
+                        # Don't mask the IFAC itself
+                        masked_raw += bytes([byte])
+                    i += 1
+
+                # Send it
+                interface.processOutgoing(masked_raw)

            else:
                interface.processOutgoing(raw)
@@ -537,9 +631,6 @@ class Transport:

        Transport.jobs_locked = True

-        # TODO: This updateHash call might be redundant
-        # packet.update_hash()
-
        sent = False
        outbound_time = time.time()

@@ -616,27 +707,43 @@ class Transport:
                                should_transmit = False

                            elif interface.mode == RNS.Interfaces.Interface.Interface.MODE_ROAMING:
-                                from_interface = Transport.next_hop_interface(packet.destination_hash)
-                                if from_interface == None or not hasattr(from_interface, "mode"):
-                                    RNS.log("Blocking announce broadcast on "+str(interface)+" since next hop interface is non-existing or has no mode configured", RNS.LOG_EXTREME)
-                                    should_transmit = False
+                                local_destination = next((d for d in Transport.destinations if d.hash == packet.destination_hash), None)
+                                if local_destination != None:
+                                    # RNS.log("Allowing announce broadcast on roaming-mode interface from instance-local destination", RNS.LOG_EXTREME)
+                                    pass
                                else:
-                                    if from_interface.mode == RNS.Interfaces.Interface.Interface.MODE_ROAMING:
-                                        RNS.log("Blocking announce broadcast on "+str(interface)+" due to roaming-mode next-hop interface", RNS.LOG_EXTREME)
-                                        should_transmit = False
-                                    elif from_interface.mode == RNS.Interfaces.Interface.Interface.MODE_BOUNDARY:
-                                        RNS.log("Blocking announce broadcast on "+str(interface)+" due to boundary-mode next-hop interface", RNS.LOG_EXTREME)
+                                    from_interface = Transport.next_hop_interface(packet.destination_hash)
+                                    if from_interface == None or not hasattr(from_interface, "mode"):
                                        should_transmit = False
+                                        if from_interface == None:
+                                            RNS.log("Blocking announce broadcast on "+str(interface)+" since next hop interface doesn't exist", RNS.LOG_EXTREME)
+                                        elif not hasattr(from_interface, "mode"):
+                                            RNS.log("Blocking announce broadcast on "+str(interface)+" since next hop interface has no mode configured", RNS.LOG_EXTREME)
+                                    else:
+                                        if from_interface.mode == RNS.Interfaces.Interface.Interface.MODE_ROAMING:
+                                            RNS.log("Blocking announce broadcast on "+str(interface)+" due to roaming-mode next-hop interface", RNS.LOG_EXTREME)
+                                            should_transmit = False
+                                        elif from_interface.mode == RNS.Interfaces.Interface.Interface.MODE_BOUNDARY:
+                                            RNS.log("Blocking announce broadcast on "+str(interface)+" due to boundary-mode next-hop interface", RNS.LOG_EXTREME)
+                                            should_transmit = False

                            elif interface.mode == RNS.Interfaces.Interface.Interface.MODE_BOUNDARY:
-                                from_interface = Transport.next_hop_interface(packet.destination_hash)
-                                if from_interface == None or not hasattr(from_interface, "mode"):
-                                    RNS.log("Blocking announce broadcast on "+str(interface)+" since next hop interface is non-existing or has no mode configured", RNS.LOG_EXTREME)
-                                    should_transmit = False
+                                local_destination = next((d for d in Transport.destinations if d.hash == packet.destination_hash), None)
+                                if local_destination != None:
+                                    # RNS.log("Allowing announce broadcast on boundary-mode interface from instance-local destination", RNS.LOG_EXTREME)
+                                    pass
                                else:
-                                    if from_interface.mode == RNS.Interfaces.Interface.Interface.MODE_ROAMING:
-                                        RNS.log("Blocking announce broadcast on "+str(interface)+" due to roaming-mode next-hop interface", RNS.LOG_EXTREME)
+                                    from_interface = Transport.next_hop_interface(packet.destination_hash)
+                                    if from_interface == None or not hasattr(from_interface, "mode"):
                                        should_transmit = False
+                                        if from_interface == None:
+                                            RNS.log("Blocking announce broadcast on "+str(interface)+" since next hop interface doesn't exist", RNS.LOG_EXTREME)
+                                        elif not hasattr(from_interface, "mode"):
+                                            RNS.log("Blocking announce broadcast on "+str(interface)+" since next hop interface has no mode configured", RNS.LOG_EXTREME)
+                                    else:
+                                        if from_interface.mode == RNS.Interfaces.Interface.Interface.MODE_ROAMING:
+                                            RNS.log("Blocking announce broadcast on "+str(interface)+" due to roaming-mode next-hop interface", RNS.LOG_EXTREME)
+                                            should_transmit = False

                            else:
                                # Currently, annouces originating locally are always
@@ -658,10 +765,6 @@ class Transport:
                                        tx_time   = (len(packet.raw)*8) / interface.bitrate
                                        wait_time = (tx_time / interface.announce_cap)
                                        interface.announce_allowed_at = outbound_time + wait_time
-
-                                        # TODO: Clean
-                                        # wait_time_str = str(round(wait_time*1000,3))+"ms"
-                                        # RNS.log("Next announce on "+str(interface)+" allowed in "+wait_time_str, RNS.LOG_EXTREME)
                                    
                                    else:
                                        should_transmit = False
@@ -701,13 +804,22 @@ class Transport:
                                                    timer = threading.Timer(wait_time, interface.process_announce_queue)
                                                    timer.start()

-                                                    wait_time_str = str(round(wait_time*1000,3))+"ms"
+                                                    if wait_time < 1:
+                                                        wait_time_str = str(round(wait_time*1000,2))+"ms"
+                                                    else:
+                                                        wait_time_str = str(round(wait_time*1,2))+"s"
+
                                                    ql_str = str(len(interface.announce_queue))
                                                    RNS.log("Added announce to queue (height "+ql_str+") on "+str(interface)+" for processing in "+wait_time_str, RNS.LOG_EXTREME)

                                                else:
                                                    wait_time = max(interface.announce_allowed_at - time.time(), 0)
-                                                    wait_time_str = str(round(wait_time*1000,3))+"ms"
+
+                                                    if wait_time < 1:
+                                                        wait_time_str = str(round(wait_time*1000,2))+"ms"
+                                                    else:
+                                                        wait_time_str = str(round(wait_time*1,2))+"s"
+
                                                    ql_str = str(len(interface.announce_queue))
                                                    RNS.log("Added announce to queue (height "+ql_str+") on "+str(interface)+" for processing in "+wait_time_str, RNS.LOG_EXTREME)

@@ -770,6 +882,8 @@ class Transport:
            return True
        if packet.context == RNS.Packet.CACHE_REQUEST:
            return True
+        if packet.context == RNS.Packet.CHANNEL:
+            return True

        if packet.destination_type == RNS.Destination.PLAIN:
            if packet.packet_type != RNS.Packet.ANNOUNCE:
@@ -810,7 +924,7 @@ class Transport:
    def inbound(raw, interface=None):
        # If interface access codes are enabled,
        # we must authenticate each packet.
-        if len(raw) > 1:
+        if len(raw) > 2:
            if interface != None and hasattr(interface, "ifac_identity") and interface.ifac_identity != None:
                # Check that IFAC flag is set
                if raw[0] & 0x80 == 0x80:
@@ -818,6 +932,26 @@ class Transport:
                        # Extract IFAC
                        ifac = raw[2:2+interface.ifac_size]

+                        # Generate mask
+                        mask = RNS.Cryptography.hkdf(
+                            length=len(raw),
+                            derive_from=ifac,
+                            salt=interface.ifac_key,
+                            context=None,
+                        )
+
+                        # Unmask payload
+                        i = 0; unmasked_raw = b""
+                        for byte in raw:
+                            if i <= 1 or i > interface.ifac_size+1:
+                                # Unmask header bytes and payload
+                                unmasked_raw += bytes([byte ^ mask[i]])
+                            else:
+                                # Don't unmask IFAC itself
+                                unmasked_raw += bytes([byte])
+                            i += 1
+                        raw = unmasked_raw
+
                        # Unset IFAC flag
                        new_header = bytes([raw[0] & 0x7f, raw[1]])

@@ -848,6 +982,9 @@ class Transport:
                    # If the flag is set, drop the packet
                    return

+        else:
+            return
+
        while (Transport.jobs_running):
            sleep(0.0005)

@@ -955,13 +1092,13 @@ class Transport:
                                new_raw  = packet.raw[0:1]
                                new_raw += struct.pack("!B", packet.hops)
                                new_raw += next_hop
-                                new_raw += packet.raw[12:]
+                                new_raw += packet.raw[(RNS.Identity.TRUNCATED_HASHLENGTH//8)+2:]
                            elif remaining_hops == 1:
                                # Strip transport headers and transmit
                                new_flags = (RNS.Packet.HEADER_1) << 6 | (Transport.BROADCAST) << 4 | (packet.flags & 0b00001111)
                                new_raw = struct.pack("!B", new_flags)
                                new_raw += struct.pack("!B", packet.hops)
-                                new_raw += packet.raw[12:]
+                                new_raw += packet.raw[(RNS.Identity.TRUNCATED_HASHLENGTH//8)+2:]
                            elif remaining_hops == 0:
                                # Just increase hop count and transmit
                                new_raw  = packet.raw[0:1]
@@ -969,19 +1106,21 @@ class Transport:
                                new_raw += packet.raw[2:]

                            outbound_interface = Transport.destination_table[packet.destination_hash][5]
-                            Transport.transmit(outbound_interface, new_raw)
-                            Transport.destination_table[packet.destination_hash][0] = time.time()

                            if packet.packet_type == RNS.Packet.LINKREQUEST:
+                                now = time.time()
+                                proof_timeout = now + RNS.Link.ESTABLISHMENT_TIMEOUT_PER_HOP * max(1, remaining_hops)
+
                                # Entry format is
-                                link_entry = [  time.time(),                    # 0: Timestamp,
+                                link_entry = [  now,                            # 0: Timestamp,
                                                next_hop,                       # 1: Next-hop transport ID
                                                outbound_interface,             # 2: Next-hop interface
                                                remaining_hops,                 # 3: Remaining hops
                                                packet.receiving_interface,     # 4: Received on interface
                                                packet.hops,                    # 5: Taken hops
                                                packet.destination_hash,        # 6: Original destination hash
-                                                False]                          # 7: Validated
+                                                False,                          # 7: Validated
+                                                proof_timeout]                  # 8: Proof timeout timestamp

                                Transport.link_table[packet.getTruncatedHash()] = link_entry

@@ -993,6 +1132,9 @@ class Transport:

                                Transport.reverse_table[packet.getTruncatedHash()] = reverse_entry

+                            Transport.transmit(outbound_interface, new_raw)
+                            Transport.destination_table[packet.destination_hash][0] = time.time()
+
                        else:
                            # TODO: There should probably be some kind of REJECT
                            # mechanism here, to signal to the source that their
@@ -1076,7 +1218,7 @@ class Transport:
                    if (not any(packet.destination_hash == d.hash for d in Transport.destinations) and packet.hops < Transport.PATHFINDER_M+1):
                        announce_emitted = Transport.announce_emitted(packet)
                        
-                        random_blob = packet.data[RNS.Identity.KEYSIZE//8:RNS.Identity.KEYSIZE//8+RNS.Reticulum.TRUNCATED_HASHLENGTH//8]
+                        random_blob = packet.data[RNS.Identity.KEYSIZE//8+RNS.Identity.NAME_HASH_LENGTH//8:RNS.Identity.KEYSIZE//8+RNS.Identity.NAME_HASH_LENGTH//8+10]
                        random_blobs = []
                        if packet.destination_hash in Transport.destination_table:
                            random_blobs = Transport.destination_table[packet.destination_hash][4]
@@ -1178,9 +1320,9 @@ class Transport:
                            
                            retransmit_timeout = now + (RNS.rand() * Transport.PATHFINDER_RW)

-                            if packet.receiving_interface.mode == RNS.Interfaces.Interface.Interface.MODE_ACCESS_POINT:
+                            if hasattr(packet.receiving_interface, "mode") and packet.receiving_interface.mode == RNS.Interfaces.Interface.Interface.MODE_ACCESS_POINT:
                                expires            = now + Transport.AP_PATH_TIME
-                            elif packet.receiving_interface.mode == RNS.Interfaces.Interface.Interface.MODE_ROAMING:
+                            elif hasattr(packet.receiving_interface, "mode") and packet.receiving_interface.mode == RNS.Interfaces.Interface.Interface.MODE_ROAMING:
                                expires            = now + Transport.ROAMING_PATH_TIME
                            else:
                                expires            = now + Transport.PATHFINDER_E
@@ -1234,7 +1376,6 @@ class Transport:
                                        attached_interface
                                    ]

-
                            # If we have any local clients connected, we re-
                            # transmit the announce to them immediately
                            if (len(Transport.local_client_interfaces)):
@@ -1311,7 +1452,6 @@ class Transport:
                                new_announce.hops = packet.hops
                                new_announce.send()

-
                            destination_table_entry = [now, received_from, announce_hops, expires, random_blobs, packet.receiving_interface, packet]
                            Transport.destination_table[packet.destination_hash] = destination_table_entry
                            RNS.log("Destination "+RNS.prettyhexrep(packet.destination_hash)+" is now "+str(announce_hops)+" hops away via "+RNS.prettyhexrep(received_from)+" on "+str(packet.receiving_interface), RNS.LOG_DEBUG)
@@ -1334,12 +1474,12 @@ class Transport:
                                        # Check that the announced destination matches
                                        # the handlers aspect filter
                                        execute_callback = False
+                                        announce_identity = RNS.Identity.recall(packet.destination_hash)
                                        if handler.aspect_filter == None:
                                            # If the handlers aspect filter is set to
                                            # None, we execute the callback in all cases
                                            execute_callback = True
                                        else:
-                                            announce_identity = RNS.Identity.recall(packet.destination_hash)
                                            handler_expected_hash = RNS.Destination.hash_from_name_and_identity(handler.aspect_filter, announce_identity)
                                            if packet.destination_hash == handler_expected_hash:
                                                execute_callback = True
@@ -1355,10 +1495,11 @@ class Transport:

            # Handling for linkrequests to local destinations
            elif packet.packet_type == RNS.Packet.LINKREQUEST:
-                for destination in Transport.destinations:
-                    if destination.hash == packet.destination_hash and destination.type == packet.destination_type:
-                        packet.destination = destination
-                        destination.receive(packet)
+                if packet.transport_id == None or packet.transport_id == Transport.identity.hash:
+                    for destination in Transport.destinations:
+                        if destination.hash == packet.destination_hash and destination.type == packet.destination_type:
+                            packet.destination = destination
+                            destination.receive(packet)
            
            # Handling for local data packets
            elif packet.packet_type == RNS.Packet.DATA:
@@ -1392,14 +1533,29 @@ class Transport:
                    if (RNS.Reticulum.transport_enabled() or for_local_client_link or from_local_client) and packet.destination_hash in Transport.link_table:
                        link_entry = Transport.link_table[packet.destination_hash]
                        if packet.receiving_interface == link_entry[2]:
-                            # TODO: Should we validate the LR proof at each transport
-                            # step before transporting it?
-                            # RNS.log("Link request proof received on correct interface, transporting it via "+str(link_entry[4]), RNS.LOG_EXTREME)
-                            new_raw = packet.raw[0:1]
-                            new_raw += struct.pack("!B", packet.hops)
-                            new_raw += packet.raw[2:]
-                            Transport.link_table[packet.destination_hash][7] = True
-                            Transport.transmit(link_entry[4], new_raw)
+                            try:
+                                if len(packet.data) == RNS.Identity.SIGLENGTH//8+RNS.Link.ECPUBSIZE//2:
+                                    peer_pub_bytes = packet.data[RNS.Identity.SIGLENGTH//8:RNS.Identity.SIGLENGTH//8+RNS.Link.ECPUBSIZE//2]
+                                    peer_identity = RNS.Identity.recall(link_entry[6])
+                                    peer_sig_pub_bytes = peer_identity.get_public_key()[RNS.Link.ECPUBSIZE//2:RNS.Link.ECPUBSIZE]
+
+                                    signed_data = packet.destination_hash+peer_pub_bytes+peer_sig_pub_bytes
+                                    signature = packet.data[:RNS.Identity.SIGLENGTH//8]
+
+                                    if peer_identity.validate(signature, signed_data):
+                                        RNS.log("Link request proof validated for transport via "+str(link_entry[4]), RNS.LOG_EXTREME)
+                                        new_raw = packet.raw[0:1]
+                                        new_raw += struct.pack("!B", packet.hops)
+                                        new_raw += packet.raw[2:]
+                                        Transport.link_table[packet.destination_hash][7] = True
+                                        Transport.transmit(link_entry[4], new_raw)
+
+                                    else:
+                                        RNS.log("Invalid link request proof in transport for link "+RNS.prettyhexrep(packet.destination_hash)+", dropping proof.", RNS.LOG_DEBUG)
+
+                            except Exception as e:
+                                RNS.log("Error while transporting link request proof. The contained exception was: "+str(e), RNS.LOG_ERROR)
+
                        else:
                            RNS.log("Link request proof received on wrong interface, not transporting it.", RNS.LOG_DEBUG)
                    else:
@@ -1428,7 +1584,7 @@ class Transport:
                    if (RNS.Reticulum.transport_enabled() or from_local_client or proof_for_local_client) and packet.destination_hash in Transport.reverse_table:
                        reverse_entry = Transport.reverse_table.pop(packet.destination_hash)
                        if packet.receiving_interface == reverse_entry[1]:
-                            RNS.log("Proof received on correct interface, transporting it via "+str(reverse_entry[0]), RNS.LOG_DEBUG)
+                            RNS.log("Proof received on correct interface, transporting it via "+str(reverse_entry[0]), RNS.LOG_EXTREME)
                            new_raw = packet.raw[0:1]
                            new_raw += struct.pack("!B", packet.hops)
                            new_raw += packet.raw[2:]
@@ -1574,7 +1730,7 @@ class Transport:

    @staticmethod
    def register_link(link):
-        RNS.log("Registering link "+str(link), RNS.LOG_DEBUG)
+        RNS.log("Registering link "+str(link), RNS.LOG_EXTREME)
        if link.initiator:
            Transport.pending_links.append(link)
        else:
@@ -1582,7 +1738,7 @@ class Transport:

    @staticmethod
    def activate_link(link):
-        RNS.log("Activating link "+str(link), RNS.LOG_DEBUG)
+        RNS.log("Activating link "+str(link), RNS.LOG_EXTREME)
        if link in Transport.pending_links:
            Transport.pending_links.remove(link)
            Transport.active_links.append(link)
@@ -1790,14 +1946,12 @@ class Transport:

            queued_announces = True if len(on_interface.announce_queue) > 0 else False
            if queued_announces:
-                # TODO: Reset to extra level, probably
-                RNS.log("Blocking recursive path request on "+str(on_interface)+" due to queued announces", RNS.LOG_DEBUG)
+                RNS.log("Blocking recursive path request on "+str(on_interface)+" due to queued announces", RNS.LOG_EXTREME)
                return
            else:
                now = time.time()
                if now < on_interface.announce_allowed_at:
-                    # TODO: Reset to extra level, probably
-                    RNS.log("Blocking recursive path request on "+str(on_interface)+" due to active announce cap", RNS.LOG_DEBUG)
+                    RNS.log("Blocking recursive path request on "+str(on_interface)+" due to active announce cap", RNS.LOG_EXTREME)
                    return
                else:
                    tx_time   = ((len(path_request_data)+RNS.Reticulum.HEADER_MINSIZE)*8) / on_interface.bitrate
@@ -1805,6 +1959,7 @@ class Transport:
                    on_interface.announce_allowed_at = now + wait_time

        packet.send()
+        Transport.path_requests[destination_hash] = time.time()

    @staticmethod
    def path_request_handler(data, packet):
@@ -1848,12 +2003,10 @@ class Transport:
                        )

                    else:
-                        # TODO: Reset this to debug level
-                        RNS.log("Ignoring duplicate path request for "+RNS.prettyhexrep(destination_hash)+" with tag "+RNS.prettyhexrep(unique_tag), RNS.LOG_WARNING)
+                        RNS.log("Ignoring duplicate path request for "+RNS.prettyhexrep(destination_hash)+" with tag "+RNS.prettyhexrep(unique_tag), RNS.LOG_DEBUG)

                else:
-                    # TODO: Reset this to debug level
-                    RNS.log("Ignoring tagless path request for "+RNS.prettyhexrep(destination_hash), RNS.LOG_WARNING)
+                    RNS.log("Ignoring tagless path request for "+RNS.prettyhexrep(destination_hash), RNS.LOG_DEBUG)

        except Exception as e:
            RNS.log("Error while handling path request. The contained exception was: "+str(e), RNS.LOG_ERROR)
@@ -1883,10 +2036,9 @@ class Transport:
        
        local_destination = next((d for d in Transport.destinations if d.hash == destination_hash), None)
        if local_destination != None:
-            local_destination.announce(path_response=True)
+            local_destination.announce(path_response=True, tag=tag, attached_interface=attached_interface)
            RNS.log("Answering path request for "+RNS.prettyhexrep(destination_hash)+interface_str+", destination is local to this system", RNS.LOG_DEBUG)

-
        elif (RNS.Reticulum.transport_enabled() or is_from_local_client) and (destination_hash in Transport.destination_table):
            packet = Transport.destination_table[destination_hash][6]
            next_hop = Transport.destination_table[destination_hash][1]
@@ -1931,9 +2083,10 @@ class Transport:
            # Forward path request on all interfaces
            # except the local client
            RNS.log("Forwarding path request from local client for "+RNS.prettyhexrep(destination_hash)+interface_str+" to all other interfaces", RNS.LOG_DEBUG)
+            request_tag = RNS.Identity.get_random_hash()
            for interface in Transport.interfaces:
                if not interface == attached_interface:
-                    Transport.request_path(destination_hash, interface)
+                    Transport.request_path(destination_hash, interface, tag = request_tag)

        elif should_search_for_unknown:
            if destination_hash in Transport.discovery_path_requests:
@@ -1987,10 +2140,27 @@ class Transport:

    @staticmethod
    def detach_interfaces():
-        for interface in Transport.interfaces:
-            interface.detach()
+        detachable_interfaces = []

+        for interface in Transport.interfaces:
+            # Currently no rules are being applied
+            # here, and all interfaces will be sent
+            # the detach call on RNS teardown.
+            if True:
+                detachable_interfaces.append(interface)
+            else:
+                pass
+        
        for interface in Transport.local_client_interfaces:
+            # Currently no rules are being applied
+            # here, and all interfaces will be sent
+            # the detach call on RNS teardown.
+            if True:
+                detachable_interfaces.append(interface)
+            else:
+                pass
+
+        for interface in detachable_interfaces:
            interface.detach()

    @staticmethod
@@ -2009,6 +2179,7 @@ class Transport:
        Transport.announce_handlers = []
        Transport.tunnels           = {}

+
    @staticmethod
    def shared_connection_reappeared():
        if Transport.owner.is_connected_to_shared_instance:
@@ -2016,6 +2187,7 @@ class Transport:
                if registered_destination.type == RNS.Destination.SINGLE:
                    registered_destination.announce(path_response=True)

+
    @staticmethod
    def drop_announce_queues():
        for interface in Transport.interfaces:
@@ -2030,32 +2202,73 @@ class Transport:
                    interface.announce_queue = []
                    RNS.log("Dropped "+na_str+" on "+str(interface), RNS.LOG_VERBOSE)

+
    @staticmethod
    def announce_emitted(packet):
-        random_blob = packet.data[RNS.Identity.KEYSIZE//8:RNS.Identity.KEYSIZE//8+RNS.Reticulum.TRUNCATED_HASHLENGTH//8]
+        random_blob = packet.data[RNS.Identity.KEYSIZE//8+RNS.Identity.NAME_HASH_LENGTH//8:RNS.Identity.KEYSIZE//8+RNS.Identity.NAME_HASH_LENGTH//8+10]
        announce_emitted = int.from_bytes(random_blob[5:10], "big")

        return announce_emitted

+
    @staticmethod
-    def exit_handler():
-        try:
-            if not RNS.Reticulum.transport_enabled():
-                Transport.packet_hashlist = []
-            else:
-                RNS.log("Saving packet hashlist to storage...", RNS.LOG_VERBOSE)
-
-            packet_hashlist_path = RNS.Reticulum.storagepath+"/packet_hashlist"
-            file = open(packet_hashlist_path, "wb")
-            file.write(umsgpack.packb(Transport.packet_hashlist))
-            file.close()
-
-        except Exception as e:
-            RNS.log("Could not save packet hashlist to storage, the contained exception was: "+str(e), RNS.LOG_ERROR)
-
+    def save_packet_hashlist():
        if not Transport.owner.is_connected_to_shared_instance:
-            RNS.log("Saving path table to storage...", RNS.LOG_VERBOSE)
+            if hasattr(Transport, "saving_packet_hashlist"):
+                wait_interval = 0.2
+                wait_timeout = 5
+                wait_start = time.time()
+                while Transport.saving_packet_hashlist:
+                    time.sleep(wait_interval)
+                    if time.time() > wait_start+wait_timeout:
+                        RNS.log("Could not save packet hashlist to storage, waiting for previous save operation timed out.", RNS.LOG_ERROR)
+                        return False
+
            try:
+                Transport.saving_packet_hashlist = True
+                save_start = time.time()
+
+                if not RNS.Reticulum.transport_enabled():
+                    Transport.packet_hashlist = []
+                else:
+                    RNS.log("Saving packet hashlist to storage...", RNS.LOG_DEBUG)
+
+                packet_hashlist_path = RNS.Reticulum.storagepath+"/packet_hashlist"
+                file = open(packet_hashlist_path, "wb")
+                file.write(umsgpack.packb(Transport.packet_hashlist))
+                file.close()
+
+                save_time = time.time() - save_start
+                if save_time < 1:
+                    time_str = str(round(save_time*1000,2))+"ms"
+                else:
+                    time_str = str(round(save_time,2))+"s"
+                RNS.log("Saved packet hashlist in "+time_str, RNS.LOG_DEBUG)
+
+            except Exception as e:
+                RNS.log("Could not save packet hashlist to storage, the contained exception was: "+str(e), RNS.LOG_ERROR)
+
+            Transport.saving_packet_hashlist = False
+
+
+    @staticmethod
+    def save_path_table():
+        if not Transport.owner.is_connected_to_shared_instance:
+            if hasattr(Transport, "saving_path_table"):
+                wait_interval = 0.2
+                wait_timeout = 5
+                wait_start = time.time()
+                while Transport.saving_path_table:
+                    time.sleep(wait_interval)
+                    if time.time() > wait_start+wait_timeout:
+                        RNS.log("Could not save path table to storage, waiting for previous save operation timed out.", RNS.LOG_ERROR)
+                        return False
+
+            try:
+                Transport.saving_path_table = True
+                save_start = time.time()
+                RNS.log("Saving path table to storage...", RNS.LOG_DEBUG)
+
                serialised_destinations = []
                for destination_hash in Transport.destination_table:
                    # Get the destination entry from the destination table
@@ -2094,12 +2307,38 @@ class Transport:
                file = open(destination_table_path, "wb")
                file.write(umsgpack.packb(serialised_destinations))
                file.close()
-                RNS.log("Done saving "+str(len(serialised_destinations))+" path table entries to storage", RNS.LOG_VERBOSE)
+
+                save_time = time.time() - save_start
+                if save_time < 1:
+                    time_str = str(round(save_time*1000,2))+"ms"
+                else:
+                    time_str = str(round(save_time,2))+"s"
+                RNS.log("Saved "+str(len(serialised_destinations))+" path table entries in "+time_str, RNS.LOG_DEBUG)
+
            except Exception as e:
                RNS.log("Could not save path table to storage, the contained exception was: "+str(e), RNS.LOG_ERROR)

-            RNS.log("Saving tunnel table to storage...", RNS.LOG_VERBOSE)
+            Transport.saving_path_table = False
+
+
+    @staticmethod
+    def save_tunnel_table():
+        if not Transport.owner.is_connected_to_shared_instance:
+            if hasattr(Transport, "saving_tunnel_table"):
+                wait_interval = 0.2
+                wait_timeout = 5
+                wait_start = time.time()
+                while Transport.saving_tunnel_table:
+                    time.sleep(wait_interval)
+                    if time.time() > wait_start+wait_timeout:
+                        RNS.log("Could not save tunnel table to storage, waiting for previous save operation timed out.", RNS.LOG_ERROR)
+                        return False
+
            try:
+                Transport.saving_tunnel_table = True
+                save_start = time.time()
+                RNS.log("Saving tunnel table to storage...", RNS.LOG_DEBUG)
+
                serialised_tunnels = []
                for tunnel_id in Transport.tunnels:
                    te = Transport.tunnels[tunnel_id]
@@ -2146,6 +2385,25 @@ class Transport:
                file = open(tunnels_path, "wb")
                file.write(umsgpack.packb(serialised_tunnels))
                file.close()
-                RNS.log("Done saving "+str(len(serialised_tunnels))+" tunnel table entries to storage", RNS.LOG_VERBOSE)
+
+                save_time = time.time() - save_start
+                if save_time < 1:
+                    time_str = str(round(save_time*1000,2))+"ms"
+                else:
+                    time_str = str(round(save_time,2))+"s"
+                RNS.log("Saved "+str(len(serialised_tunnels))+" tunnel table entries in "+time_str, RNS.LOG_DEBUG)
            except Exception as e:
-                RNS.log("Could not save tunnel table to storage, the contained exception was: "+str(e), RNS.LOG_ERROR)
+                RNS.log("Could not save tunnel table to storage, the contained exception was: "+str(e), RNS.LOG_ERROR)
+
+            Transport.saving_tunnel_table = False
+
+    @staticmethod
+    def persist_data():
+        Transport.save_packet_hashlist()
+        Transport.save_path_table()
+        Transport.save_tunnel_table()
+
+    @staticmethod
+    def exit_handler():
+        if not Transport.owner.is_connected_to_shared_instance:
+            Transport.persist_data()
@@ -34,7 +34,7 @@ APP_NAME = "rncp"
 allow_all = False
 allowed_identity_hashes = []

-def receive(configdir, verbosity = 0, quietness = 0, allowed = [], display_identity = False, limit = None, disable_auth = None,disable_announce=False):
+def receive(configdir, verbosity = 0, quietness = 0, allowed = [], display_identity = False, limit = None, disable_auth = None, disable_announce = False):
    global allow_all, allowed_identity_hashes
    identity = None

@@ -96,21 +96,29 @@ def receive_link_established(link):
    link.set_resource_concluded_callback(receive_resource_concluded)

 def receive_sender_identified(link, identity):
+    global allow_all
+
    if identity.hash in allowed_identity_hashes:
        RNS.log("Authenticated sender", RNS.LOG_VERBOSE)
    else:
-        RNS.log("Sender not allowed, tearing down link", RNS.LOG_VERBOSE)
-        link.teardown()
+        if not allow_all:
+            RNS.log("Sender not allowed, tearing down link", RNS.LOG_VERBOSE)
+            link.teardown()
+        else:
+            pass

 def receive_resource_callback(resource):
+    global allow_all
+    
    sender_identity = resource.link.get_remote_identity()

    if sender_identity != None:
        if sender_identity.hash in allowed_identity_hashes:
-            print("Allowing sender")
            return True

-    print("Rejecting sender")
+    if allow_all:
+        return True
+
    return False

 def receive_resource_started(resource):
@@ -212,7 +220,7 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
    temp_file.write(real_file.read())
    temp_file.seek(0)

-    print("\r                                                \r", end="")
+    print("\r                                                            \r", end="")

    reticulum = RNS.Reticulum(configdir=configdir, loglevel=targetloglevel)

@@ -240,10 +248,10 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
        i = (i+1)%len(syms)

    if not RNS.Transport.has_path(destination_hash):
-        print("\r                                                \rPath not found")
+        print("\r                                                            \rPath not found")
        exit(1)
    else:
-        print("\r                                                \rEstablishing link with "+RNS.prettyhexrep(destination_hash)+" ", end=" ")
+        print("\r                                                            \rEstablishing link with "+RNS.prettyhexrep(destination_hash)+" ", end=" ")

    receiver_identity = RNS.Identity.recall(destination_hash)
    receiver_destination = RNS.Destination(
@@ -262,10 +270,10 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
        i = (i+1)%len(syms)

    if not RNS.Transport.has_path(destination_hash):
-        print("\r                                                \rCould not establish link with "+RNS.prettyhexrep(destination_hash))
+        print("\r                                                            \rCould not establish link with "+RNS.prettyhexrep(destination_hash))
        exit(1)
    else:
-        print("\r                                                \rAdvertising file resource  ", end=" ")
+        print("\r                                                            \rAdvertising file resource  ", end=" ")

    link.identify(identity)
    resource = RNS.Resource(temp_file, link, callback = sender_progress, progress_callback = sender_progress)
@@ -279,10 +287,10 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non

    
    if resource.status > RNS.Resource.COMPLETE:
-        print("\r                                                \rFile was not accepted by "+RNS.prettyhexrep(destination_hash))
+        print("\r                                                            \rFile was not accepted by "+RNS.prettyhexrep(destination_hash))
        exit(1)
    else:
-        print("\r                                                \rTransferring file  ", end=" ")
+        print("\r                                                            \rTransferring file  ", end=" ")

    while not resource_done:
        time.sleep(0.1)
@@ -294,7 +302,7 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
        i = (i+1)%len(syms)

    if current_resource.status != RNS.Resource.COMPLETE:
-        print("\r                                                \rThe transfer failed")
+        print("\r                                                            \rThe transfer failed")
        exit(1)
    else:
        print("\r                                                                                  \r"+str(file_path)+" copied to "+RNS.prettyhexrep(destination_hash))
@@ -0,0 +1,519 @@
+#!/usr/bin/env python3
+
+# MIT License
+#
+# Copyright (c) 2023 Mark Qvist / unsigned.io
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+import RNS
+import argparse
+import time
+import sys
+import os
+import base64
+
+from RNS._version import __version__
+
+APP_NAME = "rnid"
+
+SIG_EXT = "rsg"
+ENCRYPT_EXT = "rfe"
+CHUNK_SIZE = 16*1024*1024
+
+def spin(until=None, msg=None, timeout=None):
+    i = 0
+    syms = "⢄⢂⢁⡁⡈⡐⡠"
+    if timeout != None:
+        timeout = time.time()+timeout
+
+    print(msg+"  ", end=" ")
+    while (timeout == None or time.time()<timeout) and not until():
+        time.sleep(0.1)
+        print(("\b\b"+syms[i]+" "), end="")
+        sys.stdout.flush()
+        i = (i+1)%len(syms)
+
+    print("\r"+" "*len(msg)+"  \r", end="")
+
+    if timeout != None and time.time() > timeout:
+        return False
+    else:
+        return True
+
+def main():
+    try:
+        parser = argparse.ArgumentParser(description="Reticulum Identity & Encryption Utility")
+        # parser.add_argument("file", nargs="?", default=None, help="input file path", type=str)
+
+        parser.add_argument("--config", metavar="path", action="store", default=None, help="path to alternative Reticulum config directory", type=str)
+        parser.add_argument("-i", "--identity", metavar="identity", action="store", default=None, help="hexadecimal Reticulum Destination hash or path to Identity file", type=str)
+        parser.add_argument("-g", "--generate", metavar="path", action="store", default=None, help="generate a new Identity")
+        parser.add_argument("-v", "--verbose", action="count", default=0, help="increase verbosity")
+        parser.add_argument("-q", "--quiet", action="count", default=0, help="decrease verbosity")
+
+        parser.add_argument("-a", "--announce", metavar="aspects", action="store", default=None, help="announce a destination based on this Identity")
+        parser.add_argument("-H", "--hash", metavar="aspects", action="store", default=None, help="show destination hash5s for other aspects for this Identity")
+        parser.add_argument("-e", "--encrypt", metavar="path", action="store", default=None, help="encrypt file")
+        parser.add_argument("-d", "--decrypt", metavar="path", action="store", default=None, help="decrypt file")
+        parser.add_argument("-s", "--sign", metavar="path", action="store", default=None, help="sign file")
+        parser.add_argument("-V", "--validate", metavar="path", action="store", default=None, help="validate signature")
+
+        parser.add_argument("-r", "--read", metavar="path", action="store", default=None, help="input file path", type=str)
+        parser.add_argument("-w", "--write", metavar="path", action="store", default=None, help="output file path", type=str)
+        parser.add_argument("-f", "--force", action="store_true", default=None, help="write output even if it overwrites existing files")
+        parser.add_argument("-I", "--stdin", action="store_true", default=False, help=argparse.SUPPRESS) # "read input from STDIN instead of file"
+        parser.add_argument("-O", "--stdout", action="store_true", default=False, help=argparse.SUPPRESS) # help="write output to STDOUT instead of file", 
+
+        parser.add_argument("-R", "--request", action="store_true", default=False, help="request unknown Identities from the network")
+        parser.add_argument("-t", action="store", metavar="seconds", type=float, help="identity request timeout before giving up", default=RNS.Transport.PATH_REQUEST_TIMEOUT)
+        parser.add_argument("-p", "--print-identity", action="store_true", default=False, help="print identity info and exit")
+        parser.add_argument("-P", "--print-private", action="store_true", default=False, help="allow displaying private keys")
+
+        parser.add_argument("-b", "--base64", action="store_true", default=False, help=argparse.SUPPRESS) # help="Use base64-encoded input and output")
+
+        parser.add_argument("--version", action="version", version="rnid {version}".format(version=__version__))
+        
+        args = parser.parse_args()
+
+        ops = 0;
+        for t in [args.encrypt, args.decrypt, args.validate, args.sign]:
+            if t:
+                ops += 1
+        
+        if ops > 1:
+            RNS.log("This utility currently only supports one of the encrypt, decrypt, sign or verify operations per invocation", RNS.LOG_ERROR)
+            exit(1)
+
+        if not args.read:
+            if args.encrypt:
+                args.read = args.encrypt
+            if args.decrypt:
+                args.read = args.decrypt
+            if args.sign:
+                args.read = args.sign
+
+        identity_str = args.identity
+        if not args.generate and not identity_str:
+            print("\nNo identity provided, cannot continue\n")
+            parser.print_help()
+            print("")
+            exit(2)
+
+        else:
+            targetloglevel = 4
+            verbosity = args.verbose
+            quietness = args.quiet
+            if verbosity != 0 or quietness != 0:
+                targetloglevel = targetloglevel+verbosity-quietness
+            
+            # Start Reticulum
+            reticulum = RNS.Reticulum(configdir=args.config, loglevel=targetloglevel)
+            RNS.compact_log_fmt = True
+            if args.stdout:
+                RNS.loglevel = -1
+
+            if args.generate:
+                identity = RNS.Identity()
+                if not args.force and os.path.isfile(args.generate):
+                    RNS.log("Identity file "+str(args.generate)+" already exists. Not overwriting.", RNS.LOG_ERROR)
+                    exit(3)
+                else:
+                    try:
+                        identity.to_file(args.generate)
+                        RNS.log("New identity written to "+str(args.generate))
+                        exit(0)
+                    except Exception as e:
+                        RNS.log("An error ocurred while saving the generated Identity.", RNS.LOG_ERROR)
+                        RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
+                        exit(4)
+
+            identity = None
+            if len(identity_str) == RNS.Reticulum.TRUNCATED_HASHLENGTH//8*2 and not os.path.isfile(identity_str):
+                # Try recalling Identity from hex-encoded hash
+                try:
+                    destination_hash = bytes.fromhex(identity_str)
+                    identity = RNS.Identity.recall(destination_hash)
+
+                    if identity == None:
+                        if not args.request:
+                            RNS.log("Could not recall Identity for "+RNS.prettyhexrep(destination_hash)+".", RNS.LOG_ERROR)
+                            RNS.log("You can query the network for unknown Identities with the -R option.", RNS.LOG_ERROR)
+                            exit(5)
+                        else:
+                            RNS.Transport.request_path(destination_hash)
+                            def spincheck():
+                                return RNS.Identity.recall(destination_hash) != None
+                            spin(spincheck, "Requesting unknown Identity for "+RNS.prettyhexrep(destination_hash), args.t)
+
+                            if not spincheck():
+                                RNS.log("Identity request timed out", RNS.LOG_ERROR)
+                                exit(6)
+                            else:
+                                RNS.log("Received Identity "+str(identity)+" for destination "+RNS.prettyhexrep(destination_hash)+" from the network")
+                                identity = RNS.Identity.recall(destination_hash)
+
+                    else:
+                        RNS.log("Recalled Identity "+str(identity)+" for destination "+RNS.prettyhexrep(destination_hash))
+
+
+                except Exception as e:
+                    RNS.log("Invalid hexadecimal hash provided", RNS.LOG_ERROR)
+                    exit(7)
+
+                
+            else:
+                # Try loading Identity from file
+                if not os.path.isfile(identity_str):
+                    RNS.log("Specified Identity file not found")
+                    exit(8)
+                else:
+                    try:
+                        identity = RNS.Identity.from_file(identity_str)
+                        RNS.log("Loaded Identity "+str(identity)+" from "+str(identity_str))
+
+                    except Exception as e:
+                        RNS.log("Could not decode Identity from specified file")
+                        exit(9)
+
+            if identity != None:
+                if args.hash:
+                    try:
+                        aspects = args.hash.split(".")
+                        if not len(aspects) > 1:
+                            RNS.log("Invalid destination aspects specified", RNS.LOG_ERROR)
+                            exit(32)
+                        else:
+                            app_name = aspects[0]
+                            aspects = aspects[1:]
+                            if identity.pub != None:
+                                destination = RNS.Destination(identity, RNS.Destination.OUT, RNS.Destination.SINGLE, app_name, *aspects)
+                                RNS.log("The "+str(args.hash)+" destination for this Identity is "+RNS.prettyhexrep(destination.hash))
+                                RNS.log("The full destination specifier is "+str(destination))
+                                time.sleep(0.25)
+                                exit(0)
+                            else:
+                                raise KeyError("No public key known")
+                    except Exception as e:
+                        RNS.log("An error ocurred while attempting to send the announce.", RNS.LOG_ERROR)
+                        RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
+
+                    exit(0)
+
+                if args.announce:
+                    try:
+                        aspects = args.announce.split(".")
+                        if not len(aspects) > 1:
+                            RNS.log("Invalid destination aspects specified", RNS.LOG_ERROR)
+                            exit(32)
+                        else:
+                            app_name = aspects[0]
+                            aspects = aspects[1:]
+                            if identity.prv != None:
+                                destination = RNS.Destination(identity, RNS.Destination.IN, RNS.Destination.SINGLE, app_name, *aspects)
+                                RNS.log("Created destination "+str(destination))
+                                RNS.log("Announcing destination "+RNS.prettyhexrep(destination.hash))
+                                destination.announce()
+                                time.sleep(0.25)
+                                exit(0)
+                            else:
+                                destination = RNS.Destination(identity, RNS.Destination.OUT, RNS.Destination.SINGLE, app_name, *aspects)
+                                RNS.log("The "+str(args.announce)+" destination for this Identity is "+RNS.prettyhexrep(destination.hash))
+                                RNS.log("The full destination specifier is "+str(destination))
+                                RNS.log("Cannot announce this destination, since the private key is not held")
+                                time.sleep(0.25)
+                                exit(33)
+                    except Exception as e:
+                        RNS.log("An error ocurred while attempting to send the announce.", RNS.LOG_ERROR)
+                        RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
+
+                    exit(0)
+
+                if args.print_identity:
+                    RNS.log("Public Key  : "+RNS.hexrep(identity.pub_bytes, delimit=False))
+                    if identity.prv:
+                        if args.print_private:
+                            RNS.log("Private Key : "+RNS.hexrep(identity.prv_bytes, delimit=False))
+                        else:
+                            RNS.log("Private Key : Hidden")
+                    exit(0)
+
+                if args.validate:
+                    if not args.read and args.validate.lower().endswith("."+SIG_EXT):
+                        args.read = str(args.validate).replace("."+SIG_EXT, "")
+
+                    if not os.path.isfile(args.validate):
+                        RNS.log("Signature file "+str(args.read)+" not found", RNS.LOG_ERROR)
+                        exit(10)
+
+                    if not os.path.isfile(args.read):
+                        RNS.log("Input file "+str(args.read)+" not found", RNS.LOG_ERROR)
+                        exit(11)
+
+                data_input = None
+                if args.read:
+                    if not os.path.isfile(args.read):
+                        RNS.log("Input file "+str(args.read)+" not found", RNS.LOG_ERROR)
+                        exit(12)
+                    else:
+                        try:
+                            data_input = open(args.read, "rb")
+                        except Exception as e:
+                            RNS.log("Could not open input file for reading", RNS.LOG_ERROR)
+                            RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
+                            exit(13)
+
+                # TODO: Actually expand this to a good solution
+                # probably need to create a wrapper that takes
+                # into account not closing stdin when done
+                # elif args.stdin:
+                #     data_input = sys.stdin
+
+                data_output = None
+                if args.encrypt and not args.write and not args.stdout and args.read:
+                    args.write = str(args.read)+"."+ENCRYPT_EXT
+
+                if args.decrypt and not args.write and not args.stdout and args.read and args.read.lower().endswith("."+ENCRYPT_EXT):
+                    args.write = str(args.read).replace("."+ENCRYPT_EXT, "")
+
+                if args.sign and identity.prv == None:
+                    RNS.log("Specified Identity does not hold a private key. Cannot sign.", RNS.LOG_ERROR)
+                    exit(14)
+
+                if args.sign and not args.write and not args.stdout and args.read:
+                    args.write = str(args.read)+"."+SIG_EXT
+
+                if args.write:
+                    if not args.force and os.path.isfile(args.write):
+                        RNS.log("Output file "+str(args.write)+" already exists. Not overwriting.", RNS.LOG_ERROR)
+                        exit(15)
+                    else:
+                        try:
+                            data_output = open(args.write, "wb")
+                        except Exception as e:
+                            RNS.log("Could not open output file for writing", RNS.LOG_ERROR)
+                            RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
+                            exit(15)
+                
+                # TODO: Actually expand this to a good solution
+                # probably need to create a wrapper that takes
+                # into account not closing stdout when done
+                # elif args.stdout:
+                #     data_output = sys.stdout
+
+                if args.sign:
+                    if identity.prv == None:
+                        RNS.log("Specified Identity does not hold a private key. Cannot sign.", RNS.LOG_ERROR)
+                        exit(16)
+
+                    if not data_input:
+                        if not args.stdout:
+                            RNS.log("Signing requested, but no input data specified", RNS.LOG_ERROR)
+                        exit(17)
+                    else:
+                        if not data_output:
+                            if not args.stdout:
+                                RNS.log("Signing requested, but no output specified", RNS.LOG_ERROR)
+                            exit(18)
+
+                        if not args.stdout:
+                            RNS.log("Signing "+str(args.read))
+                        
+                        try:
+                            data_output.write(identity.sign(data_input.read()))
+                            data_output.close()
+                            data_input.close()
+                            
+                            if not args.stdout:
+                                if args.read:
+                                    RNS.log("File "+str(args.read)+" signed with "+str(identity)+" to "+str(args.write))
+                                    exit(0)
+
+                        except Exception as e:
+                            if not args.stdout:
+                                RNS.log("An error ocurred while encrypting data.", RNS.LOG_ERROR)
+                                RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
+                            try:
+                                data_output.close()
+                            except:
+                                pass
+                            try:
+                                data_input.close()
+                            except:
+                                pass
+                            exit(19)
+
+                if args.validate:
+                    if not data_input:
+                        if not args.stdout:
+                            RNS.log("Signature verification requested, but no input data specified", RNS.LOG_ERROR)
+                        exit(20)
+                    else:
+                        # if not args.stdout:
+                        #     RNS.log("Verifying "+str(args.validate)+" for "+str(args.read))
+                        
+                        try:
+                            try:
+                                sig_input = open(args.validate, "rb")
+                            except Exception as e:
+                                RNS.log("An error ocurred while opening "+str(args.validate)+".", RNS.LOG_ERROR)
+                                RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
+                                exit(21)
+
+
+                            validated = identity.validate(sig_input.read(), data_input.read())
+                            sig_input.close()
+                            data_input.close()
+
+                            if not validated:
+                                if not args.stdout:
+                                    RNS.log("Signature "+str(args.validate)+" for file "+str(args.read)+" is invalid", RNS.LOG_ERROR)
+                                exit(22)
+                            else:
+                                if not args.stdout:
+                                    RNS.log("Signature "+str(args.validate)+" for file "+str(args.read)+" made by Identity "+str(identity)+" is valid")
+                                exit(0)
+
+                        except Exception as e:
+                            if not args.stdout:
+                                RNS.log("An error ocurred while validating signature.", RNS.LOG_ERROR)
+                                RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
+                            try:
+                                data_output.close()
+                            except:
+                                pass
+                            try:
+                                data_input.close()
+                            except:
+                                pass
+                            exit(23)
+
+                if args.encrypt:
+                    if not data_input:
+                        if not args.stdout:
+                            RNS.log("Encryption requested, but no input data specified", RNS.LOG_ERROR)
+                        exit(24)
+                    else:
+                        if not data_output:
+                            if not args.stdout:
+                                RNS.log("Encryption requested, but no output specified", RNS.LOG_ERROR)
+                            exit(25)
+
+                        if not args.stdout:
+                            RNS.log("Encrypting "+str(args.read))
+                        
+                        try:
+                            more_data = True
+                            while more_data:
+                                chunk = data_input.read(CHUNK_SIZE)
+                                if chunk:
+                                    data_output.write(identity.encrypt(chunk))
+                                else:
+                                    more_data = False
+                            data_output.close()
+                            data_input.close()
+                            if not args.stdout:
+                                if args.read:
+                                    RNS.log("File "+str(args.read)+" encrypted for "+str(identity)+" to "+str(args.write))
+                                    exit(0)
+
+                        except Exception as e:
+                            if not args.stdout:
+                                RNS.log("An error ocurred while encrypting data.", RNS.LOG_ERROR)
+                                RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
+                            try:
+                                data_output.close()
+                            except:
+                                pass
+                            try:
+                                data_input.close()
+                            except:
+                                pass
+                            exit(26)
+
+                if args.decrypt:
+                    if identity.prv == None:
+                        RNS.log("Specified Identity does not hold a private key. Cannot decrypt.", RNS.LOG_ERROR)
+                        exit(27)
+
+                    if not data_input:
+                        if not args.stdout:
+                            RNS.log("Decryption requested, but no input data specified", RNS.LOG_ERROR)
+                        exit(28)
+                    else:
+                        if not data_output:
+                            if not args.stdout:
+                                RNS.log("Decryption requested, but no output specified", RNS.LOG_ERROR)
+                            exit(29)
+
+                        if not args.stdout:
+                            RNS.log("Decrypting "+str(args.read)+"...")
+                        
+                        try:
+                            more_data = True
+                            while more_data:
+                                chunk = data_input.read(CHUNK_SIZE)
+                                if chunk:
+                                    plaintext = identity.decrypt(chunk)
+                                    if plaintext == None:
+                                        if not args.stdout:
+                                            RNS.log("Data could not be decrypted with the specified Identity")
+                                        exit(30)
+                                    else:
+                                        data_output.write(plaintext)
+                                else:
+                                    more_data = False
+                            data_output.close()
+                            data_input.close()
+                            if not args.stdout:
+                                if args.read:
+                                    RNS.log("File "+str(args.read)+" decrypted with "+str(identity)+" to "+str(args.write))
+                                    exit(0)
+
+                        except Exception as e:
+                            if not args.stdout:
+                                RNS.log("An error ocurred while decrypting data.", RNS.LOG_ERROR)
+                                RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR)
+                            try:
+                                data_output.close()
+                            except:
+                                pass
+                            try:
+                                data_input.close()
+                            except:
+                                pass
+                            exit(31)
+
+            if True:
+                pass
+
+            elif False:
+                pass
+
+            else:
+                print("")
+                parser.print_help()
+                print("")
+
+    except KeyboardInterrupt:
+        print("")
+        exit(255)
+
+if __name__ == "__main__":
+    main()
@@ -197,7 +197,7 @@ def program_setup(configdir, table, rates, drop, destination_hexhash, verbosity,

            print("\rPath found, destination "+RNS.prettyhexrep(destination_hash)+" is "+str(hops)+" hop"+ms+" away via "+next_hop+" on "+next_hop_interface)
        else:
-            print("\r                                                \rPath not found")
+            print("\r                                                       \rPath not found")
            sys.exit(1)

    
@@ -30,15 +30,20 @@ from RNS._version import __version__


 def program_setup(configdir, verbosity = 0, quietness = 0, service = False):
-    targetloglevel = 3+verbosity-quietness
+    targetverbosity = verbosity-quietness

    if service:
-        RNS.logdest = RNS.LOG_FILE
-        RNS.logfile = RNS.Reticulum.configdir+"/logfile"
-        targetloglevel = None
+        targetlogdest  = RNS.LOG_FILE
+        targetverbosity = None
+    else:
+        targetlogdest  = RNS.LOG_STDOUT
+
+    reticulum = RNS.Reticulum(configdir=configdir, verbosity=targetverbosity, logdest=targetlogdest)
+    if reticulum.is_connected_to_shared_instance:
+        RNS.log("Started rnsd version {version} connected to another shared local instance, this is probably NOT what you want!".format(version=__version__), RNS.LOG_WARNING)
+    else:
+        RNS.log("Started rnsd version {version}".format(version=__version__), RNS.LOG_NOTICE)

-    reticulum = RNS.Reticulum(configdir=configdir, loglevel=targetloglevel)
-    RNS.log("Started rnsd version {version}".format(version=__version__), RNS.LOG_NOTICE)
    while True:
        time.sleep(1)

@@ -46,7 +46,7 @@ def size_str(num, suffix='B'):

    return "%.2f%s%s" % (num, last_unit, suffix)

-def program_setup(configdir, dispall=False, verbosity=0, name_filter=None):
+def program_setup(configdir, dispall=False, verbosity=0, name_filter=None,json=False):
    reticulum = RNS.Reticulum(configdir = configdir, loglevel = 3+verbosity)

    stats = None
@@ -56,6 +56,21 @@ def program_setup(configdir, dispall=False, verbosity=0, name_filter=None):
        pass

    if stats != None:
+        if json:
+            import json
+            for s in stats:
+                if isinstance(stats[s], bytes):
+                    stats[s] = RNS.hexrep(stats[s], delimit=False)
+
+                for i in stats[s]:
+                    if isinstance(i, dict):
+                        for k in i:
+                            if isinstance(i[k], bytes):
+                                i[k] = RNS.hexrep(i[k], delimit=False)
+
+            print(json.dumps(stats))
+            exit()
+            
        for ifstat in stats["interfaces"]:
            name = ifstat["name"]

@@ -135,6 +150,9 @@ def program_setup(configdir, dispall=False, verbosity=0, name_filter=None):
                        if "peers" in ifstat and ifstat["peers"] != None:
                            print("    Peers   : {np} reachable".format(np=ifstat["peers"]))

+                        if "tunnelstate" in ifstat and ifstat["tunnelstate"] != None:
+                            print("    I2P     : {ts}".format(ts=ifstat["tunnelstate"]))
+
                        if "ifac_signature" in ifstat and ifstat["ifac_signature"] != None:
                            sigstr = "<…"+RNS.hexrep(ifstat["ifac_signature"][-5:], delimit=False)+">"
                            print("    Access  : {nb}-bit IFAC by {sig}".format(nb=ifstat["ifac_size"]*8, sig=sigstr))
@@ -172,6 +190,14 @@ def main():
            help="show all interfaces",
            default=False
        )
+        
+        parser.add_argument(
+            "-j",
+            "--json",
+            action="store_true",
+            help="output in JSON format",
+            default=False
+        )

        parser.add_argument('-v', '--verbose', action='count', default=0)

@@ -184,7 +210,7 @@ def main():
        else:
            configarg = None

-        program_setup(configdir = configarg, dispall = args.all, verbosity=args.verbose, name_filter=args.filter)
+        program_setup(configdir = configarg, dispall = args.all, verbosity=args.verbose, name_filter=args.filter, json=args.json)

    except KeyboardInterrupt:
        print("")
@@ -337,13 +337,15 @@ def execute(configdir, identitypath = None, verbosity = 0, quietness = 0, detail

    if link == None or link.status == RNS.Link.CLOSED or link.status == RNS.Link.PENDING:
        link = RNS.Link(listener_destination)
+        link.did_identify = False
    
    if not spin(until=lambda: link.status == RNS.Link.ACTIVE, msg="Establishing link with "+RNS.prettyhexrep(destination_hash), timeout=timeout):
        print("Could not establish link with "+RNS.prettyhexrep(destination_hash))
        exit(243)

-    if not noid:
+    if not noid and not link.did_identify:
        link.identify(identity)
+        link.did_identify = True

    if stdin != None:
        stdin = stdin.encode("utf-8")
@@ -380,7 +382,10 @@ def execute(configdir, identitypath = None, verbosity = 0, quietness = 0, detail

    if request_receipt.status == RNS.RequestReceipt.FAILED:
        print("Could not request remote execution")
-        exit(244)
+        if interactive:
+            return
+        else:
+            exit(244)

    spin(
        until=lambda:request_receipt.status != RNS.RequestReceipt.DELIVERED,
@@ -390,7 +395,10 @@ def execute(configdir, identitypath = None, verbosity = 0, quietness = 0, detail

    if request_receipt.status == RNS.RequestReceipt.FAILED:
        print("No result was received")
-        exit(245)
+        if interactive:
+            return
+        else:
+            exit(245)

    spin_stat(
        until=lambda:request_receipt.status != RNS.RequestReceipt.RECEIVING,
@@ -399,7 +407,10 @@ def execute(configdir, identitypath = None, verbosity = 0, quietness = 0, detail

    if request_receipt.status == RNS.RequestReceipt.FAILED:
        print("Receiving result failed")
-        exit(246)
+        if interactive:
+            return
+        else:
+            exit(246)

    if request_receipt.response != None:
        try:
@@ -414,7 +425,10 @@ def execute(configdir, identitypath = None, verbosity = 0, quietness = 0, detail

        except Exception as e:
            print("Received invalid result")
-            exit(247)
+            if interactive:
+                return
+            else:
+                exit(247)

        if executed:
            if detailed:
@@ -484,7 +498,10 @@ def execute(configdir, identitypath = None, verbosity = 0, quietness = 0, detail
                exit(248)
    else:
        print("No response")
-        exit(249)
+        if interactive:
+            return
+        else:
+            exit(249)

    try:
        if not interactive:
@@ -521,7 +538,7 @@ def main():
        parser.add_argument("-x", '--interactive', action='store_true', default=False, help="enter interactive mode")
        parser.add_argument("-b", '--no-announce', action='store_true', default=False, help="don't announce at program start")
        parser.add_argument('-a', metavar="allowed_hash", dest="allowed", action='append', help="accept from this identity", type=str)
-        parser.add_argument('-n', '--noauth', action='store_true', default=False, help="accept files from anyone")
+        parser.add_argument('-n', '--noauth', action='store_true', default=False, help="accept commands from anyone")
        parser.add_argument('-N', '--noid', action='store_true', default=False, help="don't identify to listener")
        parser.add_argument("-d", '--detailed', action='store_true', default=False, help="show detailed result output")
        parser.add_argument("-m", action='store_true', dest="mirror", default=False, help="mirror exit code of remote command")
@@ -32,6 +32,8 @@ from ._version import __version__
 from .Reticulum import Reticulum
 from .Identity import Identity
 from .Link import Link, RequestReceipt
+from .Channel import MessageBase
+from .Buffer import Buffer, RawChannelReader, RawChannelWriter
 from .Transport import Transport
 from .Destination import Destination
 from .Packet import Packet
@@ -57,10 +59,11 @@ LOG_FILE     = 0x92

 LOG_MAXSIZE  = 5*1024*1024

-loglevel     = LOG_NOTICE
-logfile      = None
-logdest      = LOG_STDOUT
-logtimefmt   = "%Y-%m-%d %H:%M:%S"
+loglevel        = LOG_NOTICE
+logfile         = None
+logdest         = LOG_STDOUT
+logtimefmt      = "%Y-%m-%d %H:%M:%S"
+compact_log_fmt = False

 instance_random = random.Random()
 instance_random.seed(os.urandom(10))
@@ -101,10 +104,14 @@ def timestamp_str(time_s):
    return time.strftime(logtimefmt, timestamp)

 def log(msg, level=3, _override_destination = False):
-    global _always_override_destination
+    global _always_override_destination, compact_log_fmt
    
    if loglevel >= level:
-        logstring = "["+timestamp_str(time.time())+"] ["+loglevelname(level)+"] "+msg
+        if not compact_log_fmt:
+            logstring = "["+timestamp_str(time.time())+"] ["+loglevelname(level)+"] "+msg
+        else:
+            logstring = "["+timestamp_str(time.time())+"] "+msg
+
        logging_lock.acquire()

        if (logdest == LOG_STDOUT or _always_override_destination or _override_destination):
@@ -172,6 +179,60 @@ def prettysize(num, suffix='B'):

    return "%.2f%s%s" % (num, last_unit, suffix)

+def prettytime(time, verbose=False):
+    days = int(time // (24 * 3600))
+    time = time % (24 * 3600)
+    hours = int(time // 3600)
+    time %= 3600
+    minutes = int(time // 60)
+    time %= 60
+    seconds = round(time, 2)
+    
+    ss = "" if seconds == 1 else "s"
+    sm = "" if minutes == 1 else "s"
+    sh = "" if hours == 1 else "s"
+    sd = "" if days == 1 else "s"
+
+    components = []
+    if days > 0:
+        components.append(str(days)+" day"+sd if verbose else str(days)+"d")
+
+    if hours > 0:
+        components.append(str(hours)+" hour"+sh if verbose else str(hours)+"h")
+
+    if minutes > 0:
+        components.append(str(minutes)+" minute"+sm if verbose else str(minutes)+"m")
+
+    if seconds > 0:
+        components.append(str(seconds)+" second"+ss if verbose else str(seconds)+"s")
+
+    i = 0
+    tstr = ""
+    for c in components:
+        i += 1
+        if i == 1:
+            pass
+        elif i < len(components):
+            tstr += ", "
+        elif i == len(components):
+            tstr += " and "
+
+        tstr += c
+
+    if tstr == "":
+        return "0s"
+    else:
+        return tstr
+
+def phyparams():
+    print("Required Physical Layer MTU : "+str(Reticulum.MTU)+" bytes")
+    print("Plaintext Packet MDU        : "+str(Packet.PLAIN_MDU)+" bytes")
+    print("Encrypted Packet MDU        : "+str(Packet.ENCRYPTED_MDU)+" bytes")
+    print("Link Curve                  : "+str(Link.CURVE))
+    print("Link Packet MDU             : "+str(Link.MDU)+" bytes")
+    print("Link Public Key Size        : "+str(Link.ECPUBSIZE*8)+" bits")
+    print("Link Private Key Size       : "+str(Link.KEYSIZE*8)+" bits")
+
 def panic():
    os._exit(255)

@@ -1 +1 @@
-__version__ = "0.3.8"
+__version__ = "0.5.2"
@@ -0,0 +1,33 @@
+# Copyright (c) 2014 Stefan C. Mueller
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+
+import os
+
+from RNS.vendor.ifaddr._shared import Adapter, IP
+
+if os.name == "nt":
+    from RNS.vendor.ifaddr._win32 import get_adapters
+elif os.name == "posix":
+    from RNS.vendor.ifaddr._posix import get_adapters
+else:
+    raise RuntimeError("Unsupported Operating System: %s" % os.name)
+
+__all__ = ['Adapter', 'IP', 'get_adapters']
@@ -0,0 +1,93 @@
+# Copyright (c) 2014 Stefan C. Mueller
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+
+import os
+import ctypes.util
+import ipaddress
+import collections
+import socket
+
+from typing import Iterable, Optional
+
+import RNS.vendor.ifaddr._shared as shared
+
+class ifaddrs(ctypes.Structure):
+    pass
+
+
+ifaddrs._fields_ = [
+    ('ifa_next', ctypes.POINTER(ifaddrs)),
+    ('ifa_name', ctypes.c_char_p),
+    ('ifa_flags', ctypes.c_uint),
+    ('ifa_addr', ctypes.POINTER(shared.sockaddr)),
+    ('ifa_netmask', ctypes.POINTER(shared.sockaddr)),
+]
+
+libc = ctypes.CDLL(ctypes.util.find_library("socket" if os.uname()[0] == "SunOS" else "c"), use_errno=True)  # type: ignore
+
+
+def get_adapters(include_unconfigured: bool = False) -> Iterable[shared.Adapter]:
+
+    addr0 = addr = ctypes.POINTER(ifaddrs)()
+    retval = libc.getifaddrs(ctypes.byref(addr))
+    if retval != 0:
+        eno = ctypes.get_errno()
+        raise OSError(eno, os.strerror(eno))
+
+    ips = collections.OrderedDict()
+
+    def add_ip(adapter_name: str, ip: Optional[shared.IP]) -> None:
+        if adapter_name not in ips:
+            index = None  # type: Optional[int]
+            try:
+                # Mypy errors on this when the Windows CI runs:
+                #     error: Module has no attribute "if_nametoindex"
+                index = socket.if_nametoindex(adapter_name)  # type: ignore
+            except (OSError, AttributeError):
+                pass
+            ips[adapter_name] = shared.Adapter(adapter_name, adapter_name, [], index=index)
+        if ip is not None:
+            ips[adapter_name].ips.append(ip)
+
+    while addr:
+        name = addr[0].ifa_name.decode(encoding='UTF-8')
+        ip_addr = shared.sockaddr_to_ip(addr[0].ifa_addr)
+        if ip_addr:
+            if addr[0].ifa_netmask and not addr[0].ifa_netmask[0].sa_familiy:
+                addr[0].ifa_netmask[0].sa_familiy = addr[0].ifa_addr[0].sa_familiy
+            netmask = shared.sockaddr_to_ip(addr[0].ifa_netmask)
+            if isinstance(netmask, tuple):
+                netmaskStr = str(netmask[0])
+                prefixlen = shared.ipv6_prefixlength(ipaddress.IPv6Address(netmaskStr))
+            else:
+                assert netmask is not None, f'sockaddr_to_ip({addr[0].ifa_netmask}) returned None'
+                netmaskStr = str('0.0.0.0/' + netmask)
+                prefixlen = ipaddress.IPv4Network(netmaskStr).prefixlen
+            ip = shared.IP(ip_addr, prefixlen, name)
+            add_ip(name, ip)
+        else:
+            if include_unconfigured:
+                add_ip(name, None)
+        addr = addr[0].ifa_next
+
+    libc.freeifaddrs(addr0)
+
+    return ips.values()
@@ -0,0 +1,198 @@
+# Copyright (c) 2014 Stefan C. Mueller
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+
+import ctypes
+import socket
+import ipaddress
+import platform
+
+from typing import List, Optional, Tuple, Union
+
+class Adapter(object):
+    """
+    Represents a network interface device controller (NIC), such as a
+    network card. An adapter can have multiple IPs.
+
+    On Linux aliasing (multiple IPs per physical NIC) is implemented
+    by creating 'virtual' adapters, each represented by an instance
+    of this class. Each of those 'virtual' adapters can have both
+    a IPv4 and an IPv6 IP address.
+    """
+
+    def __init__(self, name: str, nice_name: str, ips: List['IP'], index: Optional[int] = None) -> None:
+
+        #: Unique name that identifies the adapter in the system.
+        #: On Linux this is of the form of `eth0` or `eth0:1`, on
+        #: Windows it is a UUID in string representation, such as
+        #: `{846EE342-7039-11DE-9D20-806E6F6E6963}`.
+        self.name = name
+
+        #: Human readable name of the adpater. On Linux this
+        #: is currently the same as :attr:`name`. On Windows
+        #: this is the name of the device.
+        self.nice_name = nice_name
+
+        #: List of :class:`ifaddr.IP` instances in the order they were
+        #: reported by the system.
+        self.ips = ips
+
+        #: Adapter index as used by some API (e.g. IPv6 multicast group join).
+        self.index = index
+
+    def __repr__(self) -> str:
+        return "Adapter(name={name}, nice_name={nice_name}, ips={ips}, index={index})".format(
+            name=repr(self.name), nice_name=repr(self.nice_name), ips=repr(self.ips), index=repr(self.index)
+        )
+
+
+# Type of an IPv4 address (a string in "xxx.xxx.xxx.xxx" format)
+_IPv4Address = str
+
+# Type of an IPv6 address (a three-tuple `(ip, flowinfo, scope_id)`)
+_IPv6Address = Tuple[str, int, int]
+
+
+class IP(object):
+    """
+    Represents an IP address of an adapter.
+    """
+
+    def __init__(self, ip: Union[_IPv4Address, _IPv6Address], network_prefix: int, nice_name: str) -> None:
+
+        #: IP address. For IPv4 addresses this is a string in
+        #: "xxx.xxx.xxx.xxx" format. For IPv6 addresses this
+        #: is a three-tuple `(ip, flowinfo, scope_id)`, where
+        #: `ip` is a string in the usual collon separated
+        #: hex format.
+        self.ip = ip
+
+        #: Number of bits of the IP that represent the
+        #: network. For a `255.255.255.0` netmask, this
+        #: number would be `24`.
+        self.network_prefix = network_prefix
+
+        #: Human readable name for this IP.
+        #: On Linux is this currently the same as the adapter name.
+        #: On Windows this is the name of the network connection
+        #: as configured in the system control panel.
+        self.nice_name = nice_name
+
+    @property
+    def is_IPv4(self) -> bool:
+        """
+        Returns `True` if this IP is an IPv4 address and `False`
+        if it is an IPv6 address.
+        """
+        return not isinstance(self.ip, tuple)
+
+    @property
+    def is_IPv6(self) -> bool:
+        """
+        Returns `True` if this IP is an IPv6 address and `False`
+        if it is an IPv4 address.
+        """
+        return isinstance(self.ip, tuple)
+
+    def __repr__(self) -> str:
+        return "IP(ip={ip}, network_prefix={network_prefix}, nice_name={nice_name})".format(
+            ip=repr(self.ip), network_prefix=repr(self.network_prefix), nice_name=repr(self.nice_name)
+        )
+
+
+if platform.system() == "Darwin" or "BSD" in platform.system():
+
+    # BSD derived systems use marginally different structures
+    # than either Linux or Windows.
+    # I still keep it in `shared` since we can use
+    # both structures equally.
+
+    class sockaddr(ctypes.Structure):
+        _fields_ = [
+            ('sa_len', ctypes.c_uint8),
+            ('sa_familiy', ctypes.c_uint8),
+            ('sa_data', ctypes.c_uint8 * 14),
+        ]
+
+    class sockaddr_in(ctypes.Structure):
+        _fields_ = [
+            ('sa_len', ctypes.c_uint8),
+            ('sa_familiy', ctypes.c_uint8),
+            ('sin_port', ctypes.c_uint16),
+            ('sin_addr', ctypes.c_uint8 * 4),
+            ('sin_zero', ctypes.c_uint8 * 8),
+        ]
+
+    class sockaddr_in6(ctypes.Structure):
+        _fields_ = [
+            ('sa_len', ctypes.c_uint8),
+            ('sa_familiy', ctypes.c_uint8),
+            ('sin6_port', ctypes.c_uint16),
+            ('sin6_flowinfo', ctypes.c_uint32),
+            ('sin6_addr', ctypes.c_uint8 * 16),
+            ('sin6_scope_id', ctypes.c_uint32),
+        ]
+
+else:
+
+    class sockaddr(ctypes.Structure):  # type: ignore
+        _fields_ = [('sa_familiy', ctypes.c_uint16), ('sa_data', ctypes.c_uint8 * 14)]
+
+    class sockaddr_in(ctypes.Structure):  # type: ignore
+        _fields_ = [
+            ('sin_familiy', ctypes.c_uint16),
+            ('sin_port', ctypes.c_uint16),
+            ('sin_addr', ctypes.c_uint8 * 4),
+            ('sin_zero', ctypes.c_uint8 * 8),
+        ]
+
+    class sockaddr_in6(ctypes.Structure):  # type: ignore
+        _fields_ = [
+            ('sin6_familiy', ctypes.c_uint16),
+            ('sin6_port', ctypes.c_uint16),
+            ('sin6_flowinfo', ctypes.c_uint32),
+            ('sin6_addr', ctypes.c_uint8 * 16),
+            ('sin6_scope_id', ctypes.c_uint32),
+        ]
+
+
+def sockaddr_to_ip(sockaddr_ptr: 'ctypes.pointer[sockaddr]') -> Optional[Union[_IPv4Address, _IPv6Address]]:
+    if sockaddr_ptr:
+        if sockaddr_ptr[0].sa_familiy == socket.AF_INET:
+            ipv4 = ctypes.cast(sockaddr_ptr, ctypes.POINTER(sockaddr_in))
+            ippacked = bytes(bytearray(ipv4[0].sin_addr))
+            ip = str(ipaddress.ip_address(ippacked))
+            return ip
+        elif sockaddr_ptr[0].sa_familiy == socket.AF_INET6:
+            ipv6 = ctypes.cast(sockaddr_ptr, ctypes.POINTER(sockaddr_in6))
+            flowinfo = ipv6[0].sin6_flowinfo
+            ippacked = bytes(bytearray(ipv6[0].sin6_addr))
+            ip = str(ipaddress.ip_address(ippacked))
+            scope_id = ipv6[0].sin6_scope_id
+            return (ip, flowinfo, scope_id)
+    return None
+
+
+def ipv6_prefixlength(address: ipaddress.IPv6Address) -> int:
+    prefix_length = 0
+    for i in range(address.max_prefixlen):
+        if int(address) >> i & 1:
+            prefix_length = prefix_length + 1
+    return prefix_length
@@ -0,0 +1,145 @@
+# Copyright (c) 2014 Stefan C. Mueller
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+
+import ctypes
+from ctypes import wintypes
+from typing import Iterable, List
+
+import RNS.vendor.ifaddr._shared as shared
+
+NO_ERROR = 0
+ERROR_BUFFER_OVERFLOW = 111
+MAX_ADAPTER_NAME_LENGTH = 256
+MAX_ADAPTER_DESCRIPTION_LENGTH = 128
+MAX_ADAPTER_ADDRESS_LENGTH = 8
+AF_UNSPEC = 0
+
+
+class SOCKET_ADDRESS(ctypes.Structure):
+    _fields_ = [('lpSockaddr', ctypes.POINTER(shared.sockaddr)), ('iSockaddrLength', wintypes.INT)]
+
+
+class IP_ADAPTER_UNICAST_ADDRESS(ctypes.Structure):
+    pass
+
+
+IP_ADAPTER_UNICAST_ADDRESS._fields_ = [
+    ('Length', wintypes.ULONG),
+    ('Flags', wintypes.DWORD),
+    ('Next', ctypes.POINTER(IP_ADAPTER_UNICAST_ADDRESS)),
+    ('Address', SOCKET_ADDRESS),
+    ('PrefixOrigin', ctypes.c_uint),
+    ('SuffixOrigin', ctypes.c_uint),
+    ('DadState', ctypes.c_uint),
+    ('ValidLifetime', wintypes.ULONG),
+    ('PreferredLifetime', wintypes.ULONG),
+    ('LeaseLifetime', wintypes.ULONG),
+    ('OnLinkPrefixLength', ctypes.c_uint8),
+]
+
+
+class IP_ADAPTER_ADDRESSES(ctypes.Structure):
+    pass
+
+
+IP_ADAPTER_ADDRESSES._fields_ = [
+    ('Length', wintypes.ULONG),
+    ('IfIndex', wintypes.DWORD),
+    ('Next', ctypes.POINTER(IP_ADAPTER_ADDRESSES)),
+    ('AdapterName', ctypes.c_char_p),
+    ('FirstUnicastAddress', ctypes.POINTER(IP_ADAPTER_UNICAST_ADDRESS)),
+    ('FirstAnycastAddress', ctypes.c_void_p),
+    ('FirstMulticastAddress', ctypes.c_void_p),
+    ('FirstDnsServerAddress', ctypes.c_void_p),
+    ('DnsSuffix', ctypes.c_wchar_p),
+    ('Description', ctypes.c_wchar_p),
+    ('FriendlyName', ctypes.c_wchar_p),
+]
+
+
+iphlpapi = ctypes.windll.LoadLibrary("Iphlpapi")  # type: ignore
+
+
+def enumerate_interfaces_of_adapter(
+    nice_name: str, address: IP_ADAPTER_UNICAST_ADDRESS
+) -> Iterable[shared.IP]:
+
+    # Iterate through linked list and fill list
+    addresses = []  # type: List[IP_ADAPTER_UNICAST_ADDRESS]
+    while True:
+        addresses.append(address)
+        if not address.Next:
+            break
+        address = address.Next[0]
+
+    for address in addresses:
+        ip = shared.sockaddr_to_ip(address.Address.lpSockaddr)
+        assert ip is not None, f'sockaddr_to_ip({address.Address.lpSockaddr}) returned None'
+        network_prefix = address.OnLinkPrefixLength
+        yield shared.IP(ip, network_prefix, nice_name)
+
+
+def get_adapters(include_unconfigured: bool = False) -> Iterable[shared.Adapter]:
+
+    # Call GetAdaptersAddresses() with error and buffer size handling
+
+    addressbuffersize = wintypes.ULONG(15 * 1024)
+    retval = ERROR_BUFFER_OVERFLOW
+    while retval == ERROR_BUFFER_OVERFLOW:
+        addressbuffer = ctypes.create_string_buffer(addressbuffersize.value)
+        retval = iphlpapi.GetAdaptersAddresses(
+            wintypes.ULONG(AF_UNSPEC),
+            wintypes.ULONG(0),
+            None,
+            ctypes.byref(addressbuffer),
+            ctypes.byref(addressbuffersize),
+        )
+    if retval != NO_ERROR:
+        raise ctypes.WinError()  # type: ignore
+
+    # Iterate through adapters fill array
+    address_infos = []  # type: List[IP_ADAPTER_ADDRESSES]
+    address_info = IP_ADAPTER_ADDRESSES.from_buffer(addressbuffer)
+    while True:
+        address_infos.append(address_info)
+        if not address_info.Next:
+            break
+        address_info = address_info.Next[0]
+
+    # Iterate through unicast addresses
+    result = []  # type: List[shared.Adapter]
+    for adapter_info in address_infos:
+
+        # We don't expect non-ascii characters here, so encoding shouldn't matter
+        name = adapter_info.AdapterName.decode()
+        nice_name = adapter_info.Description
+        index = adapter_info.IfIndex
+
+        if adapter_info.FirstUnicastAddress:
+            ips = enumerate_interfaces_of_adapter(
+                adapter_info.FriendlyName, adapter_info.FirstUnicastAddress[0]
+            )
+            ips = list(ips)
+            result.append(shared.Adapter(name, nice_name, ips, index=index))
+        elif include_unconfigured:
+            result.append(shared.Adapter(name, nice_name, [], index=index))
+
+    return result
@@ -0,0 +1,38 @@
+import ipaddress
+import RNS.vendor.ifaddr
+import socket
+
+from typing import List
+
+AF_INET6 = socket.AF_INET6.value
+AF_INET = socket.AF_INET.value
+
+def interfaces() -> List[str]:
+    adapters = RNS.vendor.ifaddr.get_adapters(include_unconfigured=True)
+    return [a.name for a in adapters]
+
+def ifaddresses(ifname) -> dict:
+    adapters = RNS.vendor.ifaddr.get_adapters(include_unconfigured=True)
+    ifa = {}
+    for a in adapters:
+        if a.name == ifname:
+            ipv4s = []
+            ipv6s = []
+            for ip in a.ips:
+                t = {}
+                if ip.is_IPv4:
+                    net = ipaddress.ip_network(str(ip.ip)+"/"+str(ip.network_prefix), strict=False)
+                    t["addr"] = ip.ip
+                    t["prefix"] = ip.network_prefix
+                    t["broadcast"] = str(net.broadcast_address)
+                    ipv4s.append(t)
+                if ip.is_IPv6:
+                    t["addr"] = ip.ip[0]
+                    ipv6s.append(t)
+
+            if len(ipv4s) > 0:
+                ifa[AF_INET] = ipv4s
+            if len(ipv6s) > 0:
+                ifa[AF_INET6] = ipv6s
+
+    return ifa
@@ -8,6 +8,12 @@ def get_platform():
        import sys
        return sys.platform

+def is_linux():
+    if get_platform() == "linux":
+        return True
+    else:
+        return False
+
 def is_darwin():
    if get_platform() == "darwin":
        return True
@@ -42,4 +48,4 @@ def cryptography_old_api():
    if cryptography.__version__ == "2.8":
        return True
    else:
-        return False
+        return False
@@ -0,0 +1,111 @@
+# Reticulum Development Roadmap
+This document outlines the currently established development roadmap for Reticulum.
+
+1. [Currently Active Work Areas](#currently-active-work-areas)
+2. [Primary Efforts](#primary-efforts)
+    - [Comprehensibility](#comprehensibility)
+    - [Universality](#universality)
+    - [Functionality](#functionality)
+    - [Usability & Utility](#usability--utility)
+    - [Interfaceability](#interfaceability)
+3. [Auxillary Efforts](#auxillary-efforts)
+4. [Release History](#release-history)
+
+## Currently Active Work Areas
+For each release cycle of Reticulum, improvements and additions from the five [Primary Efforts](#primary-efforts) are selected as active work areas, and can be expected to be included in the upcoming releases within that cycle. While not entirely set in stone for each release cycle, they serve as a pointer of what to expect in the near future.
+
+- The current `0.5.x` release cycle aims at completing
+  - [ ] Overhauling and updating the documentation
+  - [ ] Performance and memory optimisations of the Python reference implementation
+  - [ ] Fixing potential bugs
+  - [ ] Add automatic retries to all use cases of the `Request` API
+  - [ ] Improve performance and efficiency of the `Buffer` and `Channel` API
+
+## Primary Efforts
+The development path for Reticulum is currently laid out in five distinct areas: *Comprehensibility*, *Universality*, *Functionality*, *Usability & Utility* and *Interfaceability*. Conceptualising the development of Reticulum into these areas serves to advance the implementation and work towards the Foundational Goals & Values of Reticulum.
+
+### Comprehensibility
+These efforts are aimed at improving the ease of which Reticulum is understood, and lowering the barrier to entry for people who wish to start building systems on Reticulum.
+
+- Improving [the manual](https://markqvist.github.io/Reticulum/manual/) with tutorials specifically for beginners
+- Updating the documentation to reflect recent changes and improvements
+    - Update descriptions of protocol mechanics
+        - Update announce description
+        - Add in-depth explanation of the IFAC system
+    - Software
+        - Update Sideband screenshots
+        - Update Sideband description
+        - Update NomadNet screenshots
+        - Update Sideband screenshots
+    - Installation
+        - Add a *Reticulum On Raspberry Pi* section
+        - Update *Reticulum On Android* section if necessary
+        - Update Android install documentation.
+    - Communications hardware section
+        - Add information about RNode external displays.
+        - Packet radio modems.
+        - Possibly add other relevant types here as well.
+    - Setup *Best Practices For...* / *Installation Examples* section.
+        - Home or office (example)
+        - Vehicles (example)
+        - No-grid/solar/remote sites (example)
+
+### Universality
+These efforts seek to broaden the universality of the Reticulum software and hardware ecosystem by continously diversifying platform support, and by improving the overall availability and ease of deployment of the Reticulum stack.
+
+- OpenWRT support
+- Create a standalone RNS Daemon app for Android
+- A lightweight and portable C implementation for microcontrollers, µRNS
+- A portable, high-performance Reticulum implementation in C/C++, see [#21](https://github.com/markqvist/Reticulum/discussions/21)
+- Performance and memory optimisations of the Python implementation
+- Bindings for other programming languages
+
+### Functionality
+These efforts aim to expand and improve the core functionality and reliability of Reticulum.
+
+- Add automatic retries to all use cases of the `Request` API
+- Network-wide path balancing
+- Distributed Destination Naming System
+- Globally routable multicast
+- Destination proxying
+- [Metric-based path selection and multiple paths](https://github.com/markqvist/Reticulum/discussions/86)
+
+### Usability & Utility
+These effors seek to make Reticulum easier to use and operate, and to expand the utility of the stack on deployed systems.
+
+- Add bluetooth pairing code output to rnodeconf
+- Easy way to share interface configurations, see [#19](https://github.com/markqvist/Reticulum/discussions/19)
+- Transit traffic display in rnstatus
+- rnsconfig utility
+
+### Interfaceability
+These efforts aim to expand the types of physical and virtual interfaces that Reticulum can natively use to transport data.
+
+- Filesystem interface
+- Plain ESP32 devices (ESP-Now, WiFi, Bluetooth, etc.)
+- More LoRa transceivers
+- AT-compatible modems
+- Direct SDR Support
+- Optical mediums
+- IR Transceivers
+- AWDL / OWL
+- HF Modems
+- GNU Radio
+- CAN-bus
+- Raw SPI
+- Raw i²c
+- MQTT
+- XBee
+- Tor
+
+## Auxillary Efforts
+The Reticulum ecosystem is enriched by several other software and hardware projects, and the support and improvement of these, in symbiosis with the core Reticulum project helps expand the reach and utility of Reticulum itself.
+
+This section lists, in no particular order, various important efforts that would be beneficial to the goals of Reticulum.
+
+- The [RNode](https://unsigned.io/rnode/) project
+    - [ ] Create a WebUSB-based bootstrapping utility, and integrate this directly into the [RNode Bootstrap Console](#), both on-device, and on an Internet-reachable copy. This will make it much easier to create new RNodes for average users.
+
+## Release History
+
+Please see the [Changelog](./Changelog.md) for a complete release history and changelog of Reticulum.
@@ -30,3 +30,8 @@ help:
 		cp -r build/latex/reticulumnetworkstack.pdf ./Reticulum\ Manual.pdf; \
 		echo "PDF Manual Generated"; \
 	fi
+
+	@if [ $@ = "epub" ]; then \
+		cp -r build/epub/ReticulumNetworkStack.epub ./Reticulum\ Manual.epub; \
+		echo "EPUB Manual Generated"; \
+	fi
@@ -1,4 +1,4 @@
 # Sphinx build info version 1
 # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
-config: 450b6695e9c51c393c691ba688e02b3c
+config: c5670e7931d15fbef274e2eee17c3561
 tags: 645f666f9bcd5a90fca523b33c5a78b7
@@ -92,6 +92,28 @@ The *Request* example explores sendig requests and receiving responses.

 This example can also be found at `<https://github.com/markqvist/Reticulum/blob/master/Examples/Request.py>`_.

+.. _example-channel:
+
+Channel
+=======
+
+The *Channel* example explores using a ``Channel`` to send structured
+data between peers of a ``Link``.
+
+.. literalinclude:: ../../Examples/Channel.py
+
+This example can also be found at `<https://github.com/markqvist/Reticulum/blob/master/Examples/Channel.py>`_.
+
+Buffer
+======
+
+The *Buffer* example explores using buffered readers and writers to send
+binary data between peers of a ``Link``.
+
+.. literalinclude:: ../../Examples/Buffer.py
+
+This example can also be found at `<https://github.com/markqvist/Reticulum/blob/master/Examples/Buffer.py>`_.
+
 .. _example-filetransfer:

 Filetransfer
@@ -0,0 +1,4 @@
+********************************************
+An Explanation of Reticulum for Human Beings
+********************************************
+
@@ -7,22 +7,71 @@ you want to do. This guide will outline sensible starting paths for different
 scenarios.


+Standalone Reticulum Installation
+=============================================
+If you simply want to install Reticulum and related utilities on a system,
+the easiest way is via the ``pip`` package manager:
+
+.. code::
+
+   pip install rns
+
+If you do not already have pip installed, you can install it using the package manager
+of your system with a command like ``sudo apt install python3-pip``,
+``sudo pamac install python-pip`` or similar.
+
+You can also dowload the Reticulum release wheels from GitHub, or other release channels,
+and install them offline using ``pip``:
+
+.. code::
+
+   pip install ./rns-0.5.1-py3-none-any.whl
+
+
+Resolving Dependency & Installation Issues
+=============================================
+On some platforms, there may not be binary packages available for all dependencies, and
+``pip`` installation may fail with an error message. In these cases, the issue can usually
+be resolved by installing the development essentials packages for your platform:
+
+.. code::
+
+    # Debian / Ubuntu / Derivatives
+    sudo apt install build-essential
+
+    # Arch / Manjaro / Derivatives
+    sudo pamac install base-devel
+
+    # Fedora
+    sudo dnf groupinstall "Development Tools" "Development Libraries"
+
+With the base development packages installed, ``pip`` should be able to compile any missing
+dependencies from source, and complete installation even on platforms that don't have pre-
+compiled packages available.
+
 Try Using a Reticulum-based Program
 =============================================

 If you simply want to try using a program built with Reticulum, a few different
-programs exist that allow basic communication and a range of other useful functions
-over even extremely low-bandwidth Reticulum networks.
+programs exist that allow basic communication and a range of other useful functions,
+even over extremely low-bandwidth Reticulum networks.

 These programs will let you get a feel for how Reticulum works. They have been designed
-to run well over networks based on LoRa or packet radio, but can also be used completely
-over local WiFi, wired ethernet, the Internet, or any combination.
+to run well over networks based on LoRa or packet radio, but can also be used over fast
+links, such as local WiFi, wired Ethernet, the Internet, or any combination.

 As such, it is easy to get started experimenting, without having to set up any radio
 transceivers or infrastructure just to try it out. Launching the programs on separate
 devices connected to the same WiFi network is enough to get started, and physical
 radio interfaces can then be added later.

+Remote Shell
+^^^^^^^^^^^^
+
+The `rnsh <https://github.com/acehoss/rnsh>`_ program lets you establish fully interactive
+remote shell sessions over Reticulum. It also allows you to pipe any program to or from a
+remote system, and is similar to how ``ssh`` works.
+
 Nomad Network
 ^^^^^^^^^^^^^

@@ -44,7 +93,7 @@ You can install Nomad Network via pip:
 .. code::

   # Install ...
-   pip3 install nomadnet
+   pip install nomadnet

   # ... and run
   nomadnet
@@ -61,13 +110,22 @@ If you would rather use a program with a graphical user interface, you can take
 a look at `Sideband <https://unsigned.io/sideband>`_, which is available for Android,
 Linux and macOS.

-.. image:: screenshots/sideband_1.png
-    :width: 400px
-    :align: center
-    :target: _images/sideband_1.png
+.. only:: html

-Sideband is currently in the early stages of development, but already provides basic
-communication features, and interoperates with Nomad Network, or any other LXMF client.
+  .. image:: screenshots/sideband_devices.webp
+      :align: center
+      :target: _images/sideband_devices.webp
+
+.. only:: latexpdf
+
+  .. image:: screenshots/sideband_devices.png
+      :align: center
+      :target: _images/sideband_devices.png
+
+Sideband allows you to communicate with other people or LXMF-compatible
+systems over Reticulum networks using LoRa, Packet Radio, WiFi, I2P, Encrypted QR
+Paper Messages, or anything else Reticulum supports. It also interoperates with
+the Nomad Network program.

 Using the Included Utilities
 =============================================
@@ -87,12 +145,12 @@ Creating a Network With Reticulum
 =============================================
 To create a network, you will need to specify one or more *interfaces* for
 Reticulum to use. This is done in the Reticulum configuration file, which by
-default is located at ``~/.reticulum/config``. You can edit this file by hand,
-or use the interactive ``rnsconfig`` utility. 
+default is located at ``~/.reticulum/config``. You can get an example
+configuration file with all options via ``rnsd --exampleconfig``.

 When Reticulum is started for the first time, it will create a default
 configuration file, with one active interface. This default interface uses
-your existing ethernet and WiFi networks (if any), and only allows you to
+your existing Ethernet and WiFi networks (if any), and only allows you to
 communicate with other Reticulum peers within your local broadcast domains.

 To communicate further, you will have to add one or more interfaces. The default
@@ -107,7 +165,7 @@ Once Reticulum knows which interfaces it should use, it will automatically
 discover topography and configure transport of data to any destinations it
 knows about.

-In situations where you already have an established WiFi or ethernet network, and
+In situations where you already have an established WiFi or Ethernet network, and
 many devices that want to utilise the same external Reticulum network paths (for example over
 LoRa), it will often be sufficient to let one system act as a Reticulum gateway, by
 adding any external interfaces to the configuration of this system, and then enabling transport on it. Any
@@ -132,7 +190,7 @@ TCP connections reveal the IP address of both your instance and the server to an
 inspect the connection. Someone could use this information to determine your location or identity. Adversaries 
 inspecting your packets may be able to record packet metadata like time of transmission and packet size.
 Even though Reticulum encrypts traffic, TCP does not, so an adversary may be able to use
-packet inspection to learn that a system is running Reticulum, and what other IP adresses connect to it.
+packet inspection to learn that a system is running Reticulum, and what other IP addresses connect to it.
 Hosting a publicly reachable instance over TCP also requires a publicly reachable IP address,
 which most Internet connections don't offer anymore.

@@ -146,9 +204,9 @@ will also relay other I2P user's encrypted packets, which will use extra
 bandwidth and compute power, but also makes timing attacks and other forms of 
 deep-packet-inspection much more difficult.

-I2P also allows users to host globally available Reticulum instances from non-public IPs and behind firewalls and NAT.
+I2P also allows users to host globally available Reticulum instances from non-public IP's and behind firewalls and NAT.

-In general it is recommended to use an I2P node if you want to host a publically accessible
+In general it is recommended to use an I2P node if you want to host a publicly accessible
 instance, while preserving anonymity. If you care more about performance, and a slightly
 easier setup, use TCP.

@@ -161,20 +219,25 @@ by adding one of the following interfaces to your ``.reticulum/config`` file:

 .. code::

-  # For connecting over TCP/IP:
-  [[RNS Testnet Frankfurt]]
+  # TCP/IP interface to the Dublin hub
+  [[RNS Testnet Dublin]]
    type = TCPClientInterface
-    interface_enabled = yes
-    outgoing = True
-    target_host = frankfurt.rns.unsigned.io
+    enabled = yes
+    target_host = dublin.connect.reticulum.network
    target_port = 4965

+  # TCP/IP interface to the BetweenTheBorders Hub (community-provided)
+  [[RNS Testnet BetweenTheBorders]]
+    type = TCPClientInterface
+    enabled = yes
+    target_host = betweentheborders.com
+    target_port = 4242

-  # For connecting over I2P:
-  [[RNS Testnet I2P Node A]]
+  # Interface to I2P hub A
+  [[RNS Testnet I2P Hub A]]
    type = I2PInterface
-    interface_enabled = yes
-    peers = ykzlw5ujbaqc2xkec4cpvgyxj257wcrmmgkuxqmqcur7cq3w3lha.b32.i2p
+    enabled = yes
+    peers = uxg5kubabakh3jtnvsipingbr5574dle7bubvip7llfvwx2tgrua.b32.i2p

 Many other Reticulum instances are connecting to this testnet, and you can also join it
 via other entry points if you know them. There is absolutely no control over the network
@@ -201,7 +264,7 @@ chapter for a guide. If you prefer purchasing a ready-made unit, you can refer t
 refer to these additional external resources:

 * `How To Make Your Own RNodes <https://unsigned.io/how-to-make-your-own-rnodes/>`_
-* `Installing RNode Firmware on Compatible LoRa Devices <https://unsigned.io/installing-rnode-firmware-on-t-beam-and-lora32-devices/>`_
+* `Installing RNode Firmware on Compatible LoRa Devices <https://unsigned.io/installing-rnode-firmware-on-supported-devices/>`_
 * `Private, Secure and Uncensorable Messaging Over a LoRa Mesh <https://unsigned.io/private-messaging-over-lora/>`_
 * `RNode Firmware <https://github.com/markqvist/RNode_Firmware/>`_

@@ -228,7 +291,7 @@ For extended functionality, you can install optional dependencies:

 .. code::

-   pip3 install pyserial netifaces
+   pip3 install pyserial


 Further information can be found in the :ref:`API Reference<api-main>`.
@@ -243,7 +306,7 @@ don't use pip, but try this recipe:
 .. code::

    # Install dependencies
-    pip3 install cryptography pyserial netifaces
+    pip3 install cryptography pyserial

    # Clone repository
    git clone https://github.com/markqvist/Reticulum.git
@@ -268,19 +331,96 @@ don't use pip, but try this recipe:

    # Run the example in client mode to "ping" the server.
    # Replace the hash below with the actual destination hash of your server.
-    python3 Examples/Echo.py 3e12fc71692f8ec47bc5
+    python3 Examples/Echo.py 174a64852a75682259ad8b921b8bf416

    # Have a look at another example
    python3 Examples/Filetransfer.py -h

 When you have experimented with the basic examples, it's time to go read the
-:ref:`Understanding Reticulum<understanding-main>` chapter.
+:ref:`Understanding Reticulum<understanding-main>` chapter. Before submitting
+your first pull request, it is probably a good idea to introduce yourself on
+the `disucssion forum on GitHub <https://github.com/markqvist/Reticulum/discussions>`_,
+or ask one of the developers or maintainers for a good place to start.


-Reticulum on ARM64
+Platform-Specific Install Notes
 ==============================================
+
+Some platforms require a slightly different installation procedure, or have
+various quirks that are worth being aware of. These are listed here.
+
+Android
+^^^^^^^^^^^^^^^^^^^^^^^^
+Reticulum can be used on Android in different ways. The easiest way to get
+started is using an app like `Sideband <https://unsigned.io/sideband>`_.
+
+For more control and features, you can use Reticulum and related programs via
+the `Termux app <https://termux.com/>`_, at the time of writing available on
+`F-droid <https://f-droid.org>`_.
+
+Termux is a terminal emulator and Linux environment for Android based devices,
+which includes the ability to use many different programs and libraries,
+including Reticulum.
+
+To use Reticulum within the Termux environment, you will need to install
+``python`` and the ``python-cryptography`` library using ``pkg``, the package-manager
+build into Termux. After that, you can use ``pip`` to install Reticulum.
+
+From within Termux, execute the following:
+
+.. code::
+
+    # First, make sure indexes and packages are up to date.
+    pkg update
+    pkg upgrade
+
+    # Then install python and the cryptography library.
+    pkg install python python-cryptography
+
+    # Make sure pip is up to date, and install the wheel module.
+    pip install wheel pip --upgrade
+
+    # Install Reticulum
+    pip install rns
+
+If for some reason the ``python-cryptography`` package is not available for
+your platform via the Termux package manager, you can attempt to build it
+locally on your device using the following command:
+
+.. code::
+
+    # First, make sure indexes and packages are up to date.
+    pkg update
+    pkg upgrade
+
+    # Then install dependencies for the cryptography library.
+    pkg install python build-essential openssl libffi rust
+
+    # Make sure pip is up to date, and install the wheel module.
+    pip install wheel pip --upgrade
+
+    # To allow the installer to build the cryptography module,
+    # we need to let it know what platform we are compiling for:
+    export CARGO_BUILD_TARGET="aarch64-linux-android"
+
+    # Start the install process for the cryptography module.
+    # Depending on your device, this can take several minutes,
+    # since the module must be compiled locally on your device.
+    pip install cryptography
+
+    # If the above installation succeeds, you can now install
+    # Reticulum and any related software
+    pip install rns
+
+It is also possible to include Reticulum in apps compiled and distributed as
+Android APKs. A detailed tutorial and example source code will be included
+here at a later point. Until then you can use the `Sideband source code <https://github.com/markqvist/sideband>`_ as an example and startig point.
+
+
+ARM64
+^^^^^^^^^^^^^^^^^^^^^^^^
 On some architectures, including ARM64, not all dependencies have precompiled
-binaries. On such systems, you will need to install ``python3-dev`` before
+binaries. On such systems, you may need to install ``python3-dev`` before
 installing Reticulum or programs that depend on Reticulum.

 .. code::
@@ -293,53 +433,56 @@ installing Reticulum or programs that depend on Reticulum.
   python3 -m pip install rns


-Reticulum on Android
-==============================================
-Reticulum can be used on Android in different ways. The easiest way to get
-started is using an app like `Sideband <https://unsigned.io/sideband>`_.
+Raspberry Pi
+^^^^^^^^^^^^^^^^^^^^^^^^^
+It is currently recommended to use a 64-bit version of the Raspberry Pi OS
+if you want to run Reticulum on Raspberry Pi computers, since 32-bit versions
+don't always have packages available for some dependencies.

-For more control and features, you can use Reticulum and related programs via
-the `Termux app <https://termux.com/>`_, at the time of writing available on
-`F-droid <https://f-droid.org>`_.
+While it is possible to install and run Reticulum on 32-bit Rasperry Pi OSes,
+it will require manually configuring and installing some packages, and is not
+detailed in this manual.

-Termux is a terminal emulator and Linux environment for Android based devices,
-which includes the ability to use many different programs and libraries,
-including Reticulum.

-Since the Python cryptography.io module does not offer pre-built wheels for
-Android, the standard one-line install of Reticulum does not work on Android,
-and a few extra commands are required.
-
-From within Termux, execute the following:
+Debian Bookworm
+^^^^^^^^^^^^^^^^^^^^^^^^
+On versions of Debian released after April 2023, it is no longer possible
+to use ``pip`` to install packages onto your system. Unfortunately, you will need to
+use the replacement ``pipx`` command instead, which places installed packages in an
+isolated environment. This should not negatively affect Reticulum, but installation
+via this method is not fully tested yet.

 .. code::

-    # First, make sure indexes and packages are up to date.
-    pkg update
-    pkg upgrade
+    # Install pipx 
+    sudo apt install pipx

-    # Then install dependencies for the cryptography library.
-    pkg install python build-essential openssl libffi rust
+    # Make installed programs available on the command line
+    pipx ensurepath

-    # Make sure pip is up to date, and install the wheel module.
-    pip3 install wheel pip --upgrade
+    # Install Reticulum
+    pipx install rns

-    # To allow the installer to build the cryptography module,
-    # we need to let it know what platform we are compiling for:
-    export CARGO_BUILD_TARGET="aarch64-linux-android"

-    # Start the install process for the cryptography module.
-    # Depending on your device, this can take several minutes,
-    # since the module must be compiled locally on your device.
-    pip3 install cryptography
+Ubuntu Lunar
+^^^^^^^^^^^^^^^^^^^^^^^^
+On versions of Ubuntu released after April 2023, it is no longer possible
+to use ``pip`` to install packages onto your system. Unfortunately, you will need to
+use the replacement ``pipx`` command instead, which places installed packages in an
+isolated environment. This should not negatively affect Reticulum, but installation
+via this method is not fully tested yet.

-    # If the above installation succeeds, you can now install
-    # Reticulum and any related software
-    pip3 install rns
+.. code::
+
+    # Install pipx 
+    sudo apt install pipx
+
+    # Make installed programs available on the command line
+    pipx ensurepath
+
+    # Install Reticulum
+    pipx install rns

-It is also possible to include Reticulum in apps compiled and distributed as
-Android APKs. A detailed tutorial and example source code will be included
-here at a later point.

 Pure-Python Reticulum
 ==============================================
@@ -348,7 +491,8 @@ install one or more dependencies

 On more unusual systems, and in some rare cases, it might not be possible to
 install or even compile one or more of the above modules. In such situations,
-you can use the ``rnspure`` package instead of the ``rns`` package. The ``rnspure``
+you can use the ``rnspure`` package instead of the ``rns`` package, or use ``pip``
+with the ``--no-dependencies`` command-line option. The ``rnspure``
 package requires no external dependencies for installation. Please note that the
 actual contents of the ``rns`` and ``rnspure`` packages are *completely identical*.
 The only difference is that the ``rnspure`` package lists no dependencies required
@@ -363,4 +507,4 @@ All other available modules will still be loaded when needed.
 **Please Note!** If you use the `rnspure` package to run Reticulum on systems that
 do not support `PyCA/cryptography <https://github.com/pyca/cryptography>`_, it is
 important that you read and understand the :ref:`Cryptographic Primitives <understanding-primitives>`
-section of this manual.
+section of this manual.
@@ -52,7 +52,7 @@ the discussion to RNodes using *LoRa* modulation in common ISM bands.
 **Avoid Confusion!** RNodes can use LoRa as a *physical-layer modulation*, but it
 does not use, and has nothing to do with the *LoRaWAN* protocol and standard, commonly
 used for centrally controlled IoT devices. RNodes use *raw LoRa modulation*, without
-any additional protocol overhead. All high-level protocol funcionality is handled
+any additional protocol overhead. All high-level protocol functionality is handled
 directly by Reticulum.

 .. _rnode-creating:
@@ -160,12 +160,13 @@ Installation

 Once you have obtained compatible boards, you can install the `RNode Firmware <https://github.com/markqvist/RNode_Firmware>`_
 using the `RNode Configuration Utility <https://github.com/markqvist/rnodeconfigutil>`_.
-Make sure that ``Python3`` and ``pip`` is installed on your system, and then install
-the config utility with ``pip``:
+If you have installed Reticulum on your system, the ``rnodeconf`` program will already be
+available. If not, make sure that ``Python3`` and ``pip`` is installed on your system, and
+then install Reticulum with with ``pip``:

 .. code::

-   pip3 install rnodeconf
+   pip install rns

 Once installation has completed, it is time to start installing the firmware on your
 devices. Run ``rnodeconf`` in auto-install mode like so:
@@ -176,12 +177,7 @@ devices. Run ``rnodeconf`` in auto-install mode like so:

 The utility will guide you through the installation process by asking a series of
 questions about your hardware. Simply follow the guide, and the utility will
-auto-install and configure your devices
-
-**Important Note!** It is currently recommended to use the v1.x line of the RNode firmware,
-even though the v2.x line is available for early testing. The v2.x line should still be
-considered an experimental pre-release. Only use the v2.x firmware line if you want to test
-out the absolutely newest version, and don't care about stability.
+auto-install and configure your devices.

 .. _rnode-usage:

@@ -205,8 +201,8 @@ get started with producing RNodes.
 WiFi-based Hardware
 ===================

-It is possible to use all kinds of both short- and long-range Wifi-based hardware
-with Reticulum. Any kind of hardware that fully supports bridged ethernet over the
+It is possible to use all kinds of both short- and long-range WiFi-based hardware
+with Reticulum. Any kind of hardware that fully supports bridged Ethernet over the
 WiFi interface will work with the :ref:`AutoInterface<interfaces-auto>` in Reticulum.
 Most devices will behave like this by default, or allow it via configuration options.

@@ -242,4 +238,4 @@ It is useful to combine different link and hardware types when designing and
 building a network. One useful design pattern is to employ high-capacity point-to-point
 links based on WiFi or millimeter-wave radios (with high-gain directional antennas)
 for the network backbone, and using LoRa-based RNodes for covering large areas with
-connectivity for client devices.
+connectivity for client devices.
@@ -1,10 +1,20 @@
 ******************************
 Reticulum Network Stack Manual
 ******************************
+
 This manual aims to provide you with all the information you need to
 understand Reticulum, build networks or develop programs using it, or
 to participate in the development of Reticulum itself.

+.. only:: builder_html
+
+   This manual is also available in `PDF <https://github.com/markqvist/Reticulum/releases/latest/download/Reticulum.Manual.pdf>`_ and `EPUB <https://github.com/markqvist/Reticulum/releases/latest/download/Reticulum.Manual.epub>`_ formats.
+
+.. only:: builder_html
+
+   Table Of Contents
+   =================
+
 .. toctree::
   :maxdepth: 3

@@ -15,10 +25,14 @@ to participate in the development of Reticulum itself.
   hardware
   interfaces
   networks
-   reference
   examples
   support

+.. toctree::
+   :maxdepth: 2
+
+   reference
+

 .. only:: html

@@ -98,13 +98,13 @@ and persistent I2P address that your Reticulum instance can be reached
 at.

 To use the I2P interface, you must have an I2P router running
-on your system. The easiest way to acheive this is to download and
+on your system. The easiest way to achieve this is to download and
 install the `latest release <https://github.com/PurpleI2P/i2pd/releases/latest>`_
 of the ``i2pd`` package. For more details about I2P, see the
 `geti2p.net website <https://geti2p.net/en/about/intro>`_.

 When an I2P router is running on your system, you can simply add
-an I2P interface to reticulum:
+an I2P interface to Reticulum:

 .. code::

@@ -270,7 +270,7 @@ with all other peers on a local area network.

 *Please Note!* Using broadcast UDP traffic has performance implications,
 especially on WiFi. If your goal is simply to enable easy communication
-with all peers in your local ethernet broadcast domain, the
+with all peers in your local Ethernet broadcast domain, the
 :ref:`Auto Interface<interfaces-auto>` performs better, and is even
 easier to use.

@@ -404,7 +404,7 @@ directly over a wire-pair, or for using devices such as data radios and lasers.
 Pipe Interface
 ==============

-Using this interface, reticulum can use any program as an interface via `stdin` and
+Using this interface, Reticulum can use any program as an interface via `stdin` and
 `stdout`. This can be used to easily create virtual interfaces, or to interface with
 custom hardware or other systems.

@@ -421,7 +421,7 @@ custom hardware or other systems.
    respawn_delay = 5

 Reticulum will write all packets to `stdin` of the ``command`` option, and will
-continously read and scan its `stdout` for Reticulum packets. If ``EOF`` is reached,
+continuously read and scan its `stdout` for Reticulum packets. If ``EOF`` is reached,
 Reticulum will try to respawn the program after waiting for ``respawn_interval`` seconds.

 .. _interfaces-kiss:
@@ -681,7 +681,7 @@ the default mode.
     other nodes in the network. As an example, if a vehicle is
     equipped with an external LoRa interface, and an internal,
     WiFi-based interface, that serves devices that are moving
-     _with_ the vehicle, the external LoRa interface should be
+     *with* the vehicle, the external LoRa interface should be
     configured as ``roaming``, and the internal interface can
     be left in the default mode. With transport enabled, such
     a setup will allow all internal devices to reach each other,
@@ -9,7 +9,7 @@ Reticulum, which can often be easier than using traditional stacks, since you
 don't have to worry about coordinating addresses, subnets and routing for an
 entire network that you might not know how will evolve in the future. With
 Reticulum, you can simply add more segments to your network when it becomes
-necesarry, and Reticulum will handle the convergence of the entire network
+necessary, and Reticulum will handle the convergence of the entire network
 automatically.

 Concepts & Overview
@@ -18,13 +18,13 @@ Concepts & Overview
 There are important points that need to be kept in mind when building networks
 with Reticulum:

- * | In a Reticulum network, any node can autonomously generate as many adresses
+ * | In a Reticulum network, any node can autonomously generate as many addresses
     (called *destinations* in Reticulum terminology) as it needs, which become
     globally reachable to the rest of the network. There is no central point of
-     control over the adress space.
+     control over the address space.

 * | Reticulum was designed to handle both very small, and very large networks.
-     While the adress space can support billions of endpoints, Reticulum is
+     While the address space can support billions of endpoints, Reticulum is
     also very useful when just a few devices needs to communicate.

 * | Low-bandwidth networks, like LoRa and packet radio, can interoperate and
@@ -113,8 +113,8 @@ WiFi based radios for interconnecting the sites.

 At each site, a Raspberry Pi is installed to function as a gateway. A LoRa radio
 is connected to the Pi with a USB cable, and the WiFi radio is connected to the
-ethernet port of the Pi. At site B, two WiFi radios are needed to be able to reach
-both site A and site C, so an extra ethernet adapter is connected to the Pi in
+Ethernet port of the Pi. At site B, two WiFi radios are needed to be able to reach
+both site A and site C, so an extra Ethernet adapter is connected to the Pi in
 this location.

 Once the hardware has been installed, Reticulum is installed on all the Pis, and at
@@ -1,18 +1,23 @@
+:tocdepth: 4
+
 .. _api-main:

 *************
 API Reference
 *************
-This reference guide lists and explains all classes exposed by the RNS API.
-
-Classes
-=========================
-Communication over a Reticulum network is achieved using a set of classes exposed by RNS.
+Communication over Reticulum networks is achieved by using a simple set of classes exposed by the RNS API.
+This chapter lists and explains all classes exposed by the Reticulum Network Stack API, along with their method signatures and usage. It can be used as a reference while writing applications that utilise Reticulum, or it can be read in entirity to gain an understanding of the complete functionality of RNS from a developers perspective.

 .. _api-reticulum:

-Reticulum
---------
+.. only:: html
+
+   |start-h3| Reticulum |end-h3|
+
+.. only:: latex
+
+   Reticulum
+   ---------

 .. autoclass:: RNS.Reticulum
   :members:
@@ -20,64 +25,190 @@ Reticulum

 .. _api-identity:

-Identity
--------
+.. only:: html
+
+   |start-h3| Identity |end-h3|
+
+.. only:: latex
+
+   Identity
+   --------

 .. autoclass:: RNS.Identity
   :members:

 .. _api-destination:

-Destination
-----------
+.. only:: html
+
+   |start-h3| Destination |end-h3|
+
+.. only:: latex
+
+   Destination
+   -----------

 .. autoclass:: RNS.Destination
   :members:

 .. _api-packet:

-Packet
------
+.. only:: html
+
+   |start-h3| Packet |end-h3|
+
+.. only:: latex
+
+   Packet
+   ------

 .. autoclass:: RNS.Packet(destination, data, create_receipt = True)
   :members:

 .. _api-packetreceipt:

-Packet Receipt
--------------
+.. only:: html
+
+   |start-h3| Packet Receipt |end-h3|
+
+.. only:: latex
+
+   Packet Receipt
+   --------------

 .. autoclass:: RNS.PacketReceipt()
   :members:

 .. _api-link:

-Link
----
+.. only:: html
+
+   |start-h3| Link |end-h3|
+
+.. only:: latex
+
+   Link
+   ----

 .. autoclass:: RNS.Link(destination, established_callback=None, closed_callback = None)
   :members:

 .. _api-requestreceipt:

-Request Receipt
---------------
+.. only:: html
+
+   |start-h3| Request Receipt |end-h3|
+
+.. only:: latex
+
+   Request Receipt
+   ---------------

 .. autoclass:: RNS.RequestReceipt()
   :members:

 .. _api-resource:

-Resource
--------
+.. only:: html
+
+   |start-h3| Resource |end-h3|
+
+.. only:: latex
+
+   Resource
+   --------

 .. autoclass:: RNS.Resource(data, link, advertise=True, auto_compress=True, callback=None, progress_callback=None, timeout=None)
   :members:

+.. _api-channel:
+
+.. only:: html
+
+   |start-h3| Channel |end-h3|
+
+.. only:: latex
+
+   Channel
+   -------
+
+.. autoclass:: RNS.Channel.Channel()
+   :members:
+
+.. _api-messsagebase:
+
+.. only:: html
+
+   |start-h3| MessageBase |end-h3|
+
+.. only:: latex
+
+   MessageBase
+   -----------
+
+.. autoclass:: RNS.MessageBase()
+   :members:
+
+.. _api-buffer:
+
+.. only:: html
+
+   |start-h3| Buffer |end-h3|
+
+.. only:: latex
+
+   Buffer
+   ------
+
+.. autoclass:: RNS.Buffer
+   :members:
+
+.. _api-rawchannelreader:
+
+.. only:: html
+
+   |start-h3| RawChannelReader |end-h3|
+
+.. only:: latex
+
+   RawChannelReader
+   ----------------
+
+.. autoclass:: RNS.RawChannelReader
+   :members: __init__, add_ready_callback, remove_ready_callback
+
+.. _api-rawchannelwriter:
+
+.. only:: html
+
+   |start-h3| RawChannelWriter |end-h3|
+
+.. only:: latex
+
+   RawChannelWriter
+   ----------------
+
+.. autoclass:: RNS.RawChannelWriter
+   :members: __init__
+
 .. _api-transport:

-Transport
---------
+.. only:: html
+
+   |start-h3| Transport |end-h3|
+
+.. only:: latex
+
+   Transport
+   ---------

 .. autoclass:: RNS.Transport
-   :members:
+   :members:
+
+.. |start-h3| raw:: html
+
+     <h3>
+
+.. |end-h3| raw:: html
+
+     </h3>
@@ -14,9 +14,7 @@ Donations are gratefully accepted via the following channels:
 .. code:: text

    Monero:
-    84FpY1QbxHcgdseePYNmhTHcrgMX4nFf
-    BYtz2GKYToqHVVhJp8Eaw1Z1EedRnKD1
-    9b3B8NiLCGVxzKV17UMmmeEsCrPyA5w
+    84FpY1QbxHcgdseePYNmhTHcrgMX4nFfBYtz2GKYToqHVVhJp8Eaw1Z1EedRnKD19b3B8NiLCGVxzKV17UMmmeEsCrPyA5w

    Ethereum:
    0x81F7B979fEa6134bA9FD5c701b3501A2e61E897a
@@ -34,11 +32,11 @@ Provide Feedback
 ================
 All feedback on the usage, functioning and potential dysfunctioning of any and
 all components of the system is very valuable to the continued development and
-improvement of Reticulum. Absolutely no automated analytics, telemetly, error
+improvement of Reticulum. Absolutely no automated analytics, telemetry, error
 reporting or statistics is collected and reported by Reticulum under any
 circumstances, so we rely on old-fashioned human feedback.

 Contribute Code
 ===============
 Join us on `the GitHub repository <https://github.com/markqvist/reticulum>`_ to
-report issues, suggest functionality and contribute code to Reticulum.
+report issues, suggest functionality and contribute code to Reticulum.
@@ -70,7 +70,7 @@ guide the design of Reticulum:
 * **Hardware layer agnosticism**
    Reticulum must be fully hardware agnostic, and shall be useable over a wide range of
    physical networking layers, such as data radios, serial lines, modems, handheld transceivers,
-    wired ethernet, wifi, or anything else that can carry a digital data stream. Hardware made for
+    wired Ethernet, WiFi, or anything else that can carry a digital data stream. Hardware made for
    dedicated Reticulum use shall be as cheap as possible and use off-the-shelf components, so
    it can be easily modified and replicated by anyone interested in doing so.
 * **Very low bandwidth requirements**
@@ -107,39 +107,40 @@ guide the design of Reticulum:
 Introduction & Basic Functionality
 ==================================

-Reticulum is a networking stack suited for high-latency, low-bandwidth links. Reticulum is at it’s
+Reticulum is a networking stack suited for high-latency, low-bandwidth links. Reticulum is at its
 core a *message oriented* system. It is suited for both local point-to-point or point-to-multipoint
-scenarios where alle nodes are within range of each other, as well as scenarios where packets need
+scenarios where all nodes are within range of each other, as well as scenarios where packets need
 to be transported over multiple hops in a complex network to reach the recipient.

 Reticulum does away with the idea of addresses and ports known from IP, TCP and UDP. Instead
-Reticulum uses the singular concept of *destinations*. Any application using Reticulum as it’s
+Reticulum uses the singular concept of *destinations*. Any application using Reticulum as its
 networking stack will need to create one or more destinations to receive data, and know the
 destinations it needs to send data to.

-All destinations in Reticulum are represented as a 10 byte hash, derived from truncating a full
+All destinations in Reticulum are _represented_ as a 16 byte hash. This hash is derived from truncating a full
 SHA-256 hash of identifying characteristics of the destination. To users, the destination addresses
-will be displayed as 10 bytes in hexadecimal representation, as in the following example: ``<80e29bf7cccaf31431b3>``.
+will be displayed as 16 hexadecimal bytes, like this example: ``<13425ec15b621c1d928589718000d814>``.

-The truncation size of 10 bytes (80 bits) for destinations has been choosen as a reasonable tradeoff between address space
-and packet overhead. The address space accomodated by this size can support many billions of
+The truncation size of 16 bytes (128 bits) for destinations has been chosen as a reasonable trade-off
+between address space
+and packet overhead. The address space accommodated by this size can support many billions of
 simultaneously active devices on the same network, while keeping packet overhead low, which is
 essential on low-bandwidth networks. In the very unlikely case that this address space nears
 congestion, a one-line code change can upgrade the Reticulum address space all the way up to 256
 bits, ensuring the Reticulum address space could potentially support galactic-scale networks.
-This is obviusly complete and ridiculous over-allocation, and as such, the current 80 bits should
+This is obviously complete and ridiculous over-allocation, and as such, the current 128 bits should
 be sufficient, even far into the future.

-By default Reticulum encrypts all data using elliptic curve cryptography. Any packet sent to a
-destination is encrypted with a derived ephemeral key. Reticulum can also set up an encrypted
-channel to a destination with *Forward Secrecy* and *Initiator Anonymity* using a elliptic
-curve cryptography and ephemeral keys derived from a Diffie Hellman exchange on Curve25519. In
-Reticulum terminology, this is called a *Link*. The multi-hop transport, coordination, verification
-and reliability layers are fully autonomous and also based on elliptic curve cryptography.
+By default Reticulum encrypts all data using elliptic curve cryptography and AES. Any packet sent to a
+destination is encrypted with a per-packet derived key. Reticulum can also set up an encrypted
+channel to a destination, called a *Link*. Both data sent over Links and single packets offer
+*Initiator Anonymity*, and links additionally offer *Forward Secrecy* by using an Elliptic Curve
+Diffie Hellman key exchange on Curve25519 to derive per-link ephemeral keys. The multi-hop transport,
+coordination, verification and reliability layers are fully autonomous and also based on elliptic
+curve cryptography.

 Reticulum also offers symmetric key encryption for group-oriented communications, as well as
-unencrypted packets for broadcast purposes, or situations where you need the communication to be in
-plain text.
+unencrypted packets for local broadcast purposes.

 Reticulum can connect to a variety of interfaces such as radio modems, data radios and serial ports,
 and offers the possibility to easily tunnel Reticulum traffic over IP links such as the Internet or
@@ -163,7 +164,7 @@ destinations. Reticulum uses three different basic destination types, and one sp
    A *plain* destination type is unencrypted, and suited for traffic that should be broadcast to a
    number of users, or should be readable by anyone. Traffic to a *plain* destination is not encrypted.
    Generally, *plain* destinations can be used for broadcast information intended to be public.
-    Plain destinations are only reachable directly, and packets adressed to plain destinations are
+    Plain destinations are only reachable directly, and packets addressed to plain destinations are
    never transported over multiple hops in the network. To be transportable over multiple hops in Reticulum, information
    *must* be encrypted, since Reticulum uses the per-packet encryption to verify routing paths and
    keep them alive.
@@ -186,7 +187,7 @@ Destination Naming
 ^^^^^^^^^^^^^^^^^^

 Destinations are created and named in an easy to understand dotted notation of *aspects*, and
-represented on the network as a hash of this value. The hash is a SHA-256 truncated to 80 bits. The
+represented on the network as a hash of this value. The hash is a SHA-256 truncated to 128 bits. The
 top level aspect should always be a unique identifier for the application using the destination.
 The next levels of aspects can be defined in any way by the creator of the application.

@@ -202,7 +203,7 @@ application name, a device type and measurement type, like this:
   aspects   : remotesensor, temperature

   full name : environmentlogger.remotesensor.temperature
-   hash      : fa7ddfab5213f916dea
+   hash      : 4faf1b2e0a077e6a9d92fa051f256038

 For the *single* destination, Reticulum will automatically append the associated public key as a
 destination aspect before hashing. This is done to ensure only the correct destination is reached,
@@ -219,10 +220,10 @@ packet.

 In actual use of *single* destination naming, it is advisable not to use any uniquely identifying
 features in aspect naming. Aspect names should be general terms describing what kind of destination
-is represented. The uniquely identifying aspect is always acheived by the appending the public key,
-which expands the destination into a uniquely identifyable one. Reticulum does this automatically.
+is represented. The uniquely identifying aspect is always achieved by appending the public key,
+which expands the destination into a uniquely identifiable one. Reticulum does this automatically.

-Any destination on a Reticulum network can be addressed and reached simply by knowning its
+Any destination on a Reticulum network can be addressed and reached simply by knowing its
 destination hash (and public key, but if the public key is not known, it can be requested from the
 network simply by knowing the destination hash). The use of app names and aspects makes it easy to
 structure Reticulum programs and makes it possible to filter what information and data your program
@@ -238,7 +239,7 @@ To recap, the different destination types should be used in the following situat
 * **Plain**
    When plain-text communication is desirable, for example when broadcasting information, or for local discovery purposes.

-To communicate with a *single* destination, you need to know it’s public key. Any method for
+To communicate with a *single* destination, you need to know its public key. Any method for
 obtaining the public key is valid, but Reticulum includes a simple mechanism for making other
 nodes aware of your destinations public key, called the *announce*. It is also possible to request
 an unknown public key from the network, as all transport instances serve as a distributed ledger
@@ -286,7 +287,7 @@ In Reticulum, destinations are allowed to move around the network at will. This
 protocols such as IP, where an address is always expected to stay within the network segment it was assigned in.
 This limitation does not exist in Reticulum, and any destination is *completely portable* over the entire topography
 of the network, and *can even be moved to other Reticulum networks* than the one it was created in, and
-still become reachable. To update it's reachability, a destination simply needs to send an announce on any
+still become reachable. To update its reachability, a destination simply needs to send an announce on any
 networks it is part of. After a short while, it will be globally reachable in the network.

 Seeing how *single* destinations are always tied to a private/public key pair leads us to the next topic.
@@ -349,7 +350,7 @@ Node Types
 ----------

 Currently, Reticulum distinguishes between two types of network nodes. All nodes on a Reticulum network
-are *Reticulum Instances*, and some are alo *Transport Nodes*. If a system running Reticulum is fixed in
+are *Reticulum Instances*, and some are also *Transport Nodes*. If a system running Reticulum is fixed in
 one place, and is intended to be kept available most of the time, it is a good contender to be a *Transport Node*.

 Any Reticulum Instance can become a Transport Node by enabling it in the configuration.
@@ -367,7 +368,7 @@ If it is a *Transport Node*, it should be given the configuration directive ``en
 The Announce Mechanism in Detail
 --------------------------------

-When an *announce* for a destination is transmitted by from a Reticulum instance, it will be forwarded by
+When an *announce* for a destination is transmitted by a Reticulum instance, it will be forwarded by
 any transport node receiving it, but according to some specific rules:


@@ -384,7 +385,7 @@ any transport node receiving it, but according to some specific rules:
    announces is set at 2%, but can be configured on a per-interface basis.

 * | If any given interface does not have enough bandwidth available for retransmitting the announce,
-    the announce will be assigned a priority inversely proportional to it's hop count, and be inserted
+    the announce will be assigned a priority inversely proportional to its hop count, and be inserted
    into a queue managed by the interface.

 * | When the interface has bandwidth available for processing an announce, it will prioritise announces
@@ -430,7 +431,7 @@ For exchanges of small amounts of information, Reticulum offers the *Packet* API

 * | A packet is always created with an associated destination and some payload data. When the packet is sent
    to a *single* destination type, Reticulum will automatically create an ephemeral encryption key, perform
-    an ECDH key exchange with the destinations public key, and encrypt the information.
+    an ECDH key exchange with the destination's public key, and encrypt the information.

 * | It is important to note that this key exchange does not require any network traffic. The sender already
    knows the public key of the destination from an earlier received *announce*, and can thus perform the ECDH
@@ -442,18 +443,17 @@ For exchanges of small amounts of information, Reticulum offers the *Packet* API
 * | When the destination receives the packet, it can itself perform an ECDH key exchange and decrypt the
    packet.

-* | A new ephemeral key is used for every packet sent in this way, and forward secrecy is guaranteed on a
-    per packet level.
+* | A new ephemeral key is used for every packet sent in this way.

 * | Once the packet has been received and decrypted by the addressed destination, that destination can opt
    to *prove* its receipt of the packet. It does this by calculating the SHA-256 hash of the received packet,
-    and signing this hash with it's Ed25519 signing key. Transport nodes in the network can then direct this
-    *proof* back to the packets origin, where the signature can be verified against the destinations known
+    and signing this hash with its Ed25519 signing key. Transport nodes in the network can then direct this
+    *proof* back to the packets origin, where the signature can be verified against the destination's known
    public signing key.

 * | In case the packet is addressed to a *group* destination type, the packet will be encrypted with the
    pre-shared AES-128 key associated with the destination. In case the packet is addressed to a *plain*
-    destination type, the payload data will not be encrypted. Neither of these two destination types offer
+    destination type, the payload data will not be encrypted. Neither of these two destination types can offer
    forward secrecy. In general, it is recommended to always use the *single* destination type, unless it is
    strictly necessary to use one of the others.

@@ -465,7 +465,7 @@ For exchanges of larger amounts of data, or when longer sessions of bidirectiona
    forward the packet will take note of this *link request*.

 * | Second, if the destination accepts the *link request* , it will send back a packet that proves the
-    authenticity of it’s identity (and the receipt of the link request) to the initiating node. All
+    authenticity of its identity (and the receipt of the link request) to the initiating node. All
    nodes that initially forwarded the packet will also be able to verify this proof, and thus
    accept the validity of the *link* throughout the network.

@@ -485,18 +485,23 @@ For exchanges of larger amounts of data, or when longer sessions of bidirectiona
    the destination using a Reticulum Identity. This authentication is happening inside the encrypted
    link, and is only revealed to the verified destination, and no intermediaries.

-In a moment, we will discuss the details of how this methodology is implemented, but let’s first
-recap what purposes this methodology serves. We first ensure that the node answering our request
-is actually the one we want to communicate with, and not a malicious actor pretending to be so.
-At the same time we establish an efficient encrypted channel. The setup of this is relatively cheap in
-terms of bandwidth, so it can be used just for a short exchange, and then recreated as needed, which will
-also rotate encryption keys. The link can also be kept alive for longer periods of time, if this is
-more suitable to the application. The procedure also inserts the *link id* , a hash calculated from the link request packet, into the memory of forwarding nodes, which means that the communicating nodes can thereafter reach each other simply by referring to this *link id*.
+In a moment, we will discuss the details of how this methodology is
+implemented, but let’s first recap what purposes this methodology serves. We
+first ensure that the node answering our request is actually the one we want to
+communicate with, and not a malicious actor pretending to be so.  At the same
+time we establish an efficient encrypted channel. The setup of this is
+relatively cheap in terms of bandwidth, so it can be used just for a short
+exchange, and then recreated as needed, which will also rotate encryption keys.
+The link can also be kept alive for longer periods of time, if this is more
+suitable to the application. The procedure also inserts the *link id* , a hash
+calculated from the link request packet, into the memory of forwarding nodes,
+which means that the communicating nodes can thereafter reach each other simply
+by referring to this *link id*.

-The combined bandwidth cost of setting up a link is 3 packets totalling 237 bytes (more info in the
+The combined bandwidth cost of setting up a link is 3 packets totalling 297 bytes (more info in the
 :ref:`Binary Packet Format<understanding-packetformat>` section). The amount of bandwidth used on keeping
-a link open is practically negligible, at 0.62 bits per second. Even on a slow 1200 bits per second packet
-radio channel, 100 concurrent links will still leave 95% channel capacity for actual data.
+a link open is practically negligible, at 0.45 bits per second. Even on a slow 1200 bits per second packet
+radio channel, 100 concurrent links will still leave 96% channel capacity for actual data.


 Link Establishment in Detail
@@ -538,14 +543,16 @@ an arbitrary number of hops, where information will be exchanged between two nod

 * | A *link proof* packet is now constructed and transmitted over the network. This packet is
    addressed to the *link id* of the *link*. It contains the following data: The newly generated X25519
-    public key *LKr* and an Ed25519 signature of the *link id* and *LKr* made by the signing key of
+    public key *LKr* and an Ed25519 signature of the *link id* and *LKr* made by the *original signing key* of
    the addressed destination.
   
 * | By verifying this *link proof* packet, all nodes that originally transported the *link request*
    packet to the destination from the originator can now verify that the intended destination received
    the request and accepted it, and that the path they chose for forwarding the request was valid.
-    In sucessfully carrying out this verification, the transporting nodes marks the link as active.
+    In successfully carrying out this verification, the transporting nodes marks the link as active.
    An abstract bi-directional communication channel has now been established along a path in the network.
+    Packets can now be exchanged bi-directionally from either end of the link simply by adressing the
+    packets to the *link id* of the link.

 * | When the source receives the *proof* , it will know unequivocally that a verified path has been
    established to the destination. It can now also use the X25519 public key contained in the
@@ -683,7 +690,7 @@ Wire Format

    A Reticulum packet is composed of the following fields:

-    [HEADER 2 bytes] [ADDRESSES 10/20 bytes] [CONTEXT 1 byte] [DATA 0-477 bytes]
+    [HEADER 2 bytes] [ADDRESSES 16/32 bytes] [CONTEXT 1 byte] [DATA 0-465 bytes]

    * The HEADER field is 2 bytes long.
      * Byte 1: [IFAC Flag], [Header Type], [Propagation Type], [Destination Type] and [Packet Type]
@@ -695,15 +702,15 @@ Wire Format
        capabilities and configuration.

    * The ADDRESSES field contains either 1 or 2 addresses.
-      * Each address is 10 bytes long.
+      * Each address is 16 bytes long.
      * The Header Type flag in the HEADER field determines
        whether the ADDRESSES field contains 1 or 2 addresses.
-      * Addresses are Reticulum hashes truncated to 10 bytes.
+      * Addresses are SHA-256 hashes truncated to 16 bytes.

    * The CONTEXT field is 1 byte.
      * It is used by Reticulum to determine packet context.

-    * The DATA field is between 0 and 477 bytes.
+    * The DATA field is between 0 and 465 bytes.
      * It contains the packets data payload.

    IFAC Flag
@@ -714,8 +721,8 @@ Wire Format

    Header Types
    -----------------
-    type 1           0  Two byte header, one 10 byte address field
-    type 2           1  Two byte header, two 10 byte address fields
+    type 1           0  Two byte header, one 16 byte address field
+    type 2           1  Two byte header, two 16 byte address fields


    Propagation Types
@@ -747,7 +754,7 @@ Wire Format
       HEADER FIELD           DESTINATION FIELDS            CONTEXT FIELD  DATA FIELD
     _______|_______   ________________|________________   ________|______   __|_
    |               | |                                 | |               | |    |
-    01010000 00000100 [HASH1, 10 bytes] [HASH2, 10 bytes] [CONTEXT, 1 byte] [DATA]
+    01010000 00000100 [HASH1, 16 bytes] [HASH2, 16 bytes] [CONTEXT, 1 byte] [DATA]
    || | | |    |
    || | | |    +-- Hops             = 4
    || | | +------- Packet Type      = DATA
@@ -762,9 +769,9 @@ Wire Format
       HEADER FIELD   DESTINATION FIELD   CONTEXT FIELD  DATA FIELD
     _______|_______   _______|_______   ________|______   __|_
    |               | |               | |               | |    |
-    00000000 00000111 [HASH1, 10 bytes] [CONTEXT, 1 byte] [DATA]
+    00000000 00000111 [HASH1, 16 bytes] [CONTEXT, 1 byte] [DATA]
    || | | |    |
-    || | | |    +-- Hops             = 0
+    || | | |    +-- Hops             = 7
    || | | +------- Packet Type      = DATA
    || | +--------- Destination Type = SINGLE
    || +----------- Propagation Type = BROADCAST
@@ -777,9 +784,9 @@ Wire Format
       HEADER FIELD     IFAC FIELD    DESTINATION FIELD   CONTEXT FIELD  DATA FIELD
     _______|_______   ______|______   _______|_______   ________|______   __|_
    |               | |             | |               | |               | |    |
-    10000000 00000111 [IFAC, N bytes] [HASH1, 10 bytes] [CONTEXT, 1 byte] [DATA]
+    10000000 00000111 [IFAC, N bytes] [HASH1, 16 bytes] [CONTEXT, 1 byte] [DATA]
    || | | |    |
-    || | | |    +-- Hops             = 0
+    || | | |    +-- Hops             = 7
    || | | +------- Packet Type      = DATA
    || | +--------- Destination Type = SINGLE
    || +----------- Propagation Type = BROADCAST
@@ -795,12 +802,12 @@ Wire Format
    wire size counting all fields including headers,
    but excluding any interface access codes.

-    - Path Request    :    33  bytes
-    - Announce        :    151 bytes
-    - Link Request    :    77  bytes
-    - Link Proof      :    77  bytes
-    - Link RTT packet :    83  bytes
-    - Link keepalive  :    14  bytes
+    - Path Request    :    51  bytes
+    - Announce        :    167 bytes
+    - Link Request    :    83  bytes
+    - Link Proof      :    115 bytes
+    - Link RTT packet :    99  bytes
+    - Link keepalive  :    20  bytes


 .. _understanding-announcepropagation:
@@ -887,4 +894,4 @@ testing and review as those from OpenSSL.

 If you want to use the internal pure-python primitives, it is **highly advisable** that you
 have a good understanding of the risks that this pose, and make an informed decision on whether
-those risks are acceptable to you.
+those risks are acceptable to you.
@@ -5,28 +5,43 @@ Using Reticulum on Your System
 ******************************

 Reticulum is not installed as a driver or kernel module, as one might expect
-of a networking stack. Instead, Reticulum is distributed as a Python module.
+of a networking stack. Instead, Reticulum is distributed as a Python module, 
+containing the networking core, and a set of utility and daemon programs.
+
 This means that no special privileges are required to install or use it. It
-is also very light-weight, and easy to transfer to and install on new systems.
-Any program or application that uses Reticulum will automatically load and
-initialise Reticulum when it starts.
+is also very light-weight, and easy to transfer to, and install on new systems.
+
+When you have Reticulum installed, any program or application that uses Reticulum
+will automatically load and initialise Reticulum when it starts, if it is not
+already running.

 In many cases, this approach is sufficient. When any program needs to use
 Reticulum, it is loaded, initialised, interfaces are brought up, and the
 program can now communicate over any Reticulum networks available. If another
-program starts up and also wants access to the same Reticulum network, the
-instance is simply shared. This works for any number of programs running
+program starts up and also wants access to the same Reticulum network, the already
+running instance is simply shared. This works for any number of programs running
 concurrently, and is very easy to use, but depending on your use case, there
 are other options.

 Configuration & Data
 --------------------

-A Reticulum stores all information that it needs to function in a single file-
-system directory. By default, this directory is ``~/.reticulum``, but you can
-use any directory you wish. You can also run multiple separate Reticulum
-instances on the same physical system, in complete isolation from each other,
-or connected together.
+Reticulum stores all information that it needs to function in a single file-system
+directory. When Reticulum is started, it will look for a valid configuration
+directory in the following places:
+
+- ``/etc/reticulum``
+- ``~/.config/reticulum``
+- ``~/.reticulum``
+
+If no existing configuration directory is found, the directory ``~/.reticulum``
+is created, and the default configuration will be automatically created here.
+You can move it to one of the other locations if you wish.
+
+It is also possible to use completely arbitrary configuration directories by
+specifying the relevant command-line parameters when running Reticulum-based
+programs. You can also run multiple separate Reticulum instances on the same
+physical system, either in isolation from each other, or connected together.

 In most cases, a single physical system will only need to run one Reticulum
 instance. This can either be launched at boot, as a system service, or simply
@@ -35,7 +50,7 @@ running on the same system will automatically share the same Reticulum instance,
 if the configuration allows for it, which it does by default.

 The entire configuration of Reticulum is found in the ``~/.reticulum/config``
-file. When Reticulum is first started on a new system, a basic, functional
+file. When Reticulum is first started on a new system, a basic, but fully functional
 configuration file is created. The default configuration looks like this:

 .. code::
@@ -208,7 +223,7 @@ interfaces, similar to the ``ifconfig`` program.
     Traffic : 63.23 KB↑
               80.17 KB↓

-  TCPInterface[RNS Testnet Frankfurt/frankfurt.rns.unsigned.io:4965]
+  TCPInterface[RNS Testnet Dublin/dublin.connect.reticulum.network:4965]
     Status  : Up
     Mode    : Full
     Rate    : 10.00 Mbps
@@ -223,7 +238,7 @@ interfaces, similar to the ``ifconfig`` program.
     Traffic : 8.49 KB↑
               9.23 KB↓

-  Reticulum Transport Instance <5245a8efe1788c6a70e1> running
+  Reticulum Transport Instance <5245a8efe1788c6a1cd36144a270e13b> running

 .. code:: text

@@ -248,10 +263,10 @@ destinations on the Reticulum network.
 .. code:: text

  # Run rnpath
-  rnpath eca6f4e4dc26ae329e61
+  rnpath c89b4da064bf66d280f0e4d8abfd9806

  # Example output
-  Path found, destination <eca6f4e4dc26ae329e61> is 4 hops away via <56b115c30cd386cad69c> on TCPInterface[Testnet/frankfurt.rns.unsigned.io:4965]
+  Path found, destination <c89b4da064bf66d280f0e4d8abfd9806> is 4 hops away via <f53a1c4278e0726bb73fcc623d6ce763> on TCPInterface[Testnet/dublin.connect.reticulum.network:4965]

 .. code:: text

@@ -285,11 +300,11 @@ destinations will not have this option enabled, and will not be probable.
 .. code:: text

  # Run rnprobe
-  rnprobe example_utilities.echo.request 9382f334de63217a4278
+  rnprobe example_utilities.echo.request 2d03725b327348980d570f739a3a5708

  # Example output
-  Sent 16 byte probe to <9382f334de63217a4278>
-  Valid reply received from <9382f334de63217a4278>
+  Sent 16 byte probe to <2d03725b327348980d570f739a3a5708>
+  Valid reply received from <2d03725b327348980d570f739a3a5708>
  Round-trip time is 38.469 milliseconds over 2 hops

 .. code:: text
@@ -319,10 +334,10 @@ files through Reticulum.

  # Run rncp on the receiving system, specifying which identities
  # are allowed to send files
-  rncp --receive -a 940ea3f9e1037d38758f -a e28d5aee4317c24a9041
+  rncp --receive -a 1726dbad538775b5bf9b0ea25a4079c8 -a c50cc4e4f7838b6c31f60ab9032cbc62

  # From another system, copy a file to the receiving system
-  rncp ~/path/to/file.tgz 256320d405d6d525d1e9
+  rncp ~/path/to/file.tgz 73cbd378bb0286ed11a707c13447bb1e

 You can specify as many allowed senders as needed, or complete disable authentication.

@@ -362,21 +377,21 @@ output.

  # Run rnx on the listening system, specifying which identities
  # are allowed to execute commands
-  rncp --listen -a 8111c4ff2968ab0c1286 -a 590256654482b4ba4038
+  rnx --listen -a 941bed5e228775e5a8079fc38b1ccf3f -a 1b03013c25f1c2ca068a4f080b844a10

  # From another system, run a command 
-  rnx ad9a4c9da60089d41c29 "cat /proc/cpuinfo"
+  rnx 7a55144adf826958a9529a3bcf08b149 "cat /proc/cpuinfo"

  # Or enter the interactive mode pseudo-shell
-  rnx ad9a4c9da60089d41c29 -x
+  rnx 7a55144adf826958a9529a3bcf08b149 -x

  # The default identity file is stored in
  # ~/.reticulum/identities/rnx, but you can use
  # another one, which will be created if it does
  # not already exist
-  rnx ad9a4c9da60089d41c29 -i /path/to/identity
+  rnx 7a55144adf826958a9529a3bcf08b149 -i /path/to/identity -x

-You can specify as many allowed senders as needed, or complete disable authentication.
+You can specify as many allowed senders as needed, or completely disable authentication.

 .. code:: text

@@ -412,6 +427,50 @@ You can specify as many allowed senders as needed, or complete disable authentic
    --version             show program's version number and exit


+The rnodeconf Utility
+=====================
+
+The ``rnodeconf`` utility allows you to inspect and configure existing :ref:`RNodes<rnode-main>`, and
+to create and provision new :ref:`RNodes<rnode-main>` from any supported hardware devices.
+
+.. code:: text
+
+  usage: rnodeconf [-h] [-i] [-a] [-u] [-U] [--fw-version version] [--nocheck] [-C] [-N] [-T] [-b] [-B] [-p] [--freq Hz] [--bw Hz] [--txp dBm] [--sf factor] [--cr rate] [--eeprom-backup] [--eeprom-dump] [--eeprom-wipe] [--version] [port]
+
+  RNode Configuration and firmware utility. This program allows you to change various settings and startup modes of RNode. It can also install, flash and update the firmware on supported devices.
+
+  positional arguments:
+    port                  serial port where RNode is attached
+
+  options:
+    -h, --help            show this help message and exit
+    -i, --info            Show device info
+    -a, --autoinstall     Automatic installation on various supported devices
+    -u, --update          Update firmware to the latest version
+    -U, --force-update    Update to specified firmware even if version matches or is older than installed version
+    --fw-version version  Use a specific firmware version for update or autoinstall
+    --nocheck             Don't check for firmware updates online
+    -e, --extract         Extract firmware from connected RNode for later use
+    -E, --use-extracted   Use the extracted firmware for autoinstallation or update
+    -C, --clear-cache     Clear locally cached firmware files
+    -N, --normal          Switch device to normal mode
+    -T, --tnc             Switch device to TNC mode
+    -b, --bluetooth-on    Turn device bluetooth on
+    -B, --bluetooth-off   Turn device bluetooth off
+    -p, --bluetooth-pair  Put device into bluetooth pairing mode
+    --freq Hz             Frequency in Hz for TNC mode
+    --bw Hz               Bandwidth in Hz for TNC mode
+    --txp dBm             TX power in dBm for TNC mode
+    --sf factor           Spreading factor for TNC mode (7 - 12)
+    --cr rate             Coding rate for TNC mode (5 - 8)
+    --eeprom-backup       Backup EEPROM to file
+    --eeprom-dump         Dump EEPROM to console
+    --eeprom-wipe         Unlock and wipe EEPROM
+    --version             Print program version and exit
+
+For more information on how to create your own RNodes, please read the :ref:`Creating RNodes<rnode-creating>`
+section of this manual.
+
 Improving System Configuration
 ------------------------------

@@ -506,4 +565,4 @@ If you want to automatically start ``rnsd`` at boot, run:

 .. code:: text

-  sudo systemctl enable rnsd
+  sudo systemctl enable rnsd
@@ -2,23 +2,48 @@
 What is Reticulum?
 ******************

-Reticulum is a cryptography-based networking stack for building wide-area networks with readily available hardware, that can continue to operate even with extremely low bandwidth and very high latency.
+Reticulum is a cryptography-based networking stack for building both local and
+wide-area networks with readily available hardware, that can continue to operate
+under adverse conditions, such as extremely low bandwidth and very high latency.

-Reticulum allows you to build wide-area networks with off-the-shelf tools, and offers end-to-end encryption, autoconfiguring cryptographically backed multi-hop transport, efficient addressing, unforgeable packet acknowledgements and more.
+Reticulum allows you to build wide-area networks with off-the-shelf tools, and
+offers end-to-end encryption, forward secrecy, autoconfiguring cryptographically
+backed multi-hop transport, efficient addressing, unforgeable packet
+acknowledgements and more.

-Reticulum is a complete networking stack, and does not need IP or higher layers, although it is easy to utilise IP (with TCP or UDP) as the underlying carrier for Reticulum. It is therefore trivial to tunnel Reticulum over the Internet or private IP networks. Reticulum is built directly on cryptographic principles, allowing resilience and stable functionality in open and trustless networks.
+From a users perspective, Reticulum allows the creation of applications that
+respect and empower the autonomy and sovereignty of communities and individuals.
+Reticulum enables secure digital communication that cannot be subjected to
+outside control, manipulation or censorship.

-No kernel modules or drivers are required. Reticulum runs completely in userland, and can run on practically any system that runs Python 3. Reticulum runs well even on small single-board computers like the Pi Zero.
+Reticulum enables the construction of both small and potentially planetary-scale
+networks, without any need for hierarchical or beaureucratic structures to control
+or manage them, while ensuring individuals and communities full sovereignty
+over their own network segments.
+
+Reticulum is a complete networking stack, and does not need IP or higher
+layers, although it is easy to utilise IP (with TCP or UDP) as the underlying
+carrier for Reticulum. It is therefore trivial to tunnel Reticulum over the
+Internet or private IP networks. Reticulum is built directly on cryptographic
+principles, allowing resilience and stable functionality in open and trustless
+networks.
+
+No kernel modules or drivers are required. Reticulum runs completely in
+userland, and can run on practically any system that runs Python 3. Reticulum
+runs well even on small single-board computers like the Pi Zero.


 Current Status
 ==============
-Reticulum should currently be considered beta software. All core protocol features are implemented and functioning, but additions will probably occur as real-world use is explored. There will be bugs. The API and wire-format can be considered stable at the moment, but could change if absolutely warranted.
+**Please know!** Reticulum should currently be considered beta software. All core protocol
+features are implemented and functioning, but additions will probably occur as
+real-world use is explored. *There will be bugs*. The API and wire-format can be
+considered stable at the moment, but could change if absolutely warranted.


 What does Reticulum Offer?
 ==========================
-* Coordination-less globally unique adressing and identification
+* Coordination-less globally unique addressing and identification

 * Fully self-configuring multi-hop routing

@@ -26,7 +51,7 @@ What does Reticulum Offer?

 * Asymmetric encryption based on X25519, and Ed25519 signatures as a basis for all communication

-* Forward Secrecy by using ephemereal Elliptic Curve Diffie-Hellman keys on Curve25519
+* Forward Secrecy by using ephemeral Elliptic Curve Diffie-Hellman keys on Curve25519

 * Reticulum uses the `Fernet <https://github.com/fernet/spec/blob/master/Spec.md>`_ specification for on-the-wire / over-the-air encryption

@@ -46,11 +71,11 @@ What does Reticulum Offer?

 * Efficient link establishment

-  * Total bandwidth cost of setting up a link is only 3 packets, totalling 237 bytes
+  * Total bandwidth cost of setting up a link is only 3 packets, totalling 297 bytes

-  * Low cost of keeping links open at only 0.62 bits per second
+  * Low cost of keeping links open at only 0.44 bits per second

-* Reliable and efficient transfer of arbritrary amounts of data
+* Reliable and efficient transfer of arbitrary amounts of data

  * Reticulum can handle a few bytes of data or files of many gigabytes

@@ -77,7 +102,7 @@ Reticulum. It is possible to build it yourself, to transform a common LoRa
 development board into one, or it can be purchased as a complete transceiver.

 Reticulum can also be encapsulated over existing IP networks, so there's
-nothing stopping you from using it over wired ethernet or your local WiFi
+nothing stopping you from using it over wired Ethernet or your local WiFi
 network, where it'll work just as well. In fact, one of the strengths of
 Reticulum is how easily it allows you to connect different mediums into a
 self-configuring, resilient and encrypted mesh.
@@ -92,15 +117,15 @@ Interface Types and Devices
 ===========================
 Reticulum implements a range of generalised interface types that covers the communications hardware that Reticulum can run over. If your hardware is not supported, it's relatively simple to implement an interface class. Currently, Reticulum can use the following devices and communication mediums:

-* Any ethernet device
+* Any Ethernet device

  * WiFi devices

-  * Wired ethernet devices
+  * Wired Ethernet devices

  * Fibre-optic transceivers

-  * Data radios with ethernet ports
+  * Data radios with Ethernet ports

 * LoRa using `RNode <https://unsigned.io/rnode>`_

@@ -135,4 +160,9 @@ For a full list and more details, see the :ref:`Supported Interfaces<interfaces-

 Caveat Emptor
 ==============
-Reticulum is an experimental networking stack, and should be considered as such. While it has been built with cryptography best-practices very foremost in mind, it has not been externally security audited, and there could very well be privacy-breaking bugs. To be considered secure, Reticulum needs a thourough security review by independt cryptographers and security researchers. If you want to help out, or help sponsor an audit, please do get in touch.
+Reticulum is an experimental networking stack, and should be considered as
+such. While it has been built with cryptography best-practices very foremost in
+mind, it has not yet been externally security audited, and there could very well be
+privacy-breaking bugs. To be considered secure, Reticulum needs a thorough
+security review by independent cryptographers and security researchers. If you
+want to help out with this, or can help sponsor an audit, please do get in touch.
@@ -0,0 +1,134 @@
+/*
+ * _sphinx_javascript_frameworks_compat.js
+ * ~~~~~~~~~~
+ *
+ * Compatability shim for jQuery and underscores.js.
+ *
+ * WILL BE REMOVED IN Sphinx 6.0
+ * xref RemovedInSphinx60Warning
+ *
+ */
+
+/**
+ * select a different prefix for underscore
+ */
+$u = _.noConflict();
+
+
+/**
+ * small helper function to urldecode strings
+ *
+ * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#Decoding_query_parameters_from_a_URL
+ */
+jQuery.urldecode = function(x) {
+    if (!x) {
+        return x
+    }
+    return decodeURIComponent(x.replace(/\+/g, ' '));
+};
+
+/**
+ * small helper function to urlencode strings
+ */
+jQuery.urlencode = encodeURIComponent;
+
+/**
+ * This function returns the parsed url parameters of the
+ * current request. Multiple values per key are supported,
+ * it will always return arrays of strings for the value parts.
+ */
+jQuery.getQueryParameters = function(s) {
+    if (typeof s === 'undefined')
+        s = document.location.search;
+    var parts = s.substr(s.indexOf('?') + 1).split('&');
+    var result = {};
+    for (var i = 0; i < parts.length; i++) {
+        var tmp = parts[i].split('=', 2);
+        var key = jQuery.urldecode(tmp[0]);
+        var value = jQuery.urldecode(tmp[1]);
+        if (key in result)
+            result[key].push(value);
+        else
+            result[key] = [value];
+    }
+    return result;
+};
+
+/**
+ * highlight a given string on a jquery object by wrapping it in
+ * span elements with the given class name.
+ */
+jQuery.fn.highlightText = function(text, className) {
+    function highlight(node, addItems) {
+        if (node.nodeType === 3) {
+            var val = node.nodeValue;
+            var pos = val.toLowerCase().indexOf(text);
+            if (pos >= 0 &&
+                !jQuery(node.parentNode).hasClass(className) &&
+                !jQuery(node.parentNode).hasClass("nohighlight")) {
+                var span;
+                var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg");
+                if (isInSVG) {
+                    span = document.createElementNS("http://www.w3.org/2000/svg", "tspan");
+                } else {
+                    span = document.createElement("span");
+                    span.className = className;
+                }
+                span.appendChild(document.createTextNode(val.substr(pos, text.length)));
+                node.parentNode.insertBefore(span, node.parentNode.insertBefore(
+                    document.createTextNode(val.substr(pos + text.length)),
+                    node.nextSibling));
+                node.nodeValue = val.substr(0, pos);
+                if (isInSVG) {
+                    var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect");
+                    var bbox = node.parentElement.getBBox();
+                    rect.x.baseVal.value = bbox.x;
+                    rect.y.baseVal.value = bbox.y;
+                    rect.width.baseVal.value = bbox.width;
+                    rect.height.baseVal.value = bbox.height;
+                    rect.setAttribute('class', className);
+                    addItems.push({
+                        "parent": node.parentNode,
+                        "target": rect});
+                }
+            }
+        }
+        else if (!jQuery(node).is("button, select, textarea")) {
+            jQuery.each(node.childNodes, function() {
+                highlight(this, addItems);
+            });
+        }
+    }
+    var addItems = [];
+    var result = this.each(function() {
+        highlight(this, addItems);
+    });
+    for (var i = 0; i < addItems.length; ++i) {
+        jQuery(addItems[i].parent).before(addItems[i].target);
+    }
+    return result;
+};
+
+/*
+ * backward compatibility for jQuery.browser
+ * This will be supported until firefox bug is fixed.
+ */
+if (!jQuery.browser) {
+    jQuery.uaMatch = function(ua) {
+        ua = ua.toLowerCase();
+
+        var match = /(chrome)[ \/]([\w.]+)/.exec(ua) ||
+            /(webkit)[ \/]([\w.]+)/.exec(ua) ||
+            /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) ||
+            /(msie) ([\w.]+)/.exec(ua) ||
+            ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) ||
+            [];
+
+        return {
+            browser: match[ 1 ] || "",
+            version: match[ 2 ] || "0"
+        };
+    };
+    jQuery.browser = {};
+    jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true;
+}
@@ -4,7 +4,7 @@
 *
 * Sphinx stylesheet -- basic theme.
 *
- * :copyright: Copyright 2007-2021 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS.
 * :license: BSD, see LICENSE for details.
 *
 */
@@ -222,7 +222,7 @@ table.modindextable td {
 /* -- general body styles --------------------------------------------------- */

 div.body {
-    min-width: 450px;
+    min-width: 360px;
    max-width: 800px;
 }

@@ -236,7 +236,6 @@ div.body p, div.body dd, div.body li, div.body blockquote {
 a.headerlink {
    visibility: hidden;
 }
-
 a.brackets:before,
 span.brackets > a:before{
    content: "[";
@@ -247,6 +246,7 @@ span.brackets > a:after {
    content: "]";
 }

+
 h1:hover > a.headerlink,
 h2:hover > a.headerlink,
 h3:hover > a.headerlink,
@@ -334,13 +334,11 @@ aside.sidebar {
 p.sidebar-title {
    font-weight: bold;
 }
-
 div.admonition, div.topic, blockquote {
    clear: left;
 }

 /* -- topics ---------------------------------------------------------------- */
-
 div.topic {
    border: 1px solid #ccc;
    padding: 7px;
@@ -428,10 +426,6 @@ table.docutils td, table.docutils th {
    border-bottom: 1px solid #aaa;
 }

-table.footnote td, table.footnote th {
-    border: 0 !important;
-}
-
 th {
    text-align: left;
    padding-right: 5px;
@@ -614,7 +608,6 @@ ol.simple p,
 ul.simple p {
    margin-bottom: 0;
 }
-
 dl.footnote > dt,
 dl.citation > dt {
    float: left;
@@ -643,11 +636,11 @@ dl.field-list > dt {
    padding-left: 0.5em;
    padding-right: 5px;
 }
-
 dl.field-list > dt:after {
    content: ":";
 }

+
 dl.field-list > dd {
    padding-left: 0.5em;
    margin-top: 0em;
@@ -731,8 +724,9 @@ dl.glossary dt {

 .classifier:before {
    font-style: normal;
-    margin: 0.5em;
+    margin: 0 0.5em;
    content: ":";
+    display: inline-block;
 }

 abbr, acronym {
@@ -756,6 +750,7 @@ span.pre {
    -ms-hyphens: none;
    -webkit-hyphens: none;
    hyphens: none;
+    white-space: nowrap;
 }

 div[class*="highlight-"] {
@@ -819,7 +814,7 @@ div.code-block-caption code {

 table.highlighttable td.linenos,
 span.linenos,
-div.doctest > div.highlight span.gp {  /* gp: Generic.Prompt */
+div.highlight span.gp {  /* gp: Generic.Prompt */
  user-select: none;
  -webkit-user-select: text; /* Safari fallback only */
  -webkit-user-select: none; /* Chrome/Safari */
@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-check" width="44" height="44" viewBox="0 0 24 24" stroke-width="2" stroke="#22863a" fill="none" stroke-linecap="round" stroke-linejoin="round">
+  <path stroke="none" d="M0 0h24v24H0z" fill="none"/>
+  <path d="M5 12l5 5l10 -10" />
+</svg>
@@ -1,266 +0,0 @@
-/*
- * classic.css_t
- * ~~~~~~~~~~~~~
- *
- * Sphinx stylesheet -- classic theme.
- *
- * :copyright: Copyright 2007-2021 by the Sphinx team, see AUTHORS.
- * :license: BSD, see LICENSE for details.
- *
- */
-
-@import url("basic.css");
-
-/* -- page layout ----------------------------------------------------------- */
-
-html {
-    /* CSS hack for macOS's scrollbar (see #1125) */
-    background-color: #FFFFFF;
-}
-
-body {
-    font-family: sans-serif;
-    font-size: 100%;
-    background-color: #11303d;
-    color: #000;
-    margin: 0;
-    padding: 0;
-}
-
-div.document {
-    background-color: #1c4e63;
-}
-
-div.documentwrapper {
-    float: left;
-    width: 100%;
-}
-
-div.bodywrapper {
-    margin: 0 0 0 230px;
-}
-
-div.body {
-    background-color: #ffffff;
-    color: #000000;
-    padding: 0 20px 30px 20px;
-}
-
-div.footer {
-    color: #ffffff;
-    width: 100%;
-    padding: 9px 0 9px 0;
-    text-align: center;
-    font-size: 75%;
-}
-
-div.footer a {
-    color: #ffffff;
-    text-decoration: underline;
-}
-
-div.related {
-    background-color: #133f52;
-    line-height: 30px;
-    color: #ffffff;
-}
-
-div.related a {
-    color: #ffffff;
-}
-
-div.sphinxsidebar {
-}
-
-div.sphinxsidebar h3 {
-    font-family: 'Trebuchet MS', sans-serif;
-    color: #ffffff;
-    font-size: 1.4em;
-    font-weight: normal;
-    margin: 0;
-    padding: 0;
-}
-
-div.sphinxsidebar h3 a {
-    color: #ffffff;
-}
-
-div.sphinxsidebar h4 {
-    font-family: 'Trebuchet MS', sans-serif;
-    color: #ffffff;
-    font-size: 1.3em;
-    font-weight: normal;
-    margin: 5px 0 0 0;
-    padding: 0;
-}
-
-div.sphinxsidebar p {
-    color: #ffffff;
-}
-
-div.sphinxsidebar p.topless {
-    margin: 5px 10px 10px 10px;
-}
-
-div.sphinxsidebar ul {
-    margin: 10px;
-    padding: 0;
-    color: #ffffff;
-}
-
-div.sphinxsidebar a {
-    color: #98dbcc;
-}
-
-div.sphinxsidebar input {
-    border: 1px solid #98dbcc;
-    font-family: sans-serif;
-    font-size: 1em;
-}
-
-
-
-/* -- hyperlink styles ------------------------------------------------------ */
-
-a {
-    color: #355f7c;
-    text-decoration: none;
-}
-
-a:visited {
-    color: #355f7c;
-    text-decoration: none;
-}
-
-a:hover {
-    text-decoration: underline;
-}
-
-
-
-/* -- body styles ----------------------------------------------------------- */
-
-div.body h1,
-div.body h2,
-div.body h3,
-div.body h4,
-div.body h5,
-div.body h6 {
-    font-family: 'Trebuchet MS', sans-serif;
-    background-color: #f2f2f2;
-    font-weight: normal;
-    color: #20435c;
-    border-bottom: 1px solid #ccc;
-    margin: 20px -20px 10px -20px;
-    padding: 3px 0 3px 10px;
-}
-
-div.body h1 { margin-top: 0; font-size: 200%; }
-div.body h2 { font-size: 160%; }
-div.body h3 { font-size: 140%; }
-div.body h4 { font-size: 120%; }
-div.body h5 { font-size: 110%; }
-div.body h6 { font-size: 100%; }
-
-a.headerlink {
-    color: #c60f0f;
-    font-size: 0.8em;
-    padding: 0 4px 0 4px;
-    text-decoration: none;
-}
-
-a.headerlink:hover {
-    background-color: #c60f0f;
-    color: white;
-}
-
-div.body p, div.body dd, div.body li, div.body blockquote {
-    text-align: justify;
-    line-height: 130%;
-}
-
-div.admonition p.admonition-title + p {
-    display: inline;
-}
-
-div.admonition p {
-    margin-bottom: 5px;
-}
-
-div.admonition pre {
-    margin-bottom: 5px;
-}
-
-div.admonition ul, div.admonition ol {
-    margin-bottom: 5px;
-}
-
-div.note {
-    background-color: #eee;
-    border: 1px solid #ccc;
-}
-
-div.seealso {
-    background-color: #ffc;
-    border: 1px solid #ff6;
-}
-
-div.topic {
-    background-color: #eee;
-}
-
-div.warning {
-    background-color: #ffe4e4;
-    border: 1px solid #f66;
-}
-
-p.admonition-title {
-    display: inline;
-}
-
-p.admonition-title:after {
-    content: ":";
-}
-
-pre {
-    padding: 5px;
-    background-color: unset;
-    color: unset;
-    line-height: 120%;
-    border: 1px solid #ac9;
-    border-left: none;
-    border-right: none;
-}
-
-code {
-    background-color: #ecf0f3;
-    padding: 0 1px 0 1px;
-    font-size: 0.95em;
-}
-
-th, dl.field-list > dt {
-    background-color: #ede;
-}
-
-.warning code {
-    background: #efc2c2;
-}
-
-.note code {
-    background: #d6d6d6;
-}
-
-.viewcode-back {
-    font-family: sans-serif;
-}
-
-div.viewcode-block:target {
-    background-color: #f4debf;
-    border-top: 1px solid #ac9;
-    border-bottom: 1px solid #ac9;
-}
-
-div.code-block-caption {
-    color: #efefef;
-    background-color: #1c4e63;
-}
@@ -0,0 +1,5 @@
+<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-copy" width="44" height="44" viewBox="0 0 24 24" stroke-width="1.5" stroke="#000000" fill="none" stroke-linecap="round" stroke-linejoin="round">
+  <path stroke="none" d="M0 0h24v24H0z" fill="none"/>
+  <rect x="8" y="8" width="12" height="12" rx="2" />
+  <path d="M16 8v-2a2 2 0 0 0 -2 -2h-8a2 2 0 0 0 -2 2v8a2 2 0 0 0 2 2h2" />
+</svg>
@@ -0,0 +1,93 @@
+/* Copy buttons */
+button.copybtn {
+    position: absolute;
+    display: flex;
+    top: .3em;
+    right: .3em;
+    width: 1.7em;
+    height: 1.7em;
+	opacity: 0;
+    transition: opacity 0.3s, border .3s, background-color .3s;
+    user-select: none;
+    padding: 0;
+    border: none;
+    outline: none;
+    border-radius: 0.4em;
+    /* The colors that GitHub uses */
+    border: #1b1f2426 1px solid;
+    background-color: #f6f8fa;
+    color: #57606a;
+}
+
+button.copybtn.success {
+    border-color: #22863a;
+    color: #22863a;
+}
+
+button.copybtn svg {
+    stroke: currentColor;
+    width: 1.5em;
+    height: 1.5em;
+    padding: 0.1em;
+}
+
+div.highlight  {
+    position: relative;
+}
+
+.highlight:hover button.copybtn {
+	opacity: 1;
+}
+
+.highlight button.copybtn:hover {
+    background-color: rgb(235, 235, 235);
+}
+
+.highlight button.copybtn:active {
+    background-color: rgb(187, 187, 187);
+}
+
+/**
+ * A minimal CSS-only tooltip copied from:
+ *   https://codepen.io/mildrenben/pen/rVBrpK
+ *
+ * To use, write HTML like the following:
+ *
+ * <p class="o-tooltip--left" data-tooltip="Hey">Short</p>
+ */
+ .o-tooltip--left {
+  position: relative;
+ }
+
+ .o-tooltip--left:after {
+    opacity: 0;
+    visibility: hidden;
+    position: absolute;
+    content: attr(data-tooltip);
+    padding: .2em;
+    font-size: .8em;
+    left: -.2em;
+    background: grey;
+    color: white;
+    white-space: nowrap;
+    z-index: 2;
+    border-radius: 2px;
+    transform: translateX(-102%) translateY(0);
+    transition: opacity 0.2s cubic-bezier(0.64, 0.09, 0.08, 1), transform 0.2s cubic-bezier(0.64, 0.09, 0.08, 1);
+}
+
+.o-tooltip--left:hover:after {
+    display: block;
+    opacity: 1;
+    visibility: visible;
+    transform: translateX(-100%) translateY(0);
+    transition: opacity 0.2s cubic-bezier(0.64, 0.09, 0.08, 1), transform 0.2s cubic-bezier(0.64, 0.09, 0.08, 1);
+    transition-delay: .5s;
+}
+
+/* By default the copy button shouldn't show up when printing a page */
+@media print {
+    button.copybtn {
+        display: none;
+    }
+}
@@ -0,0 +1,220 @@
+// Localization support
+const messages = {
+  'en': {
+    'copy': 'Copy',
+    'copy_to_clipboard': 'Copy to clipboard',
+    'copy_success': 'Copied!',
+    'copy_failure': 'Failed to copy',
+  },
+  'es' : {
+    'copy': 'Copiar',
+    'copy_to_clipboard': 'Copiar al portapapeles',
+    'copy_success': '¡Copiado!',
+    'copy_failure': 'Error al copiar',
+  },
+  'de' : {
+    'copy': 'Kopieren',
+    'copy_to_clipboard': 'In die Zwischenablage kopieren',
+    'copy_success': 'Kopiert!',
+    'copy_failure': 'Fehler beim Kopieren',
+  },
+  'fr' : {
+    'copy': 'Copier',
+    'copy_to_clipboard': 'Copié dans le presse-papier',
+    'copy_success': 'Copié !',
+    'copy_failure': 'Échec de la copie',
+  },
+  'ru': {
+    'copy': 'Скопировать',
+    'copy_to_clipboard': 'Скопировать в буфер',
+    'copy_success': 'Скопировано!',
+    'copy_failure': 'Не удалось скопировать',
+  },
+  'zh-CN': {
+    'copy': '复制',
+    'copy_to_clipboard': '复制到剪贴板',
+    'copy_success': '复制成功!',
+    'copy_failure': '复制失败',
+  },
+  'it' : {
+    'copy': 'Copiare',
+    'copy_to_clipboard': 'Copiato negli appunti',
+    'copy_success': 'Copiato!',
+    'copy_failure': 'Errore durante la copia',
+  }
+}
+
+let locale = 'en'
+if( document.documentElement.lang !== undefined
+    && messages[document.documentElement.lang] !== undefined ) {
+  locale = document.documentElement.lang
+}
+
+let doc_url_root = DOCUMENTATION_OPTIONS.URL_ROOT;
+if (doc_url_root == '#') {
+    doc_url_root = '';
+}
+
+/**
+ * SVG files for our copy buttons
+ */
+let iconCheck = `<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-check" width="44" height="44" viewBox="0 0 24 24" stroke-width="2" stroke="#22863a" fill="none" stroke-linecap="round" stroke-linejoin="round">
+  <title>${messages[locale]['copy_success']}</title>
+  <path stroke="none" d="M0 0h24v24H0z" fill="none"/>
+  <path d="M5 12l5 5l10 -10" />
+</svg>`
+
+// If the user specified their own SVG use that, otherwise use the default
+let iconCopy = ``;
+if (!iconCopy) {
+  iconCopy = `<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-copy" width="44" height="44" viewBox="0 0 24 24" stroke-width="1.5" stroke="#000000" fill="none" stroke-linecap="round" stroke-linejoin="round">
+  <title>${messages[locale]['copy_to_clipboard']}</title>
+  <path stroke="none" d="M0 0h24v24H0z" fill="none"/>
+  <rect x="8" y="8" width="12" height="12" rx="2" />
+  <path d="M16 8v-2a2 2 0 0 0 -2 -2h-8a2 2 0 0 0 -2 2v8a2 2 0 0 0 2 2h2" />
+</svg>`
+}
+
+/**
+ * Set up copy/paste for code blocks
+ */
+
+const runWhenDOMLoaded = cb => {
+  if (document.readyState != 'loading') {
+    cb()
+  } else if (document.addEventListener) {
+    document.addEventListener('DOMContentLoaded', cb)
+  } else {
+    document.attachEvent('onreadystatechange', function() {
+      if (document.readyState == 'complete') cb()
+    })
+  }
+}
+
+const codeCellId = index => `codecell${index}`
+
+// Clears selected text since ClipboardJS will select the text when copying
+const clearSelection = () => {
+  if (window.getSelection) {
+    window.getSelection().removeAllRanges()
+  } else if (document.selection) {
+    document.selection.empty()
+  }
+}
+
+// Changes tooltip text for two seconds, then changes it back
+const temporarilyChangeTooltip = (el, oldText, newText) => {
+  el.setAttribute('data-tooltip', newText)
+  el.classList.add('success')
+  setTimeout(() => el.setAttribute('data-tooltip', oldText), 2000)
+  setTimeout(() => el.classList.remove('success'), 2000)
+}
+
+// Changes the copy button icon for two seconds, then changes it back
+const temporarilyChangeIcon = (el) => {
+  el.innerHTML = iconCheck;
+  setTimeout(() => {el.innerHTML = iconCopy}, 2000)
+}
+
+const addCopyButtonToCodeCells = () => {
+  // If ClipboardJS hasn't loaded, wait a bit and try again. This
+  // happens because we load ClipboardJS asynchronously.
+  if (window.ClipboardJS === undefined) {
+    setTimeout(addCopyButtonToCodeCells, 250)
+    return
+  }
+
+  // Add copybuttons to all of our code cells
+  const codeCells = document.querySelectorAll('div.highlight pre')
+  codeCells.forEach((codeCell, index) => {
+    const id = codeCellId(index)
+    codeCell.setAttribute('id', id)
+
+    const clipboardButton = id =>
+    `<button class="copybtn o-tooltip--left" data-tooltip="${messages[locale]['copy']}" data-clipboard-target="#${id}">
+      ${iconCopy}
+    </button>`
+    codeCell.insertAdjacentHTML('afterend', clipboardButton(id))
+  })
+
+function escapeRegExp(string) {
+    return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'); // $& means the whole matched string
+}
+
+// Callback when a copy button is clicked. Will be passed the node that was clicked
+// should then grab the text and replace pieces of text that shouldn't be used in output
+function formatCopyText(textContent, copybuttonPromptText, isRegexp = false, onlyCopyPromptLines = true, removePrompts = true, copyEmptyLines = true, lineContinuationChar = "", hereDocDelim = "") {
+
+    var regexp;
+    var match;
+
+    // Do we check for line continuation characters and "HERE-documents"?
+    var useLineCont = !!lineContinuationChar
+    var useHereDoc = !!hereDocDelim
+
+    // create regexp to capture prompt and remaining line
+    if (isRegexp) {
+        regexp = new RegExp('^(' + copybuttonPromptText + ')(.*)')
+    } else {
+        regexp = new RegExp('^(' + escapeRegExp(copybuttonPromptText) + ')(.*)')
+    }
+
+    const outputLines = [];
+    var promptFound = false;
+    var gotLineCont = false;
+    var gotHereDoc = false;
+    const lineGotPrompt = [];
+    for (const line of textContent.split('\n')) {
+        match = line.match(regexp)
+        if (match || gotLineCont || gotHereDoc) {
+            promptFound = regexp.test(line)
+            lineGotPrompt.push(promptFound)
+            if (removePrompts && promptFound) {
+                outputLines.push(match[2])
+            } else {
+                outputLines.push(line)
+            }
+            gotLineCont = line.endsWith(lineContinuationChar) & useLineCont
+            if (line.includes(hereDocDelim) & useHereDoc)
+                gotHereDoc = !gotHereDoc
+        } else if (!onlyCopyPromptLines) {
+            outputLines.push(line)
+        } else if (copyEmptyLines && line.trim() === '') {
+            outputLines.push(line)
+        }
+    }
+
+    // If no lines with the prompt were found then just use original lines
+    if (lineGotPrompt.some(v => v === true)) {
+        textContent = outputLines.join('\n');
+    }
+
+    // Remove a trailing newline to avoid auto-running when pasting
+    if (textContent.endsWith("\n")) {
+        textContent = textContent.slice(0, -1)
+    }
+    return textContent
+}
+
+
+var copyTargetText = (trigger) => {
+  var target = document.querySelector(trigger.attributes['data-clipboard-target'].value);
+  return formatCopyText(target.innerText, '', false, true, true, true, '', '')
+}
+
+  // Initialize with a callback so we can modify the text before copy
+  const clipboard = new ClipboardJS('.copybtn', {text: copyTargetText})
+
+  // Update UI with error/success messages
+  clipboard.on('success', event => {
+    clearSelection()
+    temporarilyChangeTooltip(event.trigger, messages[locale]['copy'], messages[locale]['copy_success'])
+    temporarilyChangeIcon(event.trigger)
+  })
+
+  clipboard.on('error', event => {
+    temporarilyChangeTooltip(event.trigger, messages[locale]['copy'], messages[locale]['copy_failure'])
+  })
+}
+
+runWhenDOMLoaded(addCopyButtonToCodeCells)
@@ -0,0 +1,58 @@
+function escapeRegExp(string) {
+    return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'); // $& means the whole matched string
+}
+
+// Callback when a copy button is clicked. Will be passed the node that was clicked
+// should then grab the text and replace pieces of text that shouldn't be used in output
+export function formatCopyText(textContent, copybuttonPromptText, isRegexp = false, onlyCopyPromptLines = true, removePrompts = true, copyEmptyLines = true, lineContinuationChar = "", hereDocDelim = "") {
+
+    var regexp;
+    var match;
+
+    // Do we check for line continuation characters and "HERE-documents"?
+    var useLineCont = !!lineContinuationChar
+    var useHereDoc = !!hereDocDelim
+
+    // create regexp to capture prompt and remaining line
+    if (isRegexp) {
+        regexp = new RegExp('^(' + copybuttonPromptText + ')(.*)')
+    } else {
+        regexp = new RegExp('^(' + escapeRegExp(copybuttonPromptText) + ')(.*)')
+    }
+
+    const outputLines = [];
+    var promptFound = false;
+    var gotLineCont = false;
+    var gotHereDoc = false;
+    const lineGotPrompt = [];
+    for (const line of textContent.split('\n')) {
+        match = line.match(regexp)
+        if (match || gotLineCont || gotHereDoc) {
+            promptFound = regexp.test(line)
+            lineGotPrompt.push(promptFound)
+            if (removePrompts && promptFound) {
+                outputLines.push(match[2])
+            } else {
+                outputLines.push(line)
+            }
+            gotLineCont = line.endsWith(lineContinuationChar) & useLineCont
+            if (line.includes(hereDocDelim) & useHereDoc)
+                gotHereDoc = !gotHereDoc
+        } else if (!onlyCopyPromptLines) {
+            outputLines.push(line)
+        } else if (copyEmptyLines && line.trim() === '') {
+            outputLines.push(line)
+        }
+    }
+
+    // If no lines with the prompt were found then just use original lines
+    if (lineGotPrompt.some(v => v === true)) {
+        textContent = outputLines.join('\n');
+    }
+
+    // Remove a trailing newline to avoid auto-running when pasting
+    if (textContent.endsWith("\n")) {
+        textContent = textContent.slice(0, -1)
+    }
+    return textContent
+}
@@ -0,0 +1,20 @@
+h3 {
+	margin-top: 1.75rem;
+	margin-bottom: 0.5rem;
+}
+
+code.literal {
+	padding-left: 0.25rem !important;
+	padding-right: 0.25rem !important;
+	padding-top: 0.25rem !important;
+	padding-bottom: 0.15rem !important;
+}
+
+img[src*="if_mode_graph_b.png"] {
+	background-color: rgb(169, 177, 186);
+}
+
+dt.sig {
+	margin-bottom: 0.75rem;
+	margin-top: 1.75rem;
+}
@@ -0,0 +1,69 @@
+/*
+  This CSS file should be overridden by the theme authors. It's
+  meant for debugging and developing the skeleton that this theme provides.
+*/
+body {
+  font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif,
+    "Apple Color Emoji", "Segoe UI Emoji";
+  background: lavender;
+}
+.sb-announcement {
+  background: rgb(131, 131, 131);
+}
+.sb-announcement__inner {
+  background: black;
+  color: white;
+}
+.sb-header {
+  background: lightskyblue;
+}
+.sb-header__inner {
+  background: royalblue;
+  color: white;
+}
+.sb-header-secondary {
+  background: lightcyan;
+}
+.sb-header-secondary__inner {
+  background: cornflowerblue;
+  color: white;
+}
+.sb-sidebar-primary {
+  background: lightgreen;
+}
+.sb-main {
+  background: blanchedalmond;
+}
+.sb-main__inner {
+  background: antiquewhite;
+}
+.sb-header-article {
+  background: lightsteelblue;
+}
+.sb-article-container {
+  background: snow;
+}
+.sb-article-main {
+  background: white;
+}
+.sb-footer-article {
+  background: lightpink;
+}
+.sb-sidebar-secondary {
+  background: lightgoldenrodyellow;
+}
+.sb-footer-content {
+  background: plum;
+}
+.sb-footer-content__inner {
+  background: palevioletred;
+}
+.sb-footer {
+  background: pink;
+}
+.sb-footer__inner {
+  background: salmon;
+}
+.sb-article {
+  background: white;
+}
@@ -2,320 +2,155 @@
 * doctools.js
 * ~~~~~~~~~~~
 *
- * Sphinx JavaScript utilities for all documentation.
+ * Base JavaScript utilities for all Sphinx HTML documentation.
 *
- * :copyright: Copyright 2007-2021 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS.
 * :license: BSD, see LICENSE for details.
 *
 */
+"use strict";

-/**
- * select a different prefix for underscore
- */
-$u = _.noConflict();
+const BLACKLISTED_KEY_CONTROL_ELEMENTS = new Set([
+  "TEXTAREA",
+  "INPUT",
+  "SELECT",
+  "BUTTON",
+]);

-/**
- * make the code below compatible with browsers without
- * an installed firebug like debugger
-if (!window.console || !console.firebug) {
-  var names = ["log", "debug", "info", "warn", "error", "assert", "dir",
-    "dirxml", "group", "groupEnd", "time", "timeEnd", "count", "trace",
-    "profile", "profileEnd"];
-  window.console = {};
-  for (var i = 0; i < names.length; ++i)
-    window.console[names[i]] = function() {};
-}
- */
-
-/**
- * small helper function to urldecode strings
- *
- * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#Decoding_query_parameters_from_a_URL
- */
-jQuery.urldecode = function(x) {
-  if (!x) {
-    return x
+const _ready = (callback) => {
+  if (document.readyState !== "loading") {
+    callback();
+  } else {
+    document.addEventListener("DOMContentLoaded", callback);
  }
-  return decodeURIComponent(x.replace(/\+/g, ' '));
 };

-/**
- * small helper function to urlencode strings
- */
-jQuery.urlencode = encodeURIComponent;
-
-/**
- * This function returns the parsed url parameters of the
- * current request. Multiple values per key are supported,
- * it will always return arrays of strings for the value parts.
- */
-jQuery.getQueryParameters = function(s) {
-  if (typeof s === 'undefined')
-    s = document.location.search;
-  var parts = s.substr(s.indexOf('?') + 1).split('&');
-  var result = {};
-  for (var i = 0; i < parts.length; i++) {
-    var tmp = parts[i].split('=', 2);
-    var key = jQuery.urldecode(tmp[0]);
-    var value = jQuery.urldecode(tmp[1]);
-    if (key in result)
-      result[key].push(value);
-    else
-      result[key] = [value];
-  }
-  return result;
-};
-
-/**
- * highlight a given string on a jquery object by wrapping it in
- * span elements with the given class name.
- */
-jQuery.fn.highlightText = function(text, className) {
-  function highlight(node, addItems) {
-    if (node.nodeType === 3) {
-      var val = node.nodeValue;
-      var pos = val.toLowerCase().indexOf(text);
-      if (pos >= 0 &&
-          !jQuery(node.parentNode).hasClass(className) &&
-          !jQuery(node.parentNode).hasClass("nohighlight")) {
-        var span;
-        var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg");
-        if (isInSVG) {
-          span = document.createElementNS("http://www.w3.org/2000/svg", "tspan");
-        } else {
-          span = document.createElement("span");
-          span.className = className;
-        }
-        span.appendChild(document.createTextNode(val.substr(pos, text.length)));
-        node.parentNode.insertBefore(span, node.parentNode.insertBefore(
-          document.createTextNode(val.substr(pos + text.length)),
-          node.nextSibling));
-        node.nodeValue = val.substr(0, pos);
-        if (isInSVG) {
-          var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect");
-          var bbox = node.parentElement.getBBox();
-          rect.x.baseVal.value = bbox.x;
-          rect.y.baseVal.value = bbox.y;
-          rect.width.baseVal.value = bbox.width;
-          rect.height.baseVal.value = bbox.height;
-          rect.setAttribute('class', className);
-          addItems.push({
-              "parent": node.parentNode,
-              "target": rect});
-        }
-      }
-    }
-    else if (!jQuery(node).is("button, select, textarea")) {
-      jQuery.each(node.childNodes, function() {
-        highlight(this, addItems);
-      });
-    }
-  }
-  var addItems = [];
-  var result = this.each(function() {
-    highlight(this, addItems);
-  });
-  for (var i = 0; i < addItems.length; ++i) {
-    jQuery(addItems[i].parent).before(addItems[i].target);
-  }
-  return result;
-};
-
-/*
- * backward compatibility for jQuery.browser
- * This will be supported until firefox bug is fixed.
- */
-if (!jQuery.browser) {
-  jQuery.uaMatch = function(ua) {
-    ua = ua.toLowerCase();
-
-    var match = /(chrome)[ \/]([\w.]+)/.exec(ua) ||
-      /(webkit)[ \/]([\w.]+)/.exec(ua) ||
-      /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) ||
-      /(msie) ([\w.]+)/.exec(ua) ||
-      ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) ||
-      [];
-
-    return {
-      browser: match[ 1 ] || "",
-      version: match[ 2 ] || "0"
-    };
-  };
-  jQuery.browser = {};
-  jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true;
-}
-
 /**
 * Small JavaScript module for the documentation.
 */
-var Documentation = {
-
-  init : function() {
-    this.fixFirefoxAnchorBug();
-    this.highlightSearchWords();
-    this.initIndexTable();
-    if (DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) {
-      this.initOnKeyListeners();
-    }
+const Documentation = {
+  init: () => {
+    Documentation.initDomainIndexTable();
+    Documentation.initOnKeyListeners();
  },

  /**
   * i18n support
   */
-  TRANSLATIONS : {},
-  PLURAL_EXPR : function(n) { return n === 1 ? 0 : 1; },
-  LOCALE : 'unknown',
+  TRANSLATIONS: {},
+  PLURAL_EXPR: (n) => (n === 1 ? 0 : 1),
+  LOCALE: "unknown",

  // gettext and ngettext don't access this so that the functions
  // can safely bound to a different name (_ = Documentation.gettext)
-  gettext : function(string) {
-    var translated = Documentation.TRANSLATIONS[string];
-    if (typeof translated === 'undefined')
-      return string;
-    return (typeof translated === 'string') ? translated : translated[0];
+  gettext: (string) => {
+    const translated = Documentation.TRANSLATIONS[string];
+    switch (typeof translated) {
+      case "undefined":
+        return string; // no translation
+      case "string":
+        return translated; // translation exists
+      default:
+        return translated[0]; // (singular, plural) translation tuple exists
+    }
  },

-  ngettext : function(singular, plural, n) {
-    var translated = Documentation.TRANSLATIONS[singular];
-    if (typeof translated === 'undefined')
-      return (n == 1) ? singular : plural;
-    return translated[Documentation.PLURALEXPR(n)];
+  ngettext: (singular, plural, n) => {
+    const translated = Documentation.TRANSLATIONS[singular];
+    if (typeof translated !== "undefined")
+      return translated[Documentation.PLURAL_EXPR(n)];
+    return n === 1 ? singular : plural;
  },

-  addTranslations : function(catalog) {
-    for (var key in catalog.messages)
-      this.TRANSLATIONS[key] = catalog.messages[key];
-    this.PLURAL_EXPR = new Function('n', 'return +(' + catalog.plural_expr + ')');
-    this.LOCALE = catalog.locale;
+  addTranslations: (catalog) => {
+    Object.assign(Documentation.TRANSLATIONS, catalog.messages);
+    Documentation.PLURAL_EXPR = new Function(
+      "n",
+      `return (${catalog.plural_expr})`
+    );
+    Documentation.LOCALE = catalog.locale;
  },

  /**
-   * add context elements like header anchor links
+   * helper function to focus on search bar
   */
-  addContextElements : function() {
-    $('div[id] > :header:first').each(function() {
-      $('<a class="headerlink">\u00B6</a>').
-      attr('href', '#' + this.id).
-      attr('title', _('Permalink to this headline')).
-      appendTo(this);
-    });
-    $('dt[id]').each(function() {
-      $('<a class="headerlink">\u00B6</a>').
-      attr('href', '#' + this.id).
-      attr('title', _('Permalink to this definition')).
-      appendTo(this);
-    });
+  focusSearchBar: () => {
+    document.querySelectorAll("input[name=q]")[0]?.focus();
  },

  /**
-   * workaround a firefox stupidity
-   * see: https://bugzilla.mozilla.org/show_bug.cgi?id=645075
+   * Initialise the domain index toggle buttons
   */
-  fixFirefoxAnchorBug : function() {
-    if (document.location.hash && $.browser.mozilla)
-      window.setTimeout(function() {
-        document.location.href += '';
-      }, 10);
-  },
-
-  /**
-   * highlight the search words provided in the url in the text
-   */
-  highlightSearchWords : function() {
-    var params = $.getQueryParameters();
-    var terms = (params.highlight) ? params.highlight[0].split(/\s+/) : [];
-    if (terms.length) {
-      var body = $('div.body');
-      if (!body.length) {
-        body = $('body');
+  initDomainIndexTable: () => {
+    const toggler = (el) => {
+      const idNumber = el.id.substr(7);
+      const toggledRows = document.querySelectorAll(`tr.cg-${idNumber}`);
+      if (el.src.substr(-9) === "minus.png") {
+        el.src = `${el.src.substr(0, el.src.length - 9)}plus.png`;
+        toggledRows.forEach((el) => (el.style.display = "none"));
+      } else {
+        el.src = `${el.src.substr(0, el.src.length - 8)}minus.png`;
+        toggledRows.forEach((el) => (el.style.display = ""));
      }
-      window.setTimeout(function() {
-        $.each(terms, function() {
-          body.highlightText(this.toLowerCase(), 'highlighted');
-        });
-      }, 10);
-      $('<p class="highlight-link"><a href="javascript:Documentation.' +
-        'hideSearchWords()">' + _('Hide Search Matches') + '</a></p>')
-          .appendTo($('#searchbox'));
-    }
+    };
+
+    const togglerElements = document.querySelectorAll("img.toggler");
+    togglerElements.forEach((el) =>
+      el.addEventListener("click", (event) => toggler(event.currentTarget))
+    );
+    togglerElements.forEach((el) => (el.style.display = ""));
+    if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) togglerElements.forEach(toggler);
  },

-  /**
-   * init the domain index toggle buttons
-   */
-  initIndexTable : function() {
-    var togglers = $('img.toggler').click(function() {
-      var src = $(this).attr('src');
-      var idnum = $(this).attr('id').substr(7);
-      $('tr.cg-' + idnum).toggle();
-      if (src.substr(-9) === 'minus.png')
-        $(this).attr('src', src.substr(0, src.length-9) + 'plus.png');
-      else
-        $(this).attr('src', src.substr(0, src.length-8) + 'minus.png');
-    }).css('display', '');
-    if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) {
-        togglers.click();
-    }
-  },
+  initOnKeyListeners: () => {
+    // only install a listener if it is really needed
+    if (
+      !DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS &&
+      !DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS
+    )
+      return;

-  /**
-   * helper function to hide the search marks again
-   */
-  hideSearchWords : function() {
-    $('#searchbox .highlight-link').fadeOut(300);
-    $('span.highlighted').removeClass('highlighted');
-  },
+    document.addEventListener("keydown", (event) => {
+      // bail for input elements
+      if (BLACKLISTED_KEY_CONTROL_ELEMENTS.has(document.activeElement.tagName)) return;
+      // bail with special keys
+      if (event.altKey || event.ctrlKey || event.metaKey) return;

-  /**
-   * make the url absolute
-   */
-  makeURL : function(relativeURL) {
-    return DOCUMENTATION_OPTIONS.URL_ROOT + '/' + relativeURL;
-  },
+      if (!event.shiftKey) {
+        switch (event.key) {
+          case "ArrowLeft":
+            if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break;

-  /**
-   * get the current relative url
-   */
-  getCurrentURL : function() {
-    var path = document.location.pathname;
-    var parts = path.split(/\//);
-    $.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//), function() {
-      if (this === '..')
-        parts.pop();
-    });
-    var url = parts.join('/');
-    return path.substring(url.lastIndexOf('/') + 1, path.length - 1);
-  },
-
-  initOnKeyListeners: function() {
-    $(document).keydown(function(event) {
-      var activeElementType = document.activeElement.tagName;
-      // don't navigate when in search box, textarea, dropdown or button
-      if (activeElementType !== 'TEXTAREA' && activeElementType !== 'INPUT' && activeElementType !== 'SELECT'
-          && activeElementType !== 'BUTTON' && !event.altKey && !event.ctrlKey && !event.metaKey
-          && !event.shiftKey) {
-        switch (event.keyCode) {
-          case 37: // left
-            var prevHref = $('link[rel="prev"]').prop('href');
-            if (prevHref) {
-              window.location.href = prevHref;
-              return false;
+            const prevLink = document.querySelector('link[rel="prev"]');
+            if (prevLink && prevLink.href) {
+              window.location.href = prevLink.href;
+              event.preventDefault();
            }
-          case 39: // right
-            var nextHref = $('link[rel="next"]').prop('href');
-            if (nextHref) {
-              window.location.href = nextHref;
-              return false;
+            break;
+          case "ArrowRight":
+            if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break;
+
+            const nextLink = document.querySelector('link[rel="next"]');
+            if (nextLink && nextLink.href) {
+              window.location.href = nextLink.href;
+              event.preventDefault();
            }
+            break;
        }
      }
+
+      // some keyboard layouts may need Shift to get /
+      switch (event.key) {
+        case "/":
+          if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) break;
+          Documentation.focusSearchBar();
+          event.preventDefault();
+      }
    });
-  }
+  },
 };

 // quick alias for translations
-_ = Documentation.gettext;
+const _ = Documentation.gettext;

-$(document).ready(function() {
-  Documentation.init();
-});
+_ready(Documentation.init);
@@ -1,12 +1,14 @@
 var DOCUMENTATION_OPTIONS = {
    URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'),
-    VERSION: '0.3.8 beta',
-    LANGUAGE: 'None',
+    VERSION: '0.5.2 beta',
+    LANGUAGE: 'en',
    COLLAPSE_INDEX: false,
    BUILDER: 'html',
    FILE_SUFFIX: '.html',
    LINK_SUFFIX: '.html',
    HAS_SOURCE: true,
    SOURCELINK_SUFFIX: '.txt',
-    NAVIGATION_WITH_KEYS: false
+    NAVIGATION_WITH_KEYS: false,
+    SHOW_SEARCH_SUMMARY: true,
+    ENABLE_SEARCH_SHORTCUTS: true,
 };
@@ -1,15 +1,15 @@
 /*!
- * jQuery JavaScript Library v3.5.1
+ * jQuery JavaScript Library v3.6.0
 * https://jquery.com/
 *
 * Includes Sizzle.js
 * https://sizzlejs.com/
 *
- * Copyright JS Foundation and other contributors
+ * Copyright OpenJS Foundation and other contributors
 * Released under the MIT license
 * https://jquery.org/license
 *
- * Date: 2020-05-04T22:49Z
+ * Date: 2021-03-02T17:08Z
 */
 ( function( global, factory ) {

@@ -76,12 +76,16 @@ var support = {};

 var isFunction = function isFunction( obj ) {

-      // Support: Chrome <=57, Firefox <=52
-      // In some browsers, typeof returns "function" for HTML <object> elements
-      // (i.e., `typeof document.createElement( "object" ) === "function"`).
-      // We don't want to classify *any* DOM node as a function.
-      return typeof obj === "function" && typeof obj.nodeType !== "number";
-  };
+		// Support: Chrome <=57, Firefox <=52
+		// In some browsers, typeof returns "function" for HTML <object> elements
+		// (i.e., `typeof document.createElement( "object" ) === "function"`).
+		// We don't want to classify *any* DOM node as a function.
+		// Support: QtWeb <=3.8.5, WebKit <=534.34, wkhtmltopdf tool <=0.12.5
+		// Plus for old WebKit, typeof returns "function" for HTML collections
+		// (e.g., `typeof document.getElementsByTagName("div") === "function"`). (gh-4756)
+		return typeof obj === "function" && typeof obj.nodeType !== "number" &&
+			typeof obj.item !== "function";
+	};


 var isWindow = function isWindow( obj ) {
@@ -147,7 +151,7 @@ function toType( obj ) {


 var
-	version = "3.5.1",
+	version = "3.6.0",

 	// Define a local copy of jQuery
 	jQuery = function( selector, context ) {
@@ -401,7 +405,7 @@ jQuery.extend( {
 			if ( isArrayLike( Object( arr ) ) ) {
 				jQuery.merge( ret,
 					typeof arr === "string" ?
-					[ arr ] : arr
+						[ arr ] : arr
 				);
 			} else {
 				push.call( ret, arr );
@@ -496,9 +500,9 @@ if ( typeof Symbol === "function" ) {

 // Populate the class2type map
 jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ),
-function( _i, name ) {
-	class2type[ "[object " + name + "]" ] = name.toLowerCase();
-} );
+	function( _i, name ) {
+		class2type[ "[object " + name + "]" ] = name.toLowerCase();
+	} );

 function isArrayLike( obj ) {

@@ -518,14 +522,14 @@ function isArrayLike( obj ) {
 }
 var Sizzle =
 /*!
- * Sizzle CSS Selector Engine v2.3.5
+ * Sizzle CSS Selector Engine v2.3.6
 * https://sizzlejs.com/
 *
 * Copyright JS Foundation and other contributors
 * Released under the MIT license
 * https://js.foundation/
 *
- * Date: 2020-03-14
+ * Date: 2021-02-16
 */
 ( function( window ) {
 var i,
@@ -1108,8 +1112,8 @@ support = Sizzle.support = {};
 * @returns {Boolean} True iff elem is a non-HTML XML node
 */
 isXML = Sizzle.isXML = function( elem ) {
-	var namespace = elem.namespaceURI,
-		docElem = ( elem.ownerDocument || elem ).documentElement;
+	var namespace = elem && elem.namespaceURI,
+		docElem = elem && ( elem.ownerDocument || elem ).documentElement;

 	// Support: IE <=8
 	// Assume HTML when documentElement doesn't yet exist, such as inside loading iframes
@@ -3024,9 +3028,9 @@ var rneedsContext = jQuery.expr.match.needsContext;

 function nodeName( elem, name ) {

-  return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase();
+	return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase();

-};
+}
 var rsingleTag = ( /^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i );


@@ -3997,8 +4001,8 @@ jQuery.extend( {
 			resolveContexts = Array( i ),
 			resolveValues = slice.call( arguments ),

-			// the master Deferred
-			master = jQuery.Deferred(),
+			// the primary Deferred
+			primary = jQuery.Deferred(),

 			// subordinate callback factory
 			updateFunc = function( i ) {
@@ -4006,30 +4010,30 @@ jQuery.extend( {
 					resolveContexts[ i ] = this;
 					resolveValues[ i ] = arguments.length > 1 ? slice.call( arguments ) : value;
 					if ( !( --remaining ) ) {
-						master.resolveWith( resolveContexts, resolveValues );
+						primary.resolveWith( resolveContexts, resolveValues );
 					}
 				};
 			};

 		// Single- and empty arguments are adopted like Promise.resolve
 		if ( remaining <= 1 ) {
-			adoptValue( singleValue, master.done( updateFunc( i ) ).resolve, master.reject,
+			adoptValue( singleValue, primary.done( updateFunc( i ) ).resolve, primary.reject,
 				!remaining );

 			// Use .then() to unwrap secondary thenables (cf. gh-3000)
-			if ( master.state() === "pending" ||
+			if ( primary.state() === "pending" ||
 				isFunction( resolveValues[ i ] && resolveValues[ i ].then ) ) {

-				return master.then();
+				return primary.then();
 			}
 		}

 		// Multiple arguments are aggregated like Promise.all array elements
 		while ( i-- ) {
-			adoptValue( resolveValues[ i ], updateFunc( i ), master.reject );
+			adoptValue( resolveValues[ i ], updateFunc( i ), primary.reject );
 		}

-		return master.promise();
+		return primary.promise();
 	}
 } );

@@ -4180,8 +4184,8 @@ var access = function( elems, fn, key, value, chainable, emptyGet, raw ) {
 			for ( ; i < len; i++ ) {
 				fn(
 					elems[ i ], key, raw ?
-					value :
-					value.call( elems[ i ], i, fn( elems[ i ], key ) )
+						value :
+						value.call( elems[ i ], i, fn( elems[ i ], key ) )
 				);
 			}
 		}
@@ -5089,10 +5093,7 @@ function buildFragment( elems, context, scripts, selection, ignored ) {
 }


-var
-	rkeyEvent = /^key/,
-	rmouseEvent = /^(?:mouse|pointer|contextmenu|drag|drop)|click/,
-	rtypenamespace = /^([^.]*)(?:\.(.+)|)/;
+var rtypenamespace = /^([^.]*)(?:\.(.+)|)/;

 function returnTrue() {
 	return true;
@@ -5387,8 +5388,8 @@ jQuery.event = {
 			event = jQuery.event.fix( nativeEvent ),

 			handlers = (
-					dataPriv.get( this, "events" ) || Object.create( null )
-				)[ event.type ] || [],
+				dataPriv.get( this, "events" ) || Object.create( null )
+			)[ event.type ] || [],
 			special = jQuery.event.special[ event.type ] || {};

 		// Use the fix-ed jQuery.Event rather than the (read-only) native event
@@ -5512,12 +5513,12 @@ jQuery.event = {
 			get: isFunction( hook ) ?
 				function() {
 					if ( this.originalEvent ) {
-							return hook( this.originalEvent );
+						return hook( this.originalEvent );
 					}
 				} :
 				function() {
 					if ( this.originalEvent ) {
-							return this.originalEvent[ name ];
+						return this.originalEvent[ name ];
 					}
 				},

@@ -5656,7 +5657,13 @@ function leverageNative( el, type, expectSync ) {
 						// Cancel the outer synthetic event
 						event.stopImmediatePropagation();
 						event.preventDefault();
-						return result.value;
+
+						// Support: Chrome 86+
+						// In Chrome, if an element having a focusout handler is blurred by
+						// clicking outside of it, it invokes the handler synchronously. If
+						// that handler calls `.remove()` on the element, the data is cleared,
+						// leaving `result` undefined. We need to guard against this.
+						return result && result.value;
 					}

 				// If this is an inner synthetic event for an event with a bubbling surrogate
@@ -5821,34 +5828,7 @@ jQuery.each( {
 	targetTouches: true,
 	toElement: true,
 	touches: true,
-
-	which: function( event ) {
-		var button = event.button;
-
-		// Add which for key events
-		if ( event.which == null && rkeyEvent.test( event.type ) ) {
-			return event.charCode != null ? event.charCode : event.keyCode;
-		}
-
-		// Add which for click: 1 === left; 2 === middle; 3 === right
-		if ( !event.which && button !== undefined && rmouseEvent.test( event.type ) ) {
-			if ( button & 1 ) {
-				return 1;
-			}
-
-			if ( button & 2 ) {
-				return 3;
-			}
-
-			if ( button & 4 ) {
-				return 2;
-			}
-
-			return 0;
-		}
-
-		return event.which;
-	}
+	which: true
 }, jQuery.event.addProp );

 jQuery.each( { focus: "focusin", blur: "focusout" }, function( type, delegateType ) {
@@ -5874,6 +5854,12 @@ jQuery.each( { focus: "focusin", blur: "focusout" }, function( type, delegateTyp
 			return true;
 		},

+		// Suppress native focus or blur as it's already being fired
+		// in leverageNative.
+		_default: function() {
+			return true;
+		},
+
 		delegateType: delegateType
 	};
 } );
@@ -6541,6 +6527,10 @@ var rboxStyle = new RegExp( cssExpand.join( "|" ), "i" );
 		// set in CSS while `offset*` properties report correct values.
 		// Behavior in IE 9 is more subtle than in newer versions & it passes
 		// some versions of this test; make sure not to make it pass there!
+		//
+		// Support: Firefox 70+
+		// Only Firefox includes border widths
+		// in computed dimensions. (gh-4529)
 		reliableTrDimensions: function() {
 			var table, tr, trChild, trStyle;
 			if ( reliableTrDimensionsVal == null ) {
@@ -6548,17 +6538,32 @@ var rboxStyle = new RegExp( cssExpand.join( "|" ), "i" );
 				tr = document.createElement( "tr" );
 				trChild = document.createElement( "div" );

-				table.style.cssText = "position:absolute;left:-11111px";
+				table.style.cssText = "position:absolute;left:-11111px;border-collapse:separate";
+				tr.style.cssText = "border:1px solid";
+
+				// Support: Chrome 86+
+				// Height set through cssText does not get applied.
+				// Computed height then comes back as 0.
 				tr.style.height = "1px";
 				trChild.style.height = "9px";

+				// Support: Android 8 Chrome 86+
+				// In our bodyBackground.html iframe,
+				// display for all div elements is set to "inline",
+				// which causes a problem only in Android 8 Chrome 86.
+				// Ensuring the div is display: block
+				// gets around this issue.
+				trChild.style.display = "block";
+
 				documentElement
 					.appendChild( table )
 					.appendChild( tr )
 					.appendChild( trChild );

 				trStyle = window.getComputedStyle( tr );
-				reliableTrDimensionsVal = parseInt( trStyle.height ) > 3;
+				reliableTrDimensionsVal = ( parseInt( trStyle.height, 10 ) +
+					parseInt( trStyle.borderTopWidth, 10 ) +
+					parseInt( trStyle.borderBottomWidth, 10 ) ) === tr.offsetHeight;

 				documentElement.removeChild( table );
 			}
@@ -7022,10 +7027,10 @@ jQuery.each( [ "height", "width" ], function( _i, dimension ) {
 					// Running getBoundingClientRect on a disconnected node
 					// in IE throws an error.
 					( !elem.getClientRects().length || !elem.getBoundingClientRect().width ) ?
-						swap( elem, cssShow, function() {
-							return getWidthOrHeight( elem, dimension, extra );
-						} ) :
-						getWidthOrHeight( elem, dimension, extra );
+					swap( elem, cssShow, function() {
+						return getWidthOrHeight( elem, dimension, extra );
+					} ) :
+					getWidthOrHeight( elem, dimension, extra );
 			}
 		},

@@ -7084,7 +7089,7 @@ jQuery.cssHooks.marginLeft = addGetHookIf( support.reliableMarginLeft,
 					swap( elem, { marginLeft: 0 }, function() {
 						return elem.getBoundingClientRect().left;
 					} )
-				) + "px";
+			) + "px";
 		}
 	}
 );
@@ -7223,7 +7228,7 @@ Tween.propHooks = {
 			if ( jQuery.fx.step[ tween.prop ] ) {
 				jQuery.fx.step[ tween.prop ]( tween );
 			} else if ( tween.elem.nodeType === 1 && (
-					jQuery.cssHooks[ tween.prop ] ||
+				jQuery.cssHooks[ tween.prop ] ||
 					tween.elem.style[ finalPropName( tween.prop ) ] != null ) ) {
 				jQuery.style( tween.elem, tween.prop, tween.now + tween.unit );
 			} else {
@@ -7468,7 +7473,7 @@ function defaultPrefilter( elem, props, opts ) {

 			anim.done( function() {

-			/* eslint-enable no-loop-func */
+				/* eslint-enable no-loop-func */

 				// The final step of a "hide" animation is actually hiding the element
 				if ( !hidden ) {
@@ -7588,7 +7593,7 @@ function Animation( elem, properties, options ) {
 			tweens: [],
 			createTween: function( prop, end ) {
 				var tween = jQuery.Tween( elem, animation.opts, prop, end,
-						animation.opts.specialEasing[ prop ] || animation.opts.easing );
+					animation.opts.specialEasing[ prop ] || animation.opts.easing );
 				animation.tweens.push( tween );
 				return tween;
 			},
@@ -7761,7 +7766,8 @@ jQuery.fn.extend( {
 					anim.stop( true );
 				}
 			};
-			doAnimation.finish = doAnimation;
+
+		doAnimation.finish = doAnimation;

 		return empty || optall.queue === false ?
 			this.each( doAnimation ) :
@@ -8401,8 +8407,8 @@ jQuery.fn.extend( {
 				if ( this.setAttribute ) {
 					this.setAttribute( "class",
 						className || value === false ?
-						"" :
-						dataPriv.get( this, "__className__" ) || ""
+							"" :
+							dataPriv.get( this, "__className__" ) || ""
 					);
 				}
 			}
@@ -8417,7 +8423,7 @@ jQuery.fn.extend( {
 		while ( ( elem = this[ i++ ] ) ) {
 			if ( elem.nodeType === 1 &&
 				( " " + stripAndCollapse( getClass( elem ) ) + " " ).indexOf( className ) > -1 ) {
-					return true;
+				return true;
 			}
 		}

@@ -8707,9 +8713,7 @@ jQuery.extend( jQuery.event, {
 				special.bindType || type;

 			// jQuery handler
-			handle = (
-					dataPriv.get( cur, "events" ) || Object.create( null )
-				)[ event.type ] &&
+			handle = ( dataPriv.get( cur, "events" ) || Object.create( null ) )[ event.type ] &&
 				dataPriv.get( cur, "handle" );
 			if ( handle ) {
 				handle.apply( cur, data );
@@ -8856,7 +8860,7 @@ var rquery = ( /\?/ );

 // Cross-browser xml parsing
 jQuery.parseXML = function( data ) {
-	var xml;
+	var xml, parserErrorElem;
 	if ( !data || typeof data !== "string" ) {
 		return null;
 	}
@@ -8865,12 +8869,17 @@ jQuery.parseXML = function( data ) {
 	// IE throws on parseFromString with invalid input.
 	try {
 		xml = ( new window.DOMParser() ).parseFromString( data, "text/xml" );
-	} catch ( e ) {
-		xml = undefined;
-	}
+	} catch ( e ) {}

-	if ( !xml || xml.getElementsByTagName( "parsererror" ).length ) {
-		jQuery.error( "Invalid XML: " + data );
+	parserErrorElem = xml && xml.getElementsByTagName( "parsererror" )[ 0 ];
+	if ( !xml || parserErrorElem ) {
+		jQuery.error( "Invalid XML: " + (
+			parserErrorElem ?
+				jQuery.map( parserErrorElem.childNodes, function( el ) {
+					return el.textContent;
+				} ).join( "\n" ) :
+				data
+		) );
 	}
 	return xml;
 };
@@ -8971,16 +8980,14 @@ jQuery.fn.extend( {
 			// Can add propHook for "elements" to filter or add form elements
 			var elements = jQuery.prop( this, "elements" );
 			return elements ? jQuery.makeArray( elements ) : this;
-		} )
-		.filter( function() {
+		} ).filter( function() {
 			var type = this.type;

 			// Use .is( ":disabled" ) so that fieldset[disabled] works
 			return this.name && !jQuery( this ).is( ":disabled" ) &&
 				rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) &&
 				( this.checked || !rcheckableType.test( type ) );
-		} )
-		.map( function( _i, elem ) {
+		} ).map( function( _i, elem ) {
 			var val = jQuery( this ).val();

 			if ( val == null ) {
@@ -9033,7 +9040,8 @@ var

 	// Anchor tag for parsing the document origin
 	originAnchor = document.createElement( "a" );
-	originAnchor.href = location.href;
+
+originAnchor.href = location.href;

 // Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport
 function addToPrefiltersOrTransports( structure ) {
@@ -9414,8 +9422,8 @@ jQuery.extend( {
 			// Context for global events is callbackContext if it is a DOM node or jQuery collection
 			globalEventContext = s.context &&
 				( callbackContext.nodeType || callbackContext.jquery ) ?
-					jQuery( callbackContext ) :
-					jQuery.event,
+				jQuery( callbackContext ) :
+				jQuery.event,

 			// Deferreds
 			deferred = jQuery.Deferred(),
@@ -9727,8 +9735,10 @@ jQuery.extend( {
 				response = ajaxHandleResponses( s, jqXHR, responses );
 			}

-			// Use a noop converter for missing script
-			if ( !isSuccess && jQuery.inArray( "script", s.dataTypes ) > -1 ) {
+			// Use a noop converter for missing script but not if jsonp
+			if ( !isSuccess &&
+				jQuery.inArray( "script", s.dataTypes ) > -1 &&
+				jQuery.inArray( "json", s.dataTypes ) < 0 ) {
 				s.converters[ "text script" ] = function() {};
 			}

@@ -10466,12 +10476,6 @@ jQuery.offset = {
 			options.using.call( elem, props );

 		} else {
-			if ( typeof props.top === "number" ) {
-				props.top += "px";
-			}
-			if ( typeof props.left === "number" ) {
-				props.left += "px";
-			}
 			curElem.css( props );
 		}
 	}
@@ -10640,8 +10644,11 @@ jQuery.each( [ "top", "left" ], function( _i, prop ) {

 // Create innerHeight, innerWidth, height, width, outerHeight and outerWidth methods
 jQuery.each( { Height: "height", Width: "width" }, function( name, type ) {
-	jQuery.each( { padding: "inner" + name, content: type, "": "outer" + name },
-		function( defaultExtra, funcName ) {
+	jQuery.each( {
+		padding: "inner" + name,
+		content: type,
+		"": "outer" + name
+	}, function( defaultExtra, funcName ) {

 		// Margin is only for outerHeight, outerWidth
 		jQuery.fn[ funcName ] = function( margin, value ) {
@@ -10726,7 +10733,8 @@ jQuery.fn.extend( {
 	}
 } );

-jQuery.each( ( "blur focus focusin focusout resize scroll click dblclick " +
+jQuery.each(
+	( "blur focus focusin focusout resize scroll click dblclick " +
 	"mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave " +
 	"change select submit keydown keypress keyup contextmenu" ).split( " " ),
 	function( _i, name ) {
@@ -10737,7 +10745,8 @@ jQuery.each( ( "blur focus focusin focusout resize scroll click dblclick " +
 				this.on( name, null, data, fn ) :
 				this.trigger( name );
 		};
-	} );
+	}
+);



@@ -5,12 +5,12 @@
 * This script contains the language-specific data used by searchtools.js,
 * namely the list of stopwords, stemmer, scorer and splitter.
 *
- * :copyright: Copyright 2007-2021 by the Sphinx team, see AUTHORS.
+ * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS.
 * :license: BSD, see LICENSE for details.
 *
 */

-var stopwords = ["a","and","are","as","at","be","but","by","for","if","in","into","is","it","near","no","not","of","on","or","such","that","the","their","then","there","these","they","this","to","was","will","with"];
+var stopwords = ["a", "and", "are", "as", "at", "be", "but", "by", "for", "if", "in", "into", "is", "it", "near", "no", "not", "of", "on", "or", "such", "that", "the", "their", "then", "there", "these", "they", "this", "to", "was", "will", "with"];


 /* Non-minified version is copied as a separate JS file, is available */
@@ -197,101 +197,3 @@ var Stemmer = function() {
  }
 }

-
-
-
-var splitChars = (function() {
-    var result = {};
-    var singles = [96, 180, 187, 191, 215, 247, 749, 885, 903, 907, 909, 930, 1014, 1648,
-         1748, 1809, 2416, 2473, 2481, 2526, 2601, 2609, 2612, 2615, 2653, 2702,
-         2706, 2729, 2737, 2740, 2857, 2865, 2868, 2910, 2928, 2948, 2961, 2971,
-         2973, 3085, 3089, 3113, 3124, 3213, 3217, 3241, 3252, 3295, 3341, 3345,
-         3369, 3506, 3516, 3633, 3715, 3721, 3736, 3744, 3748, 3750, 3756, 3761,
-         3781, 3912, 4239, 4347, 4681, 4695, 4697, 4745, 4785, 4799, 4801, 4823,
-         4881, 5760, 5901, 5997, 6313, 7405, 8024, 8026, 8028, 8030, 8117, 8125,
-         8133, 8181, 8468, 8485, 8487, 8489, 8494, 8527, 11311, 11359, 11687, 11695,
-         11703, 11711, 11719, 11727, 11735, 12448, 12539, 43010, 43014, 43019, 43587,
-         43696, 43713, 64286, 64297, 64311, 64317, 64319, 64322, 64325, 65141];
-    var i, j, start, end;
-    for (i = 0; i < singles.length; i++) {
-        result[singles[i]] = true;
-    }
-    var ranges = [[0, 47], [58, 64], [91, 94], [123, 169], [171, 177], [182, 184], [706, 709],
-         [722, 735], [741, 747], [751, 879], [888, 889], [894, 901], [1154, 1161],
-         [1318, 1328], [1367, 1368], [1370, 1376], [1416, 1487], [1515, 1519], [1523, 1568],
-         [1611, 1631], [1642, 1645], [1750, 1764], [1767, 1773], [1789, 1790], [1792, 1807],
-         [1840, 1868], [1958, 1968], [1970, 1983], [2027, 2035], [2038, 2041], [2043, 2047],
-         [2070, 2073], [2075, 2083], [2085, 2087], [2089, 2307], [2362, 2364], [2366, 2383],
-         [2385, 2391], [2402, 2405], [2419, 2424], [2432, 2436], [2445, 2446], [2449, 2450],
-         [2483, 2485], [2490, 2492], [2494, 2509], [2511, 2523], [2530, 2533], [2546, 2547],
-         [2554, 2564], [2571, 2574], [2577, 2578], [2618, 2648], [2655, 2661], [2672, 2673],
-         [2677, 2692], [2746, 2748], [2750, 2767], [2769, 2783], [2786, 2789], [2800, 2820],
-         [2829, 2830], [2833, 2834], [2874, 2876], [2878, 2907], [2914, 2917], [2930, 2946],
-         [2955, 2957], [2966, 2968], [2976, 2978], [2981, 2983], [2987, 2989], [3002, 3023],
-         [3025, 3045], [3059, 3076], [3130, 3132], [3134, 3159], [3162, 3167], [3170, 3173],
-         [3184, 3191], [3199, 3204], [3258, 3260], [3262, 3293], [3298, 3301], [3312, 3332],
-         [3386, 3388], [3390, 3423], [3426, 3429], [3446, 3449], [3456, 3460], [3479, 3481],
-         [3518, 3519], [3527, 3584], [3636, 3647], [3655, 3663], [3674, 3712], [3717, 3718],
-         [3723, 3724], [3726, 3731], [3752, 3753], [3764, 3772], [3774, 3775], [3783, 3791],
-         [3802, 3803], [3806, 3839], [3841, 3871], [3892, 3903], [3949, 3975], [3980, 4095],
-         [4139, 4158], [4170, 4175], [4182, 4185], [4190, 4192], [4194, 4196], [4199, 4205],
-         [4209, 4212], [4226, 4237], [4250, 4255], [4294, 4303], [4349, 4351], [4686, 4687],
-         [4702, 4703], [4750, 4751], [4790, 4791], [4806, 4807], [4886, 4887], [4955, 4968],
-         [4989, 4991], [5008, 5023], [5109, 5120], [5741, 5742], [5787, 5791], [5867, 5869],
-         [5873, 5887], [5906, 5919], [5938, 5951], [5970, 5983], [6001, 6015], [6068, 6102],
-         [6104, 6107], [6109, 6111], [6122, 6127], [6138, 6159], [6170, 6175], [6264, 6271],
-         [6315, 6319], [6390, 6399], [6429, 6469], [6510, 6511], [6517, 6527], [6572, 6592],
-         [6600, 6607], [6619, 6655], [6679, 6687], [6741, 6783], [6794, 6799], [6810, 6822],
-         [6824, 6916], [6964, 6980], [6988, 6991], [7002, 7042], [7073, 7085], [7098, 7167],
-         [7204, 7231], [7242, 7244], [7294, 7400], [7410, 7423], [7616, 7679], [7958, 7959],
-         [7966, 7967], [8006, 8007], [8014, 8015], [8062, 8063], [8127, 8129], [8141, 8143],
-         [8148, 8149], [8156, 8159], [8173, 8177], [8189, 8303], [8306, 8307], [8314, 8318],
-         [8330, 8335], [8341, 8449], [8451, 8454], [8456, 8457], [8470, 8472], [8478, 8483],
-         [8506, 8507], [8512, 8516], [8522, 8525], [8586, 9311], [9372, 9449], [9472, 10101],
-         [10132, 11263], [11493, 11498], [11503, 11516], [11518, 11519], [11558, 11567],
-         [11622, 11630], [11632, 11647], [11671, 11679], [11743, 11822], [11824, 12292],
-         [12296, 12320], [12330, 12336], [12342, 12343], [12349, 12352], [12439, 12444],
-         [12544, 12548], [12590, 12592], [12687, 12689], [12694, 12703], [12728, 12783],
-         [12800, 12831], [12842, 12880], [12896, 12927], [12938, 12976], [12992, 13311],
-         [19894, 19967], [40908, 40959], [42125, 42191], [42238, 42239], [42509, 42511],
-         [42540, 42559], [42592, 42593], [42607, 42622], [42648, 42655], [42736, 42774],
-         [42784, 42785], [42889, 42890], [42893, 43002], [43043, 43055], [43062, 43071],
-         [43124, 43137], [43188, 43215], [43226, 43249], [43256, 43258], [43260, 43263],
-         [43302, 43311], [43335, 43359], [43389, 43395], [43443, 43470], [43482, 43519],
-         [43561, 43583], [43596, 43599], [43610, 43615], [43639, 43641], [43643, 43647],
-         [43698, 43700], [43703, 43704], [43710, 43711], [43715, 43738], [43742, 43967],
-         [44003, 44015], [44026, 44031], [55204, 55215], [55239, 55242], [55292, 55295],
-         [57344, 63743], [64046, 64047], [64110, 64111], [64218, 64255], [64263, 64274],
-         [64280, 64284], [64434, 64466], [64830, 64847], [64912, 64913], [64968, 65007],
-         [65020, 65135], [65277, 65295], [65306, 65312], [65339, 65344], [65371, 65381],
-         [65471, 65473], [65480, 65481], [65488, 65489], [65496, 65497]];
-    for (i = 0; i < ranges.length; i++) {
-        start = ranges[i][0];
-        end = ranges[i][1];
-        for (j = start; j <= end; j++) {
-            result[j] = true;
-        }
-    }
-    return result;
-})();
-
-function splitQuery(query) {
-    var result = [];
-    var start = -1;
-    for (var i = 0; i < query.length; i++) {
-        if (splitChars[query.charCodeAt(i)]) {
-            if (start !== -1) {
-                result.push(query.slice(start, i));
-                start = -1;
-            }
-        } else if (start === -1) {
-            start = i;
-        }
-    }
-    if (start !== -1) {
-        result.push(query.slice(start));
-    }
-    return result;
-}
-
-
@@ -1,74 +1,255 @@
-pre { line-height: 125%; }
-td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
-span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
-td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
-span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+.highlight pre { line-height: 125%; }
+.highlight td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+.highlight span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+.highlight td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+.highlight span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
 .highlight .hll { background-color: #ffffcc }
-.highlight { background: #eeffcc; }
-.highlight .c { color: #408090; font-style: italic } /* Comment */
-.highlight .err { border: 1px solid #FF0000 } /* Error */
-.highlight .k { color: #007020; font-weight: bold } /* Keyword */
-.highlight .o { color: #666666 } /* Operator */
-.highlight .ch { color: #408090; font-style: italic } /* Comment.Hashbang */
-.highlight .cm { color: #408090; font-style: italic } /* Comment.Multiline */
-.highlight .cp { color: #007020 } /* Comment.Preproc */
-.highlight .cpf { color: #408090; font-style: italic } /* Comment.PreprocFile */
-.highlight .c1 { color: #408090; font-style: italic } /* Comment.Single */
-.highlight .cs { color: #408090; background-color: #fff0f0 } /* Comment.Special */
-.highlight .gd { color: #A00000 } /* Generic.Deleted */
-.highlight .ge { font-style: italic } /* Generic.Emph */
-.highlight .gr { color: #FF0000 } /* Generic.Error */
+.highlight { background: #f8f8f8; }
+.highlight .c { color: #8f5902; font-style: italic } /* Comment */
+.highlight .err { color: #a40000; border: 1px solid #ef2929 } /* Error */
+.highlight .g { color: #000000 } /* Generic */
+.highlight .k { color: #204a87; font-weight: bold } /* Keyword */
+.highlight .l { color: #000000 } /* Literal */
+.highlight .n { color: #000000 } /* Name */
+.highlight .o { color: #ce5c00; font-weight: bold } /* Operator */
+.highlight .x { color: #000000 } /* Other */
+.highlight .p { color: #000000; font-weight: bold } /* Punctuation */
+.highlight .ch { color: #8f5902; font-style: italic } /* Comment.Hashbang */
+.highlight .cm { color: #8f5902; font-style: italic } /* Comment.Multiline */
+.highlight .cp { color: #8f5902; font-style: italic } /* Comment.Preproc */
+.highlight .cpf { color: #8f5902; font-style: italic } /* Comment.PreprocFile */
+.highlight .c1 { color: #8f5902; font-style: italic } /* Comment.Single */
+.highlight .cs { color: #8f5902; font-style: italic } /* Comment.Special */
+.highlight .gd { color: #a40000 } /* Generic.Deleted */
+.highlight .ge { color: #000000; font-style: italic } /* Generic.Emph */
+.highlight .gr { color: #ef2929 } /* Generic.Error */
 .highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */
 .highlight .gi { color: #00A000 } /* Generic.Inserted */
-.highlight .go { color: #333333 } /* Generic.Output */
-.highlight .gp { color: #c65d09; font-weight: bold } /* Generic.Prompt */
-.highlight .gs { font-weight: bold } /* Generic.Strong */
+.highlight .go { color: #000000; font-style: italic } /* Generic.Output */
+.highlight .gp { color: #8f5902 } /* Generic.Prompt */
+.highlight .gs { color: #000000; font-weight: bold } /* Generic.Strong */
 .highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */
-.highlight .gt { color: #0044DD } /* Generic.Traceback */
-.highlight .kc { color: #007020; font-weight: bold } /* Keyword.Constant */
-.highlight .kd { color: #007020; font-weight: bold } /* Keyword.Declaration */
-.highlight .kn { color: #007020; font-weight: bold } /* Keyword.Namespace */
-.highlight .kp { color: #007020 } /* Keyword.Pseudo */
-.highlight .kr { color: #007020; font-weight: bold } /* Keyword.Reserved */
-.highlight .kt { color: #902000 } /* Keyword.Type */
-.highlight .m { color: #208050 } /* Literal.Number */
-.highlight .s { color: #4070a0 } /* Literal.String */
-.highlight .na { color: #4070a0 } /* Name.Attribute */
-.highlight .nb { color: #007020 } /* Name.Builtin */
-.highlight .nc { color: #0e84b5; font-weight: bold } /* Name.Class */
-.highlight .no { color: #60add5 } /* Name.Constant */
-.highlight .nd { color: #555555; font-weight: bold } /* Name.Decorator */
-.highlight .ni { color: #d55537; font-weight: bold } /* Name.Entity */
-.highlight .ne { color: #007020 } /* Name.Exception */
-.highlight .nf { color: #06287e } /* Name.Function */
-.highlight .nl { color: #002070; font-weight: bold } /* Name.Label */
-.highlight .nn { color: #0e84b5; font-weight: bold } /* Name.Namespace */
-.highlight .nt { color: #062873; font-weight: bold } /* Name.Tag */
-.highlight .nv { color: #bb60d5 } /* Name.Variable */
-.highlight .ow { color: #007020; font-weight: bold } /* Operator.Word */
-.highlight .w { color: #bbbbbb } /* Text.Whitespace */
-.highlight .mb { color: #208050 } /* Literal.Number.Bin */
-.highlight .mf { color: #208050 } /* Literal.Number.Float */
-.highlight .mh { color: #208050 } /* Literal.Number.Hex */
-.highlight .mi { color: #208050 } /* Literal.Number.Integer */
-.highlight .mo { color: #208050 } /* Literal.Number.Oct */
-.highlight .sa { color: #4070a0 } /* Literal.String.Affix */
-.highlight .sb { color: #4070a0 } /* Literal.String.Backtick */
-.highlight .sc { color: #4070a0 } /* Literal.String.Char */
-.highlight .dl { color: #4070a0 } /* Literal.String.Delimiter */
-.highlight .sd { color: #4070a0; font-style: italic } /* Literal.String.Doc */
-.highlight .s2 { color: #4070a0 } /* Literal.String.Double */
-.highlight .se { color: #4070a0; font-weight: bold } /* Literal.String.Escape */
-.highlight .sh { color: #4070a0 } /* Literal.String.Heredoc */
-.highlight .si { color: #70a0d0; font-style: italic } /* Literal.String.Interpol */
-.highlight .sx { color: #c65d09 } /* Literal.String.Other */
-.highlight .sr { color: #235388 } /* Literal.String.Regex */
-.highlight .s1 { color: #4070a0 } /* Literal.String.Single */
-.highlight .ss { color: #517918 } /* Literal.String.Symbol */
-.highlight .bp { color: #007020 } /* Name.Builtin.Pseudo */
-.highlight .fm { color: #06287e } /* Name.Function.Magic */
-.highlight .vc { color: #bb60d5 } /* Name.Variable.Class */
-.highlight .vg { color: #bb60d5 } /* Name.Variable.Global */
-.highlight .vi { color: #bb60d5 } /* Name.Variable.Instance */
-.highlight .vm { color: #bb60d5 } /* Name.Variable.Magic */
-.highlight .il { color: #208050 } /* Literal.Number.Integer.Long */
+.highlight .gt { color: #a40000; font-weight: bold } /* Generic.Traceback */
+.highlight .kc { color: #204a87; font-weight: bold } /* Keyword.Constant */
+.highlight .kd { color: #204a87; font-weight: bold } /* Keyword.Declaration */
+.highlight .kn { color: #204a87; font-weight: bold } /* Keyword.Namespace */
+.highlight .kp { color: #204a87; font-weight: bold } /* Keyword.Pseudo */
+.highlight .kr { color: #204a87; font-weight: bold } /* Keyword.Reserved */
+.highlight .kt { color: #204a87; font-weight: bold } /* Keyword.Type */
+.highlight .ld { color: #000000 } /* Literal.Date */
+.highlight .m { color: #0000cf; font-weight: bold } /* Literal.Number */
+.highlight .s { color: #4e9a06 } /* Literal.String */
+.highlight .na { color: #c4a000 } /* Name.Attribute */
+.highlight .nb { color: #204a87 } /* Name.Builtin */
+.highlight .nc { color: #000000 } /* Name.Class */
+.highlight .no { color: #000000 } /* Name.Constant */
+.highlight .nd { color: #5c35cc; font-weight: bold } /* Name.Decorator */
+.highlight .ni { color: #ce5c00 } /* Name.Entity */
+.highlight .ne { color: #cc0000; font-weight: bold } /* Name.Exception */
+.highlight .nf { color: #000000 } /* Name.Function */
+.highlight .nl { color: #f57900 } /* Name.Label */
+.highlight .nn { color: #000000 } /* Name.Namespace */
+.highlight .nx { color: #000000 } /* Name.Other */
+.highlight .py { color: #000000 } /* Name.Property */
+.highlight .nt { color: #204a87; font-weight: bold } /* Name.Tag */
+.highlight .nv { color: #000000 } /* Name.Variable */
+.highlight .ow { color: #204a87; font-weight: bold } /* Operator.Word */
+.highlight .pm { color: #000000; font-weight: bold } /* Punctuation.Marker */
+.highlight .w { color: #f8f8f8 } /* Text.Whitespace */
+.highlight .mb { color: #0000cf; font-weight: bold } /* Literal.Number.Bin */
+.highlight .mf { color: #0000cf; font-weight: bold } /* Literal.Number.Float */
+.highlight .mh { color: #0000cf; font-weight: bold } /* Literal.Number.Hex */
+.highlight .mi { color: #0000cf; font-weight: bold } /* Literal.Number.Integer */
+.highlight .mo { color: #0000cf; font-weight: bold } /* Literal.Number.Oct */
+.highlight .sa { color: #4e9a06 } /* Literal.String.Affix */
+.highlight .sb { color: #4e9a06 } /* Literal.String.Backtick */
+.highlight .sc { color: #4e9a06 } /* Literal.String.Char */
+.highlight .dl { color: #4e9a06 } /* Literal.String.Delimiter */
+.highlight .sd { color: #8f5902; font-style: italic } /* Literal.String.Doc */
+.highlight .s2 { color: #4e9a06 } /* Literal.String.Double */
+.highlight .se { color: #4e9a06 } /* Literal.String.Escape */
+.highlight .sh { color: #4e9a06 } /* Literal.String.Heredoc */
+.highlight .si { color: #4e9a06 } /* Literal.String.Interpol */
+.highlight .sx { color: #4e9a06 } /* Literal.String.Other */
+.highlight .sr { color: #4e9a06 } /* Literal.String.Regex */
+.highlight .s1 { color: #4e9a06 } /* Literal.String.Single */
+.highlight .ss { color: #4e9a06 } /* Literal.String.Symbol */
+.highlight .bp { color: #3465a4 } /* Name.Builtin.Pseudo */
+.highlight .fm { color: #000000 } /* Name.Function.Magic */
+.highlight .vc { color: #000000 } /* Name.Variable.Class */
+.highlight .vg { color: #000000 } /* Name.Variable.Global */
+.highlight .vi { color: #000000 } /* Name.Variable.Instance */
+.highlight .vm { color: #000000 } /* Name.Variable.Magic */
+.highlight .il { color: #0000cf; font-weight: bold } /* Literal.Number.Integer.Long */
+@media not print {
+body[data-theme="dark"] .highlight pre { line-height: 125%; }
+body[data-theme="dark"] .highlight td.linenos .normal { color: #aaaaaa; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+body[data-theme="dark"] .highlight span.linenos { color: #aaaaaa; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+body[data-theme="dark"] .highlight td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+body[data-theme="dark"] .highlight span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+body[data-theme="dark"] .highlight .hll { background-color: #404040 }
+body[data-theme="dark"] .highlight { background: #202020; color: #d0d0d0 }
+body[data-theme="dark"] .highlight .c { color: #ababab; font-style: italic } /* Comment */
+body[data-theme="dark"] .highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
+body[data-theme="dark"] .highlight .esc { color: #d0d0d0 } /* Escape */
+body[data-theme="dark"] .highlight .g { color: #d0d0d0 } /* Generic */
+body[data-theme="dark"] .highlight .k { color: #6ebf26; font-weight: bold } /* Keyword */
+body[data-theme="dark"] .highlight .l { color: #d0d0d0 } /* Literal */
+body[data-theme="dark"] .highlight .n { color: #d0d0d0 } /* Name */
+body[data-theme="dark"] .highlight .o { color: #d0d0d0 } /* Operator */
+body[data-theme="dark"] .highlight .x { color: #d0d0d0 } /* Other */
+body[data-theme="dark"] .highlight .p { color: #d0d0d0 } /* Punctuation */
+body[data-theme="dark"] .highlight .ch { color: #ababab; font-style: italic } /* Comment.Hashbang */
+body[data-theme="dark"] .highlight .cm { color: #ababab; font-style: italic } /* Comment.Multiline */
+body[data-theme="dark"] .highlight .cp { color: #cd2828; font-weight: bold } /* Comment.Preproc */
+body[data-theme="dark"] .highlight .cpf { color: #ababab; font-style: italic } /* Comment.PreprocFile */
+body[data-theme="dark"] .highlight .c1 { color: #ababab; font-style: italic } /* Comment.Single */
+body[data-theme="dark"] .highlight .cs { color: #e50808; font-weight: bold; background-color: #520000 } /* Comment.Special */
+body[data-theme="dark"] .highlight .gd { color: #d22323 } /* Generic.Deleted */
+body[data-theme="dark"] .highlight .ge { color: #d0d0d0; font-style: italic } /* Generic.Emph */
+body[data-theme="dark"] .highlight .gr { color: #d22323 } /* Generic.Error */
+body[data-theme="dark"] .highlight .gh { color: #ffffff; font-weight: bold } /* Generic.Heading */
+body[data-theme="dark"] .highlight .gi { color: #589819 } /* Generic.Inserted */
+body[data-theme="dark"] .highlight .go { color: #cccccc } /* Generic.Output */
+body[data-theme="dark"] .highlight .gp { color: #aaaaaa } /* Generic.Prompt */
+body[data-theme="dark"] .highlight .gs { color: #d0d0d0; font-weight: bold } /* Generic.Strong */
+body[data-theme="dark"] .highlight .gu { color: #ffffff; text-decoration: underline } /* Generic.Subheading */
+body[data-theme="dark"] .highlight .gt { color: #d22323 } /* Generic.Traceback */
+body[data-theme="dark"] .highlight .kc { color: #6ebf26; font-weight: bold } /* Keyword.Constant */
+body[data-theme="dark"] .highlight .kd { color: #6ebf26; font-weight: bold } /* Keyword.Declaration */
+body[data-theme="dark"] .highlight .kn { color: #6ebf26; font-weight: bold } /* Keyword.Namespace */
+body[data-theme="dark"] .highlight .kp { color: #6ebf26 } /* Keyword.Pseudo */
+body[data-theme="dark"] .highlight .kr { color: #6ebf26; font-weight: bold } /* Keyword.Reserved */
+body[data-theme="dark"] .highlight .kt { color: #6ebf26; font-weight: bold } /* Keyword.Type */
+body[data-theme="dark"] .highlight .ld { color: #d0d0d0 } /* Literal.Date */
+body[data-theme="dark"] .highlight .m { color: #51b2fd } /* Literal.Number */
+body[data-theme="dark"] .highlight .s { color: #ed9d13 } /* Literal.String */
+body[data-theme="dark"] .highlight .na { color: #bbbbbb } /* Name.Attribute */
+body[data-theme="dark"] .highlight .nb { color: #2fbccd } /* Name.Builtin */
+body[data-theme="dark"] .highlight .nc { color: #71adff; text-decoration: underline } /* Name.Class */
+body[data-theme="dark"] .highlight .no { color: #40ffff } /* Name.Constant */
+body[data-theme="dark"] .highlight .nd { color: #ffa500 } /* Name.Decorator */
+body[data-theme="dark"] .highlight .ni { color: #d0d0d0 } /* Name.Entity */
+body[data-theme="dark"] .highlight .ne { color: #bbbbbb } /* Name.Exception */
+body[data-theme="dark"] .highlight .nf { color: #71adff } /* Name.Function */
+body[data-theme="dark"] .highlight .nl { color: #d0d0d0 } /* Name.Label */
+body[data-theme="dark"] .highlight .nn { color: #71adff; text-decoration: underline } /* Name.Namespace */
+body[data-theme="dark"] .highlight .nx { color: #d0d0d0 } /* Name.Other */
+body[data-theme="dark"] .highlight .py { color: #d0d0d0 } /* Name.Property */
+body[data-theme="dark"] .highlight .nt { color: #6ebf26; font-weight: bold } /* Name.Tag */
+body[data-theme="dark"] .highlight .nv { color: #40ffff } /* Name.Variable */
+body[data-theme="dark"] .highlight .ow { color: #6ebf26; font-weight: bold } /* Operator.Word */
+body[data-theme="dark"] .highlight .pm { color: #d0d0d0 } /* Punctuation.Marker */
+body[data-theme="dark"] .highlight .w { color: #666666 } /* Text.Whitespace */
+body[data-theme="dark"] .highlight .mb { color: #51b2fd } /* Literal.Number.Bin */
+body[data-theme="dark"] .highlight .mf { color: #51b2fd } /* Literal.Number.Float */
+body[data-theme="dark"] .highlight .mh { color: #51b2fd } /* Literal.Number.Hex */
+body[data-theme="dark"] .highlight .mi { color: #51b2fd } /* Literal.Number.Integer */
+body[data-theme="dark"] .highlight .mo { color: #51b2fd } /* Literal.Number.Oct */
+body[data-theme="dark"] .highlight .sa { color: #ed9d13 } /* Literal.String.Affix */
+body[data-theme="dark"] .highlight .sb { color: #ed9d13 } /* Literal.String.Backtick */
+body[data-theme="dark"] .highlight .sc { color: #ed9d13 } /* Literal.String.Char */
+body[data-theme="dark"] .highlight .dl { color: #ed9d13 } /* Literal.String.Delimiter */
+body[data-theme="dark"] .highlight .sd { color: #ed9d13 } /* Literal.String.Doc */
+body[data-theme="dark"] .highlight .s2 { color: #ed9d13 } /* Literal.String.Double */
+body[data-theme="dark"] .highlight .se { color: #ed9d13 } /* Literal.String.Escape */
+body[data-theme="dark"] .highlight .sh { color: #ed9d13 } /* Literal.String.Heredoc */
+body[data-theme="dark"] .highlight .si { color: #ed9d13 } /* Literal.String.Interpol */
+body[data-theme="dark"] .highlight .sx { color: #ffa500 } /* Literal.String.Other */
+body[data-theme="dark"] .highlight .sr { color: #ed9d13 } /* Literal.String.Regex */
+body[data-theme="dark"] .highlight .s1 { color: #ed9d13 } /* Literal.String.Single */
+body[data-theme="dark"] .highlight .ss { color: #ed9d13 } /* Literal.String.Symbol */
+body[data-theme="dark"] .highlight .bp { color: #2fbccd } /* Name.Builtin.Pseudo */
+body[data-theme="dark"] .highlight .fm { color: #71adff } /* Name.Function.Magic */
+body[data-theme="dark"] .highlight .vc { color: #40ffff } /* Name.Variable.Class */
+body[data-theme="dark"] .highlight .vg { color: #40ffff } /* Name.Variable.Global */
+body[data-theme="dark"] .highlight .vi { color: #40ffff } /* Name.Variable.Instance */
+body[data-theme="dark"] .highlight .vm { color: #40ffff } /* Name.Variable.Magic */
+body[data-theme="dark"] .highlight .il { color: #51b2fd } /* Literal.Number.Integer.Long */
+@media (prefers-color-scheme: dark) {
+body:not([data-theme="light"]) .highlight pre { line-height: 125%; }
+body:not([data-theme="light"]) .highlight td.linenos .normal { color: #aaaaaa; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+body:not([data-theme="light"]) .highlight span.linenos { color: #aaaaaa; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+body:not([data-theme="light"]) .highlight td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+body:not([data-theme="light"]) .highlight span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+body:not([data-theme="light"]) .highlight .hll { background-color: #404040 }
+body:not([data-theme="light"]) .highlight { background: #202020; color: #d0d0d0 }
+body:not([data-theme="light"]) .highlight .c { color: #ababab; font-style: italic } /* Comment */
+body:not([data-theme="light"]) .highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
+body:not([data-theme="light"]) .highlight .esc { color: #d0d0d0 } /* Escape */
+body:not([data-theme="light"]) .highlight .g { color: #d0d0d0 } /* Generic */
+body:not([data-theme="light"]) .highlight .k { color: #6ebf26; font-weight: bold } /* Keyword */
+body:not([data-theme="light"]) .highlight .l { color: #d0d0d0 } /* Literal */
+body:not([data-theme="light"]) .highlight .n { color: #d0d0d0 } /* Name */
+body:not([data-theme="light"]) .highlight .o { color: #d0d0d0 } /* Operator */
+body:not([data-theme="light"]) .highlight .x { color: #d0d0d0 } /* Other */
+body:not([data-theme="light"]) .highlight .p { color: #d0d0d0 } /* Punctuation */
+body:not([data-theme="light"]) .highlight .ch { color: #ababab; font-style: italic } /* Comment.Hashbang */
+body:not([data-theme="light"]) .highlight .cm { color: #ababab; font-style: italic } /* Comment.Multiline */
+body:not([data-theme="light"]) .highlight .cp { color: #cd2828; font-weight: bold } /* Comment.Preproc */
+body:not([data-theme="light"]) .highlight .cpf { color: #ababab; font-style: italic } /* Comment.PreprocFile */
+body:not([data-theme="light"]) .highlight .c1 { color: #ababab; font-style: italic } /* Comment.Single */
+body:not([data-theme="light"]) .highlight .cs { color: #e50808; font-weight: bold; background-color: #520000 } /* Comment.Special */
+body:not([data-theme="light"]) .highlight .gd { color: #d22323 } /* Generic.Deleted */
+body:not([data-theme="light"]) .highlight .ge { color: #d0d0d0; font-style: italic } /* Generic.Emph */
+body:not([data-theme="light"]) .highlight .gr { color: #d22323 } /* Generic.Error */
+body:not([data-theme="light"]) .highlight .gh { color: #ffffff; font-weight: bold } /* Generic.Heading */
+body:not([data-theme="light"]) .highlight .gi { color: #589819 } /* Generic.Inserted */
+body:not([data-theme="light"]) .highlight .go { color: #cccccc } /* Generic.Output */
+body:not([data-theme="light"]) .highlight .gp { color: #aaaaaa } /* Generic.Prompt */
+body:not([data-theme="light"]) .highlight .gs { color: #d0d0d0; font-weight: bold } /* Generic.Strong */
+body:not([data-theme="light"]) .highlight .gu { color: #ffffff; text-decoration: underline } /* Generic.Subheading */
+body:not([data-theme="light"]) .highlight .gt { color: #d22323 } /* Generic.Traceback */
+body:not([data-theme="light"]) .highlight .kc { color: #6ebf26; font-weight: bold } /* Keyword.Constant */
+body:not([data-theme="light"]) .highlight .kd { color: #6ebf26; font-weight: bold } /* Keyword.Declaration */
+body:not([data-theme="light"]) .highlight .kn { color: #6ebf26; font-weight: bold } /* Keyword.Namespace */
+body:not([data-theme="light"]) .highlight .kp { color: #6ebf26 } /* Keyword.Pseudo */
+body:not([data-theme="light"]) .highlight .kr { color: #6ebf26; font-weight: bold } /* Keyword.Reserved */
+body:not([data-theme="light"]) .highlight .kt { color: #6ebf26; font-weight: bold } /* Keyword.Type */
+body:not([data-theme="light"]) .highlight .ld { color: #d0d0d0 } /* Literal.Date */
+body:not([data-theme="light"]) .highlight .m { color: #51b2fd } /* Literal.Number */
+body:not([data-theme="light"]) .highlight .s { color: #ed9d13 } /* Literal.String */
+body:not([data-theme="light"]) .highlight .na { color: #bbbbbb } /* Name.Attribute */
+body:not([data-theme="light"]) .highlight .nb { color: #2fbccd } /* Name.Builtin */
+body:not([data-theme="light"]) .highlight .nc { color: #71adff; text-decoration: underline } /* Name.Class */
+body:not([data-theme="light"]) .highlight .no { color: #40ffff } /* Name.Constant */
+body:not([data-theme="light"]) .highlight .nd { color: #ffa500 } /* Name.Decorator */
+body:not([data-theme="light"]) .highlight .ni { color: #d0d0d0 } /* Name.Entity */
+body:not([data-theme="light"]) .highlight .ne { color: #bbbbbb } /* Name.Exception */
+body:not([data-theme="light"]) .highlight .nf { color: #71adff } /* Name.Function */
+body:not([data-theme="light"]) .highlight .nl { color: #d0d0d0 } /* Name.Label */
+body:not([data-theme="light"]) .highlight .nn { color: #71adff; text-decoration: underline } /* Name.Namespace */
+body:not([data-theme="light"]) .highlight .nx { color: #d0d0d0 } /* Name.Other */
+body:not([data-theme="light"]) .highlight .py { color: #d0d0d0 } /* Name.Property */
+body:not([data-theme="light"]) .highlight .nt { color: #6ebf26; font-weight: bold } /* Name.Tag */
+body:not([data-theme="light"]) .highlight .nv { color: #40ffff } /* Name.Variable */
+body:not([data-theme="light"]) .highlight .ow { color: #6ebf26; font-weight: bold } /* Operator.Word */
+body:not([data-theme="light"]) .highlight .pm { color: #d0d0d0 } /* Punctuation.Marker */
+body:not([data-theme="light"]) .highlight .w { color: #666666 } /* Text.Whitespace */
+body:not([data-theme="light"]) .highlight .mb { color: #51b2fd } /* Literal.Number.Bin */
+body:not([data-theme="light"]) .highlight .mf { color: #51b2fd } /* Literal.Number.Float */
+body:not([data-theme="light"]) .highlight .mh { color: #51b2fd } /* Literal.Number.Hex */
+body:not([data-theme="light"]) .highlight .mi { color: #51b2fd } /* Literal.Number.Integer */
+body:not([data-theme="light"]) .highlight .mo { color: #51b2fd } /* Literal.Number.Oct */
+body:not([data-theme="light"]) .highlight .sa { color: #ed9d13 } /* Literal.String.Affix */
+body:not([data-theme="light"]) .highlight .sb { color: #ed9d13 } /* Literal.String.Backtick */
+body:not([data-theme="light"]) .highlight .sc { color: #ed9d13 } /* Literal.String.Char */
+body:not([data-theme="light"]) .highlight .dl { color: #ed9d13 } /* Literal.String.Delimiter */
+body:not([data-theme="light"]) .highlight .sd { color: #ed9d13 } /* Literal.String.Doc */
+body:not([data-theme="light"]) .highlight .s2 { color: #ed9d13 } /* Literal.String.Double */
+body:not([data-theme="light"]) .highlight .se { color: #ed9d13 } /* Literal.String.Escape */
+body:not([data-theme="light"]) .highlight .sh { color: #ed9d13 } /* Literal.String.Heredoc */
+body:not([data-theme="light"]) .highlight .si { color: #ed9d13 } /* Literal.String.Interpol */
+body:not([data-theme="light"]) .highlight .sx { color: #ffa500 } /* Literal.String.Other */
+body:not([data-theme="light"]) .highlight .sr { color: #ed9d13 } /* Literal.String.Regex */
+body:not([data-theme="light"]) .highlight .s1 { color: #ed9d13 } /* Literal.String.Single */
+body:not([data-theme="light"]) .highlight .ss { color: #ed9d13 } /* Literal.String.Symbol */
+body:not([data-theme="light"]) .highlight .bp { color: #2fbccd } /* Name.Builtin.Pseudo */
+body:not([data-theme="light"]) .highlight .fm { color: #71adff } /* Name.Function.Magic */
+body:not([data-theme="light"]) .highlight .vc { color: #40ffff } /* Name.Variable.Class */
+body:not([data-theme="light"]) .highlight .vg { color: #40ffff } /* Name.Variable.Global */
+body:not([data-theme="light"]) .highlight .vi { color: #40ffff } /* Name.Variable.Instance */
+body:not([data-theme="light"]) .highlight .vm { color: #40ffff } /* Name.Variable.Magic */
+body:not([data-theme="light"]) .highlight .il { color: #51b2fd } /* Literal.Number.Integer.Long */
+}
+}
--- a/Show More
+++ b/Show More